;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F1385EF96986148C97D1E34DD345A013
; File Name : u:\work\f1385ef96986148c97d1e34dd345a013_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00005800 ( 22528.)
; Section size in file : 00005800 ( 22528.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetFileType. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetStdHandle. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RaiseException. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION ReadFile. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION SetEndOfFile. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION UnhandledExceptionFilter. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION WriteFile. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION CharNextA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION FreeLibrary. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetLastError. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetLocaleInfoA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetStartupInfoA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetThreadLocale. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION MultiByteToWideChar. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegCloseKey. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION RegOpenKeyExA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegQueryValueExA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION SysAllocStringLen. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysFreeString. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetVersion. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_4010F0 proc near ; CODE XREF: sub_404274+71�p
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
test [esp+48h+var_1C], 1
jz short loc_40110B
movzx ebx, [esp+48h+var_18]
loc_40110B: ; CODE XREF: sub_4010F0+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_4010F0 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalFree. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION VirtualAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION VirtualFree. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION InitializeCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION EnterCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LeaveCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION DeleteCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_401154 proc near ; CODE XREF: sub_4011E0+9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF4h
mov ebx, offset dword_4085D0
cmp dword ptr [ebx], 0
jnz short loc_4011BB
push 644h ; uBytes
push 0 ; uFlags
call LocalAlloc ; LocalAlloc
mov [esp+10h+var_8], eax
cmp [esp+10h+var_8], 0
jnz short loc_401180
xor eax, eax
mov [esp+10h+var_10], eax
jmp short loc_4011D0
; ---------------------------------------------------------------------------
loc_401180: ; CODE XREF: sub_401154+23�j
mov eax, [esp+10h+var_8]
mov edx, ds:dword_4085CC
mov [eax], edx
mov eax, [esp+10h+var_8]
mov ds:dword_4085CC, eax
xor eax, eax
loc_401197: ; CODE XREF: sub_401154+65�j
mov edx, eax
add edx, edx
mov ecx, [esp+10h+var_8]
lea edx, [ecx+edx*8+4]
mov [esp+10h+var_C], edx
mov edx, [esp+10h+var_C]
mov ecx, [ebx]
mov [edx], ecx
mov edx, [esp+10h+var_C]
mov [ebx], edx
inc eax
cmp eax, 64h
jnz short loc_401197
loc_4011BB: ; CODE XREF: sub_401154+C�j
mov eax, [ebx]
mov [esp+10h+var_C], eax
mov eax, [esp+10h+var_C]
mov eax, [eax]
mov [ebx], eax
mov eax, [esp+10h+var_C]
mov [esp+10h+var_10], eax
loc_4011D0: ; CODE XREF: sub_401154+2A�j
mov eax, [esp+10h+var_10]
add esp, 0Ch
pop ebx
retn
sub_401154 endp
; =============== S U B R O U T I N E =======================================
sub_4011D8 proc near ; CODE XREF: sub_40195C+34�p
; sub_40195C+3E�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_4011D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011E0 proc near ; CODE XREF: sub_401270+71�p
; sub_4012F8+96�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
call sub_401154
mov [esp+10h+var_C], eax
cmp [esp+10h+var_C], 0
jnz short loc_4011FD
xor eax, eax
jmp short loc_401237
; ---------------------------------------------------------------------------
loc_4011FD: ; CODE XREF: sub_4011E0+17�j
mov eax, [esi]
mov edx, [esp+10h+var_C]
mov [edx+8], eax
mov eax, [esi+4]
mov edx, [esp+10h+var_C]
mov [edx+0Ch], eax
mov eax, [ebx]
mov [esp+10h+var_10], eax
mov eax, [esp+10h+var_C]
mov edx, [esp+10h+var_10]
mov [eax], edx
mov eax, [esp+10h+var_C]
mov [eax+4], ebx
mov eax, [esp+10h+var_10]
mov edx, [esp+10h+var_C]
mov [eax+4], edx
mov eax, [esp+10h+var_C]
mov [ebx], eax
mov al, 1
loc_401237: ; CODE XREF: sub_4011E0+1B�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_4011E0 endp
; =============== S U B R O U T I N E =======================================
sub_40123C proc near ; CODE XREF: sub_401270+37�p
; sub_401270+56�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
add esp, 0FFFFFFF8h
mov edx, [eax+4]
mov [esp+8+var_8], edx
mov edx, [eax]
mov [esp+8+var_4], edx
mov edx, [esp+8+var_8]
mov ecx, [esp+8+var_4]
mov [edx], ecx
mov edx, [esp+8+var_4]
mov ecx, [esp+8+var_8]
mov [edx+4], ecx
mov edx, ds:dword_4085D0
mov [eax], edx
mov ds:dword_4085D0, eax
pop ecx
pop edx
retn
sub_40123C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401270 proc near ; CODE XREF: sub_4016DC+80�p
; sub_401784+78�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, ecx
mov esi, eax
mov edi, esp
mov eax, [esi]
mov [edi], eax
mov eax, [edx]
mov [ebx], eax
mov eax, [edx+4]
mov [ebx+4], eax
loc_40128B: ; CODE XREF: sub_401270+6B�j
mov eax, [edi]
mov eax, [eax]
mov [esp+18h+var_14], eax
mov edx, [edi]
mov edx, [edx+8]
mov ecx, edx
mov ebp, [edi]
add ecx, [ebp+0Ch]
mov eax, [ebx]
cmp ecx, eax
jnz short loc_4012BD
mov eax, [edi]
call sub_40123C
mov eax, [edi]
mov eax, [eax+8]
mov [ebx], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
jmp short loc_4012D3
; ---------------------------------------------------------------------------
loc_4012BD: ; CODE XREF: sub_401270+33�j
add eax, [ebx+4]
cmp edx, eax
jnz short loc_4012D3
mov eax, [edi]
call sub_40123C
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
loc_4012D3: ; CODE XREF: sub_401270+4B�j
; sub_401270+52�j
mov eax, [esp+18h+var_14]
mov [edi], eax
cmp esi, [edi]
jnz short loc_40128B
mov edx, ebx
mov eax, esi
call sub_4011E0
test al, al
jnz short loc_4012EE
xor eax, eax
mov [ebx], eax
loc_4012EE: ; CODE XREF: sub_401270+78�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401270 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4012F8 proc near ; CODE XREF: sub_4018C8+82�p
; sub_401D4C+AB�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF0h
mov [esp+20h+var_20], eax
mov esi, esp
mov eax, [esi]
mov [esp+20h+var_14], eax
loc_40130A: ; CODE XREF: sub_4012F8+B3�j
mov ecx, [edx]
mov eax, [esi]
mov eax, [eax+8]
cmp ecx, eax
jb loc_40139F
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jb short loc_40139F
cmp ecx, eax
jnz short loc_40134E
mov eax, [edx+4]
mov ecx, [esi]
add [ecx+8], eax
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40139B
mov eax, [esi]
call sub_40123C
jmp short loc_40139B
; ---------------------------------------------------------------------------
loc_40134E: ; CODE XREF: sub_4012F8+33�j
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jnz short loc_401368
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
jmp short loc_40139B
; ---------------------------------------------------------------------------
loc_401368: ; CODE XREF: sub_4012F8+64�j
mov ebx, [edx]
add ebx, [edx+4]
mov [esp+20h+var_1C], ebx
mov edi, [esi]
mov edi, [edi+8]
mov ebp, [esi]
add edi, [ebp+0Ch]
sub edi, ebx
mov [esp+20h+var_18], edi
sub ecx, eax
mov eax, [esi]
mov [eax+0Ch], ecx
lea edx, [esp+20h+var_1C]
mov eax, [esi]
call sub_4011E0
test al, al
jnz short loc_40139B
xor eax, eax
jmp short loc_4013B3
; ---------------------------------------------------------------------------
loc_40139B: ; CODE XREF: sub_4012F8+4B�j
; sub_4012F8+54�j ...
mov al, 1
jmp short loc_4013B3
; ---------------------------------------------------------------------------
loc_40139F: ; CODE XREF: sub_4012F8+1B�j
; sub_4012F8+2F�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
mov eax, [esi]
cmp eax, [esp+20h+var_14]
jnz loc_40130A
xor eax, eax
loc_4013B3: ; CODE XREF: sub_4012F8+A1�j
; sub_4012F8+A5�j
add esp, 10h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4013BC proc near ; CODE XREF: sub_4016DC+6E�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_4013D2
mov esi, 100000h
jmp short loc_4013DE
; ---------------------------------------------------------------------------
loc_4013D2: ; CODE XREF: sub_4013BC+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_4013DE: ; CODE XREF: sub_4013BC+14�j
mov [ebx+4], esi
push 1 ; flProtect
push 2000h ; flAllocationType
push esi ; dwSize
push 0 ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_40141B
mov edx, ebx
mov eax, offset dword_4085D4
call sub_4011E0
test al, al
jnz short loc_40141B
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebx]
push eax ; lpAddress
call VirtualFree ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_40141B: ; CODE XREF: sub_4013BC+3A�j
; sub_4013BC+4A�j
pop edi
pop esi
pop ebx
retn
sub_4013BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401420 proc near ; CODE XREF: sub_401784+62�p
; sub_401784+A9�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4 ; flProtect
push 2000h ; flAllocationType
push 100000h ; dwSize
push ebp ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_40146A
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4 ; flProtect
push 2000h ; flAllocationType
push esi ; dwSize
push ebp ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov [ebx], eax
loc_40146A: ; CODE XREF: sub_401420+29�j
cmp dword ptr [ebx], 0
jz short loc_401492
mov edx, ebx
mov eax, offset dword_4085D4
call sub_4011E0
test al, al
jnz short loc_401492
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebx]
push eax ; lpAddress
call VirtualFree ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_401492: ; CODE XREF: sub_401420+4D�j
; sub_401420+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401420 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401498 proc near ; CODE XREF: sub_4016DC+95�p
; sub_401784+90�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov edi, ecx
mov esi, esp
mov [esp+28h+var_20], 0FFFFFFFFh
xor ecx, ecx
mov [esp+28h+var_1C], ecx
mov [esp+28h+var_18], eax
add edx, [esp+28h+var_18]
mov [esp+28h+var_14], edx
mov eax, ds:dword_4085D4
mov [esi], eax
jmp short loc_401531
; ---------------------------------------------------------------------------
loc_4014C6: ; CODE XREF: sub_401498+A0�j
mov eax, [esi]
mov eax, [eax]
mov [esp+28h+var_24], eax
mov eax, [esi]
mov ebx, [eax+8]
cmp ebx, [esp+28h+var_18]
jb short loc_40152B
mov eax, ebx
mov edx, [esi]
add eax, [edx+0Ch]
cmp eax, [esp+28h+var_14]
ja short loc_40152B
cmp ebx, [esp+28h+var_20]
jnb short loc_4014F0
mov [esp+28h+var_20], ebx
loc_4014F0: ; CODE XREF: sub_401498+52�j
mov eax, [esi]
mov ebp, [eax+8]
mov eax, [esi]
add ebp, [eax+0Ch]
cmp ebp, [esp+28h+var_1C]
jbe short loc_401504
mov [esp+28h+var_1C], ebp
loc_401504: ; CODE XREF: sub_401498+66�j
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [esi]
mov eax, [eax+8]
push eax ; lpAddress
call VirtualFree ; VirtualFree
test eax, eax
jnz short loc_401524
mov ds:dword_4085B0, 1
loc_401524: ; CODE XREF: sub_401498+80�j
mov eax, [esi]
call sub_40123C
loc_40152B: ; CODE XREF: sub_401498+3F�j
; sub_401498+4C�j
mov eax, [esp+28h+var_24]
mov [esi], eax
loc_401531: ; CODE XREF: sub_401498+2C�j
mov eax, offset dword_4085D4
cmp eax, [esi]
jnz short loc_4014C6
xor eax, eax
mov [edi], eax
cmp [esp+28h+var_1C], 0
jz short loc_401556
mov eax, [esp+28h+var_20]
mov [edi], eax
mov eax, [esp+28h+var_1C]
sub eax, [esp+28h+var_20]
mov [edi+4], eax
loc_401556: ; CODE XREF: sub_401498+AB�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401498 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=18h
sub_401560 proc near ; CODE XREF: sub_4016DC+35�p
; sub_401784+100�p
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov ebx, ecx
mov [esp+24h+var_3C], edx
lea esi, [esp+24h+var_34]
lea edi, [esp+24h+var_38]
lea ebp, [esp+0Ch]
mov edx, eax
mov ecx, edx
and ecx, 0FFFFF000h
mov [esp+24h+var_2C], ecx
add edx, [esp+24h+var_3C]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+24h+var_28], edx
mov eax, [esp+24h+var_2C]
mov [ebx], eax
mov eax, [esp+24h+var_28]
sub eax, [esp+24h+var_2C]
mov [ebx+4], eax
mov eax, ds:dword_4085D4
mov [edi], eax
jmp short loc_40160E
; ---------------------------------------------------------------------------
loc_4015B3: ; CODE XREF: sub_401560+B5�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebp+18h+var_18], eax
mov eax, [esi]
cmp eax, [esp+24h+var_2C]
jnb short loc_4015D2
mov eax, [esp+24h+var_2C]
mov [esi], eax
loc_4015D2: ; CODE XREF: sub_401560+6A�j
mov eax, [ebp+18h+var_18]
cmp eax, [esp+24h+var_28]
jbe short loc_4015E2
mov eax, [esp+24h+var_28]
mov [ebp+18h+var_18], eax
loc_4015E2: ; CODE XREF: sub_401560+79�j
mov eax, [esi]
cmp eax, [ebp+18h+var_18]
jnb short loc_401608
push 4 ; flProtect
push 1000h ; flAllocationType
mov eax, [ebp+18h+var_18]
sub eax, [esi]
push eax ; dwSize
mov eax, [esi]
push eax ; lpAddress
call VirtualAlloc ; VirtualAlloc
test eax, eax
jnz short loc_401608
xor eax, eax
mov [ebx], eax
jmp short loc_401617
; ---------------------------------------------------------------------------
loc_401608: ; CODE XREF: sub_401560+87�j
; sub_401560+A0�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_40160E: ; CODE XREF: sub_401560+51�j
mov eax, offset dword_4085D4
cmp eax, [edi]
jnz short loc_4015B3
loc_401617: ; CODE XREF: sub_401560+A6�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401560 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401620 proc near ; CODE XREF: sub_4018C8+36�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], edx
lea esi, [esp+28h+var_20]
lea edi, [esp+28h+var_24]
lea ebx, [esp+28h+var_1C]
mov edx, eax
mov ebp, edx
add ebp, 0FFFh
and ebp, 0FFFFF000h
mov [esp+28h+var_18], ebp
add edx, [esp+28h+var_28]
and edx, 0FFFFF000h
mov [esp+28h+var_14], edx
mov eax, [esp+28h+var_18]
mov [ecx], eax
mov eax, [esp+28h+var_14]
sub eax, [esp+28h+var_18]
mov [ecx+4], eax
mov eax, ds:dword_4085D4
mov [edi], eax
jmp short loc_4016C9
; ---------------------------------------------------------------------------
loc_401671: ; CODE XREF: sub_401620+B0�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebx], eax
mov eax, [esi]
cmp eax, [esp+28h+var_18]
jnb short loc_40168F
mov eax, [esp+28h+var_18]
mov [esi], eax
loc_40168F: ; CODE XREF: sub_401620+67�j
mov eax, [ebx]
cmp eax, [esp+28h+var_14]
jbe short loc_40169D
mov eax, [esp+28h+var_14]
mov [ebx], eax
loc_40169D: ; CODE XREF: sub_401620+75�j
mov eax, [esi]
cmp eax, [ebx]
jnb short loc_4016C3
push 4000h ; dwFreeType
mov eax, [ebx]
sub eax, [esi]
push eax ; dwSize
mov eax, [esi]
push eax ; lpAddress
call VirtualFree ; VirtualFree
test eax, eax
jnz short loc_4016C3
mov ds:dword_4085B0, 2
loc_4016C3: ; CODE XREF: sub_401620+81�j
; sub_401620+97�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_4016C9: ; CODE XREF: sub_401620+4F�j
mov eax, offset dword_4085D4
cmp eax, [edi]
jnz short loc_401671
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401620 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4016DC proc near ; CODE XREF: sub_401FD8+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov edi, esp
mov ebp, offset dword_4085E4
add esi, 3FFFh
and esi, 0FFFFC000h
loc_4016FA: ; CODE XREF: sub_4016DC+8A�j
mov eax, [ebp+0]
mov [edi], eax
jmp short loc_401742
; ---------------------------------------------------------------------------
loc_401701: ; CODE XREF: sub_4016DC+68�j
mov eax, [edi]
cmp esi, [eax+0Ch]
jg short loc_40173C
mov ecx, ebx
mov eax, [edi]
mov eax, [eax+8]
mov edx, esi
call sub_401560
cmp dword ptr [ebx], 0
jz short loc_40177A
mov eax, [ebx+4]
mov edx, [edi]
add [edx+8], eax
mov eax, [ebx+4]
mov edx, [edi]
sub [edx+0Ch], eax
mov eax, [edi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40177A
mov eax, [edi]
call sub_40123C
jmp short loc_40177A
; ---------------------------------------------------------------------------
loc_40173C: ; CODE XREF: sub_4016DC+2A�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_401742: ; CODE XREF: sub_4016DC+23�j
cmp ebp, [edi]
jnz short loc_401701
mov edx, ebx
mov eax, esi
call sub_4013BC
cmp dword ptr [ebx], 0
jz short loc_40177A
lea ecx, [esp+1Ch+var_18]
mov edx, ebx
mov eax, ebp
call sub_401270
cmp [esp+1Ch+var_18], 0
jnz short loc_4016FA
lea ecx, [esp+1Ch+var_18]
mov edx, [ebx+4]
mov eax, [ebx]
call sub_401498
xor eax, eax
mov [ebx], eax
loc_40177A: ; CODE XREF: sub_4016DC+3D�j
; sub_4016DC+55�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4016DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401784 proc near ; CODE XREF: sub_402004+10�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], ecx
mov edi, edx
mov ebx, eax
lea esi, [esp+28h+var_24]
mov ebp, offset dword_4085E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_4017A7: ; CODE XREF: sub_401784+82�j
; sub_401784+C9�j
mov eax, [ebp+0]
mov [esi], eax
jmp short loc_4017B4
; ---------------------------------------------------------------------------
loc_4017AE: ; CODE XREF: sub_401784+39�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
loc_4017B4: ; CODE XREF: sub_401784+28�j
cmp ebp, [esi]
jz short loc_4017BF
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_4017AE
loc_4017BF: ; CODE XREF: sub_401784+32�j
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_401825
mov eax, [esi]
cmp edi, [eax+0Ch]
jle loc_40186D
mov eax, [esi]
mov edx, edi
sub edx, [eax+0Ch]
mov eax, [esi]
mov eax, [eax+8]
mov ecx, [esi]
add eax, [ecx+0Ch]
lea ecx, [esp+28h+var_20]
call sub_401420
cmp [esp+28h+var_20], 0
jz short loc_401825
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401270
cmp [esp+28h+var_18], 0
jnz short loc_4017A7
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401498
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp loc_4018BF
; ---------------------------------------------------------------------------
loc_401825: ; CODE XREF: sub_401784+40�j
; sub_401784+6C�j
lea ecx, [esp+28h+var_20]
mov edx, edi
mov eax, ebx
call sub_401420
cmp [esp+28h+var_20], 0
jz short loc_40186D
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401270
cmp [esp+28h+var_18], 0
jnz loc_4017A7
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401498
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp short loc_4018BF
; ---------------------------------------------------------------------------
loc_40186D: ; CODE XREF: sub_401784+47�j
; sub_401784+B3�j
mov eax, [esi]
mov ebp, [eax+8]
cmp ebx, ebp
jnz short loc_4018B8
mov eax, [esi]
cmp edi, [eax+0Ch]
jg short loc_4018B8
mov ecx, [esp+28h+var_28]
mov eax, ebp
mov edx, edi
call sub_401560
mov eax, [esp+28h+var_28]
cmp dword ptr [eax], 0
jz short loc_4018BF
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
add [edx+8], eax
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4018BF
mov eax, [esi]
call sub_40123C
jmp short loc_4018BF
; ---------------------------------------------------------------------------
loc_4018B8: ; CODE XREF: sub_401784+F0�j
; sub_401784+F7�j
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
loc_4018BF: ; CODE XREF: sub_401784+9C�j
; sub_401784+E7�j ...
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401784 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018C8 proc near ; CODE XREF: sub_401D4C+5B�p
; sub_401D4C+6C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, ecx
lea ecx, [eax+3FFFh]
and ecx, 0FFFFC000h
mov [esp+1Ch+var_1C], ecx
add edx, eax
and edx, 0FFFFC000h
mov [esp+1Ch+var_18], edx
mov eax, [esp+1Ch+var_18]
cmp eax, [esp+1Ch+var_1C]
jbe short loc_401951
mov ecx, ebx
mov edx, [esp+1Ch+var_18]
sub edx, [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
call sub_401620
lea ecx, [esp+1Ch+var_14]
mov edx, ebx
mov eax, offset dword_4085E4
call sub_401270
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jz short loc_40193A
lea ecx, [esp+1Ch+var_C]
mov edx, [esp+1Ch+var_10]
mov eax, ebx
call sub_401498
mov eax, [esp+1Ch+var_C]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_8]
mov [esp+1Ch+var_10], eax
loc_40193A: ; CODE XREF: sub_4018C8+51�j
cmp [esp+1Ch+var_14], 0
jz short loc_401955
lea edx, [esp+1Ch+var_14]
mov eax, offset dword_4085E4
call sub_4012F8
jmp short loc_401955
; ---------------------------------------------------------------------------
loc_401951: ; CODE XREF: sub_4018C8+28�j
xor eax, eax
mov [ebx], eax
loc_401955: ; CODE XREF: sub_4018C8+77�j
; sub_4018C8+87�j
add esp, 18h
pop ebx
retn
sub_4018C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40195C proc near ; CODE XREF: sub_4021B8+12�p
; sub_402364+19�p ...
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0040358C SIZE 00000036 BYTES
push ebp
mov ebp, esp
push ecx
xor edx, edx
push ebp
push offset loc_401A24
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset CriticalSection ; lpCriticalSection
call InitializeCriticalSection ; InitializeCriticalSection
cmp ds:byte_408035, 0
jz short loc_40198B
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_40198B: ; CODE XREF: sub_40195C+23�j
mov eax, offset dword_4085D4
call sub_4011D8
mov eax, offset dword_4085E4
call sub_4011D8
mov eax, offset dword_408610
call sub_4011D8
push 0FF8h ; uBytes
push 0 ; uFlags
call LocalAlloc ; LocalAlloc
mov ds:hMem, eax
cmp ds:hMem, 0
jz short loc_401A03
mov eax, 3
loc_4019C8: ; CODE XREF: sub_40195C+7E�j
mov edx, ds:hMem
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_4019C8
mov [ebp+var_4], offset dword_4085F4
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax], edx
mov eax, [ebp+var_4]
mov ds:dword_408600, eax
mov ds:byte_4085AC, 1
loc_401A03: ; CODE XREF: sub_40195C+65�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401A2B
loc_401A10: ; CODE XREF: sub_40195C+CD�j
cmp ds:byte_408035, 0
jz short loc_401A23
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_401A23: ; CODE XREF: sub_40195C+BB�j
retn
; ---------------------------------------------------------------------------
loc_401A24: ; DATA XREF: sub_40195C+7�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_401A10
; ---------------------------------------------------------------------------
loc_401A2B: ; CODE XREF: sub_40195C:loc_401A23�j
; DATA XREF: sub_40195C+AF�o
mov al, ds:byte_4085AC
pop ecx
pop ebp
retn
sub_40195C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A34 proc near ; CODE XREF: sub_404220+37�p
var_8 = dword ptr -8
hMem = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
cmp ds:byte_4085AC, 0
jz loc_401B2F
xor eax, eax
push ebp
push offset loc_401B28
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp ds:byte_408035, 0
jz short loc_401A68
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_401A68: ; CODE XREF: sub_401A34+28�j
mov ds:byte_4085AC, 0
mov eax, ds:hMem
push eax ; hMem
call LocalFree ; LocalFree
xor eax, eax
mov ds:hMem, eax
mov eax, ds:dword_4085D4
mov [ebp+var_8], eax
jmp short loc_401AA6
; ---------------------------------------------------------------------------
loc_401A8B: ; CODE XREF: sub_401A34+7A�j
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebp+var_8]
mov eax, [eax+8]
push eax ; lpAddress
call VirtualFree ; VirtualFree
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
loc_401AA6: ; CODE XREF: sub_401A34+55�j
mov eax, offset dword_4085D4
cmp eax, [ebp+var_8]
jnz short loc_401A8B
mov eax, offset dword_4085D4
call sub_4011D8
mov eax, offset dword_4085E4
call sub_4011D8
mov eax, offset dword_408610
call sub_4011D8
mov eax, ds:dword_4085CC
mov [ebp+hMem], eax
cmp [ebp+hMem], 0
jz short loc_401AFD
loc_401ADC: ; CODE XREF: sub_401A34+C7�j
mov eax, [ebp+hMem]
mov eax, [eax]
mov ds:dword_4085CC, eax
mov eax, [ebp+hMem]
push eax ; hMem
call LocalFree ; LocalFree
mov eax, ds:dword_4085CC
mov [ebp+hMem], eax
cmp [ebp+hMem], 0
jnz short loc_401ADC
loc_401AFD: ; CODE XREF: sub_401A34+A6�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401B2F
loc_401B0A: ; CODE XREF: sub_401A34+F9�j
cmp ds:byte_408035, 0
jz short loc_401B1D
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_401B1D: ; CODE XREF: sub_401A34+DD�j
push offset CriticalSection ; lpCriticalSection
call DeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401B28: ; DATA XREF: sub_401A34+16�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_401B0A
; ---------------------------------------------------------------------------
loc_401B2F: ; CODE XREF: sub_401A34+D�j
; sub_401A34+F3�j
; DATA XREF: ...
pop ecx
pop ecx
pop ebp
retn
sub_401A34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B34 proc near ; CODE XREF: sub_401C94+6B�p
; sub_401D0C+25�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF8h
cmp eax, ds:dword_408600
jnz short loc_401B49
mov edx, [eax+4]
mov ds:dword_408600, edx
loc_401B49: ; CODE XREF: sub_401B34+A�j
mov edx, [eax+4]
mov [esp+0Ch+var_C], edx
mov edx, [eax+8]
cmp edx, 1000h
jg short loc_401BA8
cmp eax, [esp+0Ch+var_C]
jnz short loc_401B76
test edx, edx
jns short loc_401B66
add edx, 3
loc_401B66: ; CODE XREF: sub_401B34+2D�j
sar edx, 2
mov eax, ds:hMem
xor ecx, ecx
mov [eax+edx*4-0Ch], ecx
jmp short loc_401BC1
; ---------------------------------------------------------------------------
loc_401B76: ; CODE XREF: sub_401B34+29�j
test edx, edx
jns short loc_401B7D
add edx, 3
loc_401B7D: ; CODE XREF: sub_401B34+44�j
sar edx, 2
mov ecx, ds:hMem
mov ebx, [esp+0Ch+var_C]
mov [ecx+edx*4-0Ch], ebx
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
jmp short loc_401BC1
; ---------------------------------------------------------------------------
loc_401BA8: ; CODE XREF: sub_401B34+24�j
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
loc_401BC1: ; CODE XREF: sub_401B34+40�j
; sub_401B34+72�j
pop ecx
pop edx
pop ebx
retn
sub_401B34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BC8 proc near ; CODE XREF: sub_401D4C+F�p
push ebx
push ecx
mov ecx, esp
mov edx, ds:dword_408610
mov [ecx], edx
jmp short loc_401BEE
; ---------------------------------------------------------------------------
loc_401BD6: ; CODE XREF: sub_401BC8+2D�j
mov edx, [ecx]
mov edx, [edx+8]
cmp eax, edx
jb short loc_401BE8
mov ebx, [ecx]
add edx, [ebx+0Ch]
cmp eax, edx
jb short loc_401C05
loc_401BE8: ; CODE XREF: sub_401BC8+15�j
mov edx, [ecx]
mov edx, [edx]
mov [ecx], edx
loc_401BEE: ; CODE XREF: sub_401BC8+C�j
mov edx, offset dword_408610
cmp edx, [ecx]
jnz short loc_401BD6
mov ds:dword_4085B0, 3
xor eax, eax
mov [ecx], eax
loc_401C05: ; CODE XREF: sub_401BC8+1E�j
mov eax, [ecx]
pop edx
pop ebx
retn
sub_401BC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C0C proc near ; CODE XREF: sub_401D4C+7E�p
; sub_401F4C+68�p
var_8 = dword ptr -8
push ebx
push ecx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
mov [esp+8+var_8], ebx
cmp edx, 10h
jl short loc_401C31
mov edx, [esp+8+var_8]
mov dword ptr [edx], 80000007h
mov edx, ecx
call sub_401E08
pop edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401C31: ; CODE XREF: sub_401C0C+10�j
cmp edx, 4
jl short loc_401C45
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov eax, [esp+8+var_8]
mov [eax], ecx
loc_401C45: ; CODE XREF: sub_401C0C+28�j
pop edx
pop ebx
retn
sub_401C0C endp
; =============== S U B R O U T I N E =======================================
sub_401C48 proc near ; CODE XREF: sub_401C6C+D�p
; sub_401F00+36�p ...
inc ds:dword_40859C
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add ds:dword_4085A0, edx
call sub_402364
retn
sub_401C48 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C6C proc near ; CODE XREF: sub_401D4C+A0�p
cmp edx, 0Ch
jl short loc_401C7F
or edx, 2
mov [eax], edx
add eax, 4
call sub_401C48
retn
; ---------------------------------------------------------------------------
loc_401C7F: ; CODE XREF: sub_401C6C+3�j
cmp edx, 4
jl short loc_401C8E
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401C8E: ; CODE XREF: sub_401C6C+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401C6C endp
; =============== S U B R O U T I N E =======================================
sub_401C94 proc near ; CODE XREF: sub_401F4C+36�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401CB8
mov ds:dword_4085B0, 4
loc_401CB8: ; CODE XREF: sub_401C94+18�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401CD8
mov ds:dword_4085B0, 5
loc_401CD8: ; CODE XREF: sub_401C94+38�j
test byte ptr [ecx], 1
jz short loc_401D06
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
mov [esp+0Ch+var_C], eax
mov eax, [esp+0Ch+var_C]
cmp esi, [eax+8]
jz short loc_401CFC
mov ds:dword_4085B0, 6
loc_401CFC: ; CODE XREF: sub_401C94+5C�j
mov eax, [esp+0Ch+var_C]
call sub_401B34
add ebx, esi
loc_401D06: ; CODE XREF: sub_401C94+47�j
mov eax, ebx
pop edx
pop esi
pop ebx
retn
sub_401C94 endp
; =============== S U B R O U T I N E =======================================
sub_401D0C proc near ; CODE XREF: sub_401F4C+4F�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
xor esi, esi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401D27
and eax, 7FFFFFFCh
add esi, eax
add ebx, eax
mov eax, [ebx]
loc_401D27: ; CODE XREF: sub_401D0C+E�j
test al, 2
jnz short loc_401D43
mov [esp+0Ch+var_C], ebx
mov eax, [esp+0Ch+var_C]
call sub_401B34
mov eax, [esp+0Ch+var_C]
mov eax, [eax+8]
add esi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401D43: ; CODE XREF: sub_401D0C+1D�j
mov eax, esi
pop edx
pop esi
pop ebx
retn
sub_401D0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D4C proc near ; CODE XREF: sub_401E08+A7�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov esi, edx
mov ebp, eax
xor ebx, ebx
mov eax, ebp
call sub_401BC8
mov [esp+1Ch+var_14], eax
cmp [esp+1Ch+var_14], 0
jz loc_401DFE
mov eax, [esp+1Ch+var_14]
mov edi, [eax+8]
mov eax, edi
mov edx, [esp+1Ch+var_14]
add eax, [edx+0Ch]
mov edx, eax
lea ecx, [esi+ebp]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401D8F
mov esi, eax
sub esi, ebp
loc_401D8F: ; CODE XREF: sub_401D4C+3D�j
mov eax, ebp
sub eax, edi
cmp eax, 0Ch
jge short loc_401DAE
mov eax, [esp+1Ch+var_14]
mov edx, ebp
sub edx, [eax+8]
add edx, esi
mov ecx, esp
mov eax, edi
call sub_4018C8
jmp short loc_401DBD
; ---------------------------------------------------------------------------
loc_401DAE: ; CODE XREF: sub_401D4C+4A�j
mov ecx, esp
mov edx, esi
sub edx, 4
lea eax, [ebp+4]
call sub_4018C8
loc_401DBD: ; CODE XREF: sub_401D4C+60�j
mov edi, [esp+1Ch+var_1C]
test edi, edi
jz short loc_401DFE
mov edx, edi
sub edx, ebp
mov eax, ebp
call sub_401C0C
mov edx, [esp+1Ch+var_14]
mov edx, [edx+8]
mov ecx, [esp+1Ch+var_14]
add edx, [ecx+0Ch]
mov eax, edi
add eax, [esp+1Ch+var_18]
cmp edx, eax
jbe short loc_401DF1
lea edx, [esi+ebp]
sub edx, eax
call sub_401C6C
loc_401DF1: ; CODE XREF: sub_401D4C+99�j
mov edx, esp
mov eax, [esp+1Ch+var_14]
call sub_4012F8
mov bl, 1
loc_401DFE: ; CODE XREF: sub_401D4C+1D�j
; sub_401D4C+76�j
mov eax, ebx
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401D4C endp
; =============== S U B R O U T I N E =======================================
sub_401E08 proc near ; CODE XREF: sub_401C0C+1D�p
; sub_402070+EE�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov [esp+14h+var_14], esi
mov eax, [esp+14h+var_14]
mov [eax+8], ebx
mov eax, [esp+14h+var_14]
add eax, ebx
sub eax, 0Ch
mov [eax+8], ebx
cmp ebx, 1000h
jg short loc_401EA3
mov eax, ebx
test eax, eax
jns short loc_401E36
add eax, 3
loc_401E36: ; CODE XREF: sub_401E08+29�j
sar eax, 2
mov edx, ds:hMem
mov edx, [edx+eax*4-0Ch]
mov [esp+14h+var_10], edx
cmp [esp+14h+var_10], 0
jnz short loc_401E71
mov edx, ds:hMem
mov ecx, [esp+14h+var_14]
mov [edx+eax*4-0Ch], ecx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax], edx
jmp loc_401EF9
; ---------------------------------------------------------------------------
loc_401E71: ; CODE XREF: sub_401E08+44�j
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
jmp short loc_401EF9
; ---------------------------------------------------------------------------
loc_401EA3: ; CODE XREF: sub_401E08+23�j
cmp ebx, 3C00h
jl short loc_401EB8
mov edx, ebx
mov eax, esi
call sub_401D4C
test al, al
jnz short loc_401EF9
loc_401EB8: ; CODE XREF: sub_401E08+A1�j
mov eax, ds:dword_408600
mov [esp+14h+var_10], eax
mov eax, [esp+14h+var_14]
mov ds:dword_408600, eax
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
loc_401EF9: ; CODE XREF: sub_401E08+64�j
; sub_401E08+99�j ...
add esp, 0Ch
pop esi
pop ebx
retn
sub_401E08 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401F00 proc near ; CODE XREF: sub_401F4C+F�p
; sub_402364+11D�p ...
cmp ds:dword_408604, 0
jle short locret_401F49
cmp ds:dword_408604, 0Ch
jge short loc_401F1E
mov ds:dword_4085B0, 7
jmp short locret_401F49
; ---------------------------------------------------------------------------
loc_401F1E: ; CODE XREF: sub_401F00+10�j
mov eax, ds:dword_408604
or eax, 2
mov edx, ds:dword_408608
mov [edx], eax
mov eax, ds:dword_408608
add eax, 4
call sub_401C48
xor eax, eax
mov ds:dword_408608, eax
xor eax, eax
mov ds:dword_408604, eax
locret_401F49: ; CODE XREF: sub_401F00+7�j
; sub_401F00+1C�j
retn
sub_401F00 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401F4C proc near ; CODE XREF: sub_401FD8+18�p
; sub_402004+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401F00
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset dword_408610
call sub_401270
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401F7C
xor eax, eax
jmp short loc_401FCE
; ---------------------------------------------------------------------------
loc_401F7C: ; CODE XREF: sub_401F4C+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401F8C
call sub_401C94
sub [edi], eax
add [edi+4], eax
loc_401F8C: ; CODE XREF: sub_401F4C+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401FA3
call sub_401D0C
add [edi+4], eax
loc_401FA3: ; CODE XREF: sub_401F4C+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401FBD
sub eax, 4
mov edx, 4
call sub_401C0C
sub dword ptr [edi+4], 4
loc_401FBD: ; CODE XREF: sub_401F4C+5E�j
mov eax, [edi]
mov ds:dword_408608, eax
mov eax, [edi+4]
mov ds:dword_408604, eax
mov al, 1
loc_401FCE: ; CODE XREF: sub_401F4C+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401F4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401FD8 proc near ; CODE XREF: sub_402070+76�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_4016DC
cmp [esp+0Ch+var_C], 0
jz short loc_401FF9
mov eax, esp
call sub_401F4C
test al, al
jnz short loc_401FFD
loc_401FF9: ; CODE XREF: sub_401FD8+14�j
xor eax, eax
jmp short loc_401FFF
; ---------------------------------------------------------------------------
loc_401FFD: ; CODE XREF: sub_401FD8+1F�j
mov al, 1
loc_401FFF: ; CODE XREF: sub_401FD8+23�j
pop ecx
pop edx
pop ebx
retn
sub_401FD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402004 proc near ; CODE XREF: sub_40253C+1C3�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_401784
cmp [esp+10h+var_10], 0
jz short loc_40202A
mov eax, esp
call sub_401F4C
test al, al
jnz short loc_40202E
loc_40202A: ; CODE XREF: sub_402004+19�j
xor eax, eax
jmp short loc_402030
; ---------------------------------------------------------------------------
loc_40202E: ; CODE XREF: sub_402004+24�j
mov al, 1
loc_402030: ; CODE XREF: sub_402004+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_402004 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402038 proc near ; CODE XREF: sub_402070+68�p
push ecx
mov edx, esp
xor ecx, ecx
mov [edx], ecx
test eax, eax
jns short loc_402046
add eax, 3
loc_402046: ; CODE XREF: sub_402038+9�j
sar eax, 2
cmp eax, 400h
jg short loc_402069
loc_402050: ; CODE XREF: sub_402038+2F�j
mov ecx, ds:hMem
mov ecx, [ecx+eax*4-0Ch]
mov [edx], ecx
cmp dword ptr [edx], 0
jnz short loc_402069
inc eax
cmp eax, 401h
jnz short loc_402050
loc_402069: ; CODE XREF: sub_402038+16�j
; sub_402038+27�j
mov eax, [edx]
pop edx
retn
sub_402038 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402070 proc near ; CODE XREF: sub_4021B8+173�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, eax
lea esi, [esp+1Ch+var_14]
mov edi, offset dword_408600
mov ebp, offset dword_408604
loc_402087: ; CODE XREF: sub_402070+8C�j
mov eax, ds:dword_4085F8
mov [esi], eax
mov eax, [esi]
cmp ebx, [eax+8]
jle loc_402144
mov eax, [edi]
mov [esi], eax
mov eax, [esi]
mov eax, [eax+8]
cmp ebx, eax
jle loc_402144
mov edx, [esi]
mov [edx+8], ebx
loc_4020AF: ; CODE XREF: sub_402070+4B�j
mov edx, [esi]
mov edx, [edx+4]
mov [esi], edx
mov edx, [esi]
cmp ebx, [edx+8]
jg short loc_4020AF
mov edx, [edi]
mov [edx+8], eax
mov eax, [esi]
cmp eax, [edi]
jz short loc_4020CE
mov eax, [esi]
mov [edi], eax
jmp short loc_402144
; ---------------------------------------------------------------------------
loc_4020CE: ; CODE XREF: sub_402070+56�j
cmp ebx, 1000h
jg short loc_4020E4
mov eax, ebx
call sub_402038
mov [esi], eax
cmp dword ptr [esi], 0
jnz short loc_402144
loc_4020E4: ; CODE XREF: sub_402070+64�j
mov eax, ebx
call sub_401FD8
test al, al
jnz short loc_4020F9
xor eax, eax
mov [esp+1Ch+var_1C], eax
jmp loc_4021AD
; ---------------------------------------------------------------------------
loc_4020F9: ; CODE XREF: sub_402070+7D�j
cmp ebx, [ebp+0]
jg short loc_402087
sub [ebp+0], ebx
cmp dword ptr [ebp+0], 0Ch
jge short loc_40210F
add ebx, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_40210F: ; CODE XREF: sub_402070+95�j
mov eax, ds:dword_408608
mov [esp+1Ch+var_18], eax
add ds:dword_408608, ebx
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40859C
sub ebx, 4
add ds:dword_4085A0, ebx
jmp short loc_4021AD
; ---------------------------------------------------------------------------
loc_402144: ; CODE XREF: sub_402070+23�j
; sub_402070+34�j ...
mov eax, [esi]
call sub_401B34
mov eax, [esi]
mov edx, [eax+8]
mov eax, edx
sub eax, ebx
cmp eax, 0Ch
jl short loc_402165
mov edx, [esi]
add edx, ebx
xchg eax, edx
call sub_401E08
jmp short loc_402183
; ---------------------------------------------------------------------------
loc_402165: ; CODE XREF: sub_402070+E7�j
mov ebx, edx
mov eax, [esi]
cmp eax, [edi]
jnz short loc_402174
mov eax, [esi]
mov eax, [eax+4]
mov [edi], eax
loc_402174: ; CODE XREF: sub_402070+FB�j
mov eax, [esi]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
loc_402183: ; CODE XREF: sub_402070+F3�j
mov eax, [esi]
mov [esp+1Ch+var_18], eax
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40859C
sub ebx, 4
add ds:dword_4085A0, ebx
loc_4021AD: ; CODE XREF: sub_402070+84�j
; sub_402070+D2�j
mov eax, [esp+1Ch+var_1C]
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402070 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021B8 proc near ; CODE XREF: sub_402740+5D�p
; sub_40280C+A�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov ebx, eax
cmp ds:byte_4085AC, 0
jnz short loc_4021D3
call sub_40195C
test al, al
jz short loc_4021DB
loc_4021D3: ; CODE XREF: sub_4021B8+10�j
cmp ebx, 7FFFFFF8h
jle short loc_4021E5
loc_4021DB: ; CODE XREF: sub_4021B8+19�j
xor eax, eax
mov [ebp+var_4], eax
jmp loc_40235B
; ---------------------------------------------------------------------------
loc_4021E5: ; CODE XREF: sub_4021B8+21�j
xor edx, edx
push ebp
push offset loc_402354
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_408035, 0
jz short loc_402206
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_402206: ; CODE XREF: sub_4021B8+42�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_402216
mov ebx, 0Ch
loc_402216: ; CODE XREF: sub_4021B8+57�j
cmp ebx, 1000h
jg loc_4022CE
mov eax, ebx
test eax, eax
jns short loc_40222B
add eax, 3
loc_40222B: ; CODE XREF: sub_4021B8+6E�j
sar eax, 2
mov edx, ds:hMem
mov edx, [edx+eax*4-0Ch]
mov [ebp+var_8], edx
cmp [ebp+var_8], 0
jz loc_4022CE
mov edx, [ebp+var_8]
add edx, ebx
mov [ebp+var_14], edx
mov edx, [ebp+var_14]
and dword ptr [edx], 0FFFFFFFEh
mov edx, [ebp+var_8]
mov edx, [edx+4]
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp edx, [ebp+var_8]
jnz short loc_402272
mov edx, ds:hMem
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
jmp short loc_402298
; ---------------------------------------------------------------------------
loc_402272: ; CODE XREF: sub_4021B8+AA�j
mov edx, ds:hMem
mov ecx, [ebp+var_10]
mov [edx+eax*4-0Ch], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov edx, [ebp+var_10]
mov [eax+4], edx
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
mov [eax], edx
loc_402298: ; CODE XREF: sub_4021B8+B8�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40859C
sub ebx, 4
add ds:dword_4085A0, ebx
call sub_403648
jmp loc_40235B
; ---------------------------------------------------------------------------
loc_4022CE: ; CODE XREF: sub_4021B8+64�j
; sub_4021B8+87�j
cmp ebx, ds:dword_408604
jg short loc_402329
sub ds:dword_408604, ebx
cmp ds:dword_408604, 0Ch
jge short loc_4022F2
add ebx, ds:dword_408604
xor eax, eax
mov ds:dword_408604, eax
loc_4022F2: ; CODE XREF: sub_4021B8+12B�j
mov eax, ds:dword_408608
mov [ebp+var_14], eax
add ds:dword_408608, ebx
mov eax, ebx
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40859C
sub ebx, 4
add ds:dword_4085A0, ebx
call sub_403648
jmp short loc_40235B
; ---------------------------------------------------------------------------
loc_402329: ; CODE XREF: sub_4021B8+11C�j
mov eax, ebx
call sub_402070
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40235B
loc_402340: ; CODE XREF: sub_4021B8+1A1�j
cmp ds:byte_408035, 0
jz short loc_402353
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_402353: ; CODE XREF: sub_4021B8+18F�j
retn
; ---------------------------------------------------------------------------
loc_402354: ; DATA XREF: sub_4021B8+30�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_402340
; ---------------------------------------------------------------------------
loc_40235B: ; CODE XREF: sub_4021B8+28�j
; sub_4021B8+111�j ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_4021B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402364 proc near ; CODE XREF: sub_401C48+1C�p
; sub_402740+8D�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov ebx, eax
xor eax, eax
mov ds:dword_4085B0, eax
cmp ds:byte_4085AC, 0
jnz short loc_40239C
call sub_40195C
test al, al
jnz short loc_40239C
mov ds:dword_4085B0, 8
mov [ebp+var_4], 8
jmp loc_402532
; ---------------------------------------------------------------------------
loc_40239C: ; CODE XREF: sub_402364+17�j
; sub_402364+20�j
xor edx, edx
push ebp
push offset loc_40252B
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_408035, 0
jz short loc_4023BD
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_4023BD: ; CODE XREF: sub_402364+4D�j
mov [ebp+var_8], ebx
mov eax, [ebp+var_8]
sub eax, 4
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [eax]
test bl, 2
jnz short loc_4023E2
mov ds:dword_4085B0, 9
jmp loc_402502
; ---------------------------------------------------------------------------
loc_4023E2: ; CODE XREF: sub_402364+6D�j
dec ds:dword_40859C
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub ds:dword_4085A0, eax
test bl, 1
jz short loc_402450
mov eax, [ebp+var_8]
sub eax, 0Ch
mov eax, [eax+8]
cmp eax, 0Ch
jl short loc_402412
test eax, 80000003h
jz short loc_402421
loc_402412: ; CODE XREF: sub_402364+A5�j
mov ds:dword_4085B0, 0Ah
jmp loc_402502
; ---------------------------------------------------------------------------
loc_402421: ; CODE XREF: sub_402364+AC�j
mov edx, [ebp+var_8]
sub edx, eax
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp eax, [edx+8]
jz short loc_402440
mov ds:dword_4085B0, 0Ah
jmp loc_402502
; ---------------------------------------------------------------------------
loc_402440: ; CODE XREF: sub_402364+CB�j
add ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
call sub_401B34
loc_402450: ; CODE XREF: sub_402364+97�j
and ebx, 7FFFFFFCh
mov eax, [ebp+var_8]
add eax, ebx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
cmp eax, ds:dword_408608
jnz short loc_402495
sub ds:dword_408608, ebx
add ds:dword_408604, ebx
cmp ds:dword_408604, 3C00h
jle short loc_402486
call sub_401F00
loc_402486: ; CODE XREF: sub_402364+11B�j
xor eax, eax
mov [ebp+var_4], eax
call sub_403648
jmp loc_402532
; ---------------------------------------------------------------------------
loc_402495: ; CODE XREF: sub_402364+103�j
mov eax, [ebp+var_C]
mov eax, [eax]
test al, 2
jz short loc_4024BC
and eax, 7FFFFFFCh
cmp eax, 4
jge short loc_4024B4
mov ds:dword_4085B0, 0Bh
jmp short loc_402502
; ---------------------------------------------------------------------------
loc_4024B4: ; CODE XREF: sub_402364+142�j
mov eax, [ebp+var_C]
or dword ptr [eax], 1
jmp short loc_4024F8
; ---------------------------------------------------------------------------
loc_4024BC: ; CODE XREF: sub_402364+138�j
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
cmp dword ptr [eax+4], 0
jz short loc_4024DC
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0
jz short loc_4024DC
mov eax, [ebp+var_10]
cmp dword ptr [eax+8], 0Ch
jge short loc_4024E8
loc_4024DC: ; CODE XREF: sub_402364+165�j
; sub_402364+16D�j
mov ds:dword_4085B0, 0Bh
jmp short loc_402502
; ---------------------------------------------------------------------------
loc_4024E8: ; CODE XREF: sub_402364+176�j
mov eax, [ebp+var_10]
mov eax, [eax+8]
add ebx, eax
mov eax, [ebp+var_10]
call sub_401B34
loc_4024F8: ; CODE XREF: sub_402364+156�j
mov edx, ebx
mov eax, [ebp+var_8]
call sub_401E08
loc_402502: ; CODE XREF: sub_402364+79�j
; sub_402364+B8�j ...
mov eax, ds:dword_4085B0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402532
loc_402517: ; CODE XREF: sub_402364+1CC�j
cmp ds:byte_408035, 0
jz short loc_40252A
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_40252A: ; CODE XREF: sub_402364+1BA�j
retn
; ---------------------------------------------------------------------------
loc_40252B: ; DATA XREF: sub_402364+3B�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_402517
; ---------------------------------------------------------------------------
loc_402532: ; CODE XREF: sub_402364+33�j
; sub_402364+12C�j ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_402364 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40253C proc near ; CODE XREF: sub_402740+4D�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_402555
mov ebx, 0Ch
loc_402555: ; CODE XREF: sub_40253C+12�j
sub eax, 4
mov [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_1C]
mov esi, [eax]
and esi, 7FFFFFFCh
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
cmp esi, ebx
jnz short loc_40257A
mov al, 1
jmp loc_402737
; ---------------------------------------------------------------------------
loc_40257A: ; CODE XREF: sub_40253C+35�j
cmp esi, ebx
jle loc_402612
mov ebp, esi
sub ebp, ebx
mov edx, [esp+1Ch+var_18]
cmp edx, ds:dword_408608
jnz short loc_4025BE
sub ds:dword_408608, ebp
add ds:dword_408604, ebp
cmp ds:dword_408604, 0Ch
jge loc_40271A
add ds:dword_408608, ebp
sub ds:dword_408604, ebp
mov ebx, esi
jmp loc_40271A
; ---------------------------------------------------------------------------
loc_4025BE: ; CODE XREF: sub_40253C+54�j
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_4025E3
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_14]
add ebp, [eax+8]
mov eax, [esp+1Ch+var_14]
call sub_401B34
loc_4025E3: ; CODE XREF: sub_40253C+8D�j
cmp ebp, 0Ch
jl short loc_40260B
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
or ebp, 2
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_18]
add eax, 4
call sub_401C48
jmp loc_40271A
; ---------------------------------------------------------------------------
loc_40260B: ; CODE XREF: sub_40253C+AA�j
mov ebx, esi
jmp loc_40271A
; ---------------------------------------------------------------------------
loc_402612: ; CODE XREF: sub_40253C+40�j
; sub_40253C+1D5�j
mov edi, ebx
sub edi, esi
mov eax, [esp+1Ch+var_18]
cmp eax, ds:dword_408608
jnz short loc_402687
cmp edi, ds:dword_408604
jg short loc_402679
sub ds:dword_408604, edi
add ds:dword_408608, edi
cmp ds:dword_408604, 0Ch
jge short loc_402657
mov eax, ds:dword_408604
add ds:dword_408608, eax
add ebx, ds:dword_408604
xor eax, eax
mov ds:dword_408604, eax
loc_402657: ; CODE XREF: sub_40253C+101�j
mov eax, ebx
sub eax, esi
add ds:dword_4085A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
jmp loc_402737
; ---------------------------------------------------------------------------
loc_402679: ; CODE XREF: sub_40253C+EC�j
call sub_401F00
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
loc_402687: ; CODE XREF: sub_40253C+E4�j
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_4026DF
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov edx, [esp+1Ch+var_14]
mov ebp, [edx+8]
cmp edi, ebp
jle short loc_4026AD
add eax, ebp
mov [esp+1Ch+var_18], eax
sub edi, ebp
jmp short loc_4026DF
; ---------------------------------------------------------------------------
loc_4026AD: ; CODE XREF: sub_40253C+165�j
mov eax, [esp+1Ch+var_14]
call sub_401B34
sub ebp, edi
cmp ebp, 0Ch
jl short loc_4026CB
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov edx, ebp
call sub_401E08
jmp short loc_40271A
; ---------------------------------------------------------------------------
loc_4026CB: ; CODE XREF: sub_40253C+17F�j
add ebx, ebp
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
jmp short loc_40271A
; ---------------------------------------------------------------------------
loc_4026DF: ; CODE XREF: sub_40253C+152�j
; sub_40253C+16F�j
mov eax, [esp+1Ch+var_18]
mov eax, [eax]
test eax, 80000000h
jz short loc_402716
and eax, 7FFFFFFCh
add eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_18], eax
mov edx, edi
mov eax, [esp+1Ch+var_18]
call sub_402004
test al, al
jz short loc_402716
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
jmp loc_402612
; ---------------------------------------------------------------------------
loc_402716: ; CODE XREF: sub_40253C+1AE�j
; sub_40253C+1CA�j
xor eax, eax
jmp short loc_402737
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_40253C+69�j
; sub_40253C+7D�j ...
mov eax, ebx
sub eax, esi
add ds:dword_4085A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
loc_402737: ; CODE XREF: sub_40253C+39�j
; sub_40253C+138�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40253C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402740 proc near ; CODE XREF: sub_40285C+D�p
; DATA XREF: DATA:off_407034�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp ds:byte_4085AC, 0
jnz short loc_402768
call sub_40195C
test al, al
jnz short loc_402768
xor eax, eax
mov [ebp+var_4], eax
jmp loc_402800
; ---------------------------------------------------------------------------
loc_402768: ; CODE XREF: sub_402740+13�j
; sub_402740+1C�j
xor edx, edx
push ebp
push offset loc_4027F9
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_408035, 0
jz short loc_402789
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_402789: ; CODE XREF: sub_402740+3D�j
mov edx, esi
mov eax, ebx
call sub_40253C
test al, al
jz short loc_40279B
mov [ebp+var_4], ebx
jmp short loc_4027D8
; ---------------------------------------------------------------------------
loc_40279B: ; CODE XREF: sub_402740+54�j
mov eax, esi
call sub_4021B8
mov [ebp+var_8], eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_4027BA
mov eax, esi
loc_4027BA: ; CODE XREF: sub_402740+76�j
cmp [ebp+var_8], 0
jz short loc_4027D2
mov edx, [ebp+var_8]
mov ecx, ebx
xchg eax, ecx
call sub_40296C
mov eax, ebx
call sub_402364
loc_4027D2: ; CODE XREF: sub_402740+7E�j
mov eax, [ebp+var_8]
mov [ebp+var_4], eax
loc_4027D8: ; CODE XREF: sub_402740+59�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402800
loc_4027E5: ; CODE XREF: sub_402740+BE�j
cmp ds:byte_408035, 0
jz short loc_4027F8
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_4027F8: ; CODE XREF: sub_402740+AC�j
retn
; ---------------------------------------------------------------------------
loc_4027F9: ; DATA XREF: sub_402740+2B�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4027E5
; ---------------------------------------------------------------------------
loc_402800: ; CODE XREF: sub_402740+23�j
; sub_402740:loc_4027F8�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_402740 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40280C proc near ; CODE XREF: sub_403BB0+C�p
; sub_405074+143A�p
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, eax
test ebx, ebx
jle short loc_40282E
mov eax, ebx
call ds:off_40702C
mov [esp+8+var_8], eax
cmp [esp+8+var_8], 0
jnz short loc_402833
mov al, 1
call sub_402904
; ---------------------------------------------------------------------------
jmp short loc_402833
; ---------------------------------------------------------------------------
loc_40282E: ; CODE XREF: sub_40280C+6�j
xor eax, eax
mov [esp+8+var_8], eax
loc_402833: ; CODE XREF: sub_40280C+17�j
; sub_40280C+20�j
mov eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_40280C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40283C proc near ; CODE XREF: sub_403B18+1C�p
; sub_403B3C+21�p ...
push ebx
test eax, eax
jz short loc_402856
call ds:off_407030
mov ebx, eax
test ebx, ebx
jz short loc_402858
mov al, 2
call sub_402904
; ---------------------------------------------------------------------------
jmp short loc_402858
; ---------------------------------------------------------------------------
loc_402856: ; CODE XREF: sub_40283C+3�j
xor ebx, ebx
loc_402858: ; CODE XREF: sub_40283C+F�j
; sub_40283C+18�j
mov eax, ebx
pop ebx
retn
sub_40283C endp
; =============== S U B R O U T I N E =======================================
sub_40285C proc near ; CODE XREF: sub_403EE4+22�p
mov ecx, [eax]
test ecx, ecx
jz short loc_402894
test edx, edx
jz short loc_40287E
push eax
mov eax, ecx
call ds:off_407034
pop ecx
or eax, eax
jz short loc_40288D
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_402877: ; CODE XREF: sub_40285C+2E�j
mov al, 2
jmp sub_402904
; ---------------------------------------------------------------------------
loc_40287E: ; CODE XREF: sub_40285C+8�j
mov [eax], edx
mov eax, ecx
call ds:off_407030
or eax, eax
jnz short loc_402877
retn
; ---------------------------------------------------------------------------
loc_40288D: ; CODE XREF: sub_40285C+16�j
; sub_40285C+48�j
mov al, 1
jmp sub_402904
; ---------------------------------------------------------------------------
loc_402894: ; CODE XREF: sub_40285C+4�j
test edx, edx
jz short locret_4028A8
push eax
mov eax, edx
call ds:off_40702C
pop ecx
or eax, eax
jz short loc_40288D
mov [ecx], eax
locret_4028A8: ; CODE XREF: sub_40285C+3A�j
retn
sub_40285C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4028AC proc near ; CODE XREF: sub_4028B8+42�p
; CODE:004036F7�p
mov ds:dword_407004, edx
call sub_403B00
sub_4028AC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4028B8 proc near ; CODE XREF: sub_402904+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_408008, 0
jz short loc_4028D4
mov edx, esi
mov eax, ebx
call ds:dword_408008
loc_4028D4: ; CODE XREF: sub_4028B8+10�j
test bl, bl
jnz short loc_4028E5
call sub_4043D8
mov ebx, [eax+4]
jmp short loc_4028F4
; ---------------------------------------------------------------------------
loc_4028E5: ; CODE XREF: sub_4028B8+1E�j
cmp bl, 18h
ja short loc_4028F4
xor eax, eax
mov al, bl
mov bl, ds:byte_407038[eax]
loc_4028F4: ; CODE XREF: sub_4028B8+2B�j
; sub_4028B8+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_4028AC
sub_4028B8 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402904 proc near ; CODE XREF: sub_40280C+1B�p
; sub_40283C+13�p ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_4028B8
sub_402904 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402910 proc near ; CODE XREF: sub_405074+E50�p
; sub_405074+1255�p ...
push eax
push edx
push ecx
call sub_4043D8
cmp dword ptr [eax+4], 0
pop ecx
pop edx
pop eax
jnz short loc_402925
retn
; ---------------------------------------------------------------------------
loc_402925: ; CODE XREF: sub_402910+12�j
xor eax, eax
jmp sub_402904
sub_402910 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402930 proc near ; CODE XREF: sub_402940+5�p
; sub_402B80+4E�p ...
push ebx
mov ebx, eax
call sub_4043D8
mov [eax+4], ebx
pop ebx
retn
sub_402930 endp
; =============== S U B R O U T I N E =======================================
sub_402940 proc near ; CODE XREF: sub_403008+17�p
call GetLastError
call sub_402930
retn
sub_402940 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40294C proc near ; CODE XREF: sub_405074+125A�p
push ebx
call sub_4043D8
mov ebx, [eax+4]
call sub_4043D8
xor edx, edx
mov [eax+4], edx
mov eax, ebx
pop ebx
retn
sub_40294C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40296C proc near ; CODE XREF: sub_402740+86�p
; sub_402E3C+4F�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_40298B
jz short loc_4029A9
sar ecx, 2
js short loc_4029A9
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40298B: ; CODE XREF: sub_40296C+A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
sar ecx, 2
js short loc_4029A9
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_4029A9: ; CODE XREF: sub_40296C+C�j
; sub_40296C+11�j ...
pop edi
pop esi
retn
sub_40296C endp
; =============== S U B R O U T I N E =======================================
sub_4029AC proc near ; CODE XREF: sub_402B10+44�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_24], edx
mov [esp+28h+var_28], eax
mov esi, esp
lea edi, [esp+28h+var_14]
jmp short loc_4029CC
; ---------------------------------------------------------------------------
loc_4029C2: ; CODE XREF: sub_4029AC+2B�j
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [esi], eax
loc_4029CC: ; CODE XREF: sub_4029AC+14�j
; sub_4029AC+3F�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_4029D9
cmp bl, 20h
jbe short loc_4029C2
loc_4029D9: ; CODE XREF: sub_4029AC+26�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_4029ED
mov eax, [esi]
cmp byte ptr [eax+1], 22h
jnz short loc_4029ED
add dword ptr [esi], 2
jmp short loc_4029CC
; ---------------------------------------------------------------------------
loc_4029ED: ; CODE XREF: sub_4029AC+32�j
; sub_4029AC+3A�j
xor ebp, ebp
mov eax, [esi]
mov [esp+28h+var_1C], eax
jmp short loc_402A52
; ---------------------------------------------------------------------------
loc_4029F7: ; CODE XREF: sub_4029AC+AB�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402A3E
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [esi], eax
jmp short loc_402A1E
; ---------------------------------------------------------------------------
loc_402A0A: ; CODE XREF: sub_4029AC+7D�j
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_402A1E: ; CODE XREF: sub_4029AC+5C�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402A2B
cmp bl, 22h
jnz short loc_402A0A
loc_402A2B: ; CODE XREF: sub_4029AC+78�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_402A52
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [esi], eax
jmp short loc_402A52
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_4029AC+50�j
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_402A52: ; CODE XREF: sub_4029AC+49�j
; sub_4029AC+84�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja short loc_4029F7
mov eax, [esp+28h+var_24]
mov edx, ebp
call sub_403EE4
mov eax, [esp+28h+var_1C]
mov [esi], eax
mov eax, [esp+28h+var_24]
mov eax, [eax]
mov [esp+28h+var_18], eax
xor ebp, ebp
jmp short loc_402AF3
; ---------------------------------------------------------------------------
loc_402A78: ; CODE XREF: sub_4029AC+14C�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402ACF
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [esi], eax
jmp short loc_402AAF
; ---------------------------------------------------------------------------
loc_402A8B: ; CODE XREF: sub_4029AC+10E�j
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402AAF
loc_402A9B: ; CODE XREF: sub_4029AC+101�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_402A9B
loc_402AAF: ; CODE XREF: sub_4029AC+DD�j
; sub_4029AC+ED�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402ABC
cmp bl, 22h
jnz short loc_402A8B
loc_402ABC: ; CODE XREF: sub_4029AC+109�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_402AF3
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [esi], eax
jmp short loc_402AF3
; ---------------------------------------------------------------------------
loc_402ACF: ; CODE XREF: sub_4029AC+D1�j
mov eax, [esi]
push eax ; lpsz
call CharNextA ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402AF3
loc_402ADF: ; CODE XREF: sub_4029AC+145�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_402ADF
loc_402AF3: ; CODE XREF: sub_4029AC+CA�j
; sub_4029AC+115�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja loc_402A78
mov eax, [esi]
mov [esp+28h+var_20], eax
mov eax, [esp+28h+var_20]
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4029AC endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_405074+148A�p
var_114 = dword ptr -114h
Filename = byte ptr -110h
push ebx
push esi
add esp, 0FFFFFEF4h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_403B18
test esi, esi
jnz short loc_402B47
push 105h ; nSize
lea eax, [esp+118h+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov ecx, eax
lea edx, [esp+114h+Filename]
mov eax, ebx
call sub_403BDC
jmp short loc_402B68
; ---------------------------------------------------------------------------
loc_402B47: ; CODE XREF: sub_402B10+15�j
call GetCommandLineA ; GetCommandLineA
mov [esp+114h+var_114], eax
loc_402B4F: ; CODE XREF: sub_402B10+56�j
mov edx, ebx
mov eax, [esp+114h+var_114]
call sub_4029AC
mov [esp+114h+var_114], eax
test esi, esi
jz short loc_402B68
cmp dword ptr [ebx], 0
jz short loc_402B68
dec esi
jmp short loc_402B4F
; ---------------------------------------------------------------------------
loc_402B68: ; CODE XREF: sub_402B10+35�j
; sub_402B10+4E�j ...
add esp, 10Ch
pop esi
pop ebx
retn
sub_402B10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B74 proc near ; CODE XREF: sub_40476C+81�p
var_8 = qword ptr -8
sub esp, 8
fistp [esp+8+var_8]
wait
pop eax
pop edx
retn
sub_402B74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B80 proc near ; CODE XREF: sub_402BD8+4�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov ax, [ebx+4]
cmp ax, 0D7B0h
jb short loc_402B96
cmp ax, 0D7B3h
jbe short loc_402B9D
loc_402B96: ; CODE XREF: sub_402B80+E�j
mov ebx, 66h
jmp short loc_402BC8
; ---------------------------------------------------------------------------
loc_402B9D: ; CODE XREF: sub_402B80+14�j
cmp ax, 0D7B0h
jz short loc_402BAA
mov eax, ebx
call sub_402F58
loc_402BAA: ; CODE XREF: sub_402B80+21�j
mov [ebx+4], si
cmp byte ptr [ebx+48h], 0
jnz short loc_402BC1
cmp dword ptr [ebx+18h], 0
jnz short loc_402BC1
mov dword ptr [ebx+18h], offset loc_402C90
loc_402BC1: ; CODE XREF: sub_402B80+32�j
; sub_402B80+38�j
mov eax, ebx
call dword ptr [ebx+18h]
mov ebx, eax
loc_402BC8: ; CODE XREF: sub_402B80+1B�j
test ebx, ebx
jz short loc_402BD3
mov eax, ebx
call sub_402930
loc_402BD3: ; CODE XREF: sub_402B80+4A�j
mov eax, ebx
pop esi
pop ebx
retn
sub_402B80 endp
; =============== S U B R O U T I N E =======================================
sub_402BD8 proc near ; CODE XREF: sub_405074+E4B�p
mov dx, 0D7B2h
call sub_402B80
retn
sub_402BD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BE4 proc near ; DATA XREF: CODE:00402CC0�o
push ebx
mov ebx, eax
xor eax, eax
mov [ebx+10h], eax
xor eax, eax
mov [ebx+0Ch], eax
push 0 ; lpOverlapped
lea eax, [ebx+10h]
push eax ; lpNumberOfBytesRead
mov eax, [ebx+8]
push eax ; nNumberOfBytesToRead
mov eax, [ebx+14h]
push eax ; lpBuffer
mov eax, [ebx]
push eax ; hFile
call ReadFile ; ReadFile
test eax, eax
jnz short loc_402C19
call GetLastError
cmp eax, 6Dh
jnz short loc_402C1B
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402C19: ; CODE XREF: sub_402BE4+25�j
xor eax, eax
loc_402C1B: ; CODE XREF: sub_402BE4+2F�j
pop ebx
retn
sub_402BE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C20 proc near ; DATA XREF: CODE:00402CF7�o
; CODE:00402DC7�o ...
xor eax, eax
retn
sub_402C20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402C24 proc near ; DATA XREF: CODE:loc_402CE9�o
; CODE:00402E0F�o
NumberOfBytesWritten= dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
mov esi, [ebx+0Ch]
test esi, esi
jnz short loc_402C34
xor eax, eax
jmp short loc_402C5A
; ---------------------------------------------------------------------------
loc_402C34: ; CODE XREF: sub_402C24+A�j
push 0 ; lpOverlapped
lea eax, [esp+10h+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
mov eax, [ebx+14h]
push eax ; lpBuffer
mov eax, [ebx]
push eax ; hFile
call WriteFile ; WriteFile
test eax, eax
jnz short loc_402C53
call GetLastError
jmp short loc_402C55
; ---------------------------------------------------------------------------
loc_402C53: ; CODE XREF: sub_402C24+26�j
xor eax, eax
loc_402C55: ; CODE XREF: sub_402C24+2D�j
xor edx, edx
mov [ebx+0Ch], edx
loc_402C5A: ; CODE XREF: sub_402C24+E�j
pop edx
pop esi
pop ebx
retn
sub_402C24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C60 proc near ; CODE XREF: sub_402C70+B�p
; sub_403008+E�p
push ebx
mov ebx, eax
push ebx ; hObject
call CloseHandle ; CloseHandle
dec eax
setz al
pop ebx
retn
sub_402C60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C70 proc near ; DATA XREF: CODE:loc_402CF0�o
push ebx
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
mov eax, [ebx]
call sub_402C60
test al, al
jnz short loc_402C8B
call GetLastError
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402C8B: ; CODE XREF: sub_402C70+12�j
xor eax, eax
pop ebx
retn
sub_402C70 endp
; ---------------------------------------------------------------------------
align 10h
loc_402C90: ; DATA XREF: sub_402B80+3A�o
; sub_402E3C+35�o
push esi
mov esi, eax
xor eax, eax
mov [esi+0Ch], eax
mov [esi+10h], eax
mov ax, [esi+4]
sub eax, 0D7B1h
jz short loc_402CB1
dec eax
jz short loc_402CC9
dec eax
jz short loc_402CDA
jmp loc_402E18
; ---------------------------------------------------------------------------
loc_402CB1: ; CODE XREF: CODE:00402CA4�j
mov eax, 80000000h
mov edx, 1
mov ecx, 3
mov dword ptr [esi+1Ch], offset sub_402BE4
jmp short loc_402CF0
; ---------------------------------------------------------------------------
loc_402CC9: ; CODE XREF: CODE:00402CA7�j
mov eax, 40000000h
mov edx, 1
mov ecx, 2
jmp short loc_402CE9
; ---------------------------------------------------------------------------
loc_402CDA: ; CODE XREF: CODE:00402CAA�j
mov eax, 0C0000000h
mov edx, 1
mov ecx, 3
loc_402CE9: ; CODE XREF: CODE:00402CD8�j
mov dword ptr [esi+1Ch], offset sub_402C24
loc_402CF0: ; CODE XREF: CODE:00402CC7�j
mov dword ptr [esi+24h], offset sub_402C70
mov dword ptr [esi+20h], offset sub_402C20
cmp byte ptr [esi+48h], 0
jz loc_402DBA
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [esi+48h]
push eax
call CreateFileA ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_402E2E
mov [esi], eax
cmp word ptr [esi+4], 0D7B3h
jnz loc_402DF7
dec word ptr [esi+4]
push 0
push dword ptr [esi]
call GetFileSize ; GetFileSize
inc eax
jz loc_402E2E
sub eax, 81h
jnb short loc_402D51
xor eax, eax
loc_402D51: ; CODE XREF: CODE:00402D4D�j
push 0
push 0
push eax
push dword ptr [esi]
call SetFilePointer ; SetFilePointer
inc eax
jz loc_402E2E
push 0
mov edx, esp
push 0
push edx
push 80h
lea edx, [esi+14Ch]
push edx
push dword ptr [esi]
call ReadFile ; ReadFile
pop edx
dec eax
jnz loc_402E2E
xor eax, eax
loc_402D88: ; CODE XREF: CODE:00402D97�j
cmp eax, edx
jnb short loc_402DF7
cmp byte ptr [esi+eax+14Ch], 0Eh
jz short loc_402D99
inc eax
jmp short loc_402D88
; ---------------------------------------------------------------------------
loc_402D99: ; CODE XREF: CODE:00402D94�j
push 2
push 0
sub eax, edx
push eax
push dword ptr [esi]
call SetFilePointer ; SetFilePointer
inc eax
jz loc_402E2E
push dword ptr [esi]
call SetEndOfFile ; SetEndOfFile
dec eax
jnz short loc_402E2E
jmp short loc_402DF7
; ---------------------------------------------------------------------------
loc_402DBA: ; CODE XREF: CODE:00402D02�j
lea eax, [esi+14Ch]
mov dword ptr [esi+8], 80h
mov dword ptr [esi+24h], offset sub_402C20
mov [esi+14h], eax
cmp word ptr [esi+4], 0D7B2h
jz short loc_402DDD
push 0FFFFFFF6h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DDD: ; CODE XREF: CODE:00402DD7�j
cmp esi, offset dword_4083D0
jnz short loc_402DE9
push 0FFFFFFF4h
jmp short loc_402DEB
; ---------------------------------------------------------------------------
loc_402DE9: ; CODE XREF: CODE:00402DE3�j
push 0FFFFFFF5h
loc_402DEB: ; CODE XREF: CODE:00402DDB�j
; CODE:00402DE7�j
call GetStdHandle ; GetStdHandle
cmp eax, 0FFFFFFFFh
jz short loc_402E2E
mov [esi], eax
loc_402DF7: ; CODE XREF: CODE:00402D2E�j
; CODE:00402D8A�j ...
cmp word ptr [esi+4], 0D7B1h
jz short loc_402E16
push dword ptr [esi]
call GetFileType ; GetFileType
test eax, eax
jz short loc_402E1A
cmp eax, 2
jnz short loc_402E16
mov dword ptr [esi+20h], offset sub_402C24
loc_402E16: ; CODE XREF: CODE:00402DFD�j
; CODE:00402E0D�j
xor eax, eax
loc_402E18: ; CODE XREF: CODE:00402CAC�j
; CODE:00402E2C�j ...
pop esi
retn
; ---------------------------------------------------------------------------
loc_402E1A: ; CODE XREF: CODE:00402E08�j
push dword ptr [esi]
call CloseHandle ; CloseHandle
mov word ptr [esi+4], 0D7B0h
mov eax, 69h
jmp short loc_402E18
; ---------------------------------------------------------------------------
loc_402E2E: ; CODE XREF: CODE:00402D20�j
; CODE:00402D42�j ...
mov word ptr [esi+4], 0D7B0h
call GetLastError
jmp short loc_402E18
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402E3C proc near ; CODE XREF: sub_405074+E41�p
; sub_405074+1240�p
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
xor ecx, ecx
mov edx, 14Ch
call sub_402FCC
lea eax, [ebx+14Ch]
mov [ebx+14h], eax
mov word ptr [ebx+4], 0D7B0h
xor eax, eax
mov al, ds:byte_407020
mov [ebx+6], ax
mov dword ptr [ebx+8], 80h
mov dword ptr [ebx+18h], offset loc_402C90
mov eax, esi
call sub_403C8C
push eax
mov eax, esi
call sub_403E8C
lea edx, [ebx+48h]
pop ecx
call sub_40296C
mov eax, esi
call sub_403C8C
mov byte ptr [ebx+eax+48h], 0
xor eax, eax
pop esi
pop ebx
retn
sub_402E3C endp
; ---------------------------------------------------------------------------
align 4
loc_402EA4: ; DATA XREF: sub_402F38+D�o
jmp ds:__imp_WriteFile
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EAC proc near ; CODE XREF: sub_402F38+14�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
mov eax, [ebp+arg_8]
movzx edx, word ptr [ebx+4]
and edx, eax
cmp eax, edx
jnz short loc_402F1E
push 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebx+8]
imul esi
push eax
push edi
mov eax, [ebx]
push eax
call [ebp+arg_4]
test eax, eax
jnz short loc_402EEE
call GetLastError
call sub_402930
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_402F2D
; ---------------------------------------------------------------------------
loc_402EEE: ; CODE XREF: sub_402EAC+2F�j
mov eax, [ebp+var_4]
xor edx, edx
div dword ptr [ebx+8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
test eax, eax
jz short loc_402F0A
mov eax, [ebp+arg_C]
mov edx, [ebp+var_4]
mov [eax], edx
jmp short loc_402F2D
; ---------------------------------------------------------------------------
loc_402F0A: ; CODE XREF: sub_402EAC+52�j
cmp esi, [ebp+var_4]
jz short loc_402F2D
mov eax, [ebp+arg_0]
call sub_402930
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_402F2D
; ---------------------------------------------------------------------------
loc_402F1E: ; CODE XREF: sub_402EAC+18�j
mov eax, 67h
call sub_402930
xor eax, eax
mov [ebp+var_4], eax
loc_402F2D: ; CODE XREF: sub_402EAC+40�j
; sub_402EAC+5C�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_402EAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F38 proc near ; CODE XREF: sub_405074+1290�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B2h
push offset loc_402EA4
push 65h
call sub_402EAC
pop ebx
pop ebp
retn 4
sub_402F38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402F58 proc near ; CODE XREF: sub_402B80+25�p
; sub_404220+1E�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_402F97
cmp ax, 0D7B3h
ja short loc_402F97
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_402F7F
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_402F7F: ; CODE XREF: sub_402F58+1E�j
test esi, esi
jnz short loc_402F8A
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_402F8A: ; CODE XREF: sub_402F58+29�j
test esi, esi
jz short loc_402FA9
mov eax, esi
call sub_402930
jmp short loc_402FA9
; ---------------------------------------------------------------------------
loc_402F97: ; CODE XREF: sub_402F58+E�j
; sub_402F58+14�j
cmp ebx, offset dword_408038
jz short loc_402FA9
mov eax, 67h
call sub_402930
loc_402FA9: ; CODE XREF: sub_402F58+34�j
; sub_402F58+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_402F58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402FB0 proc near ; CODE XREF: sub_404924+1F�p
push ebx
mov bl, [edx]
cmp cl, bl
jbe short loc_402FB9
mov ecx, ebx
loc_402FB9: ; CODE XREF: sub_402FB0+5�j
mov [eax], cl
inc edx
inc eax
and ecx, 0FFh
xchg eax, edx
call sub_40296C
pop ebx
retn
sub_402FB0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402FCC proc near ; CODE XREF: sub_402E3C+F�p
; sub_404A60+43�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_402FE9
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_402FE9: ; CODE XREF: sub_402FCC+12�j
pop edi
retn
sub_402FCC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402FEC proc near ; CODE XREF: sub_404ED8+2B�p
; sub_405074+C2�p ...
push ebx
xor ebx, ebx
imul edx, ds:dword_407008[ebx], 8088405h
inc edx
mov ds:dword_407008[ebx], edx
mul edx
mov eax, edx
pop ebx
retn
sub_402FEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403008 proc near ; DATA XREF: sub_403030+35�o
push ebx
push esi
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
xor esi, esi
mov eax, [ebx]
call sub_402C60
test al, al
jnz short loc_403029
call sub_402940
mov esi, 1
loc_403029: ; CODE XREF: sub_403008+15�j
mov eax, esi
pop esi
pop ebx
retn
sub_403008 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403030 proc near ; CODE XREF: sub_403110+5�p
push ebx
push esi
push edi
mov esi, edx
mov edi, ecx
xor edx, edx
mov ebx, eax
mov dx, [eax+4]
sub edx, 0D7B0h
jz short loc_40305C
cmp edx, 3
ja loc_4030F2
call dword ptr [ebx+24h]
test eax, eax
jz short loc_40305C
call sub_402930
loc_40305C: ; CODE XREF: sub_403030+15�j
; sub_403030+25�j
mov word ptr [ebx+4], 0D7B3h
mov [ebx+8], esi
mov dword ptr [ebx+24h], offset sub_403008
mov dword ptr [ebx+1Ch], offset sub_402C20
cmp byte ptr [ebx+48h], 0
jz short loc_4030D9
mov eax, 0C0000000h
mov dl, ds:byte_40700C
and edx, 70h
shr edx, 2
mov edx, ds:dword_407054[edx]
mov ecx, 2
sub edi, 3
jz short loc_4030BB
mov ecx, 3
inc edi
jz short loc_4030BB
mov eax, 40000000h
inc edi
mov word ptr [ebx+4], 0D7B2h
jz short loc_4030BB
mov eax, 80000000h
mov word ptr [ebx+4], 0D7B1h
loc_4030BB: ; CODE XREF: sub_403030+68�j
; sub_403030+70�j ...
push 0 ; hTemplateFile
push 80h ; dwFlagsAndAttributes
push ecx ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push edx ; dwShareMode
push eax ; dwDesiredAccess
lea eax, [ebx+48h]
push eax ; lpFileName
call CreateFileA ; CreateFileA
loc_4030D0: ; CODE XREF: sub_403030+C0�j
cmp eax, 0FFFFFFFFh
jz short loc_4030F9
mov [ebx], eax
jmp short loc_403109
; ---------------------------------------------------------------------------
loc_4030D9: ; CODE XREF: sub_403030+47�j
mov dword ptr [ebx+24h], offset sub_402C20
cmp edi, 3
jz short loc_4030E9
push 0FFFFFFF6h
jmp short loc_4030EB
; ---------------------------------------------------------------------------
loc_4030E9: ; CODE XREF: sub_403030+B3�j
push 0FFFFFFF5h ; nStdHandle
loc_4030EB: ; CODE XREF: sub_403030+B7�j
call GetStdHandle ; GetStdHandle
jmp short loc_4030D0
; ---------------------------------------------------------------------------
loc_4030F2: ; CODE XREF: sub_403030+1A�j
mov eax, 66h
jmp short loc_403104
; ---------------------------------------------------------------------------
loc_4030F9: ; CODE XREF: sub_403030+A3�j
mov word ptr [ebx+4], 0D7B0h
call GetLastError
loc_403104: ; CODE XREF: sub_403030+C7�j
call sub_402930
loc_403109: ; CODE XREF: sub_403030+A7�j
pop edi
pop esi
pop ebx
retn
sub_403030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403110 proc near ; CODE XREF: sub_405074+1250�p
mov ecx, 3
call sub_403030
retn
sub_403110 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40311C proc near ; CODE XREF: sub_40317C+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_403133: ; CODE XREF: sub_40311C+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_403133
test esi, esi
jge short loc_40314B
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_40314B: ; CODE XREF: sub_40311C+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_40315F
mov ecx, 0FFh
loc_40315F: ; CODE XREF: sub_40311C+3C�j
sub ecx, ebx
jle short loc_40316A
add [edi-1], cl
mov al, 20h
rep stosb
loc_40316A: ; CODE XREF: sub_40311C+45�j
; sub_40311C+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_40316A
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40311C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40317C proc near ; CODE XREF: sub_404924+12�p
mov ecx, edx
xor edx, edx
call sub_40311C
retn
sub_40317C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403188 proc near ; CODE XREF: sub_4041AC+41�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_4031FE
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_40319B: ; CODE XREF: sub_403188+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_40319B
mov ch, 0
cmp bl, 2Dh
jz short loc_40320C
cmp bl, 2Bh
jz short loc_40320E
loc_4031AF: ; CODE XREF: sub_403188+89�j
cmp bl, 24h
jz short loc_403213
cmp bl, 78h
jz short loc_403213
cmp bl, 58h
jz short loc_403213
cmp bl, 30h
jnz short loc_4031D6
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_403213
cmp bl, 58h
jz short loc_403213
test bl, bl
jz short loc_4031F4
jmp short loc_4031DA
; ---------------------------------------------------------------------------
loc_4031D6: ; CODE XREF: sub_403188+39�j
test bl, bl
jz short loc_403207
loc_4031DA: ; CODE XREF: sub_403188+4C�j
; sub_403188+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_403207
cmp eax, edi
ja short loc_403207
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_4031DA
loc_4031F4: ; CODE XREF: sub_403188+4A�j
dec ch
jz short loc_403201
test eax, eax
jge short loc_403250
jmp short loc_403207
; ---------------------------------------------------------------------------
loc_4031FE: ; CODE XREF: sub_403188+8�j
; sub_403188+95�j
inc esi
jmp short loc_403207
; ---------------------------------------------------------------------------
loc_403201: ; CODE XREF: sub_403188+6E�j
neg eax
jle short loc_403250
js short loc_403250
loc_403207: ; CODE XREF: sub_403188+50�j
; sub_403188+58�j ...
pop ebx
sub esi, ebx
jmp short loc_403253
; ---------------------------------------------------------------------------
loc_40320C: ; CODE XREF: sub_403188+20�j
inc ch
loc_40320E: ; CODE XREF: sub_403188+25�j
mov bl, [esi]
inc esi
jmp short loc_4031AF
; ---------------------------------------------------------------------------
loc_403213: ; CODE XREF: sub_403188+2A�j
; sub_403188+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_4031FE
loc_40321F: ; CODE XREF: sub_403188+C0�j
cmp bl, 61h
jb short loc_403227
sub bl, 20h
loc_403227: ; CODE XREF: sub_403188+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_40323A
sub bl, 11h
cmp bl, 5
ja short loc_403207
add bl, 0Ah
loc_40323A: ; CODE XREF: sub_403188+A5�j
cmp eax, edi
ja short loc_403207
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_40321F
dec ch
jnz short loc_403250
neg eax
loc_403250: ; CODE XREF: sub_403188+72�j
; sub_403188+7B�j ...
pop ecx
xor esi, esi
loc_403253: ; CODE XREF: sub_403188+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_403188 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetKeyboardType. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_403264 proc near ; CODE XREF: sub_404274+39�p
push ebx
xor ebx, ebx
push 0 ; nTypeFlag
call GetKeyboardType ; GetKeyboardType
cmp eax, 7
jnz short loc_40328F
push 1 ; nTypeFlag
call GetKeyboardType ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_40328D
cmp eax, 400h
jnz short loc_40328F
loc_40328D: ; CODE XREF: sub_403264+20�j
mov bl, 1
loc_40328F: ; CODE XREF: sub_403264+D�j
; sub_403264+27�j
mov eax, ebx
pop ebx
retn
sub_403264 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403294 proc near ; CODE XREF: sub_404274+42�p
cbData = dword ptr -0Ch
Data = byte ptr -8
hKey = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, ds:word_407010
mov dword ptr [ebp+Data], eax
lea eax, [ebp+hKey]
push eax ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset SubKey ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_40330C
xor eax, eax
push ebp
push offset loc_403305
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+cbData], 4
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
push 0 ; lpType
push 0 ; lpReserved
push offset ValueName ; "FPUMaskValue"
mov eax, [ebp+hKey]
push eax ; hKey
call RegQueryValueExA ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40330C
loc_4032FB: ; CODE XREF: sub_403294+76�j
mov eax, [ebp+hKey]
push eax ; hKey
call RegCloseKey ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_403305: ; DATA XREF: sub_403294+2E�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4032FB
; ---------------------------------------------------------------------------
loc_40330C: ; CODE XREF: sub_403294+29�j
; sub_403294+70�j
; DATA XREF: ...
mov ax, ds:word_407010
and ax, 0FFC0h
mov dx, word ptr [ebp+Data]
and dx, 3Fh
or ax, dx
mov ds:word_407010, ax
mov esp, ebp
pop ebp
retn
sub_403294 endp
; ---------------------------------------------------------------------------
align 4
; char SubKey[]
SubKey db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_403294+18�o
; char ValueName[]
ValueName db 'FPUMaskValue',0 ; DATA XREF: sub_403294+4C�o
align 4
; =============== S U B R O U T I N E =======================================
sub_403358 proc near ; CODE XREF: sub_4037E8-368�p
; CODE:0040372E�p ...
fninit
wait
fldcw ds:word_407010
retn
sub_403358 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403364 proc near ; CODE XREF: CODE:0040357F�j
; sub_4035C4+30�p ...
test eax, eax
jz short locret_40336F
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_40336F: ; CODE XREF: sub_403364+2�j
retn
sub_403364 endp
; =============== S U B R O U T I N E =======================================
sub_403370 proc near ; CODE XREF: sub_4035C4+35�p
cmp ds:byte_407014, 1
jbe short locret_40338A
push 0
push 0
push 0
push 0EEDFADFh
call ds:dword_408010
locret_40338A: ; CODE XREF: sub_403370+7�j
retn
sub_403370 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40338C proc near ; CODE XREF: sub_4037E8-33B�p
cmp ds:byte_407014, 0
jz short locret_4033AC
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:dword_408010
add esp, 8
pop eax
locret_4033AC: ; CODE XREF: sub_40338C+7�j
retn
sub_40338C endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4033C8
loc_4033B0: ; CODE XREF: sub_4033C8+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:dword_408010
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_4033C8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033C8 proc near ; CODE XREF: sub_4037E8-28B�p
; FUNCTION CHUNK AT 004033B0 SIZE 00000015 BYTES
cmp ds:byte_407014, 1
jbe short locret_4033D8
push eax
push ebx
jmp loc_4033B0
; ---------------------------------------------------------------------------
locret_4033D8: ; CODE XREF: sub_4033C8+7�j
retn
sub_4033C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033DC proc near ; CODE XREF: sub_4033FC+C�p
test ecx, ecx
jz short locret_4033F9
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_4033F4
cmp byte ptr [ecx], 0EBh
jnz short locret_4033F9
movsx eax, al
inc ecx
inc ecx
jmp short loc_4033F7
; ---------------------------------------------------------------------------
loc_4033F4: ; CODE XREF: sub_4033DC+A�j
add ecx, 5
loc_4033F7: ; CODE XREF: sub_4033DC+16�j
add ecx, eax
locret_4033F9: ; CODE XREF: sub_4033DC+2�j
; sub_4033DC+F�j
retn
sub_4033DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033FC proc near ; CODE XREF: sub_40195C+1C55�p
cmp ds:byte_407014, 1
jbe short locret_403422
push eax
push edx
push ecx
call sub_4033DC
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:dword_408010
pop ecx
pop ecx
pop edx
pop eax
locret_403422: ; CODE XREF: sub_4033FC+7�j
retn
sub_4033FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403424 proc near ; CODE XREF: sub_403618+28�p
cmp ds:byte_407014, 1
jbe short locret_40343F
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:dword_408010
pop edx
locret_40343F: ; CODE XREF: sub_403424+7�j
retn
sub_403424 endp
; =============== S U B R O U T I N E =======================================
sub_403440 proc near ; CODE XREF: CODE:loc_403775�p
push eax
push edx
cmp ds:byte_407014, 1
jbe short loc_40345B
push esp
push 2
push 0
push 0EEDFAE3h
call ds:dword_408010
loc_40345B: ; CODE XREF: sub_403440+9�j
pop edx
pop eax
retn
sub_403440 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4037E8
loc_403460: ; CODE XREF: sub_4037E8:loc_40383D�j
; sub_403858:loc_4038AD�j ...
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
test dword ptr [eax+4], 6
jnz loc_403584
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_4034ED
cld
call sub_403358
mov edx, ds:dword_40800C
test edx, edx
jz loc_403584
call edx ; dword_40800C
test eax, eax
jz loc_403584
mov edx, [esp-4+arg_8]
mov ecx, [esp-4+ExceptionInfo.ExceptionRecord]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_4034E4
call sub_40338C
cmp ds:byte_407018, 0
jbe short loc_4034E4
cmp ds:byte_407014, 0
ja short loc_4034E4
lea ecx, [esp-4+ExceptionInfo]
push eax
push ecx ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_403584
mov edx, eax
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
mov ecx, [eax+0Ch]
jmp short loc_403514
; ---------------------------------------------------------------------------
loc_4034E4: ; CODE XREF: sub_4037E8-33D�j
; sub_4037E8-32F�j ...
mov edx, eax
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
mov ecx, [eax+0Ch]
loc_4034ED: ; CODE XREF: sub_4037E8-36B�j
cmp ds:byte_407018, 1
jbe short loc_403514
cmp ds:byte_407014, 0
ja short loc_403514
push eax
lea eax, [esp+ExceptionInfo]
push edx
push ecx
push eax ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_403584
loc_403514: ; CODE XREF: sub_4037E8-306�j
; sub_4037E8-2F4�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+1Ch+ExceptionInfo.ContextRecord]
push 0
push eax
push offset loc_403538
push edx
call ds:dword_408014
loc_403538: ; DATA XREF: sub_4037E8-2BC�o
mov edi, [esp+2Ch+var_4]
call sub_4043D8
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset sub_403564
add ebx, 5
call sub_4033C8
jmp ebx
; END OF FUNCTION CHUNK FOR sub_4037E8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403564 proc near ; DATA XREF: sub_4037E8-295�o
jmp loc_40358C
sub_403564 endp
; ---------------------------------------------------------------------------
call sub_4043D8
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_403364
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4037E8
loc_403584: ; CODE XREF: sub_4037E8-37D�j
; sub_4037E8-35B�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_4037E8
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_40195C
loc_40358C: ; CODE XREF: sub_40195C:loc_401A24�j
; sub_401A34:loc_401B28�j ...
mov eax, [esp+4]
mov edx, [esp+8]
test dword ptr [eax+4], 6
jz short loc_4035BC
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_4035BC
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_4033FC
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_4035BC: ; CODE XREF: sub_40195C+1C3F�j
; DATA XREF: sub_40195C+1C44�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_40195C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4035C4 proc near ; CODE XREF: sub_4037E8+5F�p
; sub_403858+5F�p
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_40360F
call sub_4043D8
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_4035FE
mov eax, [edx+8]
call sub_403364
call sub_403370
loc_4035FE: ; CODE XREF: sub_4035C4+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_40360F: ; DATA XREF: sub_4035C4+4�o
mov eax, 1
retn
sub_4035C4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403618 proc near ; CODE XREF: sub_4037E8+64�p
; sub_403858+64�p ...
arg_2C = dword ptr 30h
call sub_4043D8
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_403364
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_403424
jmp edx
sub_403618 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403648 proc near ; CODE XREF: sub_4021B8+10C�p
; sub_4021B8+16A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_403648 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
loc_403660: ; CODE XREF: CODE:00403760�j
; CODE:0040376C�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_40369B
jz short loc_4036CD
cmp eax, 0C000008Eh
jg short loc_40368D
jz short loc_4036D1
sub eax, 0C0000005h
jz short loc_4036DD
sub eax, 87h
jz short loc_4036C5
dec eax
jz short loc_4036D9
jmp short loc_4036ED
; ---------------------------------------------------------------------------
loc_40368D: ; CODE XREF: CODE:00403676�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_4036CD
jz short loc_4036C9
jmp short loc_4036ED
; ---------------------------------------------------------------------------
loc_40369B: ; CODE XREF: CODE:0040366D�j
cmp eax, 0C0000096h
jg short loc_4036B3
jz short loc_4036E1
sub eax, 0C0000093h
jz short loc_4036D9
dec eax
jz short loc_4036C1
dec eax
jz short loc_4036D5
jmp short loc_4036ED
; ---------------------------------------------------------------------------
loc_4036B3: ; CODE XREF: CODE:004036A0�j
sub eax, 0C00000FDh
jz short loc_4036E9
sub eax, 3Dh
jz short loc_4036E5
jmp short loc_4036ED
; ---------------------------------------------------------------------------
loc_4036C1: ; CODE XREF: CODE:004036AC�j
mov al, 0C8h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036C5: ; CODE XREF: CODE:00403686�j
mov al, 0C9h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036C9: ; CODE XREF: CODE:00403697�j
mov al, 0CDh
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036CD: ; CODE XREF: CODE:0040366F�j
; CODE:00403695�j
mov al, 0CFh
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036D1: ; CODE XREF: CODE:00403678�j
mov al, 0C8h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036D5: ; CODE XREF: CODE:004036AF�j
mov al, 0D7h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036D9: ; CODE XREF: CODE:00403689�j
; CODE:004036A9�j
mov al, 0CEh
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036DD: ; CODE XREF: CODE:0040367F�j
mov al, 0D8h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036E1: ; CODE XREF: CODE:004036A2�j
mov al, 0DAh
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036E5: ; CODE XREF: CODE:004036BD�j
mov al, 0D9h
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036E9: ; CODE XREF: CODE:004036B8�j
mov al, 0CAh
jmp short loc_4036EF
; ---------------------------------------------------------------------------
loc_4036ED: ; CODE XREF: CODE:0040368B�j
; CODE:00403699�j ...
mov al, 0FFh
loc_4036EF: ; CODE XREF: CODE:004036C3�j
; CODE:004036C7�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_4028AC
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_403700: ; DATA XREF: sub_4037A0+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_40379A
cmp ds:byte_407014, 0
ja short loc_403729
lea eax, [esp+4]
push eax
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_40379A
loc_403729: ; CODE XREF: CODE:00403718�j
mov eax, [esp+4]
cld
call sub_403358
mov edx, [esp+8]
push 0
push eax
push offset loc_403746
push edx
call ds:dword_408014
loc_403746: ; DATA XREF: CODE:0040373A�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_403775
mov edx, ds:dword_40800C
test edx, edx
jz loc_403660
mov eax, ebx
call edx ; dword_40800C
test eax, eax
jz loc_403660
mov edx, [ebx+0Ch]
loc_403775: ; CODE XREF: CODE:00403756�j
call sub_403440
mov ecx, ds:dword_408004
test ecx, ecx
jz short loc_403786
call ecx ; dword_408004
loc_403786: ; CODE XREF: CODE:00403782�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_403B0C
; ---------------------------------------------------------------------------
loc_40379A: ; CODE XREF: CODE:0040370B�j
; CODE:00403727�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037A0 proc near ; CODE XREF: sub_4038C8+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_403700
mov [eax+8], ebp
mov ds:dword_408624, eax
retn
sub_4037A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037C0 proc near ; CODE XREF: sub_403A20:loc_403AB0�p
xor edx, edx
mov eax, ds:dword_408624
test eax, eax
jz short locret_4037E7
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_4037DA
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_4037D8: ; CODE XREF: sub_4037C0+21�j
mov ecx, [ecx]
loc_4037DA: ; CODE XREF: sub_4037C0+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_4037E7
cmp [ecx], eax
jnz short loc_4037D8
mov eax, [eax]
mov [ecx], eax
locret_4037E7: ; CODE XREF: sub_4037C0+9�j
; sub_4037C0+1D�j
retn
sub_4037C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4037E8(struct _EXCEPTION_POINTERS ExceptionInfo, int)
sub_4037E8 proc near ; CODE XREF: sub_4037E8+5A�p
; sub_403858+5A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
ExceptionInfo = _EXCEPTION_POINTERS ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00403460 SIZE 00000104 BYTES
; FUNCTION CHUNK AT 00403584 SIZE 00000006 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, offset dword_408620
mov eax, [esi+8]
test eax, eax
jz short loc_403851
mov ebx, [esi+0Ch]
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_40383D
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jle short loc_403833
loc_403818: ; CODE XREF: sub_4037E8+49�j
dec ebx
mov [esi+0Ch], ebx
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8+4]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40382F
call [ebp+var_8]
loc_40382F: ; CODE XREF: sub_4037E8+42�j
test ebx, ebx
jg short loc_403818
loc_403833: ; CODE XREF: sub_4037E8+2E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403851
; ---------------------------------------------------------------------------
loc_40383D: ; DATA XREF: sub_4037E8+21�o
jmp loc_403460
; ---------------------------------------------------------------------------
call sub_4037E8
call sub_4035C4
call sub_403618
loc_403851: ; CODE XREF: sub_4037E8+13�j
; sub_4037E8+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4037E8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403858 proc near ; CODE XREF: sub_4038C8+3A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov edi, offset dword_408620
mov eax, [edi+8]
test eax, eax
jz short loc_4038C1
mov esi, [eax]
xor ebx, ebx
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4038AD
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp esi, ebx
jle short loc_4038A3
loc_403889: ; CODE XREF: sub_403858+49�j
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8]
mov [ebp+var_8], eax
inc ebx
mov [edi+0Ch], ebx
cmp [ebp+var_8], 0
jz short loc_40389F
call [ebp+var_8]
loc_40389F: ; CODE XREF: sub_403858+42�j
cmp esi, ebx
jg short loc_403889
loc_4038A3: ; CODE XREF: sub_403858+2F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4038C1
; ---------------------------------------------------------------------------
loc_4038AD: ; DATA XREF: sub_403858+22�o
jmp loc_403460
; ---------------------------------------------------------------------------
call sub_4037E8
call sub_4035C4
call sub_403618
loc_4038C1: ; CODE XREF: sub_403858+13�j
; sub_403858+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_403858 endp
; =============== S U B R O U T I N E =======================================
sub_4038C8 proc near ; CODE XREF: sub_404424+3A�p
mov ds:dword_408010, offset RaiseException
mov ds:dword_408014, offset RtlUnwind
mov ds:dword_408628, eax
xor eax, eax
mov ds:dword_40862C, eax
mov ds:dword_408630, edx
mov eax, [edx+4]
mov ds:dword_40801C, eax
call sub_4037A0
mov ds:byte_408024, 0
call sub_403858
retn
sub_4038C8 endp
; =============== S U B R O U T I N E =======================================
sub_403908 proc near ; CODE XREF: sub_403A20+34�p
push ebx
push esi
push edi
mov esi, offset Text ; "Runtime error at 00000000"
mov cl, 10h
mov ebx, ds:uExitCode
loc_403918: ; CODE XREF: sub_403908+33�j
mov eax, ebx
mov edi, 0Ah
cdq
idiv edi
add dl, 30h
xor eax, eax
mov al, cl
mov [esi+eax], dl
mov eax, ebx
mov ebx, 0Ah
cdq
idiv ebx
mov ebx, eax
dec ecx
test ebx, ebx
jnz short loc_403918
mov cl, 1Ch
mov eax, ds:dword_407004
loc_403944: ; CODE XREF: sub_403908+54�j
mov edx, eax
and edx, 0Fh
mov dl, ds:byte_40709C[edx]
xor ebx, ebx
mov bl, cl
mov [esi+ebx], dl
shr eax, 4
dec ecx
test eax, eax
jnz short loc_403944
pop edi
pop esi
pop ebx
retn
sub_403908 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403964 proc near ; CODE XREF: sub_403A20+A4�p
xor eax, eax
xchg eax, ds:uExitCode
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_408620
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_403964 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403994 proc near ; CODE XREF: sub_403A20+39�p
NumberOfBytesWritten= dword ptr -4
push ecx
cmp ds:byte_408034, 0
jz short loc_4039F5
cmp ds:word_408208, 0D7B2h
jnz short loc_4039BD
cmp ds:dword_408210, 0
jbe short loc_4039BD
mov eax, offset dword_408204
call ds:dword_408220
loc_4039BD: ; CODE XREF: sub_403994+13�j
; sub_403994+1C�j
push 0 ; lpOverlapped
lea eax, [esp+8+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 1Eh ; nNumberOfBytesToWrite
push offset Text ; "Runtime error at 00000000"
push 0FFFFFFF5h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
push 0 ; lpOverlapped
lea eax, [esp+8+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset dword_403A1C ; lpBuffer
push 0FFFFFFF5h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_4039F5: ; CODE XREF: sub_403994+8�j
cmp ds:byte_40701C, 0
jnz short loc_403A11
push 0 ; uType
push offset Caption ; "Error"
push offset Text ; "Runtime error at 00000000"
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
loc_403A11: ; CODE XREF: sub_403994+68�j
pop edx
retn
sub_403994 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_403A1C dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; int __fastcall sub_403A20(struct _EXCEPTION_POINTERS ExceptionInfo)
sub_403A20 proc near ; CODE XREF: sub_403B00+5�p
; sub_405074+1724�p
var_14 = dword ptr -14h
ExceptionInfo = _EXCEPTION_POINTERS ptr 4
push ebx
push esi
push edi
push ebp
push ecx ; ExceptionInfo
mov ebx, offset dword_408620
mov esi, offset dword_408030
cmp byte ptr [ebx+28h], 0
jnz short loc_403A4B
cmp dword ptr [esi], 0
jz short loc_403A4B
loc_403A3A: ; CODE XREF: sub_403A20+29�j
mov eax, [esi]
mov [esp+14h+var_14], eax
xor eax, eax
mov [esi], eax
call [esp+14h+var_14]
cmp dword ptr [esi], 0
jnz short loc_403A3A
loc_403A4B: ; CODE XREF: sub_403A20+13�j
; sub_403A20+18�j
cmp ds:dword_407004, 0
jz short loc_403A65
call sub_403908
call sub_403994
xor eax, eax
mov ds:dword_407004, eax
loc_403A65: ; CODE XREF: sub_403A20+32�j
; sub_403A20+D5�j
cmp byte ptr [ebx+28h], 2
jnz short loc_403A79
cmp ds:uExitCode, 0
jnz short loc_403A79
xor eax, eax
mov [ebx+0Ch], eax
loc_403A79: ; CODE XREF: sub_403A20+49�j
; sub_403A20+52�j
call sub_4037E8
cmp byte ptr [ebx+28h], 1
jbe short loc_403A8D
cmp ds:uExitCode, 0
jz short loc_403AB0
loc_403A8D: ; CODE XREF: sub_403A20+62�j
mov edi, [ebx+10h]
test edi, edi
jz short loc_403AB0
mov eax, edi
call sub_404128
mov ebp, [ebx+10h]
mov esi, [ebp+10h]
cmp esi, [ebp+4]
jz short loc_403AB0
test esi, esi
jz short loc_403AB0
push esi ; hLibModule
call FreeLibrary ; FreeLibrary
loc_403AB0: ; CODE XREF: sub_403A20+6B�j
; sub_403A20+72�j ...
call sub_4037C0
cmp byte ptr [ebx+28h], 1
jnz short loc_403ABE
call dword ptr [ebx+24h]
loc_403ABE: ; CODE XREF: sub_403A20+99�j
cmp byte ptr [ebx+28h], 0
jz short loc_403AC9
call sub_403964
loc_403AC9: ; CODE XREF: sub_403A20+A2�j
cmp dword ptr [ebx], 0
jnz short loc_403AE8
cmp ds:dword_408018, 0
jz short loc_403ADD
call ds:dword_408018
loc_403ADD: ; CODE XREF: sub_403A20+B5�j
mov eax, ds:uExitCode
push eax ; uExitCode
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_403AE8: ; CODE XREF: sub_403A20+AC�j
mov eax, [ebx]
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
jmp loc_403A65
sub_403A20 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403B00 proc near ; CODE XREF: sub_4028AC+6�p
; sub_403B0C+6�j
mov ds:uExitCode, eax
call sub_403A20
sub_403B00 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0C3h ; ц
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403B0C proc near ; CODE XREF: CODE:00403795�j
; sub_404388+1B�p ...
pop ds:dword_407004
jmp sub_403B00
sub_403B0C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403B18 proc near ; CODE XREF: sub_402B10+E�p
; sub_403BDC+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_403B3A
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_403B3A
lock dec dword ptr [edx-8]
jnz short locret_403B3A
push eax
lea eax, [edx-8]
call sub_40283C
pop eax
locret_403B3A: ; CODE XREF: sub_403B18+4�j
; sub_403B18+10�j ...
retn
sub_403B18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B3C proc near ; CODE XREF: sub_4045B8+77�p
; sub_40476C+18D�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_403B42: ; CODE XREF: sub_403B3C+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_403B62
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_403B62
lock dec dword ptr [edx-8]
jnz short loc_403B62
lea eax, [edx-8]
call sub_40283C
loc_403B62: ; CODE XREF: sub_403B3C+A�j
; sub_403B3C+16�j ...
add ebx, 4
dec esi
jnz short loc_403B42
pop esi
pop ebx
retn
sub_403B3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B6C proc near ; CODE XREF: sub_403C94+8�j
; sub_403CD8+6�j ...
test edx, edx
jz short loc_403B94
mov ecx, [edx-8]
inc ecx
jg short loc_403B90
push eax
push edx
mov eax, [edx-4]
call sub_403BB0
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_40296C
pop edx
pop eax
jmp short loc_403B94
; ---------------------------------------------------------------------------
loc_403B90: ; CODE XREF: sub_403B6C+8�j
lock inc dword ptr [edx-8]
loc_403B94: ; CODE XREF: sub_403B6C+2�j
; sub_403B6C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_403BAE
mov ecx, [edx-8]
dec ecx
jl short locret_403BAE
lock dec dword ptr [edx-8]
jnz short locret_403BAE
lea eax, [edx-8]
call sub_40283C
locret_403BAE: ; CODE XREF: sub_403B6C+2C�j
; sub_403B6C+32�j ...
retn
sub_403B6C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403BB0 proc near ; CODE XREF: sub_403B6C+F�p
; sub_403BDC+B�p ...
test eax, eax
jle short loc_403BD8
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_40280C
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_403BD8: ; CODE XREF: sub_403BB0+2�j
xor eax, eax
retn
sub_403BB0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403BDC proc near ; CODE XREF: sub_402B10+30�p
; sub_403C28+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_403BB0
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_403BFD
mov edx, eax
mov eax, esi
call sub_40296C
loc_403BFD: ; CODE XREF: sub_403BDC+16�j
mov eax, ebx
call sub_403B18
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_403BDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_403C0C(LPCSTR lpMultiByteStr, int cchWideChar, int cbMultiByte)
sub_403C0C proc near ; CODE XREF: sub_403F90+3B�p
; sub_403F90+69�p
cbMultiByte = dword ptr 8
push ebp
mov ebp, esp
push edx ; cchWideChar
push eax ; lpWideCharStr
mov eax, [ebp+cbMultiByte]
push eax ; cbMultiByte
push ecx ; lpMultiByteStr
push 0 ; dwFlags
mov eax, ds:CodePage
push eax ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
pop ebp
retn 4
sub_403C0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C28 proc near ; CODE XREF: sub_4045B8+3F�p
; sub_40476C+130�p ...
push edx
mov edx, esp
mov ecx, 1
call sub_403BDC
pop edx
retn
sub_403C28 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C38 proc near ; CODE XREF: sub_405074+9EB�p
; sub_405074+AA0�p ...
xor ecx, ecx
test edx, edx
jz short loc_403C5F
push edx
loc_403C3F: ; CODE XREF: sub_403C38+1D�j
cmp cl, [edx]
jz short loc_403C5A
cmp cl, [edx+1]
jz short loc_403C59
cmp cl, [edx+2]
jz short loc_403C58
cmp cl, [edx+3]
jz short loc_403C57
add edx, 4
jmp short loc_403C3F
; ---------------------------------------------------------------------------
loc_403C57: ; CODE XREF: sub_403C38+18�j
inc edx
loc_403C58: ; CODE XREF: sub_403C38+13�j
inc edx
loc_403C59: ; CODE XREF: sub_403C38+E�j
inc edx
loc_403C5A: ; CODE XREF: sub_403C38+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_403C5F: ; CODE XREF: sub_403C38+4�j
jmp sub_403BDC
sub_403C38 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C68 proc near ; CODE XREF: sub_404924+28�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_403BDC
sub_403C68 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C74 proc near ; CODE XREF: sub_4041AC+36�p
; sub_404ED8+7B�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_403C81
not ecx
loc_403C81: ; CODE XREF: sub_403C74+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_403BDC
sub_403C74 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403C8C proc near ; CODE XREF: sub_402E3C+3E�p
; sub_402E3C+56�p ...
test eax, eax
jz short locret_403C93
mov eax, [eax-4]
locret_403C93: ; CODE XREF: sub_403C8C+2�j
retn
sub_403C8C endp
; =============== S U B R O U T I N E =======================================
sub_403C94 proc near ; CODE XREF: sub_403CD8+1D�j
; sub_403CD8+6E�j ...
test edx, edx
jz short locret_403CD7
mov ecx, [eax]
test ecx, ecx
jz sub_403B6C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_403CCC
call sub_403EE4
mov eax, esi
mov ecx, [esi-4]
loc_403CBF: ; CODE XREF: sub_403C94+41�j
mov edx, [ebx]
add edx, edi
call sub_40296C
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403CCC: ; CODE XREF: sub_403C94+1F�j
call sub_403EE4
mov eax, [ebx]
mov ecx, edi
jmp short loc_403CBF
; ---------------------------------------------------------------------------
locret_403CD7: ; CODE XREF: sub_403C94+2�j
retn
sub_403C94 endp
; =============== S U B R O U T I N E =======================================
sub_403CD8 proc near ; CODE XREF: sub_405074+B3A�p
; sub_405074+BB1�p ...
test edx, edx
jz short loc_403D3D
test ecx, ecx
jz sub_403B6C
cmp edx, [eax]
jz short loc_403D44
cmp ecx, [eax]
jz short loc_403CFA
push eax
push ecx
call sub_403B6C
pop edx
pop eax
jmp sub_403C94
; ---------------------------------------------------------------------------
loc_403CFA: ; CODE XREF: sub_403CD8+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_403BB0
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_40296C
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_40296C
pop eax
mov edx, edi
test edi, edi
jz short loc_403D34
dec dword ptr [edi-8]
loc_403D34: ; CODE XREF: sub_403CD8+57�j
call sub_403B6C
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403D3D: ; CODE XREF: sub_403CD8+2�j
mov edx, ecx
jmp sub_403B6C
; ---------------------------------------------------------------------------
loc_403D44: ; CODE XREF: sub_403CD8+E�j
mov edx, ecx
jmp sub_403C94
sub_403CD8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403D4C proc near ; CODE XREF: sub_405074+D8C�p
; sub_405074+E31�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push edx
push eax
mov ebx, edx
xor edi, edi
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_403D69
cmp [eax], ecx
jnz short loc_403D69
mov edi, ecx
mov eax, [ecx-4]
dec edx
jmp short loc_403D6B
; ---------------------------------------------------------------------------
loc_403D69: ; CODE XREF: sub_403D4C+F�j
; sub_403D4C+13�j
xor eax, eax
loc_403D6B: ; CODE XREF: sub_403D4C+1B�j
; sub_403D4C+31�j
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_403D7C
add eax, [ecx-4]
cmp edi, ecx
jnz short loc_403D7C
xor edi, edi
loc_403D7C: ; CODE XREF: sub_403D4C+25�j
; sub_403D4C+2C�j
dec edx
jnz short loc_403D6B
test edi, edi
jz short loc_403D9A
mov edx, eax
mov eax, [esp+14h+var_14]
mov esi, [edi-4]
call sub_403EE4
mov edi, [esp+14h+var_14]
push dword ptr [edi]
add esi, [edi]
dec ebx
jmp short loc_403DA2
; ---------------------------------------------------------------------------
loc_403D9A: ; CODE XREF: sub_403D4C+35�j
call sub_403BB0
push eax
mov esi, eax
loc_403DA2: ; CODE XREF: sub_403D4C+4C�j
; sub_403D4C+6B�j
mov eax, [esp+ebx*4+18h]
mov edx, esi
test eax, eax
jz short loc_403DB6
mov ecx, [eax-4]
add esi, ecx
call sub_40296C
loc_403DB6: ; CODE XREF: sub_403D4C+5E�j
dec ebx
jnz short loc_403DA2
pop edx
pop eax
test edi, edi
jnz short loc_403DCB
test edx, edx
jz short loc_403DC6
dec dword ptr [edx-8]
loc_403DC6: ; CODE XREF: sub_403D4C+75�j
call sub_403B6C
loc_403DCB: ; CODE XREF: sub_403D4C+71�j
pop edx
pop edi
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_403D4C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403DD8 proc near ; CODE XREF: sub_405074+D04�p
; sub_405074+E8D�p ...
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cmp eax, edx
jz loc_403E76
test esi, esi
jz short loc_403E53
test edi, edi
jz short loc_403E5A
mov eax, [esi-4]
mov edx, [edi-4]
sub eax, edx
ja short loc_403DFB
add edx, eax
loc_403DFB: ; CODE XREF: sub_403DD8+1F�j
push edx
shr edx, 2
jz short loc_403E27
loc_403E01: ; CODE XREF: sub_403DD8+45�j
mov ecx, [esi]
mov ebx, [edi]
cmp ecx, ebx
jnz short loc_403E61
dec edx
jz short loc_403E21
mov ecx, [esi+4]
mov ebx, [edi+4]
cmp ecx, ebx
jnz short loc_403E61
add esi, 8
add edi, 8
dec edx
jnz short loc_403E01
jmp short loc_403E27
; ---------------------------------------------------------------------------
loc_403E21: ; CODE XREF: sub_403DD8+32�j
add esi, 4
add edi, 4
loc_403E27: ; CODE XREF: sub_403DD8+27�j
; sub_403DD8+47�j
pop edx
and edx, 3
jz short loc_403E4F
mov ecx, [esi]
mov ebx, [edi]
cmp cl, bl
jnz short loc_403E76
dec edx
jz short loc_403E4F
cmp ch, bh
jnz short loc_403E76
dec edx
jz short loc_403E4F
and ebx, 0FF0000h
and ecx, 0FF0000h
cmp ecx, ebx
jnz short loc_403E76
loc_403E4F: ; CODE XREF: sub_403DD8+53�j
; sub_403DD8+5E�j ...
add eax, eax
jmp short loc_403E76
; ---------------------------------------------------------------------------
loc_403E53: ; CODE XREF: sub_403DD8+11�j
mov edx, [edi-4]
sub eax, edx
jmp short loc_403E76
; ---------------------------------------------------------------------------
loc_403E5A: ; CODE XREF: sub_403DD8+15�j
mov eax, [esi-4]
sub eax, edx
jmp short loc_403E76
; ---------------------------------------------------------------------------
loc_403E61: ; CODE XREF: sub_403DD8+2F�j
; sub_403DD8+3C�j
pop edx
cmp cl, bl
jnz short loc_403E76
cmp ch, bh
jnz short loc_403E76
shr ecx, 10h
shr ebx, 10h
cmp cl, bl
jnz short loc_403E76
cmp ch, bh
loc_403E76: ; CODE XREF: sub_403DD8+9�j
; sub_403DD8+5B�j ...
pop edi
pop esi
pop ebx
retn
sub_403DD8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E7C proc near ; CODE XREF: sub_404658+F�p
; sub_40476C+20�p ...
test eax, eax
jz short locret_403E8A
mov edx, [eax-8]
inc edx
jle short locret_403E8A
lock inc dword ptr [eax-8]
locret_403E8A: ; CODE XREF: sub_403E7C+2�j
; sub_403E7C+8�j
retn
sub_403E7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E8C proc near ; CODE XREF: sub_402E3C+46�p
; sub_404A60+7E�p ...
test eax, eax
jz short loc_403E92
retn
; ---------------------------------------------------------------------------
byte_403E91 db 0 ; DATA XREF: sub_403E8C:loc_403E92�o
; ---------------------------------------------------------------------------
loc_403E92: ; CODE XREF: sub_403E8C+2�j
mov eax, offset byte_403E91
retn
sub_403E8C endp
; =============== S U B R O U T I N E =======================================
sub_403E98 proc near ; CODE XREF: sub_403EDC�j
mov edx, [eax]
test edx, edx
jz short loc_403ED6
mov ecx, [edx-8]
dec ecx
jz short loc_403ED6
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_403BB0
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_40296C
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_403ED3
lock dec dword ptr [eax-8]
jnz short loc_403ED3
lea eax, [eax-8]
call sub_40283C
loc_403ED3: ; CODE XREF: sub_403E98+2B�j
; sub_403E98+31�j
mov edx, [ebx]
pop ebx
loc_403ED6: ; CODE XREF: sub_403E98+4�j
; sub_403E98+A�j
mov eax, edx
retn
sub_403E98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403EDC proc near ; CODE XREF: sub_404658+34�p
; sub_404658+6A�p ...
jmp sub_403E98
sub_403EDC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403EE4 proc near ; CODE XREF: sub_4029AC+B3�p
; sub_403C94+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_403F39
mov eax, [ebx]
test eax, eax
jz short loc_403F1A
cmp dword ptr [eax-8], 1
jnz short loc_403F1A
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_40285C
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_403F42
; ---------------------------------------------------------------------------
loc_403F1A: ; CODE XREF: sub_403EE4+11�j
; sub_403EE4+17�j
mov eax, edx
call sub_403BB0
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_403F39
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_403F34
mov ecx, esi
loc_403F34: ; CODE XREF: sub_403EE4+4C�j
call sub_40296C
loc_403F39: ; CODE XREF: sub_403EE4+B�j
; sub_403EE4+43�j
mov eax, ebx
call sub_403B18
mov [ebx], edi
loc_403F42: ; CODE XREF: sub_403EE4+34�j
pop edi
pop esi
pop ebx
retn
sub_403EE4 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_403F50
loc_403F48: ; CODE XREF: sub_403F50+E�j
; sub_40401C+12�j
mov al, 1
jmp sub_402904
; END OF FUNCTION CHUNK FOR sub_403F50
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403F50 proc near ; CODE XREF: sub_40406C+12�p
; FUNCTION CHUNK AT 00403F48 SIZE 00000007 BYTES
test eax, eax
jz short locret_403F64
push eax ; ui
push 0 ; strIn
call SysAllocStringLen
test eax, eax
jz loc_403F48
locret_403F64: ; CODE XREF: sub_403F50+2�j
retn
sub_403F50 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403F68 proc near ; CODE XREF: sub_40406C+3E�p
xchg edx, [eax]
test edx, edx
jz short locret_403F74
push edx ; bstrString
call SysFreeString
locret_403F74: ; CODE XREF: sub_403F68+4�j
retn
sub_403F68 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403F78 proc near ; CODE XREF: sub_403F90+1B�p
; sub_40401C+2�j ...
mov edx, [eax]
test edx, edx
jz short locret_403F8C
mov dword ptr [eax], 0
push eax
push edx ; bstrString
call SysFreeString
pop eax
locret_403F8C: ; CODE XREF: sub_403F78+4�j
retn
sub_403F78 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __fastcall sub_403F90(int cbMultiByte)
sub_403F90 proc near ; CODE XREF: sub_404040:loc_404049�j
lpMultiByteStr = dword ptr -1014h
strIn = word ptr -1010h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFF004h
push eax
add esp, 0FFFFFFFCh
mov esi, ecx
mov [esp+1014h+lpMultiByteStr], edx
mov edi, eax
test esi, esi
jg short loc_403FB2
mov eax, edi
call sub_403F78
jmp short loc_40400F
; ---------------------------------------------------------------------------
loc_403FB2: ; CODE XREF: sub_403F90+17�j
lea ebp, [esi+1]
cmp ebp, 7FFh
jge short loc_403FE5
push esi ; cbMultiByte
lea eax, [esp+1018h+strIn]
mov ecx, [esp+1018h+lpMultiByteStr] ; lpMultiByteStr
mov edx, 7FFh ; cchWideChar
call sub_403C0C
mov ebx, eax
test ebx, ebx
jle short loc_403FE5
lea edx, [esp+1014h+strIn] ; strIn
mov eax, edi
mov ecx, ebx ; ui
call sub_40401C
jmp short loc_40400F
; ---------------------------------------------------------------------------
loc_403FE5: ; CODE XREF: sub_403F90+2B�j
; sub_403F90+44�j
mov ebx, ebp
mov eax, edi
mov edx, ebx
call sub_40406C
push esi ; cbMultiByte
mov eax, [edi]
mov ecx, [esp+1018h+lpMultiByteStr] ; lpMultiByteStr
mov edx, ebx ; cchWideChar
call sub_403C0C
mov ebx, eax
test ebx, ebx
jge short loc_404006
xor ebx, ebx
loc_404006: ; CODE XREF: sub_403F90+72�j
mov eax, edi
mov edx, ebx
call sub_40406C
loc_40400F: ; CODE XREF: sub_403F90+20�j
; sub_403F90+53�j
add esp, 1004h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403F90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; int __fastcall sub_40401C(UINT ui, OLECHAR *strIn)
sub_40401C proc near ; CODE XREF: sub_403F90+4E�p
test ecx, ecx
jz sub_403F78
push eax
push ecx ; ui
push edx ; strIn
call SysAllocStringLen
test eax, eax
jz loc_403F48
pop edx
push dword ptr [edx] ; bstrString
mov [edx], eax
call SysFreeString
retn
sub_40401C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404040 proc near ; CODE XREF: sub_405074+115�p
; sub_405074+162�p ...
xor ecx, ecx
test edx, edx
jz short loc_404049
mov ecx, [edx-4]
loc_404049: ; CODE XREF: sub_404040+4�j
jmp sub_403F90
sub_404040 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404050 proc near ; CODE XREF: sub_405074+11D�p
; sub_405074+16A�p ...
test eax, eax
jz short loc_404058
retn
; ---------------------------------------------------------------------------
align 2
word_404056 dw 0 ; DATA XREF: sub_404050:loc_404058�o
; ---------------------------------------------------------------------------
loc_404058: ; CODE XREF: sub_404050+2�j
mov eax, offset word_404056
retn
sub_404050 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404060 proc near ; CODE XREF: sub_40406C+1C�p
test eax, eax
jz short locret_404069
mov eax, [eax-4]
shr eax, 1
locret_404069: ; CODE XREF: sub_404060+2�j
retn
sub_404060 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40406C proc near ; CODE XREF: sub_403F90+5B�p
; sub_403F90+7A�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, edx
mov esi, eax
xor eax, eax
mov [esp+0Ch+var_C], eax
test ebx, ebx
jle short loc_4040A5
mov eax, ebx
call sub_403F50
mov [esp+0Ch+var_C], eax
mov eax, [esi]
call sub_404060
test eax, eax
jle short loc_4040A5
cmp ebx, eax
jge short loc_404097
mov eax, ebx
loc_404097: ; CODE XREF: sub_40406C+27�j
mov ecx, eax
add ecx, ecx
mov edx, [esp+0Ch+var_C]
mov eax, [esi]
call sub_40296C
loc_4040A5: ; CODE XREF: sub_40406C+E�j
; sub_40406C+23�j
mov eax, esi
mov edx, [esp+0Ch+var_C]
call sub_403F68
pop edx
pop esi
pop ebx
retn
sub_40406C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4040B4 proc near ; DATA XREF: sub_404274+2F�o
mov al, 11h
jmp sub_402904
sub_4040B4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BC proc near ; CODE XREF: sub_404128+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, ds:dword_407028
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40410F
loc_4040D6: ; CODE XREF: sub_4040BC+51�j
xor eax, eax
push ebp
push offset loc_4040F7
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_404101
; ---------------------------------------------------------------------------
loc_4040F7: ; DATA XREF: sub_4040BC+1D�o
jmp loc_403460
; ---------------------------------------------------------------------------
call sub_403618
loc_404101: ; CODE XREF: sub_4040BC+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4040D6
loc_40410F: ; CODE XREF: sub_4040BC+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4040BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404118 proc near ; CODE XREF: sub_404418+5�p
mov edx, ds:dword_407024
mov [eax], edx
mov ds:dword_407024, eax
retn
sub_404118 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404128 proc near ; CODE XREF: sub_403A20+76�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4041A1
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_4040BC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4041A8
loc_404157: ; CODE XREF: sub_404128+7E�j
mov eax, [ebp+var_4]
cmp eax, ds:dword_407024
jnz short loc_40416E
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_407024, eax
jmp short loc_4041A0
; ---------------------------------------------------------------------------
loc_40416E: ; CODE XREF: sub_404128+38�j
mov eax, ds:dword_407024
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4041A0
loc_40417C: ; CODE XREF: sub_404128+76�j
mov eax, [ebp+var_8]
mov eax, [eax]
cmp eax, [ebp+var_4]
jnz short loc_404192
mov eax, [ebp+var_4]
mov eax, [eax]
mov edx, [ebp+var_8]
mov [edx], eax
jmp short loc_4041A0
; ---------------------------------------------------------------------------
loc_404192: ; CODE XREF: sub_404128+5C�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40417C
loc_4041A0: ; CODE XREF: sub_404128+44�j
; sub_404128+52�j ...
retn
; ---------------------------------------------------------------------------
loc_4041A1: ; DATA XREF: sub_404128+C�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404157
; ---------------------------------------------------------------------------
loc_4041A8: ; CODE XREF: sub_404128:loc_4041A0�j
; DATA XREF: sub_404128+2A�o
pop ecx
pop ecx
pop ebp
retn
sub_404128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041AC proc near ; CODE XREF: sub_404274+AD�p
; sub_404274+BE�p
var_10 = dword ptr -10h
LCData = byte ptr -0Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
xor edx, edx
push ebp
push offset loc_404212
push dword ptr fs:[edx]
mov fs:[edx], esp
push 7 ; cchData
lea edx, [ebp+LCData]
push edx ; lpLCData
push 1004h ; LCType
push eax ; Locale
call GetLocaleInfoA ; GetLocaleInfoA
lea eax, [ebp+var_10]
lea edx, [ebp+LCData]
mov ecx, 7
call sub_403C74
mov eax, [ebp+var_10]
lea edx, [ebp+var_4]
call sub_403188
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_4041FC
xor ebx, ebx
loc_4041FC: ; CODE XREF: sub_4041AC+4C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404219
loc_404209: ; CODE XREF: sub_4041AC+6B�j
lea eax, [ebp+var_10]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_404212: ; DATA XREF: sub_4041AC+F�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404209
; ---------------------------------------------------------------------------
loc_404219: ; CODE XREF: sub_4041AC+65�j
; DATA XREF: sub_4041AC+58�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_4041AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404220 proc near ; DATA XREF: CODE:00405018�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40426A
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4085A4
jnz short loc_40425C
mov eax, offset dword_408038
call sub_402F58
mov eax, offset dword_408204
call sub_402F58
mov eax, offset dword_4083D0
call sub_402F58
call sub_401A34
loc_40425C: ; CODE XREF: sub_404220+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404271
loc_404269: ; CODE XREF: sub_404220+4F�j
retn
; ---------------------------------------------------------------------------
loc_40426A: ; DATA XREF: sub_404220+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404269
; ---------------------------------------------------------------------------
loc_404271: ; CODE XREF: sub_404220:loc_404269�j
; DATA XREF: sub_404220+44�o
pop ebp
retn
sub_404220 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404274 proc near ; DATA XREF: CODE:00405014�o
sub ds:dword_4085A4, 1
jnb locret_404346
mov ds:byte_40700C, 2
mov ds:dword_408010, offset RaiseException
mov ds:dword_408014, offset RtlUnwind
mov ds:byte_408036, 2
mov ds:dword_408000, offset sub_4040B4
call sub_403264
test al, al
jz short loc_4042BB
call sub_403294
loc_4042BB: ; CODE XREF: sub_404274+40�j
call sub_403358
mov ds:word_40803C, 0D7B0h
mov ds:word_408208, 0D7B0h
mov ds:word_4083D4, 0D7B0h
call GetCommandLineA ; GetCommandLineA
mov ds:dword_40802C, eax
call sub_4010F0
mov ds:dword_408028, eax
call GetVersion ; GetVersion
and eax, 80000000h
cmp eax, 80000000h
jz short loc_40432D
call GetVersion ; GetVersion
and eax, 0FFh
cmp ax, 4
jbe short loc_40431C
mov ds:CodePage, 3
jmp short loc_40433C
; ---------------------------------------------------------------------------
loc_40431C: ; CODE XREF: sub_404274+9A�j
call GetThreadLocale ; GetThreadLocale
call sub_4041AC
mov ds:CodePage, eax
jmp short loc_40433C
; ---------------------------------------------------------------------------
loc_40432D: ; CODE XREF: sub_404274+8A�j
call GetThreadLocale ; GetThreadLocale
call sub_4041AC
mov ds:CodePage, eax
loc_40433C: ; CODE XREF: sub_404274+A6�j
; sub_404274+B7�j
call GetCurrentThreadId ; GetCurrentThreadId
mov ds:dword_408020, eax
locret_404346: ; CODE XREF: sub_404274+7�j
retn
sub_404274 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsGetValue. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION TlsSetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_404368 proc near ; CODE XREF: sub_404388+22�p
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, eax
push ebx ; uBytes
push 40h ; uFlags
call LocalAlloc_0
mov [esp+8+var_8], eax
mov eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_404368 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404380 proc near ; CODE XREF: sub_404388+2�p
mov eax, 8
retn
sub_404380 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404388 proc near ; CODE XREF: sub_4043D8:loc_4043F2�p
var_8 = dword ptr -8
push ebx
push ecx
call sub_404380
mov ebx, eax
test ebx, ebx
jz short loc_4043D3
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_4043A8
mov eax, 0E2h
call sub_403B0C
; ---------------------------------------------------------------------------
loc_4043A8: ; CODE XREF: sub_404388+14�j
mov eax, ebx
call sub_404368
mov [esp+8+var_8], eax
cmp [esp+8+var_8], 0
jnz short loc_4043C4
mov eax, 0E2h
call sub_403B0C
; ---------------------------------------------------------------------------
jmp short loc_4043D3
; ---------------------------------------------------------------------------
loc_4043C4: ; CODE XREF: sub_404388+2E�j
mov eax, [esp+8+var_8]
push eax ; lpTlsValue
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsSetValue ; TlsSetValue
loc_4043D3: ; CODE XREF: sub_404388+B�j
; sub_404388+3A�j
pop edx
pop ebx
retn
sub_404388 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4043D8 proc near ; CODE XREF: sub_4028B8+20�p
; sub_402910+3�p ...
mov cl, ds:byte_40864C
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_40440D
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_4043F2: ; CODE XREF: sub_4043D8+3D�j
call sub_404388
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_404407
retn
; ---------------------------------------------------------------------------
loc_404407: ; CODE XREF: sub_4043D8+2C�j
mov eax, ds:dword_408658
retn
; ---------------------------------------------------------------------------
loc_40440D: ; CODE XREF: sub_4043D8+D�j
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_4043F2
retn
sub_4043D8 endp
; =============== S U B R O U T I N E =======================================
sub_404418 proc near ; CODE XREF: sub_404424+2E�p
mov eax, offset dword_4070B0
call sub_404118
retn
sub_404418 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404424 proc near ; CODE XREF: sub_405074+18�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0 ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
mov ds:dword_408650, eax
mov eax, ds:dword_408650
mov ds:dword_4070B4, eax
xor eax, eax
mov ds:dword_4070B8, eax
xor eax, eax
mov ds:dword_4070BC, eax
call sub_404418
mov edx, offset dword_4070B0
mov eax, ebx
call sub_4038C8
pop ebx
retn
sub_404424 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404468 proc near ; DATA XREF: CODE:00405010�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40448D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_408654
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404494
loc_40448C: ; CODE XREF: sub_404468+2A�j
retn
; ---------------------------------------------------------------------------
loc_40448D: ; DATA XREF: sub_404468+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_40448C
; ---------------------------------------------------------------------------
loc_404494: ; CODE XREF: sub_404468:loc_40448C�j
; DATA XREF: sub_404468+1F�o
pop ebp
retn
sub_404468 endp
; ---------------------------------------------------------------------------
align 4
loc_404498: ; DATA XREF: CODE:off_40500C�o
sub ds:dword_408654, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044A0 proc near ; DATA XREF: CODE:00405020�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4044C5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40865C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4044CC
loc_4044C4: ; CODE XREF: sub_4044A0+2A�j
retn
; ---------------------------------------------------------------------------
loc_4044C5: ; DATA XREF: sub_4044A0+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4044C4
; ---------------------------------------------------------------------------
loc_4044CC: ; CODE XREF: sub_4044A0:loc_4044C4�j
; DATA XREF: sub_4044A0+1F�o
pop ebp
retn
sub_4044A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4044D0 proc near ; DATA XREF: CODE:0040501C�o
sub ds:dword_40865C, 1
retn
sub_4044D0 endp
; [00000006 BYTES: COLLAPSED FUNCTION RegOpenKeyA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetFileAttributesA. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION GetTickCount. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION OpenProcess. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404508 proc near ; DATA XREF: CODE:00405028�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40452D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_408660
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404534
loc_40452C: ; CODE XREF: sub_404508+2A�j
retn
; ---------------------------------------------------------------------------
loc_40452D: ; DATA XREF: sub_404508+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_40452C
; ---------------------------------------------------------------------------
loc_404534: ; CODE XREF: sub_404508:loc_40452C�j
; DATA XREF: sub_404508+1F�o
pop ebp
retn
sub_404508 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404538 proc near ; DATA XREF: CODE:00405024�o
sub ds:dword_408660, 1
retn
sub_404538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404540 proc near ; DATA XREF: CODE:00405030�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404565
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_408664
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40456C
loc_404564: ; CODE XREF: sub_404540+2A�j
retn
; ---------------------------------------------------------------------------
loc_404565: ; DATA XREF: sub_404540+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404564
; ---------------------------------------------------------------------------
loc_40456C: ; CODE XREF: sub_404540:loc_404564�j
; DATA XREF: sub_404540+1F�o
pop ebp
retn
sub_404540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404570 proc near ; DATA XREF: CODE:0040502C�o
sub ds:dword_408664, 1
retn
sub_404570 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404578 proc near ; DATA XREF: CODE:00405038�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40459D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_408668
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4045A4
loc_40459C: ; CODE XREF: sub_404578+2A�j
retn
; ---------------------------------------------------------------------------
loc_40459D: ; DATA XREF: sub_404578+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_40459C
; ---------------------------------------------------------------------------
loc_4045A4: ; CODE XREF: sub_404578:loc_40459C�j
; DATA XREF: sub_404578+1F�o
pop ebp
retn
sub_404578 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4045A8 proc near ; DATA XREF: CODE:00405034�o
sub ds:dword_408668, 1
retn
sub_4045A8 endp
; [00000006 BYTES: COLLAPSED FUNCTION RtlDecompressBuffer. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B8 proc near ; CODE XREF: sub_405074+60�p
; sub_405074+EF�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push 0
push 0
push ebx
push esi
push edi
mov ebx, edx
test ebx, ebx
js short loc_4045D4
shr ebx, 2
loc_4045CD: ; CODE XREF: sub_4045B8+1A�j
mov esi, [eax+ebx*4]
dec ebx
push esi
jns short loc_4045CD
loc_4045D4: ; CODE XREF: sub_4045B8+10�j
mov eax, esp
mov [ebp+var_4], ecx
mov esi, eax
xor eax, eax
push ebp
push offset loc_404635
push dword ptr fs:[eax]
mov fs:[eax], esp
xor edi, edi
jmp short loc_404608
; ---------------------------------------------------------------------------
loc_4045ED: ; CODE XREF: sub_4045B8+55�j
cmp bl, 1
jz short loc_404607
lea eax, [ebp+var_C]
mov edx, ebx
call sub_403C28
mov edx, [ebp+var_C]
lea eax, [ebp+var_8]
call sub_403C94
loc_404607: ; CODE XREF: sub_4045B8+38�j
inc edi
loc_404608: ; CODE XREF: sub_4045B8+33�j
mov bl, [esi+edi]
test bl, bl
jnz short loc_4045ED
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
call sub_403B6C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40463C
loc_404627: ; CODE XREF: sub_4045B8+82�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_403B3C
retn
; ---------------------------------------------------------------------------
loc_404635: ; DATA XREF: sub_4045B8+26�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404627
; ---------------------------------------------------------------------------
loc_40463C: ; CODE XREF: sub_4045B8+7C�j
; DATA XREF: sub_4045B8+6A�o
mov edi, [ebp+var_18]
mov esi, [ebp+var_14]
mov ebx, [ebp+var_10]
mov esp, ebp
pop ebp
retn
sub_4045B8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40464C proc near ; CODE XREF: sub_404658+25�p
test eax, eax
jz short locret_404655
sub eax, 4
mov eax, [eax]
locret_404655: ; CODE XREF: sub_40464C+2�j
retn
sub_40464C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404658 proc near ; CODE XREF: sub_405074+118F�p
; sub_405074+141B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_403E7C
xor eax, eax
push ebp
push offset loc_404708
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_40464C
mov ebx, eax
cmp ebx, 4
jbe short loc_4046EB
lea eax, [ebp+arg_4]
call sub_403EDC
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov edx, [eax]
mov eax, esi
call sub_403EE4
mov eax, [ebp+var_8]
cmp dword ptr [eax], 80000h
jbe short loc_4046B2
mov edi, 2
jmp short loc_4046B7
; ---------------------------------------------------------------------------
loc_4046B2: ; CODE XREF: sub_404658+51�j
mov edi, 2
loc_4046B7: ; CODE XREF: sub_404658+58�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_403EDC
add eax, 4
push eax
mov eax, [ebp+var_8]
mov eax, [eax]
push eax
mov eax, esi
call sub_403EDC
push eax
push edi
call RtlDecompressBuffer ; RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_403EE4
jmp short loc_4046F2
; ---------------------------------------------------------------------------
loc_4046EB: ; CODE XREF: sub_404658+2F�j
mov eax, esi
call sub_403B18
loc_4046F2: ; CODE XREF: sub_404658+91�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40470F
loc_4046FF: ; CODE XREF: sub_404658+B5�j
lea eax, [ebp+arg_4]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_404708: ; DATA XREF: sub_404658+17�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4046FF
; ---------------------------------------------------------------------------
loc_40470F: ; CODE XREF: sub_404658+AF�j
; DATA XREF: sub_404658+A2�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_404658 endp
; =============== S U B R O U T I N E =======================================
sub_404718 proc near ; CODE XREF: sub_405074+913�p
; sub_405074+A25�p ...
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov esi, eax
push 2
push edx
mov eax, ds:dword_408650
push eax
call ds:dword_40866C
mov ebx, eax
push ebx
mov eax, ds:dword_408650
push eax
call ds:dword_408670
mov [esi], eax
push ebx
mov eax, ds:dword_408650
push eax
call ds:dword_408674
mov ebx, eax
push ebx
call ds:dword_408678
mov [esp+0Ch+var_C], eax
cmp [esp+0Ch+var_C], 0
jz short loc_404763
push ebx
call ds:dword_40867C
loc_404763: ; CODE XREF: sub_404718+42�j
mov eax, [esp+0Ch+var_C]
pop edx
pop esi
pop ebx
retn
sub_404718 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40476C proc near ; CODE XREF: sub_405074+112E�p
; sub_405074+13BA�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFD4h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_2C], ebx
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_403E7C
mov eax, [ebp+var_8]
call sub_403E7C
xor eax, eax
push ebp
push offset loc_404914
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
lea eax, [ebp+var_18]
call sub_403B18
mov eax, [ebp+var_8]
call sub_403C8C
test eax, eax
jle short loc_4047D8
mov [ebp+var_20], eax
mov ebx, 1
loc_4047C5: ; CODE XREF: sub_40476C+6A�j
mov eax, [ebp+var_8]
movzx eax, byte ptr [eax+ebx-1]
cdq
idiv ebx
xor esi, edx
inc ebx
dec [ebp+var_20]
jnz short loc_4047C5
loc_4047D8: ; CODE XREF: sub_40476C+4F�j
cmp esi, 0FFh
jle short loc_4047FC
loc_4047E0: ; CODE XREF: sub_40476C+8E�j
sar esi, 1
jns short loc_4047E7
adc esi, 0
loc_4047E7: ; CODE XREF: sub_40476C+76�j
mov [ebp+var_24], esi
fild [ebp+var_24]
call sub_402B74
mov esi, eax
cmp esi, 0FFh
jg short loc_4047E0
loc_4047FC: ; CODE XREF: sub_40476C+72�j
mov eax, [ebp+var_4]
call sub_403C8C
test eax, eax
jle loc_4048D9
mov [ebp+var_20], eax
mov ebx, 1
loc_404814: ; CODE XREF: sub_40476C+167�j
mov eax, [ebp+var_8]
call sub_403C8C
push eax
mov eax, ebx
pop edx
mov ecx, edx
cdq
idiv ecx
mov [ebp+var_1C], edx
inc [ebp+var_1C]
mov eax, [ebp+var_4]
call sub_403C8C
xor eax, ebx
mov edx, [ebp+var_8]
mov ecx, [ebp+var_1C]
movzx edx, byte ptr [edx+ecx-1]
mov ecx, edx
cdq
idiv ecx
mov [ebp+var_10], edx
inc [ebp+var_10]
mov eax, ebx
cdq
idiv [ebp+var_10]
mov eax, esi
xor dl, al
mov eax, [ebp+var_4]
mov al, [eax+ebx-1]
mov ecx, ebx
and ecx, 8000007Fh
jns short loc_40486B
dec ecx
or ecx, 0FFFFFF80h
inc ecx
loc_40486B: ; CODE XREF: sub_40476C+F8�j
xor al, cl
mov ecx, [ebp+var_8]
mov edi, [ebp+var_1C]
movzx ecx, byte ptr [ecx+edi-1]
add ecx, ecx
shr ecx, 2
xor al, cl
xor dl, al
mov [ebp+var_11], dl
mov eax, ebx
and eax, 80000001h
jns short loc_404892
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_404892: ; CODE XREF: sub_40476C+11F�j
test eax, eax
jnz short loc_4048AE
lea eax, [ebp+var_28]
mov dl, [ebp+var_11]
call sub_403C28
mov edx, [ebp+var_28]
lea eax, [ebp+var_18]
call sub_403C94
jmp short loc_4048CF
; ---------------------------------------------------------------------------
loc_4048AE: ; CODE XREF: sub_40476C+128�j
lea eax, [ebp+var_2C]
xor edx, edx
mov dl, [ebp+var_11]
push edx
mov edx, 0FFh
pop ecx
sub edx, ecx
call sub_403C28
mov edx, [ebp+var_2C]
lea eax, [ebp+var_18]
call sub_403C94
loc_4048CF: ; CODE XREF: sub_40476C+140�j
inc ebx
dec [ebp+var_20]
jnz loc_404814
loc_4048D9: ; CODE XREF: sub_40476C+9A�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_18]
call sub_403B6C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40491B
loc_4048F1: ; CODE XREF: sub_40476C+1AD�j
lea eax, [ebp+var_2C]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_18]
call sub_403B18
lea eax, [ebp+var_8]
mov edx, 2
call sub_403B3C
retn
; ---------------------------------------------------------------------------
loc_404914: ; DATA XREF: sub_40476C+30�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4048F1
; ---------------------------------------------------------------------------
loc_40491B: ; CODE XREF: sub_40476C+1A7�j
; DATA XREF: sub_40476C+180�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40476C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404924 proc near ; CODE XREF: sub_405074+A02�p
; sub_405074+AB7�p ...
var_108 = byte ptr -108h
push ebx
push esi
add esp, 0FFFFFEF4h
mov esi, edx
mov ebx, eax
lea edx, [esp+114h+var_108]
mov eax, ebx
call sub_40317C
lea edx, [esp+114h+var_108]
mov eax, esp
mov cl, 0Bh
call sub_402FB0
mov eax, esi
mov edx, esp
call sub_403C68
add esp, 10Ch
pop esi
pop ebx
retn
sub_404924 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40495C proc near ; CODE XREF: sub_405074+969�p
; sub_405074+990�p ...
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_108], ecx
mov [ebp+var_4], ecx
mov esi, eax
lea edi, [ebp+var_104]
mov ecx, 40h
rep movsd
mov edi, edx
xor eax, eax
push ebp
push offset loc_4049E8
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
jmp short loc_4049B2
; ---------------------------------------------------------------------------
loc_404996: ; CODE XREF: sub_40495C+5F�j
lea eax, [ebp+var_108]
mov edx, ebx
call sub_403C28
mov edx, [ebp+var_108]
lea eax, [ebp+var_4]
call sub_403C94
inc esi
loc_4049B2: ; CODE XREF: sub_40495C+38�j
mov bl, [ebp+esi+var_104]
test bl, bl
jnz short loc_404996
mov eax, edi
mov edx, [ebp+var_4]
call sub_403B6C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4049EF
loc_4049D4: ; CODE XREF: sub_40495C+91�j
lea eax, [ebp+var_108]
call sub_403B18
lea eax, [ebp+var_4]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_4049E8: ; DATA XREF: sub_40495C+2B�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_4049D4
; ---------------------------------------------------------------------------
loc_4049EF: ; CODE XREF: sub_40495C+8B�j
; DATA XREF: sub_40495C+73�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40495C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049F8 proc near ; DATA XREF: CODE:00405040�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404A1D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086C4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404A24
loc_404A1C: ; CODE XREF: sub_4049F8+2A�j
retn
; ---------------------------------------------------------------------------
loc_404A1D: ; DATA XREF: sub_4049F8+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404A1C
; ---------------------------------------------------------------------------
loc_404A24: ; CODE XREF: sub_4049F8:loc_404A1C�j
; DATA XREF: sub_4049F8+1F�o
pop ebp
retn
sub_4049F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404A28 proc near ; DATA XREF: CODE:0040503C�o
sub ds:dword_4086C4, 1
retn
sub_404A28 endp
; =============== S U B R O U T I N E =======================================
sub_404A30 proc near ; CODE XREF: sub_404A60+24F�p
add edx, eax
mov eax, edx
retn
sub_404A30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; CODE XREF: sub_404A60+10B�p
push edx
push eax
mov eax, ds:off_407DC8
mov eax, [eax]
call eax
retn
sub_404A38 endp
; =============== S U B R O U T I N E =======================================
sub_404A44 proc near ; CODE XREF: sub_404A60+18A�p
var_4 = dword ptr -4
push ecx
movzx edx, dx
add edx, eax
mov [esp+4+var_4], edx
mov eax, [esp+4+var_4]
pop edx
retn
sub_404A44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404A54 proc near ; CODE XREF: sub_404A60+1E6�p
shr eax, 1Dh
mov eax, ds:dword_407D64[eax*4]
retn
sub_404A54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A60 proc near ; CODE XREF: sub_405074+149A�p
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_14C = dword ptr -14Ch
var_A8 = dword ptr -0A8h
var_9C = dword ptr -9Ch
var_80 = dword ptr -80h
var_50 = word ptr -50h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEB4h
push ebx
push esi
push edi
mov [ebp+var_4], edx
mov edi, eax
mov eax, [ebp+var_4]
call sub_403E7C
xor eax, eax
push ebp
push offset loc_404D2B
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_28], 8
xor eax, eax
mov [ebp+var_24], eax
mov esi, 1
lea eax, [ebp+var_3C]
mov ecx, [ebp+var_24]
mov edx, 10h
call sub_402FCC
lea eax, [ebp+var_80]
mov ecx, [ebp+var_24]
mov edx, 44h
call sub_402FCC
mov [ebp+var_80], 44h
mov [ebp+var_50], 1
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_80]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
push 0
mov eax, [ebp+var_4]
call sub_403E8C
push eax
mov eax, ds:off_407DD4
mov eax, [eax]
call eax
test eax, eax
jz loc_404D15
mov [ebp+var_1D], 1
xor eax, eax
push ebp
push offset loc_404D0E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_14C], 10002h
lea eax, [ebp+var_14C]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_407DE8
mov eax, [eax]
call eax
test eax, eax
jz loc_404CD7
lea eax, [ebp+var_C]
push eax
push 4
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_A8]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_28]
cdq
add eax, [esp+1B4h+var_1B4]
adc edx, [esp+1B4h+var_1B0]
add esp, 8
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407E38
mov eax, [eax]
call eax
test eax, eax
jz loc_404CD7
mov edx, [ebp+var_8]
mov eax, [ebp+var_3C]
call sub_404A38
cmp eax, [ebp+var_24]
jl loc_404CD7
test edi, edi
jz loc_404CD7
mov eax, [edi+3Ch]
add eax, edi
mov [ebp+var_18], eax
push 4
push 3000h
mov eax, [ebp+var_18]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407E08
mov eax, [eax]
call eax
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz loc_404CD7
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_18]
mov eax, [eax+54h]
push eax
push edi
mov eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407DBC
mov eax, [eax]
call eax
test eax, eax
jz loc_404CD7
mov eax, [ebp+var_18]
mov dx, [eax+14h]
mov eax, [ebp+var_18]
add eax, 18h
call sub_404A44
mov [ebp+var_1C], eax
mov ebx, [ebp+var_24]
mov eax, [ebp+var_18]
movzx eax, word ptr [eax+6]
sub eax, esi
sub eax, ebx
jb short loc_404C72
inc eax
mov [ebp+var_2C], eax
loc_404C06: ; CODE XREF: sub_404A60+210�j
lea eax, [ebp+var_10]
push eax
lea esi, [ebx+ebx*4]
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+10h]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+14h]
add eax, edi
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+0Ch]
add eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407DBC
mov eax, [eax]
call eax
test eax, eax
jz short loc_404C6C
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+24h]
call sub_404A54
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+8]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+esi*8+0Ch]
add eax, [ebp+var_8]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407E10
mov eax, [eax]
call eax
loc_404C6C: ; CODE XREF: sub_404A60+1D9�j
inc ebx
dec [ebp+var_2C]
jnz short loc_404C06
loc_404C72: ; CODE XREF: sub_404A60+1A0�j
lea eax, [ebp+var_10]
push eax
push 4
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_A8]
xor edx, edx
push edx
push eax
mov eax, [ebp+var_28]
cdq
add eax, [esp+218h+var_218]
adc edx, [esp+218h+var_214]
add esp, 8
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407DBC
mov eax, [eax]
call eax
test eax, eax
jz short loc_404CD7
mov eax, [ebp+var_18]
mov edx, [eax+28h]
mov eax, [ebp+var_8]
call sub_404A30
mov [ebp+var_9C], eax
lea eax, [ebp+var_14C]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_407E80
mov eax, [eax]
call eax
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_1D], al
loc_404CD7: ; CODE XREF: sub_404A60+C7�j
; sub_404A60+FF�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404D15
loc_404CE4: ; CODE XREF: sub_404A60+2B3�j
cmp [ebp+var_1D], 0
jnz short loc_404CFD
mov eax, [ebp+var_24]
push eax
mov eax, [ebp+var_3C]
push eax
mov eax, ds:off_407E7C
mov eax, [eax]
call eax
jmp short loc_404D0A
; ---------------------------------------------------------------------------
loc_404CFD: ; CODE XREF: sub_404A60+288�j
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_407DB4
mov eax, [eax]
call eax
loc_404D0A: ; CODE XREF: sub_404A60+29B�j
mov bl, [ebp+var_1D]
retn
; ---------------------------------------------------------------------------
loc_404D0E: ; DATA XREF: sub_404A60+9C�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404CE4
; ---------------------------------------------------------------------------
loc_404D15: ; CODE XREF: sub_404A60+8F�j
; DATA XREF: sub_404A60+27F�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404D32
loc_404D22: ; CODE XREF: sub_404A60+2D0�j
lea eax, [ebp+var_4]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_404D2B: ; DATA XREF: sub_404A60+1C�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404D22
; ---------------------------------------------------------------------------
loc_404D32: ; CODE XREF: sub_404A60+2CA�j
; DATA XREF: sub_404A60+2BD�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_404A60 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D3C proc near ; DATA XREF: CODE:00405048�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404D61
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086C8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404D68
loc_404D60: ; CODE XREF: sub_404D3C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404D61: ; DATA XREF: sub_404D3C+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404D60
; ---------------------------------------------------------------------------
loc_404D68: ; CODE XREF: sub_404D3C:loc_404D60�j
; DATA XREF: sub_404D3C+1F�o
pop ebp
retn
sub_404D3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404D6C proc near ; DATA XREF: CODE:00405044�o
sub ds:dword_4086C8, 1
retn
sub_404D6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D74 proc near ; DATA XREF: CODE:00405058�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404D99
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086CC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404DA0
loc_404D98: ; CODE XREF: sub_404D74+2A�j
retn
; ---------------------------------------------------------------------------
loc_404D99: ; DATA XREF: sub_404D74+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404D98
; ---------------------------------------------------------------------------
loc_404DA0: ; CODE XREF: sub_404D74:loc_404D98�j
; DATA XREF: sub_404D74+1F�o
pop ebp
retn
sub_404D74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404DA4 proc near ; DATA XREF: CODE:00405054�o
sub ds:dword_4086CC, 1
retn
sub_404DA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DAC proc near ; DATA XREF: CODE:00405050�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404DD1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086D0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404DD8
loc_404DD0: ; CODE XREF: sub_404DAC+2A�j
retn
; ---------------------------------------------------------------------------
loc_404DD1: ; DATA XREF: sub_404DAC+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404DD0
; ---------------------------------------------------------------------------
loc_404DD8: ; CODE XREF: sub_404DAC:loc_404DD0�j
; DATA XREF: sub_404DAC+1F�o
pop ebp
retn
sub_404DAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404DDC proc near ; DATA XREF: CODE:0040504C�o
sub ds:dword_4086D0, 1
retn
sub_404DDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DE4 proc near ; DATA XREF: CODE:00405060�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404E09
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086D4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404E10
loc_404E08: ; CODE XREF: sub_404DE4+2A�j
retn
; ---------------------------------------------------------------------------
loc_404E09: ; DATA XREF: sub_404DE4+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404E08
; ---------------------------------------------------------------------------
loc_404E10: ; CODE XREF: sub_404DE4:loc_404E08�j
; DATA XREF: sub_404DE4+1F�o
pop ebp
retn
sub_404DE4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404E14 proc near ; DATA XREF: CODE:0040505C�o
sub ds:dword_4086D4, 1
retn
sub_404E14 endp
; [00000006 BYTES: COLLAPSED FUNCTION LdrGetProcedureAddress. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LdrLoadDll. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RtlInitString. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RtlInitUnicodeString. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E3C proc near ; DATA XREF: CODE:00405068�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404E61
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4086D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404E68
loc_404E60: ; CODE XREF: sub_404E3C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404E61: ; DATA XREF: sub_404E3C+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404E60
; ---------------------------------------------------------------------------
loc_404E68: ; CODE XREF: sub_404E3C:loc_404E60�j
; DATA XREF: sub_404E3C+1F�o
pop ebp
retn
sub_404E3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404E6C proc near ; DATA XREF: CODE:00405064�o
sub ds:dword_4086D8, 1
retn
sub_404E6C endp
; =============== S U B R O U T I N E =======================================
sub_404E74 proc near ; CODE XREF: sub_405074+125�p
; sub_405074+172�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov edi, ecx
mov esi, edx
xor edx, edx
mov [esp+1Ch+var_1C], edx
push eax
push ebx
call RtlInitUnicodeString ; RtlInitUnicodeString
lea eax, [esp+1Ch+var_18]
push eax
push ebx
push 0
push 0
call LdrLoadDll ; LdrLoadDll
test eax, eax
jnz short loc_404ECB
push esi
lea eax, [esp+20h+var_10]
push eax
call RtlInitString ; RtlInitString
lea eax, [esp+1Ch+var_14]
push eax
movzx eax, di
push eax
lea eax, [esp+24h+var_10]
push eax
mov eax, [esp+28h+var_18]
push eax
call LdrGetProcedureAddress ; LdrGetProcedureAddress
test eax, eax
jnz short loc_404ECB
mov eax, [esp+1Ch+var_14]
mov [esp+1Ch+var_1C], eax
loc_404ECB: ; CODE XREF: sub_404E74+27�j
; sub_404E74+4E�j
mov eax, [esp+1Ch+var_1C]
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_404E74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404ED8 proc near ; CODE XREF: sub_405074+CB7�p
; sub_405074+F10�p ...
var_109 = byte ptr -109h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF4h
push ebx
push esi
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_403E7C
xor eax, eax
push ebp
push offset loc_404F6E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 64h
call sub_402FEC
lea eax, [ebp+var_109]
xor ecx, ecx
mov edx, 105h
call sub_402FCC
mov ebx, 105h
push ebx
lea eax, [ebp+var_109]
push eax
mov eax, [ebp+var_4]
call sub_403E8C
push eax
mov eax, ds:off_407E40
mov eax, [eax]
call eax
mov ebx, eax
mov eax, esi
call sub_403B18
test ebx, ebx
jbe short loc_404F58
mov eax, esi
lea edx, [ebp+var_109]
mov ecx, 105h
call sub_403C74
loc_404F58: ; CODE XREF: sub_404ED8+6C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F75
loc_404F65: ; CODE XREF: sub_404ED8+9B�j
lea eax, [ebp+var_4]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_404F6E: ; DATA XREF: sub_404ED8+1B�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404F65
; ---------------------------------------------------------------------------
loc_404F75: ; CODE XREF: sub_404ED8+95�j
; DATA XREF: sub_404ED8+88�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_404ED8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F7C proc near ; CODE XREF: sub_405074+D97�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_403E7C
xor eax, eax
push ebp
push offset loc_404FCD
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_403E8C
push eax ; lpFileName
call GetFileAttributesA ; GetFileAttributesA
test al, 10h
jnz short loc_404FB1
cmp eax, 0FFFFFFFFh
jnz short loc_404FB5
loc_404FB1: ; CODE XREF: sub_404F7C+2E�j
xor ebx, ebx
jmp short loc_404FB7
; ---------------------------------------------------------------------------
loc_404FB5: ; CODE XREF: sub_404F7C+33�j
mov bl, 1
loc_404FB7: ; CODE XREF: sub_404F7C+37�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404FD4
loc_404FC4: ; CODE XREF: sub_404F7C+56�j
lea eax, [ebp+var_4]
call sub_403B18
retn
; ---------------------------------------------------------------------------
loc_404FCD: ; DATA XREF: sub_404F7C+13�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404FC4
; ---------------------------------------------------------------------------
loc_404FD4: ; CODE XREF: sub_404F7C+50�j
; DATA XREF: sub_404F7C+43�o
mov eax, ebx
pop ebx
pop ecx
pop ebp
retn
sub_404F7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FDC proc near ; DATA XREF: CODE:00405070�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404FFB
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405002
loc_404FFA: ; CODE XREF: sub_404FDC+24�j
retn
; ---------------------------------------------------------------------------
loc_404FFB: ; DATA XREF: sub_404FDC+6�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_404FFA
; ---------------------------------------------------------------------------
loc_405002: ; CODE XREF: sub_404FDC:loc_404FFA�j
; DATA XREF: sub_404FDC+19�o
pop ebp
retn
sub_404FDC endp
; ---------------------------------------------------------------------------
dword_405004 dd 0Dh dd offset off_40500C
off_40500C dd offset loc_404498 ; DATA XREF: CODE:00405008�o
dd offset sub_404468
dd offset sub_404274
dd offset sub_404220
dd offset sub_4044D0
dd offset sub_4044A0
dd offset sub_404538
dd offset sub_404508
dd offset sub_404570
dd offset sub_404540
dd offset sub_4045A8
dd offset sub_404578
dd offset sub_404A28
dd offset sub_4049F8
dd offset sub_404D6C
dd offset sub_404D3C
dd offset sub_404DDC
dd offset sub_404DAC
dd offset sub_404DA4
dd offset sub_404D74
dd offset sub_404E14
dd offset sub_404DE4
dd offset sub_404E6C
dd offset sub_404E3C
align 10h
dd offset sub_404FDC
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_405074 proc near ; CODE XREF: start+5�j
; DATA XREF: start�o
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_174 = dword ptr -174h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebp
mov ebp, esp
mov ecx, 4Bh
loc_40507C: ; CODE XREF: sub_405074+D�j
push 0
push 0
dec ecx
jnz short loc_40507C
push ecx
push ebx
push esi
push edi
mov eax, offset dword_405004
call sub_404424
mov esi, ds:off_407DA0
xor eax, eax
push ebp
push offset loc_40678B
push dword ptr fs:[eax]
mov fs:[eax], esp
push 0DEADC0D4h ; dwProcessId
push 0 ; bInheritHandle
push 1 ; dwDesiredAccess
call OpenProcess ; OpenProcess
not eax
test eax, eax
jnz short loc_4050C2
push 0 ; uExitCode
call ExitProcess_0
mov bl, 1
loc_4050C2: ; CODE XREF: sub_405074+43�j
push offset phkResult ; phkResult
lea ecx, [ebp+var_14]
mov eax, ds:off_407DC0
mov edx, 27h
call sub_4045B8
mov eax, [ebp+var_14]
call sub_403E8C
push eax ; lpSubKey
push 80000001h ; hKey
call RegOpenKeyA ; RegOpenKeyA
not eax
test eax, eax
jnz short loc_4050FB
push 0 ; uExitCode
call ExitProcess_0
mov bl, 1
loc_4050FB: ; CODE XREF: sub_405074+7C�j
cmp bl, 1
jnz short loc_405118
loc_405100: ; CODE XREF: sub_405074+A2�j
push 29Ah ; uType
push 0 ; lpCaption
push 0 ; lpText
push 29Ah ; hWnd
call MessageBoxA_0
cmp bl, 1
jz short loc_405100
loc_405118: ; CODE XREF: sub_405074+8A�j
mov eax, offset dword_409094
mov edx, offset dword_4067A8
call sub_403B6C
mov eax, offset dword_409094
call sub_403B18
mov eax, 64h
call sub_402FEC
mov eax, 64h
call sub_402FEC
xor eax, eax
mov ds:hWnd, eax
mov ds:dword_40907C, 1
lea ecx, [ebp+var_18]
mov eax, ds:off_407E14
mov edx, 8Dh
call sub_4045B8
mov eax, [ebp+var_18]
call sub_403E8C
push eax
lea ecx, [ebp+var_20]
mov eax, ds:off_407DF8
mov edx, 6Fh
call sub_4045B8
mov edx, [ebp+var_20]
lea eax, [ebp+var_1C]
call sub_404040
mov eax, [ebp+var_1C]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DC8
mov [edx], eax
lea ecx, [ebp+var_24]
mov eax, ds:off_407DF0
mov edx, 77h
call sub_4045B8
mov eax, [ebp+var_24]
call sub_403E8C
push eax
lea ecx, [ebp+var_2C]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_2C]
lea eax, [ebp+var_28]
call sub_404040
mov eax, [ebp+var_28]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E2C
mov [edx], eax
lea ecx, [ebp+var_30]
mov eax, ds:off_407E54
mov edx, 79h
call sub_4045B8
mov eax, [ebp+var_30]
call sub_403E8C
push eax
lea ecx, [ebp+var_38]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_38]
lea eax, [ebp+var_34]
call sub_404040
mov eax, [ebp+var_34]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DB0
mov [edx], eax
lea ecx, [ebp+var_3C]
mov eax, ds:off_407E4C
mov edx, 75h
call sub_4045B8
mov eax, [ebp+var_3C]
call sub_403E8C
push eax
lea ecx, [ebp+var_44]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_44]
lea eax, [ebp+var_40]
call sub_404040
mov eax, [ebp+var_40]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DA8
mov [edx], eax
lea ecx, [ebp+var_48]
mov eax, ds:off_407E50
mov edx, 75h
call sub_4045B8
mov eax, [ebp+var_48]
call sub_403E8C
push eax
lea ecx, [ebp+var_50]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_50]
lea eax, [ebp+var_4C]
call sub_404040
mov eax, [ebp+var_4C]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DAC
mov [edx], eax
lea ecx, [ebp+var_54]
mov eax, ds:off_407E70
mov edx, 75h
call sub_4045B8
mov eax, [ebp+var_54]
call sub_403E8C
push eax
lea ecx, [ebp+var_5C]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_5C]
lea eax, [ebp+var_58]
call sub_404040
mov eax, [ebp+var_58]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DD0
mov [edx], eax
lea ecx, [ebp+var_60]
mov eax, ds:off_407DCC
mov edx, 7Ch
call sub_4045B8
mov eax, [ebp+var_60]
call sub_403E8C
push eax
lea ecx, [ebp+var_68]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_68]
lea eax, [ebp+var_64]
call sub_404040
mov eax, [ebp+var_64]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407D94
mov [edx], eax
lea ecx, [ebp+var_6C]
mov eax, ds:off_407E48
mov edx, 81h
call sub_4045B8
mov eax, [ebp+var_6C]
call sub_403E8C
push eax
lea ecx, [ebp+var_74]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_74]
lea eax, [ebp+var_70]
call sub_404040
mov eax, [ebp+var_70]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E08
mov [edx], eax
lea ecx, [ebp+var_78]
mov eax, ds:off_407E58
mov edx, 85h
call sub_4045B8
mov eax, [ebp+var_78]
call sub_403E8C
push eax
lea ecx, [ebp+var_80]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_80]
lea eax, [ebp+var_7C]
call sub_404040
mov eax, [ebp+var_7C]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E10
mov [edx], eax
lea ecx, [ebp+var_84]
mov eax, ds:off_407E00
mov edx, 8Ah
call sub_4045B8
mov eax, [ebp+var_84]
call sub_403E8C
push eax
lea ecx, [ebp+var_8C]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_8C]
lea eax, [ebp+var_88]
call sub_404040
mov eax, [ebp+var_88]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DBC
mov [edx], eax
lea ecx, [ebp+var_90]
mov eax, ds:off_407E6C
mov edx, 87h
call sub_4045B8
mov eax, [ebp+var_90]
call sub_403E8C
push eax
lea ecx, [ebp+var_98]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_98]
lea eax, [ebp+var_94]
call sub_404040
mov eax, [ebp+var_94]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E38
mov [edx], eax
lea ecx, [ebp+var_9C]
mov eax, ds:off_407E30
mov edx, 85h
call sub_4045B8
mov eax, [ebp+var_9C]
call sub_403E8C
push eax
lea ecx, [ebp+var_A4]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_A4]
lea eax, [ebp+var_A0]
call sub_404040
mov eax, [ebp+var_A0]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DE8
mov [edx], eax
lea ecx, [ebp+var_A8]
mov eax, ds:off_407D9C
mov edx, 85h
call sub_4045B8
mov eax, [ebp+var_A8]
call sub_403E8C
push eax
lea ecx, [ebp+var_B0]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_B0]
lea eax, [ebp+var_AC]
call sub_404040
mov eax, [ebp+var_AC]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E80
mov [edx], eax
lea ecx, [ebp+var_B4]
mov eax, ds:off_407E18
mov edx, 81h
call sub_4045B8
mov eax, [ebp+var_B4]
call sub_403E8C
push eax
lea ecx, [ebp+var_BC]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_BC]
lea eax, [ebp+var_B8]
call sub_404040
mov eax, [ebp+var_B8]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DD4
mov [edx], eax
lea ecx, [ebp+var_C0]
mov eax, ds:off_407DF4
mov edx, 7Eh
call sub_4045B8
mov eax, [ebp+var_C0]
call sub_403E8C
push eax
lea ecx, [ebp+var_C8]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_C8]
lea eax, [ebp+var_C4]
call sub_404040
mov eax, [ebp+var_C4]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DB4
mov [edx], eax
lea ecx, [ebp+var_CC]
mov eax, ds:off_407D98
mov edx, 86h
call sub_4045B8
mov eax, [ebp+var_CC]
call sub_403E8C
push eax
lea ecx, [ebp+var_D4]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_D4]
lea eax, [ebp+var_D0]
call sub_404040
mov eax, [ebp+var_D0]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E7C
mov [edx], eax
lea ecx, [ebp+var_D8]
mov eax, ds:off_407E20
mov edx, 31h
call sub_4045B8
mov eax, [ebp+var_D8]
call sub_403E8C
push eax
lea ecx, [ebp+var_E0]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_E0]
lea eax, [ebp+var_DC]
call sub_404040
mov eax, [ebp+var_DC]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DDC
mov [edx], eax
lea ecx, [ebp+var_E4]
mov eax, ds:off_407DFC
mov edx, 31h
call sub_4045B8
mov eax, [ebp+var_E4]
call sub_403E8C
push eax
lea ecx, [ebp+var_EC]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_EC]
lea eax, [ebp+var_E8]
call sub_404040
mov eax, [ebp+var_E8]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DB8
mov [edx], eax
lea ecx, [ebp+var_F0]
mov eax, ds:off_407DC4
mov edx, 25h
call sub_4045B8
mov eax, [ebp+var_F0]
call sub_403E8C
push eax
lea ecx, [ebp+var_F8]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_F8]
lea eax, [ebp+var_F4]
call sub_404040
mov eax, [ebp+var_F4]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407D8C
mov [edx], eax
lea ecx, [ebp+var_FC]
mov eax, ds:off_407E74
mov edx, 3Dh
call sub_4045B8
mov eax, [ebp+var_FC]
call sub_403E8C
push eax
lea ecx, [ebp+var_104]
mov eax, esi
mov edx, 77h
call sub_4045B8
mov edx, [ebp+var_104]
lea eax, [ebp+var_100]
call sub_404040
mov eax, [ebp+var_100]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407E40
mov [edx], eax
lea ecx, [ebp+var_108]
mov eax, ds:off_407E24
mov edx, 33h
call sub_4045B8
mov eax, [ebp+var_108]
call sub_403E8C
push eax
lea ecx, [ebp+var_110]
mov eax, ds:off_407E64
mov edx, 2Fh
call sub_4045B8
mov edx, [ebp+var_110]
lea eax, [ebp+var_10C]
call sub_404040
mov eax, [ebp+var_10C]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DE0
mov [edx], eax
lea ecx, [ebp+var_114]
mov eax, ds:off_407E44
mov edx, 23h
call sub_4045B8
mov eax, [ebp+var_114]
call sub_403E8C
push eax
lea ecx, [ebp+var_11C]
mov eax, ds:off_407E1C
mov edx, 1Dh
call sub_4045B8
mov edx, [ebp+var_11C]
lea eax, [ebp+var_118]
call sub_404040
mov eax, [ebp+var_118]
call sub_404050
xor ecx, ecx
pop edx
call sub_404E74
mov edx, ds:off_407DA4
mov [edx], eax
mov eax, ds:dword_409098
push eax
mov eax, ds:off_407D94
mov eax, [eax]
call eax
push edi
mov eax, ds:off_407D94
mov eax, [eax]
call eax
push 0DEADC0D4h
push 0
push 1
mov eax, ds:off_407D8C
mov eax, [eax]
call eax
not eax
test eax, eax
jnz short loc_40591F
push 0 ; uExitCode
call ExitProcess_0
loc_40591F: ; CODE XREF: sub_405074+8A2�j
push offset phkResult
lea ecx, [ebp+var_120]
mov eax, ds:off_407DC0
mov edx, 27h
call sub_4045B8
mov eax, [ebp+var_120]
call sub_403E8C
push eax
push 80000001h
mov eax, ds:off_407DA4
mov eax, [eax]
call eax
not eax
test eax, eax
jnz short loc_405960
push 0 ; uExitCode
call ExitProcess_0
loc_405960: ; CODE XREF: sub_405074+8E3�j
lea ecx, [ebp+var_124]
mov eax, ds:off_407E3C
mov edx, 15h
call sub_4045B8
mov eax, [ebp+var_124]
call sub_403E8C
mov edx, eax
mov eax, offset dword_408AFC
call sub_404718
mov ds:dword_408AF8, eax
mov edx, offset dword_4086E0
mov eax, ds:dword_408AF8
mov ecx, ds:dword_408AFC
call sub_40296C
cmp ds:byte_4087F2, 0
jz short loc_4059F9
push 0 ; uType
lea ecx, [ebp+var_128]
mov eax, ds:off_407E60
mov edx, 1Eh
call sub_4045B8
mov eax, [ebp+var_128]
call sub_403E8C
push eax ; lpCaption
lea edx, [ebp+var_12C]
mov eax, offset byte_4089F3
call sub_40495C
mov eax, [ebp+var_12C]
call sub_403E8C
push eax ; lpText
mov eax, ds:hWnd
push eax ; hWnd
call MessageBoxA_0
loc_4059F9: ; CODE XREF: sub_405074+939�j
lea edx, [ebp+var_130]
mov eax, offset dword_4086E4
call sub_40495C
mov edx, [ebp+var_130]
mov eax, offset dword_409088
call sub_403B6C
mov ds:dword_40908C, 1
loc_405A23: ; CODE XREF: sub_405074+14CB�j
mov eax, ds:hWnd
mov ds:dword_409084, eax
mov eax, offset dword_4086DC
call sub_403B18
lea ecx, [ebp+var_138]
mov eax, ds:off_407E04
mov edx, 15h
call sub_4045B8
mov eax, [ebp+var_138]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_134]
call sub_403C38
lea eax, [ebp+var_134]
push eax
lea edx, [ebp+var_13C]
mov eax, ds:dword_40908C
call sub_404924
mov edx, [ebp+var_13C]
pop eax
call sub_403C94
mov eax, [ebp+var_134]
call sub_403E8C
mov edx, eax
mov eax, offset dword_409084
call sub_404718
mov ds:dword_408AF4, eax
mov eax, offset dword_4086DC
mov edx, ds:dword_409084
call sub_403EE4
cmp ds:dword_408AF4, 0
jz loc_406545
mov eax, offset dword_4086DC
call sub_403EDC
mov edx, ds:dword_40907C
lea eax, [eax+edx-1]
push eax
mov eax, ds:dword_4086DC
call sub_403C8C
mov ecx, eax
mov eax, ds:dword_408AF4
pop edx
call sub_40296C
lea ecx, [ebp+var_144]
mov eax, ds:off_407E0C
mov edx, 16h
call sub_4045B8
mov eax, [ebp+var_144]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_140]
call sub_403C38
lea eax, [ebp+var_140]
push eax
lea edx, [ebp+var_148]
mov eax, ds:dword_40908C
call sub_404924
mov edx, [ebp+var_148]
pop eax
call sub_403C94
mov eax, [ebp+var_140]
call sub_403E8C
mov edx, eax
mov eax, offset dword_408F2C
call sub_404718
mov ds:dword_408F10, eax
mov edx, offset dword_408B00
mov eax, ds:dword_408F10
mov ecx, ds:dword_408F2C
call sub_40296C
lea edx, [ebp+var_14C]
mov eax, offset dword_408B00
call sub_40495C
mov edx, [ebp+var_14C]
mov eax, offset dword_408F00
call sub_403B6C
lea edx, [ebp+var_154]
mov eax, ds:dword_40908C
call sub_404924
mov ecx, [ebp+var_154]
lea eax, [ebp+var_150]
mov edx, offset dword_4067B4
call sub_403CD8
mov eax, [ebp+var_150]
call sub_403E8C
mov edx, eax
mov eax, offset dword_408F28
call sub_404718
mov ds:dword_408F14, eax
mov edx, offset dword_408C00
mov eax, ds:dword_408F14
mov ecx, ds:dword_408F28
call sub_40296C
lea edx, [ebp+var_158]
mov eax, offset dword_408C00
call sub_40495C
mov edx, [ebp+var_158]
mov eax, offset dword_408F04
call sub_403B6C
lea edx, [ebp+var_160]
mov eax, ds:dword_40908C
call sub_404924
mov ecx, [ebp+var_160]
lea eax, [ebp+var_15C]
mov edx, offset dword_4067C0
call sub_403CD8
mov eax, [ebp+var_15C]
call sub_403E8C
mov edx, eax
mov eax, offset dword_408F20
call sub_404718
mov ds:dword_408F18, eax
mov edx, offset dword_408D00
mov eax, ds:dword_408F18
mov ecx, ds:dword_408F20
call sub_40296C
lea edx, [ebp+var_164]
mov eax, offset dword_408D00
call sub_40495C
mov edx, [ebp+var_164]
mov eax, offset dword_408F08
call sub_403B6C
lea edx, [ebp+var_16C]
mov eax, ds:dword_40908C
call sub_404924
mov ecx, [ebp+var_16C]
lea eax, [ebp+var_168]
mov edx, offset dword_4067CC
call sub_403CD8
mov eax, [ebp+var_168]
call sub_403E8C
mov edx, eax
mov eax, offset dword_408F24
call sub_404718
mov ds:dword_408F1C, eax
mov edx, offset dword_408E00
mov eax, ds:dword_408F1C
mov ecx, ds:dword_408F24
call sub_40296C
lea edx, [ebp+var_170]
mov eax, offset dword_408E00
call sub_40495C
mov edx, [ebp+var_170]
mov eax, offset dword_408F0C
call sub_403B6C
lea ecx, [ebp+var_17C]
mov eax, ds:off_407E28
mov edx, 16h
call sub_4045B8
mov eax, [ebp+var_17C]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_178]
call sub_403C38
mov eax, [ebp+var_178]
lea edx, [ebp+var_174]
call sub_404ED8
mov edx, [ebp+var_174]
mov eax, offset dword_409268
call sub_403B6C
lea ecx, [ebp+var_184]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_184]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_180]
call sub_403C38
mov edx, [ebp+var_180]
mov eax, ds:dword_408F0C
call sub_403DD8
jz loc_405EC9
push ds:dword_409268
lea ecx, [ebp+var_190]
mov eax, ds:off_407DD8
mov edx, 15h
call sub_4045B8
mov eax, [ebp+var_190]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_18C]
call sub_403C38
push [ebp+var_18C]
push ds:dword_408F0C
lea ecx, [ebp+var_198]
mov eax, ds:off_407D84
mov edx, 11h
call sub_4045B8
mov eax, [ebp+var_198]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_194]
call sub_403C38
push [ebp+var_194]
lea eax, [ebp+var_188]
mov edx, 4
call sub_403D4C
mov eax, [ebp+var_188]
call sub_404F7C
test al, al
jz short loc_405E1B
mov ds:byte_40926C, 1
loc_405E1B: ; CODE XREF: sub_405074+D9E�j
cmp ds:byte_40926C, 0
jnz loc_406545
push ds:dword_409268
lea ecx, [ebp+var_1A4]
mov eax, ds:off_407DD8
mov edx, 15h
call sub_4045B8
mov eax, [ebp+var_1A4]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1A0]
call sub_403C38
push [ebp+var_1A0]
push ds:dword_408F0C
lea ecx, [ebp+var_1AC]
mov eax, ds:off_407D84
mov edx, 11h
call sub_4045B8
mov eax, [ebp+var_1AC]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1A8]
call sub_403C38
push [ebp+var_1A8]
lea eax, [ebp+var_19C]
mov edx, 4
call sub_403D4C
mov edx, [ebp+var_19C]
mov eax, offset dword_40909C
call sub_402E3C
mov eax, offset dword_40909C
call sub_402BD8
call sub_402910
loc_405EC9: ; CODE XREF: sub_405074+D09�j
lea ecx, [ebp+var_1B4]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_1B4]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1B0]
call sub_403C38
mov edx, [ebp+var_1B0]
mov eax, ds:dword_408F00
call sub_403DD8
jz loc_406384
lea ecx, [ebp+var_1BC]
mov eax, ds:off_407E34
mov edx, 22h
call sub_4045B8
mov eax, [ebp+var_1BC]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1B8]
call sub_403C38
mov edx, [ebp+var_1B8]
mov eax, ds:dword_408F00
call sub_403DD8
jnz short loc_405F99
lea ecx, [ebp+var_1C8]
mov eax, ds:off_407E78
mov edx, 2Dh
call sub_4045B8
mov eax, [ebp+var_1C8]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1C4]
call sub_403C38
mov eax, [ebp+var_1C4]
lea edx, [ebp+var_1C0]
call sub_404ED8
mov edx, [ebp+var_1C0]
mov eax, offset dword_408F00
call sub_403B6C
loc_405F99: ; CODE XREF: sub_405074+ED5�j
lea ecx, [ebp+var_1D0]
mov eax, ds:off_407D90
mov edx, 1Eh
call sub_4045B8
mov eax, [ebp+var_1D0]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1CC]
call sub_403C38
mov edx, [ebp+var_1CC]
mov eax, ds:dword_408F00
call sub_403DD8
jnz loc_40605F
lea ecx, [ebp+var_1D8]
mov eax, ds:off_407DE4
mov edx, 2Bh
call sub_4045B8
mov eax, [ebp+var_1D8]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1D4]
call sub_403C38
mov eax, [ebp+var_1D4]
push eax
lea ecx, [ebp+var_1E4]
mov eax, ds:off_407E78
mov edx, 2Dh
call sub_4045B8
mov eax, [ebp+var_1E4]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1E0]
call sub_403C38
mov eax, [ebp+var_1E0]
lea edx, [ebp+var_1DC]
call sub_404ED8
mov edx, [ebp+var_1DC]
mov eax, offset dword_408F00
pop ecx
call sub_403CD8
loc_40605F: ; CODE XREF: sub_405074+F62�j
lea ecx, [ebp+var_1EC]
mov eax, ds:off_407E68
mov edx, 1Fh
call sub_4045B8
mov eax, [ebp+var_1EC]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1E8]
call sub_403C38
mov edx, [ebp+var_1E8]
mov eax, ds:dword_408F00
call sub_403DD8
jnz short loc_4060EC
lea ecx, [ebp+var_1F8]
mov eax, ds:off_407D88
mov edx, 21h
call sub_4045B8
mov eax, [ebp+var_1F8]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1F4]
call sub_403C38
mov eax, [ebp+var_1F4]
lea edx, [ebp+var_1F0]
call sub_404ED8
mov edx, [ebp+var_1F0]
mov eax, offset dword_408F00
call sub_403B6C
loc_4060EC: ; CODE XREF: sub_405074+1028�j
lea ecx, [ebp+var_200]
mov eax, ds:off_407E28
mov edx, 16h
call sub_4045B8
mov eax, [ebp+var_200]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_1FC]
call sub_403C38
mov edx, [ebp+var_1FC]
mov eax, ds:dword_408F00
call sub_403DD8
jnz short loc_40613B
mov eax, offset dword_408F00
mov edx, ds:dword_409268
call sub_403B6C
loc_40613B: ; CODE XREF: sub_405074+10B5�j
lea ecx, [ebp+var_208]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_208]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_204]
call sub_403C38
mov edx, [ebp+var_204]
mov eax, ds:dword_408F04
call sub_403DD8
jz short loc_4061B7
mov eax, ds:dword_409088
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_210]
call sub_403C38
mov edx, [ebp+var_210]
lea ecx, [ebp+var_20C]
mov eax, ds:dword_4086DC
call sub_40476C
mov edx, [ebp+var_20C]
mov eax, offset dword_4086DC
call sub_403B6C
loc_4061B7: ; CODE XREF: sub_405074+1104�j
lea ecx, [ebp+var_218]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_218]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_214]
call sub_403C38
mov edx, [ebp+var_214]
mov eax, ds:dword_408F08
call sub_403DD8
jz short loc_406218
mov eax, ds:dword_4086DC
push eax
lea eax, [ebp+var_21C]
push eax
call sub_404658
mov edx, [ebp+var_21C]
mov eax, offset dword_4086DC
call sub_403B6C
loc_406218: ; CODE XREF: sub_405074+1180�j
push ds:dword_408F00
lea ecx, [ebp+var_224]
mov eax, ds:off_407DD8
mov edx, 15h
call sub_4045B8
mov eax, [ebp+var_224]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_220]
call sub_403C38
push [ebp+var_220]
call GetTickCount ; GetTickCount
lea edx, [ebp+var_228]
call sub_404924
push [ebp+var_228]
lea ecx, [ebp+var_230]
mov eax, ds:off_407DEC
mov edx, 21h
call sub_4045B8
mov eax, [ebp+var_230]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_22C]
call sub_403C38
push [ebp+var_22C]
mov eax, offset dword_408F00
mov edx, 4
call sub_403D4C
mov edx, ds:dword_408F00
mov eax, offset dword_408F30
call sub_402E3C
mov edx, ds:dword_40907C
mov eax, offset dword_408F30
call sub_403110
call sub_402910
call sub_40294C
cmp eax, ds:hWnd
jnz short loc_40631D
push 0
mov eax, offset dword_4086DC
call sub_403EDC
mov edx, ds:dword_40907C
lea eax, [eax+edx-1]
push eax
mov eax, ds:dword_4086DC
call sub_403C8C
mov ecx, eax
mov eax, offset dword_408F30
pop edx
call sub_402F38
call sub_402910
mov eax, offset dword_408F30
call sub_402F58
call sub_402910
loc_40631D: ; CODE XREF: sub_405074+1265�j
xor eax, eax
push ebp
push offset loc_40637A
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, ds:dword_40907C
push eax
push 0
push 0
mov eax, ds:dword_408F00
call sub_403E8C
push eax
lea ecx, [ebp+var_234]
mov eax, ds:off_407E5C
mov edx, 1Bh
call sub_4045B8
mov eax, [ebp+var_234]
call sub_403E8C
push eax
mov eax, ds:hWnd
push eax
mov eax, ds:off_407DE0
mov eax, [eax]
call eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_406384
; ---------------------------------------------------------------------------
loc_40637A: ; DATA XREF: sub_405074+12AC�o
jmp loc_403460
; ---------------------------------------------------------------------------
call sub_403618
loc_406384: ; CODE XREF: sub_405074+E92�j
; sub_405074+1304�j
lea ecx, [ebp+var_23C]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_23C]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_238]
call sub_403C38
mov edx, [ebp+var_238]
mov eax, ds:dword_408F00
call sub_403DD8
jnz loc_406532
lea ecx, [ebp+var_244]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_244]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_240]
call sub_403C38
mov edx, [ebp+var_240]
mov eax, ds:dword_408F04
call sub_403DD8
jz short loc_406443
mov eax, ds:dword_409088
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_24C]
call sub_403C38
mov edx, [ebp+var_24C]
lea ecx, [ebp+var_248]
mov eax, ds:dword_4086DC
call sub_40476C
mov edx, [ebp+var_248]
mov eax, offset dword_4086DC
call sub_403B6C
loc_406443: ; CODE XREF: sub_405074+1390�j
lea ecx, [ebp+var_254]
mov eax, ds:off_407E84
mov edx, 1Ah
call sub_4045B8
mov eax, [ebp+var_254]
call sub_403E8C
mov edx, eax
lea eax, [ebp+var_250]
call sub_403C38
mov edx, [ebp+var_250]
mov eax, ds:dword_408F08
call sub_403DD8
jz short loc_4064A4
mov eax, ds:dword_4086DC
push eax
lea eax, [ebp+var_258]
push eax
call sub_404658
mov edx, [ebp+var_258]
mov eax, offset dword_4086DC
call sub_403B6C
loc_4064A4: ; CODE XREF: sub_405074+140C�j
mov eax, ds:dword_4086DC
call sub_403C8C
call sub_40280C
mov ds:dword_408AF4, eax
mov eax, offset dword_4086DC
call sub_403EDC
mov edx, ds:dword_40907C
lea eax, [eax+edx-1]
push eax
mov eax, ds:dword_4086DC
call sub_403C8C
mov ecx, eax
mov edx, ds:dword_408AF4
pop eax
call sub_40296C
xor eax, eax
push ebp
push offset loc_40652B
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_25C]
mov eax, ds:hWnd
call sub_402B10
mov edx, [ebp+var_25C]
mov eax, ds:dword_408AF4
call sub_404A60
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_406532
loc_406520: ; CODE XREF: sub_405074+14BC�j
mov eax, ds:dword_408AF4
call sub_40283C
retn
; ---------------------------------------------------------------------------
loc_40652B: ; DATA XREF: sub_405074+1474�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp short loc_406520
; ---------------------------------------------------------------------------
loc_406532: ; CODE XREF: sub_405074+134D�j
; sub_405074+14B6�j
; DATA XREF: ...
inc ds:dword_40908C
cmp ds:dword_40908C, 0Bh
jnz loc_405A23
loc_406545: ; CODE XREF: sub_405074+A46�j
; sub_405074+DAE�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_406795
loc_406552: ; CODE XREF: sub_405074+171C�j
lea eax, [ebp+var_25C]
mov edx, 51h
call sub_403B3C
lea eax, [ebp+var_118]
call sub_403F78
lea eax, [ebp+var_114]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_10C]
call sub_403F78
lea eax, [ebp+var_108]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_100]
call sub_403F78
lea eax, [ebp+var_FC]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_F4]
call sub_403F78
lea eax, [ebp+var_F0]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_E8]
call sub_403F78
lea eax, [ebp+var_E4]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_DC]
call sub_403F78
lea eax, [ebp+var_D8]
call sub_403B18
lea eax, [ebp+var_D0]
call sub_403F78
lea eax, [ebp+var_CC]
call sub_403B18
lea eax, [ebp+var_D4]
call sub_403B18
lea eax, [ebp+var_C8]
call sub_403B18
lea eax, [ebp+var_C4]
call sub_403F78
lea eax, [ebp+var_C0]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_B8]
call sub_403F78
lea eax, [ebp+var_B4]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_AC]
call sub_403F78
lea eax, [ebp+var_A8]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_A0]
call sub_403F78
lea eax, [ebp+var_9C]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_94]
call sub_403F78
lea eax, [ebp+var_90]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_88]
call sub_403F78
lea eax, [ebp+var_84]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_7C]
call sub_403F78
lea eax, [ebp+var_78]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_70]
call sub_403F78
lea eax, [ebp+var_6C]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_64]
call sub_403F78
lea eax, [ebp+var_60]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_58]
call sub_403F78
lea eax, [ebp+var_54]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_4C]
call sub_403F78
lea eax, [ebp+var_48]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_40]
call sub_403F78
lea eax, [ebp+var_3C]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_34]
call sub_403F78
lea eax, [ebp+var_30]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_28]
call sub_403F78
lea eax, [ebp+var_24]
mov edx, 2
call sub_403B3C
lea eax, [ebp+var_1C]
call sub_403F78
lea eax, [ebp+var_18]
mov edx, 2
call sub_403B3C
retn
; ---------------------------------------------------------------------------
loc_40678B: ; DATA XREF: sub_405074+26�o
jmp loc_40358C
; ---------------------------------------------------------------------------
jmp loc_406552
; ---------------------------------------------------------------------------
loc_406795: ; CODE XREF: sub_405074+1716�j
; DATA XREF: sub_405074+14D9�o
pop edi
pop esi
pop ebx
call sub_403A20
sub_405074 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 3
dword_4067A8 dd 6C696Eh, 0FFFFFFFFh, 1dword_4067B4 dd 45h, 0FFFFFFFFh, 1dword_4067C0 dd 51h, 0FFFFFFFFh, 1dword_4067CC dd 52h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
push offset sub_405074
retn
start endp
; ---------------------------------------------------------------------------
align 40h
CODE ends
; Section 2. (virtual address 00007000)
; Virtual size : 00000E88 ( 3720.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00005C00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 407000h
; UINT uExitCode
uExitCode dd 0 ; DATA XREF: sub_403908+A�r
; sub_403964+2�w ...
dword_407004 dd 0 ; sub_403908+37�r ...
dword_407008 dd 0 ; sub_402FEC+E�w
byte_40700C db 2 ; DATA XREF: sub_403030+4E�r
; sub_404274+D�w
db 8Dh, 40h, 0
word_407010 dw 1332h ; DATA XREF: sub_403294+6�r
; sub_403294:loc_40330C�r ...
dw 0C08Bh
byte_407014 db 0 ; DATA XREF: sub_403370�r sub_40338C�r ...
db 8Dh, 40h, 0
byte_407018 db 0 ; DATA XREF: sub_4037E8-336�r
; sub_4037E8:loc_4034ED�r
db 8Dh, 40h, 0
byte_40701C db 0 ; DATA XREF: sub_403994:loc_4039F5�r
db 8Dh, 40h, 0
byte_407020 db 1 ; DATA XREF: sub_402E3C+25�r
db 8Dh, 40h, 0
dword_407024 dd 0 dword_407028 dd 0 off_40702C dd offset sub_4021B8 ; DATA XREF: sub_40280C+A�r
; sub_40285C+3F�r
off_407030 dd offset sub_402364 ; DATA XREF: sub_40283C+5�r
; sub_40285C+26�r
off_407034 dd offset sub_402740 ; DATA XREF: sub_40285C+D�r
byte_407038 db 0 ; DATA XREF: sub_4028B8+36�r
aRsu db 'клхивохмншьзыйэщчъЮАЦ',0
aFxn@ db 'ДЕ█@',0
dword_407054 dd 3 dd 0
dd 1, 2, 3, 3 dup(0)
; char Caption[]
Caption db 'Error',0 ; DATA XREF: sub_403994+6C�o
dw 0C08Bh
; char Text[]
Text db 'Runtime error at 00000000',0 ; DATA XREF: sub_403908+3�o
; sub_403994+32�o ...
dw 0C08Bh
byte_40709C db 30h ; DATA XREF: sub_403908+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
; DWORD TlsIndex
TlsIndex dd 0FFFFFFFFh ; DATA XREF: sub_404388+D�r
; sub_404388+40�r ...
dword_4070B0 dd 0 ; sub_404424+33�o
dword_4070B4 dd 0 dword_4070B8 dd 0 dword_4070BC dd 0 dd 2 dup(0)
dword_4070C8 dd 1010146h, 17h dup(1010101h), 16E0169h, 1520164h, 1730165h
; DATA XREF: DATA:off_407DF0�o
dd 175016Fh, 1630172h, 410165h
dword_407140 dd 1010153h, 17h dup(1010101h), 17A0169h, 16F0165h, 1520166h
; DATA XREF: DATA:off_407E54�o
dd 1730165h, 175016Fh, 1630172h, 0C08B0065h
dword_4071BC dd 101014Ch, 12h dup(1010101h), 1016F01h, 4 dup(1010101h)
; DATA XREF: DATA:off_407E4C�o
dd 1610101h, 1520164h, 1730165h, 175016Fh, 1630172h, 0C08B0065h
dword_407234 dd 101014Ch, 12h dup(1010101h), 1016F01h, 4 dup(1010101h)
; DATA XREF: DATA:off_407E50�o
dd 1630101h, 152016Bh, 1730165h, 175016Fh, 1630172h, 0C08B0065h
dword_4072AC dd 1010146h, 12h dup(1010101h), 1017201h, 4 dup(1010101h)
; DATA XREF: DATA:off_407E70�o
dd 1010165h, 1520165h, 1730165h, 175016Fh, 1630172h, 0C08B0065h
dword_407324 dd 101016Eh, 12h dup(1010101h), 1010174h, 4 dup(1010101h)
; DATA XREF: DATA:off_407DF8�o
dd 1640101h, 16C016Ch, 164012Eh, 6C016Ch
dword_407394 dd 101015Ah, 18h dup(1010101h), 1770101h, 16E0155h, 161016Dh
; DATA XREF: DATA:off_407E14�o
dd 1560170h, 65016901h, 4F017701h, 53016601h, 63016501h
dd 69017401h, 6E016F01h, 0C08B0001h
dword_407424 dd 1010156h, 0Dh dup(1010101h), 1010169h, 0Bh dup(1010101h)
; DATA XREF: DATA:off_407E48�o
dd 1740172h, 1610175h, 141016Ch, 6C016C01h, 63016F01h
dd 78014501h, 0C08B0001h
dword_4074A8 dd 1010156h, 0Fh dup(1010101h), 1690101h, 8 dup(1010101h)
; DATA XREF: DATA:off_407E58�o
dd 72010101h, 1740101h, 1610175h, 150016Ch, 6F017201h
dd 65017401h, 74016301h, 78014501h, 0C08B0001h
dword_407530 dd 1010157h, 18h dup(1010101h), 1017201h, 74010169h, 50016501h
; DATA XREF: DATA:off_407E00�o
dd 6F017201h, 1630101h, 1730165h, 14D0173h, 16D0165h, 172016Fh
dd 90000179h
dword_4075BC dd 1010152h, 17h dup(1010101h), 1650101h, 1610101h, 1640101h
; DATA XREF: DATA:off_407E6C�o
dd 1720150h, 163016Fh, 73016501h, 4D017301h, 6D016501h
dd 72016F01h, 17901h
dword_407644 dd 1010147h, 0Fh dup(1010101h), 65010101h, 8 dup(1010101h)
; DATA XREF: DATA:off_407E30�o
dd 1740101h, 1015401h, 1720168h, 1610165h, 1430164h, 16E016Fh
dd 1650174h, 1740178h, 0C08B0001h
dword_4076CC dd 1010153h, 0Fh dup(1010101h), 65010101h, 8 dup(1010101h)
; DATA XREF: DATA:off_407D9C�o
dd 1010174h, 1010154h, 1720168h, 1610165h, 1430164h, 16E016Fh
dd 1650174h, 74010178h, 0C08B0001h
dword_407754 dd 1010143h, 0Fh dup(1010101h), 72010101h, 8 dup(1010101h)
; DATA XREF: DATA:off_407E18�o
dd 1010165h, 1010161h, 1650174h, 1720150h, 163016Fh, 1730165h
dd 41010173h, 0C08B0001h
dword_4077D8 dd 1010152h, 10h dup(1010101h), 1730165h, 7 dup(1010101h)
; DATA XREF: DATA:off_407DF4�o
dd 75010101h, 6D010101h, 65010101h, 68015401h, 65017201h
dd 64016101h, 90000101h
dword_407858 dd 1010154h, 10h dup(1010101h), 1010165h, 7 dup(1010101h)
; DATA XREF: DATA:off_407D98�o
dd 6D017201h, 1010101h, 6E010169h, 74016101h, 50016501h
dd 6F017201h, 1630101h, 1730165h, 90000173h
dword_4078E0 dd 1010146h, 0Fh dup(1010101h), 72010101h, 1650101h, 7 dup(1010101h)
; DATA XREF: DATA:off_407DCC�o
dd 65010101h, 1014C01h, 1690101h, 72016201h, 72016101h
dd 1017901h, 408D00h
dword_407960 dd 101016Bh, 14h dup(1010101h), 1650101h, 16E0172h, 2 dup(1010101h)
; DATA XREF: DATA:off_407DA0�o
dd 1650101h, 1016C01h, 1320133h, 164012Eh, 6C016Ch
dword_4079D8 dd 1010153h, 4 dup(1010101h), 16F0101h, 1010101h, 1740166h
; DATA XREF: DATA:off_407DC0�o
dd 1610177h, 650172h
dword_407A00 dd 101014Dh, 6 dup(1010101h), 1650101h, 1730173h, 1670161h
; DATA XREF: DATA:off_407E20�o
dd 1420165h, 178016Fh, 0C08B0041h
dword_407A34 dd 1010145h, 6 dup(1010101h), 1780101h, 1740169h, 1720150h
; DATA XREF: DATA:off_407DFC�o
dd 163016Fh, 1730165h, 0C08B0073h
dword_407A68 dd 1010149h, 4 dup(1010101h), 16E0101h, 66010101h, 90006F01h
; DATA XREF: DATA:off_407E60�o
dword_407A88 dd 101004Ch, 4 dup(1010101h), 0C08B0101hdword_407AA0 dd 1010058h, 4 dup(1010101h), 0C08B0101hdword_407AB8 dd 1010143h, 4 dup(1010101h), 90000101hdword_407AD0 dd 101014Fh, 5 dup(1010101h), 90000101hdword_407AEC dd 101016Fh, 1017001h, 4 dup(1010101h), 6E0165h
; DATA XREF: DATA:off_407E5C�o
dword_407B08 dd 101015Ch, 4 dup(1010101h), 0C08B0001hdword_407B20 dd 1010153h, 6 dup(1010101h), 1650168h, 16C016Ch, 1780145h
; DATA XREF: DATA:off_407E24�o
dd 1630165h, 1740175h, 410165h
dword_407B54 dd 1010173h, 6 dup(1010101h), 1650168h, 16C016Ch, 1320133h
; DATA XREF: DATA:off_407E64�o
dd 164012Eh, 6C016Ch
dword_407B84 dd 101012Eh, 6 dup(1010101h), 1780165h, 0C08B0065h
; DATA XREF: DATA:off_407DEC�o
dword_407BA8 dd 1010153h, 6 dup(1010101h), 1730179h, 1650174h, 152016Dh
; DATA XREF: DATA:off_407E78�o
dd 16F016Fh, 0C08B0074h
dword_407BD8 dd 101015Ch, 6 dup(1010101h), 1790153h, 1740173h, 16D0165h
; DATA XREF: DATA:off_407DE4�o
dd 320133h
dword_407C04 dd 1010154h, 6 dup(1010101h), 14D0145h, 0C08B0050h
; DATA XREF: DATA:off_407D88�o
dword_407C28 dd 1010157h, 4 dup(1010101h), 69010101h, 64016E01h, 77016F01h
; DATA XREF: DATA:off_407E34�o
dd 90007301h
dword_407C4C dd 1010153h, 4 dup(1010101h), 73010179h, 65017401h, 90006D01h
; DATA XREF: DATA:off_407D90�o
dword_407C6C dd 1010154h, 5 dup(1010101h), 1650101h, 70016Dh
; DATA XREF: DATA:off_407E68�o
dword_407C8C dd 1010147h, 3 dup(1010101h), 1650101h, 1450174h, 176016Eh
; DATA XREF: DATA:off_407E74�o
dd 1720169h, 16E016Fh, 165016Dh, 174016Eh, 1610156h, 1690172h
dd 1620161h, 165016Ch, 0C08B0041h
dword_407CCC dd 101014Fh, 3 dup(1010101h), 1700101h, 16E0165h, 1720150h
; DATA XREF: DATA:off_407DC4�o
dd 163016Fh, 1730165h, 0C08B0073h
dword_407CF4 dd 1010152h, 1010101h, 1010165h, 1010101h, 1670101h, 170014Fh
; DATA XREF: DATA:off_407E44�o
dd 16E0165h, 165014Bh, 410179h
dword_407D18 dd 1010161h, 1640101h, 2 dup(1010101h), 1017601h, 1700161h
; DATA XREF: DATA:off_407E1C�o
dd 1330169h, 0C08B0032h
dword_407D38 dd 1010141h, 70017001h, 1010101h, 1440101h, 74016101h
; DATA XREF: DATA:off_407E28�o
dd 90006101h
dword_407D50 dd 101012Eh, 1740101h, 1010178h, 74010101h, 0C08B0001h
; DATA XREF: DATA:off_407D84�o
dword_407D64 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_407D84 dd offset dword_407D50 ; DATA XREF: sub_405074+D54�r
; sub_405074+DF9�r
off_407D88 dd offset dword_407C04 ; DATA XREF: sub_405074+1030�r
off_407D8C dd offset dword_4086BC ; DATA XREF: sub_405074+748�r
; sub_405074+895�r
off_407D90 dd offset dword_407C4C ; DATA XREF: sub_405074+F2B�r
off_407D94 dd offset dword_408684 ; DATA XREF: sub_405074+2F8�r
; sub_405074+879�r ...
off_407D98 dd offset dword_407858 ; DATA XREF: sub_405074+5DA�r
off_407D9C dd offset dword_4076CC ; DATA XREF: sub_405074+4BD�r
off_407DA0 dd offset dword_407960 ; DATA XREF: sub_405074+1D�r
off_407DA4 dd offset dword_4086C0 ; DATA XREF: sub_405074+86B�r
; sub_405074+8D6�r
off_407DA8 dd offset dword_408674 ; DATA XREF: sub_405074+211�r
off_407DAC dd offset dword_408678 ; DATA XREF: sub_405074+25E�r
off_407DB0 dd offset dword_408670 ; DATA XREF: sub_405074+1C4�r
off_407DB4 dd offset dword_4086A4 ; DATA XREF: sub_404A60+2A1�r
; sub_405074+5CC�r
off_407DB8 dd offset dword_4086B0 ; DATA XREF: sub_405074+6E9�r
off_407DBC dd offset dword_408680 ; DATA XREF: sub_404A60+16C�r
; sub_404A60+1CE�r ...
off_407DC0 dd offset dword_4079D8 ; DATA XREF: sub_405074+56�r
; sub_405074+8B6�r
off_407DC4 dd offset dword_407CCC ; DATA XREF: sub_405074+6F7�r
off_407DC8 dd offset dword_408690 ; DATA XREF: sub_404A38+2�r
; sub_405074+12A�r
off_407DCC dd offset dword_4078E0 ; DATA XREF: sub_405074+2B6�r
off_407DD0 dd offset dword_40867C ; DATA XREF: sub_405074+2AB�r
off_407DD4 dd offset dword_4086A0 ; DATA XREF: sub_404A60+84�r
; sub_405074+56D�r
off_407DD8 dd offset dword_407B08 ; DATA XREF: sub_405074+D1B�r
; sub_405074+DC0�r ...
off_407DDC dd offset dword_4086AC ; DATA XREF: sub_405074+68A�r
off_407DE0 dd offset dword_4086B4 ; DATA XREF: sub_405074+809�r
; sub_405074+12F3�r
off_407DE4 dd offset dword_407BD8 ; DATA XREF: sub_405074+F6E�r
off_407DE8 dd offset dword_408698 ; DATA XREF: sub_404A60+BC�r
; sub_405074+4AF�r
off_407DEC dd offset dword_407B84 ; DATA XREF: sub_405074+11F9�r
off_407DF0 dd offset dword_4070C8 ; DATA XREF: sub_405074+135�r
off_407DF4 dd offset dword_4077D8 ; DATA XREF: sub_405074+57B�r
off_407DF8 dd offset dword_407324 ; DATA XREF: sub_405074+100�r
off_407DFC dd offset dword_407A34 ; DATA XREF: sub_405074+698�r
off_407E00 dd offset dword_407530 ; DATA XREF: sub_405074+3A0�r
off_407E04 dd offset dword_407A88 ; DATA XREF: sub_405074+9C9�r
off_407E08 dd offset dword_408688 ; DATA XREF: sub_404A60+142�r
; sub_405074+345�r
off_407E0C dd offset dword_407AB8 ; DATA XREF: sub_405074+A7E�r
off_407E10 dd offset dword_40868C ; DATA XREF: sub_404A60+203�r
; sub_405074+392�r
off_407E14 dd offset dword_407394 ; DATA XREF: sub_405074+E5�r
off_407E18 dd offset dword_407754 ; DATA XREF: sub_405074+51C�r
off_407E1C dd offset dword_407D18 ; DATA XREF: sub_405074+838�r
off_407E20 dd offset dword_407A00 ; DATA XREF: sub_405074+639�r
off_407E24 dd offset dword_407B20 ; DATA XREF: sub_405074+7B5�r
off_407E28 dd offset dword_407D38 ; DATA XREF: sub_405074+C84�r
; sub_405074+107E�r
off_407E2C dd offset dword_40866C ; DATA XREF: sub_405074+177�r
off_407E30 dd offset dword_407644 ; DATA XREF: sub_405074+45E�r
off_407E34 dd offset dword_407C28 ; DATA XREF: sub_405074+E9E�r
off_407E38 dd offset dword_408694 ; DATA XREF: sub_404A60+F4�r
; sub_405074+450�r
off_407E3C dd offset dword_407AA0 ; DATA XREF: sub_405074+8F2�r
off_407E40 dd offset dword_4086B8 ; DATA XREF: sub_404ED8+58�r
; sub_405074+7A7�r
off_407E44 dd offset dword_407CF4 ; DATA XREF: sub_405074+817�r
off_407E48 dd offset dword_407424 ; DATA XREF: sub_405074+303�r
off_407E4C dd offset dword_4071BC ; DATA XREF: sub_405074+1CF�r
off_407E50 dd offset dword_407234 ; DATA XREF: sub_405074+21C�r
off_407E54 dd offset dword_407140 ; DATA XREF: sub_405074+182�r
off_407E58 dd offset dword_4074A8 ; DATA XREF: sub_405074+350�r
off_407E5C dd offset dword_407AEC ; DATA XREF: sub_405074+12D2�r
off_407E60 dd offset dword_407A68 ; DATA XREF: sub_405074+943�r
off_407E64 dd offset dword_407B54 ; DATA XREF: sub_405074+7D6�r
off_407E68 dd offset dword_407C6C ; DATA XREF: sub_405074+FF1�r
off_407E6C dd offset dword_4075BC ; DATA XREF: sub_405074+3FF�r
off_407E70 dd offset dword_4072AC ; DATA XREF: sub_405074+269�r
off_407E74 dd offset dword_407C8C ; DATA XREF: sub_405074+756�r
off_407E78 dd offset dword_407BA8 ; DATA XREF: sub_405074+EDD�r
; sub_405074+FA2�r
off_407E7C dd offset dword_4086A8 ; DATA XREF: sub_404A60+292�r
; sub_405074+62B�r
off_407E80 dd offset dword_40869C ; DATA XREF: sub_404A60+265�r
; sub_405074+50E�r
off_407E84 dd offset dword_407AD0 ; DATA XREF: sub_405074+CD2�r
; sub_405074+E5B�r ...
align 200h
DATA ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001271 ( 4721.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00006C00
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 408000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
dword_408000 dd ? dword_408004 dd ? dword_408008 dd ? ; sub_4028B8+16�r
dword_40800C dd ? ; CODE:00403758�r
dword_408010 dd ? ; sub_40338C+16�r ...
dword_408014 dd ? ; CODE:00403740�r ...
dword_408018 dd ? ; sub_403A20+B7�r
dword_40801C dd ? dword_408020 dd ? byte_408024 db ? ; DATA XREF: sub_4038C8+33�w
align 4
dword_408028 dd ? dword_40802C dd ? dword_408030 dd ? byte_408034 db ? ; DATA XREF: sub_403994+1�r
byte_408035 db ? ; DATA XREF: sub_40195C+1C�r
; sub_40195C:loc_401A10�r ...
byte_408036 db ? ; DATA XREF: sub_404274+28�w
align 4
dword_408038 dd ? ; sub_404220+19�o
word_40803C dw ? ; DATA XREF: sub_404274+4C�w
align 10h
dd 71h dup(?)
dword_408204 dd ? ; sub_404220+23�o
word_408208 dw ? ; DATA XREF: sub_403994+A�r
; sub_404274+55�w
align 10h
dword_408210 dd ? align 10h
dword_408220 dd ? dd 6Bh dup(?)
dword_4083D0 dd ? ; sub_404220+2D�o
word_4083D4 dw ? ; DATA XREF: sub_404274+5E�w
align 4
dd 71h dup(?)
dword_40859C dd ? ; sub_402070+C3�w ...
dword_4085A0 dd ? ; sub_402070+CC�w ...
dword_4085A4 dd ? ; sub_404274�w
; UINT CodePage
CodePage dd ? ; DATA XREF: sub_403C0C+C�r
; sub_404274+9C�w ...
byte_4085AC db ? ; DATA XREF: sub_40195C+A0�w
; sub_40195C:loc_401A2B�r ...
align 10h
dword_4085B0 dd ? ; sub_401620+99�w ...
; struct _RTL_CRITICAL_SECTION CriticalSection
CriticalSection _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_40195C+12�o
; sub_40195C+25�o ...
dword_4085CC dd ? ; sub_401154+3C�w ...
dword_4085D0 dd ? ; sub_40123C+22�r ...
dword_4085D4 dd ? ; sub_401420+51�o ...
dd 3 dup(?)
dword_4085E4 dd 4 dup(?) ; sub_401784+12�o ...
dword_4085F4 dd ? dword_4085F8 dd ? align 10h
dword_408600 dd ? ; sub_401B34+4�r ...
dword_408604 dd ? dword_408608 dd ? ; sub_401F00+2E�r ...
; HLOCAL hMem
hMem dd ? ; DATA XREF: sub_40195C+59�w
; sub_40195C+5E�r ...
dword_408610 dd ? ; sub_401A34+90�o ...
align 10h
dword_408620 dd ? ; sub_403858+9�o ...
dword_408624 dd ? ; sub_4037C0+2�r
dword_408628 dd ? dword_40862C dd ? dword_408630 dd ? dd 6 dup(?)
byte_40864C db ? ; DATA XREF: sub_4043D8�r
align 10h
dword_408650 dd ? ; sub_404424+16�r ...
dword_408654 dd ? ; CODE:loc_404498�w
dword_408658 dd ? dword_40865C dd ? ; sub_4044D0�w
dword_408660 dd ? ; sub_404538�w
dword_408664 dd ? ; sub_404570�w
dword_408668 dd ? ; sub_4045A8�w
dword_40866C dd ? ; DATA:off_407E2C�o
dword_408670 dd ? ; DATA:off_407DB0�o
dword_408674 dd ? ; DATA:off_407DA8�o
dword_408678 dd ? ; DATA:off_407DAC�o
dword_40867C dd ? ; DATA:off_407DD0�o
dword_408680 dd ? dword_408684 dd ? dword_408688 dd ? dword_40868C dd ? dword_408690 dd ? dword_408694 dd ? dword_408698 dd ? dword_40869C dd ? dword_4086A0 dd ? dword_4086A4 dd ? dword_4086A8 dd ? dword_4086AC dd ? dword_4086B0 dd ? dword_4086B4 dd ? dword_4086B8 dd ? dword_4086BC dd ? dword_4086C0 dd ? dword_4086C4 dd ? ; sub_404A28�w
dword_4086C8 dd ? ; sub_404D6C�w
dword_4086CC dd ? ; sub_404DA4�w
dword_4086D0 dd ? ; sub_404DDC�w
dword_4086D4 dd ? ; sub_404E14�w
dword_4086D8 dd ? ; sub_404E6C�w
dword_4086DC dd ? ; sub_405074+A2F�o ...
dword_4086E0 dd ? dword_4086E4 dd 43h dup(?) db 2 dup(?)
byte_4087F2 db ? ; DATA XREF: sub_405074+932�r
align 4
dd 7Fh dup(?)
db 3 dup(?)
byte_4089F3 db ? ; DATA XREF: sub_405074+964�o
dd 40h dup(?)
dword_408AF4 dd ? ; sub_405074+A3F�r ...
dword_408AF8 dd ? ; sub_405074+922�r
dword_408AFC dd ? ; sub_405074+927�r
dword_408B00 dd 40h dup(?) ; sub_405074+AFF�o
dword_408C00 dd 40h dup(?) ; sub_405074+B76�o
dword_408D00 dd 40h dup(?) ; sub_405074+BED�o
dword_408E00 dd 40h dup(?) ; sub_405074+C64�o
dword_408F00 dd ? ; sub_405074+E88�r ...
dword_408F04 dd ? ; sub_405074+10FA�r ...
dword_408F08 dd ? ; sub_405074+1176�r ...
dword_408F0C dd ? ; sub_405074+CFF�r ...
dword_408F10 dd ? ; sub_405074+AE9�r
dword_408F14 dd ? ; sub_405074+B60�r
dword_408F18 dd ? ; sub_405074+BD7�r
dword_408F1C dd ? ; sub_405074+C4E�r
dword_408F20 dd ? ; sub_405074+BDC�r
dword_408F24 dd ? ; sub_405074+C53�r
dword_408F28 dd ? ; sub_405074+B65�r
dword_408F2C dd ? ; sub_405074+AEE�r
dword_408F30 dd 53h dup(?) ; sub_405074+124B�o ...
dword_40907C dd ? ; sub_405074+A56�r ...
; HWND hWnd
hWnd dd ? ; DATA XREF: sub_405074+D3�w
; sub_405074+97A�r ...
dword_409084 dd ? ; sub_405074+A20�o ...
dword_409088 dd ? ; sub_405074+1106�r ...
dword_40908C dd ? ; sub_405074+9FD�r ...
; HKEY phkResult
phkResult dd ? ; DATA XREF: sub_405074:loc_4050C2�o
; sub_405074:loc_40591F�o
dword_409094 dd ? ; sub_405074+B3�o
dword_409098 dd ? dword_40909C dd 73h dup(?) ; sub_405074+E46�o
dword_409268 dd ? ; sub_405074+D0F�r ...
byte_40926C db ? ; DATA XREF: sub_405074+DA0�w
; sub_405074:loc_405E1B�r
align 200h
BSS ends
;
; Imports from kernel32.dll
;
; Section 4. (virtual address 0000A000)
; Virtual size : 000005FC ( 1532.)
; Section size in file : 00000600 ( 1536.)
; Offset to raw data for section: 00006C00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Externs
; _idata
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_DeleteCriticalSection:dword ; DATA XREF: DeleteCriticalSection�r
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_LeaveCriticalSection:dword ; DATA XREF: LeaveCriticalSection�r
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_EnterCriticalSection:dword ; DATA XREF: EnterCriticalSection�r
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_InitializeCriticalSection:dword
; DATA XREF: InitializeCriticalSection�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn __imp_VirtualFree:dword ; DATA XREF: VirtualFree�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn __imp_VirtualAlloc:dword ; DATA XREF: VirtualAlloc�r
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn __imp_LocalFree:dword ; DATA XREF: LocalFree�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; DWORD __stdcall GetVersion()
extrn __imp_GetVersion:dword ; DATA XREF: GetVersion�r
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn __imp_MultiByteToWideChar:dword ; DATA XREF: MultiByteToWideChar�r
; LCID __stdcall GetThreadLocale()
extrn __imp_GetThreadLocale:dword ; DATA XREF: GetThreadLocale�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn __imp_GetStartupInfoA:dword ; DATA XREF: GetStartupInfoA�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
extrn __imp_GetLocaleInfoA:dword ; DATA XREF: GetLocaleInfoA�r
; DWORD __stdcall GetLastError()
extrn __imp_GetLastError:dword ; DATA XREF: GetLastError�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn __imp_FreeLibrary:dword ; DATA XREF: FreeLibrary�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn __imp_WriteFile:dword ; DATA XREF: WriteFile�r
; CODE:loc_402EA4�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn __imp_UnhandledExceptionFilter:dword
; DATA XREF: UnhandledExceptionFilter�r
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn __imp_SetFilePointer:dword ; DATA XREF: SetFilePointer�r
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn __imp_SetEndOfFile:dword ; DATA XREF: SetEndOfFile�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn __imp_ReadFile:dword ; DATA XREF: ReadFile�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn __imp_RaiseException:dword ; DATA XREF: RaiseException�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn __imp_GetStdHandle:dword ; DATA XREF: GetStdHandle�r
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn __imp_GetFileSize:dword ; DATA XREF: GetFileSize�r
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn __imp_GetFileType:dword ; DATA XREF: GetFileType�r
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn __imp_CreateFileA:dword ; DATA XREF: CreateFileA�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn __imp_CloseHandle:dword ; DATA XREF: CloseHandle�r
;
; Imports from user32.dll
;
; int __stdcall GetKeyboardType(int nTypeFlag)
extrn __imp_GetKeyboardType:dword ; DATA XREF: GetKeyboardType�r
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxA�r
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn __imp_CharNextA:dword ; DATA XREF: CharNextA�r
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn __imp_RegQueryValueExA:dword ; DATA XREF: RegQueryValueExA�r
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn __imp_RegOpenKeyExA:dword ; DATA XREF: RegOpenKeyExA�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn __imp_RegCloseKey:dword ; DATA XREF: RegCloseKey�r
;
; Imports from oleaut32.dll
;
; void __stdcall SysFreeString(BSTR bstrString)
extrn __imp_SysFreeString:dword ; DATA XREF: SysFreeString�r
; BSTR __stdcall SysAllocStringLen(const OLECHAR *strIn, UINT ui)
extrn __imp_SysAllocStringLen:dword ; DATA XREF: SysAllocStringLen�r
;
; Imports from kernel32.dll
;
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
extrn __imp_TlsSetValue:dword ; DATA XREF: TlsSetValue�r
; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
extrn __imp_TlsGetValue:dword ; DATA XREF: TlsGetValue�r
; HLOCAL __stdcall LocalAlloc_0(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc_0:dword ; DATA XREF: LocalAlloc_0�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
extrn __imp_RegOpenKeyA:dword ; DATA XREF: RegOpenKeyA�r
;
; Imports from kernel32.dll
;
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
extrn __imp_OpenProcess:dword ; DATA XREF: OpenProcess�r
; DWORD __stdcall GetTickCount()
extrn __imp_GetTickCount:dword ; DATA XREF: GetTickCount�r
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn __imp_GetFileAttributesA:dword ; DATA XREF: GetFileAttributesA�r
; void __stdcall ExitProcess_0(UINT uExitCode)
extrn __imp_ExitProcess_0:dword ; DATA XREF: ExitProcess_0�r
;
; Imports from user32.dll
;
; int __stdcall MessageBoxA_0(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn __imp_MessageBoxA_0:dword ; DATA XREF: MessageBoxA_0�r
;
; Imports from ntdll.dll
;
extrn __imp_RtlDecompressBuffer:dword ; DATA XREF: RtlDecompressBuffer�r
;
; Imports from ntdll.dll
;
extrn __imp_RtlInitUnicodeString:dword ; DATA XREF: RtlInitUnicodeString�r
extrn __imp_RtlInitString:dword ; DATA XREF: RtlInitString�r
extrn __imp_LdrLoadDll:dword ; DATA XREF: LdrLoadDll�r
extrn __imp_LdrGetProcedureAddress:dword
; DATA XREF: LdrGetProcedureAddress�r
; Section 5. (virtual address 0000B000)
; Virtual size : 00000008 ( 8.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00007200
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 40B000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 2 dup(?) ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Eh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 0000C000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00007200
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40C000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
end start