;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8B33B35E7657550FCB6B2D906F7D346E
; File Name : u:\work\8b33b35e7657550fcb6b2d906f7d346e_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401104+30�p
; sub_401104+3E�p ...
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = byte ptr -58h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 260h
push ebx
xor ebx, ebx
cmp ds:416000h, ebx
mov [ebp+var_C], ebx
jz loc_4010FE
push esi
mov eax, 416000h
push edi
mov edi, ds:415008h
mov [ebp+var_18], eax
mov esi, 104h
loc_401030: ; CODE XREF: sub_401000+F6�j
push dword ptr [eax]
lea eax, [ebp+var_58]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_58]
push eax
call near ptr 40C247h
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
push 3
lea eax, [ebp+var_58]
push ebx
push eax
push [ebp+arg_0]
call dword ptr ds:415004h
lea eax, [ebp+var_4]
mov [ebp+var_10], ebx
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_260]
push eax
push ebx
jmp short loc_4010D3
; ---------------------------------------------------------------------------
loc_40107C: ; CODE XREF: sub_401000+E0�j
cmp [ebp+var_1C], 1
jnz short loc_4010B2
push [ebp+arg_4]
lea eax, [ebp+var_15C]
push [ebp+var_4]
push eax
call sub_4055D8
add esp, 0Ch
test eax, eax
jz short loc_4010B2
lea eax, [ebp+var_260]
push eax
push [ebp+var_8]
call dword ptr ds:415020h
test eax, eax
jnz short loc_4010B2
inc [ebp+var_C]
loc_4010B2: ; CODE XREF: sub_401000+80�j
; sub_401000+99�j ...
lea eax, [ebp+var_4]
inc [ebp+var_10]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_260]
push eax
push [ebp+var_10]
loc_4010D3: ; CODE XREF: sub_401000+7A�j
push [ebp+var_8]
mov [ebp+var_4], esi
mov [ebp+var_14], esi
call edi
test eax, eax
jz short loc_40107C
push [ebp+var_8]
call dword ptr ds:415000h
mov eax, [ebp+var_18]
add eax, 4
mov [ebp+var_18], eax
cmp [eax], ebx
jnz loc_401030
pop edi
pop esi
loc_4010FE: ; CODE XREF: sub_401000+15�j
mov eax, [ebp+var_C]
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401104 proc near ; CODE XREF: sub_4011BE+1FA�p
; sub_40826C+354�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 80h
push esi
call dword ptr ds:4150B0h
test eax, eax
jz loc_4011B9
push esi
call dword ptr ds:4150B4h
push esi
push 80000001h
call sub_401000
mov ebx, 80000002h
push esi
push ebx
mov edi, eax
call sub_401000
add esp, 10h
add eax, edi
jnz short loc_4011B9
mov edi, 104h
lea eax, [ebp+var_104]
push edi
push esi
push eax
call near ptr 4147FEh
lea eax, [ebp+var_104]
push eax
call near ptr 4147F8h
add esp, 10h
test eax, eax
jz short loc_401198
loc_401174: ; CODE XREF: sub_401104+78�j
cmp byte ptr [esi+eax-1], 5Ch
jz short loc_401180
dec eax
jnz short loc_401174
jmp short loc_401198
; ---------------------------------------------------------------------------
loc_401180: ; CODE XREF: sub_401104+75�j
lea eax, [ebp+eax+var_104]
push edi
push eax
lea eax, [ebp+var_104]
push eax
call near ptr 4147FEh
add esp, 0Ch
loc_401198: ; CODE XREF: sub_401104+6E�j
; sub_401104+7A�j
lea eax, [ebp+var_104]
push eax
push 80000001h
call sub_401000
lea eax, [ebp+var_104]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4011B9: ; CODE XREF: sub_401104+1D�j
; sub_401104+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_401104 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011BE proc near ; DATA XREF: sub_40145F+74�o
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_2C7 = dword ptr -2C7h
var_2C3 = byte ptr -2C3h
var_2C2 = byte ptr -2C2h
var_1C3 = byte ptr -1C3h
var_2B = byte ptr -2Bh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2CCh
push 2ACh
lea eax, [ebp+var_2CC]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
cmp [ebp+var_2C8], 0
jz short loc_401212
lea eax, [ebp+var_2C3]
push eax
mov eax, [ebp+var_2CC]
push dword ptr [eax]
lea eax, [ebp+var_1C3]
push 416144h
push eax
call sub_40A68C
add esp, 10h
loc_401212: ; CODE XREF: sub_4011BE+2F�j
push esi
push edi
call sub_403FC8
mov esi, eax
xor edi, edi
cmp esi, edi
jz loc_40144B
push ebx
push 10000h
call near ptr 414804h
cmp [esi], edi
pop ecx
mov [ebp+arg_0], eax
mov [ebp+var_8], edi
mov [ebp+var_14], edi
jle loc_4013F2
loc_401242: ; CODE XREF: sub_4011BE+223�j
mov eax, [esi+4]
mov ebx, [edi+eax]
call dword ptr ds:415094h
cmp ebx, eax
jz loc_4013D3
mov al, [ebp+var_2C8]
push ebx
xor ebx, ebx
neg al
sbb eax, eax
push ebx
add eax, 11h
push eax
call dword ptr ds:415098h
cmp eax, ebx
mov [ebp+var_4], eax
jz loc_4013D3
and [ebp+var_C], ebx
mov [ebp+var_20], ebx
loc_40127F: ; CODE XREF: sub_4011BE+196�j
mov eax, [esi+4]
mov edx, 10000h
add eax, edi
mov [ebp+var_10], edx
mov ecx, [eax+8]
sub ecx, ebx
cmp ecx, edx
ja short loc_401298
mov [ebp+var_10], ecx
loc_401298: ; CODE XREF: sub_4011BE+D5�j
mov eax, [eax+4]
lea ecx, [ebp+var_C]
push ecx
add eax, ebx
push [ebp+var_10]
push [ebp+arg_0]
push eax
push [ebp+var_4]
call dword ptr ds:41509Ch
test eax, eax
jz loc_401344
xor ecx, ecx
cmp [ebp+var_C], ecx
jz loc_401344
loc_4012C4: ; CODE XREF: sub_4011BE+179�j
mov eax, [ebp+arg_0]
mov al, [ecx+eax]
cmp al, [ebp+var_2C3]
jz short loc_4012EA
movsx edx, al
movsx eax, [ebp+var_2C3]
lea ebx, [eax+20h]
cmp edx, ebx
jz short loc_4012EA
add eax, 0FFFFFFE0h
cmp edx, eax
jnz short loc_40132B
loc_4012EA: ; CODE XREF: sub_4011BE+112�j
; sub_4011BE+123�j
lea eax, [ebp+var_2C2]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
lea eax, [ecx+eax+1]
mov [ebp+var_18], eax
loc_4012FD: ; CODE XREF: sub_4011BE+16B�j
mov eax, [ebp+var_1C]
mov dl, [eax]
test dl, dl
jz short loc_40133B
mov eax, [ebp+var_18]
mov al, [eax]
cmp dl, al
jz short loc_401323
movsx eax, al
movsx edx, dl
lea ebx, [eax+20h]
cmp edx, ebx
jz short loc_401323
add eax, 0FFFFFFE0h
cmp edx, eax
jnz short loc_40132B
loc_401323: ; CODE XREF: sub_4011BE+14F�j
; sub_4011BE+15C�j
inc [ebp+var_18]
inc [ebp+var_1C]
jmp short loc_4012FD
; ---------------------------------------------------------------------------
loc_40132B: ; CODE XREF: sub_4011BE+12A�j
; sub_4011BE+163�j
mov eax, [ebp+var_C]
inc ecx
sub eax, [ebp+var_2C7]
cmp ecx, eax
jbe short loc_4012C4
jmp short loc_401344
; ---------------------------------------------------------------------------
loc_40133B: ; CODE XREF: sub_4011BE+146�j
mov eax, [ebp+arg_0]
add ecx, eax
test ecx, ecx
jnz short loc_40135C
loc_401344: ; CODE XREF: sub_4011BE+F5�j
; sub_4011BE+100�j ...
mov ebx, [ebp+var_20]
mov eax, [esi+4]
add ebx, [ebp+var_10]
cmp ebx, [edi+eax+8]
mov [ebp+var_20], ebx
jnz loc_40127F
jmp short loc_4013CA
; ---------------------------------------------------------------------------
loc_40135C: ; CODE XREF: sub_4011BE+184�j
inc [ebp+var_8]
cmp [ebp+var_2C8], 0
jz short loc_4013A5
push 3E8h
call dword ptr ds:4150A4h
mov bl, [ebp+var_2B]
and [ebp+var_2B], 0
mov eax, [esi+4]
add eax, edi
push dword ptr [eax]
add eax, 0Ch
push eax
lea eax, [ebp+var_2C3]
push eax
lea eax, [ebp+var_1C3]
push 41611Ch
push eax
call sub_40A68C
add esp, 14h
mov [ebp+var_2B], bl
jmp short loc_4013BE
; ---------------------------------------------------------------------------
loc_4013A5: ; CODE XREF: sub_4011BE+1A8�j
push 0
push [ebp+var_4]
call dword ptr ds:4150A8h
mov eax, [esi+4]
lea eax, [edi+eax+0Ch]
push eax
call sub_401104
pop ecx
loc_4013BE: ; CODE XREF: sub_4011BE+1E5�j
mov eax, [ebp+var_2CC]
cmp dword ptr [eax+4], 0
jnz short loc_4013E9
loc_4013CA: ; CODE XREF: sub_4011BE+19C�j
push [ebp+var_4]
call dword ptr ds:4150ACh
loc_4013D3: ; CODE XREF: sub_4011BE+92�j
; sub_4011BE+B5�j
inc [ebp+var_14]
add edi, 114h
mov eax, [ebp+var_14]
cmp eax, [esi]
jl loc_401242
jmp short loc_4013F2
; ---------------------------------------------------------------------------
loc_4013E9: ; CODE XREF: sub_4011BE+20A�j
push [ebp+var_4]
call dword ptr ds:4150ACh
loc_4013F2: ; CODE XREF: sub_4011BE+7E�j
; sub_4011BE+229�j
push esi
call sub_4041E6
; ---------------------------------------------------------------------------
dd 0E80875FFh, 1340Ah, 0FD38BD80h, 5900FFFFh, 3F745B59h
dd 3E868h, 0A415FF00h, 83004150h, 8D00F87Dh, 0FFFD3D85h
dd 858D50FFh, 0FFFFFE3Dh, 0F8681075h, 50004160h, 9257E8h
dd 0CC48300h, 75FF11EBh, 60CC68F8h, 0E8500041h, 9244h
; ---------------------------------------------------------------------------
add esp, 10h
loc_40144B: ; CODE XREF: sub_4011BE+61�j
push [ebp+var_2CC]
call sub_4069B8
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4011BE endp
; =============== S U B R O U T I N E =======================================
sub_40145F proc near ; CODE XREF: sub_40826C+375�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4014E0
push edi
call near ptr 4147F8h
test eax, eax
pop ecx
jz short loc_4014E0
push 2ACh
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_4014E0
push ebx
mov bl, [esp+0Ch+arg_8]
push edi
mov [esi+4], bl
call near ptr 4147F8h
mov [esi+5], eax
mov [esp+10h+var_10], 100h
lea eax, [esi+9]
push edi
push eax
call near ptr 4147FEh
push [esp+18h+arg_0]
lea eax, [esi+109h]
push eax
call sub_403F0B
add esp, 14h
mov eax, 41619Ch
test bl, bl
pop ebx
jnz short loc_4014C9
mov eax, 416194h
loc_4014C9: ; CODE XREF: sub_40145F+63�j
push edi
push eax
push 416174h
push 0
push esi
push offset sub_4011BE
call sub_40689D
add esp, 18h
loc_4014E0: ; CODE XREF: sub_40145F+8�j
; sub_40145F+13�j ...
pop edi
pop esi
retn
sub_40145F endp
; =============== S U B R O U T I N E =======================================
sub_4014E3 proc near ; CODE XREF: sub_4015D0:loc_40183C�p
mov eax, ds:41C424h
push esi
mov esi, ds:4150ACh
cmp eax, 0FFFFFFFFh
jz short loc_4014F7
push eax
call esi
loc_4014F7: ; CODE XREF: sub_4014E3+F�j
mov eax, ds:41C418h
cmp eax, 0FFFFFFFFh
jz short loc_401504
push eax
call esi
loc_401504: ; CODE XREF: sub_4014E3+1C�j
mov eax, ds:41C41Ch
cmp eax, 0FFFFFFFFh
jz short loc_401511
push eax
call esi
loc_401511: ; CODE XREF: sub_4014E3+29�j
mov eax, ds:41C420h
cmp eax, 0FFFFFFFFh
jz short loc_40151E
push eax
call esi
loc_40151E: ; CODE XREF: sub_4014E3+36�j
pop esi
retn
sub_4014E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401520 proc near ; CODE XREF: sub_4015D0+228�p
; sub_4015D0+252�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+189h], 0
jnz short loc_40153F
cmp byte ptr [esi+18Dh], 0
jz short loc_40157D
loc_40153F: ; CODE XREF: sub_401520+14�j
; sub_401520+49�j ...
push 32h
call dword ptr ds:4150A4h
cmp byte ptr [esi+189h], 0
jz short loc_401562
call near ptr 41481Ch
sub eax, ds:41C428h
cmp eax, 1F4h
jnb short loc_40157D
loc_401562: ; CODE XREF: sub_401520+2E�j
cmp byte ptr [esi+18Dh], 0
jz short loc_40153F
call near ptr 41481Ch
sub eax, ds:41C428h
cmp eax, 0FAh
jb short loc_40153F
loc_40157D: ; CODE XREF: sub_401520+1D�j
; sub_401520+40�j
call near ptr 41481Ch
mov ecx, [ebp+arg_4]
mov ds:41C428h, eax
mov al, [ecx]
cmp al, 0Ah
jz short loc_4015AB
cmp al, 0Dh
jz short loc_4015AB
push 200h
lea eax, [ebp+var_200]
push ecx
push eax
call sub_40558F
add esp, 0Ch
jmp short loc_4015BE
; ---------------------------------------------------------------------------
loc_4015AB: ; CODE XREF: sub_401520+6E�j
; sub_401520+72�j
lea eax, [ebp+var_200]
push 4161A4h
push eax
call near ptr 414816h
pop ecx
pop ecx
loc_4015BE: ; CODE XREF: sub_401520+89�j
lea eax, [ebp+var_200]
push eax
push esi
call sub_40A68C
pop ecx
pop ecx
pop esi
leave
retn
sub_401520 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015D0 proc near ; DATA XREF: sub_401884+71�o
var_724 = byte ptr -724h
var_620 = byte ptr -620h
var_420 = dword ptr -420h
var_21C = byte ptr -21Ch
var_78 = dword ptr -78h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 724h
push ebx
push esi
push edi
push 3A7h
push [ebp+arg_0]
lea eax, [ebp+var_420]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
call near ptr 41481Ch
sub eax, 1F4h
xor esi, esi
mov ds:41C428h, eax
lea eax, [ebp+var_724]
push esi
push eax
push 104h
push esi
push 4161ECh
push esi
call dword ptr ds:415078h
test eax, eax
jz loc_401841
lea eax, [ebp+var_20]
mov edi, ds:41507Ch
push esi
push eax
lea eax, [ebp+var_10]
xor ebx, ebx
push eax
lea eax, [ebp+var_14]
inc ebx
push eax
mov [ebp+var_20], 0Ch
mov [ebp+var_18], ebx
mov [ebp+var_1C], esi
call edi
test eax, eax
jz loc_40183C
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
call edi
test eax, eax
jz loc_40183C
mov edi, ds:415080h
push 3
push esi
push esi
push 41C420h
call edi
push eax
push [ebp+var_8]
call edi
push eax
call dword ptr ds:4150E0h
test eax, eax
jz loc_40183C
push 10h
lea eax, [ebp+var_34]
push esi
push eax
call near ptr 414822h
push 44h
lea eax, [ebp+var_78]
pop edi
push edi
push esi
push eax
call near ptr 414822h
mov eax, [ebp+var_C]
add esp, 18h
mov [ebp+var_40], eax
mov eax, [ebp+var_10]
mov [ebp+var_3C], eax
mov [ebp+var_38], eax
lea eax, [ebp+var_34]
mov [ebp+var_78], edi
push eax
lea eax, [ebp+var_78]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
lea eax, [ebp+var_724]
push 41C42Ch
push eax
mov [ebp+var_4C], 101h
mov [ebp+var_48], si
call dword ptr ds:415084h
test eax, eax
jz loc_40183C
push [ebp+var_C]
mov edi, ds:4150ACh
call edi
mov eax, [ebp+var_14]
push [ebp+var_30]
mov ds:41C424h, eax
mov eax, [ebp+var_8]
mov ds:41C418h, eax
mov eax, [ebp+var_34]
mov ds:41C41Ch, eax
call edi
mov eax, [ebp+var_420]
mov [ebp+var_4], esi
cmp [eax+4], esi
jnz loc_40183C
mov edi, 200h
mov ebx, 103h
loc_40173E: ; CODE XREF: sub_4015D0+238�j
push edi
lea eax, [ebp+var_620]
push esi
push eax
call near ptr 414822h
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push esi
push eax
lea eax, [ebp+var_620]
push edi
push eax
push dword ptr ds:41C424h
call dword ptr ds:415088h
test eax, eax
jz loc_401816
cmp [ebp+var_4], esi
jnz short loc_4017A0
lea eax, [ebp+arg_0]
mov [ebp+arg_0], ebx
push eax
push dword ptr ds:41C41Ch
call dword ptr ds:41508Ch
test eax, eax
jz short loc_401796
cmp [ebp+arg_0], ebx
jnz loc_401829
loc_401796: ; CODE XREF: sub_4015D0+1BB�j
push 0Ah
call dword ptr ds:4150A4h
jmp short loc_4017FF
; ---------------------------------------------------------------------------
loc_4017A0: ; CODE XREF: sub_4015D0+1A4�j
xor eax, eax
cmp [ebp+var_4], esi
jbe short loc_4017B7
loc_4017A7: ; CODE XREF: sub_4015D0+1E5�j
cmp [ebp+eax+var_620], 0Ah
jz short loc_401810
inc eax
cmp eax, [ebp+var_4]
jb short loc_4017A7
loc_4017B7: ; CODE XREF: sub_4015D0+1D5�j
mov [ebp+var_4], edi
loc_4017BA: ; CODE XREF: sub_4015D0+244�j
push edi
lea eax, [ebp+var_620]
push esi
push eax
call near ptr 414822h
add esp, 0Ch
lea eax, [ebp+var_24]
push esi
push eax
push [ebp+var_4]
lea eax, [ebp+var_620]
push eax
push dword ptr ds:41C424h
call dword ptr ds:415090h
test eax, eax
jz short loc_40183C
lea eax, [ebp+var_620]
push eax
lea eax, [ebp+var_21C]
push eax
call sub_401520
pop ecx
pop ecx
loc_4017FF: ; CODE XREF: sub_4015D0+1CE�j
mov eax, [ebp+var_420]
cmp [eax+4], esi
jz loc_40173E
jmp short loc_40183C
; ---------------------------------------------------------------------------
loc_401810: ; CODE XREF: sub_4015D0+1DF�j
inc eax
mov [ebp+var_4], eax
jmp short loc_4017BA
; ---------------------------------------------------------------------------
loc_401816: ; CODE XREF: sub_4015D0+19B�j
lea eax, [ebp+var_21C]
push 4161C8h
push eax
call sub_401520
jmp short loc_40183A
; ---------------------------------------------------------------------------
loc_401829: ; CODE XREF: sub_4015D0+1C0�j
lea eax, [ebp+var_21C]
push 4161A8h
push eax
call sub_40A68C
loc_40183A: ; CODE XREF: sub_4015D0+257�j
pop ecx
pop ecx
loc_40183C: ; CODE XREF: sub_4015D0+85�j
; sub_4015D0+9C�j ...
call sub_4014E3
loc_401841: ; CODE XREF: sub_4015D0+58�j
push [ebp+var_420]
call sub_4069B8
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4015D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401856 proc near ; CODE XREF: sub_401884+8E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call near ptr 4147F8h
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword ptr ds:41C420h
call dword ptr ds:415074h
neg eax
sbb eax, eax
neg eax
leave
retn
sub_401856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401884 proc near ; CODE XREF: sub_40826C+F16�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
cmp [eax+198h], bl
push edi
jz short loc_4018B4
cmp [ebp+arg_4], ebx
jz loc_40192D
push ebx
push ebx
push ebx
push [ebp+arg_4]
push 41622Ch
push ebx
call dword ptr ds:4151D4h
jmp short loc_40192D
; ---------------------------------------------------------------------------
loc_4018B4: ; CODE XREF: sub_401884+11�j
push 3A7h
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_40192D
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_4018DE
push 200h
lea eax, [esi+4]
push edi
push eax
call sub_40558F
add esp, 0Ch
loc_4018DE: ; CODE XREF: sub_401884+46�j
push [ebp+arg_0]
lea eax, [esi+204h]
push eax
call sub_403F0B
push 416218h
push 1
push esi
push offset sub_4015D0
call sub_40689D
add esp, 18h
cmp edi, ebx
jz short loc_40192D
push 416214h
push edi
call near ptr 414828h
push edi
call sub_401856
add esp, 0Ch
test eax, eax
jnz short loc_40192D
push 4161F4h
push [ebp+arg_0]
call sub_40A68C
pop ecx
pop ecx
loc_40192D: ; CODE XREF: sub_401884+16�j
; sub_401884+2E�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_401884 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401932 proc near ; DATA XREF: sub_401E49+E6�o
var_604 = qword ptr -604h
var_5FC = qword ptr -5FCh
var_5E8 = byte ptr -5E8h
var_3E8 = dword ptr -3E8h
var_3E4 = byte ptr -3E4h
var_3C3 = byte ptr -3C3h
var_2BF = byte ptr -2BFh
var_1BF = byte ptr -1BFh
var_1B5 = byte ptr -1B5h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5E8h
push esi
push 3D6h
push [ebp+arg_0]
lea eax, [ebp+var_3E8]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
lea eax, [ebp+var_3C3]
push eax
call dword ptr ds:4150B4h
lea eax, [ebp+var_3C3]
push 4162B0h
push eax
call near ptr 414840h
xor esi, esi
pop ecx
cmp eax, esi
pop ecx
mov [ebp+var_10], eax
jnz short loc_401991
push [ebp+var_3E8]
call sub_4069B8
jmp short loc_4019C8
; ---------------------------------------------------------------------------
loc_401991: ; CODE XREF: sub_401932+50�j
push 2710h
lea eax, [ebp+var_1BF]
push esi
push eax
lea eax, [ebp+var_2BF]
push eax
call sub_403CB3
add esp, 10h
cmp eax, esi
mov [ebp+var_C], eax
jnz short loc_4019CE
push [ebp+var_10]
call near ptr 41483Ah
push [ebp+var_3E8]
call sub_4069B8
pop ecx
loc_4019C8: ; CODE XREF: sub_401932+5D�j
pop ecx
jmp loc_401B1A
; ---------------------------------------------------------------------------
loc_4019CE: ; CODE XREF: sub_401932+80�j
push ebx
lea eax, [ebp+var_3E4]
push edi
push eax
lea eax, [ebp+var_3C3]
push eax
mov eax, [ebp+var_3E8]
push dword ptr [eax]
lea eax, [ebp+var_1B5]
push 416284h
push eax
call sub_40A68C
add esp, 14h
call near ptr 41481Ch
mov ebx, ds:41524Ch
mov [ebp+var_4], esi
push esi
mov [ebp+arg_0], eax
mov esi, 200h
jmp short loc_401A5F
; ---------------------------------------------------------------------------
loc_401A13: ; CODE XREF: sub_401932+13E�j
cmp edi, esi
ja short loc_401A72
add [ebp+var_4], edi
push [ebp+var_4]
call dword ptr ds:415250h
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push 4
push eax
push [ebp+var_C]
call sub_403E36
push [ebp+var_10]
lea eax, [ebp+var_5E8]
push edi
push 1
push eax
call near ptr 414834h
add esp, 1Ch
cmp edi, esi
jb short loc_401A72
mov eax, [ebp+var_3E8]
cmp dword ptr [eax+4], 0
jnz loc_401AFA
push 0
loc_401A5F: ; CODE XREF: sub_401932+DF�j
lea eax, [ebp+var_5E8]
push esi
push eax
push [ebp+var_C]
call ebx
mov edi, eax
test edi, edi
jnz short loc_401A13
loc_401A72: ; CODE XREF: sub_401932+E3�j
; sub_401932+119�j
push [ebp+var_10]
call near ptr 41482Eh
pop ecx
mov esi, eax
call near ptr 41481Ch
cmp [ebp+arg_0], eax
jnz short loc_401A90
call near ptr 41481Ch
dec eax
mov [ebp+arg_0], eax
loc_401A90: ; CODE XREF: sub_401932+153�j
mov eax, esi
mov ecx, 400h
cdq
idiv ecx
mov [ebp+var_8], eax
fild [ebp+var_8]
fstp [ebp+var_4]
call near ptr 41481Ch
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+var_8], eax
fild [ebp+var_8]
fmul dword ptr ds:415278h
fdivr [ebp+var_4]
fstp [esp+5FCh+var_5FC]
call near ptr 41481Ch
sub eax, [ebp+arg_0]
push ecx
push ecx
mov [ebp+arg_0], eax
lea eax, [ebp+var_3E4]
fild [ebp+arg_0]
fmul dword ptr ds:415278h
fstp [esp+604h+var_604]
push eax
lea eax, [ebp+var_3C3]
push eax
lea eax, [ebp+var_1B5]
push 416238h
push eax
call sub_40A68C
add esp, 20h
loc_401AFA: ; CODE XREF: sub_401932+125�j
push [ebp+var_10]
call near ptr 41483Ah
push [ebp+var_C]
call sub_403E0F
push [ebp+var_3E8]
call sub_4069B8
add esp, 0Ch
pop edi
pop ebx
loc_401B1A: ; CODE XREF: sub_401932+97�j
xor eax, eax
pop esi
leave
retn 4
sub_401932 endp
; ---------------------------------------------------------------------------
loc_401B21: ; DATA XREF: sub_401F41+62�o
push ebp
mov ebp, esp
sub esp, 0A00h
push ebx
push esi
push edi
push 2CCh
push dword ptr [ebp+8]
lea eax, [ebp-2F8h]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
lea eax, [ebp-2D3h]
push eax
call near ptr 4147F8h
xor esi, esi
add esp, 14h
cmp eax, esi
jz short loc_401B6B
loc_401B5E: ; CODE XREF: .text:00401B69�j
cmp byte ptr [ebp+eax-2D3h], 5Ch
jz short loc_401B73
dec eax
jnz short loc_401B5E
loc_401B6B: ; CODE XREF: .text:00401B5C�j
lea eax, [ebp-2D3h]
jmp short loc_401B7A
; ---------------------------------------------------------------------------
loc_401B73: ; CODE XREF: .text:00401B66�j
lea eax, [ebp+eax-2D2h]
loc_401B7A: ; CODE XREF: .text:00401B71�j
push eax
lea eax, [ebp-3FCh]
push eax
call near ptr 4147F2h
pop ecx
lea eax, [ebp-8]
pop ecx
mov dword ptr [ebp-8], 10h
push eax
lea eax, [ebp-2Ch]
push eax
call sub_40A0BC
push eax
call dword ptr ds:415244h
push 2
push esi
push esi
lea eax, [ebp-0A00h]
push 401h
push eax
push dword ptr [ebp-8]
lea eax, [ebp-2Ch]
push eax
call dword ptr ds:41C480h
test eax, eax
jz short loc_401BD2
loc_401BC5: ; CODE XREF: .text:00401C04�j
push dword ptr [ebp-2F8h]
call sub_4069B8
jmp short loc_401C31
; ---------------------------------------------------------------------------
loc_401BD2: ; CODE XREF: .text:00401BC3�j
lea eax, [ebp-14h]
push 0Ah
push eax
push 1388h
push 400h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call near ptr 414C24h
lea eax, [ebp-14h]
push 1
push eax
call sub_40370B
mov edi, eax
add esp, 14h
cmp edi, esi
mov [ebp-1Ch], edi
jz short loc_401BC5
lea eax, [ebp-2D3h]
push 41637Ch
push eax
call near ptr 414840h
mov ebx, eax
pop ecx
cmp ebx, esi
pop ecx
jnz short loc_401C37
push edi
call sub_4039E7
push dword ptr [ebp-2F8h]
call sub_4069B8
pop ecx
loc_401C31: ; CODE XREF: .text:00401BD0�j
pop ecx
jmp loc_401E40
; ---------------------------------------------------------------------------
loc_401C37: ; CODE XREF: .text:00401C1D�j
push 2
push esi
push ebx
call near ptr 414856h
push ebx
call near ptr 41482Eh
push esi
push esi
push ebx
mov [ebp-4], eax
call near ptr 414856h
lea eax, [ebp-0A00h]
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-2F4h]
push 416368h
push eax
call sub_40A5A8
add esp, 2Ch
lea eax, [ebp-14h]
push dword ptr [ebp-4]
push eax
lea eax, [ebp-0A00h]
push eax
call dword ptr ds:415248h
push eax
call dword ptr ds:415250h
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-2F4h]
push 41634Ch
push eax
call sub_40A61A
push 0EA60h
push edi
call sub_40382E
add esp, 20h
cmp eax, esi
mov [ebp-0Ch], eax
jz loc_401E26
cmp eax, 0FFFFFFFFh
jz loc_401E26
lea eax, [ebp-2F4h]
push eax
lea eax, [ebp-3FCh]
push eax
mov eax, [ebp-2F8h]
push dword ptr [eax]
lea eax, [ebp-1CFh]
push 416324h
push eax
call sub_40A68C
call near ptr 41481Ch
mov esi, 200h
mov [ebp+8], eax
push ebx
push esi
lea eax, [ebp-5FCh]
push 1
push eax
call near ptr 414850h
add esp, 24h
jmp short loc_401D58
; ---------------------------------------------------------------------------
loc_401D12: ; CODE XREF: .text:00401D5C�j
cmp edi, esi
ja short loc_401D5E
lea eax, [ebp-5FCh]
push edi
push eax
push dword ptr [ebp-0Ch]
call sub_403E36
add esp, 0Ch
test eax, eax
jz loc_401E02
cmp edi, esi
jb short loc_401D5E
mov eax, [ebp-2F8h]
cmp dword ptr [eax+4], 0
jnz loc_401DDC
push ebx
push esi
lea eax, [ebp-5FCh]
push 1
push eax
call near ptr 414850h
add esp, 10h
loc_401D58: ; CODE XREF: .text:00401D10�j
mov edi, eax
test edi, edi
jnz short loc_401D12
loc_401D5E: ; CODE XREF: .text:00401D14�j
; .text:00401D33�j
call near ptr 41481Ch
cmp [ebp+8], eax
jnz short loc_401D71
call near ptr 41481Ch
dec eax
mov [ebp+8], eax
loc_401D71: ; CODE XREF: .text:00401D66�j
mov eax, [ebp-4]
mov ecx, 400h
cdq
idiv ecx
mov [ebp-4], eax
fild dword ptr [ebp-4]
fstp dword ptr [ebp-18h]
call near ptr 41481Ch
sub eax, [ebp+8]
push ecx
push ecx
mov [ebp-4], eax
fild dword ptr [ebp-4]
fmul dword ptr ds:415278h
fdivr dword ptr [ebp-18h]
fstp qword ptr [esp]
call near ptr 41481Ch
sub eax, [ebp+8]
push ecx
push ecx
mov [ebp+8], eax
; ---------------------------------------------------------------------------
dw 858Dh
; ---------------------------------------------------------------------------
public start
start:
or al, 0FDh
; ---------------------------------------------------------------------------
dw 0FFFFh
; ---------------------------------------------------------------------------
fild dword ptr [ebp+8]
fmul dword ptr ds:415278h
fstp qword ptr [esp]
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-1CFh]
push 4162E0h
push eax
call sub_40A68C
add esp, 20h
loc_401DDC: ; CODE XREF: .text:00401D3F�j
; .text:00401E24�j
push dword ptr [ebp-0Ch]
call sub_403E0F
push ebx
call near ptr 41483Ah
push dword ptr [ebp-1Ch]
call sub_4039E7
push dword ptr [ebp-2F8h]
call sub_4069B8
add esp, 10h
jmp short loc_401E40
; ---------------------------------------------------------------------------
loc_401E02: ; CODE XREF: .text:00401D2B�j
lea eax, [ebp-2F4h]
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-1CFh]
push 4162B4h
push eax
call sub_40A68C
add esp, 10h
jmp short loc_401DDC
; ---------------------------------------------------------------------------
loc_401E26: ; CODE XREF: .text:00401CBA�j
; .text:00401CC3�j
push ebx
call near ptr 41483Ah
push edi
call sub_4039E7
push dword ptr [ebp-2F8h]
call sub_4069B8
add esp, 0Ch
loc_401E40: ; CODE XREF: .text:00401C32�j
; .text:00401E00�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E49 proc near ; CODE XREF: .data:0040AA95�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
jz loc_401F3C
cmp [ebp+arg_8], ebx
jz loc_401F3C
cmp [ebp+arg_C], ebx
jz loc_401F3C
cmp [ebp+arg_10], ebx
jz loc_401F3C
push [ebp+arg_10]
call near ptr 41485Ch
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_401F3C
cmp esi, 0FFFFh
ja loc_401F3C
push [ebp+arg_14]
call near ptr 41485Ch
mov edi, eax
pop ecx
cmp edi, ebx
jz loc_401F3C
cmp esi, 40000000h
ja loc_401F3C
push 3D6h
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_401F3C
push 21h
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call near ptr 4147FEh
push 104h
lea eax, [esi+25h]
push [ebp+arg_8]
push eax
call near ptr 4147FEh
push 100h
lea eax, [esi+129h]
push [ebp+arg_C]
push eax
call near ptr 4147FEh
push 6
lea eax, [esi+229h]
push [ebp+arg_10]
push eax
call near ptr 4147FEh
push 1A3h
lea eax, [esi+233h]
push [ebp+arg_0]
mov [esi+22Fh], edi
push eax
call near ptr 414810h
push [ebp+arg_4]
push [ebp+arg_8]
push 416380h
push ebx
push esi
push offset sub_401932
call sub_40689D
add esp, 54h
loc_401F3C: ; CODE XREF: sub_401E49+B�j
; sub_401E49+14�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_401E49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F41 proc near ; CODE XREF: sub_40826C+2A0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push esi
jz short loc_401FB0
cmp [ebp+arg_8], 0
jz short loc_401FB0
push 2CCh
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_401FB0
push 21h
lea eax, [esi+4]
push [ebp+arg_4]
push eax
call near ptr 4147FEh
push 104h
lea eax, [esi+25h]
push [ebp+arg_8]
push eax
call near ptr 4147FEh
push 1A3h
lea eax, [esi+129h]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_4]
push [ebp+arg_8]
push 4163A4h
push 0
push esi
push offset loc_401B21
call sub_40689D
add esp, 3Ch
loc_401FB0: ; CODE XREF: sub_401F41+8�j
; sub_401F41+E�j ...
pop esi
pop ebp
retn
sub_401F41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FB3 proc near ; CODE XREF: sub_40219E+3B2�p
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 408h
push ebx
push esi
mov ebx, 2710h
push edi
push ebx
push 0
push [ebp+arg_C]
push [ebp+arg_8]
call sub_403CB3
mov esi, eax
add esp, 10h
test esi, esi
mov [ebp+var_4], esi
jz loc_402194
push [ebp+arg_8]
mov edi, 401h
lea eax, [ebp+var_408]
push [ebp+arg_10]
push 4163F8h
push edi
push eax
call near ptr 41486Eh
lea eax, [ebp+var_408]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_408]
push eax
push esi
call sub_403E36
push ebx
lea eax, [ebp+var_408]
push edi
push eax
push esi
call sub_403E8F
add esp, 34h
mov [ebp+arg_10], eax
test eax, eax
jz loc_40218D
cmp eax, 0FFFFFFFFh
jz loc_40218D
lea eax, [ebp+var_408]
push 4163F0h
push eax
call near ptr 414868h
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz loc_402188
lea eax, [ebp+var_408]
push 4163DCh
push eax
add esi, 4
call near ptr 414868h
pop ecx
test eax, eax
pop ecx
jz loc_402188
cmp eax, esi
ja loc_402188
and [ebp+arg_C], 0
lea ecx, [ebp+arg_C]
push ecx
push 4163C4h
push eax
call near ptr 414862h
add esp, 0Ch
cmp eax, 1
jnz loc_402188
mov ecx, [ebp+arg_C]
test ecx, ecx
jz loc_402188
mov eax, [ebp+arg_18]
test eax, eax
jz short loc_4020B5
mov [eax], ecx
loc_4020B5: ; CODE XREF: sub_401FB3+FE�j
push 4162B0h
push [ebp+arg_14]
call near ptr 414840h
pop ecx
mov [ebp+arg_8], eax
test eax, eax
pop ecx
jnz short loc_4020DD
loc_4020CB: ; CODE XREF: sub_401FB3+1B3�j
xor esi, esi
loc_4020CD: ; CODE XREF: sub_401FB3+1A8�j
push [ebp+var_4]
call sub_403E0F
pop ecx
mov eax, esi
jmp loc_402196
; ---------------------------------------------------------------------------
loc_4020DD: ; CODE XREF: sub_401FB3+116�j
push eax
mov eax, [ebp+arg_10]
sub eax, esi
lea eax, [ebp+eax+var_408]
push eax
push 1
push esi
call near ptr 414834h
sub esi, [ebp+arg_10]
lea eax, [ebp+var_408]
add esp, 10h
sub esi, eax
add [ebp+arg_C], esi
loc_402104: ; CODE XREF: sub_401FB3+19A�j
mov eax, [ebp+arg_1C]
test eax, eax
jz short loc_402111
cmp dword ptr [eax+4], 0
jnz short loc_40214F
loc_402111: ; CODE XREF: sub_401FB3+156�j
push ebx
lea eax, [ebp+var_408]
push edi
push eax
push [ebp+var_4]
call sub_403E8F
mov esi, eax
add esp, 10h
test esi, esi
jz short loc_40216B
cmp esi, 0FFFFFFFFh
jz short loc_40216B
cmp esi, [ebp+arg_C]
push [ebp+arg_8]
ja short loc_402160
push esi
lea eax, [ebp+var_408]
push 1
push eax
call near ptr 414834h
add esp, 10h
sub [ebp+arg_C], esi
jnz short loc_402104
loc_40214F: ; CODE XREF: sub_401FB3+15C�j
push [ebp+arg_8]
call near ptr 41483Ah
xor esi, esi
pop ecx
inc esi
jmp loc_4020CD
; ---------------------------------------------------------------------------
loc_402160: ; CODE XREF: sub_401FB3+183�j
call near ptr 41483Ah
pop ecx
jmp loc_4020CB
; ---------------------------------------------------------------------------
loc_40216B: ; CODE XREF: sub_401FB3+176�j
; sub_401FB3+17B�j
push [ebp+arg_8]
call near ptr 41483Ah
push [ebp+var_4]
call sub_403E0F
pop ecx
pop ecx
push [ebp+arg_14]
call dword ptr ds:4150B4h
jmp short loc_402194
; ---------------------------------------------------------------------------
loc_402188: ; CODE XREF: sub_401FB3+A3�j
; sub_401FB3+C1�j ...
push [ebp+var_4]
jmp short loc_40218E
; ---------------------------------------------------------------------------
loc_40218D: ; CODE XREF: sub_401FB3+7D�j
; sub_401FB3+86�j
push esi
loc_40218E: ; CODE XREF: sub_401FB3+1D8�j
call sub_403E0F
pop ecx
loc_402194: ; CODE XREF: sub_401FB3+29�j
; sub_401FB3+1D3�j
xor eax, eax
loc_402196: ; CODE XREF: sub_401FB3+125�j
pop edi
pop esi
pop ebx
leave
retn
sub_401FB3 endp
; =============== S U B R O U T I N E =======================================
sub_40219B proc near ; CODE XREF: sub_40219E+3F7�p
; sub_40219E+425�p
xor eax, eax
retn
sub_40219B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40219E proc near ; DATA XREF: sub_40271C+A7�o
var_7E8 = qword ptr -7E8h
var_7D0 = byte ptr -7D0h
var_6CC = byte ptr -6CCh
var_5CC = byte ptr -5CCh
var_4C8 = byte ptr -4C8h
var_4C7 = byte ptr -4C7h
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_3C8 = dword ptr -3C8h
var_3C4 = byte ptr -3C4h
var_3C3 = byte ptr -3C3h
var_3BE = byte ptr -3BEh
var_3BD = byte ptr -3BDh
var_2C0 = byte ptr -2C0h
var_1BC = byte ptr -1BCh
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_2F = byte ptr -2Fh
var_22 = byte ptr -22h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
push 3AFh
push [ebp+arg_0]
lea eax, [ebp+var_3C8]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
lea eax, [ebp+var_3C4]
push eax
lea eax, [ebp+var_7D0]
push eax
call near ptr 4147F2h
mov dl, ds:41C42Ch
push 1Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_447]
mov [ebp+var_448], dl
rep stosd
stosw
stosb
push 1Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_4C7]
mov [ebp+var_4C8], dl
xor ebx, ebx
rep stosd
stosw
stosb
lea eax, [ebp+var_2C0]
inc ebx
push eax
lea eax, [ebp+var_7D0]
push eax
mov eax, [ebp+var_3C8]
xor edi, edi
mov dword ptr [ebp+var_10+4], ebx
push dword ptr [eax]
lea eax, [ebp+var_1BC]
mov [ebp+arg_0], edi
push 4165D4h
push eax
call sub_40A68C
push 7
lea eax, [ebp+var_3C4]
push 4165CCh
push eax
call near ptr 414C2Ah
add esp, 38h
test eax, eax
jnz short loc_4022B1
lea eax, [ebp+var_2C0]
push edi
push eax
lea eax, [ebp+var_3BD]
push eax
call dword ptr ds:41506Ch
test eax, eax
jnz loc_402602
call dword ptr ds:4150DCh
cmp eax, 20h
jnz short loc_402298
lea eax, [ebp+var_2C0]
push eax
mov eax, [ebp+var_3C8]
push dword ptr [eax]
push 416594h
jmp loc_4025E2
; ---------------------------------------------------------------------------
loc_402298: ; CODE XREF: sub_40219E+DF�j
lea eax, [ebp+var_3BD]
push eax
mov eax, [ebp+var_3C8]
push dword ptr [eax]
push 416564h
jmp loc_4025E2
; ---------------------------------------------------------------------------
loc_4022B1: ; CODE XREF: sub_40219E+B7�j
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F8h
pop ecx
mov esi, eax
jmp short loc_4022CD
; ---------------------------------------------------------------------------
loc_4022C2: ; CODE XREF: sub_40219E+132�j
cmp [ebp+esi+var_3C4], 3Ah
jz short loc_4022D4
dec esi
loc_4022CD: ; CODE XREF: sub_40219E+122�j
cmp esi, 0FFFFFFFFh
jnz short loc_4022C2
jmp short loc_402333
; ---------------------------------------------------------------------------
loc_4022D4: ; CODE XREF: sub_40219E+12C�j
cmp [ebp+esi+var_3C3], 0
mov edi, ebx
jz short loc_402302
lea ecx, [ebp+esi+var_3C4]
mov al, [ecx+1]
loc_4022EA: ; CODE XREF: sub_40219E+162�j
cmp al, 2Fh
jz short loc_402302
cmp al, 30h
jl short loc_402331
cmp al, 39h
jg short loc_402331
mov byte ptr [ebp+edi+var_10+7], al
inc edi
mov al, [ecx+edi]
test al, al
jnz short loc_4022EA
loc_402302: ; CODE XREF: sub_40219E+140�j
; sub_40219E+14E�j
and byte ptr [ebp+edi+var_10+7], 0
lea eax, [ebp+var_8]
push eax
call sub_403370
test eax, eax
pop ecx
jz short loc_402331
add edi, esi
lea eax, [ebp+edi+var_3C4]
push eax
lea eax, [ebp+esi+var_3C4]
push eax
call near ptr 4147F2h
pop ecx
mov [ebp+arg_0], ebx
pop ecx
loc_402331: ; CODE XREF: sub_40219E+152�j
; sub_40219E+156�j ...
xor edi, edi
loc_402333: ; CODE XREF: sub_40219E+134�j
push 7
lea eax, [ebp+var_3C4]
push 41655Ch
push eax
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_40237C
cmp [ebp+arg_0], edi
jnz short loc_402362
lea eax, [ebp+var_8]
push 416558h
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_402362: ; CODE XREF: sub_40219E+1B2�j
lea eax, [ebp+var_3BD]
push eax
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
jmp loc_402430
; ---------------------------------------------------------------------------
loc_40237C: ; CODE XREF: sub_40219E+1AD�j
push 6
lea eax, [ebp+var_3C4]
push 416550h
push eax
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_4023E5
cmp [ebp+arg_0], edi
jnz short loc_4023AB
lea eax, [ebp+var_8]
push 41654Ch
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4023AB: ; CODE XREF: sub_40219E+1FB�j
lea eax, [ebp+var_3BE]
push eax
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F2h
push 2
mov esi, 416540h
pop ebx
lea eax, [ebp+var_448]
push esi
push eax
call near ptr 4147F2h
lea eax, [ebp+var_4C8]
push esi
push eax
call near ptr 4147F2h
add esp, 18h
jmp short loc_402430
; ---------------------------------------------------------------------------
loc_4023E5: ; CODE XREF: sub_40219E+1F6�j
push 7
lea eax, [ebp+var_3C4]
push 416538h
push eax
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz loc_4026EC
cmp [ebp+arg_0], edi
jnz short loc_402418
lea eax, [ebp+var_8]
push 416534h
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_402418: ; CODE XREF: sub_40219E+268�j
lea eax, [ebp+var_3BD]
push eax
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
push 3
pop ebx
loc_402430: ; CODE XREF: sub_40219E+1D9�j
; sub_40219E+245�j
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F8h
pop ecx
mov esi, eax
jmp short loc_40244C
; ---------------------------------------------------------------------------
loc_402441: ; CODE XREF: sub_40219E+2B1�j
cmp [ebp+esi+var_3C4], 40h
jz short loc_402453
dec esi
loc_40244C: ; CODE XREF: sub_40219E+2A1�j
cmp esi, 0FFFFFFFFh
jnz short loc_402441
jmp short loc_4024B9
; ---------------------------------------------------------------------------
loc_402453: ; CODE XREF: sub_40219E+2AB�j
and [ebp+esi+var_3C4], 0
lea eax, [ebp+var_3C4]
push 416530h
push eax
call near ptr 414868h
pop ecx
mov edi, 80h
test eax, eax
pop ecx
jz short loc_40248C
and byte ptr [eax], 0
inc eax
push edi
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_40558F
add esp, 0Ch
loc_40248C: ; CODE XREF: sub_40219E+2D7�j
lea eax, [ebp+var_3C4]
push edi
push eax
lea eax, [ebp+var_448]
push eax
call sub_40558F
lea eax, [ebp+esi+var_3C3]
push eax
lea eax, [ebp+var_3C4]
push eax
call near ptr 4147F2h
add esp, 14h
xor edi, edi
loc_4024B9: ; CODE XREF: sub_40219E+2B3�j
lea eax, [ebp+var_3C4]
push 41652Ch
push eax
call near ptr 414868h
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
jnz short loc_4024E4
mov eax, [ebp+var_3C8]
push dword ptr [eax]
push 416500h
jmp loc_4026F9
; ---------------------------------------------------------------------------
loc_4024E4: ; CODE XREF: sub_40219E+332�j
lea eax, [esi+1]
push eax
lea eax, [ebp+var_5CC]
push eax
call near ptr 4147F2h
and byte ptr [esi], 0
lea eax, [ebp+var_3C4]
push eax
lea eax, [ebp+var_6CC]
push eax
call near ptr 4147F2h
add esp, 10h
call near ptr 41481Ch
xor ecx, ecx
cmp ebx, 1
mov dword ptr [ebp+var_18+4], eax
mov [ebp+arg_0], ecx
jnz short loc_40255E
push [ebp+var_3C8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_2C0]
push eax
lea eax, [ebp+var_5CC]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6CC]
push eax
lea eax, [ebp+var_4C8]
push eax
lea eax, [ebp+var_448]
push eax
call sub_401FB3
mov ecx, [ebp+arg_0]
add esp, 20h
mov dword ptr [ebp+var_10+4], eax
loc_40255E: ; CODE XREF: sub_40219E+37F�j
mov edx, [ebp+var_3C8]
cmp ebx, 2
jnz short loc_4025A0
lea eax, [ebp+arg_0]
push edx
push eax
lea eax, [ebp+var_2C0]
push eax
lea eax, [ebp+var_5CC]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6CC]
push eax
lea eax, [ebp+var_4C8]
push eax
lea eax, [ebp+var_448]
push eax
call sub_40219B
add esp, 20h
mov dword ptr [ebp+var_10+4], eax
loc_4025A0: ; CODE XREF: sub_40219E+3C9�j
cmp ebx, 3
jnz short loc_4025CE
lea eax, [ebp+arg_0]
push edx
push eax
lea eax, [ebp+var_2C0]
push eax
lea eax, [ebp+var_5CC]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6CC]
push eax
call sub_40219B
add esp, 18h
mov dword ptr [ebp+var_10+4], eax
loc_4025CE: ; CODE XREF: sub_40219E+405�j
cmp dword ptr [ebp+var_10+4], 1
jz short loc_402605
lea eax, [ebp+var_7D0]
push eax
push dword ptr [edx]
push 4164D0h
loc_4025E2: ; CODE XREF: sub_40219E+F5�j
; sub_40219E+10E�j ...
lea eax, [ebp+var_1BC]
push eax
call sub_40A68C
add esp, 10h
loc_4025F1: ; CODE XREF: sub_40219E+4E9�j
; sub_40219E+4F8�j ...
push [ebp+var_3C8]
call sub_4069B8
pop ecx
jmp loc_402713
; ---------------------------------------------------------------------------
loc_402602: ; CODE XREF: sub_40219E+D0�j
mov ecx, [ebp+arg_0]
loc_402605: ; CODE XREF: sub_40219E+434�j
cmp [ebp+var_22], 0
jz short loc_402612
mov eax, 4164C4h
jmp short loc_402622
; ---------------------------------------------------------------------------
loc_402612: ; CODE XREF: sub_40219E+46B�j
cmp [ebp+var_32], 0
mov eax, 4164B8h
jnz short loc_402622
mov eax, 41C42Ch
loc_402622: ; CODE XREF: sub_40219E+472�j
; sub_40219E+47D�j
shr ecx, 0Ah
mov dword ptr [ebp+var_10], ecx
mov dword ptr [ebp+var_10+4], edi
fild [ebp+var_10]
push eax
fstp [ebp+arg_0]
call near ptr 41481Ch
sub eax, dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], edi
push ecx
push ecx
mov dword ptr [ebp+var_18], eax
lea eax, [ebp+var_2C0]
fild [ebp+var_18]
fmul dword ptr ds:415278h
fdivr [ebp+arg_0]
fstp [esp+7E8h+var_7E8]
push eax
mov eax, [ebp+var_3C8]
push dword ptr [eax]
lea eax, [ebp+var_1BC]
push 416470h
push eax
call sub_40A68C
add esp, 1Ch
cmp [ebp+var_33], 0
jz short loc_40268C
lea eax, [ebp+var_2C0]
push eax
call dword ptr ds:4150B4h
jmp loc_4025F1
; ---------------------------------------------------------------------------
loc_40268C: ; CODE XREF: sub_40219E+4DA�j
cmp [ebp+var_32], 0
jnz short loc_40269C
cmp [ebp+var_22], 0
jz loc_4025F1
loc_40269C: ; CODE XREF: sub_40219E+4F2�j
xor eax, eax
cmp [ebp+var_2F], al
setz al
push eax
push edi
lea eax, [ebp+var_2C0]
push edi
push eax
push 41622Ch
push edi
call dword ptr ds:4151D4h
cmp eax, 20h
jbe short loc_4026D3
cmp [ebp+var_22], 0
jz loc_4025F1
call sub_404F93
jmp loc_4025F1
; ---------------------------------------------------------------------------
loc_4026D3: ; CODE XREF: sub_40219E+51F�j
lea eax, [ebp+var_2C0]
push eax
mov eax, [ebp+var_3C8]
push dword ptr [eax]
push 416444h
jmp loc_4025E2
; ---------------------------------------------------------------------------
loc_4026EC: ; CODE XREF: sub_40219E+25F�j
mov eax, [ebp+var_3C8]
push dword ptr [eax]
push 416418h
loc_4026F9: ; CODE XREF: sub_40219E+341�j
lea eax, [ebp+var_1BC]
push eax
call sub_40A68C
push [ebp+var_3C8]
call sub_4069B8
add esp, 10h
loc_402713: ; CODE XREF: sub_40219E+45F�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40219E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40271C proc near ; CODE XREF: sub_40826C+21D�p
; sub_40A3D1+106�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
xor edi, edi
cmp [ebp+arg_4], edi
jz loc_4027D1
push 3AFh
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, edi
jz loc_4027D1
push ebx
push 8
push 4
call near ptr 40C0FFh
cmp [ebp+arg_8], edi
pop ecx
pop ecx
mov ebx, eax
jnz short loc_402782
loc_402757: ; CODE XREF: sub_40271C+4D�j
push 7Ah
push 61h
call near ptr 40C0FFh
mov [ebp+edi+var_10], al
inc edi
pop ecx
cmp edi, ebx
pop ecx
jnz short loc_402757
lea eax, [ebp+edi+var_10]
push 416628h
push eax
call near ptr 4147F2h
pop ecx
lea eax, [ebp+var_10]
pop ecx
mov [ebp+arg_8], eax
loc_402782: ; CODE XREF: sub_40271C+39�j
mov edi, 104h
lea ebx, [esi+4]
push edi
push [ebp+arg_4]
push ebx
call sub_40558F
push edi
lea eax, [esi+108h]
push [ebp+arg_8]
push eax
call sub_40558F
push [ebp+arg_0]
lea eax, [esi+20Ch]
push eax
call sub_403F0B
lea eax, [esi+108h]
push eax
push ebx
push 416604h
push 0
push esi
push offset sub_40219E
call sub_40689D
add esp, 38h
pop ebx
loc_4027D1: ; CODE XREF: sub_40271C+D�j
; sub_40271C+22�j
pop edi
pop esi
leave
retn
sub_40271C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027D5 proc near ; CODE XREF: sub_40672A+55�p
; sub_4067F7+83�p
var_104 = byte ptr -104h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
push 1
push 41C434h
call sub_406D5B
mov esi, [ebp+arg_0]
xor edi, edi
cmp ds:41C430h, edi
pop ecx
pop ecx
mov ebx, eax
jz loc_4028ED
mov edx, [esi]
mov eax, 0C0000025h
mov edi, 4167E4h
mov ecx, [edx]
cmp ecx, eax
ja short loc_40284A
jz short loc_402843
cmp ecx, 80000003h
jz short loc_40283C
cmp ecx, 0C0000005h
jz short loc_402835
cmp ecx, 0C000001Dh
jnz short loc_40287D
mov edi, 4167C4h
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_402835: ; CODE XREF: sub_4027D5+4F�j
mov edi, 4167A8h
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_40283C: ; CODE XREF: sub_4027D5+47�j
mov edi, 416790h
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_402843: ; CODE XREF: sub_4027D5+3F�j
mov edi, 41676Ch
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_40284A: ; CODE XREF: sub_4027D5+3D�j
cmp ecx, 0C000008Dh
jb short loc_40287D
cmp ecx, 0C0000093h
jbe short loc_402878
cmp ecx, 0C0000094h
jz short loc_402871
cmp ecx, 0C00000FDh
jnz short loc_40287D
mov edi, 416750h
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_402871: ; CODE XREF: sub_4027D5+8B�j
mov edi, 416730h
jmp short loc_40287D
; ---------------------------------------------------------------------------
loc_402878: ; CODE XREF: sub_4027D5+83�j
mov edi, 416720h
loc_40287D: ; CODE XREF: sub_4027D5+57�j
; sub_4027D5+5E�j ...
cmp dword ptr [edx+4], 1
mov edx, 416714h
jz short loc_40288D
mov edx, 416708h
loc_40288D: ; CODE XREF: sub_4027D5+B1�j
mov eax, [esi+4]
push edx
push edi
push ecx
push dword ptr [eax+0C0h]
push dword ptr [eax+0B8h]
push dword ptr [eax+0C4h]
push dword ptr [eax+0B4h]
push dword ptr [eax+9Ch]
push dword ptr [eax+0A0h]
push dword ptr [eax+0A8h]
push dword ptr [eax+0ACh]
push dword ptr [eax+0A4h]
push dword ptr [eax+0B0h]
lea eax, [ebx+1]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push 416658h
push 41C070h
call sub_40A61A
add esp, 48h
xor edi, edi
loc_4028ED: ; CODE XREF: sub_4027D5+27�j
inc ebx
cmp ebx, 64h
jz short loc_402919
mov eax, [esi]
cmp dword ptr [eax+4], 1
jz short loc_402919
cmp dword ptr [eax], 80000003h
jnz short loc_402914
mov esi, [esi+4]
inc dword ptr [esi+0B8h]
or eax, 0FFFFFFFFh
loc_40290F: ; CODE XREF: sub_4027D5+142�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_402914: ; CODE XREF: sub_4027D5+12C�j
xor eax, eax
inc eax
jmp short loc_40290F
; ---------------------------------------------------------------------------
loc_402919: ; CODE XREF: sub_4027D5+11C�j
; sub_4027D5+124�j
lea eax, [ebp+var_104]
push 104h
push eax
push edi
call dword ptr ds:415060h
push eax
call dword ptr ds:415064h
test eax, eax
jz short loc_402959
push edi
push edi
lea eax, [ebp+var_104]
push edi
push eax
push 41622Ch
push edi
call dword ptr ds:4151D4h
cmp eax, 20h
ja short loc_402959
push 416644h
jmp short loc_40295E
; ---------------------------------------------------------------------------
loc_402959: ; CODE XREF: sub_4027D5+160�j
; sub_4027D5+17B�j
push 416630h
loc_40295E: ; CODE XREF: sub_4027D5+182�j
call sub_40A79C
pop ecx
push edi
call dword ptr ds:415068h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_4029B0
mov eax, [edi+4]
cmp eax, ebx
jz short loc_402990
cmp eax, 2
jz short loc_402990
mov esi, 273Fh
jmp short loc_4029A2
; ---------------------------------------------------------------------------
loc_402990: ; CODE XREF: sub_4027D5+1AD�j
; sub_4027D5+1B2�j
mov eax, [edi+8]
cmp eax, 1
jz short loc_4029B0
cmp eax, 2
jz short loc_4029B0
mov esi, 273Ch
loc_4029A2: ; CODE XREF: sub_4027D5+1B9�j
push esi
call dword ptr ds:415238h
mov eax, esi
jmp loc_402B63
; ---------------------------------------------------------------------------
loc_4029B0: ; CODE XREF: sub_4027D5+1A6�j
; sub_4027D5+1C1�j ...
cmp [ebp+arg_0], ebx
jnz loc_402A50
push 30h
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_402A97
push 30h
push ebx
push esi
call near ptr 414822h
push 10h
lea eax, [ebp+var_18]
pop ebx
push ebx
push 0
push eax
call near ptr 414822h
add esp, 18h
cmp [ebp+arg_4], 0
mov [ebp+var_18], 2
jz short loc_402A06
push [ebp+arg_4]
call near ptr 41485Ch
pop ecx
push eax
call dword ptr ds:41523Ch
mov [ebp+var_16], ax
loc_402A06: ; CODE XREF: sub_4027D5+21B�j
test edi, edi
mov dword ptr [esi+4], 2
jz short loc_402A16
mov eax, [edi+8]
jmp short loc_402A19
; ---------------------------------------------------------------------------
loc_402A16: ; CODE XREF: sub_4027D5+23A�j
xor eax, eax
inc eax
loc_402A19: ; CODE XREF: sub_4027D5+23F�j
test edi, edi
mov [esi+8], eax
jz short loc_402A25
mov eax, [edi+0Ch]
jmp short loc_402A28
; ---------------------------------------------------------------------------
loc_402A25: ; CODE XREF: sub_4027D5+249�j
push 6
pop eax
loc_402A28: ; CODE XREF: sub_4027D5+24E�j
mov [esi+0Ch], eax
lea ecx, [ebp+var_18]
lea eax, [esi+20h]
push ebx
push ecx
mov [esi+10h], ebx
mov [esi+18h], eax
and [ebp+var_14], 0
push eax
call near ptr 414810h
mov eax, [ebp+arg_C]
add esp, 0Ch
mov [eax], esi
jmp loc_402B61
; ---------------------------------------------------------------------------
loc_402A50: ; CODE XREF: sub_4027D5+1DE�j
push [ebp+arg_0]
call dword ptr ds:415240h
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_402A79
mov eax, [eax+0Ch]
xor edi, edi
mov [ebp+arg_0], edi
loc_402A68: ; CODE XREF: sub_4027D5+29B�j
cmp [eax], ebx
jz short loc_402A72
inc edi
add eax, 4
jmp short loc_402A68
; ---------------------------------------------------------------------------
loc_402A72: ; CODE XREF: sub_4027D5+295�j
cmp edi, ebx
mov [ebp+arg_0], edi
jnz short loc_402A83
loc_402A79: ; CODE XREF: sub_4027D5+289�j
mov eax, 2AFBh
jmp loc_402B63
; ---------------------------------------------------------------------------
loc_402A83: ; CODE XREF: sub_4027D5+2A2�j
lea esi, [edi+edi*2]
shl esi, 4
push esi
call near ptr 414804h
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_402AA7
loc_402A97: ; CODE XREF: sub_4027D5+1F0�j
push 8
call dword ptr ds:415238h
push 8
pop eax
jmp loc_402B63
; ---------------------------------------------------------------------------
loc_402AA7: ; CODE XREF: sub_4027D5+2C0�j
push esi
push ebx
push eax
call near ptr 414822h
push 10h
lea eax, [ebp+var_28]
push ebx
push eax
call near ptr 414822h
add esp, 18h
cmp [ebp+arg_4], ebx
mov [ebp+var_28], 2
jz short loc_402ADD
push [ebp+arg_4]
call near ptr 41485Ch
pop ecx
push eax
call dword ptr ds:41523Ch
mov [ebp+var_26], ax
loc_402ADD: ; CODE XREF: sub_4027D5+2F2�j
test edi, edi
jbe short loc_402B59
mov eax, [ebp+var_4]
lea esi, [eax+8]
loc_402AE7: ; CODE XREF: sub_4027D5+382�j
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_402AF2
mov eax, [eax]
jmp short loc_402AF5
; ---------------------------------------------------------------------------
loc_402AF2: ; CODE XREF: sub_4027D5+317�j
push 4
pop eax
loc_402AF5: ; CODE XREF: sub_4027D5+31B�j
mov ecx, [ebp+arg_8]
lea edi, [esi-8]
test ecx, ecx
mov [edi], eax
mov dword ptr [esi-4], 2
jz short loc_402B0D
mov eax, [ecx+8]
jmp short loc_402B10
; ---------------------------------------------------------------------------
loc_402B0D: ; CODE XREF: sub_4027D5+331�j
xor eax, eax
inc eax
loc_402B10: ; CODE XREF: sub_4027D5+336�j
test ecx, ecx
mov [esi], eax
jz short loc_402B1B
mov eax, [ecx+0Ch]
jmp short loc_402B1E
; ---------------------------------------------------------------------------
loc_402B1B: ; CODE XREF: sub_4027D5+33F�j
push 6
pop eax
loc_402B1E: ; CODE XREF: sub_4027D5+344�j
mov edx, [ebp+var_8]
push 10h
mov [esi+4], eax
pop ecx
lea eax, [esi+18h]
mov [esi+8], ecx
mov [esi+10h], eax
mov edx, [edx+0Ch]
push ecx
lea ecx, [ebp+var_28]
mov edx, [edx+ebx*4]
push ecx
push eax
mov edx, [edx]
mov [ebp+var_24], edx
call near ptr 414810h
add esp, 0Ch
test ebx, ebx
jz short loc_402B50
mov [esi-1Ch], edi
loc_402B50: ; CODE XREF: sub_4027D5+376�j
inc ebx
add esi, 30h
cmp ebx, [ebp+arg_0]
jb short loc_402AE7
loc_402B59: ; CODE XREF: sub_4027D5+30A�j
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
loc_402B61: ; CODE XREF: sub_4027D5+276�j
xor eax, eax
loc_402B63: ; CODE XREF: sub_4027D5+1D6�j
; sub_4027D5+2A9�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_4027D5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 424h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+10h], edi
jnz short loc_402B82
cmp [ebp+18h], edi
jz short loc_402B8D
loc_402B82: ; CODE XREF: .text:00402B7B�j
mov ebx, [ebp+20h]
test ebx, 0FFFFFFE0h
jz short loc_402B97
loc_402B8D: ; CODE XREF: .text:00402B80�j
mov esi, 2726h
jmp loc_402C82
; ---------------------------------------------------------------------------
loc_402B97: ; CODE XREF: .text:00402B8B�j
mov esi, [ebp+8]
cmp word ptr [esi], 2
jz short loc_402BAA
mov esi, 273Fh
jmp loc_402C82
; ---------------------------------------------------------------------------
loc_402BAA: ; CODE XREF: .text:00402B9E�j
cmp [ebp+10h], edi
jz loc_402C48
add esi, 4
push dword ptr [esi]
call dword ptr ds:415224h
cmp eax, edi
jnz short loc_402BCA
or eax, 0FFFFFFFFh
jmp loc_402CBC
; ---------------------------------------------------------------------------
loc_402BCA: ; CODE XREF: .text:00402BC0�j
mov edi, 401h
push edi
push eax
lea eax, [ebp-424h]
push eax
call sub_40558F
add esp, 0Ch
test bl, 2
jnz short loc_402C35
test bl, 4
jz short loc_402C23
loc_402BEA: ; CODE XREF: .text:00402C2F�j
; .text:00402C33�j
push 0
push 4
push esi
call dword ptr ds:415228h
mov esi, eax
test esi, esi
jz loc_402C8D
push dword ptr [esi]
call near ptr 4147F8h
inc eax
pop ecx
cmp eax, [ebp+14h]
jbe short loc_402C0F
jmp short loc_402C7D
; ---------------------------------------------------------------------------
loc_402C0F: ; CODE XREF: .text:00402C0B�j
push edi
lea eax, [ebp-424h]
push dword ptr [esi]
push eax
call sub_40558F
add esp, 0Ch
jmp short loc_402C48
; ---------------------------------------------------------------------------
loc_402C23: ; CODE XREF: .text:00402BE8�j
test bl, 1
jz short loc_402C35
mov eax, [esi]
cmp eax, 7F000001h
jz short loc_402BEA
test eax, eax
jz short loc_402BEA
loc_402C35: ; CODE XREF: .text:00402BE3�j
; .text:00402C26�j
lea eax, [ebp-424h]
push eax
call near ptr 4147F8h
inc eax
pop ecx
cmp eax, [ebp+14h]
ja short loc_402C7D
loc_402C48: ; CODE XREF: .text:00402BAD�j
; .text:00402C21�j
cmp dword ptr [ebp+18h], 0
jz short loc_402CA3
lea eax, [ebp-20h]
push 0Ah
push eax
mov eax, [ebp+8]
mov ax, [eax+2]
push eax
call dword ptr ds:41523Ch
movzx eax, ax
push eax
call near ptr 414C24h
lea eax, [ebp-20h]
push eax
call near ptr 4147F8h
add esp, 10h
inc eax
cmp eax, [ebp+1Ch]
jbe short loc_402C95
loc_402C7D: ; CODE XREF: .text:00402C0D�j
; .text:00402C46�j
mov esi, 2747h
loc_402C82: ; CODE XREF: .text:00402B92�j
; .text:00402BA5�j
push esi
call dword ptr ds:415238h
mov eax, esi
jmp short loc_402CBC
; ---------------------------------------------------------------------------
loc_402C8D: ; CODE XREF: .text:00402BF9�j
call dword ptr ds:415234h
jmp short loc_402CBC
; ---------------------------------------------------------------------------
loc_402C95: ; CODE XREF: .text:00402C7B�j
lea eax, [ebp-20h]
push eax
push dword ptr [ebp+18h]
call near ptr 4147F2h
pop ecx
pop ecx
loc_402CA3: ; CODE XREF: .text:00402C4C�j
cmp dword ptr [ebp+10h], 0
jz short loc_402CBA
lea eax, [ebp-424h]
push eax
push dword ptr [ebp+10h]
call near ptr 4147F2h
pop ecx
pop ecx
loc_402CBA: ; CODE XREF: .text:00402CA7�j
xor eax, eax
loc_402CBC: ; CODE XREF: .text:00402BC5�j
; .text:00402C8B�j ...
pop edi
pop esi
pop ebx
leave
retn 1Ch
; ---------------------------------------------------------------------------
db 83h
dd 4247Ch, 74FF0A74h, 37E80424h, 5900011Bh, 560004C2h
dd 583D8B57h, 68004150h, 4169C4h, 358BD7FFh, 41505Ch, 0D74C085h
dd 41699C68h, 0D6FF5000h, 41C438A3h, 8C685300h, 0FF004169h
dd 85D88BD7h, 687574DBh, 41697Ch, 68D6FF53h, 416970h, 0C43CA353h
dd 0D6FF0041h, 41696468h, 40A35300h, 0FF0041C4h, 695868D6h
dd 0A3530041h, 41C444h, 4868D6FFh, 53004169h, 41C448A3h
dd 68D6FF00h, 416938h, 0C44CA353h, 0D6FF0041h, 41692468h
dd 50A35300h, 0FF0041C4h, 691068D6h, 0A3530041h, 41C454h
dd 0F468D6FFh, 53004168h, 41C458A3h, 0A3D6FF00h, 41C45Ch
dd 4168EC68h, 8BD7FF00h, 74DB85D8h, 68D86841h, 0FF530041h
dd 68C468D6h, 0A3530041h, 41C460h, 0AC68D6FFh, 53004168h
dd 41C464A3h, 68D6FF00h, 416894h, 0C468A353h, 0D6FF0041h
dd 41687868h, 6CA35300h, 0FF0041C4h, 0C470A3D6h, 6C680041h
dd 0FF004168h, 68D88BD7h, 416860h, 68D6FF53h, 416854h
dd 0C47CA353h, 0D6FF0041h, 41684468h, 80A35300h, 0FF0041C4h
dd 7C3D83D6h, 41C4h, 41C484A3h, 0D745B00h, 0C4803D83h
dd 74000041h, 75C08504h, 7C05C71Eh, 6B0041C4h, 0C7004029h
dd 41C48005h, 402B6A00h, 8405C700h, 0C30041C4h, 6800402Ch
dd 416838h, 0C085D7FFh, 20680D74h, 50004168h, 78A3D6FFh
dd 680041C4h, 416814h, 0C085D7FFh, 0F4680D74h, 50004167h
dd 74A3D6FFh, 5F0041C4h
; ---------------------------------------------------------------------------
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E66 proc near ; DATA XREF: sub_40300E+65�o
var_121C = byte ptr -121Ch
var_21C = dword ptr -21Ch
var_218 = byte ptr -218h
var_212 = byte ptr -212h
var_6C = byte ptr -6Ch
var_48 = byte ptr -48h
var_24 = byte ptr -24h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 121Ch
call near ptr 414880h
push ebx
push 1ADh
push [ebp+arg_0]
lea eax, [ebp+var_21C]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
lea eax, [ebp+var_218]
push 1
push eax
call sub_40370B
mov ebx, eax
add esp, 18h
test ebx, ebx
jnz short loc_402EB8
push [ebp+var_21C]
call sub_4069B8
pop ecx
jmp loc_403007
; ---------------------------------------------------------------------------
loc_402EB8: ; CODE XREF: sub_402E66+3F�j
push esi
lea eax, [ebp+var_218]
push edi
push eax
mov eax, [ebp+var_21C]
push dword ptr [eax]
lea eax, [ebp+var_212]
push 4169E8h
push eax
call sub_40A68C
mov esi, 3E8h
push esi
push ebx
call sub_40382E
add esp, 18h
jmp loc_402FE0
; ---------------------------------------------------------------------------
loc_402EEE: ; CODE XREF: sub_402E66+186�j
test edi, edi
jz loc_402FF2
cmp edi, 0FFFFFFFFh
jz loc_402FD7
lea eax, [ebp+var_121C]
push 1000h
push eax
push edi
call sub_403E4B
add esp, 0Ch
test eax, eax
jz loc_402FD0
cmp eax, 0FFFFFFFFh
jz loc_402FD0
lea eax, [ebp+var_121C]
push eax
call near ptr 4147F8h
cmp eax, 10h
pop ecx
ja loc_402FD0
cmp byte ptr ds:41D090h, 0
jz short loc_402F56
lea eax, [ebp+var_24]
push 41D090h
push eax
call near ptr 4147F2h
pop ecx
pop ecx
jmp short loc_402F78
; ---------------------------------------------------------------------------
loc_402F56: ; CODE XREF: sub_402E66+DC�j
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_48]
push eax
call sub_40449D
lea eax, [ebp+var_24]
push eax
push 41D090h
call near ptr 4147F2h
add esp, 14h
loc_402F78: ; CODE XREF: sub_402E66+EE�j
lea eax, [ebp+var_121C]
push 4169D4h
push eax
call near ptr 414828h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_121C]
push eax
call near ptr 414828h
lea eax, [ebp+var_121C]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_121C]
push eax
call near ptr 4147F8h
inc eax
push eax
lea eax, [ebp+var_121C]
push eax
push edi
call sub_403E36
push edi
call sub_403E0F
add esp, 2Ch
jmp short loc_402FD7
; ---------------------------------------------------------------------------
loc_402FD0: ; CODE XREF: sub_402E66+B0�j
; sub_402E66+B9�j ...
push edi
call sub_403E0F
pop ecx
loc_402FD7: ; CODE XREF: sub_402E66+93�j
; sub_402E66+168�j
push esi
push ebx
call sub_40382E
pop ecx
pop ecx
loc_402FE0: ; CODE XREF: sub_402E66+83�j
mov edi, eax
mov eax, [ebp+var_21C]
cmp dword ptr [eax+4], 0
jz loc_402EEE
loc_402FF2: ; CODE XREF: sub_402E66+8A�j
push ebx
call sub_4039E7
push [ebp+var_21C]
call sub_4069B8
pop ecx
pop ecx
pop edi
pop esi
loc_403007: ; CODE XREF: sub_402E66+4D�j
xor eax, eax
pop ebx
leave
retn 4
sub_402E66 endp
; =============== S U B R O U T I N E =======================================
sub_40300E proc near ; CODE XREF: sub_40826C+59B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
test ebx, ebx
push esi
jz short loc_403023
push ebx
call sub_403370
test eax, eax
pop ecx
jnz short loc_403028
loc_403023: ; CODE XREF: sub_40300E+8�j
mov ebx, 416A3Ch
loc_403028: ; CODE XREF: sub_40300E+13�j
push 1ADh
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_403081
push edi
push 6
lea eax, [esi+4]
push ebx
push eax
call sub_40558F
mov edi, [esp+18h+arg_0]
lea eax, [esi+0Ah]
push edi
push eax
call sub_403F0B
add esp, 14h
test edi, edi
jz short loc_403068
cmp byte ptr [edi+18Bh], 0
jz short loc_403068
xor eax, eax
jmp short loc_40306B
; ---------------------------------------------------------------------------
loc_403068: ; CODE XREF: sub_40300E+4B�j
; sub_40300E+54�j
xor eax, eax
inc eax
loc_40306B: ; CODE XREF: sub_40300E+58�j
push ebx
push 416A1Ch
push eax
push esi
push offset sub_402E66
call sub_40689D
add esp, 14h
pop edi
loc_403081: ; CODE XREF: sub_40300E+29�j
pop esi
pop ebx
retn
sub_40300E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403084 proc near ; CODE XREF: .text:004030E3�p
; .text:004031C8�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 104h
push esi
mov esi, 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push 416A54h
push esi
push eax
call near ptr 41486Eh
add esp, 10h
lea eax, [ebp+var_104]
push esi
push [ebp+arg_4]
push 0FFFFFFFFh
push eax
push 0
push 0
call dword ptr ds:415054h
pop esi
leave
retn
sub_403084 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 208h
cmp dword ptr ds:41C444h, 0
push ebx
push esi
jnz short loc_40311A
lea eax, [ebp-208h]
push eax
push dword ptr [ebp+8]
call sub_403084
xor ebx, ebx
xor esi, esi
cmp [ebp+0Ch], ebx
pop ecx
pop ecx
setnz bl
inc ebx
loc_4030F5: ; CODE XREF: .text:00403118�j
lea eax, [ebp-208h]
push ebx
push eax
push 0
call dword ptr ds:41C444h
test eax, eax
jz short loc_40311A
push 7D0h
call dword ptr ds:4150A4h
inc esi
cmp esi, 5
jb short loc_4030F5
loc_40311A: ; CODE XREF: .text:004030D7�j
; .text:00403107�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 104h
push ebx
xor ebx, ebx
cmp ds:41C454h, ebx
jz short loc_4031A3
cmp ds:41C43Ch, ebx
jz short loc_4031A3
push esi
push edi
mov esi, 416A60h
lea edi, [ebp-104h]
movsd
movsw
push 3Eh
xor eax, eax
pop ecx
lea edi, [ebp-0FEh]
rep stosd
stosw
lea eax, [ebp-100h]
push 0FEh
push eax
push 0FFFFFFFFh
push dword ptr [ebp+8]
mov [ebp-4], ebx
push ebx
push ebx
call dword ptr ds:415054h
lea eax, [ebp-4]
push eax
lea eax, [ebp-104h]
push ebx
push eax
push ebx
call dword ptr ds:41C43Ch
cmp [ebp-4], ebx
mov esi, eax
jz short loc_403198
push dword ptr [ebp-4]
call dword ptr ds:41C454h
loc_403198: ; CODE XREF: .text:0040318D�j
xor eax, eax
cmp esi, ebx
pop edi
pop esi
setz al
jmp short loc_4031A5
; ---------------------------------------------------------------------------
loc_4031A3: ; CODE XREF: .text:00403130�j
; .text:00403138�j
xor eax, eax
loc_4031A5: ; CODE XREF: .text:004031A1�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 208h
push ebx
xor ebx, ebx
cmp ds:41C464h, ebx
push esi
push edi
jz short loc_403208
lea eax, [ebp-208h]
push eax
push dword ptr [ebp+8]
call sub_403084
mov edi, [ebp+0Ch]
pop ecx
pop ecx
mov esi, 41C890h
push ebx
push esi
lea eax, [ebp-208h]
push esi
push edi
mov [edi+4], ebx
mov [edi+10h], ebx
mov [edi+14h], eax
mov [edi+1Ch], ebx
call dword ptr ds:41C464h
cmp eax, ebx
jnz short loc_4031FC
xor eax, eax
inc eax
jmp short loc_403226
; ---------------------------------------------------------------------------
loc_4031FC: ; CODE XREF: .text:004031F5�j
cmp eax, 5
jz short loc_40320C
cmp eax, 4C3h
jz short loc_40320C
loc_403208: ; CODE XREF: .text:004031BC�j
xor eax, eax
jmp short loc_403226
; ---------------------------------------------------------------------------
loc_40320C: ; CODE XREF: .text:004031FF�j
; .text:00403206�j
push 3E8h
call dword ptr ds:4150A4h
push ebx
push esi
push esi
push edi
call dword ptr ds:41C464h
neg eax
sbb eax, eax
inc eax
loc_403226: ; CODE XREF: .text:004031FA�j
; .text:0040320A�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, [esp+0Ch]
xor edx, edx
cmp esi, 1
jbe short loc_40324F
lea ecx, [esi-2]
push edi
shr ecx, 1
inc ecx
loc_403242: ; CODE XREF: .text:0040324C�j
movzx edi, word ptr [eax]
add edx, edi
inc eax
inc eax
dec esi
dec esi
dec ecx
jnz short loc_403242
pop edi
loc_40324F: ; CODE XREF: .text:00403239�j
test esi, esi
pop esi
jz short loc_403259
movzx eax, byte ptr [eax]
add edx, eax
loc_403259: ; CODE XREF: .text:00403252�j
mov ecx, edx
and edx, 0FFFFh
shr ecx, 10h
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403270 proc near ; CODE XREF: sub_40826C+C0C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
dec eax
push esi
dec eax
push edi
mov ebx, 0FEh
jz short loc_4032B9
dec eax
jz short loc_40329D
dec eax
jnz short loc_4032D5
push ebx
push 1
call near ptr 40C0FFh
mov edi, eax
mov eax, [ebp+arg_0]
pop ecx
xor al, al
pop ecx
or edi, eax
jmp short loc_4032A0
; ---------------------------------------------------------------------------
loc_40329D: ; CODE XREF: sub_403270+13�j
mov edi, [ebp+arg_0]
loc_4032A0: ; CODE XREF: sub_403270+2B�j
push ebx
push 1
call near ptr 40C0FFh
mov esi, eax
pop ecx
shl esi, 8
and edi, 0FFFF00FFh
pop ecx
or esi, edi
jmp short loc_4032BC
; ---------------------------------------------------------------------------
loc_4032B9: ; CODE XREF: sub_403270+10�j
mov esi, [ebp+arg_0]
loc_4032BC: ; CODE XREF: sub_403270+47�j
push ebx
push 1
call near ptr 40C0FFh
mov edi, eax
pop ecx
shl edi, 10h
and esi, 0FF00FFFFh
pop ecx
or edi, esi
jmp short loc_4032D8
; ---------------------------------------------------------------------------
loc_4032D5: ; CODE XREF: sub_403270+16�j
mov edi, [ebp+arg_0]
loc_4032D8: ; CODE XREF: sub_403270+63�j
push ebx
push 1
call near ptr 40C0FFh
pop ecx
and edi, 0FFFFFFh
shl eax, 18h
pop ecx
or eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_403270 endp
; =============== S U B R O U T I N E =======================================
sub_4032F2 proc near ; CODE XREF: sub_40339B+A�p
; sub_403452+13�p
arg_0 = dword ptr 4
push 0Ah
push [esp+4+arg_0]
push 0FFFFh
push 401h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call near ptr 414C24h
add esp, 0Ch
retn
sub_4032F2 endp
; =============== S U B R O U T I N E =======================================
sub_403313 proc near ; CODE XREF: sub_40A3D1+9D�p
; .data:0040AD73�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 4
push 416A80h
push esi
call near ptr 4148B0h
add esp, 0Ch
test eax, eax
jnz short loc_403331
loc_40332C: ; CODE XREF: sub_403313+30�j
; sub_403313+44�j
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_403331: ; CODE XREF: sub_403313+17�j
push 4
push 416A78h
push esi
call near ptr 4148B0h
add esp, 0Ch
test eax, eax
jz short loc_40332C
push 8
push 416A6Ch
push esi
call near ptr 4148B0h
add esp, 0Ch
test eax, eax
jz short loc_40332C
push 3
push 416A68h
push esi
call near ptr 4148B0h
add esp, 0Ch
neg eax
sbb eax, eax
pop esi
inc eax
retn
sub_403313 endp
; =============== S U B R O U T I N E =======================================
sub_403370 proc near ; CODE XREF: sub_40219E+16D�p
; sub_40300E+B�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor eax, eax
loc_403376: ; CODE XREF: sub_403370+10�j
cmp byte ptr [eax+ecx], 0
jz short loc_403385
inc eax
cmp eax, 5
jnz short loc_403376
loc_403382: ; CODE XREF: sub_403370+1E�j
; sub_403370+25�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403385: ; CODE XREF: sub_403370+A�j
push ecx
call near ptr 41485Ch
test eax, eax
pop ecx
jz short loc_403382
cmp eax, 0FFFFh
ja short loc_403382
xor eax, eax
inc eax
retn
sub_403370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40339B proc near ; CODE XREF: .text:00403408�p
; sub_4060F1:loc_406208�p ...
var_8 = byte ptr -8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push esi
push eax
call sub_4032F2
lea eax, [ebp+var_8]
push 1
push eax
call sub_40370B
mov esi, eax
add esp, 0Ch
test esi, esi
jnz short loc_4033C1
inc eax
jmp short loc_4033F7
; ---------------------------------------------------------------------------
loc_4033C1: ; CODE XREF: sub_40339B+21�j
push edi
push 0BB8h
lea eax, [ebp+var_8]
push 0
push eax
push 41D110h
call sub_403CB3
push esi
mov edi, eax
call sub_4039E7
add esp, 14h
test edi, edi
jz short loc_4033FA
cmp edi, 0FFFFFFFFh
jz short loc_4033FA
push edi
xor esi, esi
call sub_403E2B
pop ecx
loc_4033F4: ; CODE XREF: sub_40339B+62�j
mov eax, esi
pop edi
loc_4033F7: ; CODE XREF: sub_40339B+24�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4033FA: ; CODE XREF: sub_40339B+49�j
; sub_40339B+4E�j
xor esi, esi
inc esi
jmp short loc_4033F4
sub_40339B endp
; ---------------------------------------------------------------------------
cmp dword ptr ds:41C888h, 0
jnz short loc_403427
call sub_40339B
push eax
push 41C88Ch
call sub_406D6A
push 1
push 41C888h
call sub_406D6A
add esp, 10h
loc_403427: ; CODE XREF: .text:00403406�j
mov eax, ds:41C88Ch
retn
; =============== S U B R O U T I N E =======================================
sub_40342D proc near ; CODE XREF: sub_403452+6�p
; sub_40370B+36�p
push esi
push 0
push 1
push 17h
call dword ptr ds:415220h
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403448
push esi
call sub_403E2B
pop ecx
loc_403448: ; CODE XREF: sub_40342D+12�j
xor eax, eax
cmp esi, 0FFFFFFFFh
setnz al
pop esi
retn
sub_40342D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403452 proc near ; CODE XREF: sub_405BAD:loc_405D37�p
var_8 = byte ptr -8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_40342D
test eax, eax
jz short loc_40347E
lea eax, [ebp+var_8]
push eax
call sub_4032F2
lea eax, [ebp+var_8]
push 1
push eax
call sub_40370B
mov esi, eax
add esp, 0Ch
test esi, esi
jnz short loc_403482
loc_40347E: ; CODE XREF: sub_403452+D�j
xor eax, eax
jmp short loc_4034B9
; ---------------------------------------------------------------------------
loc_403482: ; CODE XREF: sub_403452+2A�j
push edi
push 0BB8h
lea eax, [ebp+var_8]
push 2
push eax
push 416A94h
call sub_403CB3
push esi
mov edi, eax
call sub_4039E7
add esp, 14h
test edi, edi
jz short loc_4034BC
cmp edi, 0FFFFFFFFh
jz short loc_4034BC
xor esi, esi
push edi
inc esi
call sub_403E2B
pop ecx
loc_4034B6: ; CODE XREF: sub_403452+6C�j
mov eax, esi
pop edi
loc_4034B9: ; CODE XREF: sub_403452+2E�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4034BC: ; CODE XREF: sub_403452+53�j
; sub_403452+58�j
xor esi, esi
jmp short loc_4034B6
sub_403452 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034C0 proc near ; CODE XREF: sub_4060F1:loc_4061EF�p
; sub_409D34+191�p ...
var_14 = byte ptr -14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
lea eax, [ebp+var_14]
push 416A40h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_14]
push eax
call near ptr 40C247h
push 7D0h
push 2
lea eax, [ebp+var_14]
push 416558h
push eax
call sub_403CB3
add esp, 1Ch
test eax, eax
jz short loc_40350E
cmp eax, 0FFFFFFFFh
jz short loc_40350E
xor esi, esi
push eax
inc esi
call sub_403E2B
pop ecx
loc_403509: ; CODE XREF: sub_4034C0+50�j
mov eax, esi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40350E: ; CODE XREF: sub_4034C0+38�j
; sub_4034C0+3D�j
xor esi, esi
jmp short loc_403509
sub_4034C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403512 proc near ; CODE XREF: .text:00403C6E�p
; sub_403CB3+A0�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_4], eax
setz al
mov [ebp+arg_4], eax
lea eax, [ebp+arg_4]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword ptr ds:41521Ch
pop ebp
retn
sub_403512 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403534 proc near ; CODE XREF: sub_405103+1B9�p
; sub_405103+1F4�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
lea eax, [ebp+arg_0]
push eax
push 4004667Fh
push [ebp+arg_0]
call dword ptr ds:41521Ch
xor eax, eax
cmp [ebp+arg_0], eax
setnz al
pop ebp
retn
sub_403534 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403553 proc near ; CODE XREF: sub_40924E+87�p
; sub_4096C7+2E9�p ...
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call dword ptr ds:415244h
cmp eax, 0FFFFFFFFh
jnz short loc_403580
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403580: ; CODE XREF: sub_403553+27�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
lea eax, [ebp+var_84]
push [ebp+var_4]
push eax
call dword ptr ds:41C480h
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A5 proc near ; CODE XREF: sub_405103+B2�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp+var_4]
mov [ebp+var_4], 80h
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+arg_0]
call dword ptr ds:415218h
cmp eax, 0FFFFFFFFh
jnz short loc_4035D2
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4035D2: ; CODE XREF: sub_4035A5+27�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
lea eax, [ebp+var_84]
push [ebp+var_4]
push eax
call dword ptr ds:41C480h
neg eax
sbb eax, eax
inc eax
leave
retn
sub_4035A5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp-4]
mov dword ptr [ebp-4], 80h
push eax
lea eax, [ebp-84h]
push eax
push dword ptr [ebp+8]
call dword ptr ds:415244h
cmp eax, 0FFFFFFFFh
jnz short loc_403624
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403624: ; CODE XREF: .text:0040361E�j
push 0Ah
push dword ptr [ebp+0Ch]
push dword ptr [ebp-82h]
call dword ptr ds:41523Ch
movzx eax, ax
push eax
call near ptr 414C24h
xor eax, eax
add esp, 0Ch
inc eax
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 84h
lea eax, [ebp-4]
mov dword ptr [ebp-4], 80h
push eax
lea eax, [ebp-84h]
push eax
push dword ptr [ebp+8]
call dword ptr ds:415218h
cmp eax, 0FFFFFFFFh
jnz short loc_403673
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403673: ; CODE XREF: .text:0040366D�j
push 0Ah
push dword ptr [ebp+0Ch]
push dword ptr [ebp-82h]
call dword ptr ds:41523Ch
movzx eax, ax
push eax
call near ptr 414C24h
xor eax, eax
add esp, 0Ch
inc eax
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403695 proc near ; CODE XREF: sub_40A3D1+91�p
; .data:0040AE10�p
var_404 = byte ptr -404h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
lea eax, [ebp+arg_0]
push esi
push eax
push 0
push 0
push [ebp+arg_0]
call dword ptr ds:41C47Ch
test eax, eax
jnz short loc_4036F1
mov esi, [ebp+arg_0]
jmp short loc_4036E4
; ---------------------------------------------------------------------------
loc_4036B9: ; CODE XREF: sub_403695+51�j
push 2
push 0
push 0
lea eax, [ebp+var_404]
push 401h
push eax
push dword ptr [esi+10h]
push dword ptr [esi+18h]
call dword ptr ds:41C480h
test eax, eax
jnz short loc_4036E1
cmp dword ptr [esi+4], 2
jz short loc_4036F6
loc_4036E1: ; CODE XREF: sub_403695+44�j
mov esi, [esi+1Ch]
loc_4036E4: ; CODE XREF: sub_403695+22�j
test esi, esi
jnz short loc_4036B9
push [ebp+arg_0]
call dword ptr ds:41C484h
loc_4036F1: ; CODE XREF: sub_403695+1D�j
xor al, al
loc_4036F3: ; CODE XREF: sub_403695+74�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4036F6: ; CODE XREF: sub_403695+4A�j
lea eax, [ebp+var_404]
push eax
push [ebp+arg_4]
call near ptr 4147F2h
pop ecx
mov al, 1
pop ecx
jmp short loc_4036F3
sub_403695 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40370B proc near ; CODE XREF: .text:00401BF5�p
; sub_402E66+33�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push edi
push 1008h
call near ptr 414804h
mov edi, eax
xor ebx, ebx
cmp edi, ebx
pop ecx
jz loc_403824
push 20h
lea eax, [ebp+var_24]
push ebx
push eax
mov [edi], ebx
mov [edi+804h], ebx
call near ptr 414822h
add esp, 0Ch
call sub_40342D
neg eax
sbb eax, eax
mov [ebp+var_1C], 1
and al, 0FEh
mov [ebp+var_24], 5
inc eax
inc eax
mov [ebp+var_20], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push [ebp+arg_0]
push ebx
call dword ptr ds:41C47Ch
test eax, eax
jnz loc_40381D
push esi
mov esi, [ebp+var_4]
cmp esi, ebx
jz loc_40380F
loc_403785: ; CODE XREF: sub_40370B+FC�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call dword ptr ds:415220h
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_403802
mov eax, [esi+4]
cmp eax, 2
jz short loc_4037A8
cmp eax, 17h
jnz short loc_403802
loc_4037A8: ; CODE XREF: sub_40370B+96�j
test [ebp+arg_4], 2
jz short loc_4037C9
lea eax, [ebp+arg_0]
push 4
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+arg_0], 1
call dword ptr ds:41520Ch
loc_4037C9: ; CODE XREF: sub_40370B+A1�j
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push ebx
call dword ptr ds:41526Ch
cmp eax, 0FFFFFFFFh
jz short loc_4037E9
push 32h
push ebx
call dword ptr ds:415214h
cmp eax, 0FFFFFFFFh
jnz short loc_4037F2
loc_4037E9: ; CODE XREF: sub_40370B+CE�j
push ebx
call sub_403E2B
pop ecx
jmp short loc_403802
; ---------------------------------------------------------------------------
loc_4037F2: ; CODE XREF: sub_40370B+DC�j
mov eax, [edi]
mov [edi+eax*4+4], ebx
inc dword ptr [edi]
cmp dword ptr [edi], 200h
jz short loc_40380D
loc_403802: ; CODE XREF: sub_40370B+8E�j
; sub_40370B+9B�j ...
mov esi, [esi+1Ch]
test esi, esi
jnz loc_403785
loc_40380D: ; CODE XREF: sub_40370B+F5�j
xor ebx, ebx
loc_40380F: ; CODE XREF: sub_40370B+74�j
push [ebp+var_4]
call dword ptr ds:41C484h
cmp [edi], ebx
pop esi
jnz short loc_403828
loc_40381D: ; CODE XREF: sub_40370B+68�j
push edi
call near ptr 41480Ah
pop ecx
loc_403824: ; CODE XREF: sub_40370B+19�j
xor eax, eax
jmp short loc_40382A
; ---------------------------------------------------------------------------
loc_403828: ; CODE XREF: sub_40370B+110�j
mov eax, edi
loc_40382A: ; CODE XREF: sub_40370B+11B�j
pop edi
pop ebx
leave
retn
sub_40370B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40382E proc near ; CODE XREF: .text:00401CAD�p
; sub_402E66+7B�p ...
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
push edi
mov [ebp+var_8], 80h
cmp [esi], ebx
mov [ebp+var_4], ebx
jbe loc_4038D5
lea edi, [esi+4]
loc_403854: ; CODE XREF: sub_40382E+A3�j
lea ebx, [esi+804h]
push ebx
push dword ptr [edi]
call near ptr 414AEAh
test eax, eax
jz short loc_4038C6
mov edx, [ebx]
xor ecx, ecx
test edx, edx
jbe short loc_4038AA
mov ebx, [edi]
lea eax, [esi+808h]
loc_403876: ; CODE XREF: sub_40382E+52�j
cmp [eax], ebx
jz short loc_403884
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_403876
jmp short loc_4038AA
; ---------------------------------------------------------------------------
loc_403884: ; CODE XREF: sub_40382E+4A�j
dec edx
cmp ecx, edx
jnb short loc_4038A4
lea eax, [esi+ecx*4+808h]
loc_403890: ; CODE XREF: sub_40382E+74�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [esi+804h]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_403890
loc_4038A4: ; CODE XREF: sub_40382E+59�j
dec dword ptr [esi+804h]
loc_4038AA: ; CODE XREF: sub_40382E+3E�j
; sub_40382E+54�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_90]
push eax
push dword ptr [edi]
call dword ptr ds:415204h
cmp eax, 0FFFFFFFFh
jnz loc_4039E2
loc_4038C6: ; CODE XREF: sub_40382E+36�j
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_403854
xor ebx, ebx
loc_4038D5: ; CODE XREF: sub_40382E+1D�j
cmp [esi], ebx
lea edi, [esi+804h]
mov [ebp+var_4], ebx
mov [edi], ebx
jbe short loc_403930
lea ecx, [esi+4]
loc_4038E7: ; CODE XREF: sub_40382E+100�j
mov edx, [edi]
mov [ebp+arg_0], ebx
cmp edx, ebx
jbe short loc_403909
lea eax, [esi+808h]
loc_4038F6: ; CODE XREF: sub_40382E+D7�j
mov ebx, [ecx]
cmp [eax], ebx
jz short loc_403907
inc [ebp+arg_0]
add eax, 4
cmp [ebp+arg_0], edx
jb short loc_4038F6
loc_403907: ; CODE XREF: sub_40382E+CC�j
xor ebx, ebx
loc_403909: ; CODE XREF: sub_40382E+C0�j
mov eax, [ebp+arg_0]
cmp eax, edx
jnz short loc_403923
cmp edx, 200h
jnb short loc_403923
mov edx, [ecx]
mov [esi+eax*4+808h], edx
inc dword ptr [edi]
loc_403923: ; CODE XREF: sub_40382E+E0�j
; sub_40382E+E8�j
inc [ebp+var_4]
add ecx, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_4038E7
loc_403930: ; CODE XREF: sub_40382E+B4�j
mov eax, [ebp+arg_4]
xor edx, edx
mov ecx, 3E8h
div ecx
imul edx, 3E8h
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push edi
push dword ptr [esi]
mov [ebp+var_C], edx
call dword ptr ds:415208h
cmp eax, ebx
jz loc_4039DF
cmp eax, 0FFFFFFFFh
jnz short loc_403968
xor eax, eax
jmp short loc_4039E2
; ---------------------------------------------------------------------------
loc_403968: ; CODE XREF: sub_40382E+134�j
cmp [esi], ebx
mov [ebp+var_4], ebx
jbe short loc_4039DF
lea ebx, [esi+4]
loc_403972: ; CODE XREF: sub_40382E+1AF�j
push edi
push dword ptr [ebx]
call near ptr 414AEAh
test eax, eax
jz short loc_4039D2
xor ecx, ecx
cmp [edi], ecx
jbe short loc_4039BA
lea eax, [esi+808h]
loc_40398A: ; CODE XREF: sub_40382E+168�j
mov edx, [ebx]
cmp [eax], edx
jz short loc_40399A
inc ecx
add eax, 4
cmp ecx, [edi]
jb short loc_40398A
jmp short loc_4039BA
; ---------------------------------------------------------------------------
loc_40399A: ; CODE XREF: sub_40382E+160�j
mov eax, [edi]
dec eax
cmp ecx, eax
jnb short loc_4039B8
lea eax, [esi+ecx*4+808h]
loc_4039A8: ; CODE XREF: sub_40382E+188�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [edi]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4039A8
loc_4039B8: ; CODE XREF: sub_40382E+171�j
dec dword ptr [edi]
loc_4039BA: ; CODE XREF: sub_40382E+154�j
; sub_40382E+16A�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_90]
push eax
push dword ptr [ebx]
call dword ptr ds:415204h
cmp eax, 0FFFFFFFFh
jnz short loc_4039E2
loc_4039D2: ; CODE XREF: sub_40382E+14E�j
inc [ebp+var_4]
add ebx, 4
mov eax, [ebp+var_4]
cmp eax, [esi]
jb short loc_403972
loc_4039DF: ; CODE XREF: sub_40382E+12B�j
; sub_40382E+13F�j
or eax, 0FFFFFFFFh
loc_4039E2: ; CODE XREF: sub_40382E+92�j
; sub_40382E+138�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40382E endp
; =============== S U B R O U T I N E =======================================
sub_4039E7 proc near ; CODE XREF: .text:00401C20�p
; .text:00401DED�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi]
test eax, eax
jbe short loc_403A19
lea edi, [esi+4]
loc_4039F9: ; CODE XREF: sub_4039E7+30�j
cmp dword ptr ds:41C430h, 0
jz short loc_403A07
cmp eax, 64h
ja short loc_403A19
loc_403A07: ; CODE XREF: sub_4039E7+19�j
push dword ptr [edi]
call sub_403E2B
mov eax, [esi]
inc ebx
add edi, 4
cmp ebx, eax
pop ecx
jb short loc_4039F9
loc_403A19: ; CODE XREF: sub_4039E7+D�j
; sub_4039E7+1E�j
and dword ptr [esi+804h], 0
push esi
call near ptr 41480Ah
pop ecx
pop edi
pop esi
pop ebx
retn
sub_4039E7 endp
; ---------------------------------------------------------------------------
db 56h
dd 824748Bh, 200FE81h, 0F770000h, 101068h, 0DC2E800h, 0C0850001h
dd 33047559h, 83C35EC0h, 89000460h, 8BC35E30h, 8B082444h
dd 83B0448h, 74FF0D75h, 0C4E80424h, 59000003h, 8BC3C033h
dd 89042454h, 0FF0C8854h, 488B0440h, 3BD23304h, 0C2950F08h
dd 56C3C28Bh, 0C24748Bh, 8B57C933h, 0C0850446h, 568D3B76h
dd 3B3A8B0Ch, 740C247Ch, 0C283410Ah, 72C83B04h, 8B26EBF0h
dd 0CA3B0856h, 894A0472h, 0C12B0856h, 5002E0C1h, 108E448Dh
dd 8E448D50h, 49E8500Ch, 8300010Dh, 4EFF0CC4h, 0C35E5F04h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+8]
push ebx
xor ebx, ebx
cmp [eax+4], ebx
lea ecx, [eax+80Ch]
mov [eax+8], ebx
mov [ebp-4], ebx
mov [ecx], ebx
jbe short loc_403B3F
push esi
push edi
lea esi, [eax+0Ch]
loc_403AF3: ; CODE XREF: .text:00403B3B�j
mov edi, [ecx]
mov [ebp+8], ebx
cmp edi, ebx
jbe short loc_403B15
lea edx, [eax+810h]
loc_403B02: ; CODE XREF: .text:00403B11�j
mov ebx, [esi]
cmp [edx], ebx
jz short loc_403B13
inc dword ptr [ebp+8]
add edx, 4
cmp [ebp+8], edi
jb short loc_403B02
loc_403B13: ; CODE XREF: .text:00403B06�j
xor ebx, ebx
loc_403B15: ; CODE XREF: .text:00403AFA�j
mov edx, [ebp+8]
cmp edx, edi
jnz short loc_403B2F
cmp edi, 200h
jnb short loc_403B2F
mov edi, [esi]
mov [eax+edx*4+810h], edi
inc dword ptr [ecx]
loc_403B2F: ; CODE XREF: .text:00403B1A�j
; .text:00403B22�j
inc dword ptr [ebp-4]
mov edx, [ebp-4]
add esi, 4
cmp edx, [eax+4]
jb short loc_403AF3
pop edi
pop esi
loc_403B3F: ; CODE XREF: .text:00403AEC�j
lea eax, [ebp-8]
mov [ebp-8], ebx
push eax
push ebx
push ecx
push ebx
push ebx
mov dword ptr [ebp-4], 3E8h
call dword ptr ds:415208h
cmp eax, ebx
jz short loc_403B65
cmp eax, 0FFFFFFFFh
jz short loc_403B65
xor eax, eax
inc eax
jmp short loc_403B67
; ---------------------------------------------------------------------------
loc_403B65: ; CODE XREF: .text:00403B59�j
; .text:00403B5E�j
xor eax, eax
loc_403B67: ; CODE XREF: .text:00403B63�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
dw 5553h
dd 24748B56h, 7E8B5710h, 47E3B08h, 0AE8D1F73h, 80Ch, 0CBE5C8Dh
dd 0E833FF55h, 10F5Eh, 1075C085h, 4C38347h, 72047E3Bh
dd 5FC033EBh, 0C35B5D5Eh, 8901478Dh, 448B0846h, 0EFEB0CBEh
dd 8B565553h, 33102474h, 39DB33EDh, 1876046Eh, 0C7E8D57h
dd 64E837FFh, 89000002h, 0C783432Fh, 45E3B04h, 5FED7259h
dd 89046E89h, 0AE89086Eh, 80Ch, 0C35B5D5Eh, 42474FFh, 0FFFFBFE8h
dd 17E959FFh
db 0Ch, 1, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 24h
push 20h
lea eax, [ebp-24h]
push 0
push eax
call near ptr 414822h
add esp, 0Ch
test byte ptr [ebp+10h], 2
jz short loc_403C18
mov dword ptr [ebp-20h], 17h
jmp short loc_403C24
; ---------------------------------------------------------------------------
loc_403C18: ; CODE XREF: .text:00403C0D�j
movsx eax, byte ptr [ebp+10h]
and eax, 1
add eax, eax
mov [ebp-20h], eax
loc_403C24: ; CODE XREF: .text:00403C16�j
test byte ptr [ebp+10h], 4
push 0
pop eax
setnz al
inc eax
mov [ebp-1Ch], eax
lea eax, [ebp-4]
push eax
lea eax, [ebp-24h]
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:41C47Ch
test eax, eax
jz short loc_403C4E
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403C4E: ; CODE XREF: .text:00403C48�j
push esi
mov esi, [ebp-4]
push edi
jmp short loc_403C9E
; ---------------------------------------------------------------------------
loc_403C55: ; CODE XREF: .text:00403CA0�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call dword ptr ds:415220h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403C9B
push 0
push edi
call sub_403512
pop ecx
pop ecx
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push edi
call dword ptr ds:41522Ch
cmp eax, 0FFFFFFFFh
jnz short loc_403C94
call dword ptr ds:415234h
cmp eax, 2733h
jz short loc_403CA4
loc_403C94: ; CODE XREF: .text:00403C85�j
push edi
call sub_403E2B
pop ecx
loc_403C9B: ; CODE XREF: .text:00403C69�j
mov esi, [esi+1Ch]
loc_403C9E: ; CODE XREF: .text:00403C53�j
test esi, esi
jnz short loc_403C55
xor edi, edi
loc_403CA4: ; CODE XREF: .text:00403C92�j
push dword ptr [ebp-4]
call dword ptr ds:41C484h
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CB3 proc near ; CODE XREF: sub_401932+73�p
; sub_401FB3+1A�p ...
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 82Ch
mov eax, [ebp+arg_C]
mov ecx, 3E8h
cdq
idiv ecx
push ebx
xor ebx, ebx
push 20h
push ebx
imul edx, 3E8h
mov [ebp+var_8], eax
lea eax, [ebp+var_28]
push eax
mov [ebp+var_4], edx
call near ptr 414822h
add esp, 0Ch
test [ebp+arg_8], 2
jz short loc_403CF4
mov [ebp+var_24], 17h
jmp short loc_403D00
; ---------------------------------------------------------------------------
loc_403CF4: ; CODE XREF: sub_403CB3+36�j
movsx eax, [ebp+arg_8]
and eax, 1
add eax, eax
mov [ebp+var_24], eax
loc_403D00: ; CODE XREF: sub_403CB3+3F�j
test [ebp+arg_8], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:41C47Ch
test eax, eax
jz short loc_403D2D
xor eax, eax
jmp loc_403E00
; ---------------------------------------------------------------------------
loc_403D2D: ; CODE XREF: sub_403CB3+71�j
push esi
mov esi, [ebp+arg_C]
push edi
jmp loc_403DE9
; ---------------------------------------------------------------------------
loc_403D37: ; CODE XREF: sub_403CB3+138�j
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
call dword ptr ds:415220h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_403DE6
push ebx
push edi
call sub_403512
pop ecx
pop ecx
push dword ptr [esi+10h]
push dword ptr [esi+18h]
push edi
call dword ptr ds:41522Ch
test eax, eax
jz short loc_403D78
call dword ptr ds:415234h
cmp eax, 2733h
jnz short loc_403DE6
loc_403D78: ; CODE XREF: sub_403CB3+B6�j
lea eax, [ebp+var_8]
mov [ebp+var_828], edi
push eax
lea eax, [ebp+var_82C]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_82C], 1
call dword ptr ds:415208h
cmp eax, 1
jz short loc_403E03
xor eax, eax
cmp [ebp+var_82C], ebx
jbe short loc_403DDF
loc_403DAB: ; CODE XREF: sub_403CB3+108�j
cmp [ebp+eax*4+var_828], edi
jz short loc_403DCE
inc eax
cmp eax, [ebp+var_82C]
jb short loc_403DAB
jmp short loc_403DDF
; ---------------------------------------------------------------------------
loc_403DBF: ; CODE XREF: sub_403CB3+124�j
mov ecx, [ebp+eax*4+var_824]
mov [ebp+eax*4+var_828], ecx
inc eax
loc_403DCE: ; CODE XREF: sub_403CB3+FF�j
mov ecx, [ebp+var_82C]
dec ecx
cmp eax, ecx
jb short loc_403DBF
dec [ebp+var_82C]
loc_403DDF: ; CODE XREF: sub_403CB3+F6�j
; sub_403CB3+10A�j
push edi
call sub_403E2B
pop ecx
loc_403DE6: ; CODE XREF: sub_403CB3+98�j
; sub_403CB3+C3�j
mov esi, [esi+1Ch]
loc_403DE9: ; CODE XREF: sub_403CB3+7F�j
cmp esi, ebx
jnz loc_403D37
xor edi, edi
loc_403DF3: ; CODE XREF: sub_403CB3+15A�j
push [ebp+arg_C]
call dword ptr ds:41C484h
mov eax, edi
pop edi
pop esi
loc_403E00: ; CODE XREF: sub_403CB3+75�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403E03: ; CODE XREF: sub_403CB3+EC�j
push 1
push edi
call sub_403512
pop ecx
pop ecx
jmp short loc_403DF3
sub_403CB3 endp
; =============== S U B R O U T I N E =======================================
sub_403E0F proc near ; CODE XREF: sub_401932+1D3�p
; .text:00401DDF�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call dword ptr ds:415200h
push 3E8h
call dword ptr ds:4150A4h
jmp $+5
sub_403E0F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403E2B proc near ; CODE XREF: sub_40339B+53�p
; sub_40342D+15�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword ptr ds:415230h
retn
sub_403E2B endp
; =============== S U B R O U T I N E =======================================
sub_403E36 proc near ; CODE XREF: sub_401932+FD�p
; .text:00401D21�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call dword ptr ds:415210h
retn
sub_403E36 endp
; =============== S U B R O U T I N E =======================================
sub_403E4B proc near ; CODE XREF: sub_402E66+A6�p
; sub_403E8F+1F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_8]
cmp esi, 2
push edi
jb short loc_403E78
mov edi, [esp+8+arg_4]
lea eax, [esi-1]
push 0
push eax
push edi
push [esp+14h+arg_0]
call dword ptr ds:41524Ch
test eax, eax
jz short loc_403E8C
cmp eax, 0FFFFFFFFh
jz short loc_403E8C
cmp eax, esi
jb short loc_403E88
loc_403E78: ; CODE XREF: sub_403E4B+9�j
push 271Eh
call dword ptr ds:415238h
or eax, 0FFFFFFFFh
jmp short loc_403E8C
; ---------------------------------------------------------------------------
loc_403E88: ; CODE XREF: sub_403E4B+2B�j
and byte ptr [eax+edi], 0
loc_403E8C: ; CODE XREF: sub_403E4B+22�j
; sub_403E4B+27�j ...
pop edi
pop esi
retn
sub_403E4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E8F proc near ; CODE XREF: sub_401FB3+70�p
; sub_401FB3+16A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_0]
call sub_403EB8
pop ecx
test eax, eax
pop ecx
jnz short loc_403EA5
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403EA5: ; CODE XREF: sub_403E8F+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403E4B
add esp, 0Ch
pop ebp
retn
sub_403E8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EB8 proc near ; CODE XREF: sub_403E8F+9�p
var_80C = dword ptr -80Ch
var_808 = dword ptr -808h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80Ch
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_808], eax
mov eax, [ebp+arg_4]
xor edx, edx
mov esi, 3E8h
div esi
xor ecx, ecx
inc ecx
mov [ebp+var_80C], ecx
imul edx, 3E8h
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push 0
lea eax, [ebp+var_80C]
push 0
push eax
push ecx
mov [ebp+var_4], edx
call dword ptr ds:415208h
dec eax
pop esi
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403EB8 endp
; =============== S U B R O U T I N E =======================================
sub_403F0B proc near ; CODE XREF: sub_40145F+53�p
; sub_401884+64�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
jnz short loc_403F30
push esi
mov esi, [esp+4+arg_0]
push 1A3h
push 0
push esi
call near ptr 414822h
add esp, 0Ch
mov byte ptr [esi+198h], 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_403F30: ; CODE XREF: sub_403F0B+5�j
push 1A3h
push [esp+4+arg_4]
push [esp+8+arg_0]
call near ptr 414810h
add esp, 0Ch
retn
sub_403F0B endp
; ---------------------------------------------------------------------------
push edi
push 41C8A4h
call sub_406D17
mov dword ptr [esp], 416AECh
call dword ptr ds:415058h
mov edi, eax
test edi, edi
jz short loc_403FC6
push esi
mov esi, ds:41505Ch
push 416ADCh
push edi
call esi
push 416AC8h
push edi
mov ds:41C8A0h, eax
call esi
push 416AB0h
push edi
mov ds:41C894h, eax
call esi
push 416A98h
push edi
mov ds:41C898h, eax
call esi
cmp dword ptr ds:41C8A0h, 0
mov ds:41C89Ch, eax
pop esi
jz short loc_403FC6
cmp dword ptr ds:41C894h, 0
jz short loc_403FC6
cmp dword ptr ds:41C898h, 0
jz short loc_403FC6
test eax, eax
jz short loc_403FC6
mov byte ptr ds:41C8BCh, 1
loc_403FC6: ; CODE XREF: .text:00403F62�j
; .text:00403FA7�j ...
pop edi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FC8 proc near ; CODE XREF: sub_4011BE+56�p
; sub_4041EB+2A�p
var_125 = byte ptr -125h
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
push 41C8A4h
call sub_406D45
cmp byte ptr ds:41C8BCh, 0
pop ecx
jnz short loc_403FEF
loc_403FE8: ; CODE XREF: sub_403FC8+35�j
; sub_403FC8+6E�j ...
xor esi, esi
jmp loc_4041D4
; ---------------------------------------------------------------------------
loc_403FEF: ; CODE XREF: sub_403FC8+1E�j
and [ebp+var_10], 0
push 0
call near ptr 414804h
test eax, eax
pop ecx
jz short loc_403FE8
mov esi, 80h
push esi
mov edi, esi
push eax
jmp short loc_404028
; ---------------------------------------------------------------------------
loc_40400A: ; CODE XREF: sub_403FC8+6C�j
mov ebx, [ebp+var_4]
lea eax, [ebp+var_10]
push eax
push edi
push ebx
call dword ptr ds:41C8A0h
test eax, eax
jz short loc_404056
mov eax, [ebp+var_10]
cmp eax, edi
jb short loc_404038
add edi, esi
push edi
push ebx
loc_404028: ; CODE XREF: sub_403FC8+40�j
call near ptr 4148B6h
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jnz short loc_40400A
jmp short loc_403FE8
; ---------------------------------------------------------------------------
loc_404038: ; CODE XREF: sub_403FC8+5A�j
shr eax, 2
mov edi, eax
imul eax, 114h
add eax, 8
mov [ebp+var_C], edi
push eax
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40405F
loc_404056: ; CODE XREF: sub_403FC8+53�j
push ebx
call near ptr 41480Ah
pop ecx
jmp short loc_403FE8
; ---------------------------------------------------------------------------
loc_40405F: ; CODE XREF: sub_403FC8+8C�j
and [ebp+var_8], 0
lea eax, [esi+8]
test edi, edi
mov [esi], edi
mov [esi+4], eax
jbe short loc_4040B5
xor edi, edi
loc_404071: ; CODE XREF: sub_403FC8+E8�j
mov ebx, 114h
push ebx
push 0
push dword ptr [esi+4]
call near ptr 414822h
mov ecx, [ebp+var_4]
mov edx, [ebp+var_8]
mov eax, [esi+4]
push 416AF8h
mov ecx, [ecx+edx*4]
mov [edi+eax], ecx
mov eax, [esi+4]
lea eax, [edi+eax+0Ch]
push eax
call near ptr 4147F2h
add esp, 14h
inc [ebp+var_8]
mov eax, [ebp+var_8]
add edi, ebx
cmp eax, [ebp+var_C]
jb short loc_404071
mov edi, [ebp+var_C]
loc_4040B5: ; CODE XREF: sub_403FC8+A5�j
push [ebp+var_4]
call near ptr 41480Ah
test edi, edi
pop ecx
jbe loc_4041D4
mov eax, [ebp+var_C]
xor ebx, ebx
mov [ebp+var_8], eax
loc_4040CE: ; CODE XREF: sub_403FC8+206�j
mov eax, [esi+4]
push dword ptr [ebx+eax]
push 0
push 410h
call dword ptr ds:415098h
mov edi, eax
test edi, edi
mov [ebp+var_4], edi
jz loc_4041C5
and [ebp+var_14], 0
and [ebp+var_C], 0
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword ptr ds:41C894h
test eax, eax
jnz short loc_404111
push edi
jmp loc_4041BF
; ---------------------------------------------------------------------------
loc_404111: ; CODE XREF: sub_403FC8+141�j
lea eax, [ebp+var_20]
push 0Ch
push eax
push [ebp+var_C]
push edi
call dword ptr ds:41C89Ch
mov eax, [esi+4]
mov ecx, [ebp+var_20]
push 40h
lea edi, [ebp+var_123]
mov [ebx+eax+4], ecx
mov eax, [esi+4]
mov ecx, [ebp+var_1C]
mov [ebx+eax+8], ecx
mov al, ds:41C42Ch
mov [ebp+var_124], al
pop ecx
xor eax, eax
rep stosd
stosw
stosb
mov edi, 104h
lea eax, [ebp+var_124]
push edi
push eax
push [ebp+var_20]
push [ebp+var_4]
call dword ptr ds:41C898h
test eax, eax
jz short loc_4041BC
cmp [ebp+var_124], 0
jz short loc_4041BC
lea eax, [ebp+var_124]
push edi
push eax
mov eax, [esi+4]
lea eax, [ebx+eax+0Ch]
push eax
call near ptr 4147FEh
lea eax, [ebp+var_124]
push eax
call near ptr 4147F8h
add esp, 10h
test eax, eax
jz short loc_4041BC
loc_40419E: ; CODE XREF: sub_403FC8+1E6�j
cmp eax, 1
jbe short loc_4041BC
cmp [ebp+eax+var_125], 5Ch
jz short loc_4041B2
dec eax
jnz short loc_40419E
jmp short loc_4041BC
; ---------------------------------------------------------------------------
loc_4041B2: ; CODE XREF: sub_403FC8+1E3�j
mov ecx, [esi+4]
mov [ebx+ecx+110h], eax
loc_4041BC: ; CODE XREF: sub_403FC8+1A3�j
; sub_403FC8+1AC�j ...
push [ebp+var_4]
loc_4041BF: ; CODE XREF: sub_403FC8+144�j
call dword ptr ds:4150ACh
loc_4041C5: ; CODE XREF: sub_403FC8+120�j
add ebx, 114h
dec [ebp+var_8]
jnz loc_4040CE
loc_4041D4: ; CODE XREF: sub_403FC8+22�j
; sub_403FC8+F8�j
push 41C8A4h
call sub_406D50
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_403FC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn thunk
sub_4041E6 proc near ; CODE XREF: sub_4011BE+235�p
jmp near ptr 41480Ah
sub_4041E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041EB proc near ; DATA XREF: sub_4042AA+2C�o
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A8h
push esi
push edi
push 1A7h
lea eax, [ebp+var_1A8]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
call sub_403FC8
mov esi, eax
xor edi, edi
cmp esi, edi
jz short loc_404296
mov eax, [ebp+var_1A8]
push ebx
push dword ptr [esi]
push dword ptr [eax]
lea eax, [ebp+var_1A4]
push 416B18h
push eax
call sub_40A68C
add esp, 10h
xor ebx, ebx
cmp [esi], edi
jle short loc_40428E
loc_404247: ; CODE XREF: sub_4041EB+A1�j
push 3E8h
call dword ptr ds:4150A4h
mov eax, [esi+4]
add eax, edi
lea ecx, [eax+0Ch]
push ecx
push dword ptr [eax+8]
push dword ptr [eax+4]
push dword ptr [eax]
lea eax, [ebp+var_1A4]
push 416B00h
push eax
call sub_40A68C
mov eax, [ebp+var_1A8]
add esp, 18h
cmp dword ptr [eax+4], 0
jnz short loc_40428E
inc ebx
add edi, 114h
cmp ebx, [esi]
jl short loc_404247
loc_40428E: ; CODE XREF: sub_4041EB+5A�j
; sub_4041EB+96�j
push esi
call near ptr 41480Ah
pop ecx
pop ebx
loc_404296: ; CODE XREF: sub_4041EB+35�j
push [ebp+var_1A8]
call sub_4069B8
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4041EB endp
; =============== S U B R O U T I N E =======================================
sub_4042AA proc near ; CODE XREF: sub_40826C+180�p
arg_0 = dword ptr 4
push esi
push 1A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_4042E3
push 1A3h
lea eax, [esi+4]
push [esp+8+arg_0]
push eax
call near ptr 414810h
push 416B40h
push 0
push esi
push offset sub_4041EB
call sub_40689D
add esp, 1Ch
loc_4042E3: ; CODE XREF: sub_4042AA+10�j
pop esi
retn
sub_4042AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042E5 proc near ; CODE XREF: sub_40826C+2C2�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
jz loc_4043B7
cmp [ebp+arg_C], 0
jz loc_4043B7
push [ebp+arg_4]
call near ptr 41485Ch
push [ebp+arg_8]
mov ebx, eax
call sub_4081A5
push [ebp+arg_C]
mov [ebp+arg_8], eax
call near ptr 41485Ch
mov esi, eax
mov eax, 180h
add esp, 0Ch
cmp esi, eax
jbe short loc_40432C
mov esi, eax
loc_40432C: ; CODE XREF: sub_4042E5+43�j
lea eax, [esi+1]
push eax
call near ptr 414804h
pop ecx
mov edi, eax
push ebx
xor ebx, ebx
push ebx
push 10h
call dword ptr ds:415098h
cmp eax, ebx
mov [ebp+arg_C], eax
jnz short loc_404354
push edi
call near ptr 41480Ah
pop ecx
jmp short loc_4043B7
; ---------------------------------------------------------------------------
loc_404354: ; CODE XREF: sub_4042E5+64�j
lea ecx, [ebp+arg_4]
mov [ebp+arg_4], ebx
push ecx
push esi
push edi
push [ebp+arg_8]
push eax
call dword ptr ds:41509Ch
test eax, eax
jz short loc_4043A7
cmp [ebp+arg_4], ebx
jz short loc_4043A7
and byte ptr [edi+esi], 0
xor ecx, ecx
cmp [ebp+arg_4], ebx
jbe short loc_40439C
loc_40437B: ; CODE XREF: sub_4042E5+B5�j
mov al, [ecx+edi]
cmp al, 0Ah
jz short loc_404392
cmp al, 0Dh
jz short loc_404392
cmp al, 1Fh
jz short loc_404392
cmp al, 16h
jz short loc_404392
cmp al, 10h
jg short loc_404396
loc_404392: ; CODE XREF: sub_4042E5+9B�j
; sub_4042E5+9F�j ...
mov byte ptr [ecx+edi], 2Eh
loc_404396: ; CODE XREF: sub_4042E5+AB�j
inc ecx
cmp ecx, [ebp+arg_4]
jb short loc_40437B
loc_40439C: ; CODE XREF: sub_4042E5+94�j
push edi
push [ebp+arg_0]
call sub_40A68C
pop ecx
pop ecx
loc_4043A7: ; CODE XREF: sub_4042E5+84�j
; sub_4042E5+89�j
push edi
call near ptr 41480Ah
pop ecx
push [ebp+arg_C]
call dword ptr ds:4150ACh
loc_4043B7: ; CODE XREF: sub_4042E5+A�j
; sub_4042E5+14�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4042E5 endp
; =============== S U B R O U T I N E =======================================
sub_4043BC proc near ; CODE XREF: sub_40826C+167�p
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
push esi
jz short loc_4043F7
push [esp+4+arg_4]
call near ptr 41485Ch
pop ecx
mov esi, eax
call dword ptr ds:415094h
cmp esi, eax
jz short loc_4043F7
push esi
push 0
push 1
call dword ptr ds:415098h
mov esi, eax
push 0
push esi
call dword ptr ds:4150A8h
push esi
call dword ptr ds:4150ACh
loc_4043F7: ; CODE XREF: sub_4043BC+6�j
; sub_4043BC+1C�j
pop esi
retn
sub_4043BC endp
; =============== S U B R O U T I N E =======================================
sub_4043F9 proc near ; CODE XREF: sub_40449D+83�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call near ptr 4147F8h
pop ecx
mov ebx, eax
call near ptr 40C151h
xor esi, esi
test al, 7
jnz short loc_40443A
test ebx, ebx
jle short loc_40445F
loc_404418: ; CODE XREF: sub_4043F9+3D�j
cmp byte ptr [esi+edi], 58h
jnz short loc_404433
call near ptr 40C126h
push 5
xor edx, edx
pop ecx
div ecx
mov al, [edx+416C10h]
mov [esi+edi], al
loc_404433: ; CODE XREF: sub_4043F9+23�j
inc esi
cmp esi, ebx
jl short loc_404418
jmp short loc_40445F
; ---------------------------------------------------------------------------
loc_40443A: ; CODE XREF: sub_4043F9+19�j
inc esi
cmp ebx, esi
jle short loc_40445F
loc_40443F: ; CODE XREF: sub_4043F9+64�j
cmp byte ptr [esi+edi], 58h
jnz short loc_40445A
call near ptr 40C126h
push 5
xor edx, edx
pop ecx
div ecx
mov al, [edx+416C08h]
mov [esi+edi], al
loc_40445A: ; CODE XREF: sub_4043F9+4A�j
inc esi
cmp esi, ebx
jl short loc_40443F
loc_40445F: ; CODE XREF: sub_4043F9+1D�j
; sub_4043F9+3F�j ...
pop edi
pop esi
pop ebx
retn
sub_4043F9 endp
; =============== S U B R O U T I N E =======================================
sub_404463 proc near ; CODE XREF: sub_40449D+25B�p
; sub_40449D+2D1�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call near ptr 4147F8h
mov ebx, eax
xor esi, esi
test ebx, ebx
pop ecx
jle short loc_404499
loc_404479: ; CODE XREF: sub_404463+34�j
cmp byte ptr [esi+edi], 58h
jnz short loc_404494
call near ptr 40C126h
push 5
xor edx, edx
pop ecx
div ecx
mov al, [edx+416C08h]
mov [esi+edi], al
loc_404494: ; CODE XREF: sub_404463+1A�j
inc esi
cmp esi, ebx
jl short loc_404479
loc_404499: ; CODE XREF: sub_404463+14�j
pop edi
pop esi
pop ebx
retn
sub_404463 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40449D proc near ; CODE XREF: sub_402E66+FC�p
; .rdata:004075F7�p ...
var_BC = byte ptr -0BCh
var_3C = byte ptr -3Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0BCh
push ebx
push esi
push edi
call near ptr 40C151h
movzx eax, al
push 2Eh
mov esi, [ebp+arg_0]
cdq
pop ecx
idiv ecx
lea eax, ds:416B50h[edx*4]
push eax
push esi
call near ptr 4147F2h
pop ecx
pop ecx
call near ptr 40C126h
test al, 3
jz short loc_4044EF
call near ptr 40C126h
push 2Eh
xor edx, edx
pop ecx
div ecx
lea eax, ds:416B50h[edx*4]
push eax
push esi
call near ptr 414828h
pop ecx
pop ecx
loc_4044EF: ; CODE XREF: sub_40449D+34�j
call near ptr 40C126h
test al, 1
jz short loc_404514
call near ptr 40C126h
push 2Eh
xor edx, edx
pop ecx
div ecx
lea eax, ds:416B50h[edx*4]
push eax
push esi
call near ptr 414828h
pop ecx
pop ecx
loc_404514: ; CODE XREF: sub_40449D+59�j
push esi
call near ptr 4147F8h
mov edi, eax
push esi
mov [ebp+arg_0], edi
call sub_4043F9
push esi
push [ebp+arg_4]
call near ptr 4147F2h
xor eax, eax
add esp, 10h
inc eax
xor ecx, ecx
cmp edi, eax
jle short loc_40456C
loc_40453A: ; CODE XREF: sub_40449D+A7�j
cmp byte ptr [eax+esi], 69h
jnz short loc_404541
inc ecx
loc_404541: ; CODE XREF: sub_40449D+A1�j
inc eax
cmp eax, edi
jl short loc_40453A
test ecx, ecx
jz short loc_40456C
call near ptr 40C151h
test al, 3
jnz short loc_40456C
xor ecx, ecx
test edi, edi
jle short loc_404578
loc_404559: ; CODE XREF: sub_40449D+CB�j
mov al, [ecx+esi]
cmp al, 69h
jz short loc_404565
sub al, 20h
mov [ecx+esi], al
loc_404565: ; CODE XREF: sub_40449D+C1�j
inc ecx
cmp ecx, edi
jl short loc_404559
jmp short loc_404578
; ---------------------------------------------------------------------------
loc_40456C: ; CODE XREF: sub_40449D+9B�j
; sub_40449D+AB�j ...
call near ptr 40C126h
test al, 1
jz short loc_404578
add byte ptr [esi], 0E0h
loc_404578: ; CODE XREF: sub_40449D+BA�j
; sub_40449D+CD�j ...
mov ebx, ds:4151E0h
cmp edi, 7
jg short loc_4045F2
call near ptr 40C151h
test al, 7
jnz short loc_4045EF
lea eax, [ebp+var_3C]
push esi
push eax
call near ptr 4147F2h
pop ecx
pop ecx
call near ptr 40C126h
push 0Ah
xor edx, edx
pop ecx
div ecx
test edx, edx
jl short loc_4045BD
cmp edx, 4
jg short loc_4045BD
lea eax, [ebp+var_3C]
push 416C40h
push eax
push 416C3Ch
jmp short loc_4045D2
; ---------------------------------------------------------------------------
loc_4045BD: ; CODE XREF: sub_40449D+109�j
; sub_40449D+10E�j
cmp edx, 5
jl short loc_4045DF
cmp edx, 8
jg short loc_4045DF
mov eax, 416C38h
lea ecx, [ebp+var_3C]
push eax
push ecx
push eax
loc_4045D2: ; CODE XREF: sub_40449D+11E�j
; sub_40449D+150�j
push 416C30h
push esi
call ebx
add esp, 14h
jmp short loc_40461D
; ---------------------------------------------------------------------------
loc_4045DF: ; CODE XREF: sub_40449D+123�j
; sub_40449D+128�j
lea eax, [ebp+var_3C]
push 416C2Ch
push eax
push 416C28h
jmp short loc_4045D2
; ---------------------------------------------------------------------------
loc_4045EF: ; CODE XREF: sub_40449D+ED�j
mov edi, [ebp+arg_0]
loc_4045F2: ; CODE XREF: sub_40449D+E4�j
cmp edi, 8
jg short loc_40461D
call near ptr 40C126h
test al, 3
jnz short loc_40461D
call near ptr 40C126h
test al, 1
jnz short loc_404610
push 416C24h
jmp short loc_404615
; ---------------------------------------------------------------------------
loc_404610: ; CODE XREF: sub_40449D+16A�j
push 416C20h
loc_404615: ; CODE XREF: sub_40449D+171�j
push esi
call near ptr 414828h
pop ecx
pop ecx
loc_40461D: ; CODE XREF: sub_40449D+140�j
; sub_40449D+158�j ...
call near ptr 40C126h
and eax, 1Fh
cmp al, 15h
ja short loc_40466B
mov [ebp+arg_0], 80h
call near ptr 40C126h
test al, 1
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_BC]
push eax
jnz short loc_40464C
call dword ptr ds:41500Ch
jmp short loc_404652
; ---------------------------------------------------------------------------
loc_40464C: ; CODE XREF: sub_40449D+1A5�j
call dword ptr ds:415050h
loc_404652: ; CODE XREF: sub_40449D+1AD�j
lea eax, [ebp+var_BC]
push 20h
push eax
push [ebp+arg_8]
call near ptr 4147FEh
add esp, 0Ch
jmp loc_404790
; ---------------------------------------------------------------------------
loc_40466B: ; CODE XREF: sub_40449D+18A�j
and [ebp+var_C], 0
xor eax, eax
lea edi, [ebp+var_B]
and [ebp+var_18], 0
stosd
stosd
stosb
xor eax, eax
lea edi, [ebp+var_17]
stosd
stosd
stosb
call near ptr 40C151h
movzx eax, al
push 2Eh
pop esi
cdq
mov ecx, esi
idiv ecx
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_C]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
call near ptr 40C126h
test al, 3
jz short loc_4046CD
call near ptr 40C126h
xor edx, edx
mov ecx, esi
div ecx
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_C]
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_4046CD: ; CODE XREF: sub_40449D+210�j
call near ptr 40C126h
test al, 1
jz short loc_4046F4
call near ptr 40C126h
xor edx, edx
mov ecx, esi
div ecx
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_C]
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_4046F4: ; CODE XREF: sub_40449D+237�j
lea eax, [ebp+var_C]
push eax
call sub_404463
call near ptr 40C151h
movzx eax, al
cdq
mov ecx, esi
idiv ecx
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_18]
push eax
call near ptr 4147F2h
add esp, 0Ch
call near ptr 40C126h
test al, 3
jz short loc_404745
call near ptr 40C126h
xor edx, edx
mov ecx, esi
div ecx
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_18]
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_404745: ; CODE XREF: sub_40449D+288�j
call near ptr 40C126h
test al, 1
jz short loc_40476A
call near ptr 40C126h
xor edx, edx
div esi
lea eax, ds:416B50h[edx*4]
push eax
lea eax, [ebp+var_18]
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_40476A: ; CODE XREF: sub_40449D+2AF�j
lea eax, [ebp+var_18]
push eax
call sub_404463
lea eax, [ebp+var_18]
add [ebp+var_C], 0E0h
add [ebp+var_18], 0E0h
push eax
lea eax, [ebp+var_C]
push eax
push 416C18h
push [ebp+arg_8]
call ebx
add esp, 14h
loc_404790: ; CODE XREF: sub_40449D+1C9�j
pop edi
pop esi
mov al, 1
pop ebx
leave
retn
sub_40449D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404797 proc near ; CODE XREF: sub_40826C+5CF�p
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4049C3
cmp byte ptr [edi+4], 5Ch
jnz loc_4049C3
push 4
pop esi
push esi
push 416C70h
push edi
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_4047D7
mov [ebp+arg_4], 80000000h
jmp short loc_40482D
; ---------------------------------------------------------------------------
loc_4047D7: ; CODE XREF: sub_404797+35�j
push esi
push 416C68h
push edi
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_4047F3
mov [ebp+arg_4], 80000001h
jmp short loc_40482D
; ---------------------------------------------------------------------------
loc_4047F3: ; CODE XREF: sub_404797+51�j
push esi
push 416C60h
push edi
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_40480F
mov [ebp+arg_4], 80000002h
jmp short loc_40482D
; ---------------------------------------------------------------------------
loc_40480F: ; CODE XREF: sub_404797+6D�j
push esi
push 416C58h
push edi
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz loc_4049C3
mov [ebp+arg_4], 80000003h
loc_40482D: ; CODE XREF: sub_404797+3E�j
; sub_404797+5A�j ...
add edi, 5
push edi
call near ptr 4147F8h
mov esi, eax
pop ecx
test esi, esi
jz loc_4049C3
loc_404841: ; CODE XREF: sub_404797+B1�j
cmp byte ptr [esi+edi], 5Ch
jz short loc_40484F
dec esi
jnz short loc_404841
jmp loc_4049C3
; ---------------------------------------------------------------------------
loc_40484F: ; CODE XREF: sub_404797+AE�j
lea eax, [esi+edi+1]
push eax
call near ptr 4147F8h
mov ebx, 200h
pop ecx
cmp eax, ebx
jnb loc_4049C3
lea eax, [esi+edi+1]
push eax
lea eax, [ebp+var_414]
push eax
call near ptr 4147F2h
pop ecx
cmp esi, ebx
pop ecx
jnb loc_4049C3
push esi
lea eax, [ebp+var_214]
push edi
push eax
call near ptr 414810h
add esp, 0Ch
lea eax, [ebp+var_14]
and [ebp+esi+var_214], 0
push eax
push 1
lea eax, [ebp+var_214]
push 0
push eax
push [ebp+arg_4]
call dword ptr ds:415004h
test eax, eax
jnz loc_4049C3
mov eax, 1000h
push eax
mov [ebp+var_C], eax
call near ptr 414804h
mov esi, eax
pop ecx
lea eax, [ebp+var_C]
mov [ebp+var_10], esi
push eax
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_414]
push 0
push eax
push [ebp+var_14]
call dword ptr ds:415010h
test eax, eax
jnz loc_4049B3
cmp [ebp+var_8], 1
mov ebx, 416C54h
jz short loc_404903
cmp [ebp+var_8], 2
jnz short loc_404910
loc_404903: ; CODE XREF: sub_404797+164�j
push esi
push ebx
push [ebp+arg_0]
call sub_40A68C
add esp, 0Ch
loc_404910: ; CODE XREF: sub_404797+16A�j
cmp [ebp+var_8], 4
jnz short loc_404928
push dword ptr [esi]
push 416C4Ch
push [ebp+arg_0]
call sub_40A68C
add esp, 0Ch
loc_404928: ; CODE XREF: sub_404797+17D�j
cmp [ebp+var_8], 3
jnz loc_4049B3
mov edi, 180h
push edi
call near ptr 414804h
and [ebp+var_4], 0
mov esi, eax
pop ecx
and byte ptr [esi], 0
cmp [ebp+var_C], 0
jbe short loc_40499D
loc_40494D: ; CODE XREF: sub_404797+204�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
movzx eax, byte ptr [ecx+eax]
push eax
lea eax, [ebp+arg_4]
push 416C44h
push eax
call near ptr 414816h
push esi
call near ptr 4147F8h
add eax, 3
add esp, 10h
cmp eax, edi
jb short loc_404986
push esi
push ebx
push [ebp+arg_0]
call sub_40A68C
add esp, 0Ch
and byte ptr [esi], 0
loc_404986: ; CODE XREF: sub_404797+1DD�j
lea eax, [ebp+arg_4]
push eax
push esi
call near ptr 414828h
inc [ebp+var_4]
pop ecx
mov eax, [ebp+var_4]
pop ecx
cmp eax, [ebp+var_C]
jb short loc_40494D
loc_40499D: ; CODE XREF: sub_404797+1B4�j
push esi
push ebx
push [ebp+arg_0]
call sub_40A68C
push esi
call near ptr 41480Ah
mov esi, [ebp+var_10]
add esp, 10h
loc_4049B3: ; CODE XREF: sub_404797+155�j
; sub_404797+195�j
push esi
call near ptr 41480Ah
pop ecx
push [ebp+var_14]
call dword ptr ds:415000h
loc_4049C3: ; CODE XREF: sub_404797+11�j
; sub_404797+1B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_404797 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049C8 proc near ; CODE XREF: sub_40A15C:loc_40A278�p
; .data:loc_40ABA5�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 208h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
call dword ptr ds:41504Ch
lea eax, [ebp+var_104]
push 416ED4h
push eax
call near ptr 414828h
lea eax, [ebp+var_208]
push 41C200h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_208]
push eax
call near ptr 40C247h
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_104]
push eax
call near ptr 414828h
add esp, 1Ch
lea eax, [ebp+var_104]
push eax
call dword ptr ds:4150B4h
lea eax, [ebp+var_104]
push 4162B0h
push eax
call near ptr 414840h
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_404A72
push esi
push 1
push 2
push 416ED0h
call near ptr 414834h
push esi
call near ptr 41483Ah
lea eax, [ebp+var_104]
push eax
call sub_404AF9
add esp, 18h
loc_404A72: ; CODE XREF: sub_4049C8+84�j
pop esi
leave
retn
sub_4049C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A75 proc near ; CODE XREF: sub_40A15C+E2�p
; .data:0040AB6B�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 208h
lea eax, [ebp+var_104]
push 104h
push eax
call dword ptr ds:41504Ch
lea eax, [ebp+var_104]
push 416ED4h
push eax
call near ptr 414828h
lea eax, [ebp+var_208]
push 41C200h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_208]
push eax
call near ptr 40C247h
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_104]
push eax
call near ptr 414828h
lea eax, [ebp+var_104]
push 41637Ch
push eax
call near ptr 414840h
add esp, 24h
test eax, eax
jz short loc_404AF5
push eax
call near ptr 41483Ah
xor eax, eax
pop ecx
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_404A75+72�j
xor eax, eax
leave
retn
sub_404A75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404AF9 proc near ; CODE XREF: sub_4049C8+A2�p
; .text:00404F39�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
lea eax, [ebp+var_11C]
push 104h
push eax
call dword ptr ds:41503Ch
lea eax, [ebp+var_11C]
push 416ED8h
push eax
call near ptr 414828h
pop ecx
mov esi, ds:415040h
pop ecx
mov edi, 80h
push 0
push edi
push 3
push 0
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_404B9F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword ptr ds:415044h
push ebx
mov ebx, ds:4150ACh
call ebx
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_404B9F
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword ptr ds:415048h
push esi
call ebx
loc_404B9F: ; CODE XREF: sub_404AF9+58�j
; sub_404AF9+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404AF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BA4 proc near ; CODE XREF: .text:00404EBD�p
; .text:00404EF3�p ...
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 108h
push esi
xor esi, esi
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push 416EE8h
push 80000002h
call dword ptr ds:415018h
cmp [ebp+arg_0], esi
jz short loc_404C2F
lea eax, [ebp+var_108]
push 104h
push eax
call dword ptr ds:41504Ch
lea eax, [ebp+var_108]
push 416ED4h
push eax
call near ptr 414828h
push [ebp+arg_8]
lea eax, [ebp+var_108]
push eax
call near ptr 414828h
add esp, 10h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:415038h
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push esi
push [ebp+arg_4]
push [ebp+var_4]
call dword ptr ds:415014h
jmp short loc_404C3B
; ---------------------------------------------------------------------------
loc_404C2F: ; CODE XREF: sub_404BA4+2D�j
push [ebp+arg_4]
push [ebp+var_4]
call dword ptr ds:415020h
loc_404C3B: ; CODE XREF: sub_404BA4+89�j
push [ebp+var_4]
call dword ptr ds:415000h
pop esi
leave
retn
sub_404BA4 endp
; =============== S U B R O U T I N E =======================================
sub_404C47 proc near ; CODE XREF: sub_404C70+2B�p
; .text:00404F45�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
mov edi, esi
call near ptr 4147F8h
pop ecx
xor ecx, ecx
test eax, eax
jbe short loc_404C6B
loc_404C5C: ; CODE XREF: sub_404C47+22�j
cmp byte ptr [ecx+esi], 5Ch
jnz short loc_404C66
lea edi, [ecx+esi+1]
loc_404C66: ; CODE XREF: sub_404C47+19�j
inc ecx
cmp ecx, eax
jb short loc_404C5C
loc_404C6B: ; CODE XREF: sub_404C47+13�j
mov eax, edi
pop edi
pop esi
retn
sub_404C47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C70 proc near ; CODE XREF: .text:00404D95�p
; sub_404F93+C�p
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword ptr ds:415060h
push eax
call dword ptr ds:415064h
lea eax, [ebp+var_104]
push eax
call sub_404C47
and byte ptr [eax], 0
pop ecx
lea eax, [ebp+var_104]
push eax
call dword ptr ds:415034h
leave
retn
sub_404C70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CB3 proc near ; CODE XREF: .text:00404F4B�p
; sub_404F93+C2�p ...
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
push 8
push 4
call near ptr 40C0FFh
pop ecx
xor esi, esi
pop ecx
mov ebx, eax
xor edi, edi
loc_404CCD: ; CODE XREF: sub_404CB3+2C�j
push 7Ah
push 61h
call near ptr 40C0FFh
mov [ebp+edi+var_14], al
inc edi
pop ecx
cmp edi, ebx
pop ecx
jnz short loc_404CCD
lea eax, [ebp+edi+var_14]
push 416F74h
push eax
call near ptr 4147F2h
mov ebx, [ebp+arg_0]
push ebx
call near ptr 4147F8h
push 400h
call near ptr 414804h
add esp, 10h
mov [ebp+arg_0], eax
lea eax, [ebp+var_14]
push eax
call dword ptr ds:4150B4h
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_14]
push 40000000h
push eax
call dword ptr ds:415040h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_404D33
xor eax, eax
jmp short loc_404D84
; ---------------------------------------------------------------------------
loc_404D33: ; CODE XREF: sub_404CB3+7A�j
lea eax, [ebp+var_14]
push eax
push ebx
push ebx
push ebx
push 416F18h
push [ebp+arg_0]
call dword ptr ds:4151E0h
add esp, 18h
lea eax, [ebp+var_4]
mov [ebp+var_4], esi
push esi
push eax
push [ebp+arg_0]
call near ptr 4147F8h
pop ecx
push eax
push [ebp+arg_0]
push edi
call dword ptr ds:415074h
push edi
call dword ptr ds:4150ACh
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push 41622Ch
push esi
call dword ptr ds:4151D4h
xor eax, eax
inc eax
loc_404D84: ; CODE XREF: sub_404CB3+7E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404CB3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 36Ch
push ebx
push esi
push edi
call sub_404C70
mov esi, 104h
lea eax, [ebp-36Ch]
push esi
xor ebx, ebx
push eax
push ebx
call dword ptr ds:415060h
push eax
call dword ptr ds:415064h
cmp ds:416C78h, ebx
mov [ebp-4], ebx
mov [ebp-8], ebx
jz short loc_404E39
mov edi, 416C78h
mov [ebp-0Ch], edi
loc_404DCD: ; CODE XREF: .text:00404E37�j
inc dword ptr [ebp-4]
lea eax, [ebp-268h]
push esi
push eax
call dword ptr ds:41504Ch
lea eax, [ebp-268h]
push 416ED4h
push eax
call near ptr 414828h
push dword ptr [edi]
call near ptr 40C247h
push dword ptr [edi]
lea eax, [ebp-268h]
push eax
call near ptr 414828h
push dword ptr [edi]
call near ptr 40C206h
lea eax, [ebp-36Ch]
push eax
lea eax, [ebp-268h]
push eax
call near ptr 414C30h
add esp, 20h
test eax, eax
jz loc_404EC7
mov edi, [ebp-0Ch]
inc dword ptr [ebp-8]
add edi, 8
mov [ebp-0Ch], edi
cmp [edi], ebx
jnz short loc_404DCD
loc_404E39: ; CODE XREF: .text:00404DC3�j
push dword ptr [ebp-4]
push ebx
call near ptr 40C0FFh
pop ecx
mov edi, eax
pop ecx
lea eax, [ebp-164h]
push esi
push eax
call dword ptr ds:41504Ch
lea eax, [ebp-164h]
push 416ED4h
push eax
call near ptr 414828h
lea esi, ds:416C78h[edi*8]
push dword ptr [esi]
call near ptr 40C247h
push dword ptr [esi]
lea eax, [ebp-164h]
push eax
call near ptr 414828h
push dword ptr [esi]
call near ptr 40C206h
add esp, 18h
lea eax, [ebp-164h]
push eax
call dword ptr ds:4150B4h
lea eax, [ebp-164h]
push ebx
push eax
lea eax, [ebp-36Ch]
push eax
call dword ptr ds:41506Ch
test eax, eax
jnz short loc_404F16
push 41CDF8h
push 416F7Ch
push 1
call sub_404BA4
add esp, 0Ch
jmp short loc_404F11
; ---------------------------------------------------------------------------
loc_404EC7: ; CODE XREF: .text:00404E23�j
mov eax, [ebp-8]
mov esi, eax
shl esi, 3
push dword ptr [esi+416C78h]
call near ptr 40C247h
push dword ptr [esi+416C7Ch]
call near ptr 40C247h
push dword ptr [esi+416C78h]
push dword ptr [esi+416C7Ch]
push 1
call sub_404BA4
push dword ptr [esi+416C78h]
call near ptr 40C206h
push dword ptr [esi+416C7Ch]
call near ptr 40C206h
add esp, 1Ch
loc_404F11: ; CODE XREF: .text:00404EC5�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404F16: ; CODE XREF: .text:00404EAF�j
mov esi, ds:4150B0h
lea eax, [ebp-164h]
push 4
push eax
call esi
lea eax, [ebp-164h]
push 2
push eax
call esi
lea eax, [ebp-164h]
push eax
call sub_404AF9
lea eax, [ebp-36Ch]
push eax
call sub_404C47
push eax
call sub_404CB3
push 44h
lea eax, [ebp-60h]
pop esi
push esi
push ebx
push eax
call near ptr 414822h
add esp, 18h
lea eax, [ebp-1Ch]
mov [ebp-60h], esi
mov [ebp-30h], bx
push eax
lea eax, [ebp-60h]
push eax
push ebx
push ebx
push 28h
push 1
push ebx
lea eax, [ebp-164h]
push ebx
push eax
push ebx
call dword ptr ds:415084h
call dword ptr ds:415254h
push ebx
call dword ptr ds:415068h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F93 proc near ; CODE XREF: sub_40219E+52B�p
; sub_40826C+8D1�p ...
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
call sub_404C70
mov ebx, 104h
lea eax, [ebp+var_20C]
push ebx
xor edi, edi
push eax
push edi
call dword ptr ds:415060h
push eax
call dword ptr ds:415064h
cmp ds:416C78h, edi
mov [ebp+var_4], edi
jz short loc_405037
mov esi, 416C78h
mov edi, esi
loc_404FD3: ; CODE XREF: sub_404F93+A0�j
lea eax, [ebp+var_108]
push ebx
push eax
call dword ptr ds:41504Ch
lea eax, [ebp+var_108]
push 416ED4h
push eax
call near ptr 414828h
push dword ptr [esi]
call near ptr 40C247h
push dword ptr [esi]
lea eax, [ebp+var_108]
push eax
call near ptr 414828h
push dword ptr [esi]
call near ptr 40C206h
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_108]
push eax
call near ptr 414C30h
add esp, 20h
test eax, eax
jz short loc_40507F
inc [ebp+var_4]
add edi, 8
mov esi, edi
cmp dword ptr [edi], 0
jnz short loc_404FD3
xor edi, edi
loc_405037: ; CODE XREF: sub_404F93+37�j
mov esi, 41CDF8h
push esi
push 416F7Ch
push edi
call sub_404BA4
lea eax, [ebp+var_20C]
push eax
call sub_404C47
push eax
call sub_404CB3
add esp, 14h
test eax, eax
jz loc_4050FE
push esi
push 416F90h
call sub_40A79C
pop ecx
pop ecx
call dword ptr ds:415254h
push edi
call dword ptr ds:415068h
loc_40507F: ; CODE XREF: sub_404F93+93�j
mov eax, [ebp+var_4]
mov esi, eax
shl esi, 3
push dword ptr [esi+416C78h]
call near ptr 40C247h
push dword ptr [esi+416C7Ch]
call near ptr 40C247h
push dword ptr [esi+416C78h]
push dword ptr [esi+416C7Ch]
push 0
call sub_404BA4
push dword ptr [esi+416C78h]
call near ptr 40C206h
push dword ptr [esi+416C7Ch]
call near ptr 40C206h
lea eax, [ebp+var_20C]
push eax
call sub_404C47
push eax
call sub_404CB3
add esp, 24h
test eax, eax
jz short loc_4050FE
push 41CDF8h
push 416F90h
call sub_40A79C
pop ecx
pop ecx
call dword ptr ds:415254h
push 0
call dword ptr ds:415068h
loc_4050FE: ; CODE XREF: sub_404F93+CC�j
; sub_404F93+14A�j
pop edi
pop esi
pop ebx
leave
retn
sub_404F93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405103 proc near ; DATA XREF: sub_405354+E5�o
var_16D4 = byte ptr -16D4h
var_6D4 = byte ptr -6D4h
var_5D4 = dword ptr -5D4h
var_5CA = byte ptr -5CAh
var_5BA = byte ptr -5BAh
var_427 = byte ptr -427h
var_414 = byte ptr -414h
var_413 = byte ptr -413h
var_412 = dword ptr -412h
var_40C = byte ptr -40Ch
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 16D4h
call near ptr 414880h
push ebx
push esi
push edi
push 1BDh
push [ebp+arg_0]
lea eax, [ebp+var_5D4]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
mov eax, [ebp+var_5D4]
mov edi, ds:41524Ch
add esp, 10h
xor ebx, ebx
lea ecx, [ebp+var_414]
mov [ebp+arg_0], eax
push ebx
push 408h
push ecx
push eax
call edi
cmp eax, ebx
jz loc_40534B
cmp eax, 0FFFFFFFFh
jz loc_40534B
cmp [ebp+var_414], 4
jnz short loc_40517B
cmp [ebp+var_413], 1
jnz short loc_40517B
xor esi, esi
inc esi
jmp short loc_40517D
; ---------------------------------------------------------------------------
loc_40517B: ; CODE XREF: sub_405103+68�j
; sub_405103+71�j
xor esi, esi
loc_40517D: ; CODE XREF: sub_405103+76�j
cmp [ebp+var_5CA], bl
jz short loc_4051A3
lea eax, [ebp+var_5CA]
push 10h
push eax
lea eax, [ebp+var_40C]
push eax
call near ptr 4148B0h
add esp, 0Ch
test eax, eax
jz short loc_4051A3
xor esi, esi
loc_4051A3: ; CODE XREF: sub_405103+80�j
; sub_405103+9C�j
cmp [ebp+var_427], bl
jz short loc_4051EE
lea eax, [ebp+var_6D4]
push eax
push [ebp+arg_0]
call sub_4035A5
pop ecx
cmp esi, ebx
pop ecx
mov eax, 41C42Ch
jnz short loc_4051CA
mov eax, 416FDCh
loc_4051CA: ; CODE XREF: sub_405103+C0�j
push eax
movzx eax, [ebp+var_414]
push eax
lea eax, [ebp+var_6D4]
push eax
lea eax, [ebp+var_5BA]
push 416FA8h
push eax
call sub_40A68C
add esp, 14h
loc_4051EE: ; CODE XREF: sub_405103+A6�j
cmp esi, ebx
jnz short loc_405229
push 8
lea eax, [ebp+var_414]
push ebx
push eax
call near ptr 414822h
lea eax, [ebp+var_414]
push 8
push eax
mov [ebp+var_413], 5Bh
push [ebp+arg_0]
call sub_403E36
push [ebp+arg_0]
call sub_403E0F
add esp, 1Ch
jmp loc_40534B
; ---------------------------------------------------------------------------
loc_405229: ; CODE XREF: sub_405103+ED�j
lea eax, [ebp+var_C]
push 0Ah
push eax
push [ebp+var_412]
call dword ptr ds:41523Ch
movzx eax, ax
push eax
call near ptr 414C24h
add esp, 0Ch
lea eax, [ebp+var_C]
push 2710h
push ebx
push eax
push [ebp+var_412+2]
call dword ptr ds:415224h
push eax
call sub_403CB3
mov [ebp+var_4], eax
push 8
lea eax, [ebp+var_414]
push ebx
push eax
call near ptr 414822h
add esp, 1Ch
cmp [ebp+var_4], ebx
lea eax, [ebp+var_414]
push 8
push eax
push [ebp+arg_0]
jnz short loc_4052A5
mov [ebp+var_413], 5Bh
call sub_403E36
push [ebp+arg_0]
call sub_403E0F
add esp, 10h
jmp loc_40534B
; ---------------------------------------------------------------------------
loc_4052A5: ; CODE XREF: sub_405103+184�j
mov [ebp+var_413], 5Ah
call sub_403E36
add esp, 0Ch
mov esi, 1000h
loc_4052B9: ; CODE XREF: sub_405103+234�j
push [ebp+arg_0]
call sub_403534
test eax, eax
pop ecx
jz short loc_4052F4
push ebx
lea eax, [ebp+var_16D4]
push esi
push eax
push [ebp+arg_0]
call edi
cmp eax, ebx
jz short loc_405339
cmp eax, 0FFFFFFFFh
jz short loc_405339
push eax
lea eax, [ebp+var_16D4]
push eax
push [ebp+var_4]
call sub_403E36
add esp, 0Ch
test eax, eax
jz short loc_405339
loc_4052F4: ; CODE XREF: sub_405103+1C1�j
push [ebp+var_4]
call sub_403534
test eax, eax
pop ecx
jz short loc_40532F
push ebx
lea eax, [ebp+var_16D4]
push esi
push eax
push [ebp+var_4]
call edi
cmp eax, ebx
jz short loc_405339
cmp eax, 0FFFFFFFFh
jz short loc_405339
push eax
lea eax, [ebp+var_16D4]
push eax
push [ebp+arg_0]
call sub_403E36
add esp, 0Ch
test eax, eax
jz short loc_405339
loc_40532F: ; CODE XREF: sub_405103+1FC�j
push 32h
call dword ptr ds:4150A4h
jmp short loc_4052B9
; ---------------------------------------------------------------------------
loc_405339: ; CODE XREF: sub_405103+1D3�j
; sub_405103+1D8�j ...
push [ebp+arg_0]
call sub_403E0F
push [ebp+var_4]
call sub_403E0F
pop ecx
pop ecx
loc_40534B: ; CODE XREF: sub_405103+52�j
; sub_405103+5B�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_405103 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405354 proc near ; DATA XREF: sub_405493+8C�o
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_1B6 = byte ptr -1B6h
var_1A6 = byte ptr -1A6h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C0h
push 1BDh
lea eax, [ebp+var_1C0]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
lea eax, [ebp+var_1BC]
push 1
push eax
call sub_40370B
add esp, 18h
mov [ebp+arg_0], eax
test eax, eax
jnz short loc_4053A2
push [ebp+var_1C0]
call sub_4069B8
pop ecx
jmp loc_40548D
; ---------------------------------------------------------------------------
loc_4053A2: ; CODE XREF: sub_405354+3B�j
push ebx
push esi
lea eax, [ebp+var_1BC]
push edi
push eax
mov eax, [ebp+var_1C0]
push dword ptr [eax]
lea eax, [ebp+var_1A6]
push 416FE8h
push eax
call sub_40A68C
mov edi, 3E8h
push edi
push [ebp+arg_0]
call sub_40382E
add esp, 18h
jmp loc_405463
; ---------------------------------------------------------------------------
loc_4053DB: ; CODE XREF: sub_405354+11B�j
test ebx, ebx
jz loc_405475
cmp ebx, 0FFFFFFFFh
jz short loc_405458
push 1BDh
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jnz short loc_405401
push ebx
call sub_403E2B
jmp short loc_405457
; ---------------------------------------------------------------------------
loc_405401: ; CODE XREF: sub_405354+A3�j
lea eax, [ebp+var_1BC]
mov [esi], ebx
push eax
lea eax, [esi+4]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_1B6]
push eax
lea eax, [esi+0Ah]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_1A6]
push 1A3h
push eax
lea eax, [esi+1Ah]
push eax
call near ptr 414810h
push esi
push offset sub_405103
call sub_4067A2
add esp, 24h
test eax, eax
jnz short loc_405458
push esi
call near ptr 41480Ah
push ebx
call sub_403E2B
pop ecx
loc_405457: ; CODE XREF: sub_405354+AB�j
pop ecx
loc_405458: ; CODE XREF: sub_405354+92�j
; sub_405354+F4�j
push edi
push [ebp+arg_0]
call sub_40382E
pop ecx
pop ecx
loc_405463: ; CODE XREF: sub_405354+82�j
mov ebx, eax
mov eax, [ebp+var_1C0]
cmp dword ptr [eax+4], 0
jz loc_4053DB
loc_405475: ; CODE XREF: sub_405354+89�j
push [ebp+arg_0]
call sub_4039E7
push [ebp+var_1C0]
call sub_4069B8
pop ecx
pop ecx
pop edi
pop esi
pop ebx
loc_40548D: ; CODE XREF: sub_405354+49�j
xor eax, eax
leave
retn 4
sub_405354 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405493 proc near ; CODE XREF: sub_40826C+14B�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
jnz short loc_4054C4
lea eax, [ebp+var_8]
push 0Ah
push eax
push 0FFFFh
push 401h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call near ptr 414C24h
add esp, 0Ch
lea ebx, [ebp+var_8]
loc_4054C4: ; CODE XREF: sub_405493+C�j
push 1BDh
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_40552D
lea eax, [esi+4]
push ebx
push eax
call near ptr 4147F2h
mov eax, [ebp+arg_8]
pop ecx
test eax, eax
pop ecx
jnz short loc_4054ED
mov eax, 41C42Ch
loc_4054ED: ; CODE XREF: sub_405493+53�j
push edi
push 10h
push eax
lea eax, [esi+0Ah]
push eax
call sub_40558F
mov edi, [ebp+arg_0]
push 1A3h
lea eax, [esi+1Ah]
push edi
push eax
call near ptr 414810h
xor eax, eax
push ebx
cmp [edi+18Bh], al
push 41701Ch
setz al
push eax
push esi
push offset sub_405354
call sub_40689D
add esp, 2Ch
pop edi
loc_40552D: ; CODE XREF: sub_405493+40�j
pop esi
pop ebx
leave
retn
sub_405493 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+10h]
test eax, eax
jl short loc_40554F
mov ecx, [ebp+8]
loc_40553E: ; CODE XREF: .text:0040554D�j
mov edx, [ebp+0Ch]
mov dl, [eax+edx]
and byte ptr [ecx+eax*2+1], 0
mov [ecx+eax*2], dl
dec eax
jns short loc_40553E
loc_40554F: ; CODE XREF: .text:00405539�j
mov eax, [ebp+10h]
pop ebp
retn
; ---------------------------------------------------------------------------
dd 24748B56h, 99E85608h, 590000F2h, 0C88BC085h, 148A0E7Ch
dd 4E648031h, 14880001h, 0F279494Eh, 0C35EC003h
; =============== S U B R O U T I N E =======================================
sub_405578 proc near ; CODE XREF: sub_40571F+C�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov edx, [esp+arg_0]
xor eax, eax
jmp short loc_405588
; ---------------------------------------------------------------------------
loc_405580: ; CODE XREF: sub_405578+14�j
cmp cl, [esp+arg_4]
jnz short loc_405587
inc eax
loc_405587: ; CODE XREF: sub_405578+C�j
inc edx
loc_405588: ; CODE XREF: sub_405578+6�j
mov cl, [edx]
test cl, cl
jnz short loc_405580
retn
sub_405578 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40558F proc near ; CODE XREF: sub_401520+81�p
; sub_401884+52�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_4055B9
cmp ecx, 1
jz short loc_4055B6
loc_4055A6: ; CODE XREF: sub_40558F+25�j
mov al, [esi]
mov [edi], al
test al, al
jz short loc_4055B9
inc esi
inc edi
dec ecx
cmp ecx, 1
jnz short loc_4055A6
loc_4055B6: ; CODE XREF: sub_40558F+15�j
mov byte ptr [edi], 0
loc_4055B9: ; CODE XREF: sub_40558F+10�j
; sub_40558F+1D�j
pop edi
pop esi
pop ebp
retn
sub_40558F endp
; =============== S U B R O U T I N E =======================================
sub_4055BD proc near ; CODE XREF: sub_4069F2+17�p
; sub_406AD0+1B�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
jmp short loc_4055CC
; ---------------------------------------------------------------------------
loc_4055C3: ; CODE XREF: sub_4055BD+13�j
cmp al, 30h
jl short loc_4055D5
cmp al, 39h
jg short loc_4055D5
inc ecx
loc_4055CC: ; CODE XREF: sub_4055BD+4�j
mov al, [ecx]
test al, al
jnz short loc_4055C3
inc al
retn
; ---------------------------------------------------------------------------
loc_4055D5: ; CODE XREF: sub_4055BD+8�j
; sub_4055BD+C�j
xor al, al
retn
sub_4055BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4055D8 proc near ; CODE XREF: sub_401000+8F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push esi
push edi
push ebx
call near ptr 4147F8h
mov [ebp+arg_8], eax
mov eax, [ebp+arg_4]
xor esi, esi
sub eax, [ebp+arg_8]
pop ecx
mov [ebp+arg_4], eax
js short loc_405630
loc_4055F8: ; CODE XREF: sub_4055D8+56�j
mov eax, [ebp+arg_0]
mov dl, [ebx]
add eax, esi
mov cl, [eax]
cmp cl, dl
jz short loc_405619
movsx edi, cl
movsx ecx, dl
lea edx, [ecx+20h]
cmp edi, edx
jz short loc_405619
add ecx, 0FFFFFFE0h
cmp edi, ecx
jnz short loc_40562A
loc_405619: ; CODE XREF: sub_4055D8+2B�j
; sub_4055D8+38�j
push [ebp+arg_8]
push ebx
push eax
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jz short loc_405637
loc_40562A: ; CODE XREF: sub_4055D8+3F�j
inc esi
cmp esi, [ebp+arg_4]
jle short loc_4055F8
loc_405630: ; CODE XREF: sub_4055D8+1E�j
xor eax, eax
loc_405632: ; CODE XREF: sub_4055D8+64�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405637: ; CODE XREF: sub_4055D8+50�j
mov eax, [ebp+arg_0]
add eax, esi
jmp short loc_405632
sub_4055D8 endp
; =============== S U B R O U T I N E =======================================
sub_40563E proc near ; CODE XREF: sub_40719D+CC�p
; sub_407747+10�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
mov cl, [esi]
jmp short loc_405657
; ---------------------------------------------------------------------------
loc_405649: ; CODE XREF: sub_40563E+1B�j
cmp cl, 0Dh
jz short loc_40565D
cmp cl, 0Ah
jz short loc_40565D
inc eax
mov cl, [eax+esi]
loc_405657: ; CODE XREF: sub_40563E+9�j
test cl, cl
jnz short loc_405649
jmp short loc_40567A
; ---------------------------------------------------------------------------
loc_40565D: ; CODE XREF: sub_40563E+E�j
; sub_40563E+13�j
push edi
xor ecx, ecx
lea edi, [eax+esi]
loc_405663: ; CODE XREF: sub_40563E+37�j
mov dl, [edi+ecx]
cmp dl, 0Dh
jz short loc_405670
cmp dl, 0Ah
jnz short loc_405677
loc_405670: ; CODE XREF: sub_40563E+2B�j
and byte ptr [edi+ecx], 0
inc ecx
jmp short loc_405663
; ---------------------------------------------------------------------------
loc_405677: ; CODE XREF: sub_40563E+30�j
add eax, ecx
pop edi
loc_40567A: ; CODE XREF: sub_40563E+1D�j
add eax, esi
pop esi
retn
sub_40563E endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
xor dl, dl
jmp short loc_405692
; ---------------------------------------------------------------------------
loc_405686: ; CODE XREF: .text:00405694�j
inc eax
mov cl, [eax]
cmp cl, dl
jz short locret_405699
cmp cl, 20h
jz short loc_405697
loc_405692: ; CODE XREF: .text:00405684�j
cmp [eax], dl
jnz short loc_405686
retn
; ---------------------------------------------------------------------------
loc_405697: ; CODE XREF: .text:00405690�j
mov [eax], dl
locret_405699: ; CODE XREF: .text:0040568B�j
retn
; =============== S U B R O U T I N E =======================================
sub_40569A proc near ; CODE XREF: sub_405BAD+21F�p
; sub_409D34+62�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
xor eax, eax
mov esi, ecx
loc_4056A8: ; CODE XREF: sub_40569A+28�j
mov dl, [esi]
cmp dl, 20h
jnz short loc_4056B6
test edi, edi
jnz short loc_4056C1
inc edi
jmp short loc_4056B8
; ---------------------------------------------------------------------------
loc_4056B6: ; CODE XREF: sub_40569A+13�j
xor edi, edi
loc_4056B8: ; CODE XREF: sub_40569A+1A�j
mov [eax+ecx], dl
inc eax
cmp byte ptr [esi], 0
jz short loc_4056C4
loc_4056C1: ; CODE XREF: sub_40569A+17�j
inc esi
jmp short loc_4056A8
; ---------------------------------------------------------------------------
loc_4056C4: ; CODE XREF: sub_40569A+25�j
cmp [esp+8+arg_8], 0
pop edi
pop esi
jz short locret_4056DE
jmp short loc_4056DA
; ---------------------------------------------------------------------------
loc_4056CF: ; CODE XREF: sub_40569A+42�j
and byte ptr [eax+ecx], 0
dec eax
cmp byte ptr [eax+ecx], 20h
jnz short locret_4056DE
loc_4056DA: ; CODE XREF: sub_40569A+33�j
test eax, eax
jnz short loc_4056CF
locret_4056DE: ; CODE XREF: sub_40569A+31�j
; sub_40569A+3E�j
retn
sub_40569A endp
; =============== S U B R O U T I N E =======================================
sub_4056DF proc near ; CODE XREF: sub_40571F+41�p
; sub_40571F+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
xor eax, eax
mov ebx, edi
mov esi, ecx
sub ebx, ecx
loc_4056F2: ; CODE XREF: sub_4056DF+26�j
mov dl, [esi]
cmp dl, 2Eh
jz short loc_40570D
test dl, dl
jz short loc_405717
mov [ebx+esi], dl
inc eax
inc esi
cmp eax, 4
jl short loc_4056F2
xor eax, eax
loc_405709: ; CODE XREF: sub_4056DF+36�j
; sub_4056DF+3E�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40570D: ; CODE XREF: sub_4056DF+18�j
and byte ptr [eax+edi], 0
lea eax, [eax+ecx+1]
jmp short loc_405709
; ---------------------------------------------------------------------------
loc_405717: ; CODE XREF: sub_4056DF+1C�j
and byte ptr [eax+edi], 0
add eax, ecx
jmp short loc_405709
sub_4056DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40571F proc near ; CODE XREF: .text:00405871�p
; .text:00405890�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 2Eh
push esi
call sub_405578
pop ecx
cmp eax, 3
pop ecx
jg short loc_40575A
mov ecx, [ebp+arg_10]
mov edi, [ebp+arg_8]
xor ebx, ebx
mov [ecx], bl
mov ecx, [ebp+arg_C]
sub eax, ebx
mov [ecx], bl
mov ecx, [ebp+arg_4]
mov [edi], bl
mov [ecx], bl
jz short loc_40578D
dec eax
jz short loc_40577C
dec eax
jz short loc_40576D
dec eax
jz short loc_40575E
loc_40575A: ; CODE XREF: sub_40571F+16�j
; sub_40571F+4C�j ...
xor eax, eax
jmp short loc_40579E
; ---------------------------------------------------------------------------
loc_40575E: ; CODE XREF: sub_40571F+39�j
push esi
push ecx
call sub_4056DF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40575A
loc_40576D: ; CODE XREF: sub_40571F+36�j
push esi
push edi
call sub_4056DF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40575A
loc_40577C: ; CODE XREF: sub_40571F+33�j
push esi
push [ebp+arg_C]
call sub_4056DF
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_40575A
loc_40578D: ; CODE XREF: sub_40571F+30�j
push esi
push [ebp+arg_10]
call sub_4056DF
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
loc_40579E: ; CODE XREF: sub_40571F+3D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40571F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4057A3 proc near ; CODE XREF: .text:004058D9�p
; .text:004058EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov cl, [eax]
cmp cl, 72h
jnz short loc_4057D4
cmp byte ptr [eax+1], 0
jnz short loc_4057D4
push 0Ah
push [ebp+arg_C]
push 0FFh
push 0
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call near ptr 414C24h
add esp, 0Ch
jmp short loc_405853
; ---------------------------------------------------------------------------
loc_4057D4: ; CODE XREF: sub_4057A3+B�j
; sub_4057A3+11�j
cmp cl, 73h
jz short loc_4057DE
cmp cl, 69h
jnz short loc_405838
loc_4057DE: ; CODE XREF: sub_4057A3+34�j
cmp byte ptr [eax+1], 0
jnz short loc_405838
mov eax, [ebp+arg_0]
cmp byte ptr [eax], 0
jz short loc_40581B
cmp [ebp+arg_10], 0
jz short loc_405818
push ebx
push eax
call near ptr 41485Ch
mov ebx, eax
push 0Ah
push [ebp+arg_C]
inc bl
movzx eax, bl
push eax
call near ptr 414C24h
add esp, 10h
xor eax, eax
test bl, bl
setz al
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405818: ; CODE XREF: sub_4057A3+4D�j
push eax
jmp short loc_40582A
; ---------------------------------------------------------------------------
loc_40581B: ; CODE XREF: sub_4057A3+47�j
cmp cl, 69h
jnz short loc_405827
push 41703Ch
jmp short loc_40582A
; ---------------------------------------------------------------------------
loc_405827: ; CODE XREF: sub_4057A3+7B�j
push [ebp+arg_8]
loc_40582A: ; CODE XREF: sub_4057A3+76�j
; sub_4057A3+82�j
push [ebp+arg_C]
call near ptr 4147F2h
pop ecx
xor eax, eax
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_405838: ; CODE XREF: sub_4057A3+39�j
; sub_4057A3+3F�j
test cl, cl
jnz short loc_405843
mov eax, [ebp+arg_0]
cmp [eax], cl
jz short loc_405846
loc_405843: ; CODE XREF: sub_4057A3+97�j
push eax
jmp short loc_405849
; ---------------------------------------------------------------------------
loc_405846: ; CODE XREF: sub_4057A3+9E�j
push [ebp+arg_8]
loc_405849: ; CODE XREF: sub_4057A3+A1�j
push [ebp+arg_C]
call near ptr 4147F2h
pop ecx
pop ecx
loc_405853: ; CODE XREF: sub_4057A3+2F�j
mov eax, [ebp+arg_10]
pop ebp
retn
sub_4057A3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3Ch
lea eax, [ebp-8]
push eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-2Ch]
push eax
push dword ptr [ebp+8]
call sub_40571F
add esp, 14h
test eax, eax
jz short loc_4058C3
lea eax, [ebp+8]
push eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-28h]
push eax
push dword ptr [ebp+0Ch]
call sub_40571F
add esp, 14h
test eax, eax
jz short loc_4058C3
lea eax, [ebp-4]
push eax
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-24h]
push eax
push 41D110h
call sub_40571F
add esp, 14h
test eax, eax
jz short loc_4058C3
cmp byte ptr [ebp+8], 0
jnz short loc_4058C7
loc_4058C3: ; CODE XREF: .text:0040587B�j
; .text:0040589A�j ...
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4058C7: ; CODE XREF: .text:004058C1�j
lea eax, [ebp-30h]
push 1
push eax
lea eax, [ebp-4]
push eax
lea eax, [ebp+8]
push eax
lea eax, [ebp-8]
push eax
call sub_4057A3
push eax
lea eax, [ebp-34h]
push eax
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-10h]
push eax
lea eax, [ebp-14h]
push eax
call sub_4057A3
push eax
lea eax, [ebp-38h]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-20h]
push eax
call sub_4057A3
push eax
lea eax, [ebp-3Ch]
push eax
lea eax, [ebp-24h]
push eax
lea eax, [ebp-28h]
push eax
lea eax, [ebp-2Ch]
push eax
call sub_4057A3
add esp, 50h
lea eax, [ebp-30h]
push eax
lea eax, [ebp-34h]
push eax
lea eax, [ebp-38h]
push eax
lea eax, [ebp-3Ch]
push eax
push 417040h
push dword ptr [ebp+10h]
call near ptr 414816h
xor eax, eax
add esp, 18h
inc eax
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp-4]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-10h]
push eax
push dword ptr [ebp+8]
call sub_40571F
add esp, 14h
test eax, eax
jz short loc_40598E
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-14h]
push eax
push 41D110h
call sub_40571F
add esp, 14h
test eax, eax
jnz short loc_405992
loc_40598E: ; CODE XREF: .text:0040596B�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_405992: ; CODE XREF: .text:0040598C�j
cmp byte ptr [ebp-10h], 0
jnz short loc_4059A7
lea eax, [ebp-14h]
push eax
lea eax, [ebp-10h]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4059A7: ; CODE XREF: .text:00405996�j
cmp byte ptr [ebp-0Ch], 0
jnz short loc_4059BC
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Ch]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4059BC: ; CODE XREF: .text:004059AB�j
cmp byte ptr [ebp-8], 0
jnz short loc_4059D1
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-8]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4059D1: ; CODE XREF: .text:004059C0�j
cmp byte ptr [ebp-4], 0
jnz short loc_4059E6
lea eax, [ebp-20h]
push eax
lea eax, [ebp-4]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4059E6: ; CODE XREF: .text:004059D5�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-10h]
push eax
push 417040h
push dword ptr [ebp+8]
call near ptr 414816h
xor eax, eax
add esp, 18h
inc eax
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A0B proc near ; CODE XREF: sub_407770+59�p
; sub_407770+73�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_405A1A
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_405A1A: ; CODE XREF: sub_405A0B+8�j
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov ecx, [eax]
mov edi, [ebp+arg_4]
mov al, [ecx]
test al, al
jz short loc_405A4C
mov bl, [edi]
loc_405A2D: ; CODE XREF: sub_405A0B+3F�j
test bl, bl
mov esi, edi
jz short loc_405A40
mov dl, bl
loc_405A35: ; CODE XREF: sub_405A0B+33�j
cmp dl, al
jz short loc_405A40
inc esi
mov dl, [esi]
test dl, dl
jnz short loc_405A35
loc_405A40: ; CODE XREF: sub_405A0B+26�j
; sub_405A0B+2C�j
cmp byte ptr [esi], 0
jz short loc_405A4C
inc ecx
mov al, [ecx]
test al, al
jnz short loc_405A2D
loc_405A4C: ; CODE XREF: sub_405A0B+1E�j
; sub_405A0B+38�j
cmp byte ptr [ecx], 0
mov edx, ecx
mov esi, edi
jz short loc_405A6F
loc_405A55: ; CODE XREF: sub_405A0B+5C�j
mov al, [edx]
cmp al, [esi]
jz short loc_405A6B
inc esi
cmp byte ptr [esi], 0
jnz short loc_405A64
mov esi, edi
inc edx
loc_405A64: ; CODE XREF: sub_405A0B+54�j
cmp byte ptr [edx], 0
jnz short loc_405A55
jmp short loc_405A6F
; ---------------------------------------------------------------------------
loc_405A6B: ; CODE XREF: sub_405A0B+4E�j
and byte ptr [edx], 0
inc edx
loc_405A6F: ; CODE XREF: sub_405A0B+48�j
; sub_405A0B+5E�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
mov [eax], edx
mov eax, ecx
sub eax, edx
neg eax
sbb eax, eax
and eax, ecx
pop ebp
retn
sub_405A0B endp
; =============== S U B R O U T I N E =======================================
sub_405A83 proc near ; CODE XREF: sub_405A86:loc_405A90�p
; sub_405A86+1E�p
rdtsc
retn
sub_405A83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A86 proc near ; CODE XREF: sub_405BAD+271�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
xor esi, esi
push ebx
loc_405A90: ; CODE XREF: sub_405A86+42�j
; sub_405A86+4C�j
call sub_405A83
push 3E8h
mov edi, eax
mov ebx, edx
call dword ptr ds:4150A4h
call sub_405A83
sub eax, edi
push esi
sbb edx, ebx
push 186A0h
push edx
push eax
call near ptr 414940h
push esi
push 0Ah
push edx
push eax
call near ptr 414940h
cmp edx, esi
mov edi, eax
ja short loc_405A90
jb short loc_405AD4
cmp edi, 0F4240h
ja short loc_405A90
loc_405AD4: ; CODE XREF: sub_405A86+44�j
push esi
push 64h
push edx
push edi
call near ptr 4148C0h
push 64h
mov ecx, eax
pop eax
cmp edx, esi
mov [ebp+var_4], esi
pop ebx
ja short loc_405B4C
jb short loc_405AF2
cmp ecx, 50h
jnb short loc_405AF8
loc_405AF2: ; CODE XREF: sub_405A86+65�j
push 4Bh
mov [ebp+var_4], esi
pop eax
loc_405AF8: ; CODE XREF: sub_405A86+6A�j
cmp edx, esi
ja short loc_405B4C
jb short loc_405B03
cmp ecx, 47h
jnb short loc_405B09
loc_405B03: ; CODE XREF: sub_405A86+76�j
push 42h
mov [ebp+var_4], esi
pop eax
loc_405B09: ; CODE XREF: sub_405A86+7B�j
cmp edx, esi
ja short loc_405B4C
jb short loc_405B14
cmp ecx, 37h
jnb short loc_405B1A
loc_405B14: ; CODE XREF: sub_405A86+87�j
push 32h
mov [ebp+var_4], esi
pop eax
loc_405B1A: ; CODE XREF: sub_405A86+8C�j
cmp edx, esi
ja short loc_405B4C
jb short loc_405B25
cmp ecx, 26h
jnb short loc_405B2B
loc_405B25: ; CODE XREF: sub_405A86+98�j
push 21h
mov [ebp+var_4], esi
pop eax
loc_405B2B: ; CODE XREF: sub_405A86+9D�j
cmp edx, esi
ja short loc_405B4C
jb short loc_405B36
cmp ecx, 1Eh
jnb short loc_405B3C
loc_405B36: ; CODE XREF: sub_405A86+A9�j
push 19h
mov [ebp+var_4], esi
pop eax
loc_405B3C: ; CODE XREF: sub_405A86+AE�j
cmp edx, esi
ja short loc_405B4C
jb short loc_405B47
cmp ecx, 0Ah
jnb short loc_405B4C
loc_405B47: ; CODE XREF: sub_405A86+BA�j
xor eax, eax
mov [ebp+var_4], esi
loc_405B4C: ; CODE XREF: sub_405A86+63�j
; sub_405A86+74�j ...
sub eax, ecx
add eax, edi
pop edi
pop esi
leave
retn
sub_405A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B54 proc near ; CODE XREF: sub_40A15C+125�p
; .data:0040ABAE�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, ds:415030h
push 1Fh
push esi
push 7
push 400h
call edi
neg eax
sbb eax, eax
mov byte ptr [esi+3], 0
neg eax
mov [ebp+arg_0], eax
jz short loc_405B93
push 417104h
push esi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_405B93
xor eax, eax
inc eax
jmp short loc_405BA9
; ---------------------------------------------------------------------------
loc_405B93: ; CODE XREF: sub_405B54+27�j
; sub_405B54+38�j
push 1Fh
push esi
push 7
push 800h
call edi
neg eax
sbb eax, eax
neg eax
and byte ptr [esi+3], 0
loc_405BA9: ; CODE XREF: sub_405B54+3D�j
pop edi
pop esi
pop ebp
retn
sub_405B54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BAD proc near ; DATA XREF: sub_405E89+27�o
var_730 = byte ptr -730h
var_330 = dword ptr -330h
var_32C = byte ptr -32Ch
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = byte ptr -17Ch
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = byte ptr -0F4h
var_74 = byte ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_54 = byte ptr -54h
var_3C = byte ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 730h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_330]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
lea eax, [ebp+var_74]
push eax
call dword ptr ds:415028h
mov eax, [ebp+var_6C]
lea esi, [eax+100000h]
mov eax, [ebp+var_68]
add eax, 100000h
shr eax, 14h
shr esi, 14h
mov [ebp+var_28], eax
call sub_406625
xor edx, edx
mov ecx, 15180h
div ecx
mov ecx, 0E10h
push 3Ch
mov [ebp+var_8], 15h
mov [ebp+var_C], 10h
mov [ebp+var_14], eax
mov eax, edx
xor edx, edx
div ecx
pop ecx
mov [ebp+var_1C], eax
mov eax, edx
xor edx, edx
div ecx
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:41500Ch
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_3C]
push eax
call dword ptr ds:415050h
push 24h
xor eax, eax
pop ecx
lea edi, [ebp+var_104]
mov [ebp+var_108], 94h
rep stosd
lea eax, [ebp+var_108]
push eax
call dword ptr ds:41502Ch
cmp [ebp+var_104], 4
mov [ebp+arg_0], 417280h
mov [ebp+var_20], 417278h
jnz short loc_405CDF
cmp [ebp+var_100], 0
jnz short loc_405CBB
cmp [ebp+var_F8], 1
jnz short loc_405CA5
mov [ebp+arg_0], 417274h
loc_405CA5: ; CODE XREF: sub_405BAD+EF�j
cmp [ebp+var_F8], 2
jnz loc_405D37
mov [ebp+arg_0], 417270h
jmp short loc_405D25
; ---------------------------------------------------------------------------
loc_405CBB: ; CODE XREF: sub_405BAD+E6�j
cmp [ebp+var_100], 0Ah
jnz short loc_405CCD
mov [ebp+arg_0], 41726Ch
jmp short loc_405D1C
; ---------------------------------------------------------------------------
loc_405CCD: ; CODE XREF: sub_405BAD+115�j
cmp [ebp+var_100], 5Ah
jnz short loc_405D1C
mov [ebp+arg_0], 417268h
jmp short loc_405D1C
; ---------------------------------------------------------------------------
loc_405CDF: ; CODE XREF: sub_405BAD+DD�j
cmp [ebp+var_104], 5
jnz short loc_405D1C
cmp [ebp+var_100], 0
jnz short loc_405CFA
mov [ebp+arg_0], 417260h
jmp short loc_405D1C
; ---------------------------------------------------------------------------
loc_405CFA: ; CODE XREF: sub_405BAD+142�j
cmp [ebp+var_100], 1
jnz short loc_405D0C
mov [ebp+arg_0], 41725Ch
jmp short loc_405D1C
; ---------------------------------------------------------------------------
loc_405D0C: ; CODE XREF: sub_405BAD+154�j
cmp [ebp+var_100], 2
jnz short loc_405D1C
mov [ebp+arg_0], 417254h
loc_405D1C: ; CODE XREF: sub_405BAD+11E�j
; sub_405BAD+127�j ...
cmp [ebp+var_F8], 2
jnz short loc_405D37
loc_405D25: ; CODE XREF: sub_405BAD+10C�j
cmp [ebp+var_F4], 0
jz short loc_405D37
lea eax, [ebp+var_F4]
mov [ebp+var_20], eax
loc_405D37: ; CODE XREF: sub_405BAD+FF�j
; sub_405BAD+176�j ...
call sub_403452
test eax, eax
mov [ebp+var_18], 417250h
jnz short loc_405D4E
mov [ebp+var_18], 41724Ch
loc_405D4E: ; CODE XREF: sub_405BAD+198�j
and [ebp+var_17C], 0
and [ebp+var_109], 0
xor eax, eax
cpuid
mov [ebp+var_188], ebx
mov [ebp+var_184], edx
mov [ebp+var_180], ecx
lea eax, [ebp+var_4]
xor ebx, ebx
push eax
push 20019h
push ebx
push 41721Ch
push 80000002h
mov [ebp+var_4], ebx
call dword ptr ds:415004h
test eax, eax
jnz short loc_405DDD
lea eax, [ebp+var_24]
mov [ebp+var_2C], ebx
push eax
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
push 417208h
mov [ebp+var_24], 80h
push [ebp+var_4]
call dword ptr ds:415010h
test eax, eax
jnz short loc_405DD4
push 1
lea eax, [ebp+var_188]
push 1
push eax
call sub_40569A
add esp, 0Ch
loc_405DD4: ; CODE XREF: sub_405BAD+212�j
push [ebp+var_4]
call dword ptr ds:415000h
loc_405DDD: ; CODE XREF: sub_405BAD+1E6�j
cmp [ebp+var_10], 1
mov ecx, 41C42Ch
mov eax, 417204h
mov ebx, ecx
jz short loc_405DF1
mov ebx, eax
loc_405DF1: ; CODE XREF: sub_405BAD+240�j
cmp [ebp+var_1C], 1
mov edx, ecx
jz short loc_405DFB
mov edx, eax
loc_405DFB: ; CODE XREF: sub_405BAD+24A�j
cmp [ebp+var_14], 1
jnz short loc_405E03
mov eax, ecx
loc_405E03: ; CODE XREF: sub_405BAD+252�j
lea ecx, [ebp+var_54]
push ecx
lea ecx, [ebp+var_3C]
push ecx
push ebx
push [ebp+var_10]
push edx
push [ebp+var_1C]
push eax
push [ebp+var_14]
push [ebp+var_18]
push esi
push [ebp+var_28]
call sub_405A86
push eax
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_730]
push [ebp+var_FC]
push [ebp+var_100]
push [ebp+var_104]
push [ebp+var_20]
push [ebp+arg_0]
push 417108h
push 400h
push eax
call near ptr 41486Eh
lea eax, [ebp+var_730]
push eax
lea eax, [ebp+var_32C]
push 416C54h
push eax
call sub_40A68C
add esp, 60h
push [ebp+var_330]
call sub_4069B8
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_405BAD endp
; =============== S U B R O U T I N E =======================================
sub_405E89 proc near ; CODE XREF: sub_40826C+EC3�p
arg_0 = dword ptr 4
push esi
push 1A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_405EBD
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403F0B
push 417284h
push 0
push esi
push offset sub_405BAD
call sub_40689D
add esp, 18h
loc_405EBD: ; CODE XREF: sub_405E89+10�j
pop esi
retn
sub_405E89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405EBF proc near ; CODE XREF: sub_405F2B+A�p
; sub_405F2B+18�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_20]
push eax
call near ptr 40C247h
call near ptr 41481Ch
mov edi, eax
push 7D0h
push 0
lea eax, [ebp+var_20]
push 416558h
push eax
call sub_403CB3
mov esi, eax
push esi
call sub_403E2B
add esp, 20h
test esi, esi
jnz short loc_405F0E
mov eax, 3E8h
jmp short loc_405F27
; ---------------------------------------------------------------------------
loc_405F0E: ; CODE XREF: sub_405EBF+46�j
call near ptr 41481Ch
mov ecx, eax
mov eax, 3E8h
sub ecx, edi
cmp ecx, eax
jnb short loc_405F27
call near ptr 41481Ch
sub eax, edi
loc_405F27: ; CODE XREF: sub_405EBF+4D�j
; sub_405EBF+5F�j
pop edi
pop esi
leave
retn
sub_405EBF endp
; =============== S U B R O U T I N E =======================================
sub_405F2B proc near ; CODE XREF: sub_4060F1:loc_406217�p
; sub_409D34+157�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push 41704Ch
call sub_405EBF
mov esi, eax
mov [esp+18h+var_18], 417058h
call sub_405EBF
mov edi, eax
mov [esp+18h+var_18], 417070h
call sub_405EBF
mov ebx, eax
mov [esp+18h+var_18], 41707Ch
call sub_405EBF
mov ebp, eax
mov [esp+18h+var_18], 41708Ch
call sub_405EBF
mov [esp+18h+var_4], eax
mov [esp+18h+var_18], 41709Ch
call sub_405EBF
add eax, [esp+18h+var_4]
pop ecx
push 6
xor edx, edx
add eax, ebp
pop ecx
add eax, ebx
add eax, edi
pop edi
add eax, esi
pop esi
pop ebp
pop ebx
div ecx
pop ecx
retn
sub_405F2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F9C proc near ; CODE XREF: sub_4060F1:loc_406242�p
var_268 = byte ptr -268h
var_68 = byte ptr -68h
var_34 = byte ptr -34h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
lea eax, [ebp+var_34]
push 4170B0h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_34]
push eax
call near ptr 40C247h
lea eax, [ebp+var_1C]
push 4170C8h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_1C]
push eax
call near ptr 40C247h
lea eax, [ebp+var_68]
push 4170D0h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_68]
push eax
call near ptr 40C247h
push 2710h
lea eax, [ebp+var_1C]
push 0
push eax
lea eax, [ebp+var_34]
push eax
call sub_403CB3
mov ebx, eax
add esp, 34h
test ebx, ebx
mov [ebp+var_14], ebx
jnz short loc_406014
loc_40600D: ; CODE XREF: sub_405F9C+D8�j
; sub_405F9C+110�j
xor eax, eax
jmp loc_4060EC
; ---------------------------------------------------------------------------
loc_406014: ; CODE XREF: sub_405F9C+6F�j
lea eax, [ebp+var_34]
mov esi, 200h
push eax
lea eax, [ebp+var_68]
push eax
push 4163F8h
lea eax, [ebp+var_268]
push esi
push eax
call near ptr 41486Eh
lea eax, [ebp+var_268]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_268]
push eax
push ebx
call sub_403E36
call near ptr 41481Ch
and dword ptr [ebp+var_8+4], 0
mov edi, 0BB8h
mov dword ptr [ebp+var_10+4], eax
push edi
lea eax, [ebp+var_268]
push esi
push eax
push ebx
call sub_403E8F
mov ebx, eax
add esp, 34h
test ebx, ebx
jz short loc_40600D
loc_406076: ; CODE XREF: sub_405F9C+106�j
cmp ebx, 0FFFFFFFFh
jz short loc_4060A4
call near ptr 41481Ch
sub eax, dword ptr [ebp+var_10+4]
cmp eax, edi
ja short loc_4060A4
add dword ptr [ebp+var_8+4], ebx
push edi
lea eax, [ebp+var_268]
push esi
push eax
push [ebp+var_14]
call sub_403E8F
mov ebx, eax
add esp, 10h
test ebx, ebx
jnz short loc_406076
loc_4060A4: ; CODE XREF: sub_405F9C+DD�j
; sub_405F9C+E9�j
mov eax, dword ptr [ebp+var_8+4]
cmp eax, 2000h
jb loc_40600D
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fstp dword ptr [ebp+var_8+4]
call near ptr 41481Ch
sub eax, dword ptr [ebp+var_10+4]
and dword ptr [ebp+var_10+4], 0
mov dword ptr [ebp+var_10], eax
fild [ebp+var_10]
fmul dword ptr ds:415278h
fdivr dword ptr [ebp+var_8+4]
call near ptr 4149A8h
push [ebp+var_14]
mov esi, eax
call sub_403E0F
pop ecx
mov eax, esi
loc_4060EC: ; CODE XREF: sub_405F9C+73�j
pop edi
pop esi
pop ebx
leave
retn
sub_405F9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060F1 proc near ; DATA XREF: sub_4062F1+27�o
var_A80 = qword ptr -0A80h
var_A58 = byte ptr -0A58h
var_658 = byte ptr -658h
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A58h
push esi
push edi
push 1A7h
lea eax, [ebp+var_254]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
mov esi, 41D110h
lea eax, [ebp+var_658]
push esi
push eax
call near ptr 4147F2h
add esp, 18h
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push edi
push esi
call dword ptr ds:41C47Ch
test eax, eax
jnz short loc_406168
push 1
push edi
push edi
lea eax, [ebp+var_658]
push 401h
push eax
mov eax, [ebp+var_18]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword ptr ds:41C480h
push [ebp+var_18]
call dword ptr ds:41C484h
loc_406168: ; CODE XREF: sub_4060F1+4D�j
call sub_406697
xor edx, edx
mov ecx, 15180h
div ecx
mov ecx, 0E10h
push 3Ch
mov esi, 417394h
mov dword ptr [ebp+var_C+4], eax
mov eax, edx
xor edx, edx
div ecx
pop ecx
push esi
mov [ebp+var_4], eax
mov eax, edx
xor edx, edx
div ecx
mov [ebp+var_10], eax
lea eax, [ebp+var_AC]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_2C]
push esi
push eax
call near ptr 4147F2h
mov eax, ds:41C474h
add esp, 10h
cmp eax, edi
jz short loc_4061EF
push edi
lea ecx, [ebp+var_AC]
push 80h
push ecx
lea ecx, [ebp+var_20]
push ecx
call eax
test eax, eax
jz short loc_4061EF
test [ebp+var_20], 1
lea eax, [ebp+var_2C]
jz short loc_4061E2
push 41738Ch
jmp short loc_4061E7
; ---------------------------------------------------------------------------
loc_4061E2: ; CODE XREF: sub_4060F1+E8�j
push 417388h
loc_4061E7: ; CODE XREF: sub_4060F1+EF�j
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_4061EF: ; CODE XREF: sub_4060F1+C8�j
; sub_4060F1+DF�j
call sub_4034C0
mov edi, 417250h
mov esi, 41724Ch
test eax, eax
mov [ebp+var_1C], edi
jnz short loc_406208
mov [ebp+var_1C], esi
loc_406208: ; CODE XREF: sub_4060F1+112�j
call sub_40339B
test eax, eax
mov [ebp+var_14], edi
jnz short loc_406217
mov [ebp+var_14], esi
loc_406217: ; CODE XREF: sub_4060F1+121�j
call sub_405F2B
cmp eax, 2EEh
mov [ebp+var_24], eax
mov [ebp+arg_0], 417384h
jnb short loc_406234
mov [ebp+arg_0], 41737Ch
loc_406234: ; CODE XREF: sub_4060F1+13A�j
cmp eax, 1F4h
jnb short loc_406242
mov [ebp+arg_0], 417374h
loc_406242: ; CODE XREF: sub_4060F1+148�j
call sub_405F9C
cmp [ebp+var_10], 1
mov edx, 41C42Ch
mov ecx, 417204h
mov edi, edx
jz short loc_40625B
mov edi, ecx
loc_40625B: ; CODE XREF: sub_4060F1+166�j
cmp [ebp+var_4], 1
mov esi, edx
jz short loc_406265
mov esi, ecx
loc_406265: ; CODE XREF: sub_4060F1+170�j
cmp dword ptr [ebp+var_C+4], 1
jnz short loc_40626D
mov ecx, edx
loc_40626D: ; CODE XREF: sub_4060F1+178�j
push edi
mov dword ptr [ebp+var_C], eax
push [ebp+var_10]
lea eax, [ebp+var_2C]
push esi
push [ebp+var_4]
push ecx
push dword ptr [ebp+var_C+4]
and dword ptr [ebp+var_C+4], 0
fild [ebp+var_C]
push ecx
push ecx
fmul dword ptr ds:41527Ch
fstp [esp+0A80h+var_A80]
push [ebp+var_24]
push [ebp+arg_0]
push [ebp+var_14]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_658]
push eax
push 417298h
lea eax, [ebp+var_A58]
push 400h
push eax
call near ptr 41486Eh
lea eax, [ebp+var_A58]
push eax
lea eax, [ebp+var_250]
push 416C54h
push eax
call sub_40A68C
add esp, 54h
push [ebp+var_254]
call sub_4069B8
pop ecx
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_4060F1 endp
; =============== S U B R O U T I N E =======================================
sub_4062F1 proc near ; CODE XREF: sub_40826C+EB2�p
arg_0 = dword ptr 4
push esi
push 1A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_406325
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403F0B
push 41739Ch
push 0
push esi
push offset sub_4060F1
call sub_40689D
add esp, 18h
loc_406325: ; CODE XREF: sub_4062F1+10�j
pop esi
retn
sub_4062F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406327 proc near ; CODE XREF: sub_409D34+13C�p
; sub_409D34+20E�p ...
var_1C = byte ptr -1Ch
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, ds:4173ACh
push esi
mov [ebp+var_4], eax
xor esi, esi
loc_406338: ; CODE XREF: sub_406327+72�j
lea eax, [ebp+var_4]
push eax
call dword ptr ds:4150BCh
test eax, eax
jz short loc_406392
cmp eax, 1
jz short loc_406392
cmp eax, 5
jz short loc_40636D
cmp eax, 2
jz short loc_40636D
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_4]
push eax
call dword ptr ds:415070h
jmp short loc_40637D
; ---------------------------------------------------------------------------
loc_40636D: ; CODE XREF: sub_406327+27�j
; sub_406327+2C�j
push 8
lea eax, [ebp+var_C]
push 0
push eax
call near ptr 414822h
add esp, 0Ch
loc_40637D: ; CODE XREF: sub_406327+44�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
shrd eax, ecx, 14h
shr ecx, 14h
mov [ebp+var_C], eax
mov [ebp+var_8], ecx
add esi, eax
loc_406392: ; CODE XREF: sub_406327+1D�j
; sub_406327+22�j
inc byte ptr [ebp+var_4]
cmp byte ptr [ebp+var_4], 5Ah
jnz short loc_406338
mov eax, esi
pop esi
leave
retn
sub_406327 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063A0 proc near ; DATA XREF: sub_406578+27�o
var_5C8 = dword ptr -5C8h
var_5C4 = byte ptr -5C4h
var_420 = byte ptr -420h
var_40B = byte ptr -40Bh
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5C8h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_5C8]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
add esp, 10h
mov esi, 417450h
lea edi, [ebp+var_420]
xor eax, eax
push 5
xor ebx, ebx
pop ecx
mov [ebp+arg_0], ebx
rep movsd
movsb
mov ecx, 0FAh
lea edi, [ebp+var_40B]
rep stosd
mov esi, ds:4151E0h
mov [ebp+var_10], 1
stosw
stosb
mov eax, ds:4173ACh
mov [ebp+var_4], eax
loc_406408: ; CODE XREF: sub_4063A0+171�j
lea eax, [ebp+var_4]
push eax
call dword ptr ds:4150BCh
test eax, eax
jz loc_40650A
cmp eax, 1
jz loc_40650A
cmp eax, 2
jnz short loc_40646E
mov edi, 417444h
loc_40642D: ; CODE XREF: sub_4063A0+F0�j
push 8
lea eax, [ebp+var_C]
push 0
push eax
call near ptr 414822h
add esp, 0Ch
loc_40643D: ; CODE XREF: sub_4063A0+117�j
mov ecx, [ebp+var_C]
mov eax, [ebp+var_8]
shrd ecx, eax, 14h
shr eax, 14h
cmp [ebp+var_10], 0
mov [ebp+var_C], ecx
mov [ebp+var_8], eax
jnz short loc_4064B9
lea eax, [ebp+var_420]
push 417440h
push eax
call near ptr 414828h
mov eax, [ebp+var_8]
pop ecx
pop ecx
jmp short loc_4064BD
; ---------------------------------------------------------------------------
loc_40646E: ; CODE XREF: sub_4063A0+86�j
cmp eax, 3
jnz short loc_40647A
mov edi, 417438h
jmp short loc_4064A1
; ---------------------------------------------------------------------------
loc_40647A: ; CODE XREF: sub_4063A0+D1�j
cmp eax, 4
jnz short loc_406486
mov edi, 417430h
jmp short loc_4064A1
; ---------------------------------------------------------------------------
loc_406486: ; CODE XREF: sub_4063A0+DD�j
cmp eax, 5
jnz short loc_406492
mov edi, 417428h
jmp short loc_40642D
; ---------------------------------------------------------------------------
loc_406492: ; CODE XREF: sub_4063A0+E9�j
cmp eax, 6
mov edi, 417420h
jz short loc_4064A1
mov edi, 417418h
loc_4064A1: ; CODE XREF: sub_4063A0+D8�j
; sub_4063A0+E4�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_4]
push eax
call dword ptr ds:415070h
jmp short loc_40643D
; ---------------------------------------------------------------------------
loc_4064B9: ; CODE XREF: sub_4063A0+B4�j
and [ebp+var_10], 0
loc_4064BD: ; CODE XREF: sub_4063A0+CC�j
mov ecx, [ebp+var_C]
or ecx, eax
jz short loc_4064E7
push eax
lea eax, [ebp+var_4]
push [ebp+var_C]
push edi
push eax
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_420]
push 4173F8h
push eax
call esi
add esp, 1Ch
jmp short loc_406504
; ---------------------------------------------------------------------------
loc_4064E7: ; CODE XREF: sub_4063A0+122�j
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_420]
push 4173E8h
push eax
call esi
add esp, 14h
loc_406504: ; CODE XREF: sub_4063A0+145�j
add ebx, [ebp+var_C]
inc [ebp+arg_0]
loc_40650A: ; CODE XREF: sub_4063A0+74�j
; sub_4063A0+7D�j
inc byte ptr [ebp+var_4]
cmp byte ptr [ebp+var_4], 5Ah
jnz loc_406408
cmp [ebp+arg_0], 0
jz short loc_406530
lea eax, [ebp+var_420]
push 417440h
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_406530: ; CODE XREF: sub_4063A0+17B�j
push ebx
lea eax, [ebp+var_420]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_420]
push 4173B0h
push eax
call esi
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_5C4]
push 416C54h
push eax
call sub_40A68C
push [ebp+var_5C8]
call sub_4069B8
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_4063A0 endp
; =============== S U B R O U T I N E =======================================
sub_406578 proc near ; CODE XREF: sub_40826C+D44�p
arg_0 = dword ptr 4
push esi
push 1A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_4065AC
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403F0B
push 417468h
push 0
push esi
push offset sub_4063A0
call sub_40689D
add esp, 18h
loc_4065AC: ; CODE XREF: sub_406578+10�j
pop esi
retn
sub_406578 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp-10h]
push eax
call dword ptr ds:4150C8h
lea eax, [ebp-8]
push eax
call dword ptr ds:4150C4h
xor eax, eax
cmp [ebp-0Ch], eax
jl short loc_40660F
jg short loc_4065D6
cmp [ebp-10h], eax
jbe short loc_40660F
loc_4065D6: ; CODE XREF: .text:004065CF�j
cmp [ebp-4], eax
jl short loc_40660F
jg short loc_4065E2
cmp [ebp-8], eax
jbe short loc_40660F
loc_4065E2: ; CODE XREF: .text:004065DB�j
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
push dword ptr [ebp-10h]
call near ptr 4149C0h
mov [ebp-18h], eax
mov [ebp-14h], edx
fild qword ptr [ebp-18h]
push ecx
push ecx
fstp qword ptr [esp]
call near ptr 4149AEh
pop ecx
pop ecx
call near ptr 4149A8h
jmp short loc_40661E
; ---------------------------------------------------------------------------
loc_40660F: ; CODE XREF: .text:004065CD�j
; .text:004065D4�j ...
call dword ptr ds:4150C0h
xor edx, edx
mov ecx, 3E8h
div ecx
loc_40661E: ; CODE XREF: .text:0040660D�j
mov ds:41C8C0h, eax
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406625 proc near ; CODE XREF: sub_405BAD+4F�p
; sub_40826C:loc_409045�p ...
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:4150C8h
lea eax, [ebp+var_8]
push eax
call dword ptr ds:4150C4h
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_406686
jg short loc_40664D
cmp [ebp+var_10], eax
jbe short loc_406686
loc_40664D: ; CODE XREF: sub_406625+21�j
cmp [ebp+var_4], eax
jl short loc_406686
jg short loc_406659
cmp [ebp+var_8], eax
jbe short loc_406686
loc_406659: ; CODE XREF: sub_406625+2D�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call near ptr 4149C0h
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call near ptr 4149AEh
pop ecx
pop ecx
call near ptr 4149A8h
leave
retn
; ---------------------------------------------------------------------------
loc_406686: ; CODE XREF: sub_406625+1F�j
; sub_406625+26�j ...
call dword ptr ds:4150C0h
xor edx, edx
mov ecx, 3E8h
div ecx
leave
retn
sub_406625 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406697 proc near ; CODE XREF: sub_4060F1:loc_406168�p
; sub_40826C+E11�p
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:4150C8h
lea eax, [ebp+var_8]
push eax
call dword ptr ds:4150C4h
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_4066F8
jg short loc_4066BF
cmp [ebp+var_10], eax
jbe short loc_4066F8
loc_4066BF: ; CODE XREF: sub_406697+21�j
cmp [ebp+var_4], eax
jl short loc_4066F8
jg short loc_4066CB
cmp [ebp+var_8], eax
jbe short loc_4066F8
loc_4066CB: ; CODE XREF: sub_406697+2D�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call near ptr 4149C0h
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call near ptr 4149AEh
pop ecx
pop ecx
call near ptr 4149A8h
jmp short loc_4066FE
; ---------------------------------------------------------------------------
loc_4066F8: ; CODE XREF: sub_406697+1F�j
; sub_406697+26�j ...
call dword ptr ds:4150C0h
loc_4066FE: ; CODE XREF: sub_406697+5F�j
sub eax, ds:41C8C0h
leave
retn
sub_406697 endp
; ---------------------------------------------------------------------------
dw 2583h
dd 41C8DCh, 0CC006800h, 0EDE80000h, 0A30000E0h, 41C8E0h
dd 0C42404C7h, 0E80041C8h, 5EFh
; ---------------------------------------------------------------------------
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40672A proc near ; DATA XREF: sub_4067A2+25�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 415280h
push 414A6Ah
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov esi, [eax]
mov [ebp+var_1C], esi
mov edi, [eax+4]
mov [ebp+var_20], edi
push eax
call near ptr 41480Ah
pop ecx
push edi
call esi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_406791
; ---------------------------------------------------------------------------
push 417484h
push 41747Ch
push [ebp+var_14]
call sub_4027D5
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_406791: ; CODE XREF: sub_40672A+46�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_40672A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067A2 proc near ; CODE XREF: sub_405354+EA�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push 8
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_4067F2
mov eax, [ebp+arg_0]
mov [esi], eax
mov eax, [ebp+arg_4]
mov [esi+4], eax
lea eax, [ebp+var_4]
push eax
push 0
push esi
push offset sub_40672A
push 20000h
push 0
call near ptr 414A70h
add esp, 18h
test eax, eax
jz short loc_4067EB
push eax
call dword ptr ds:4150ACh
xor eax, eax
inc eax
jmp short loc_4067F4
; ---------------------------------------------------------------------------
loc_4067EB: ; CODE XREF: sub_4067A2+3B�j
push esi
call near ptr 41480Ah
pop ecx
loc_4067F2: ; CODE XREF: sub_4067A2+11�j
xor eax, eax
loc_4067F4: ; CODE XREF: sub_4067A2+47�j
pop esi
leave
retn
sub_4067A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067F7 proc near ; DATA XREF: sub_40689D+CD�o
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_19B = byte ptr -19Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 415290h
push 414A6Ah
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 190h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov al, ds:41C42Ch
mov [ebp+var_19C], al
push 60h
pop ecx
xor eax, eax
lea edi, [ebp+var_19B]
rep stosd
stosw
stosb
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
mov eax, [esi]
mov ecx, [eax+10h]
mov [ebp+var_1A0], ecx
add eax, 14h
push eax
lea eax, [ebp+var_19C]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
mov eax, [esi]
push esi
call dword ptr [eax+10h]
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40688C
; ---------------------------------------------------------------------------
lea eax, [ebp+var_19C]
push eax
push 41747Ch
push [ebp+var_14]
call sub_4027D5
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_40688C: ; CODE XREF: sub_4067F7+72�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4067F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40689D proc near ; CODE XREF: sub_40145F+79�p
; sub_401884+76�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push 41C8C4h
call sub_406D45
mov eax, 80h
pop ecx
cmp ds:41C8DCh, eax
jnz short loc_4068CC
push [ebp+arg_4]
call near ptr 41480Ah
pop ecx
xor ebx, ebx
jmp loc_4069A6
; ---------------------------------------------------------------------------
loc_4068CC: ; CODE XREF: sub_40689D+1D�j
mov ecx, ds:41C8E0h
xor ebx, ebx
cmp [ebp+arg_8], ebx
mov edi, 198h
jz short loc_4068F5
mov [ebp+arg_8], ebx
lea edx, [ecx+10h]
loc_4068E4: ; CODE XREF: sub_40689D+56�j
mov esi, [ebp+arg_0]
cmp [edx], esi
jz short loc_406908
inc [ebp+arg_8]
add edx, edi
cmp [ebp+arg_8], eax
jl short loc_4068E4
loc_4068F5: ; CODE XREF: sub_40689D+3F�j
mov [ebp+var_4], ebx
xor edx, edx
lea esi, [ecx+8]
loc_4068FD: ; CODE XREF: sub_40689D+69�j
cmp [esi], ebx
jz short loc_406916
inc edx
add esi, edi
cmp edx, eax
jl short loc_4068FD
loc_406908: ; CODE XREF: sub_40689D+4C�j
push [ebp+arg_4]
call near ptr 41480Ah
pop ecx
jmp loc_4069A6
; ---------------------------------------------------------------------------
loc_406916: ; CODE XREF: sub_40689D+62�j
mov eax, edx
mov esi, [ebp+arg_4]
imul eax, 198h
add eax, ecx
cmp esi, ebx
mov [ebp+var_4], eax
mov [eax], edx
mov eax, [ebp+var_4]
jz short loc_406931
mov [esi], eax
loc_406931: ; CODE XREF: sub_40689D+90�j
mov ecx, [ebp+arg_0]
mov [eax+10h], ecx
lea eax, [ebp+arg_10]
push eax
mov eax, [ebp+var_4]
push [ebp+arg_C]
add eax, 14h
push eax
call near ptr 414A76h
mov eax, [ebp+var_4]
add esp, 0Ch
mov ecx, esi
mov [eax+4], ebx
inc dword ptr ds:41C8DCh
mov eax, [ebp+var_4]
cmp esi, ebx
jnz short loc_406964
mov ecx, eax
loc_406964: ; CODE XREF: sub_40689D+C3�j
add eax, 0Ch
push eax
push ebx
push ecx
push offset sub_4067F7
push ebx
push ebx
call near ptr 414A70h
mov ecx, [ebp+var_4]
add esp, 18h
mov [ecx+8], eax
mov eax, [ebp+var_4]
cmp [eax+8], ebx
jnz short loc_4069A3
push esi
call near ptr 41480Ah
dec dword ptr ds:41C8DCh
push edi
lea eax, [ebp+var_4]
push ebx
push eax
call near ptr 414822h
add esp, 10h
jmp short loc_4069A6
; ---------------------------------------------------------------------------
loc_4069A3: ; CODE XREF: sub_40689D+E8�j
xor ebx, ebx
inc ebx
loc_4069A6: ; CODE XREF: sub_40689D+2A�j
; sub_40689D+74�j ...
push 41C8C4h
call sub_406D50
pop ecx
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_40689D endp
; =============== S U B R O U T I N E =======================================
sub_4069B8 proc near ; CODE XREF: sub_4011BE+293�p
; sub_4015D0+277�p ...
arg_0 = dword ptr 4
push esi
mov esi, 41C8C4h
push edi
push esi
call sub_406D45
mov edi, [esp+0Ch+arg_0]
dec dword ptr ds:41C8DCh
pop ecx
push dword ptr [edi+8]
call dword ptr ds:4150ACh
push 198h
push 0
push edi
call near ptr 414822h
push esi
call sub_406D50
add esp, 10h
pop edi
pop esi
retn
sub_4069B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069F2 proc near ; CODE XREF: sub_40826C+57F�p
var_188 = byte ptr -188h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 188h
push esi
mov esi, [ebp+arg_0]
test esi, esi
push edi
jz loc_406ACC
push esi
call sub_4055BD
pop ecx
test al, al
push esi
jz short loc_406A50
call near ptr 41485Ch
mov edi, 41C8C4h
mov esi, eax
push edi
call sub_406D45
pop ecx
cmp esi, 80h
pop ecx
jnb loc_406AC5
imul esi, 198h
mov eax, ds:41C8E0h
add eax, esi
cmp dword ptr [eax+8], 0
jz short loc_406AC5
mov dword ptr [eax+4], 1
jmp short loc_406AC5
; ---------------------------------------------------------------------------
loc_406A50: ; CODE XREF: sub_4069F2+20�j
push 417488h
lea eax, [ebp+var_188]
push 185h
push eax
call near ptr 41486Eh
mov edi, 41C8C4h
push edi
call sub_406D45
mov eax, ds:41C8DCh
add esp, 14h
mov [ebp+arg_0], eax
xor esi, esi
loc_406A7E: ; CODE XREF: sub_4069F2+D1�j
mov eax, ds:41C8E0h
add eax, esi
cmp dword ptr [eax+8], 0
jz short loc_406AB7
dec [ebp+arg_0]
lea ecx, [ebp+var_188]
add eax, 14h
push ecx
push eax
call sub_40744A
pop ecx
test al, al
pop ecx
jz short loc_406AB1
mov eax, ds:41C8E0h
mov dword ptr [esi+eax+4], 1
loc_406AB1: ; CODE XREF: sub_4069F2+B0�j
cmp [ebp+arg_0], 0
jz short loc_406AC5
loc_406AB7: ; CODE XREF: sub_4069F2+97�j
add esi, 198h
cmp esi, 0CC00h
jb short loc_406A7E
loc_406AC5: ; CODE XREF: sub_4069F2+3C�j
; sub_4069F2+53�j ...
push edi
call sub_406D50
pop ecx
loc_406ACC: ; CODE XREF: sub_4069F2+10�j
pop edi
pop esi
leave
retn
sub_4069F2 endp
; =============== S U B R O U T I N E =======================================
sub_406AD0 proc near ; CODE XREF: sub_40826C+5B0�p
var_18C = dword ptr -18Ch
var_188 = byte ptr -188h
arg_0 = dword ptr 4
sub esp, 18Ch
push ebp
push esi
mov esi, [esp+194h+arg_0]
xor ebp, ebp
cmp esi, ebp
push edi
jz loc_406BF4
push esi
call sub_4055BD
test al, al
pop ecx
jz short loc_406B57
push esi
call near ptr 41485Ch
mov edi, 41C8C4h
mov esi, eax
push edi
call sub_406D45
pop ecx
cmp esi, 80h
pop ecx
jnb short loc_406B4B
imul esi, 198h
mov eax, ds:41C8E0h
add eax, esi
cmp [eax+8], ebp
jz short loc_406B4B
dec dword ptr ds:41C8DCh
mov esi, [eax+8]
push 198h
push ebp
push eax
call near ptr 414822h
add esp, 0Ch
push ebp
push esi
call dword ptr ds:4150CCh
push esi
call dword ptr ds:4150ACh
loc_406B4B: ; CODE XREF: sub_406AD0+40�j
; sub_406AD0+52�j
push edi
call sub_406D50
pop ecx
jmp loc_406BF4
; ---------------------------------------------------------------------------
loc_406B57: ; CODE XREF: sub_406AD0+23�j
push ebx
push esi
push 417488h
lea eax, [esp+1A4h+var_188]
push 185h
push eax
call near ptr 41486Eh
push 41C8C4h
call sub_406D45
mov eax, ds:41C8DCh
add esp, 14h
mov [esp+19Ch+var_18C], eax
xor edi, edi
mov ebx, 198h
loc_406B8A: ; CODE XREF: sub_406AD0+116�j
mov eax, ds:41C8E0h
add eax, edi
cmp [eax+8], ebp
jz short loc_406BDE
dec [esp+19Ch+var_18C]
lea ecx, [esp+19Ch+var_188]
add eax, 14h
push ecx
push eax
call sub_40744A
pop ecx
test al, al
pop ecx
jz short loc_406BD8
mov eax, ds:41C8E0h
dec dword ptr ds:41C8DCh
add eax, edi
push ebx
push ebp
push eax
mov esi, [eax+8]
call near ptr 414822h
add esp, 0Ch
push ebp
push esi
call dword ptr ds:4150CCh
push esi
call dword ptr ds:4150ACh
loc_406BD8: ; CODE XREF: sub_406AD0+DC�j
cmp [esp+19Ch+var_18C], ebp
jz short loc_406BE8
loc_406BDE: ; CODE XREF: sub_406AD0+C4�j
add edi, ebx
cmp edi, 0CC00h
jb short loc_406B8A
loc_406BE8: ; CODE XREF: sub_406AD0+10C�j
push 41C8C4h
call sub_406D50
pop ecx
pop ebx
loc_406BF4: ; CODE XREF: sub_406AD0+14�j
; sub_406AD0+82�j
pop edi
pop esi
pop ebp
add esp, 18Ch
retn
sub_406AD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BFE proc near ; DATA XREF: sub_406CE1+27�o
var_1B4 = dword ptr -1B4h
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A8h
push esi
mov esi, 41C8C4h
push edi
push esi
call sub_406D45
mov [esp+1B4h+var_1B4], 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1A8]
push eax
call near ptr 414810h
push [ebp+arg_0]
call near ptr 41480Ah
mov eax, [ebp+var_1A8]
push 80h
push dword ptr ds:41C8DCh
push dword ptr [eax]
lea eax, [ebp+var_1A4]
push 4174A0h
push eax
call sub_40A68C
and [ebp+var_C], 0
and [ebp+arg_0], 0
add esp, 24h
xor edi, edi
loc_406C63: ; CODE XREF: sub_406BFE+C6�j
mov eax, ds:41C8E0h
cmp dword ptr [edi+eax+8], 0
jz short loc_406CB5
push esi
call sub_406D50
mov [esp+1B4h+var_1B4], 3E8h
call dword ptr ds:4150A4h
push esi
call sub_406D45
mov eax, ds:41C8E0h
lea eax, [edi+eax+14h]
push eax
lea eax, [ebp+var_1A4]
push [ebp+arg_0]
push 417490h
push eax
call sub_40A68C
mov eax, ds:41C8E0h
add esp, 14h
cmp dword ptr [edi+eax+4], 0
jnz short loc_406CC6
loc_406CB5: ; CODE XREF: sub_406BFE+6F�j
inc [ebp+arg_0]
add edi, 198h
cmp edi, 0CC00h
jl short loc_406C63
loc_406CC6: ; CODE XREF: sub_406BFE+B5�j
push esi
call sub_406D50
push [ebp+var_1A8]
call sub_4069B8
pop ecx
xor eax, eax
pop ecx
pop edi
pop esi
leave
retn 4
sub_406BFE endp
; =============== S U B R O U T I N E =======================================
sub_406CE1 proc near ; CODE XREF: sub_40826C+3AF�p
arg_0 = dword ptr 4
push esi
push 1A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_406D15
push [esp+4+arg_0]
lea eax, [esi+4]
push eax
call sub_403F0B
push 4174D0h
push 0
push esi
push offset sub_406BFE
call sub_40689D
add esp, 18h
loc_406D15: ; CODE XREF: sub_406CE1+10�j
pop esi
retn
sub_406CE1 endp
; =============== S U B R O U T I N E =======================================
sub_406D17 proc near ; CODE XREF: .text:00403F4C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 18h
push 0
push esi
call near ptr 414822h
mov eax, ds:41C438h
add esp, 0Ch
test eax, eax
jz short loc_406D3C
push 80000400h
push esi
call eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_406D3C: ; CODE XREF: sub_406D17+19�j
push esi
call dword ptr ds:4150D0h
pop esi
retn
sub_406D17 endp
; =============== S U B R O U T I N E =======================================
sub_406D45 proc near ; CODE XREF: sub_403FC8+11�p
; sub_40689D+C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword ptr ds:4150D4h
retn
sub_406D45 endp
; =============== S U B R O U T I N E =======================================
sub_406D50 proc near ; CODE XREF: sub_403FC8+211�p
; sub_40689D+10E�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword ptr ds:4150D8h
retn
sub_406D50 endp
; =============== S U B R O U T I N E =======================================
sub_406D5B proc near ; CODE XREF: sub_4027D5+13�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
mov eax, [esp+4+arg_4]
lock xadd [esi], eax
pop esi
retn
sub_406D5B endp
; =============== S U B R O U T I N E =======================================
sub_406D6A proc near ; CODE XREF: .text:00403413�p
; .text:0040341F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
mov eax, [esp+4+arg_4]
lock xchg eax, [esi]
pop esi
retn
sub_406D6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D78 proc near ; CODE XREF: .text:00406F78�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
call dword ptr ds:41C8E4h
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_406D9B
push 4174E0h
call near ptr 414A88h
pop ecx
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_406D9B: ; CODE XREF: sub_406D78+12�j
push ebx
push esi
push edi
push 8
lea eax, [ebp+var_C]
push 0
push eax
call near ptr 414822h
movzx esi, [ebp+arg_10]
mov al, [ebp+arg_8]
push esi
mov [ebp+var_C], al
call near ptr 414A82h
mov ebx, eax
push esi
push 45h
push ebx
call near ptr 414822h
add esp, 1Ch
cmp [ebp+arg_10], 8
jnb short loc_406DD4
push 8
pop eax
jmp short loc_406DD6
; ---------------------------------------------------------------------------
loc_406DD4: ; CODE XREF: sub_406D78+55�j
mov eax, esi
loc_406DD6: ; CODE XREF: sub_406D78+5A�j
lea esi, [eax+1Ch]
push esi
call near ptr 414A82h
pop ecx
mov edi, eax
push [ebp+arg_C]
lea eax, [ebp+var_C]
push esi
push edi
push eax
movzx ax, [ebp+arg_10]
push eax
push ebx
push [ebp+arg_0]
push [ebp+var_4]
call dword ptr ds:41C8F0h
cmp eax, 1
jz short loc_406E10
call dword ptr ds:4150DCh
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_406E1E
; ---------------------------------------------------------------------------
loc_406E10: ; CODE XREF: sub_406D78+89�j
mov eax, [ebp+arg_4]
mov ecx, [edi]
mov [eax+4], ecx
mov ecx, [edi+8]
mov [eax+8], ecx
loc_406E1E: ; CODE XREF: sub_406D78+96�j
push [ebp+var_4]
call dword ptr ds:41C8ECh
push ebx
call near ptr 414A7Ch
push edi
call near ptr 414A7Ch
pop ecx
xor eax, eax
pop ecx
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_406D78 endp
; ---------------------------------------------------------------------------
loc_406E3D: ; DATA XREF: sub_4070AD+C9�o
push ebp
mov ebp, esp
sub esp, 2D8h
push ebx
push esi
push edi
push 2ACh
push dword ptr [ebp+8]
lea eax, [ebp-2D8h]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
xor ebx, ebx
add esp, 10h
cmp ds:41C8F4h, bl
jnz short loc_406EC8
push 4175D0h
call dword ptr ds:415058h
cmp eax, ebx
mov ds:41C8E8h, eax
jz loc_40706C
mov esi, ds:41505Ch
push 4175C0h
push eax
call esi
push 4175B0h
mov ds:41C8E4h, eax
push dword ptr ds:41C8E8h
call esi
push 4175A0h
mov ds:41C8F0h, eax
push dword ptr ds:41C8E8h
call esi
mov ds:41C8ECh, eax
mov byte ptr ds:41C8F4h, 1
loc_406EC8: ; CODE XREF: .text:00406E70�j
cmp ds:41C8E4h, ebx
jz loc_40706C
cmp ds:41C8F0h, ebx
jz loc_40706C
cmp ds:41C8ECh, ebx
jz loc_40706C
lea eax, [ebp-135h]
push eax
call dword ptr ds:415248h
cmp eax, 0FFFFFFFFh
mov [ebp-18h], eax
jnz short loc_406F2C
lea eax, [ebp-135h]
push eax
call dword ptr ds:415240h
cmp eax, ebx
jz loc_406FA7
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp-18h]
push eax
call near ptr 414810h
add esp, 0Ch
loc_406F2C: ; CODE XREF: .text:00406EFF�j
cmp byte ptr [ebp-35h], 1
mov [ebp-20h], ebx
mov byte ptr [ebp+8], 1
jb loc_40706C
loc_406F3D: ; CODE XREF: .rdata:00407066�j
cmp [ebp-20h], ebx
jnz loc_40706C
or dword ptr [ebp-0Ch], 0FFFFFFFFh
xor esi, esi
xor edi, edi
cmp [ebp-30h], ebx
mov [ebp-14h], ebx
mov [ebp-8], ebx
mov [ebp-4], ebx
mov [ebp-1Ch], ebx
mov [ebp-28h], ebx
mov [ebp-2Ch], ebx
jbe short loc_406FC3
loc_406F65: ; CODE XREF: .text:00406FC1�j
cmp esi, ebx
jnz short loc_406FC3
push 20h
lea eax, [ebp-2Ch]
push dword ptr [ebp-34h]
push dword ptr [ebp+8]
push eax
push dword ptr [ebp-18h]
call sub_406D78
add esp, 14h
test eax, eax
jz loc_40706C
mov eax, [ebp-2Ch]
cmp eax, ebx
jnz short loc_406FB7
mov eax, [ebp-24h]
add [ebp-1Ch], eax
cmp eax, [ebp-0Ch]
jnb short loc_406F9D
mov [ebp-0Ch], eax
loc_406F9D: ; CODE XREF: .text:00406F98�j
cmp eax, [ebp-4]
jbe short loc_406FBD
mov [ebp-4], eax
jmp short loc_406FBD
; ---------------------------------------------------------------------------
loc_406FA7: ; CODE XREF: .text:00406F10�j
push 417588h
call near ptr 414A88h
pop ecx
jmp loc_40706C
; ---------------------------------------------------------------------------
loc_406FB7: ; CODE XREF: .text:00406F8D�j
xor esi, esi
mov [ebp-14h], eax
inc esi
loc_406FBD: ; CODE XREF: .text:00406FA0�j
; .text:00406FA5�j
inc edi
cmp edi, [ebp-30h]
jb short loc_406F65
loc_406FC3: ; CODE XREF: .text:00406F63�j
; .text:00406F67�j
mov eax, [ebp-28h]
cmp [ebp-14h], ebx
mov [ebp-10h], eax
jnz short loc_407029
mov eax, [ebp-1Ch]
xor edx, edx
div dword ptr [ebp-30h]
push 2
push 4
mov [ebp-8], eax
lea eax, [ebp-10h]
push eax
call dword ptr ds:415228h
cmp eax, ebx
jz loc_407075
movzx ecx, byte ptr [ebp-0Dh]
push ecx
movzx ecx, byte ptr [ebp-0Eh]
push ecx
movzx ecx, byte ptr [ebp-0Fh]
push ecx
; ---------------------------------------------------------------------------
db 0Fh
db 0B6h ;
_text ends
; Section 2. (virtual address 00007000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00007000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 407000h
dd 0FF51F04Dh, 45B60F30h, 0FC75FF08h, 0FFF875FFh, 8D50F475h
dd 0FFFD2885h, 755868FFh, 0E8500041h, 3668h, 0EB2CC483h
db 25h
; ---------------------------------------------------------------------------
loc_407029: ; CODE XREF: .text:00406FCC�j
movzx eax, byte ptr [ebp+8]
push dword ptr [ebp-14h]
mov [ebp-0Ch], ebx
mov [ebp-8], ebx
mov [ebp-4], ebx
push eax
lea eax, [ebp-2D8h]
push 417530h
push eax
call sub_40A68C
add esp, 10h
loc_40704E: ; CODE XREF: .rdata:004070AB�j
mov eax, [ebp-18h]
cmp eax, [ebp-10h]
jnz short loc_40705D
mov dword ptr [ebp-20h], 1
loc_40705D: ; CODE XREF: .rdata:00407054�j
inc byte ptr [ebp+8]
mov al, [ebp+8]
cmp al, [ebp-35h]
jbe loc_406F3D
loc_40706C: ; CODE XREF: .text:00406E84�j
; .text:00406ECE�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_407075: ; CODE XREF: .text:00406FE9�j
movzx eax, byte ptr [ebp-0Dh]
push eax
movzx eax, byte ptr [ebp-0Eh]
push eax
movzx eax, byte ptr [ebp-0Fh]
push eax
movzx eax, byte ptr [ebp-10h]
push eax
push dword ptr [ebp-4]
movzx eax, byte ptr [ebp+8]
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
push eax
lea eax, [ebp-2D8h]
push 417504h
push eax
call sub_40A68C
add esp, 28h
jmp short loc_40704E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070AD proc near ; CODE XREF: sub_40826C+610�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push esi
push edi
xor edi, edi
cmp [ebp+arg_4], edi
jnz short loc_4070CE
push 4175E0h
push [ebp+arg_0]
call sub_40A68C
pop ecx
loc_4070C8: ; CODE XREF: sub_4070AD+E0�j
pop ecx
jmp loc_407199
; ---------------------------------------------------------------------------
loc_4070CE: ; CODE XREF: sub_4070AD+B�j
push 2ACh
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, edi
jz loc_407199
push 1A3h
push [ebp+arg_0]
push esi
call near ptr 414810h
push [ebp+arg_4]
lea eax, [esi+1A3h]
push eax
call near ptr 4147F2h
add esp, 14h
cmp [ebp+arg_8], edi
jz short loc_407123
push [ebp+arg_8]
call near ptr 41485Ch
cmp eax, 0FFh
pop ecx
jg short loc_407123
push [ebp+arg_8]
call near ptr 41485Ch
pop ecx
jmp short loc_407126
; ---------------------------------------------------------------------------
loc_407123: ; CODE XREF: sub_4070AD+59�j
; sub_4070AD+69�j
push 1Eh
pop eax
loc_407126: ; CODE XREF: sub_4070AD+74�j
cmp [ebp+arg_C], edi
mov [esi+2A3h], al
jz short loc_40714C
push [ebp+arg_C]
call near ptr 41485Ch
cmp eax, 927C0h
pop ecx
jg short loc_40714C
push [ebp+arg_C]
call near ptr 41485Ch
pop ecx
jmp short loc_407151
; ---------------------------------------------------------------------------
loc_40714C: ; CODE XREF: sub_4070AD+82�j
; sub_4070AD+92�j
mov eax, 7530h
loc_407151: ; CODE XREF: sub_4070AD+9D�j
cmp [ebp+arg_10], edi
mov [esi+2A4h], eax
jz short loc_407167
push [ebp+arg_10]
call near ptr 41485Ch
pop ecx
jmp short loc_40716A
; ---------------------------------------------------------------------------
loc_407167: ; CODE XREF: sub_4070AD+AD�j
push 3
pop eax
loc_40716A: ; CODE XREF: sub_4070AD+B8�j
mov [esi+2A8h], eax
lea eax, [ebp+var_4]
push eax
push edi
push esi
push offset loc_406E3D
push edi
push edi
call dword ptr ds:4150B8h
cmp eax, edi
jnz short loc_407192
push esi
call near ptr 41480Ah
jmp loc_4070C8
; ---------------------------------------------------------------------------
loc_407192: ; CODE XREF: sub_4070AD+D8�j
push eax
call dword ptr ds:4150ACh
loc_407199: ; CODE XREF: sub_4070AD+1C�j
; sub_4070AD+30�j
pop edi
pop esi
leave
retn
sub_4070AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40719D proc near ; CODE XREF: .rdata:00407314�p
var_1108 = byte ptr -1108h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1108h
call near ptr 414880h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov ecx, [esi]
lea ebx, [esi+4]
lea edi, [esi+104h]
push ebx
push edi
lea eax, [esi+204h]
push dword ptr [ecx]
push 417638h
push eax
call sub_40A68C
push 2710h
push 0
push 417634h
push edi
call sub_403CB3
mov edi, eax
add esp, 24h
test edi, edi
mov [ebp+var_4], edi
jnz short loc_4071F5
xor al, al
jmp loc_4072E3
; ---------------------------------------------------------------------------
loc_4071F5: ; CODE XREF: sub_40719D+4F�j
push ebx
lea eax, [ebp+var_108]
push 41762Ch
push eax
call dword ptr ds:4151E0h
lea eax, [ebp+var_108]
push eax
call near ptr 4147F8h
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push edi
call sub_403E36
add esp, 1Ch
test eax, eax
jz loc_4072D6
lea eax, [ebp+var_1108]
push 1000h
push eax
push edi
call sub_403E4B
add esp, 0Ch
test eax, eax
jz loc_4072D6
cmp eax, 0FFFFFFFFh
jz loc_4072D6
cmp [ebp+var_1108], 0
lea ebx, [ebp+var_1108]
jz short loc_4072D2
mov edi, 41C8C4h
loc_407268: ; CODE XREF: sub_40719D+133�j
push ebx
call sub_40563E
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+arg_0], eax
jz short loc_40728B
push 417628h
push ebx
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jz short loc_40728B
push ebx
jmp short loc_40729A
; ---------------------------------------------------------------------------
loc_40728B: ; CODE XREF: sub_40719D+D8�j
; sub_40719D+E9�j
lea eax, [ebp+var_1108]
cmp ebx, eax
jz short loc_4072A8
push 417624h
loc_40729A: ; CODE XREF: sub_40719D+EC�j
lea eax, [esi+204h]
push eax
call sub_40A68C
pop ecx
pop ecx
loc_4072A8: ; CODE XREF: sub_40719D+F6�j
push 3E8h
call dword ptr ds:4150A4h
push edi
call sub_406D45
mov eax, [esi]
push edi
mov ebx, [eax+4]
call sub_406D50
pop ecx
test ebx, ebx
pop ecx
jnz short loc_4072D2
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx], 0
jnz short loc_407268
loc_4072D2: ; CODE XREF: sub_40719D+C4�j
; sub_40719D+12B�j
mov bl, 1
jmp short loc_4072D8
; ---------------------------------------------------------------------------
loc_4072D6: ; CODE XREF: sub_40719D+8B�j
; sub_40719D+A8�j ...
xor bl, bl
loc_4072D8: ; CODE XREF: sub_40719D+137�j
push [ebp+var_4]
call sub_403E0F
pop ecx
mov al, bl
loc_4072E3: ; CODE XREF: sub_40719D+53�j
pop edi
pop esi
pop ebx
leave
retn
sub_40719D endp
; ---------------------------------------------------------------------------
loc_4072E8: ; DATA XREF: sub_40734D+84�o
push ebp
mov ebp, esp
sub esp, 3A8h
push 3A7h
lea eax, [ebp-3A8h]
push dword ptr [ebp+8]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
lea eax, [ebp-3A8h]
push eax
call sub_40719D
add esp, 14h
test al, al
jnz short loc_40733B
lea eax, [ebp-2A4h]
push eax
lea eax, [ebp-1A4h]
push 417664h
push eax
call sub_40A68C
add esp, 0Ch
loc_40733B: ; CODE XREF: .rdata:0040731E�j
push dword ptr [ebp-3A8h]
call sub_4069B8
pop ecx
xor eax, eax
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40734D proc near ; CODE XREF: sub_40826C+62F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push esi
jz loc_4073DE
push 3A7h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_4073DE
push [ebp+arg_4]
lea eax, [esi+4]
push eax
call near ptr 4147F2h
cmp [ebp+arg_8], 0
pop ecx
pop ecx
jz short loc_407393
push [ebp+arg_8]
lea eax, [esi+104h]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
jmp short loc_4073AF
; ---------------------------------------------------------------------------
loc_407393: ; CODE XREF: sub_40734D+31�j
push edi
lea edi, [esi+104h]
push 4176A0h
push edi
call near ptr 4147F2h
push edi
call near ptr 40C247h
add esp, 0Ch
pop edi
loc_4073AF: ; CODE XREF: sub_40734D+44�j
push 1A3h
lea eax, [esi+204h]
push [ebp+arg_0]
push eax
call near ptr 414810h
push [ebp+arg_4]
push [ebp+arg_8]
push 417680h
push 0
push esi
push offset loc_4072E8
call sub_40689D
add esp, 24h
loc_4073DE: ; CODE XREF: sub_40734D+8�j
; sub_40734D+1D�j
pop esi
pop ebp
retn
sub_40734D endp
; =============== S U B R O U T I N E =======================================
sub_4073E1 proc near ; CODE XREF: sub_4073E1+55�p
; sub_4096C7+26A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_4073EB: ; CODE XREF: sub_4073E1+1C�j
; sub_4073E1+41�j
mov dl, [esi]
mov cl, [eax]
test dl, dl
jnz short loc_4073FF
test cl, cl
jz short loc_407441
cmp cl, 2Ah
jnz short loc_407445
inc eax
jmp short loc_4073EB
; ---------------------------------------------------------------------------
loc_4073FF: ; CODE XREF: sub_4073E1+10�j
test cl, cl
jz short loc_407445
cmp dl, cl
jz short loc_407420
cmp cl, 3Fh
jz short loc_407420
cmp cl, 23h
jnz short loc_407424
cmp dl, 30h
jl short loc_40741B
cmp dl, 39h
jle short loc_407420
loc_40741B: ; CODE XREF: sub_4073E1+33�j
cmp dl, 23h
jnz short loc_407445
loc_407420: ; CODE XREF: sub_4073E1+24�j
; sub_4073E1+29�j ...
inc eax
inc esi
jmp short loc_4073EB
; ---------------------------------------------------------------------------
loc_407424: ; CODE XREF: sub_4073E1+2E�j
cmp byte ptr [eax], 2Ah
jnz short loc_407445
lea edi, [eax+1]
jmp short loc_407434
; ---------------------------------------------------------------------------
loc_40742E: ; CODE XREF: sub_4073E1+5E�j
cmp byte ptr [esi], 0
jz short loc_407445
inc esi
loc_407434: ; CODE XREF: sub_4073E1+4B�j
push edi
push esi
call sub_4073E1
pop ecx
test al, al
pop ecx
jz short loc_40742E
loc_407441: ; CODE XREF: sub_4073E1+14�j
mov al, 1
jmp short loc_407447
; ---------------------------------------------------------------------------
loc_407445: ; CODE XREF: sub_4073E1+19�j
; sub_4073E1+20�j ...
xor al, al
loc_407447: ; CODE XREF: sub_4073E1+62�j
pop edi
pop esi
retn
sub_4073E1 endp
; =============== S U B R O U T I N E =======================================
sub_40744A proc near ; CODE XREF: sub_4069F2+A7�p
; sub_406AD0+D3�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
loc_407455: ; CODE XREF: sub_40744A+1D�j
; sub_40744A+61�j
mov cl, [esi]
test cl, cl
jnz short loc_407469
mov cl, [eax]
test cl, cl
jz short loc_4074CA
cmp cl, 2Ah
jnz short loc_4074CE
inc eax
jmp short loc_407455
; ---------------------------------------------------------------------------
loc_407469: ; CODE XREF: sub_40744A+F�j
mov dl, [eax]
test dl, dl
jz short loc_4074CE
cmp cl, dl
jz short loc_4074A9
cmp cl, 41h
jl short loc_40747D
cmp cl, 5Ah
jle short loc_407487
loc_40747D: ; CODE XREF: sub_40744A+2C�j
cmp cl, 61h
jl short loc_407490
cmp cl, 7Ah
jg short loc_407490
loc_407487: ; CODE XREF: sub_40744A+31�j
mov bl, cl
xor bl, 20h
cmp bl, dl
jz short loc_4074A9
loc_407490: ; CODE XREF: sub_40744A+36�j
; sub_40744A+3B�j
cmp dl, 3Fh
jz short loc_4074A9
cmp dl, 23h
jnz short loc_4074AD
cmp cl, 30h
jl short loc_4074A4
cmp cl, 39h
jle short loc_4074A9
loc_4074A4: ; CODE XREF: sub_40744A+53�j
cmp cl, 23h
jnz short loc_4074CE
loc_4074A9: ; CODE XREF: sub_40744A+27�j
; sub_40744A+44�j ...
inc eax
inc esi
jmp short loc_407455
; ---------------------------------------------------------------------------
loc_4074AD: ; CODE XREF: sub_40744A+4E�j
cmp byte ptr [eax], 2Ah
jnz short loc_4074CE
lea edi, [eax+1]
jmp short loc_4074BD
; ---------------------------------------------------------------------------
loc_4074B7: ; CODE XREF: sub_40744A+7E�j
cmp byte ptr [esi], 0
jz short loc_4074CE
inc esi
loc_4074BD: ; CODE XREF: sub_40744A+6B�j
push edi
push esi
call sub_40744A
pop ecx
test al, al
pop ecx
jz short loc_4074B7
loc_4074CA: ; CODE XREF: sub_40744A+15�j
mov al, 1
jmp short loc_4074D0
; ---------------------------------------------------------------------------
loc_4074CE: ; CODE XREF: sub_40744A+1A�j
; sub_40744A+23�j ...
xor al, al
loc_4074D0: ; CODE XREF: sub_40744A+82�j
pop edi
pop esi
pop ebx
retn
sub_40744A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4074D4 proc near ; CODE XREF: .rdata:0040768C�p
; .rdata:0040769D�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_0]
push 200h
push eax
call near ptr 414A94h
lea eax, [ebp+var_200]
push 416214h
push eax
call near ptr 414828h
add esp, 18h
cmp byte ptr ds:41C8F8h, 0
jz short loc_40752B
lea eax, [ebp+var_200]
push eax
push 4176B4h
push 41C8F8h
call sub_40A61A
add esp, 0Ch
loc_40752B: ; CODE XREF: sub_4074D4+3C�j
lea eax, [ebp+var_200]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_200]
push eax
push dword ptr ds:41CB78h
call sub_403E36
add esp, 10h
leave
retn
sub_4074D4 endp
; ---------------------------------------------------------------------------
loc_40754F: ; DATA XREF: sub_407972+CC�o
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 4152A0h
push 414A6Ah
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 1390h
call near ptr 414880h
push ebx
push esi
push edi
mov [ebp-18h], esp
push 318h
push dword ptr [ebp+8]
lea eax, [ebp-330h]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
push 2710h
xor ebx, ebx
push ebx
lea eax, [ebp-22Ch]
push eax
lea eax, [ebp-32Ch]
push eax
call sub_403CB3
add esp, 20h
mov esi, eax
mov [ebp-334h], esi
cmp esi, ebx
jnz short loc_4075D4
push dword ptr [ebp-330h]
call sub_4069B8
jmp loc_4076D5
; ---------------------------------------------------------------------------
loc_4075D4: ; CODE XREF: .rdata:004075C2�j
mov ds:41CB78h, esi
push 32h
call dword ptr ds:4150A4h
lea eax, [ebp-378h]
push eax
lea eax, [ebp-384h]
push eax
lea eax, [ebp-3A8h]
push eax
call sub_40449D
add esp, 0Ch
cmp [ebp-226h], bl
jz short loc_407631
lea eax, [ebp-226h]
push eax
call sub_40A888
pop ecx
cmp [ebp-226h], bl
jz short loc_407631
lea eax, [ebp-226h]
push eax
lea eax, [ebp-3A8h]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_407631: ; CODE XREF: .rdata:00407605�j
; .rdata:0040761A�j
cmp [ebp-205h], bl
jz short loc_40764E
lea eax, [ebp-205h]
push eax
lea eax, [ebp-384h]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_40764E: ; CODE XREF: .rdata:00407637�j
cmp [ebp-1FCh], bl
jz short loc_40766B
lea eax, [ebp-1FCh]
push eax
lea eax, [ebp-378h]
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_40766B: ; CODE XREF: .rdata:00407654�j
lea eax, [ebp-378h]
push eax
lea eax, [ebp-384h]
push eax
lea eax, [ebp-384h]
push eax
lea eax, [ebp-384h]
push eax
push 4176CCh
call sub_4074D4
lea eax, [ebp-3A8h]
push eax
push 4176C4h
call sub_4074D4
add esp, 1Ch
loc_4076A5: ; CODE XREF: .rdata:0040772D�j
mov eax, [ebp-330h]
cmp [eax+4], ebx
jnz short loc_4076C3
cmp ds:41CB78h, ebx
jnz short loc_4076E9
push 4176BCh
call sub_4074D4
pop ecx
loc_4076C3: ; CODE XREF: .rdata:004076AE�j
; .rdata:0040770A�j ...
push esi
call sub_403E0F
push dword ptr [ebp-330h]
call sub_4069B8
pop ecx
loc_4076D5: ; CODE XREF: .rdata:004075CF�j
pop ecx
xor eax, eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4076E9: ; CODE XREF: .rdata:004076B6�j
push esi
call sub_403534
pop ecx
test eax, eax
jz short loc_407725
push ebx
push 1000h
lea eax, [ebp-13A8h]
push eax
push esi
call dword ptr ds:41524Ch
cmp eax, ebx
jz short loc_4076C3
cmp eax, 0FFFFFFFFh
jz short loc_4076C3
mov [ebp-4], ebx
lea eax, [ebp-13A8h]
push eax
call sub_407747
pop ecx
or dword ptr [ebp-4], 0FFFFFFFFh
loc_407725: ; CODE XREF: .rdata:004076F2�j
push 32h
call dword ptr ds:4150A4h
jmp loc_4076A5
; ---------------------------------------------------------------------------
dw 0C033h
dd 658BC340h, 0FC4D83E8h, 8BDB33FFh, 0FFFCCCB5h
db 0FFh, 0EBh, 0DEh
; =============== S U B R O U T I N E =======================================
sub_407747 proc near ; CODE XREF: .rdata:0040771B�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jz short loc_40776E
cmp byte ptr [edi], 0
jz short loc_40776E
push esi
loc_407756: ; CODE XREF: sub_407747+24�j
push edi
call sub_40563E
push edi
mov esi, eax
call sub_407770
cmp byte ptr [esi], 0
pop ecx
pop ecx
mov edi, esi
jnz short loc_407756
pop esi
loc_40776E: ; CODE XREF: sub_407747+7�j
; sub_407747+C�j
pop edi
retn
sub_407747 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407770 proc near ; CODE XREF: sub_407747+18�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
xor ebx, ebx
cmp ds:41C8F8h, bl
push esi
push edi
mov esi, 417628h
jz short loc_4077C1
push esi
push [ebp+arg_0]
call near ptr 414868h
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4077C1
push 4
inc eax
push 4176E8h
push eax
call near ptr 4148B0h
add esp, 0Ch
test eax, eax
jz short loc_4077C1
push [ebp+arg_0]
push 4176E0h
push 41C8F8h
call sub_40A61A
add esp, 0Ch
loc_4077C1: ; CODE XREF: sub_407770+16�j
; sub_407770+25�j ...
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_0]
call sub_405A0B
xor edi, edi
add esp, 0Ch
mov [ebp+var_24], eax
inc edi
loc_4077D7: ; CODE XREF: sub_407770+89�j
cmp [ebp+edi*4+var_28], ebx
jz short loc_4077F1
lea eax, [ebp+var_4]
push eax
push esi
push ebx
call sub_405A0B
add esp, 0Ch
mov [ebp+edi*4+var_24], eax
jmp short loc_4077F5
; ---------------------------------------------------------------------------
loc_4077F1: ; CODE XREF: sub_407770+6B�j
mov [ebp+edi*4+var_24], ebx
loc_4077F5: ; CODE XREF: sub_407770+7F�j
inc edi
cmp edi, 8
jl short loc_4077D7
cmp [ebp+var_24], ebx
pop edi
pop esi
pop ebx
jz short locret_40780D
lea eax, [ebp+var_24]
push eax
call sub_40780F
pop ecx
locret_40780D: ; CODE XREF: sub_407770+91�j
leave
retn
sub_407770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40780F proc near ; CODE XREF: sub_407770+97�p
var_C8 = byte ptr -0C8h
var_48 = byte ptr -48h
var_24 = byte ptr -24h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0C8h
push esi
mov esi, [ebp+arg_0]
push 417784h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40784C
mov esi, [esi+4]
test esi, esi
jnz short loc_40783A
mov esi, 41C42Ch
loc_40783A: ; CODE XREF: sub_40780F+24�j
push esi
push 41777Ch
call sub_4074D4
pop ecx
pop ecx
jmp loc_40796F
; ---------------------------------------------------------------------------
loc_40784C: ; CODE XREF: sub_40780F+1D�j
push 417774h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407869
and ds:41CB78h, eax
jmp loc_40796F
; ---------------------------------------------------------------------------
loc_407869: ; CODE XREF: sub_40780F+4D�j
mov eax, [esi+4]
test eax, eax
jz loc_40792F
cmp dword ptr [esi+0Ch], 0
jz loc_40792F
push 41776Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40792F
mov eax, [esi+0Ch]
cmp byte ptr [eax+1], 1
jnz loc_40792F
push 417768h
push dword ptr [esi]
call near ptr 414868h
pop ecx
test eax, eax
pop ecx
jz loc_40796F
and byte ptr [eax], 0
push 41775Ch
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_40791F
push 417750h
push dword ptr [esi+0Ch]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jz short loc_40791F
push 417748h
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_407904
push 417740h
push dword ptr [esi+0Ch]
call dword ptr ds:415108h
test eax, eax
jnz short loc_40792F
loc_407904: ; CODE XREF: sub_40780F+E1�j
mov eax, [esi+10h]
test eax, eax
jz short loc_40796F
push eax
mov eax, [esi]
inc eax
push eax
push 41772Ch
loc_407915: ; CODE XREF: sub_40780F+11E�j
call sub_4074D4
add esp, 0Ch
jmp short loc_40796F
; ---------------------------------------------------------------------------
loc_40791F: ; CODE XREF: sub_40780F+BB�j
; sub_40780F+CE�j
mov eax, [esi]
push 41770Ch
inc eax
push eax
push 4176F4h
jmp short loc_407915
; ---------------------------------------------------------------------------
loc_40792F: ; CODE XREF: sub_40780F+5F�j
; sub_40780F+69�j ...
mov esi, [esi+4]
test esi, esi
jz short loc_40796F
push 4176F0h
push esi
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz short loc_40796F
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
call sub_40449D
lea eax, [ebp+var_C8]
push eax
push 4176C4h
call sub_4074D4
add esp, 14h
loc_40796F: ; CODE XREF: sub_40780F+38�j
; sub_40780F+55�j ...
pop esi
leave
retn
sub_40780F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407972 proc near ; CODE XREF: .rdata:00407A86�p
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
push esi
jz loc_407A4C
mov ebx, [ebp+arg_8]
test ebx, ebx
jz loc_407A4C
push ebx
call near ptr 41485Ch
test eax, eax
pop ecx
jz loc_407A4C
cmp eax, 0FFFFh
ja loc_407A4C
push 318h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz loc_407A4C
push edi
push 100h
push [ebp+arg_4]
lea eax, [esi+4]
push eax
call sub_40558F
push 6
lea eax, [esi+104h]
push ebx
push eax
call sub_40558F
mov eax, [ebp+arg_C]
add esp, 18h
test eax, eax
mov edi, 41C42Ch
jnz short loc_4079ED
mov eax, edi
loc_4079ED: ; CODE XREF: sub_407972+77�j
push 21h
push eax
lea eax, [esi+10Ah]
push eax
call sub_40558F
mov eax, [ebp+arg_10]
add esp, 0Ch
test eax, eax
jnz short loc_407A08
mov eax, edi
loc_407A08: ; CODE XREF: sub_407972+92�j
push 9
push eax
lea eax, [esi+12Bh]
push eax
call sub_40558F
add esp, 0Ch
cmp [ebp+arg_14], 0
jz short loc_407A23
mov edi, [ebp+arg_14]
loc_407A23: ; CODE XREF: sub_407972+AC�j
push 41h
lea eax, [esi+134h]
push edi
push eax
call sub_40558F
push ebx
push [ebp+arg_4]
push 41778Ch
push 1
push esi
push offset loc_40754F
call sub_40689D
add esp, 24h
pop edi
loc_407A4C: ; CODE XREF: sub_407972+9�j
; sub_407972+14�j ...
pop esi
pop ebx
pop ebp
retn
sub_407972 endp
; ---------------------------------------------------------------------------
loc_407A50: ; CODE XREF: sub_40826C+241�p
push ebp
mov ebp, esp
sub esp, 1F8h
push ebx
push esi
mov esi, [ebp+0Ch]
push edi
push 417930h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407A93
mov eax, [ebp+10h]
push dword ptr [eax+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [ebp+8]
call sub_407972
add esp, 18h
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407A93: ; CODE XREF: .rdata:00407A6F�j
push 417924h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407AD2
mov eax, [ebp+10h]
mov eax, [eax+4]
test eax, eax
jnz short loc_407ABA
and ds:41C9F8h, al
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407ABA: ; CODE XREF: .rdata:00407AAD�j
push 180h
push eax
push 41C9F8h
loc_407AC5: ; CODE XREF: .rdata:00407B02�j
call sub_40558F
loc_407ACA: ; CODE XREF: .rdata:00407C5A�j
add esp, 0Ch
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407AD2: ; CODE XREF: .rdata:00407AA3�j
push 41791Ch
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407B04
mov esi, [esi+4]
test esi, esi
jnz short loc_407AF7
and byte ptr ds:41C8F8h, 0
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407AF7: ; CODE XREF: .rdata:00407AE9�j
push 100h
push esi
push 41C8F8h
jmp short loc_407AC5
; ---------------------------------------------------------------------------
loc_407B04: ; CODE XREF: .rdata:00407AE2�j
xor edi, edi
cmp ds:41CB78h, edi
jz loc_408188
push 417914h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407B2F
mov ds:41CB78h, edi
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407B2F: ; CODE XREF: .rdata:00407B22�j
push 417910h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407B5B
mov eax, [ebp+10h]
mov eax, [eax+4]
cmp eax, edi
jz loc_408188
push eax
call sub_4074D4
loc_407B55: ; CODE XREF: .rdata:00407BE9�j
pop ecx
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407B5B: ; CODE XREF: .rdata:00407B3F�j
push 417908h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407B8B
mov eax, [esi+4]
cmp eax, edi
jz loc_408188
push eax
call sub_40A888
push dword ptr [esi+4]
push 4176C4h
jmp loc_407C55
; ---------------------------------------------------------------------------
loc_407B8B: ; CODE XREF: .rdata:00407B6B�j
push 417900h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407BC0
mov eax, [esi+4]
cmp eax, edi
jz loc_408188
mov esi, [esi+8]
cmp esi, edi
jnz short loc_407BB4
mov esi, 41C42Ch
loc_407BB4: ; CODE XREF: .rdata:00407BAD�j
push esi
push eax
push 4178F4h
jmp loc_407C55
; ---------------------------------------------------------------------------
loc_407BC0: ; CODE XREF: .rdata:00407B9B�j
push 4178ECh
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407BEE
mov esi, [esi+4]
cmp esi, edi
jz loc_408188
push esi
push 4178E4h
call sub_4074D4
pop ecx
jmp loc_407B55
; ---------------------------------------------------------------------------
loc_407BEE: ; CODE XREF: .rdata:00407BD0�j
mov ebx, 4178E0h
push ebx
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407C23
mov esi, [esi+4]
cmp esi, edi
jz loc_408188
mov eax, [ebp+10h]
mov eax, [eax+8]
cmp eax, edi
jz loc_408188
push eax
push esi
push 4178D0h
jmp short loc_407C55
; ---------------------------------------------------------------------------
loc_407C23: ; CODE XREF: .rdata:00407BFF�j
push 4178C8h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407C5F
mov esi, [esi+4]
cmp esi, edi
jz loc_408188
mov eax, [ebp+10h]
mov eax, [eax+8]
cmp eax, edi
jz loc_408188
push eax
push esi
push 4178B8h
loc_407C55: ; CODE XREF: .rdata:00407B86�j
; .rdata:00407BBB�j ...
call sub_4074D4
jmp loc_407ACA
; ---------------------------------------------------------------------------
loc_407C5F: ; CODE XREF: .rdata:00407C33�j
push 4178B0h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_408188
cmp [esi+4], edi
jz loc_408188
cmp [esi+8], edi
jz loc_408188
mov eax, [esi+0Ch]
cmp eax, edi
jz short loc_407C99
push eax
call near ptr 41485Ch
pop ecx
mov edi, eax
jmp short loc_407C9C
; ---------------------------------------------------------------------------
loc_407C99: ; CODE XREF: .rdata:00407C8C�j
push 3
pop edi
loc_407C9C: ; CODE XREF: .rdata:00407C97�j
test edi, edi
jz short loc_407CA5
cmp edi, 0Fh
jbe short loc_407CA8
loc_407CA5: ; CODE XREF: .rdata:00407C9E�j
push 3
pop edi
loc_407CA8: ; CODE XREF: .rdata:00407CA3�j
push 4178A4h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407CFC
test edi, edi
jbe loc_408188
mov ebx, 41C9F8h
loc_407CC8: ; CODE XREF: .rdata:00407CF5�j
push dword ptr [esi+8]
push 41789Ch
call sub_4074D4
mov eax, [ebp+10h]
pop ecx
pop ecx
mov eax, [eax+10h]
test eax, eax
jnz short loc_407CE3
mov eax, ebx
loc_407CE3: ; CODE XREF: .rdata:00407CDF�j
push eax
push dword ptr [esi+8]
push 417890h
call sub_4074D4
add esp, 0Ch
dec edi
jnz short loc_407CC8
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407CFC: ; CODE XREF: .rdata:00407CB9�j
push 417888h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_407DFD
test edi, edi
jbe loc_408188
mov [ebp+0Ch], edi
loc_407D1E: ; CODE XREF: .rdata:00407DF2�j
xor edi, edi
push 17Fh
push 64h
mov [ebp+10h], edi
call near ptr 40C0FFh
mov ebx, eax
pop ecx
pop ecx
mov [ebp+8], ebx
and byte ptr [ebp+ebx-1F8h], 0
test ebx, ebx
jbe loc_407DD8
loc_407D46: ; CODE XREF: .rdata:00407DD2�j
test edi, edi
jz short loc_407D92
cmp dword ptr [ebp+10h], 0
jnz short loc_407D68
mov eax, ebx
sub eax, edi
cmp eax, 5
jb short loc_407D68
push 0Ah
push 0
call near ptr 40C0FFh
pop ecx
test eax, eax
pop ecx
jz short loc_407D92
loc_407D68: ; CODE XREF: .rdata:00407D4E�j
; .rdata:00407D57�j
and dword ptr [ebp+10h], 0
call near ptr 40C151h
cmp al, 0C8h
jnb short loc_407D7B
push 5Ah
push 41h
jmp short loc_407D7F
; ---------------------------------------------------------------------------
loc_407D7B: ; CODE XREF: .rdata:00407D73�j
push 2Fh
push 21h
loc_407D7F: ; CODE XREF: .rdata:00407D79�j
call near ptr 40C0FFh
mov ebx, [ebp+8]
pop ecx
pop ecx
mov [ebp+edi-1F8h], al
jmp short loc_407DCF
; ---------------------------------------------------------------------------
loc_407D92: ; CODE XREF: .rdata:00407D48�j
; .rdata:00407D66�j
push 39h
push 31h
mov dword ptr [ebp+10h], 1
mov byte ptr [ebp+edi-1F8h], 3
call near ptr 40C0FFh
push 39h
push 31h
mov [ebp+edi-1F7h], al
mov byte ptr [ebp+edi-1F6h], 2Ch
call near ptr 40C0FFh
add esp, 10h
mov [ebp+edi-1F5h], al
add edi, 3
loc_407DCF: ; CODE XREF: .rdata:00407D90�j
inc edi
cmp edi, ebx
jb loc_407D46
loc_407DD8: ; CODE XREF: .rdata:00407D40�j
lea eax, [ebp-1F8h]
push eax
push dword ptr [esi+8]
push 4178D0h
call sub_4074D4
add esp, 0Ch
dec dword ptr [ebp+0Ch]
jnz loc_407D1E
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407DFD: ; CODE XREF: .rdata:00407D0D�j
push 417880h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407E6D
test edi, edi
jbe loc_408188
mov [ebp+10h], edi
loc_407E1B: ; CODE XREF: .rdata:00407E66�j
push 17Fh
push 32h
call near ptr 40C0FFh
mov edi, eax
pop ecx
xor ebx, ebx
pop ecx
and byte ptr [ebp+edi-1F8h], 0
test edi, edi
jbe short loc_407E4C
loc_407E39: ; CODE XREF: .rdata:00407E4A�j
call near ptr 40C169h
add al, 30h
mov [ebp+ebx-1F8h], al
inc ebx
cmp ebx, edi
jb short loc_407E39
loc_407E4C: ; CODE XREF: .rdata:00407E37�j
lea eax, [ebp-1F8h]
push eax
push dword ptr [esi+8]
push 4178D0h
call sub_4074D4
add esp, 0Ch
dec dword ptr [ebp+10h]
jnz short loc_407E1B
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407E6D: ; CODE XREF: .rdata:00407E0E�j
push ebx
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407EAE
test edi, edi
jbe loc_408188
mov ebx, 41C9F8h
loc_407E89: ; CODE XREF: .rdata:00407EA7�j
mov eax, [ebp+10h]
mov eax, [eax+10h]
test eax, eax
jnz short loc_407E95
mov eax, ebx
loc_407E95: ; CODE XREF: .rdata:00407E91�j
push eax
push dword ptr [esi+8]
push 4178D0h
call sub_4074D4
add esp, 0Ch
dec edi
jnz short loc_407E89
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407EAE: ; CODE XREF: .rdata:00407E7A�j
push 417908h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_407EF3
test edi, edi
jbe loc_408188
loc_407EC9: ; CODE XREF: .rdata:00407EEC�j
lea eax, [ebp-78h]
push eax
lea eax, [ebp-34h]
push eax
lea eax, [ebp-24h]
push eax
call sub_40449D
lea eax, [ebp-24h]
push eax
push 4176C4h
call sub_4074D4
add esp, 14h
dec edi
jnz short loc_407EC9
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407EF3: ; CODE XREF: .rdata:00407EBF�j
push 41787Ch
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_407FCD
test edi, edi
jbe loc_408188
mov [ebp+0Ch], edi
mov edi, [ebp+10h]
mov ebx, 41C9F8h
loc_407F1D: ; CODE XREF: .rdata:00407FC2�j
push 4
push 0
call near ptr 40C0FFh
pop ecx
test eax, eax
pop ecx
jnz short loc_407F48
mov eax, [edi+10h]
test eax, eax
jnz short loc_407F35
mov eax, ebx
loc_407F35: ; CODE XREF: .rdata:00407F31�j
push eax
push dword ptr [esi+8]
push 4178D0h
loc_407F3E: ; CODE XREF: .rdata:00407F5F�j
; .rdata:00407F78�j ...
call sub_4074D4
add esp, 0Ch
jmp short loc_407FBF
; ---------------------------------------------------------------------------
loc_407F48: ; CODE XREF: .rdata:00407F2A�j
cmp eax, 1
jnz short loc_407F61
mov eax, [edi+10h]
test eax, eax
jnz short loc_407F56
mov eax, ebx
loc_407F56: ; CODE XREF: .rdata:00407F52�j
push eax
push dword ptr [esi+8]
push 4178B8h
jmp short loc_407F3E
; ---------------------------------------------------------------------------
loc_407F61: ; CODE XREF: .rdata:00407F4B�j
cmp eax, 2
jnz short loc_407F7A
mov eax, [edi+10h]
test eax, eax
jnz short loc_407F6F
mov eax, ebx
loc_407F6F: ; CODE XREF: .rdata:00407F6B�j
push eax
push dword ptr [esi+8]
push 417868h
jmp short loc_407F3E
; ---------------------------------------------------------------------------
loc_407F7A: ; CODE XREF: .rdata:00407F64�j
cmp eax, 3
jnz short loc_407F93
mov eax, [edi+10h]
test eax, eax
jnz short loc_407F88
mov eax, ebx
loc_407F88: ; CODE XREF: .rdata:00407F84�j
push eax
push dword ptr [esi+8]
push 417858h
jmp short loc_407F3E
; ---------------------------------------------------------------------------
loc_407F93: ; CODE XREF: .rdata:00407F7D�j
cmp eax, 4
jnz short loc_407FBF
mov eax, [edi+10h]
test eax, eax
jnz short loc_407FA1
mov eax, ebx
loc_407FA1: ; CODE XREF: .rdata:00407F9D�j
push eax
push dword ptr [esi+8]
push 417890h
call sub_4074D4
push dword ptr [esi+8]
push 41789Ch
call sub_4074D4
add esp, 14h
loc_407FBF: ; CODE XREF: .rdata:00407F46�j
; .rdata:00407F96�j
dec dword ptr [ebp+0Ch]
jnz loc_407F1D
jmp loc_408188
; ---------------------------------------------------------------------------
loc_407FCD: ; CODE XREF: .rdata:00407F04�j
push 417850h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_408021
test edi, edi
jbe loc_408188
loc_407FE8: ; CODE XREF: .data:0040801A�j
push 2
push 0
call near ptr 40C0FFh
pop ecx
pop ecx
push dword ptr [esi+8]
test eax, eax
jnz short loc_408001
push 41783Ch
; ---------------------------------------------------------------------------
db 0EBh
_rdata ends
; Section 3. (virtual address 00008000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 408000h
db 11h
; ---------------------------------------------------------------------------
loc_408001: ; CODE XREF: .rdata:00407FF8�j
cmp eax, 1
jnz short loc_40800D
push 417828h
jmp short loc_408012
; ---------------------------------------------------------------------------
loc_40800D: ; CODE XREF: .data:00408004�j
push 417814h
loc_408012: ; CODE XREF: .data:0040800B�j
call sub_4074D4
pop ecx
dec edi
pop ecx
jnz short loc_407FE8
jmp loc_408188
; ---------------------------------------------------------------------------
loc_408021: ; CODE XREF: .rdata:00407FDE�j
push 4178C8h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_408066
test edi, edi
jbe loc_408188
mov ebx, 41C9F8h
loc_408041: ; CODE XREF: .data:0040805F�j
mov eax, [ebp+10h]
mov eax, [eax+10h]
test eax, eax
jnz short loc_40804D
mov eax, ebx
loc_40804D: ; CODE XREF: .data:00408049�j
push eax
push dword ptr [esi+8]
push 4178B8h
call sub_4074D4
add esp, 0Ch
dec edi
jnz short loc_408041
jmp loc_408188
; ---------------------------------------------------------------------------
loc_408066: ; CODE XREF: .data:00408032�j
push 417810h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_408188
test edi, edi
jbe loc_408188
mov [ebp+0Ch], edi
mov edi, 0FEh
loc_40808D: ; CODE XREF: .data:00408182�j
lea eax, [ebp-78h]
push eax
lea eax, [ebp-34h]
push eax
lea eax, [ebp-28h]
push eax
call sub_40449D
push 4
push 0
call near ptr 40C0FFh
add esp, 14h
test eax, eax
jnz short loc_4080B5
push 417808h
jmp short loc_4080DE
; ---------------------------------------------------------------------------
loc_4080B5: ; CODE XREF: .data:004080AC�j
cmp eax, 1
jnz short loc_4080C1
push 417800h
jmp short loc_4080DE
; ---------------------------------------------------------------------------
loc_4080C1: ; CODE XREF: .data:004080B8�j
cmp eax, 2
jnz short loc_4080CD
push 4177F8h
jmp short loc_4080DE
; ---------------------------------------------------------------------------
loc_4080CD: ; CODE XREF: .data:004080C4�j
cmp eax, 3
jnz short loc_4080D9
push 4177F0h
jmp short loc_4080DE
; ---------------------------------------------------------------------------
loc_4080D9: ; CODE XREF: .data:004080D0�j
push 4177E8h
loc_4080DE: ; CODE XREF: .data:004080B3�j
; .data:004080BF�j ...
lea eax, [ebp-28h]
push eax
call near ptr 414828h
mov eax, [ebp+10h]
pop ecx
pop ecx
mov eax, [eax+10h]
test eax, eax
mov ebx, eax
jnz short loc_4080F8
lea ebx, [ebp-28h]
loc_4080F8: ; CODE XREF: .data:004080F3�j
push edi
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push edi
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push edi
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push edi
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push ebx
push dword ptr [esi+8]
push 4177C0h
call sub_4074D4
mov eax, [ebp+10h]
add esp, 1Ch
mov eax, [eax+10h]
test eax, eax
mov ebx, eax
jnz short loc_408144
lea ebx, [ebp-28h]
loc_408144: ; CODE XREF: .data:0040813F�j
push 800000h
push 80000h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push 0FFFFh
push 401h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call near ptr 40C126h
push eax
push ebx
push dword ptr [esi+8]
push 41779Ch
call sub_4074D4
add esp, 18h
dec dword ptr [ebp+0Ch]
jnz loc_40808D
loc_408188: ; CODE XREF: .rdata:00407A8E�j
; .rdata:00407AB5�j ...
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40818D proc near ; CODE XREF: sub_4081A5+A1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor eax, eax
inc eax
test ecx, ecx
jz short locret_4081A4
cmp ecx, eax
jl short locret_4081A4
loc_40819C: ; CODE XREF: sub_40818D+15�j
imul eax, [esp+arg_0]
dec ecx
jnz short loc_40819C
locret_4081A4: ; CODE XREF: sub_40818D+9�j
; sub_40818D+D�j
retn
sub_40818D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081A5 proc near ; CODE XREF: sub_4042E5+27�p
; sub_40826C+B5D�p ...
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, 417938h
lea edi, [ebp+var_18]
xor ebx, ebx
movsd
movsw
movsb
mov esi, [ebp+arg_0]
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
cmp byte ptr [esi], 30h
jnz short loc_4081D9
mov al, [esi+1]
inc ebx
cmp al, 78h
jz short loc_4081D6
cmp al, 58h
jnz short loc_4081D9
loc_4081D6: ; CODE XREF: sub_4081A5+2B�j
push 2
pop ebx
loc_4081D9: ; CODE XREF: sub_4081A5+23�j
; sub_4081A5+2F�j
push esi
call near ptr 4147F8h
mov edi, eax
pop ecx
cmp ebx, edi
mov [ebp+var_10], edi
mov [ebp+arg_0], ebx
jge short loc_408260
sub edi, ebx
dec edi
loc_4081EF: ; CODE XREF: sub_4081A5+B9�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+esi]
push eax
call near ptr 414A9Ah
cmp eax, 30h
pop ecx
mov [ebp+var_C], eax
jl short loc_408212
cmp eax, 39h
jg short loc_408212
add eax, 0FFFFFFD0h
mov [ebp+var_4], eax
jmp short loc_408243
; ---------------------------------------------------------------------------
loc_408212: ; CODE XREF: sub_4081A5+5E�j
; sub_4081A5+63�j
cmp eax, 61h
jl short loc_408268
cmp eax, 66h
jg short loc_408268
mov dl, [ebp+var_18]
test dl, dl
jz short loc_408243
push 0Ah
lea eax, [ebp+var_18]
pop ebx
lea ecx, [ebp+var_18]
sub ebx, eax
loc_40822E: ; CODE XREF: sub_4081A5+9C�j
movsx eax, dl
cmp [ebp+var_C], eax
jnz short loc_40823C
lea eax, [ebx+ecx]
mov [ebp+var_4], eax
loc_40823C: ; CODE XREF: sub_4081A5+8F�j
inc ecx
mov dl, [ecx]
test dl, dl
jnz short loc_40822E
loc_408243: ; CODE XREF: sub_4081A5+6B�j
; sub_4081A5+7C�j
push edi
push 10h
call sub_40818D
imul eax, [ebp+var_4]
add [ebp+var_8], eax
inc [ebp+arg_0]
mov eax, [ebp+arg_0]
pop ecx
dec edi
cmp eax, [ebp+var_10]
pop ecx
jl short loc_4081EF
loc_408260: ; CODE XREF: sub_4081A5+45�j
mov eax, [ebp+var_8]
loc_408263: ; CODE XREF: sub_4081A5+C5�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408268: ; CODE XREF: sub_4081A5+70�j
; sub_4081A5+75�j
xor eax, eax
jmp short loc_408263
sub_4081A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40826C proc near ; CODE XREF: .idata:0040B19D�p
var_82C = byte ptr -82Ch
var_428 = byte ptr -428h
var_32C = byte ptr -32Ch
var_228 = byte ptr -228h
var_204 = byte ptr -204h
var_1E0 = byte ptr -1E0h
var_1BC = byte ptr -1BCh
var_19B = byte ptr -19Bh
var_9B = dword ptr -9Bh
var_97 = byte ptr -97h
var_31 = byte ptr -31h
var_23 = byte ptr -23h
var_20 = byte ptr -20h
var_1D = dword ptr -1Dh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 82Ch
push ebx
push esi
mov esi, [ebp+arg_14]
push edi
push dword ptr [esi]
call sub_40B535
mov ebx, [ebp+arg_0]
mov edi, eax
lea eax, [ebp+var_1BC]
push ebx
push eax
call near ptr 4147F2h
push [ebp+arg_8]
lea eax, [ebp+var_19B]
push eax
call near ptr 4147F2h
mov eax, [ebp+arg_C]
push 7Ah
push [ebp+arg_10]
mov [ebp+var_9B], eax
lea eax, [ebp+var_97]
push eax
call near ptr 414810h
xor eax, eax
add esp, 20h
inc eax
cmp edi, ds:418050h
mov [ebp+var_1D], eax
jnz short loc_4082DF
lea eax, [ebp+var_1BC]
push eax
call near ptr 411AF7h
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4082DF: ; CODE XREF: sub_40826C+60�j
cmp edi, ds:418044h
jnz short loc_4082F8
lea eax, [ebp+var_1BC]
push eax
call near ptr 410EA1h
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4082F8: ; CODE XREF: sub_40826C+79�j
cmp edi, ds:418038h
jnz short loc_408311
lea eax, [ebp+var_1BC]
push eax
call near ptr 41209Bh
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408311: ; CODE XREF: sub_40826C+92�j
cmp edi, ds:41802Ch
jnz short loc_408368
mov eax, [esi+4]
test eax, eax
jnz short loc_408350
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_1E0]
push eax
call sub_40449D
lea eax, [ebp+var_1E0]
push eax
push 4176C4h
loc_408346: ; CODE XREF: sub_40826C+69E�j
call sub_40A79C
jmp loc_409156
; ---------------------------------------------------------------------------
loc_408350: ; CODE XREF: sub_40826C+B2�j
push eax
call sub_40A888
push dword ptr [esi+4]
push 4176C4h
loc_40835E: ; CODE XREF: sub_40826C+39B�j
; sub_40826C+3E1�j ...
call sub_40A79C
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_408368: ; CODE XREF: sub_40826C+AB�j
cmp edi, ds:418020h
jnz short loc_4083A2
lea eax, [ebp+var_428]
push 200h
push eax
call dword ptr ds:4151E8h
push eax
call dword ptr ds:4151E4h
test eax, eax
jle loc_4091C2
lea eax, [ebp+var_428]
push eax
push 418004h
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_4083A2: ; CODE XREF: sub_40826C+102�j
cmp edi, ds:417FF8h
jnz short loc_4083C1
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_405493
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_4083C1: ; CODE XREF: sub_40826C+13C�j
cmp edi, ds:417FE8h
jnz short loc_4083DD
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call sub_4043BC
jmp loc_409187
; ---------------------------------------------------------------------------
loc_4083DD: ; CODE XREF: sub_40826C+15B�j
cmp edi, ds:417FD8h
jnz short loc_4083F6
lea eax, [ebp+var_1BC]
push eax
call sub_4042AA
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4083F6: ; CODE XREF: sub_40826C+177�j
cmp edi, ds:417FC8h
jnz short loc_408443
xor ebx, ebx
mov [ebp+var_20], 1
cmp [ebp+var_31], bl
lea eax, [ebp+var_1BC]
jz short loc_40841B
push ebx
loc_408410: ; CODE XREF: sub_40826C+904�j
push eax
call near ptr 40FBCAh
jmp loc_409187
; ---------------------------------------------------------------------------
loc_40841B: ; CODE XREF: sub_40826C+1A1�j
cmp [ebp+var_23], bl
jz short loc_40842B
push eax
call near ptr 410CDEh
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_40842B: ; CODE XREF: sub_40826C+1B2�j
push ebx
push eax
call near ptr 40FBCAh
lea eax, [ebp+var_1BC]
push eax
call near ptr 410CDEh
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_408443: ; CODE XREF: sub_40826C+190�j
cmp edi, ds:417FB8h
jnz short loc_40845C
lea eax, [ebp+var_1BC]
push eax
call near ptr 41135Ch
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_40845C: ; CODE XREF: sub_40826C+1DD�j
cmp edi, ds:417FACh
jz loc_4091B6
cmp edi, ds:417FA0h
jz loc_4091B6
cmp edi, ds:417F90h
jnz short loc_408493
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_40271C
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_408493: ; CODE XREF: sub_40826C+20E�j
cmp edi, ds:417F84h
jnz short loc_4084B7
mov eax, [ebp+arg_18]
add esi, 4
add eax, 4
push eax
lea eax, [ebp+var_1BC]
push esi
push eax
call loc_407A50
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_4084B7: ; CODE XREF: sub_40826C+22D�j
cmp edi, ds:417F78h
jnz short loc_4084DB
mov eax, [ebp+arg_18]
add esi, 4
add eax, 4
push eax
lea eax, [ebp+var_1BC]
push esi
push eax
call sub_409BAD
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_4084DB: ; CODE XREF: sub_40826C+251�j
cmp edi, ds:417F6Ch
jnz short loc_4084F4
lea eax, [ebp+var_1BC]
push eax
call near ptr 4147AEh
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4084F4: ; CODE XREF: sub_40826C+275�j
cmp edi, ds:417F60h
jnz short loc_408516
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_401F41
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_408516: ; CODE XREF: sub_40826C+28E�j
cmp edi, ds:417F50h
jnz short loc_408538
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1BC]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_4042E5
jmp loc_408F13
; ---------------------------------------------------------------------------
loc_408538: ; CODE XREF: sub_40826C+2B0�j
cmp edi, ds:417F40h
jnz short loc_40855A
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call near ptr 4125E6h
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_40855A: ; CODE XREF: sub_40826C+2D2�j
cmp edi, ds:417F34h
jnz short loc_40857F
push dword ptr [esi+10h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call near ptr 412CF4h
jmp loc_409156
; ---------------------------------------------------------------------------
loc_40857F: ; CODE XREF: sub_40826C+2F4�j
cmp edi, ds:417F24h
jnz short loc_4085B2
mov esi, [ebp+arg_18]
mov eax, [esi+4]
test eax, eax
jz loc_4091C2
push eax
push 80000001h
call sub_401000
push dword ptr [esi+4]
push 80000002h
call sub_401000
jmp loc_408F13
; ---------------------------------------------------------------------------
loc_4085B2: ; CODE XREF: sub_40826C+319�j
cmp edi, ds:417F14h
jnz short loc_4085CA
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_401104
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4085CA: ; CODE XREF: sub_40826C+34C�j
cmp edi, ds:417F08h
jnz short loc_4085EB
push 0
loc_4085D4: ; CODE XREF: sub_40826C+388�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_40145F
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_4085EB: ; CODE XREF: sub_40826C+364�j
cmp edi, ds:417EFCh
jnz short loc_4085F6
push eax
jmp short loc_4085D4
; ---------------------------------------------------------------------------
loc_4085F6: ; CODE XREF: sub_40826C+385�j
cmp edi, ds:417EF0h
jnz short loc_40860C
push ebx
push [ebp+arg_8]
push 417EE0h
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_40860C: ; CODE XREF: sub_40826C+390�j
cmp edi, ds:417ED4h
jnz short loc_408625
lea eax, [ebp+var_1BC]
push eax
call sub_406CE1
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408625: ; CODE XREF: sub_40826C+3A6�j
cmp edi, ds:417ECCh
jnz short loc_40863C
push 41D110h
push 417EBCh
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_40863C: ; CODE XREF: sub_40826C+3BF�j
cmp edi, ds:417EB0h
jnz short loc_408652
push ebx
push [ebp+arg_8]
push 417EA0h
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_408652: ; CODE XREF: sub_40826C+3D6�j
cmp edi, ds:417E94h
jz loc_409196
cmp edi, ds:417E88h
jz loc_409196
cmp edi, ds:417E7Ch
jz loc_409196
cmp edi, ds:417E6Ch
jnz short loc_40868F
lea eax, [ebp+var_1BC]
push eax
call near ptr 40D9C5h
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_40868F: ; CODE XREF: sub_40826C+410�j
cmp edi, ds:417E64h
jnz short loc_4086A5
push ebx
push [ebp+arg_8]
push 417E54h
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_4086A5: ; CODE XREF: sub_40826C+429�j
cmp edi, ds:417E48h
jnz short loc_4086BB
push ebx
push [ebp+arg_8]
push 417E38h
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_4086BB: ; CODE XREF: sub_40826C+43F�j
cmp edi, ds:417E28h
jnz short loc_4086E3
push dword ptr [esi+14h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call near ptr 40F033h
jmp loc_40879B
; ---------------------------------------------------------------------------
loc_4086E3: ; CODE XREF: sub_40826C+455�j
cmp edi, ds:417E20h
jnz short loc_408747
mov esi, [ebp+arg_18]
xor ebx, ebx
mov eax, [esi+4]
cmp eax, ebx
jz loc_4091C2
push eax
call near ptr 4147F8h
add eax, eax
push eax
call near ptr 414804h
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_4091C2
push dword ptr [esi+4]
call near ptr 4147F8h
push eax
push edi
push dword ptr [esi+4]
call sub_40B44C
push edi
lea eax, [ebp+var_1BC]
push 417E04h
push eax
call sub_40A68C
push edi
call near ptr 41480Ah
add esp, 20h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408747: ; CODE XREF: sub_40826C+47D�j
cmp edi, ds:417DF8h
jnz short loc_4087A3
mov edi, [ebp+arg_18]
xor ebx, ebx
mov eax, [edi+4]
cmp eax, ebx
jz loc_4091C2
push eax
call near ptr 4147F8h
push eax
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_4091C2
push esi
push dword ptr [edi+4]
call sub_40B380
mov [eax+esi], bl
push esi
lea eax, [ebp+var_1BC]
push 417DDCh
push eax
call sub_40A68C
push esi
call near ptr 41480Ah
loc_40879B: ; CODE XREF: sub_40826C+472�j
; sub_40826C+F45�j
add esp, 18h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_4087A3: ; CODE XREF: sub_40826C+4E1�j
cmp edi, ds:417DCCh
jnz short loc_4087E0
mov esi, [esi+4]
test esi, esi
jnz short loc_4087D0
push 41D110h
push 417DB8h
loc_4087BC: ; CODE XREF: sub_40826C+131�j
; sub_40826C+3CB�j ...
lea eax, [ebp+var_1BC]
push eax
call sub_40A68C
loc_4087C8: ; CODE XREF: sub_40826C+F7�j
; sub_40826C+150�j ...
add esp, 0Ch
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_4087D0: ; CODE XREF: sub_40826C+544�j
push esi
push 41D110h
loc_4087D6: ; CODE XREF: sub_40826C+DC2�j
call near ptr 4147F2h
jmp loc_409187
; ---------------------------------------------------------------------------
loc_4087E0: ; CODE XREF: sub_40826C+53D�j
cmp edi, ds:417DACh
jnz short loc_4087F5
push dword ptr [esi+4]
call sub_4069F2
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_4087F5: ; CODE XREF: sub_40826C+57A�j
cmp edi, ds:417DA0h
jnz short loc_408811
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call sub_40300E
jmp loc_409187
; ---------------------------------------------------------------------------
loc_408811: ; CODE XREF: sub_40826C+58F�j
cmp edi, ds:417D90h
jnz short loc_408826
push dword ptr [esi+4]
call sub_406AD0
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408826: ; CODE XREF: sub_40826C+5AB�j
cmp edi, ds:417D84h
jnz short loc_408845
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_404797
jmp loc_409187
; ---------------------------------------------------------------------------
loc_408845: ; CODE XREF: sub_40826C+5C0�j
cmp edi, ds:417D74h
jnz short loc_408861
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
push eax
call near ptr 4103A0h
jmp loc_409187
; ---------------------------------------------------------------------------
loc_408861: ; CODE XREF: sub_40826C+5DF�j
cmp edi, ds:417D68h
jnz short loc_408886
push dword ptr [esi+10h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call sub_4070AD
jmp loc_409156
; ---------------------------------------------------------------------------
loc_408886: ; CODE XREF: sub_40826C+5FB�j
cmp edi, ds:417D5Ch
jnz short loc_4088A5
push dword ptr [esi+8]
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push eax
call sub_40734D
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_4088A5: ; CODE XREF: sub_40826C+620�j
cmp edi, ds:417D50h
jnz short loc_4088C8
push 41CDF8h
push 417D3Ch
call sub_40A79C
pop ecx
pop ecx
push 36EE80h
jmp loc_408985
; ---------------------------------------------------------------------------
loc_4088C8: ; CODE XREF: sub_40826C+63F�j
cmp edi, ds:417D30h
jnz short loc_40890F
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4091C2
mov edi, 41C070h
push eax
push edi
call near ptr 4147F2h
mov esi, [esi+8]
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_4088F7
mov esi, 41C42Ch
loc_4088F7: ; CODE XREF: sub_40826C+684�j
push esi
mov esi, 41CF10h
push esi
call near ptr 4147F2h
push esi
push edi
push 4178F4h
jmp loc_408346
; ---------------------------------------------------------------------------
loc_40890F: ; CODE XREF: sub_40826C+662�j
cmp edi, ds:417D24h
jnz short loc_40893C
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4091C2
mov esi, [esi+8]
cmp esi, ebx
jnz short loc_408930
mov esi, 41C42Ch
loc_408930: ; CODE XREF: sub_40826C+6BD�j
push esi
push eax
push 4178F4h
jmp loc_40835E
; ---------------------------------------------------------------------------
loc_40893C: ; CODE XREF: sub_40826C+6A9�j
cmp edi, ds:417D18h
jnz short loc_40895F
mov esi, [esi+4]
test esi, esi
jz loc_4091C2
push esi
push 4178E4h
loc_408955: ; CODE XREF: sub_40826C+81D�j
call sub_40A79C
jmp loc_409187
; ---------------------------------------------------------------------------
loc_40895F: ; CODE XREF: sub_40826C+6D6�j
cmp edi, ds:417D0Ch
jnz short loc_408990
mov esi, [esi+4]
test esi, esi
jz loc_4091C2
push esi
call near ptr 41485Ch
cmp eax, 927C0h
pop ecx
jg loc_4091C2
push eax
loc_408985: ; CODE XREF: sub_40826C+657�j
call dword ptr ds:4150A4h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408990: ; CODE XREF: sub_40826C+6F9�j
cmp edi, ds:417D04h
jnz short loc_4089BF
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz loc_4091C2
mov eax, [ebp+arg_18]
mov eax, [eax+8]
cmp eax, ebx
jz loc_4091C2
push eax
push esi
call sub_40A61A
jmp loc_409187
; ---------------------------------------------------------------------------
loc_4089BF: ; CODE XREF: sub_40826C+72A�j
cmp edi, ds:417CF8h
jnz short loc_4089EE
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz loc_4091C2
mov eax, [ebp+arg_18]
mov eax, [eax+8]
cmp eax, ebx
jz loc_4091C2
push eax
push esi
call sub_40A5A8
jmp loc_409187
; ---------------------------------------------------------------------------
loc_4089EE: ; CODE XREF: sub_40826C+759�j
cmp edi, ds:417CF0h
jnz short loc_408A0A
mov eax, [ebp+arg_18]
mov eax, [eax+4]
test eax, eax
jz loc_4091C2
push eax
jmp loc_40918F
; ---------------------------------------------------------------------------
loc_408A0A: ; CODE XREF: sub_40826C+788�j
cmp edi, ds:417CE4h
jnz short loc_408A53
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jnz short loc_408A38
cmp ds:41C430h, ebx
mov eax, 417CE0h
jnz short loc_408A2D
mov eax, 417CDCh
loc_408A2D: ; CODE XREF: sub_40826C+7BA�j
push eax
push 417CC8h
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_408A38: ; CODE XREF: sub_40826C+7AD�j
push 417CE0h
push esi
call near ptr 414C30h
neg eax
sbb eax, eax
pop ecx
inc eax
mov ds:41C430h, eax
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408A53: ; CODE XREF: sub_40826C+7A4�j
cmp edi, ds:417CB8h
jnz short loc_408A6C
lea eax, [ebp+var_1BC]
push eax
call near ptr 411C03h
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408A6C: ; CODE XREF: sub_40826C+7ED�j
cmp edi, ds:417CACh
jnz short loc_408A8E
cmp dword ptr [esi+4], 0
jz loc_4091C2
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push 417CA4h
jmp loc_408955
; ---------------------------------------------------------------------------
loc_408A8E: ; CODE XREF: sub_40826C+806�j
cmp edi, ds:417C98h
jz loc_40918A
cmp edi, ds:417C8Ch
jz loc_40918A
cmp edi, ds:417C84h
jz loc_40918A
cmp edi, ds:417C78h
jnz short loc_408B07
lea eax, [ebp+var_32C]
push 104h
xor ebx, ebx
push eax
push ebx
call dword ptr ds:415060h
push eax
call dword ptr ds:415064h
push ebx
push ebx
lea eax, [ebp+var_32C]
push ebx
push eax
push 41622Ch
push ebx
call dword ptr ds:4151D4h
cmp eax, 20h
jbe loc_4091C2
push 416630h
call sub_40A79C
pop ecx
push ebx
call dword ptr ds:415068h
loc_408B07: ; CODE XREF: sub_40826C+84C�j
cmp edi, ds:417C6Ch
jnz short loc_408B35
mov esi, [esi+4]
test esi, esi
jz loc_4091C2
movzx eax, byte ptr [esi]
push eax
push eax
push 417C3Ch
loc_408B24: ; CODE XREF: sub_40826C+AB3�j
lea eax, [ebp+var_1BC]
push eax
call sub_40A68C
jmp loc_408F13
; ---------------------------------------------------------------------------
loc_408B35: ; CODE XREF: sub_40826C+8A1�j
cmp edi, ds:417C2Ch
jnz short loc_408B47
call sub_404F93
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408B47: ; CODE XREF: sub_40826C+8CF�j
cmp edi, ds:417C24h
jz loc_409175
cmp edi, ds:417C18h
jz loc_409175
cmp edi, ds:417C0Ch
jnz short loc_408B75
push dword ptr [esi+4]
lea eax, [ebp+var_1BC]
jmp loc_408410
; ---------------------------------------------------------------------------
loc_408B75: ; CODE XREF: sub_40826C+8F9�j
cmp edi, ds:417C04h
jnz short loc_408B94
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_40A061
jmp loc_409187
; ---------------------------------------------------------------------------
loc_408B94: ; CODE XREF: sub_40826C+90F�j
cmp edi, ds:417BF8h
jz loc_40915B
cmp edi, ds:417BE8h
jz loc_40915B
cmp edi, ds:417BE0h
jnz loc_408CB1
xor ebx, ebx
cmp [esi+4], ebx
jnz short loc_408BC6
mov dword ptr [esi+4], 41C42Ch
loc_408BC6: ; CODE XREF: sub_40826C+951�j
lea eax, [ebp+arg_8]
push eax
push ebx
push ebx
push dword ptr [esi+4]
call dword ptr ds:41C47Ch
test eax, eax
jnz loc_408D2A
mov eax, [ebp+arg_8]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_408CA3
mov edi, 3E8h
loc_408BF0: ; CODE XREF: sub_40826C+A31�j
push 2
push ebx
push ebx
lea eax, [ebp+var_82C]
push 401h
push eax
mov eax, [ebp+arg_18]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword ptr ds:41C480h
test eax, eax
jnz short loc_408C92
mov eax, [ebp+arg_18]
mov ecx, [eax+4]
mov eax, [esi+4]
cmp ecx, 2
jnz short loc_408C48
cmp [eax], bl
jnz short loc_408C2A
mov eax, 417BDCh
loc_408C2A: ; CODE XREF: sub_40826C+9B7�j
lea ecx, [ebp+var_82C]
push ecx
push eax
push 417BB8h
loc_408C37: ; CODE XREF: sub_40826C+9F7�j
lea eax, [ebp+var_1BC]
push eax
call sub_40A68C
add esp, 10h
jmp short loc_408C8B
; ---------------------------------------------------------------------------
loc_408C48: ; CODE XREF: sub_40826C+9B3�j
cmp ecx, 17h
jnz short loc_408C65
cmp [eax], bl
jnz short loc_408C56
mov eax, 417BDCh
loc_408C56: ; CODE XREF: sub_40826C+9E3�j
lea ecx, [ebp+var_82C]
push ecx
push eax
push 417B94h
jmp short loc_408C37
; ---------------------------------------------------------------------------
loc_408C65: ; CODE XREF: sub_40826C+9DF�j
cmp [eax], bl
jnz short loc_408C6E
mov eax, 417BDCh
loc_408C6E: ; CODE XREF: sub_40826C+9FB�j
lea edx, [ebp+var_82C]
push edx
push ecx
push eax
lea eax, [ebp+var_1BC]
push 417B60h
push eax
call sub_40A68C
add esp, 14h
loc_408C8B: ; CODE XREF: sub_40826C+9DA�j
push edi
call dword ptr ds:4150A4h
loc_408C92: ; CODE XREF: sub_40826C+9A5�j
mov eax, [ebp+arg_18]
mov eax, [eax+1Ch]
cmp eax, ebx
mov [ebp+arg_18], eax
jnz loc_408BF0
loc_408CA3: ; CODE XREF: sub_40826C+979�j
push [ebp+arg_8]
call dword ptr ds:41C484h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408CB1: ; CODE XREF: sub_40826C+946�j
cmp edi, ds:417B54h
jnz short loc_408D37
xor ebx, ebx
cmp [esi+4], ebx
jnz short loc_408CC7
mov dword ptr [esi+4], 41C42Ch
loc_408CC7: ; CODE XREF: sub_40826C+A52�j
lea eax, [ebp+arg_18]
push eax
push ebx
push ebx
push dword ptr [esi+4]
call dword ptr ds:41C47Ch
test eax, eax
jnz short loc_408D2A
push 4
push ebx
push ebx
lea eax, [ebp+var_82C]
push 401h
push eax
mov eax, [ebp+arg_18]
push dword ptr [eax+10h]
push dword ptr [eax+18h]
call dword ptr ds:41C480h
push [ebp+arg_18]
test eax, eax
jnz short loc_408D24
call dword ptr ds:41C484h
mov esi, [esi+4]
cmp [esi], bl
jnz short loc_408D12
mov esi, 417BDCh
loc_408D12: ; CODE XREF: sub_40826C+A9F�j
lea eax, [ebp+var_82C]
push eax
push esi
push 417B38h
jmp loc_408B24
; ---------------------------------------------------------------------------
loc_408D24: ; CODE XREF: sub_40826C+A92�j
call dword ptr ds:41C484h
loc_408D2A: ; CODE XREF: sub_40826C+96B�j
; sub_40826C+A6C�j
push dword ptr [esi+4]
push 417B1Ch
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_408D37: ; CODE XREF: sub_40826C+A4B�j
cmp edi, ds:417B0Ch
jnz loc_408E1A
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4091C2
push eax
call near ptr 4147F8h
cmp eax, 0Ah
pop ecx
jbe loc_4091C2
push dword ptr [esi+4]
call near ptr 4147F8h
push 4
push 417B04h
push dword ptr [esi+4]
mov edi, eax
call near ptr 414AA0h
add esp, 10h
test eax, eax
jnz loc_408E0D
mov eax, [esi+4]
add eax, edi
mov cl, [eax-9]
mov byte ptr [ebp+var_C], cl
mov cl, [eax-8]
mov byte ptr [ebp+var_C+1], cl
mov byte ptr [ebp+var_C+2], bl
mov cl, [eax-7]
mov byte ptr [ebp+var_C+3], cl
mov cl, [eax-6]
mov [ebp+var_8], cl
mov [ebp+var_7], bl
mov cl, [eax-4]
mov [ebp+var_6], cl
mov cl, [eax-3]
mov [ebp+var_5], cl
mov [ebp+var_4], bl
mov cl, [eax-2]
mov [ebp+var_3], cl
mov al, [eax-1]
mov [ebp+var_2], al
lea eax, [ebp+var_3]
push eax
mov [ebp+var_1], bl
call sub_4081A5
pop ecx
push eax
lea eax, [ebp+var_6]
push eax
call sub_4081A5
pop ecx
push eax
lea eax, [ebp+var_C+3]
push eax
call sub_4081A5
pop ecx
push eax
lea eax, [ebp+var_C]
push eax
call sub_4081A5
pop ecx
push eax
lea eax, [ebp+var_1BC]
push dword ptr [esi+4]
push 417AD4h
push eax
call sub_40A68C
add esp, 1Ch
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408E0D: ; CODE XREF: sub_40826C+B12�j
push dword ptr [esi+4]
push 417AB8h
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_408E1A: ; CODE XREF: sub_40826C+AD1�j
cmp edi, ds:417AACh
jnz loc_408EDE
call near ptr 41481Ch
mov [ebp+arg_14], eax
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
mov [ebp+arg_8], ebx
mov byte ptr [ebp+arg_18+3], bl
call near ptr 414822h
add esp, 0Ch
mov [ebp+var_10], 2
call near ptr 41481Ch
sub eax, [ebp+arg_14]
mov edi, 3E8h
cmp eax, edi
jnb short loc_408ECB
loc_408E5C: ; CODE XREF: sub_40826C+C53�j
push 0FFFFh
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
call dword ptr ds:41523Ch
push 4
push ebx
mov [ebp+var_E], ax
call sub_403270
pop ecx
mov [ebp+var_C], eax
pop ecx
push ebx
push 2
push 2
call dword ptr ds:415220h
mov esi, eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword ptr ds:41522Ch
push ebx
lea eax, [ebp+arg_18+3]
push 1
push eax
push esi
call dword ptr ds:415210h
push esi
call dword ptr ds:415230h
add [ebp+arg_8], 2Bh
call near ptr 41481Ch
sub eax, [ebp+arg_14]
cmp eax, edi
jb short loc_408E5C
mov eax, [ebp+arg_8]
cmp eax, 400h
ja short loc_408ED0
loc_408ECB: ; CODE XREF: sub_40826C+BEE�j
mov eax, 400h
loc_408ED0: ; CODE XREF: sub_40826C+C5D�j
shr eax, 0Ah
push eax
push 417A94h
jmp loc_4087BC
; ---------------------------------------------------------------------------
loc_408EDE: ; CODE XREF: sub_40826C+BB4�j
cmp edi, ds:417A8Ch
jz loc_409139
cmp edi, ds:417A80h
jz loc_409139
cmp edi, ds:417A74h
jnz short loc_408F1B
push dword ptr [esi+0Ch]
lea eax, [ebp+var_1BC]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call near ptr 40ED9Bh
loc_408F13: ; CODE XREF: sub_40826C+2C7�j
; sub_40826C+341�j ...
add esp, 10h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_408F1B: ; CODE XREF: sub_40826C+C90�j
cmp edi, ds:417A6Ch
jz loc_409128
cmp edi, ds:417A60h
jz loc_409128
cmp edi, ds:417A58h
jz loc_409117
cmp edi, ds:417A4Ch
jz loc_409117
cmp edi, ds:417A3Ch
jnz short loc_408F88
push eax
push 417A34h
call sub_40370B
mov esi, eax
lea eax, [ebp+var_1BC]
push esi
push 416C4Ch
push eax
call sub_40A68C
add esp, 14h
test esi, esi
jz loc_4091C2
push esi
call sub_4039E7
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408F88: ; CODE XREF: sub_40826C+CE5�j
cmp edi, ds:417A24h
jnz short loc_408FA1
lea eax, [ebp+var_1BC]
push eax
call near ptr 411C39h
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408FA1: ; CODE XREF: sub_40826C+D22�j
cmp edi, ds:417A18h
jnz short loc_408FBA
lea eax, [ebp+var_1BC]
push eax
call sub_406578
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_408FBA: ; CODE XREF: sub_40826C+D3B�j
cmp edi, ds:417A10h
jz short loc_409033
cmp edi, ds:417A04h
jz short loc_409033
cmp edi, ds:4179FCh
jnz loc_4091C2
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
jz loc_4091C2
cmp [esi+8], ebx
jz loc_4091C2
push 2
push 4179F8h
push eax
call near ptr 414C2Ah
add esp, 0Ch
test eax, eax
jnz short loc_40900F
push dword ptr [esi+8]
push 41D090h
call near ptr 4147F2h
pop ecx
pop ecx
loc_40900F: ; CODE XREF: sub_40826C+D92�j
push 4179ECh
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_4091C2
push dword ptr [esi+8]
push 41D210h
jmp loc_4087D6
; ---------------------------------------------------------------------------
loc_409033: ; CODE XREF: sub_40826C+D54�j
; sub_40826C+D5C�j
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz short loc_409045
push esi
call near ptr 41485Ch
pop ecx
mov ebx, eax
loc_409045: ; CODE XREF: sub_40826C+DCE�j
call sub_406625
mov edi, 15180h
xor edx, edx
mov ecx, edi
mov esi, 0E10h
div ecx
mov ecx, esi
push 3Ch
mov [ebp+arg_18], eax
mov eax, edx
xor edx, edx
div ecx
pop ecx
mov [ebp+var_18], eax
mov eax, edx
xor edx, edx
div ecx
cmp [ebp+arg_18], ebx
mov [ebp+var_14], eax
jb loc_4091C2
call sub_406697
xor edx, edx
push 3Ch
div edi
pop ecx
mov [ebp+arg_10], eax
mov eax, edx
xor edx, edx
div esi
xor esi, esi
inc esi
mov [ebp+arg_0], eax
mov eax, edx
xor edx, edx
div ecx
mov edx, 41C42Ch
mov ecx, 417204h
mov [ebp+arg_8], edx
cmp eax, esi
jz short loc_4090B2
mov [ebp+arg_8], ecx
loc_4090B2: ; CODE XREF: sub_40826C+E41�j
cmp [ebp+arg_0], esi
mov [ebp+arg_14], edx
jz short loc_4090BD
mov [ebp+arg_14], ecx
loc_4090BD: ; CODE XREF: sub_40826C+E4C�j
cmp [ebp+arg_10], esi
mov [ebp+arg_C], edx
jz short loc_4090C8
mov [ebp+arg_C], ecx
loc_4090C8: ; CODE XREF: sub_40826C+E57�j
cmp [ebp+var_14], esi
mov edi, edx
jz short loc_4090D1
mov edi, ecx
loc_4090D1: ; CODE XREF: sub_40826C+E61�j
cmp [ebp+var_18], esi
mov esi, edx
jz short loc_4090DA
mov esi, ecx
loc_4090DA: ; CODE XREF: sub_40826C+E6A�j
cmp [ebp+arg_18], 1
jnz short loc_4090E2
mov ecx, edx
loc_4090E2: ; CODE XREF: sub_40826C+E72�j
push [ebp+arg_8]
push eax
lea eax, [ebp+var_1BC]
push [ebp+arg_14]
push [ebp+arg_0]
push [ebp+arg_C]
push [ebp+arg_10]
push edi
push [ebp+var_14]
push esi
push [ebp+var_18]
push ecx
push [ebp+arg_18]
push 417978h
push eax
call sub_40A68C
add esp, 38h
jmp loc_4091C2
; ---------------------------------------------------------------------------
loc_409117: ; CODE XREF: sub_40826C+CCD�j
; sub_40826C+CD9�j
lea eax, [ebp+var_1BC]
push eax
call sub_4062F1
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_409128: ; CODE XREF: sub_40826C+CB5�j
; sub_40826C+CC1�j
lea eax, [ebp+var_1BC]
push eax
call sub_405E89
jmp loc_4091C1
; ---------------------------------------------------------------------------
loc_409139: ; CODE XREF: sub_40826C+C78�j
; sub_40826C+C84�j
push 41C1F0h
push 38Bh
push 0
lea eax, [ebp+var_1BC]
push 417958h
push eax
call sub_40A68C
loc_409156: ; CODE XREF: sub_40826C+DF�j
; sub_40826C+30E�j ...
add esp, 14h
jmp short loc_4091C2
; ---------------------------------------------------------------------------
loc_40915B: ; CODE XREF: sub_40826C+92E�j
; sub_40826C+93A�j
push 417940h
call sub_40A79C
push dword ptr [esi+8]
push dword ptr [esi+4]
call sub_40A3D1
jmp loc_4087C8
; ---------------------------------------------------------------------------
loc_409175: ; CODE XREF: sub_40826C+8E1�j
; sub_40826C+8ED�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1BC]
push eax
call sub_401884
loc_409187: ; CODE XREF: sub_40826C+16C�j
; sub_40826C+1AA�j ...
pop ecx
jmp short loc_4091C1
; ---------------------------------------------------------------------------
loc_40918A: ; CODE XREF: sub_40826C+828�j
; sub_40826C+834�j ...
push 416644h
loc_40918F: ; CODE XREF: sub_40826C+799�j
call sub_40A79C
jmp short loc_4091C1
; ---------------------------------------------------------------------------
loc_409196: ; CODE XREF: sub_40826C+3EC�j
; sub_40826C+3F8�j ...
push dword ptr [esi+14h]
lea eax, [ebp+var_1BC]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push eax
call near ptr 40D766h
jmp loc_40879B
; ---------------------------------------------------------------------------
loc_4091B6: ; CODE XREF: sub_40826C+1F6�j
; sub_40826C+202�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40A804
loc_4091C1: ; CODE XREF: sub_40826C+6E�j
; sub_40826C+87�j ...
pop ecx
loc_4091C2: ; CODE XREF: sub_40826C+11F�j
; sub_40826C+323�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40826C endp
; ---------------------------------------------------------------------------
db 0E9h
dd 0
dd 16A056Ah, 2F2AE8h, 0C0035900h, 0CB7CA359h, 0E9C30041h
dd 0
dd 26A0A6Ah, 2F12E8h, 48D5900h, 80A35980h, 0C30041CBh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4091F8 proc near ; CODE XREF: sub_40924E+2E�p
; sub_40924E+39�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_0]
push 200h
push eax
call near ptr 414A94h
lea eax, [ebp+var_200]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_200]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_200]
push eax
push dword ptr ds:41CB88h
call sub_403E36
add esp, 28h
leave
retn
sub_4091F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40924E proc near ; CODE XREF: .data:004095EE�p
; sub_409BAD+C9�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
mov eax, ds:41CB84h
push esi
cmp dword ptr [eax+22Bh], 2
jnz short loc_4092C8
push dword ptr ds:41CB80h
mov eax, ds:41CB7Ch
mov esi, [ebp+arg_0]
push eax
push eax
push esi
push 4181A0h
call sub_4091F8
push esi
push 418150h
call sub_4091F8
mov eax, ds:41CB84h
add eax, 18Ah
push eax
push esi
push 418108h
call sub_4091F8
mov eax, ds:41CB84h
add eax, 10Ah
push eax
push esi
push 4180CCh
call sub_4091F8
push esi
push 41808Ch
call sub_4091F8
add esp, 3Ch
jmp short loc_40932D
; ---------------------------------------------------------------------------
loc_4092C8: ; CODE XREF: sub_40924E+16�j
lea eax, [ebp+var_100]
push eax
call sub_40A0BC
push eax
call sub_403553
pop ecx
lea eax, [ebp+var_100]
pop ecx
push eax
call dword ptr ds:415248h
mov esi, eax
call near ptr 40C126h
and eax, 0FF000000h
xor esi, eax
push esi
call dword ptr ds:415224h
push eax
lea eax, [ebp+var_100]
push eax
call near ptr 4147F2h
cmp dword ptr ds:41CB8Ch, 0
pop ecx
pop ecx
jz short loc_40932D
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
push 418060h
call sub_4091F8
add esp, 0Ch
loc_40932D: ; CODE XREF: sub_40924E+78�j
; sub_40924E+C6�j
pop esi
leave
retn
sub_40924E endp
; ---------------------------------------------------------------------------
loc_409330: ; DATA XREF: sub_409A7C+11F�o
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 4152B0h
push 414A6Ah
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 13ECh
call near ptr 414880h
push ebx
push esi
push edi
mov [ebp-18h], esp
push 3D2h
push dword ptr [ebp+8]
lea eax, [ebp-3ECh]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
push 7
xor edi, edi
push edi
call near ptr 40C0FFh
add esp, 18h
test eax, eax
jz short loc_4093BC
push 3Ch
push 1
call near ptr 40C0FFh
pop ecx
pop ecx
mov esi, eax
imul esi, 3Ch
jmp short loc_4093AE
; ---------------------------------------------------------------------------
loc_40939E: ; CODE XREF: .data:004093B7�j
dec esi
push 3E8h
call dword ptr ds:4150A4h
cmp esi, edi
jz short loc_4093BC
loc_4093AE: ; CODE XREF: .data:0040939C�j
mov eax, [ebp-3ECh]
cmp [eax+4], edi
jz short loc_40939E
push eax
jmp short loc_4093F5
; ---------------------------------------------------------------------------
loc_4093BC: ; CODE XREF: .data:0040938A�j
; .data:004093AC�j
lea eax, [ebp-3ECh]
mov ds:41CB84h, eax
push 2710h
push edi
lea eax, [ebp-2E8h]
push eax
lea eax, [ebp-3E8h]
push eax
call sub_403CB3
add esp, 10h
mov ebx, eax
mov [ebp-3F0h], ebx
cmp ebx, edi
jnz short loc_4093FF
push dword ptr [ebp-3ECh]
loc_4093F5: ; CODE XREF: .data:004093BA�j
call sub_4069B8
jmp loc_409527
; ---------------------------------------------------------------------------
loc_4093FF: ; CODE XREF: .data:004093ED�j
mov ds:41CB88h, ebx
push 32h
call dword ptr ds:4150A4h
push 8
push 4
call near ptr 40C0FFh
pop ecx
pop ecx
mov esi, eax
test esi, esi
jbe short loc_409435
loc_40941E: ; CODE XREF: .data:00409433�j
push 7Ah
push 61h
call near ptr 40C0FFh
pop ecx
pop ecx
mov [ebp+edi-3FCh], al
inc edi
cmp edi, esi
jb short loc_40941E
loc_409435: ; CODE XREF: .data:0040941C�j
and byte ptr [ebp+esi-3FCh], 0
lea eax, [ebp-262h]
push eax
call sub_40A8D8
pop ecx
test al, al
jz short loc_40945B
lea eax, [ebp-262h]
push eax
call sub_40A888
pop ecx
loc_40945B: ; CODE XREF: .data:0040944C�j
lea eax, [ebp-262h]
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-3FCh]
push eax
lea eax, [ebp-3FCh]
push eax
push 4176CCh
call sub_4091F8
lea eax, [ebp-262h]
push eax
push 4176C4h
call sub_4091F8
add esp, 1Ch
call near ptr 41481Ch
mov [ebp-400h], eax
cmp dword ptr [ebp-1C1h], 2
jnz short loc_4094BA
push 1Eh
push 1
call near ptr 40C0FFh
imul eax, 0EA60h
jmp short loc_4094C9
; ---------------------------------------------------------------------------
loc_4094BA: ; CODE XREF: .data:004094A7�j
push 1B7740h
push 3E8h
call near ptr 40C0FFh
loc_4094C9: ; CODE XREF: .data:004094B8�j
pop ecx
pop ecx
mov [ebp-404h], eax
push 5
push 1
call near ptr 40C0FFh
add eax, eax
mov ds:41CB7Ch, eax
push 0Ah
push 2
call near ptr 40C0FFh
add esp, 10h
lea eax, [eax+eax*4]
mov ds:41CB80h, eax
loc_4094F5: ; CODE XREF: .data:004095FC�j
mov eax, [ebp-3ECh]
xor esi, esi
cmp [eax+4], esi
jnz short loc_409515
cmp ds:41CB88h, esi
jnz short loc_40953B
push 4176BCh
call sub_4091F8
pop ecx
loc_409515: ; CODE XREF: .data:00409500�j
; .data:0040955C�j ...
push ebx
call sub_403E0F
push dword ptr [ebp-3ECh]
call sub_4069B8
pop ecx
loc_409527: ; CODE XREF: .data:004093FA�j
pop ecx
xor eax, eax
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40953B: ; CODE XREF: .data:00409508�j
push ebx
call sub_403534
pop ecx
test eax, eax
jz short loc_40958A
push esi
push 1000h
lea eax, [ebp-1404h]
push eax
push ebx
call dword ptr ds:41524Ch
cmp eax, esi
jz short loc_409515
cmp eax, 0FFFFFFFFh
jz short loc_409515
mov ecx, 0FFFh
cmp eax, ecx
jl short loc_40956E
mov eax, ecx
loc_40956E: ; CODE XREF: .data:0040956A�j
and byte ptr [ebp+eax-1404h], 0
mov [ebp-4], esi
lea eax, [ebp-1404h]
push eax
call sub_409601
pop ecx
or dword ptr [ebp-4], 0FFFFFFFFh
loc_40958A: ; CODE XREF: .data:00409544�j
call near ptr 41481Ch
sub eax, [ebp-400h]
cmp eax, [ebp-404h]
jbe short loc_4095F4
call near ptr 41481Ch
mov [ebp-400h], eax
cmp dword ptr [ebp-1C1h], 2
jnz short loc_4095D0
mov dword ptr [ebp-404h], 1B7740h
jmp short loc_4095E7
; ---------------------------------------------------------------------------
db 33h, 0C0h, 40h
dd 0E8658BC3h, 0FFFC4D83h, 0FC109D8Bh, 0BAEBFFFFh
; ---------------------------------------------------------------------------
loc_4095D0: ; CODE XREF: .data:004095AF�j
push 1B7740h
push 3E8h
call near ptr 40C0FFh
pop ecx
pop ecx
mov [ebp-404h], eax
loc_4095E7: ; CODE XREF: .data:004095BB�j
lea eax, [ebp-2E2h]
push eax
call sub_40924E
pop ecx
loc_4095F4: ; CODE XREF: .data:0040959B�j
push 32h
call dword ptr ds:4150A4h
jmp loc_4094F5
; =============== S U B R O U T I N E =======================================
sub_409601 proc near ; CODE XREF: .data:00409580�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
test edi, edi
jz short loc_409628
cmp byte ptr [edi], 0
jz short loc_409628
push esi
loc_409610: ; CODE XREF: sub_409601+24�j
push edi
call sub_40563E
push edi
mov esi, eax
call sub_40962A
cmp byte ptr [esi], 0
pop ecx
pop ecx
mov edi, esi
jnz short loc_409610
pop esi
loc_409628: ; CODE XREF: sub_409601+7�j
; sub_409601+C�j
pop edi
retn
sub_409601 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40962A proc near ; CODE XREF: sub_409601+18�p
; sub_4096C7+DF�p
var_1044 = byte ptr -1044h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1044h
call near ptr 414880h
push ebx
push esi
push edi
lea eax, [ebp+var_1044]
push [ebp+arg_0]
push eax
call near ptr 4147F2h
lea eax, [ebp+var_4]
mov edi, 417628h
push eax
push edi
push [ebp+arg_0]
call sub_405A0B
mov [ebp+var_24], eax
lea eax, [ebp+var_1044]
add esp, 14h
xor ebx, ebx
mov [ebp+var_44], eax
xor esi, esi
loc_40966E: ; CODE XREF: sub_40962A+82�j
cmp [ebp+esi+var_24], ebx
jz short loc_40969E
lea eax, [ebp+var_4]
push eax
push edi
push ebx
call sub_405A0B
add esp, 0Ch
cmp eax, ebx
mov [ebp+esi+var_20], eax
jz short loc_409696
sub eax, [ebp+arg_0]
lea eax, [ebp+eax+var_1044]
jmp short loc_409698
; ---------------------------------------------------------------------------
loc_409696: ; CODE XREF: sub_40962A+5E�j
xor eax, eax
loc_409698: ; CODE XREF: sub_40962A+6A�j
mov [ebp+esi+var_40], eax
jmp short loc_4096A6
; ---------------------------------------------------------------------------
loc_40969E: ; CODE XREF: sub_40962A+48�j
mov [ebp+esi+var_40], ebx
mov [ebp+esi+var_20], ebx
loc_4096A6: ; CODE XREF: sub_40962A+72�j
add esi, 4
cmp esi, 1Ch
jl short loc_40966E
cmp [ebp+var_24], ebx
pop edi
pop esi
pop ebx
jz short locret_4096C5
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_24]
push eax
call sub_4096C7
pop ecx
pop ecx
locret_4096C5: ; CODE XREF: sub_40962A+8A�j
leave
retn
sub_40962A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096C7 proc near ; CODE XREF: sub_40962A+94�p
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = byte ptr -48h
var_24 = byte ptr -24h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 417784h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_4096FF
mov esi, [esi+4]
test esi, esi
jnz short loc_4096F4
mov esi, 41C42Ch
loc_4096F4: ; CODE XREF: sub_4096C7+26�j
push esi
push 41777Ch
jmp loc_409A64
; ---------------------------------------------------------------------------
loc_4096FF: ; CODE XREF: sub_4096C7+1F�j
push 417774h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40971C
and ds:41CB88h, eax
jmp loc_409A77
; ---------------------------------------------------------------------------
loc_40971C: ; CODE XREF: sub_4096C7+48�j
push 4182E4h
push dword ptr [esi+4]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz loc_4097B3
mov esi, [esi+0Ch]
xor ebx, ebx
cmp esi, ebx
jz loc_409A77
mov edi, [ebp+arg_4]
mov eax, [edi+10h]
cmp eax, ebx
jz loc_409A77
cmp [eax+1], bl
jz loc_409A77
mov eax, ds:41CB84h
add eax, 10Ah
push eax
push esi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_409A77
mov eax, [edi+10h]
inc eax
push eax
mov eax, ds:41CB84h
lea ecx, [eax+10Ah]
add eax, 1ABh
push ecx
push eax
push 4182D0h
lea eax, [ebp+var_248]
push 200h
push eax
call near ptr 41486Eh
lea eax, [ebp+var_248]
push eax
call sub_40962A
add esp, 1Ch
jmp loc_409A77
; ---------------------------------------------------------------------------
loc_4097B3: ; CODE XREF: sub_4096C7+66�j
push 4182CCh
push dword ptr [esi+4]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz short loc_4097DB
mov eax, ds:41CB84h
add eax, 10Ah
push eax
push 41789Ch
jmp loc_409A64
; ---------------------------------------------------------------------------
loc_4097DB: ; CODE XREF: sub_4096C7+FD�j
mov eax, [esi+4]
xor ebx, ebx
cmp eax, ebx
mov edi, 41776Ch
jz loc_4098CC
cmp [esi+0Ch], ebx
jz loc_4098CC
push edi
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_4098CC
mov eax, [esi+0Ch]
cmp byte ptr [eax+1], 1
jnz loc_4098CC
push 417768h
push dword ptr [esi]
call near ptr 414868h
pop ecx
cmp eax, ebx
pop ecx
jz loc_409A77
push 41775Ch
mov [eax], bl
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_40989C
push 417750h
push dword ptr [esi+0Ch]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jz short loc_40989C
push 417748h
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_409877
push 417740h
push dword ptr [esi+0Ch]
call dword ptr ds:415108h
test eax, eax
jnz short loc_4098CC
loc_409877: ; CODE XREF: sub_4096C7+19C�j
mov eax, ds:41CB84h
cmp dword ptr [eax+22Bh], 2
jnz short loc_4098CC
mov eax, [esi+10h]
cmp eax, ebx
jz loc_409A77
push eax
mov eax, [esi]
inc eax
push eax
push 41772Ch
jmp short loc_4098B8
; ---------------------------------------------------------------------------
loc_40989C: ; CODE XREF: sub_4096C7+176�j
; sub_4096C7+189�j
mov eax, ds:41CB84h
cmp dword ptr [eax+22Bh], 2
mov eax, [esi]
jnz short loc_4098C5
push 418294h
loc_4098B1: ; CODE XREF: sub_4096C7+203�j
inc eax
push eax
push 4176F4h
loc_4098B8: ; CODE XREF: sub_4096C7+1D3�j
call sub_4091F8
add esp, 0Ch
jmp loc_409A77
; ---------------------------------------------------------------------------
loc_4098C5: ; CODE XREF: sub_4096C7+1E3�j
push 41770Ch
jmp short loc_4098B1
; ---------------------------------------------------------------------------
loc_4098CC: ; CODE XREF: sub_4096C7+120�j
; sub_4096C7+129�j ...
mov eax, [esi+4]
cmp eax, ebx
jz short loc_409911
push 4176F0h
push eax
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz short loc_409911
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
call sub_40449D
lea eax, [ebp+var_C8]
push eax
push 4176C4h
call sub_4091F8
add esp, 14h
jmp loc_409A77
; ---------------------------------------------------------------------------
loc_409911: ; CODE XREF: sub_4096C7+20A�j
; sub_4096C7+21B�j
push edi
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_409A77
mov eax, ds:41CB84h
add eax, 1ABh
push eax
push dword ptr [esi]
call sub_4073E1
pop ecx
test al, al
pop ecx
jz loc_409A77
mov eax, [esi+0Ch]
cmp byte ptr [eax], 3Ah
jnz loc_409A77
cmp byte ptr [eax+1], 2Eh
jnz loc_409A77
lea edi, [eax+2]
mov eax, ds:41CB84h
cmp [eax+22Bh], ebx
jnz loc_409A77
push 41828Ch
push edi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_409A03
cmp [esi+10h], ebx
jz loc_409A77
cmp [esi+14h], ebx
jz loc_409A77
cmp [esi+18h], ebx
jz loc_409A77
cmp [esi+1Ch], ebx
jz loc_409A77
lea eax, [ebp+var_148]
push eax
call sub_40A0BC
push eax
call sub_403553
push dword ptr [esi+1Ch]
call near ptr 41485Ch
add esp, 0Ch
push eax
push dword ptr [esi+14h]
call near ptr 41485Ch
pop ecx
push eax
push dword ptr [esi+18h]
call near ptr 41485Ch
pop ecx
push eax
lea eax, [ebp+var_148]
push dword ptr [esi+10h]
push eax
mov eax, ds:41CB84h
add eax, 10Ah
push eax
push 418220h
call sub_4091F8
add esp, 1Ch
mov dword ptr ds:41CB8Ch, 1
jmp short loc_409A77
; ---------------------------------------------------------------------------
loc_409A03: ; CODE XREF: sub_4096C7+2B2�j
push 418218h
push edi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_409A6C
push 417914h
push edi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_409A6C
push 417910h
push edi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409A43
mov eax, [ebp+arg_4]
mov eax, [eax+10h]
cmp eax, ebx
jz short loc_409A77
push eax
jmp short loc_409A71
; ---------------------------------------------------------------------------
loc_409A43: ; CODE XREF: sub_4096C7+36D�j
push 418210h
push edi
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409A77
mov eax, ds:41CB84h
add eax, 10Ah
push eax
push 4181F4h
loc_409A64: ; CODE XREF: sub_4096C7+33�j
; sub_4096C7+10F�j
call sub_4091F8
pop ecx
jmp short loc_409A76
; ---------------------------------------------------------------------------
loc_409A6C: ; CODE XREF: sub_4096C7+34B�j
; sub_4096C7+35C�j
push 4181E4h
loc_409A71: ; CODE XREF: sub_4096C7+37A�j
call sub_4091F8
loc_409A76: ; CODE XREF: sub_4096C7+3A3�j
pop ecx
loc_409A77: ; CODE XREF: sub_4096C7+50�j
; sub_4096C7+73�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4096C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A7C proc near ; CODE XREF: sub_409BAD+2F�p
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
jz loc_409BA9
cmp [ebp+arg_8], ebx
jz loc_409BA9
cmp [ebp+arg_C], ebx
jz loc_409BA9
push [ebp+arg_8]
call sub_403370
test eax, eax
pop ecx
jz loc_409BA9
push 3D2h
call near ptr 414804h
mov esi, eax
pop ecx
cmp esi, ebx
jz loc_409BA9
push edi
push 100h
push [ebp+arg_4]
lea eax, [esi+4]
push eax
call sub_40558F
push 6
lea eax, [esi+104h]
push [ebp+arg_8]
push eax
call sub_40558F
mov edi, 80h
lea eax, [esi+10Ah]
push edi
push [ebp+arg_C]
push eax
call sub_40558F
add esp, 24h
cmp [ebp+arg_10], ebx
push 21h
jz short loc_409B1A
push [ebp+arg_10]
lea eax, [esi+18Ah]
push eax
call sub_40558F
add esp, 0Ch
jmp short loc_409B36
; ---------------------------------------------------------------------------
loc_409B1A: ; CODE XREF: sub_409A7C+88�j
lea ebx, [esi+18Ah]
push 41C060h
push ebx
call sub_40558F
push ebx
call near ptr 40C247h
add esp, 10h
xor ebx, ebx
loc_409B36: ; CODE XREF: sub_409A7C+9C�j
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_409B42
mov eax, 418318h
loc_409B42: ; CODE XREF: sub_409A7C+BF�j
push edi
push eax
lea eax, [esi+1ABh]
push eax
call sub_40558F
xor edi, edi
add esp, 0Ch
inc edi
cmp [ebp+arg_18], ebx
jz short loc_409B88
push [ebp+arg_18]
call sub_40B535
cmp eax, ds:41830Ch
pop ecx
jnz short loc_409B74
mov [esi+22Bh], edi
jmp short loc_409B8E
; ---------------------------------------------------------------------------
loc_409B74: ; CODE XREF: sub_409A7C+EE�j
cmp eax, ds:418300h
jnz short loc_409B88
mov dword ptr [esi+22Bh], 2
jmp short loc_409B8E
; ---------------------------------------------------------------------------
loc_409B88: ; CODE XREF: sub_409A7C+DD�j
; sub_409A7C+FE�j
mov [esi+22Bh], ebx
loc_409B8E: ; CODE XREF: sub_409A7C+F6�j
; sub_409A7C+10A�j
push [ebp+arg_8]
push [ebp+arg_4]
push 4182E8h
push edi
push esi
push offset loc_409330
call sub_40689D
add esp, 18h
pop edi
loc_409BA9: ; CODE XREF: sub_409A7C+A�j
; sub_409A7C+13�j ...
pop esi
pop ebx
pop ebp
retn
sub_409A7C endp
; =============== S U B R O U T I N E =======================================
sub_409BAD proc near ; CODE XREF: sub_40826C+265�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_4]
push edi
push 417930h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409BE9
push dword ptr [esi+18h]
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+8]
push dword ptr [esi+4]
push [esp+24h+arg_0]
call sub_409A7C
add esp, 1Ch
jmp loc_409C86
; ---------------------------------------------------------------------------
loc_409BE9: ; CODE XREF: sub_409BAD+17�j
push 417914h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409C06
and ds:41CB88h, eax
jmp loc_409C86
; ---------------------------------------------------------------------------
loc_409C06: ; CODE XREF: sub_409BAD+4C�j
cmp dword ptr ds:41CB88h, 0
jz short loc_409C86
push 4178B0h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409C86
mov eax, [esi+8]
test eax, eax
jz short loc_409C33
push eax
call near ptr 41485Ch
pop ecx
mov edi, eax
jmp short loc_409C36
; ---------------------------------------------------------------------------
loc_409C33: ; CODE XREF: sub_409BAD+79�j
xor edi, edi
inc edi
loc_409C36: ; CODE XREF: sub_409BAD+84�j
mov eax, [esi+0Ch]
test eax, eax
jz short loc_409C48
push eax
call near ptr 41485Ch
pop ecx
mov ebx, eax
jmp short loc_409C4D
; ---------------------------------------------------------------------------
loc_409C48: ; CODE XREF: sub_409BAD+8E�j
mov ebx, 0FAh
loc_409C4D: ; CODE XREF: sub_409BAD+99�j
cmp edi, 50h
jl short loc_409C55
push 50h
pop edi
loc_409C55: ; CODE XREF: sub_409BAD+A3�j
mov eax, 3E8h
cmp ebx, eax
jl short loc_409C60
mov ebx, eax
loc_409C60: ; CODE XREF: sub_409BAD+AF�j
test edi, edi
jle short loc_409C86
loc_409C64: ; CODE XREF: sub_409BAD+D7�j
mov eax, [esi+4]
test eax, eax
jnz short loc_409C75
mov eax, ds:41CB84h
add eax, 10Ah
loc_409C75: ; CODE XREF: sub_409BAD+BC�j
push eax
call sub_40924E
pop ecx
push ebx
call dword ptr ds:4150A4h
dec edi
jnz short loc_409C64
loc_409C86: ; CODE XREF: sub_409BAD+37�j
; sub_409BAD+54�j ...
pop edi
pop esi
pop ebx
retn
sub_409BAD endp
; =============== S U B R O U T I N E =======================================
sub_409C8A proc near ; CODE XREF: sub_409D34+31E�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
jmp short loc_409C95
; ---------------------------------------------------------------------------
loc_409C90: ; CODE XREF: sub_409C8A+10�j
test cl, cl
jz short locret_409C9C
inc eax
loc_409C95: ; CODE XREF: sub_409C8A+4�j
mov cl, [eax]
cmp cl, 20h
jz short loc_409C90
locret_409C9C: ; CODE XREF: sub_409C8A+8�j
retn
sub_409C8A endp
; ---------------------------------------------------------------------------
loc_409C9D: ; DATA XREF: sub_40A061+4B�o
push ebp
mov ebp, esp
sub esp, 52Ch
push esi
push 327h
push dword ptr [ebp+8]
lea eax, [ebp-32Ch]
push eax
call near ptr 414810h
push dword ptr [ebp+8]
call near ptr 41480Ah
lea eax, [ebp-4]
mov esi, 418340h
push eax
lea eax, [ebp-328h]
push esi
push eax
call sub_405A0B
add esp, 1Ch
jmp short loc_409D1D
; ---------------------------------------------------------------------------
loc_409CDE: ; CODE XREF: .data:00409CE2�j
inc eax
loc_409CDF: ; CODE XREF: .data:00409D1F�j
cmp byte ptr [eax], 20h
jz short loc_409CDE
push eax
lea eax, [ebp-187h]
push eax
push 418320h
lea eax, [ebp-52Ch]
push 200h
push eax
call near ptr 41486Eh
lea eax, [ebp-52Ch]
push eax
call sub_40B1AA
lea eax, [ebp-4]
push eax
push esi
push 0
call sub_405A0B
add esp, 24h
loc_409D1D: ; CODE XREF: .data:00409CDC�j
test eax, eax
jnz short loc_409CDF
push dword ptr [ebp-32Ch]
call sub_4069B8
pop ecx
xor eax, eax
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D34 proc near ; CODE XREF: sub_40A061+6�p
var_1D4 = byte ptr -1D4h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1D4h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
test esi, esi
jz loc_40A05A
cmp byte ptr [esi], 28h
jnz loc_40A05A
inc esi
push 4183A8h
push esi
call near ptr 414868h
pop ecx
mov [ebp+var_4], eax
test eax, eax
pop ecx
jz loc_40A05A
sub eax, esi
lea ecx, [eax+1]
mov eax, 180h
cmp ecx, eax
ja short loc_409D7D
mov eax, ecx
loc_409D7D: ; CODE XREF: sub_409D34+45�j
push eax
lea eax, [ebp+var_1D4]
push esi
push eax
call sub_40558F
push 1
lea eax, [ebp+var_1D4]
push 1
push eax
call sub_40569A
lea eax, [ebp+arg_0]
mov ebx, 4183A4h
push eax
lea eax, [ebp+var_1D4]
push ebx
push eax
call sub_405A0B
add esp, 24h
jmp loc_40A045
; ---------------------------------------------------------------------------
loc_409DB9: ; CODE XREF: sub_409D34+89�j
inc eax
loc_409DBA: ; CODE XREF: sub_409D34+313�j
cmp byte ptr [eax], 20h
jz short loc_409DB9
lea ecx, [ebp+var_54]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_34]
push ecx
push 418394h
push eax
call near ptr 414862h
add esp, 14h
cmp eax, 3
jnz loc_40A05A
lea eax, [ebp+var_34]
push eax
call near ptr 41485Ch
mov edi, eax
lea eax, [ebp+var_54]
push eax
call near ptr 41485Ch
pop ecx
mov esi, eax
test edi, edi
pop ecx
jnz loc_409ECC
lea eax, [ebp+var_34]
push 41703Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz loc_409ECC
lea eax, [ebp+var_34]
push 41838Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409E41
call sub_406625
xor edx, edx
mov ecx, 15180h
div ecx
jmp loc_409ECA
; ---------------------------------------------------------------------------
loc_409E41: ; CODE XREF: sub_409D34+F8�j
lea eax, [ebp+var_34]
push 418380h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409E5C
mov edi, 38Bh
jmp short loc_409ECC
; ---------------------------------------------------------------------------
loc_409E5C: ; CODE XREF: sub_409D34+11F�j
lea eax, [ebp+var_34]
push 418378h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409E77
call sub_406327
jmp short loc_409ECA
; ---------------------------------------------------------------------------
loc_409E77: ; CODE XREF: sub_409D34+13A�j
lea eax, [ebp+var_34]
push 41836Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409E92
call sub_405F2B
jmp short loc_409ECA
; ---------------------------------------------------------------------------
loc_409E92: ; CODE XREF: sub_409D34+155�j
lea eax, [ebp+var_34]
push 418360h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409EAD
call sub_40339B
jmp short loc_409ECA
; ---------------------------------------------------------------------------
loc_409EAD: ; CODE XREF: sub_409D34+170�j
lea eax, [ebp+var_34]
push 418358h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40A05A
call sub_4034C0
loc_409ECA: ; CODE XREF: sub_409D34+108�j
; sub_409D34+141�j ...
mov edi, eax
loc_409ECC: ; CODE XREF: sub_409D34+C8�j
; sub_409D34+E0�j ...
test esi, esi
jnz loc_409F9E
lea eax, [ebp+var_54]
push 41703Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz loc_409F9E
lea eax, [ebp+var_54]
push 41838Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409F13
call sub_406625
xor edx, edx
mov ecx, 15180h
div ecx
jmp loc_409F9C
; ---------------------------------------------------------------------------
loc_409F13: ; CODE XREF: sub_409D34+1CA�j
lea eax, [ebp+var_54]
push 418380h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409F2E
mov esi, 38Bh
jmp short loc_409F9E
; ---------------------------------------------------------------------------
loc_409F2E: ; CODE XREF: sub_409D34+1F1�j
lea eax, [ebp+var_54]
push 418378h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409F49
call sub_406327
jmp short loc_409F9C
; ---------------------------------------------------------------------------
loc_409F49: ; CODE XREF: sub_409D34+20C�j
lea eax, [ebp+var_54]
push 41836Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409F64
call sub_405F2B
jmp short loc_409F9C
; ---------------------------------------------------------------------------
loc_409F64: ; CODE XREF: sub_409D34+227�j
lea eax, [ebp+var_54]
push 418360h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409F7F
call sub_40339B
jmp short loc_409F9C
; ---------------------------------------------------------------------------
loc_409F7F: ; CODE XREF: sub_409D34+242�j
lea eax, [ebp+var_54]
push 418358h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40A05A
call sub_4034C0
loc_409F9C: ; CODE XREF: sub_409D34+1DA�j
; sub_409D34+213�j ...
mov esi, eax
loc_409F9E: ; CODE XREF: sub_409D34+19A�j
; sub_409D34+1B2�j ...
lea eax, [ebp+var_14]
push 418354h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409FBA
cmp edi, esi
jnz loc_40A05A
loc_409FBA: ; CODE XREF: sub_409D34+27C�j
lea eax, [ebp+var_14]
push 418350h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409FD6
cmp edi, esi
jz loc_40A05A
loc_409FD6: ; CODE XREF: sub_409D34+298�j
lea eax, [ebp+var_14]
push 41834Ch
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_409FEE
cmp edi, esi
jbe short loc_40A05A
loc_409FEE: ; CODE XREF: sub_409D34+2B4�j
lea eax, [ebp+var_14]
push 418348h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40A006
cmp edi, esi
jb short loc_40A05A
loc_40A006: ; CODE XREF: sub_409D34+2CC�j
lea eax, [ebp+var_14]
push 417BDCh
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40A01E
cmp edi, esi
jnb short loc_40A05A
loc_40A01E: ; CODE XREF: sub_409D34+2E4�j
lea eax, [ebp+var_14]
push 418344h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40A036
cmp edi, esi
ja short loc_40A05A
loc_40A036: ; CODE XREF: sub_409D34+2FC�j
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
call sub_405A0B
add esp, 0Ch
loc_40A045: ; CODE XREF: sub_409D34+80�j
test eax, eax
jnz loc_409DBA
mov eax, [ebp+var_4]
inc eax
push eax
call sub_409C8A
pop ecx
jmp short loc_40A05C
; ---------------------------------------------------------------------------
loc_40A05A: ; CODE XREF: sub_409D34+11�j
; sub_409D34+1A�j ...
xor eax, eax
loc_40A05C: ; CODE XREF: sub_409D34+324�j
pop edi
pop esi
pop ebx
leave
retn
sub_409D34 endp
; =============== S U B R O U T I N E =======================================
sub_40A061 proc near ; CODE XREF: sub_40826C+91E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
push [esp+8+arg_4]
call sub_409D34
mov edi, eax
pop ecx
test edi, edi
jz short loc_40A0B9
push 327h
call near ptr 414804h
mov esi, eax
pop ecx
test esi, esi
jz short loc_40A0B9
push 180h
lea eax, [esi+4]
push edi
push eax
call sub_40558F
push [esp+14h+arg_0]
lea eax, [esi+184h]
push eax
call sub_403F0B
push edi
push 4183ACh
push 0
push esi
push offset loc_409C9D
call sub_40689D
add esp, 28h
loc_40A0B9: ; CODE XREF: sub_40A061+10�j
; sub_40A061+21�j
pop edi
pop esi
retn
sub_40A061 endp
; =============== S U B R O U T I N E =======================================
sub_40A0BC proc near ; CODE XREF: .text:00401B98�p
; sub_40924E+81�p ...
mov eax, ds:41CC98h
retn
sub_40A0BC endp
; =============== S U B R O U T I N E =======================================
sub_40A0C2 proc near ; CODE XREF: sub_40A3D1+11�p
; sub_40A3D1+16D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push edi
jz short loc_40A0FB
push [esp+4+arg_0]
push 41CB90h
call near ptr 4147F2h
cmp [esp+0Ch+arg_4], 0
pop ecx
pop ecx
mov edi, 41CC90h
jz short loc_40A0F4
push [esp+4+arg_4]
loc_40A0EA: ; CODE XREF: sub_40A0C2+37�j
push edi
call near ptr 4147F2h
pop ecx
pop ecx
jmp short loc_40A148
; ---------------------------------------------------------------------------
loc_40A0F4: ; CODE XREF: sub_40A0C2+22�j
push 4183C8h
jmp short loc_40A0EA
; ---------------------------------------------------------------------------
loc_40A0FB: ; CODE XREF: sub_40A0C2+6�j
xor edi, edi
cmp ds:41C020h, edi
jz short loc_40A110
loc_40A105: ; CODE XREF: sub_40A0C2+4C�j
inc edi
cmp dword ptr ds:41C020h[edi*8], 0
jnz short loc_40A105
loc_40A110: ; CODE XREF: sub_40A0C2+41�j
call near ptr 40C126h
xor edx, edx
div edi
push dword ptr ds:41C020h[edx*8]
push 41CB90h
call near ptr 4147F2h
call near ptr 40C126h
xor edx, edx
div edi
mov edi, 41CC90h
push dword ptr ds:41C024h[edx*8]
push edi
call near ptr 4147F2h
add esp, 10h
loc_40A148: ; CODE XREF: sub_40A0C2+30�j
push 41CB90h
call near ptr 40C206h
push edi
call near ptr 40C206h
pop ecx
pop ecx
pop edi
retn
sub_40A0C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A15C proc near ; CODE XREF: sub_40A3D1+1CC�p
; .data:0040ADB9�p
var_238 = byte ptr -238h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 238h
lea eax, [ebp+var_238]
push esi
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_A0]
push eax
call sub_40449D
xor esi, esi
add esp, 0Ch
cmp [ebp+arg_0], esi
jz short loc_40A1FB
cmp byte ptr ds:41D090h, 0
lea eax, [ebp+var_120]
jz short loc_40A1A1
push 41D090h
push eax
jmp short loc_40A1A7
; ---------------------------------------------------------------------------
loc_40A1A1: ; CODE XREF: sub_40A15C+3B�j
push eax
push 41D090h
loc_40A1A7: ; CODE XREF: sub_40A15C+43�j
call near ptr 4147F2h
cmp byte ptr ds:41D210h, 0
pop ecx
pop ecx
lea eax, [ebp+var_238]
jz short loc_40A1C5
push 41D210h
push eax
jmp short loc_40A1CB
; ---------------------------------------------------------------------------
loc_40A1C5: ; CODE XREF: sub_40A15C+5F�j
push eax
push 41D210h
loc_40A1CB: ; CODE XREF: sub_40A15C+67�j
call near ptr 4147F2h
pop ecx
lea eax, [ebp+var_238]
pop ecx
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_120]
push eax
lea eax, [ebp+var_120]
push eax
push 4176CCh
call sub_40A79C
add esp, 14h
loc_40A1FB: ; CODE XREF: sub_40A15C+2C�j
cmp [ebp+arg_4], esi
jz loc_40A3CE
cmp [ebp+arg_0], esi
jz short loc_40A228
cmp byte ptr ds:41D010h, 0
jz short loc_40A228
push 41D010h
push 4176C4h
call sub_40A79C
pop ecx
pop ecx
jmp loc_40A3CE
; ---------------------------------------------------------------------------
loc_40A228: ; CODE XREF: sub_40A15C+AB�j
; sub_40A15C+B4�j
call sub_406625
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, 4
mov [ebp+arg_4], eax
jnb short loc_40A278
call sub_404A75
test eax, eax
jnz short loc_40A278
lea eax, [ebp+var_A0]
push 41C060h
push eax
call near ptr 4147F2h
lea eax, [ebp+var_A0]
push eax
call near ptr 40C247h
lea eax, [ebp+var_A0]
push eax
call sub_40A888
add esp, 10h
jmp loc_40A3A9
; ---------------------------------------------------------------------------
loc_40A278: ; CODE XREF: sub_40A15C+E0�j
; sub_40A15C+E9�j
call sub_4049C8
lea eax, [ebp+var_20]
push eax
call sub_405B54
test eax, eax
pop ecx
jnz short loc_40A29B
lea eax, [ebp+var_20]
push 4183F4h
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_40A29B: ; CODE XREF: sub_40A15C+12D�j
call sub_406327
mov ecx, 400h
cmp eax, ecx
jbe short loc_40A2B0
call sub_406327
jmp short loc_40A2B2
; ---------------------------------------------------------------------------
loc_40A2B0: ; CODE XREF: sub_40A15C+14B�j
mov eax, ecx
loc_40A2B2: ; CODE XREF: sub_40A15C+152�j
shr eax, 0Ah
push ebx
mov [ebp+arg_0], eax
call sub_405F2B
cmp eax, 2EEh
mov ebx, 4183F0h
jnb short loc_40A2CF
mov ebx, 4183ECh
loc_40A2CF: ; CODE XREF: sub_40A15C+16C�j
cmp eax, 1F4h
jnb short loc_40A2DB
mov ebx, 4183E8h
loc_40A2DB: ; CODE XREF: sub_40A15C+178�j
push edi
push 24h
pop ecx
xor eax, eax
lea edi, [ebp+var_1B0]
mov [ebp+var_1B4], 94h
rep stosd
lea eax, [ebp+var_1B4]
push eax
call dword ptr ds:41502Ch
cmp [ebp+var_1B0], 5
pop edi
jnz short loc_40A316
cmp [ebp+var_1AC], 1
jnz short loc_40A316
xor esi, esi
inc esi
loc_40A316: ; CODE XREF: sub_40A15C+1AC�j
; sub_40A15C+1B5�j
push 5Ah
push 41h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call near ptr 40C0FFh
pop ecx
pop ecx
test esi, esi
push eax
setz al
dec al
and al, 2Fh
add al, 2Dh
movsx eax, al
push eax
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_20]
push 5Dh
push [ebp+arg_4]
push 5Bh
push 5Dh
push eax
push 5Bh
lea eax, [ebp+var_A0]
push 4183D0h
push eax
call near ptr 414816h
add esp, 34h
cmp byte ptr ds:41C0F0h, 0
pop ebx
jz short loc_40A3A9
mov esi, 41C070h
push 41C0F0h
push esi
call near ptr 4147F2h
push esi
call near ptr 40C247h
add esp, 0Ch
cmp byte ptr ds:41C170h, 0
jz short loc_40A3A9
mov esi, 41CF10h
push 41C170h
push esi
call near ptr 4147F2h
push esi
call near ptr 40C247h
add esp, 0Ch
loc_40A3A9: ; CODE XREF: sub_40A15C+117�j
; sub_40A15C+210�j ...
lea eax, [ebp+var_A0]
push eax
push 4176C4h
call sub_40A79C
lea eax, [ebp+var_A0]
push eax
push 41D010h
call near ptr 4147F2h
add esp, 10h
loc_40A3CE: ; CODE XREF: sub_40A15C+A2�j
; sub_40A15C+C7�j
pop esi
leave
retn
sub_40A15C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3D1 proc near ; CODE XREF: sub_40826C+EFF�p
; .data:0040ACB3�p
var_2A4 = byte ptr -2A4h
var_10C = byte ptr -10Ch
var_10A = byte ptr -10Ah
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2A4h
push ebx
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40A0C2
push dword ptr ds:41CC98h
call sub_403E0F
mov esi, 41CB90h
mov [ebp+arg_4], 0EA60h
push esi
call near ptr 40C247h
mov ebx, 41CC90h
push ebx
call near ptr 40C247h
push 2710h
push 1
push ebx
push esi
call sub_403CB3
push esi
mov ds:41CC98h, eax
call near ptr 40C206h
push ebx
call near ptr 40C206h
add esp, 2Ch
cmp dword ptr ds:41CC98h, 0
jnz loc_40A599
push edi
loc_40A43F: ; CODE XREF: sub_40A3D1+1C1�j
mov al, ds:41C42Ch
push 3Fh
mov [ebp+var_100], al
pop ecx
xor eax, eax
lea edi, [ebp+var_FF]
rep stosd
stosw
stosb
lea eax, [ebp+var_100]
push eax
push esi
call sub_403695
lea eax, [ebp+var_100]
push eax
call sub_403313
add esp, 0Ch
xor edi, edi
test eax, eax
jz short loc_40A4F5
push 1A3h
lea eax, [ebp+var_2A4]
push edi
push eax
call near ptr 414822h
add esp, 0Ch
xor eax, eax
cmp ds:41C030h, edi
mov [ebp+var_10A], 1
mov [ebp+var_10C], 1
jz short loc_40A4E8
loc_40A4A9: ; CODE XREF: sub_40A3D1+E0�j
inc eax
cmp ds:41C030h[eax*4], edi
jnz short loc_40A4A9
cmp eax, edi
jz short loc_40A4E8
push eax
push edi
call near ptr 40C0FFh
lea edi, ds:41C030h[eax*4]
push dword ptr [edi]
call near ptr 40C247h
push 0
lea eax, [ebp+var_2A4]
push dword ptr [edi]
push eax
call sub_40271C
push dword ptr [edi]
call near ptr 40C206h
add esp, 1Ch
xor edi, edi
loc_40A4E8: ; CODE XREF: sub_40A3D1+D6�j
; sub_40A3D1+E4�j
mov eax, 36EE80h
cmp [ebp+arg_4], eax
jg short loc_40A4F5
mov [ebp+arg_4], eax
loc_40A4F5: ; CODE XREF: sub_40A3D1+A9�j
; sub_40A3D1+11F�j
lea eax, [ebp+var_100]
push eax
call near ptr 40C206h
lea eax, [ebp+var_100]
push eax
push 41C038h
call near ptr 414A8Eh
add esp, 0Ch
test eax, eax
jnz short loc_40A520
mov [ebp+arg_4], 1499700h
loc_40A520: ; CODE XREF: sub_40A3D1+146�j
lea eax, [ebp+var_100]
push eax
push 41C038h
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz short loc_40A53C
call sub_404F93
loc_40A53C: ; CODE XREF: sub_40A3D1+164�j
push edi
push edi
call sub_40A0C2
pop ecx
pop ecx
push [ebp+arg_4]
call dword ptr ds:4150A4h
cmp [ebp+arg_4], 0A4CB80h
jge short loc_40A55E
add [ebp+arg_4], 0EA60h
loc_40A55E: ; CODE XREF: sub_40A3D1+184�j
push esi
call near ptr 40C247h
push ebx
call near ptr 40C247h
push 2710h
push 1
push ebx
push esi
call sub_403CB3
push esi
mov ds:41CC98h, eax
call near ptr 40C206h
push ebx
call near ptr 40C206h
add esp, 20h
cmp ds:41CC98h, edi
jz loc_40A43F
pop edi
loc_40A599: ; CODE XREF: sub_40A3D1+67�j
push 1
push 1
call sub_40A15C
pop ecx
pop ecx
pop esi
pop ebx
leave
retn
sub_40A3D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5A8 proc near ; CODE XREF: .text:00401C6B�p
; sub_40826C+778�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call near ptr 414880h
push [ebp+arg_0]
lea eax, [ebp+var_1000]
push 4183F8h
push eax
call near ptr 414816h
lea ecx, [ebp+arg_8]
push ecx
mov ecx, 1000h
push [ebp+arg_4]
sub ecx, eax
lea eax, [ebp+eax+var_1000]
push ecx
push eax
call near ptr 414A94h
lea eax, [ebp+var_1000]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_1000]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_1000]
push eax
push dword ptr ds:41CC98h
call sub_403E36
add esp, 34h
leave
retn
sub_40A5A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A61A proc near ; CODE XREF: .text:00401CA2�p
; sub_4027D5+10E�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call near ptr 414880h
push [ebp+arg_0]
lea eax, [ebp+var_1000]
push 418404h
push eax
call near ptr 414816h
lea ecx, [ebp+arg_8]
push ecx
mov ecx, 1000h
push [ebp+arg_4]
sub ecx, eax
lea eax, [ebp+eax+var_1000]
push ecx
push eax
call near ptr 414A94h
lea eax, [ebp+var_1000]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_1000]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_1000]
push eax
push dword ptr ds:41CC98h
call sub_403E36
add esp, 34h
leave
retn
sub_40A61A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A68C proc near ; CODE XREF: sub_4011BE+4C�p
; sub_4011BE+1DA�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call near ptr 414880h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+198h], 0
jnz loc_40A799
mov eax, [esi+121h]
push edi
cmp eax, 1
jnz short loc_40A6C1
lea eax, [esi+21h]
push eax
push 4183F8h
jmp short loc_40A6E6
; ---------------------------------------------------------------------------
loc_40A6C1: ; CODE XREF: sub_40A68C+28�j
cmp eax, 2
jnz short loc_40A6D1
lea eax, [esi+21h]
push eax
push 418434h
jmp short loc_40A6E6
; ---------------------------------------------------------------------------
loc_40A6D1: ; CODE XREF: sub_40A68C+38�j
cmp eax, 3
lea eax, [esi+21h]
push eax
jnz short loc_40A6E1
push 418424h
jmp short loc_40A6E6
; ---------------------------------------------------------------------------
loc_40A6E1: ; CODE XREF: sub_40A68C+4C�j
push 418404h
loc_40A6E6: ; CODE XREF: sub_40A68C+33�j
; sub_40A68C+43�j ...
lea eax, [ebp+var_1000]
push eax
call near ptr 414816h
add esp, 0Ch
cmp dword ptr [esi+19Fh], 0
mov edi, eax
jz short loc_40A723
mov eax, [esi+121h]
cmp eax, 2
jz short loc_40A710
cmp eax, 3
jnz short loc_40A723
loc_40A710: ; CODE XREF: sub_40A68C+7D�j
lea eax, [ebp+var_1000]
push 418418h
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_40A723: ; CODE XREF: sub_40A68C+72�j
; sub_40A68C+82�j
lea eax, [ebp+arg_8]
push eax
mov eax, 1000h
push [ebp+arg_4]
sub eax, edi
push eax
lea eax, [ebp+edi+var_1000]
push eax
call near ptr 414A94h
mov esi, [esi+121h]
add esp, 10h
cmp esi, 2
pop edi
jz short loc_40A753
cmp esi, 3
jnz short loc_40A766
loc_40A753: ; CODE XREF: sub_40A68C+C0�j
lea eax, [ebp+var_1000]
push 418414h
push eax
call near ptr 414828h
pop ecx
pop ecx
loc_40A766: ; CODE XREF: sub_40A68C+C5�j
lea eax, [ebp+var_1000]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_1000]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_1000]
push eax
push dword ptr ds:41CC98h
call sub_403E36
add esp, 18h
loc_40A799: ; CODE XREF: sub_40A68C+18�j
pop esi
leave
retn
sub_40A68C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A79C proc near ; CODE XREF: sub_4027D5:loc_40295E�p
; sub_404F93+D8�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call near ptr 414880h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_1000]
push [ebp+arg_0]
push 1000h
push eax
call near ptr 414A94h
lea eax, [ebp+var_1000]
push 416214h
push eax
call near ptr 414828h
lea eax, [ebp+var_1000]
push eax
call near ptr 4147F8h
push eax
lea eax, [ebp+var_1000]
push eax
push dword ptr ds:41CC98h
call sub_403E36
add esp, 28h
leave
retn
sub_40A79C endp
; =============== S U B R O U T I N E =======================================
sub_40A7F6 proc near ; CODE XREF: sub_40A804+B�p
push 0
push 418444h
call dword ptr ds:4151ECh
retn
sub_40A7F6 endp
; =============== S U B R O U T I N E =======================================
sub_40A804 proc near ; CODE XREF: sub_40826C+F50�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push esi
push edi
xor edi, edi
cmp [esp+0Ch+arg_0], edi
jz short loc_40A884
call sub_40A7F6
mov esi, eax
cmp esi, edi
mov [esp+0Ch+var_4], esi
jz short loc_40A884
push ebx
push ebp
push 418444h
push 1000h
push edi
push 4
push edi
push 0FFFFFFFFh
call dword ptr ds:4150FCh
push edi
push edi
mov ebx, eax
push edi
push 0F001Fh
push ebx
call dword ptr ds:415100h
push [esp+14h+arg_0]
mov ebp, eax
push ebp
call near ptr 414816h
pop ecx
pop ecx
push edi
push 1
push 4C8h
push esi
mov esi, ds:4151F0h
call esi
push edi
push 1
push 4C9h
push [esp+20h+var_4]
call esi
push ebp
call dword ptr ds:415104h
push ebx
call dword ptr ds:4150ACh
pop ebp
pop ebx
loc_40A884: ; CODE XREF: sub_40A804+9�j
; sub_40A804+18�j
pop edi
pop esi
pop ecx
retn
sub_40A804 endp
; =============== S U B R O U T I N E =======================================
sub_40A888 proc near ; CODE XREF: .rdata:0040760E�p
; .rdata:00407B79�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push edi
push ebx
call near ptr 4147F8h
mov ebp, eax
xor edi, edi
test ebp, ebp
pop ecx
jle short loc_40A8D4
push esi
loc_40A89F: ; CODE XREF: sub_40A888+49�j
lea esi, [edi+ebx]
mov al, [esi]
cmp al, 23h
jnz short loc_40A8AE
push 39h
push 30h
jmp short loc_40A8C5
; ---------------------------------------------------------------------------
loc_40A8AE: ; CODE XREF: sub_40A888+1E�j
cmp al, 3Fh
jnz short loc_40A8CE
call near ptr 40C169h
test eax, eax
jz short loc_40A8C1
push 7Ah
push 61h
jmp short loc_40A8C5
; ---------------------------------------------------------------------------
loc_40A8C1: ; CODE XREF: sub_40A888+31�j
push 5Ah
push 41h
loc_40A8C5: ; CODE XREF: sub_40A888+24�j
; sub_40A888+37�j
call near ptr 40C0FFh
pop ecx
mov [esi], al
pop ecx
loc_40A8CE: ; CODE XREF: sub_40A888+28�j
inc edi
cmp edi, ebp
jl short loc_40A89F
pop esi
loc_40A8D4: ; CODE XREF: sub_40A888+14�j
pop edi
pop ebp
pop ebx
retn
sub_40A888 endp
; =============== S U B R O U T I N E =======================================
sub_40A8D8 proc near ; CODE XREF: .data:00409444�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call near ptr 4147F8h
pop ecx
xor ecx, ecx
test eax, eax
jle short loc_40A8FC
loc_40A8EA: ; CODE XREF: sub_40A8D8+22�j
mov dl, [ecx+esi]
cmp dl, 23h
jz short loc_40A900
cmp dl, 3Fh
jz short loc_40A900
inc ecx
cmp ecx, eax
jl short loc_40A8EA
loc_40A8FC: ; CODE XREF: sub_40A8D8+10�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40A900: ; CODE XREF: sub_40A8D8+18�j
; sub_40A8D8+1D�j
mov al, 1
pop esi
retn
sub_40A8D8 endp
; ---------------------------------------------------------------------------
loc_40A904: ; CODE XREF: sub_40B1AA+182�p
push ebp
mov ebp, esp
sub esp, 338h
push ebx
push esi
mov esi, [ebp+14h]
push edi
push 417784h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40A937
push dword ptr [esi+4]
push 41777Ch
loc_40A92D: ; CODE XREF: .data:0040AC9A�j
; .data:0040ACF9�j ...
call sub_40A79C
jmp loc_40AD9C
; ---------------------------------------------------------------------------
loc_40A937: ; CODE XREF: .data:0040A923�j
push 4184FCh
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz loc_40B1A5
push 4184F4h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz loc_40B1A5
push 41776Ch
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
xor edi, edi
test eax, eax
pop ecx
jnz loc_40AB3E
mov eax, [esi+0Ch]
cmp eax, edi
jz loc_40AB3E
cmp byte ptr [eax+1], 1
jnz loc_40AB3E
push 4184ECh
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40AAA2
mov eax, [esi+10h]
cmp eax, edi
jz loc_40AAA2
push 4184E4h
push eax
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40AAA2
cmp [ebp+8], edi
jz loc_40AAA2
mov ecx, [esi+14h]
cmp ecx, edi
jz loc_40B1A5
cmp [esi+18h], edi
jz loc_40B1A5
cmp [esi+1Ch], edi
jz loc_40B1A5
mov eax, [esi+20h]
cmp eax, edi
jz loc_40B1A5
cmp byte ptr [ecx], 22h
jz loc_40B1A5
push eax
call near ptr 4147F8h
mov ecx, [esi+20h]
push dword ptr [ebp+0Ch]
and byte ptr [eax+ecx], 0
lea eax, [ebp-260h]
push eax
call near ptr 4147F2h
lea eax, [ebp-23Fh]
push 41C070h
push eax
call near ptr 4147F2h
push 7Ah
lea eax, [ebp-13Bh]
push edi
push eax
mov [ebp-13Fh], edi
call near ptr 414822h
push dword ptr [esi+18h]
mov dword ptr [ebp-0C1h], 1
call near ptr 41485Ch
movzx ecx, al
push ecx
mov ecx, eax
shr ecx, 8
movzx ecx, cl
push ecx
mov ecx, eax
shr ecx, 10h
movzx ecx, cl
shr eax, 18h
push ecx
push eax
lea eax, [ebp-2Ch]
push 416A88h
push eax
call near ptr 414816h
push dword ptr [esi+20h]
lea eax, [ebp-2Ch]
push dword ptr [esi+1Ch]
push eax
lea eax, [ebp-260h]
push dword ptr [esi+14h]
push dword ptr [ebp+0Ch]
push eax
call sub_401E49
add esp, 54h
jmp loc_40B1A5
; ---------------------------------------------------------------------------
loc_40AAA2: ; CODE XREF: .data:0040A9A2�j
; .data:0040A9AD�j ...
push 41775Ch
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_40AB02
push 417750h
push dword ptr [esi+0Ch]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jz short loc_40AB02
push 417748h
push dword ptr [esi+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_40AAED
push 417740h
push dword ptr [esi+0Ch]
call dword ptr ds:415108h
test eax, eax
jnz short loc_40AB3E
loc_40AAED: ; CODE XREF: .data:0040AAD9�j
mov eax, [ebp+18h]
mov eax, [eax+0Ch]
inc eax
push eax
push dword ptr [ebp+0Ch]
call sub_40A5A8
jmp loc_40AD9C
; ---------------------------------------------------------------------------
loc_40AB02: ; CODE XREF: .data:0040AAB3�j
; .data:0040AAC6�j
cmp [ebp+8], edi
jz short loc_40AB27
push 41C1F0h
push 38Bh
push edi
push 4184C0h
push dword ptr [ebp+0Ch]
call sub_40A5A8
add esp, 14h
jmp loc_40B1A5
; ---------------------------------------------------------------------------
loc_40AB27: ; CODE XREF: .data:0040AB05�j
push 4184B0h
push 4184A0h
push dword ptr [ebp+0Ch]
call sub_40A5A8
jmp loc_40AE2E
; ---------------------------------------------------------------------------
loc_40AB3E: ; CODE XREF: .data:0040A978�j
; .data:0040A983�j ...
push 4176F0h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40AC9F
call sub_406625
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, 4
mov [ebp+18h], eax
jnb short loc_40ABA5
call sub_404A75
test eax, eax
jnz short loc_40ABA5
lea eax, [ebp-0BCh]
push 41C060h
push eax
call near ptr 4147F2h
lea eax, [ebp-0BCh]
push eax
call near ptr 40C247h
lea eax, [ebp-0BCh]
push eax
call sub_40A888
add esp, 10h
jmp loc_40AC8E
; ---------------------------------------------------------------------------
loc_40ABA5: ; CODE XREF: .data:0040AB69�j
; .data:0040AB72�j
call sub_4049C8
lea eax, [ebp-3Ch]
push eax
call sub_405B54
test eax, eax
pop ecx
jnz short loc_40ABC8
lea eax, [ebp-3Ch]
push 4183F4h
push eax
call near ptr 4147F2h
pop ecx
pop ecx
loc_40ABC8: ; CODE XREF: .data:0040ABB6�j
call sub_406327
mov ecx, 400h
cmp eax, ecx
jbe short loc_40ABDD
call sub_406327
jmp short loc_40ABDF
; ---------------------------------------------------------------------------
loc_40ABDD: ; CODE XREF: .data:0040ABD4�j
mov eax, ecx
loc_40ABDF: ; CODE XREF: .data:0040ABDB�j
shr eax, 0Ah
mov [ebp+0Ch], eax
call sub_405F2B
cmp eax, 3E8h
mov ebx, 4183F0h
jnb short loc_40ABFB
mov ebx, 4183ECh
loc_40ABFB: ; CODE XREF: .data:0040ABF4�j
cmp eax, 1F4h
jnb short loc_40AC07
mov ebx, 4183E8h
loc_40AC07: ; CODE XREF: .data:0040AC00�j
push 24h
xor eax, eax
pop ecx
lea edi, [ebp-14Ch]
mov dword ptr [ebp-150h], 94h
xor esi, esi
rep stosd
lea eax, [ebp-150h]
push eax
call dword ptr ds:41502Ch
cmp dword ptr [ebp-14Ch], 5
jnz short loc_40AC40
cmp dword ptr [ebp-148h], 1
jnz short loc_40AC40
inc esi
loc_40AC40: ; CODE XREF: .data:0040AC34�j
; .data:0040AC3D�j
push 5Ah
push 41h
call near ptr 40C0FFh
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call near ptr 40C0FFh
pop ecx
pop ecx
test esi, esi
push eax
setz al
dec al
and al, 2Fh
add al, 2Dh
movsx eax, al
push eax
push ebx
push dword ptr [ebp+0Ch]
lea eax, [ebp-3Ch]
push 5Dh
push dword ptr [ebp+18h]
push 5Bh
push 5Dh
push eax
push 5Bh
lea eax, [ebp-0BCh]
push 4183D0h
push eax
call near ptr 414816h
add esp, 34h
loc_40AC8E: ; CODE XREF: .data:0040ABA0�j
lea eax, [ebp-0BCh]
push eax
push 4176C4h
jmp loc_40A92D
; ---------------------------------------------------------------------------
loc_40AC9F: ; CODE XREF: .data:0040AB4F�j
push 417774h
push dword ptr [esi]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40ACBD
push edi
push edi
call sub_40A3D1
jmp loc_40AD9C
; ---------------------------------------------------------------------------
loc_40ACBD: ; CODE XREF: .data:0040ACAF�j
push 418498h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
mov edi, 41D010h
test eax, eax
pop ecx
jnz short loc_40ACFE
push edi
push dword ptr [ebp+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40ACFE
mov eax, [esi+8]
xor ebx, ebx
cmp eax, ebx
jz short loc_40AD00
cmp byte ptr [eax], 3Ah
jnz short loc_40ACF3
inc eax
loc_40ACF3: ; CODE XREF: .data:0040ACF0�j
push eax
push 418488h
jmp loc_40A92D
; ---------------------------------------------------------------------------
loc_40ACFE: ; CODE XREF: .data:0040ACD3�j
; .data:0040ACE2�j
xor ebx, ebx
loc_40AD00: ; CODE XREF: .data:0040ACEB�j
push 4182CCh
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40ADA3
push 21h
lea eax, [ebp-3Ch]
push dword ptr [esi+8]
push eax
call near ptr 4147FEh
lea eax, [ebp-3Ch]
push eax
push edi
call near ptr 4147F2h
lea eax, [ebp-3Ch]
push eax
push 41847Ch
call sub_40A79C
push 41CF10h
push 41C070h
push 4178F4h
call sub_40A79C
add esp, 28h
lea eax, [ebp-1BCh]
push eax
call sub_40A0BC
push eax
call sub_403553
pop ecx
test eax, eax
pop ecx
jz short loc_40AD7D
lea eax, [ebp-1BCh]
push eax
call sub_403313
test eax, eax
pop ecx
jz short loc_40AD8B
loc_40AD7D: ; CODE XREF: .data:0040AD6A�j
lea eax, [ebp-3Ch]
push eax
push 418470h
jmp loc_40A92D
; ---------------------------------------------------------------------------
loc_40AD8B: ; CODE XREF: .data:0040AD7B�j
lea eax, [ebp-1BCh]
push eax
push 41D110h
loc_40AD97: ; CODE XREF: .data:0040AE6B�j
call near ptr 4147F2h
loc_40AD9C: ; CODE XREF: .data:0040A932�j
; .data:0040AAFD�j ...
pop ecx
pop ecx
jmp loc_40B1A5
; ---------------------------------------------------------------------------
loc_40ADA3: ; CODE XREF: .data:0040AD11�j
push 41846Ch
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40ADC0
push ebx
push 1
call sub_40A15C
jmp short loc_40AD9C
; ---------------------------------------------------------------------------
loc_40ADC0: ; CODE XREF: .data:0040ADB4�j
push 418468h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40AE36
mov esi, [esi+0Ch]
cmp esi, ebx
jz loc_40B1A5
push 418464h
push esi
call near ptr 414868h
pop ecx
cmp eax, ebx
pop ecx
jz loc_40B1A5
mov esi, 100h
lea ebx, [eax+1]
push esi
mov edi, 41D110h
push ebx
push edi
call sub_40558F
lea eax, [ebp-1BCh]
push eax
push ebx
call sub_403695
add esp, 14h
test al, al
jz loc_40B1A5
lea eax, [ebp-1BCh]
push esi
push eax
push edi
call sub_40558F
loc_40AE2E: ; CODE XREF: .data:0040AB39�j
add esp, 0Ch
jmp loc_40B1A5
; ---------------------------------------------------------------------------
loc_40AE36: ; CODE XREF: .data:0040ADD1�j
push 41845Ch
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40AE70
cmp [esi+8], ebx
jz loc_40B1A5
push edi
push dword ptr [ebp+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40B1A5
mov eax, [esi+8]
inc eax
push eax
push edi
jmp loc_40AD97
; ---------------------------------------------------------------------------
loc_40AE70: ; CODE XREF: .data:0040AE47�j
push 4182E4h
push dword ptr [esi+4]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jnz short loc_40AEFC
cmp [esi+0Ch], ebx
jz loc_40B1A5
mov eax, [ebp+18h]
mov eax, [eax+10h]
cmp eax, ebx
jz loc_40B1A5
inc eax
cmp byte ptr [eax], 0
jz loc_40B1A5
lea ecx, [ebp+0Ch]
mov edi, 418458h
push ecx
push edi
push eax
call sub_405A0B
add esp, 0Ch
jmp short loc_40AEF3
; ---------------------------------------------------------------------------
loc_40AEB9: ; CODE XREF: .data:0040AEBD�j
inc eax
loc_40AEBA: ; CODE XREF: .data:0040AEF5�j
cmp byte ptr [eax], 20h
jz short loc_40AEB9
push eax
lea eax, [ebp-2BCh]
push dword ptr [esi+0Ch]
push 418320h
push 200h
push eax
call near ptr 41486Eh
lea eax, [ebp-2BCh]
push eax
call sub_40B1AA
lea eax, [ebp+0Ch]
push eax
push edi
push ebx
call sub_405A0B
add esp, 24h
loc_40AEF3: ; CODE XREF: .data:0040AEB7�j
cmp eax, ebx
jnz short loc_40AEBA
jmp loc_40B1A5
; ---------------------------------------------------------------------------
loc_40AEFC: ; CODE XREF: .data:0040AE81�j
cmp [ebp+8], ebx
jz loc_40B1A5
cmp [esi+8], ebx
jz loc_40B1A5
lea ebx, [esi+0Ch]
cmp dword ptr [ebx], 0
jz loc_40B1A5
push 41D010h
push dword ptr [ebp+0Ch]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz loc_40B1A5
mov eax, [ebp+18h]
inc dword ptr [ebx]
add eax, 0Ch
push 41776Ch
mov [ebp-14h], eax
inc dword ptr [eax]
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
pop ecx
push 3
test eax, eax
pop edi
jnz short loc_40AF6A
mov eax, [ebx]
cmp byte ptr [eax], 1
jz short loc_40AF88
mov eax, [esi+8]
and dword ptr [ebp+14h], 0
mov [ebp+8], eax
jmp loc_40B007
; ---------------------------------------------------------------------------
loc_40AF6A: ; CODE XREF: .data:0040AF52�j
push 418450h
push dword ptr [esi+4]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz loc_40B1A5
mov eax, [ebx]
cmp byte ptr [eax], 1
jnz short loc_40AFC0
loc_40AF88: ; CODE XREF: .data:0040AF59�j
mov ecx, [ebp+0Ch]
inc eax
mov [ebx], eax
mov eax, [ebp-14h]
mov [ebp+14h], edi
xor edi, edi
inc dword ptr [eax]
cmp [esi], edi
mov [ebp+8], ecx
jz short loc_40AFE9
loc_40AF9F: ; CODE XREF: .data:0040AFBC�j
cmp edi, 0Fh
jz short loc_40AFE9
push dword ptr [esi+edi*4]
call near ptr 4147F8h
pop ecx
mov ecx, [esi+edi*4]
cmp byte ptr [ecx+eax-1], 1
jz short loc_40AFCF
inc edi
cmp dword ptr [esi+edi*4], 0
jnz short loc_40AF9F
jmp short loc_40AFE9
; ---------------------------------------------------------------------------
loc_40AFC0: ; CODE XREF: .data:0040AF86�j
mov eax, [esi+8]
mov dword ptr [ebp+14h], 1
mov [ebp+8], eax
jmp short loc_40B007
; ---------------------------------------------------------------------------
loc_40AFCF: ; CODE XREF: .data:0040AFB5�j
mov ecx, edi
shl ecx, 2
mov edx, [ecx+esi]
and byte ptr [edx+eax-1], 0
mov edx, [ebp+18h]
mov ecx, [ecx+edx]
and byte ptr [ecx+eax-1], 0
jmp short loc_40B007
; ---------------------------------------------------------------------------
loc_40AFE9: ; CODE XREF: .data:0040AF9D�j
; .data:0040AFA2�j ...
mov eax, [ebp+18h]
shl edi, 2
push dword ptr [edi+eax]
call near ptr 4147F8h
pop ecx
mov ecx, [edi+esi]
lea eax, [ecx+eax-1]
; ---------------------------------------------------------------------------
db 80h
_data ends
; Section 4. (virtual address 0000B000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0000B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 40B000h
dd 3750138h
db 0C6h, 0, 1
; ---------------------------------------------------------------------------
loc_40B007: ; CODE XREF: .data:0040AF65�j
; .data:0040AFCD�j ...
push 41D010h
push dword ptr [ebp+8]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40B020
mov eax, [ebp+0Ch]
mov [ebp+8], eax
loc_40B020: ; CODE XREF: .idata:0040B018�j
push 7Ah
lea eax, [ebp-338h]
push 0
push eax
call near ptr 414822h
mov eax, [ebp+18h]
and dword ptr [ebp-0Ch], 0
mov edi, [eax]
push edi
mov [ebp-18h], edi
call near ptr 4147F8h
add esp, 10h
cmp eax, 3
mov [ebp-10h], eax
jb loc_40B0F6
loc_40B051: ; CODE XREF: .idata:0040B08B�j
mov cl, [eax+edi-1]
cmp cl, 20h
jnz short loc_40B05D
dec eax
jmp short loc_40B085
; ---------------------------------------------------------------------------
loc_40B05D: ; CODE XREF: .idata:0040B058�j
cmp byte ptr [eax+edi-3], 20h
jnz short loc_40B08D
cmp byte ptr [eax+edi-2], 2Dh
jnz short loc_40B08D
cmp cl, 7Ah
jg short loc_40B08D
movsx ecx, cl
mov dword ptr [ebp-0Ch], 1
sub eax, 3
mov byte ptr [ebp+ecx-338h], 1
loc_40B085: ; CODE XREF: .idata:0040B05B�j
cmp eax, 3
mov [ebp-10h], eax
jnb short loc_40B051
loc_40B08D: ; CODE XREF: .idata:0040B062�j
; .idata:0040B069�j ...
cmp dword ptr [ebp-0Ch], 0
jz short loc_40B0F6
mov edi, [ebp+18h]
and dword ptr [ebp-8], 0
mov [ebp-4], esi
sub [ebp-4], edi
loc_40B0A0: ; CODE XREF: .idata:0040B0F4�j
mov eax, [edi]
test eax, eax
jz short loc_40B0F6
mov ecx, [ebp-10h]
mov edx, [ebp-18h]
add ecx, edx
cmp eax, ecx
jb short loc_40B0EA
xor ecx, ecx
cmp [ebp-0Ch], ecx
jz short loc_40B0D7
cmp [ebp-8], ecx
jz short loc_40B0D4
mov eax, [ebp-4]
push dword ptr [eax+edi-4]
call near ptr 4147F8h
pop ecx
mov ecx, [edi-4]
and byte ptr [eax+ecx], 0
xor ecx, ecx
loc_40B0D4: ; CODE XREF: .idata:0040B0BC�j
mov [ebp-0Ch], ecx
loc_40B0D7: ; CODE XREF: .idata:0040B0B7�j
mov eax, [edi]
and byte ptr [eax], 0
mov eax, [ebp-4]
add eax, edi
mov edx, [eax]
and byte ptr [edx], 0
mov [edi], ecx
mov [eax], ecx
loc_40B0EA: ; CODE XREF: .idata:0040B0B0�j
inc dword ptr [ebp-8]
add edi, 4
cmp dword ptr [ebp-8], 10h
jb short loc_40B0A0
loc_40B0F6: ; CODE XREF: .idata:0040B04B�j
; .idata:0040B091�j ...
mov edi, 41D010h
push edi
push dword ptr [esi+8]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jnz short loc_40B110
push dword ptr [ebp-14h]
push ebx
jmp short loc_40B18A
; ---------------------------------------------------------------------------
loc_40B110: ; CODE XREF: .idata:0040B108�j
add esi, 10h
cmp dword ptr [esi], 0
jz loc_40B1A5
push 41844Ch
push dword ptr [ebx]
call near ptr 414C30h
pop ecx
test eax, eax
pop ecx
jz short loc_40B182
push dword ptr [ebx]
push edi
call sub_40744A
pop ecx
test al, al
pop ecx
jnz short loc_40B182
push dword ptr [ebx]
call near ptr 4147F8h
cmp eax, 4
pop ecx
ja short loc_40B1A5
mov edi, [ebx]
push edi
call near ptr 4147F8h
cmp byte ptr [eax+edi-1], 25h
pop ecx
jnz short loc_40B1A5
push edi
call near ptr 4147F8h
mov ecx, [ebx]
and byte ptr [eax+ecx-1], 0
call near ptr 40C126h
push 64h
xor edx, edx
pop ecx
div ecx
push dword ptr [ebx]
mov edi, edx
inc edi
call near ptr 41485Ch
pop ecx
cmp eax, edi
pop ecx
jl short loc_40B1A5
loc_40B182: ; CODE XREF: .idata:0040B12C�j
; .idata:0040B13A�j
mov eax, [ebp+18h]
add eax, 10h
push eax
push esi
loc_40B18A: ; CODE XREF: .idata:0040B10E�j
lea eax, [ebp-338h]
push eax
push dword ptr [ebp+14h]
push dword ptr [ebp+8]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
call sub_40826C
add esp, 1Ch
loc_40B1A5: ; CODE XREF: .data:0040A948�j
; .data:0040A95F�j ...
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1AA proc near ; CODE XREF: .data:00409D09�p
; .data:0040AEE0�p
var_1188 = byte ptr -1188h
var_188 = byte ptr -188h
var_109 = byte ptr -109h
var_108 = byte ptr -108h
var_89 = byte ptr -89h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1188h
call near ptr 414880h
push ebx
push esi
push edi
xor ebx, ebx
push [ebp+arg_0]
mov [ebp+var_4], ebx
call near ptr 4147F8h
inc eax
push eax
lea eax, [ebp+var_1188]
push [ebp+arg_0]
push eax
call near ptr 414810h
lea eax, [ebp+var_8]
mov edi, 417628h
push eax
push edi
push [ebp+arg_0]
call sub_405A0B
mov [ebp+var_48], eax
lea eax, [ebp+var_1188]
add esp, 1Ch
mov [ebp+var_88], eax
xor esi, esi
loc_40B1FE: ; CODE XREF: sub_40B1AA+98�j
cmp [ebp+esi+var_48], ebx
jz short loc_40B231
lea eax, [ebp+var_8]
push eax
push edi
push ebx
call sub_405A0B
add esp, 0Ch
cmp eax, ebx
mov [ebp+esi+var_44], eax
jz short loc_40B226
sub eax, [ebp+arg_0]
lea eax, [ebp+eax+var_1188]
jmp short loc_40B228
; ---------------------------------------------------------------------------
loc_40B226: ; CODE XREF: sub_40B1AA+6E�j
xor eax, eax
loc_40B228: ; CODE XREF: sub_40B1AA+7A�j
mov [ebp+esi+var_84], eax
jmp short loc_40B23C
; ---------------------------------------------------------------------------
loc_40B231: ; CODE XREF: sub_40B1AA+58�j
mov [ebp+esi+var_84], ebx
mov [ebp+esi+var_44], ebx
loc_40B23C: ; CODE XREF: sub_40B1AA+85�j
add esi, 4
cmp esi, 3Ch
jl short loc_40B1FE
cmp [ebp+var_48], ebx
jz loc_40B334
cmp [ebp+var_44], ebx
jz loc_40B334
push 418504h
push [ebp+var_48]
call near ptr 414A8Eh
pop ecx
test eax, eax
pop ecx
jz short loc_40B2BF
cmp ds:41C018h, ebx
mov [ebp+arg_0], ebx
jz short loc_40B2C6
mov esi, 41C018h
mov edi, esi
loc_40B27B: ; CODE XREF: sub_40B1AA+FF�j
push dword ptr [esi]
call near ptr 40C247h
mov eax, [ebp+var_48]
push dword ptr [esi]
inc eax
push eax
call sub_4073E1
add esp, 0Ch
test al, al
jnz short loc_40B2AD
push dword ptr [esi]
call near ptr 40C206h
inc [ebp+arg_0]
add edi, 4
xor ebx, ebx
pop ecx
cmp [edi], ebx
mov esi, edi
jnz short loc_40B27B
jmp short loc_40B2C6
; ---------------------------------------------------------------------------
loc_40B2AD: ; CODE XREF: sub_40B1AA+E9�j
mov eax, [ebp+arg_0]
push dword ptr ds:41C018h[eax*4]
call near ptr 40C206h
pop ecx
xor ebx, ebx
loc_40B2BF: ; CODE XREF: sub_40B1AA+BD�j
mov [ebp+var_4], 1
loc_40B2C6: ; CODE XREF: sub_40B1AA+C8�j
; sub_40B1AA+101�j
xor eax, eax
lea esi, [ebp+var_188]
xor edi, edi
inc eax
dec esi
loc_40B2D2: ; CODE XREF: sub_40B1AA+158�j
mov ecx, [ebp+var_48]
add ecx, eax
cmp byte ptr [ecx], 21h
jnz short loc_40B2E6
xor edi, edi
mov [ebp+eax+var_109], bl
inc edi
loc_40B2E6: ; CODE XREF: sub_40B1AA+130�j
cmp edi, ebx
jnz short loc_40B2F3
mov dl, [ecx]
mov [ebp+eax+var_109], dl
loc_40B2F3: ; CODE XREF: sub_40B1AA+13E�j
mov dl, [ecx]
mov [esi+eax], dl
cmp [ecx], bl
jz short loc_40B304
inc eax
cmp eax, 80h
jl short loc_40B2D2
loc_40B304: ; CODE XREF: sub_40B1AA+150�j
lea eax, [ebp+var_88]
mov [ebp+var_89], bl
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_188]
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+var_109], bl
push [ebp+var_4]
call loc_40A904
add esp, 14h
loc_40B334: ; CODE XREF: sub_40B1AA+9D�j
; sub_40B1AA+A6�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B1AA endp
; ---------------------------------------------------------------------------
aWlA? db 'W|$',8,'?',0
db 74h, 19h, 56h
dd 0A2F4E857h, 8B57FFFFh, 0FE58E8F0h, 3E80FFFFh, 8B595900h
dd 5EE975FEh, 6A57C35Fh, 0C0335940h, 41CCA0BFh, 5FABF300h
dd 1888B60Fh, 88004185h, 41CCA081h, 0F8834000h, 0C3ED7240h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B380 proc near ; CODE XREF: sub_40826C+50F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push esi
call near ptr 4147F8h
cmp eax, 2
pop ecx
mov [ebp+arg_0], eax
jnb short loc_40B39D
xor eax, eax
jmp loc_40B449
; ---------------------------------------------------------------------------
loc_40B39D: ; CODE XREF: sub_40B380+14�j
push ebx
push edi
xor edi, edi
xor edx, edx
xor ecx, ecx
inc edi
loc_40B3A6: ; CODE XREF: sub_40B380+BF�j
inc edx
cmp edi, [ebp+arg_0]
jnb loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, [ebx+41CCA0h]
shl bl, 2
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov bl, [ebx+41CCA0h]
shr bl, 4
or [eax], bl
inc edx
cmp edi, [ebp+arg_0]
jnb short loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, [ebx+41CCA0h]
shl bl, 4
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov bl, [ebx+41CCA0h]
shr bl, 2
or [eax], bl
inc edx
cmp edi, [ebp+arg_0]
jnb short loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov eax, [ebp+arg_4]
mov bl, [ebx+41CCA0h]
shl bl, 6
lea eax, [eax+edx-1]
inc ecx
inc edi
cmp ecx, [ebp+arg_0]
mov [eax], bl
jnb short loc_40B444
movsx ebx, byte ptr [ecx+esi]
mov bl, [ebx+41CCA0h]
or [eax], bl
inc ecx
inc edi
jmp loc_40B3A6
; ---------------------------------------------------------------------------
loc_40B444: ; CODE XREF: sub_40B380+2A�j
; sub_40B380+4B�j ...
pop edi
lea eax, [edx-1]
pop ebx
loc_40B449: ; CODE XREF: sub_40B380+18�j
pop esi
pop ebp
retn
sub_40B380 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B44C proc near ; CODE XREF: sub_40826C+4B6�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
xor esi, esi
cmp [ebp+arg_8], esi
jnz short loc_40B461
xor eax, eax
jmp loc_40B4EE
; ---------------------------------------------------------------------------
loc_40B461: ; CODE XREF: sub_40B44C+C�j
shl [ebp+arg_8], 3
push ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_1], 80h
mov [ebp+var_8], esi
mov [ebp+var_C], esi
mov bl, 0
jz short loc_40B4C2
loc_40B478: ; CODE XREF: sub_40B44C+74�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov dl, [ebp+var_1]
shr eax, 3
test [eax+ecx], dl
jz short loc_40B48C
or bl, 1
loc_40B48C: ; CODE XREF: sub_40B44C+3B�j
inc [ebp+var_C]
shr [ebp+var_1], 1
jnz short loc_40B498
mov [ebp+var_1], 80h
loc_40B498: ; CODE XREF: sub_40B44C+46�j
mov eax, [ebp+var_C]
push 6
xor edx, edx
pop ecx
div ecx
test edx, edx
jnz short loc_40B4B5
movzx eax, bl
xor bl, bl
mov al, [eax+418518h]
mov [esi+edi], al
inc esi
loc_40B4B5: ; CODE XREF: sub_40B44C+58�j
add bl, bl
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jb short loc_40B478
loc_40B4C2: ; CODE XREF: sub_40B44C+2A�j
mov eax, [ebp+var_C]
push 6
xor edx, edx
pop ecx
div ecx
mov cl, 5
sub cl, dl
jz short loc_40B4E1
shl bl, cl
movzx eax, bl
mov al, [eax+418518h]
mov [esi+edi], al
inc esi
loc_40B4E1: ; CODE XREF: sub_40B44C+84�j
and byte ptr [esi+edi], 0
push edi
call near ptr 4147F8h
pop ecx
pop edi
pop ebx
loc_40B4EE: ; CODE XREF: sub_40B44C+10�j
pop esi
leave
retn
sub_40B44C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 58h
lea eax, [ebp-58h]
push eax
call sub_40B5B1
push dword ptr [ebp+0Ch]
lea eax, [ebp-58h]
push dword ptr [ebp+8]
push eax
call sub_40B5D9
lea eax, [ebp-58h]
push eax
push 41CDA0h
call sub_40B678
; ---------------------------------------------------------------------------
db 83h, 0C4h, 18h
dd 0CDA0058Dh, 106A0041h
db 5Ah
; ---------------------------------------------------------------------------
loc_40B529: ; CODE XREF: .idata:0040B531�j
mov cl, [eax]
rol cl, cl
mov [eax], cl
inc eax
dec edx
jnz short loc_40B529
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B535 proc near ; CODE XREF: sub_40826C+11�p
; sub_409A7C+E2�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
xor ecx, ecx
xor eax, eax
loc_40B540: ; CODE XREF: sub_40B535+2D�j
mov cl, [esi]
test ecx, ecx
jz short loc_40B564
cmp ecx, 61h
jb short loc_40B54E
sub ecx, 20h
loc_40B54E: ; CODE XREF: sub_40B535+14�j
and ecx, 7Fh
add eax, ecx
and ecx, 0Fh
mov cl, [ecx+41CDA0h]
add eax, ecx
rol eax, 3
inc esi
jmp short loc_40B540
; ---------------------------------------------------------------------------
loc_40B564: ; CODE XREF: sub_40B535+F�j
pop esi
pop ebp
retn
sub_40B535 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 58h
push esi
lea eax, [ebp-58h]
push edi
push eax
call sub_40B5B1
push dword ptr [ebp+0Ch]
lea eax, [ebp-58h]
push dword ptr [ebp+8]
push eax
call sub_40B5D9
lea eax, [ebp-58h]
push eax
push 41CDB0h
call sub_40B678
; ---------------------------------------------------------------------------
db 83h, 0C4h, 18h
aN5A db '5A',0
dw 0FE8Bh
db 6Ah, 10h, 59h
; ---------------------------------------------------------------------------
loc_40B5A3: ; CODE XREF: .idata:0040B5AB�j
lodsb
xor al, 0AAh
add al, al
or al, 1
stosb
loop loc_40B5A3
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40B5B1 proc near ; CODE XREF: .idata:0040B4FB�p
; .idata:0040B573�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword ptr [eax+10h], 0
and dword ptr [eax+14h], 0
mov dword ptr [eax], 67452301h
mov dword ptr [eax+4], 0EFCDAB89h
mov dword ptr [eax+8], 98BADCFEh
mov dword ptr [eax+0Ch], 10325476h
retn
sub_40B5B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B5D9 proc near ; CODE XREF: .idata:0040B50A�p
; .idata:0040B582�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push edi
mov eax, [esi+10h]
lea ecx, [eax+ebx*8]
cmp ecx, eax
mov [esi+10h], ecx
jnb short loc_40B5F5
inc dword ptr [esi+14h]
loc_40B5F5: ; CODE XREF: sub_40B5D9+17�j
mov ecx, ebx
shr ecx, 1Dh
add [esi+14h], ecx
shr eax, 3
and eax, 3Fh
jz short loc_40B635
push 40h
lea ecx, [eax+esi+18h]
pop edi
sub edi, eax
cmp ebx, edi
jnb short loc_40B619
push ebx
push [ebp+arg_4]
push ecx
jmp short loc_40B66B
; ---------------------------------------------------------------------------
loc_40B619: ; CODE XREF: sub_40B5D9+37�j
push edi
push [ebp+arg_4]
push ecx
call near ptr 414810h
lea eax, [esi+18h]
push eax
push esi
call sub_40B741
; ---------------------------------------------------------------------------
db 1, 7Dh, 0Ch
dd 2B14C483h
db 0DFh
; ---------------------------------------------------------------------------
loc_40B635: ; CODE XREF: sub_40B5D9+2A�j
cmp ebx, 40h
jb short loc_40B663
mov edi, ebx
shr edi, 6
push 40h
lea eax, [esi+18h]
push [ebp+arg_4]
push eax
call near ptr 414810h
push [ebp+arg_4]
push esi
call sub_40B741
; ---------------------------------------------------------------------------
dw 4583h
dd 0C483400Ch, 40EB8314h
db 4Fh, 75h, 0DCh
; ---------------------------------------------------------------------------
loc_40B663: ; CODE XREF: sub_40B5D9+5F�j
push ebx
add esi, 18h
push [ebp+arg_4]
push esi
loc_40B66B: ; CODE XREF: sub_40B5D9+3E�j
call near ptr 414810h
add esp, 0Ch
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40B5D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40B678 proc near ; CODE XREF: .idata:0040B518�p
; .idata:0040B590�p
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
push edi
push 3Fh
lea edi, [esi+10h]
pop ecx
mov eax, [edi]
shr eax, 3
and eax, ecx
sub ecx, eax
lea edx, [eax+esi+18h]
mov byte ptr [edx], 80h
inc edx
cmp ecx, 8
jnb short loc_40B6BE
push ebx
push ecx
push 0
push edx
call near ptr 414822h
lea ebx, [esi+18h]
push ebx
push esi
call sub_40B741
; ---------------------------------------------------------------------------
dw 386Ah
dd 0E853006Ah, 916Ah, 5B20C483h
db 0EBh, 0Fh
; ---------------------------------------------------------------------------
loc_40B6BE: ; CODE XREF: sub_40B678+20�j
add ecx, 0FFFFFFF8h
push ecx
push 0
push edx
call near ptr 414822h
add esp, 0Ch
push 8
lea eax, [esi+50h]
push edi
push eax
call sub_40B6FF
lea eax, [esi+18h]
push eax
push esi
call sub_40B741
sub_40B678 endp
; ---------------------------------------------------------------------------
db 6Ah
dd 74FF5610h, 10E82824h, 6A000000h, 56006A04h, 9129E8h
dd 2CC48300h
db 5Fh, 5Eh, 0C3h
; =============== S U B R O U T I N E =======================================
sub_40B6FF proc near ; CODE XREF: sub_40B678+5C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jbe short locret_40B740
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
push esi
or esi, 0FFFFFFFFh
add ecx, 2
lea eax, [edx+1]
sub esi, edx
loc_40B71A: ; CODE XREF: sub_40B6FF+3E�j
mov dl, [ecx-2]
mov [eax-1], dl
mov dl, [ecx-1]
mov [eax], dl
mov dl, [ecx]
mov [eax+1], dl
mov dl, [ecx+1]
mov [eax+2], dl
add eax, 4
add ecx, 4
lea edx, [esi+eax]
cmp edx, [esp+4+arg_8]
jb short loc_40B71A
pop esi
locret_40B740: ; CODE XREF: sub_40B6FF+5�j
retn
sub_40B6FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40B741 proc near ; CODE XREF: sub_40B5D9+4F�p
; sub_40B5D9+78�p ...
var_44 = byte ptr -44h
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
push edi
push 40h
push [ebp+arg_4]
lea eax, [ebp+var_44]
push eax
call sub_40BFE1
sub_40B741 endp
; ---------------------------------------------------------------------------
dd 8308458Bh, 788B0CC4h, 0C508B04h, 8B08588Bh, 0F7088BF7h
dd 8BF223D6h, 0BD723D3h, 8BF103F2h, 948DBC4Dh, 6AA4780Eh
dd 8BF78BD7h, 19E9C1CAh, 0B07E2C1h, 8BCF03CAh, 0F7F123D1h
dd 0BD323D2h, 0C708BD6h, 8DC05503h, 0B75616B4h, 0D68BE8C7h
dd 0C114EAC1h, 0D60B0CE6h, 0F28BD103h, 0F723D6F7h, 0F923FA8Bh
dd 7503F70Bh, 33B48DC4h, 242070DBh, 0FE8BDA8Bh, 0C10FEFC1h
dd 0FE0B11E6h, 0F78BFA03h, 0D6F7DF23h, 7D89F123h, 8BF30BFCh
dd 75030458h, 339C8DC8h, 0C1BDCEEEh, 0E6C1F38Bh, 0AEBC116h
dd 0F703F30Bh, 0FE23DE8Bh, 0DA23D3F7h, 5D03DF0Bh, 198C8DCCh
dd 0F57C0FAFh, 0EFC1F98Bh, 7E1C119h, 0FE03F90Bh, 7D89CE8Bh
dd 0C4D230Ch, 7D23D7F7h, 3F90BFCh, 948DD07Dh, 87C62A3Ah
dd 0C1CA8B47h, 0E2C114E9h, 3CA0B0Ch, 0D18B0C4Dh, 7D23F98Bh
dd 0F7D98B0Ch, 0BD623D2h, 0FC7D8BD7h, 8DD45503h, 461317BCh
dd 0D78BA830h, 0C10FEAC1h, 0D70B11E7h, 0FA8BD103h, 0D7F7DA23h
dd 0B0C7D23h, 3DA8BFBh, 0B48DD87Dh, 4695013Eh, 0C1FE8BFDh
dd 0EEC116E7h, 3FE0B0Ah, 23F78BFAh, 23D6F7DFh, 87D89F1h
dd 5D8BF30Bh, 0DC75030Ch, 0D8339C8Dh, 8B698098h, 19EEC1F3h
dd 0B07E3C1h, 8BF703F3h, 0F7FE23DEh, 0BDA23D3h, 0E05D03DFh
dd 0AF198C8Dh, 8B8B44F7h, 14EFC1F9h, 0B0CE1C1h, 8BFE03F9h
dd 0F7DF8BCFh, 84D23D1h, 0CB0BDE23h, 8DE44D03h, 5BB10A94h
dd 0DA8BFFFFh, 0C10FEBC1h, 0DA0B11E2h, 0CB8BDF03h, 0D1F7D78Bh
dd 0D323CE23h, 558BCA0Bh, 0E84D0308h, 8DFC5D89h, 0D7BE0A94h
dd 0CA8B895Ch, 0C116E1C1h, 0CA0B0AEAh, 0D18BCB03h, 0D2F7D923h
dd 0D30BD723h, 8DEC5503h, 112216B4h, 0D68B6B90h, 0C119EAC1h
dd 0D60B07E6h, 0D103F18Bh, 230C5589h, 0D2F70C75h, 0BFC5523h
dd 0F05503D6h, 9317BC8Dh, 8BFD9871h, 14EAC1D7h, 0B0CE7C1h
dd 3F98BD7h, 55890C55h, 0F7F28B08h, 75230855h, 87D230Ch
dd 0F70BDA8Bh, 3FC7D8Bh, 0BC8DF475h, 79438E37h, 0C1F78BA6h
dd 0E7C10FEEh, 3F70B11h, 0FC7589F2h, 55F7DE23h, 0FC7D8BFCh
dd 0B0C7D23h, 3DE8BFBh, 5D23F87Dh, 398C8D08h, 49B40821h
dd 0E7C1F98Bh, 0AE9C116h, 0CA8BF90Bh, 0CF23FE03h, 5D8BCB0Bh
dd 0C04D030Ch, 620B8C8Dh, 8BF61E25h, 1BEBC1D9h, 0B05E1C1h
dd 0FC4D8BD9h, 0CF23DF03h, 890C5D89h, 0CE8B084Dh, 0D98BCB23h
dd 0B084D8Bh, 0D44D03CBh, 400A948Dh, 8BC040B3h, 17E9C1CAh
dd 0B09E2C1h, 3D78BCAh, 0D2F70C4Dh, 8B0C5523h, 0BDF23D9h
dd 0E85503D3h, 5116B48Dh, 8B265E5Ah, 12EAC1D6h, 0B0EE6C1h
dd 0C758BD6h, 5589D103h, 0C5523FCh, 0F123D6F7h, 0BFC5D8Bh
dd 0BC7503F2h, 0AA37BC8Dh, 8BE9B6C7h, 0C1D78BF1h, 0EFC114E2h
dd 8BD70B0Ch, 0F7D303F9h, 23F323D6h, 8BF70BFAh, 75030C7Dh
dd 37B48DD0h, 0D62F105Dh, 0EFC1FE8Bh, 5E6C11Bh, 0F38BFE0Bh
dd 7D89FA03h, 23FB8B0Ch, 0D6F70C7Dh, 0F70BF223h, 8DE47503h
dd 1453318Ch, 0F18B0244h, 0C117EEC1h, 0F10B09E1h, 7503CA8Bh
dd 23D1F70Ch, 0FE8B0C4Dh, 0CF0BFA23h, 8DF84D03h, 0E6810BBCh
dd 0CF8BD8A1h, 0C112E9C1h, 0CF0B0EE7h, 30C7D8Bh, 23D98BCEh
dd 0D7F70C5Dh, 0FB0BFE23h, 7D03DE8Bh, 3A948DCCh, 0E7D3FBC8h
dd 0E7C1FA8Bh, 0CEAC114h, 0D68BFA0Bh, 0D2F7F903h, 0DF23D123h
dd 5D8BD30Bh, 0E055030Ch, 8D087D89h, 0CDE6139Ch, 0D38B21E1h
dd 0C11BEAC1h, 0D30B05E3h, 0D3F7D98Bh, 0DF23D703h, 0FA23F98Bh
dd 5D03DF0Bh, 1EB48DF4h, 0C33707D6h, 0EFC1FE8Bh, 9E6C117h
dd 758BFE0Bh, 8BFA0308h, 85D23DFh, 0F223D6F7h, 7503F30Bh
dd 318C8DC8h, 0F4D50D87h, 0EEC1F18Bh, 0EE1C112h, 0CA8BF10Bh
dd 0D1F7F703h, 0CF23DE8Bh, 0CB0BDA23h, 3085D8Bh, 8C8DDC4Dh
dd 5A14ED0Bh, 0C1D98B45h, 0E9C114E3h, 8BD90B0Ch, 89DE03CFh
dd 0DF8B085Dh, 0F7085D23h, 0BCE23D1h, 0F04D03CBh, 50A948Dh
dd 8BA9E3E9h, 1BE9C1CAh, 0B05E2C1h, 3D68BCAh, 4D89084Dh
dd 23CE8B0Ch, 5D8B0C55h, 23D1F70Ch, 0CA0B084Dh, 308558Bh
dd 0D2F7C44Dh, 0BC8DD323h, 0EFA3F80Fh, 0C1CF8BFCh, 0E7C117E9h
dd 3CF0B09h, 23F98BCBh, 0D70B087Dh, 8DD85503h, 2D916B4h
dd 0D68B676Fh, 0C112EAC1h, 0D60B0EE6h, 0D103F38Bh, 0FA8BD6F7h
dd 0FB23F123h, 7D8BF70Bh, 0EC750308h, 8A37BC8Dh, 8B8D2A4Ch
dd 14E6C1F7h, 0B0CEFC1h, 3F98BF7h, 33FA33F2h, 0D07D03FEh
dd 423B9C8Dh, 8BFFFA39h, 1CEFC1FBh, 0B04E3C1h, 3DA8BFBh
dd 33DE33FEh, 0DC5D03DFh, 81198C8Dh, 8B8771F6h, 15EBC1D9h
dd 0B0BE1C1h, 8BDF03D9h, 33CE33CBh, 0E84D03CFh, 220A948Dh
dd 8B6D9D61h, 10E9C1CAh, 0B10E2C1h, 3D38BCAh, 0FC4D89CBh
dd 0CA8BD133h, 4D03CF33h, 0EB48DF4h, 0FDE5380Ch, 0E1C1CE8Bh
dd 9EEC117h, 4D03CE0Bh, 3D133FCh, 0BC8DC055h, 0BEEA4417h
dd 0C1D78BA4h, 0E7C11CEAh, 8BD70B04h, 0F78BFC7Dh, 0F133D103h
dd 7503F233h, 339C8DCCh, 4BDECFA9h, 0EEC1F38Bh, 0BE3C115h
dd 0F203F30Bh, 7589DE8Bh, 33D9330Ch, 0D85D03DAh, 501F9C8Dh
dd 8BF6BB4Bh, 10EFC1FBh, 0B10E3C1h, 31FE03FBh, 5D8B0C7Dh
dd 3DA330Ch, 9C8DE45Dh, 0BFBC7019h, 0C1CB8BBEh, 0EBC117E1h
dd 8BCB0B09h, 0CF030C5Dh, 5D03D933h, 1A9C8DF0h, 289B7EC6h
dd 0EAC1D38Bh, 4E3C11Ch, 0DF8BD30Bh, 0D933D103h, 5D03DA33h
dd 1EB48DBCh, 0EAA127FAh, 0EBC1DE8Bh, 0BE6C115h, 0DA03DE0Bh
dd 5D89F38Bh, 33F1330Ch, 0C87503F2h, 8537B48Dh, 8BD4EF30h
dd 10EFC1FEh, 0B10E6C1h, 31FB03FEh, 758B0C7Dh, 3F2330Ch
dd 0B48DD475h, 881D0531h, 0C1CE8B04h, 0EEC117E1h, 8BCE0B09h
dd 0CF030C75h, 7503F133h, 32B48DE0h, 0D9D4D039h, 0EAC1D68Bh
dd 4E6C11Ch, 0F78BD60Bh, 0F133D103h, 7503F233h, 339C8DECh
dd 0E6DB99E5h, 0EEC1F38Bh, 0BE3C115h, 0F203F30Bh, 0D933DE8Bh
dd 5D03DA33h, 1F9C8DF8h, 1FA27CF8h, 0EFC1FB8Bh, 10E3C110h
dd 0DE8BFB0Bh, 0DF33FE03h, 5D03DA33h, 198C8DC4h, 0C4AC5665h
dd 0E3C1D98Bh, 9E9C117h, 0CE8BD90Bh, 0D1F7DF03h, 0CF33CB0Bh
dd 8DBC4D03h, 22440A94h, 0CA8BF429h, 0C11AE9C1h, 0CA0B06E2h
dd 0CB03D78Bh, 0D10BD2F7h, 5503D333h, 16B48DD8h, 432AFF97h
dd 0EAC1D68Bh, 0AE6C116h, 0F38BD60Bh, 0D6F7D103h, 0F133F20Bh
dd 8DF47503h, 23A737BCh, 0F78BAB94h, 0C111EEC1h, 0F70B0FE7h
dd 0F203F98Bh, 0FE0BD7F7h, 7D03FA33h, 3B9C8DD0h, 0FC93A039h
dd 0EBC1FB8Bh, 15E7C10Bh, 0DA8BFB0Bh, 0FE03D3F7h, 0DE33DF0Bh
dd 8DEC5D03h, 59C3199Ch, 0CB8B655Bh, 0C106E3C1h, 0CB0B1AE9h
dd 0D3F7DE8Bh, 0D90BCF03h, 5D03DF33h, 1A9C8DC8h, 8F0CCC92h
dd 0E3C1D38Bh, 16EAC10Ah, 0DF8BD30Bh, 0D3F7D103h, 0D933DA0Bh
dd 8DE45D03h, 0F47D1E9Ch, 0F38BFFEFh, 0C111EEC1h, 0F30B0FE3h
dd 0F203D98Bh, 0DE0BD3F7h, 5D03DA33h, 1F9C8DC0h, 85845DD1h
dd 0E7C1FB8Bh, 0BEBC115h, 0DA8BFB0Bh, 0D3F7FE03h, 0DE33DF0Bh
dd 8DDC5D03h, 7E4F199Ch, 0CB8B6FA8h, 0C11AE9C1h, 0CB0B06E3h
dd 0CF03DE8Bh, 0D90BD3F7h, 5D03DF33h, 1A9C8DF8h, 0FE2CE6E0h
dd 0EAC1D38Bh, 0AE3C116h, 0DF8BD30Bh, 0D3F7D103h, 0D933DA0Bh
dd 8DD45D03h, 43141E9Ch, 0F38BA301h, 0C111EEC1h, 0F30B0FE3h
dd 0F203D98Bh, 0DE0BD3F7h, 5D03DA33h, 1F9C8DF0h, 4E0811A1h
dd 0E7C1FB8Bh, 0BEBC115h, 0DA8BFB0Bh, 0D3F7FE03h, 0DE33DF0Bh
dd 8DCC5D03h, 7E82199Ch
dd 0CB8BF753h, 0C11AE9C1h, 0CB0B06E3h, 0CF03DE8Bh, 0D90BD3F7h
dd 5D03DF33h, 1A948DE8h, 0BD3AF235h, 0EBC1DA8Bh, 0AE2C116h
dd 0D78BDA0Bh, 0D2F7D903h, 0D133D30Bh, 8DC45503h, 0D2BB16B4h
dd 0D68B2AD7h, 0C111EAC1h, 0D60B0FE6h, 0D303F18Bh, 0F20BD6F7h
dd 7503F333h, 37BC8DE0h, 0EB86D391h, 0F103308Bh, 0E1C1CF8Bh
dd 0BEFC115h, 3089CF0Bh, 5F044803h, 89CA035Eh, 488B0448h
dd 89CA0308h, 488B0848h, 5BCB030Ch, 0C90C4889h
db 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40BFE1 proc near ; CODE XREF: sub_40B741+12�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp [esp+arg_8], 0
jbe short near ptr 40C026h
mov edx, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push edi
push 0FFFFFFFEh
lea eax, [edx+2]
pop esi
sub esi, edx
movzx edi, byte ptr [eax-1]
xor edx, edx
sub_40BFE1 endp
_idata ends
; Section 6. (virtual address 0002D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0002D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 42D000h
align 2000h
_idata2 ends
end start