;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : F14FD68756C21651B602C6AF4D555E90
; File Name : u:\work\f14fd68756c21651b602c6af4d555e90_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004B44 ( 19268.)
; Section size in file : 00004C00 ( 19456.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_401000 dd offset dword_401004 ; DATA XREF: CODE:00403E80�o
dword_401004 dd 79420401h, 16574h, 0FF000000h, 90000000h; [00000006 BYTES: COLLAPSED FUNCTION GetStdHandle. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RaiseException. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION UnhandledExceptionFilter. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION WriteFile. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION CharNextA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION FreeLibrary. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetLocaleInfoA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleFileNameA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetStartupInfoA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetThreadLocale. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegCloseKey. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegOpenKeyExA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION RegQueryValueExA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysReAllocStringLen. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION SysFreeString. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetCurrentThreadId. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetVersion. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_4010BC proc near ; CODE XREF: sub_403B88+71�p
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
test [esp+48h+var_1C], 1
jz short loc_4010D7
movzx ebx, [esp+48h+var_18]
loc_4010D7: ; CODE XREF: sub_4010BC+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_4010BC endp
; ---------------------------------------------------------------------------
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION VirtualAlloc. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION VirtualFree. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION InitializeCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION EnterCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000006 BYTES: COLLAPSED FUNCTION LeaveCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION DeleteCriticalSection. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_401120 proc near ; CODE XREF: sub_401178+6�p
push ebx
push esi
mov esi, offset dword_4075D0
cmp dword ptr [esi], 0
jnz short loc_401166
push 644h ; uBytes
push 0 ; uFlags
call LocalAlloc ; LocalAlloc
mov ecx, eax
test ecx, ecx
jnz short loc_401143
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401143: ; CODE XREF: sub_401120+1C�j
mov eax, ds:dword_4075CC
mov [ecx], eax
mov ds:dword_4075CC, ecx
xor edx, edx
loc_401152: ; CODE XREF: sub_401120+44�j
mov eax, edx
add eax, eax
lea eax, [ecx+eax*8+4]
mov ebx, [esi]
mov [eax], ebx
mov [esi], eax
inc edx
cmp edx, 64h
jnz short loc_401152
loc_401166: ; CODE XREF: sub_401120+A�j
mov eax, [esi]
mov edx, [eax]
mov [esi], edx
pop esi
pop ebx
retn
sub_401120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401170 proc near ; CODE XREF: sub_4017AC+33�p
; sub_4017AC+3D�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_401170 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401178 proc near ; CODE XREF: sub_4011C0+5D�p
; sub_401230+73�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
call sub_401120
test eax, eax
jnz short loc_40118C
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40118C: ; CODE XREF: sub_401178+D�j
mov edx, [esi]
mov [eax+8], edx
mov edx, [esi+4]
mov [eax+0Ch], edx
mov edx, [ebx]
mov [eax], edx
mov [eax+4], ebx
mov [edx+4], eax
mov [ebx], eax
mov al, 1
pop esi
pop ebx
retn
sub_401178 endp
; =============== S U B R O U T I N E =======================================
sub_4011A8 proc near ; CODE XREF: sub_4011C0+2C�p
; sub_4011C0+48�p ...
mov edx, [eax+4]
mov ecx, [eax]
mov [edx], ecx
mov [ecx+4], edx
mov edx, ds:dword_4075D0
mov [eax], edx
mov ds:dword_4075D0, eax
retn
sub_4011A8 endp
; =============== S U B R O U T I N E =======================================
sub_4011C0 proc near ; CODE XREF: sub_40156C+6C�p
; sub_4015FC+62�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, ecx
mov [esp+14h+var_14], edx
mov ebp, eax
mov ebx, [ebp+0]
mov eax, [esp+14h+var_14]
mov edx, [eax]
mov [esi], edx
mov edx, [eax+4]
mov [esi+4], edx
loc_4011DC: ; CODE XREF: sub_4011C0+57�j
mov edi, [ebx]
mov eax, [esi]
mov edx, [ebx+8]
add edx, [ebx+0Ch]
cmp eax, edx
jnz short loc_4011FE
mov eax, ebx
call sub_4011A8
mov eax, [ebx+8]
mov [esi], eax
mov eax, [ebx+0Ch]
add [esi+4], eax
jmp short loc_401213
; ---------------------------------------------------------------------------
loc_4011FE: ; CODE XREF: sub_4011C0+28�j
add eax, [esi+4]
cmp eax, [ebx+8]
jnz short loc_401213
mov eax, ebx
call sub_4011A8
mov eax, [ebx+0Ch]
add [esi+4], eax
loc_401213: ; CODE XREF: sub_4011C0+3C�j
; sub_4011C0+44�j
mov ebx, edi
cmp ebp, ebx
jnz short loc_4011DC
mov edx, esi
mov eax, ebp
call sub_401178
test al, al
jnz short loc_40122A
xor eax, eax
mov [esi], eax
loc_40122A: ; CODE XREF: sub_4011C0+64�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4011C0 endp
; =============== S U B R O U T I N E =======================================
sub_401230 proc near ; CODE XREF: sub_401720+7A�p
; sub_401B08+99�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, eax
mov edi, ebx
loc_40123B: ; CODE XREF: sub_401230+88�j
mov esi, [edx]
mov eax, [ebx+8]
cmp esi, eax
jb short loc_4012B4
mov ecx, esi
add ecx, [edx+4]
mov ebp, eax
add ebp, [ebx+0Ch]
cmp ecx, ebp
ja short loc_4012B4
cmp esi, eax
jnz short loc_401271
mov eax, [edx+4]
add [ebx+8], eax
mov eax, [edx+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_4012B0
mov eax, ebx
call sub_4011A8
jmp short loc_4012B0
; ---------------------------------------------------------------------------
loc_401271: ; CODE XREF: sub_401230+24�j
mov ecx, esi
mov edi, [edx+4]
add ecx, edi
mov ebp, eax
add ebp, [ebx+0Ch]
cmp ecx, ebp
jnz short loc_401286
sub [ebx+0Ch], edi
jmp short loc_4012B0
; ---------------------------------------------------------------------------
loc_401286: ; CODE XREF: sub_401230+4F�j
mov ecx, [edx]
add ecx, [edx+4]
mov [esp+18h+var_18], ecx
mov edi, [ebx+8]
add edi, [ebx+0Ch]
sub edi, ecx
mov [esp+18h+var_14], edi
sub esi, eax
mov [ebx+0Ch], esi
mov edx, esp
mov eax, ebx
call sub_401178
test al, al
jnz short loc_4012B0
xor eax, eax
jmp short loc_4012BC
; ---------------------------------------------------------------------------
loc_4012B0: ; CODE XREF: sub_401230+36�j
; sub_401230+3F�j ...
mov al, 1
jmp short loc_4012BC
; ---------------------------------------------------------------------------
loc_4012B4: ; CODE XREF: sub_401230+12�j
; sub_401230+20�j
mov ebx, [ebx]
cmp edi, ebx
jnz short loc_40123B
xor eax, eax
loc_4012BC: ; CODE XREF: sub_401230+7E�j
; sub_401230+82�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401230 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4012C4 proc near ; CODE XREF: sub_40156C+5C�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_4012DA
mov esi, 100000h
jmp short loc_4012E6
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012C4+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_4012E6: ; CODE XREF: sub_4012C4+14�j
mov [ebx+4], esi
push 1 ; flProtect
push 2000h ; flAllocationType
push esi ; dwSize
push 0 ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_401323
mov edx, ebx
mov eax, offset dword_4075D4
call sub_401178
test al, al
jnz short loc_401323
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebx]
push eax ; lpAddress
call VirtualFree ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_401323: ; CODE XREF: sub_4012C4+3A�j
; sub_4012C4+4A�j
pop edi
pop esi
pop ebx
retn
sub_4012C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401328 proc near ; CODE XREF: sub_4015FC+4C�p
; sub_4015FC+93�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4 ; flProtect
push 2000h ; flAllocationType
push 100000h ; dwSize
push ebp ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_401372
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4 ; flProtect
push 2000h ; flAllocationType
push esi ; dwSize
push ebp ; lpAddress
call VirtualAlloc ; VirtualAlloc
mov [ebx], eax
loc_401372: ; CODE XREF: sub_401328+29�j
cmp dword ptr [ebx], 0
jz short loc_40139A
mov edx, ebx
mov eax, offset dword_4075D4
call sub_401178
test al, al
jnz short loc_40139A
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebx]
push eax ; lpAddress
call VirtualFree ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_40139A: ; CODE XREF: sub_401328+4D�j
; sub_401328+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401328 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013A0 proc near ; CODE XREF: sub_40156C+7E�p
; sub_4015FC+7A�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_20], ecx
mov [esp+24h+var_24], edx
mov [esp+24h+var_1C], 0FFFFFFFFh
xor edx, edx
mov [esp+24h+var_18], edx
mov ebp, eax
mov eax, [esp+24h+var_24]
add eax, ebp
mov [esp+24h+var_14], eax
mov ebx, ds:dword_4075D4
jmp short loc_401420
; ---------------------------------------------------------------------------
loc_4013CF: ; CODE XREF: sub_4013A0+86�j
mov edi, [ebx]
mov esi, [ebx+8]
cmp ebp, esi
ja short loc_40141E
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_14]
ja short loc_40141E
cmp esi, [esp+24h+var_1C]
jnb short loc_4013ED
mov [esp+24h+var_1C], esi
loc_4013ED: ; CODE XREF: sub_4013A0+47�j
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_18]
jbe short loc_4013FC
mov [esp+24h+var_18], eax
loc_4013FC: ; CODE XREF: sub_4013A0+56�j
push 8000h ; dwFreeType
push 0 ; dwSize
push esi ; lpAddress
call VirtualFree ; VirtualFree
test eax, eax
jnz short loc_401417
mov ds:dword_4075B0, 1
loc_401417: ; CODE XREF: sub_4013A0+6B�j
mov eax, ebx
call sub_4011A8
loc_40141E: ; CODE XREF: sub_4013A0+36�j
; sub_4013A0+41�j
mov ebx, edi
loc_401420: ; CODE XREF: sub_4013A0+2D�j
cmp ebx, offset dword_4075D4
jnz short loc_4013CF
mov eax, [esp+24h+var_20]
xor edx, edx
mov [eax], edx
cmp [esp+24h+var_18], 0
jz short loc_401450
mov eax, [esp+24h+var_20]
mov edx, [esp+24h+var_1C]
mov [eax], edx
mov eax, [esp+24h+var_18]
sub eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_20]
mov [edx+4], eax
loc_401450: ; CODE XREF: sub_4013A0+95�j
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4013A0 endp
; =============== S U B R O U T I N E =======================================
sub_401458 proc near ; CODE XREF: sub_40156C+2D�p
; sub_4015FC+E6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_18], ecx
mov [esp+1Ch+var_1C], edx
mov edx, eax
mov ebp, edx
and ebp, 0FFFFF000h
add edx, [esp+1Ch+var_1C]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+1Ch+var_14], edx
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_14]
sub eax, ebp
mov edx, [esp+1Ch+var_18]
mov [edx+4], eax
mov esi, ds:dword_4075D4
jmp short loc_4014DA
; ---------------------------------------------------------------------------
loc_40149E: ; CODE XREF: sub_401458+88�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebp, ebx
jbe short loc_4014AC
mov ebx, ebp
loc_4014AC: ; CODE XREF: sub_401458+50�j
cmp edi, [esp+1Ch+var_14]
jbe short loc_4014B6
mov edi, [esp+1Ch+var_14]
loc_4014B6: ; CODE XREF: sub_401458+58�j
cmp edi, ebx
jbe short loc_4014D8
push 4 ; flProtect
push 1000h ; flAllocationType
sub edi, ebx
push edi ; dwSize
push ebx ; lpAddress
call VirtualAlloc ; VirtualAlloc
test eax, eax
jnz short loc_4014D8
mov eax, [esp+1Ch+var_18]
xor edx, edx
mov [eax], edx
jmp short loc_4014E2
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401458+60�j
; sub_401458+74�j
mov esi, [esi]
loc_4014DA: ; CODE XREF: sub_401458+44�j
cmp esi, offset dword_4075D4
jnz short loc_40149E
loc_4014E2: ; CODE XREF: sub_401458+7E�j
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401458 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014EC proc near ; CODE XREF: sub_401720+2E�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebx, eax
mov esi, ebx
add esi, 0FFFh
and esi, 0FFFFF000h
mov [esp+14h+var_14], esi
mov ebp, ebx
add ebp, edx
and ebp, 0FFFFF000h
mov eax, [esp+14h+var_14]
mov [ecx], eax
mov eax, ebp
sub eax, [esp+14h+var_14]
mov [ecx+4], eax
mov esi, ds:dword_4075D4
jmp short loc_40155B
; ---------------------------------------------------------------------------
loc_401523: ; CODE XREF: sub_4014EC+75�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebx, [esp+14h+var_14]
jnb short loc_401533
mov ebx, [esp+14h+var_14]
loc_401533: ; CODE XREF: sub_4014EC+42�j
cmp ebp, edi
jnb short loc_401539
mov edi, ebp
loc_401539: ; CODE XREF: sub_4014EC+49�j
cmp edi, ebx
jbe short loc_401559
push 4000h ; dwFreeType
sub edi, ebx
push edi ; dwSize
push ebx ; lpAddress
call VirtualFree ; VirtualFree
test eax, eax
jnz short loc_401559
mov ds:dword_4075B0, 2
loc_401559: ; CODE XREF: sub_4014EC+4F�j
; sub_4014EC+61�j
mov esi, [esi]
loc_40155B: ; CODE XREF: sub_4014EC+35�j
cmp esi, offset dword_4075D4
jnz short loc_401523
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4014EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40156C proc near ; CODE XREF: sub_401D18+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
mov edi, eax
mov ebp, offset dword_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_401588: ; CODE XREF: sub_40156C+75�j
mov ebx, [ebp+0]
jmp short loc_4015C0
; ---------------------------------------------------------------------------
loc_40158D: ; CODE XREF: sub_40156C+56�j
cmp edi, [ebx+0Ch]
jg short loc_4015BE
mov ecx, esi
mov edx, edi
mov eax, [ebx+8]
call sub_401458
cmp dword ptr [esi], 0
jz short loc_4015F3
mov eax, [esi+4]
add [ebx+8], eax
mov eax, [esi+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_4015F3
mov eax, ebx
call sub_4011A8
jmp short loc_4015F3
; ---------------------------------------------------------------------------
loc_4015BE: ; CODE XREF: sub_40156C+24�j
mov ebx, [ebx]
loc_4015C0: ; CODE XREF: sub_40156C+1F�j
cmp ebx, ebp
jnz short loc_40158D
mov edx, esi
mov eax, edi
call sub_4012C4
cmp dword ptr [esi], 0
jz short loc_4015F3
mov ecx, esp
mov edx, esi
mov eax, ebp
call sub_4011C0
cmp [esp+18h+var_18], 0
jnz short loc_401588
mov ecx, esp
mov edx, [esi+4]
mov eax, [esi]
call sub_4013A0
xor eax, eax
mov [esi], eax
loc_4015F3: ; CODE XREF: sub_40156C+35�j
; sub_40156C+47�j ...
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40156C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4015FC proc near ; CODE XREF: sub_401D44+10�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_24], ecx
mov edi, edx
mov esi, eax
mov ebp, offset dword_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_40161B: ; CODE XREF: sub_4015FC+6C�j
; sub_4015FC+B3�j
mov ebx, [ebp+0]
jmp short loc_401622
; ---------------------------------------------------------------------------
loc_401620: ; CODE XREF: sub_4015FC+2D�j
mov ebx, [ebx]
loc_401622: ; CODE XREF: sub_4015FC+22�j
cmp ebx, ebp
jz short loc_40162B
cmp esi, [ebx+8]
jnz short loc_401620
loc_40162B: ; CODE XREF: sub_4015FC+28�j
cmp esi, [ebx+8]
jnz short loc_401687
cmp edi, [ebx+0Ch]
jle loc_4016CF
lea ecx, [esp+24h+var_20]
mov edx, edi
sub edx, [ebx+0Ch]
mov eax, [ebx+8]
add eax, [ebx+0Ch]
call sub_401328
cmp [esp+24h+var_20], 0
jz short loc_401687
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4011C0
cmp [esp+24h+var_18], 0
jnz short loc_40161B
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4013A0
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp loc_401717
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_4015FC+32�j
; sub_4015FC+56�j
lea ecx, [esp+24h+var_20]
mov edx, edi
mov eax, esi
call sub_401328
cmp [esp+24h+var_20], 0
jz short loc_4016CF
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4011C0
cmp [esp+24h+var_18], 0
jnz loc_40161B
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4013A0
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp short loc_401717
; ---------------------------------------------------------------------------
loc_4016CF: ; CODE XREF: sub_4015FC+37�j
; sub_4015FC+9D�j
mov ebp, [ebx+8]
cmp esi, ebp
jnz short loc_401710
cmp edi, [ebx+0Ch]
jg short loc_401710
mov ecx, [esp+24h+var_24]
mov edx, edi
mov eax, ebp
call sub_401458
mov eax, [esp+24h+var_24]
cmp dword ptr [eax], 0
jz short loc_401717
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
add [ebx+8], eax
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_401717
mov eax, ebx
call sub_4011A8
jmp short loc_401717
; ---------------------------------------------------------------------------
loc_401710: ; CODE XREF: sub_4015FC+D8�j
; sub_4015FC+DD�j
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
loc_401717: ; CODE XREF: sub_4015FC+86�j
; sub_4015FC+D1�j ...
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4015FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401720 proc near ; CODE XREF: sub_401B08+4E�p
; sub_401B08+61�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, ecx
mov [esp+20h+var_20], edx
lea ebx, [eax+3FFFh]
and ebx, 0FFFFC000h
mov esi, [esp+20h+var_20]
add esi, eax
and esi, 0FFFFC000h
cmp ebx, esi
jnb short loc_4017A1
mov ecx, edi
mov edx, esi
sub edx, ebx
mov eax, ebx
call sub_4014EC
lea ecx, [esp+20h+var_1C]
mov edx, edi
mov eax, offset dword_4075E4
call sub_4011C0
mov ebx, [esp+20h+var_1C]
test ebx, ebx
jz short loc_40178A
lea ecx, [esp+20h+var_14]
mov edx, [esp+20h+var_18]
mov eax, ebx
call sub_4013A0
mov eax, [esp+20h+var_14]
mov [esp+20h+var_1C], eax
mov eax, [esp+20h+var_10]
mov [esp+20h+var_18], eax
loc_40178A: ; CODE XREF: sub_401720+49�j
cmp [esp+20h+var_1C], 0
jz short loc_4017A5
lea edx, [esp+20h+var_1C]
mov eax, offset dword_4075E4
call sub_401230
jmp short loc_4017A5
; ---------------------------------------------------------------------------
loc_4017A1: ; CODE XREF: sub_401720+24�j
xor eax, eax
mov [edi], eax
loc_4017A5: ; CODE XREF: sub_401720+6F�j
; sub_401720+7F�j
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_401720 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017AC proc near ; CODE XREF: sub_401E98+14�p
; sub_402028+19�p ...
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00402BB4 SIZE 00000036 BYTES
push ebp
mov ebp, esp
xor edx, edx
push ebp
push offset loc_401862
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset CriticalSection ; lpCriticalSection
call InitializeCriticalSection ; InitializeCriticalSection
cmp ds:byte_407035, 0
jz short loc_4017DA
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_4017DA: ; CODE XREF: sub_4017AC+22�j
mov eax, offset dword_4075D4
call sub_401170
mov eax, offset dword_4075E4
call sub_401170
mov eax, offset dword_407610
call sub_401170
push 0FF8h ; uBytes
push 0 ; uFlags
call LocalAlloc ; LocalAlloc
mov ds:hMem, eax
cmp ds:hMem, 0
jz short loc_401841
mov eax, 3
loc_401817: ; CODE XREF: sub_4017AC+7D�j
mov edx, ds:hMem
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_401817
mov eax, offset dword_4075F4
mov [eax+4], eax
mov [eax], eax
mov ds:dword_407600, eax
mov ds:byte_4075AC, 1
loc_401841: ; CODE XREF: sub_4017AC+64�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401869
loc_40184E: ; CODE XREF: sub_4017AC+BB�j
cmp ds:byte_407035, 0
jz short loc_401861
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_401861: ; CODE XREF: sub_4017AC+A9�j
retn
; ---------------------------------------------------------------------------
loc_401862: ; DATA XREF: sub_4017AC+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40184E
; ---------------------------------------------------------------------------
loc_401869: ; CODE XREF: sub_4017AC:loc_401861�j
; DATA XREF: sub_4017AC+9D�o
mov al, ds:byte_4075AC
pop ebp
retn
sub_4017AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401870 proc near ; CODE XREF: sub_403B34+37�p
push ebp
mov ebp, esp
push ebx
cmp ds:byte_4075AC, 0
jz loc_40194D
xor edx, edx
push ebp
push offset loc_401946
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4018A2
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_4018A2: ; CODE XREF: sub_401870+26�j
mov ds:byte_4075AC, 0
mov eax, ds:hMem
push eax ; hMem
call LocalFree ; LocalFree
xor eax, eax
mov ds:hMem, eax
mov ebx, ds:dword_4075D4
jmp short loc_4018D5
; ---------------------------------------------------------------------------
loc_4018C3: ; CODE XREF: sub_401870+6B�j
push 8000h ; dwFreeType
push 0 ; dwSize
mov eax, [ebx+8]
push eax ; lpAddress
call VirtualFree ; VirtualFree
mov ebx, [ebx]
loc_4018D5: ; CODE XREF: sub_401870+51�j
cmp ebx, offset dword_4075D4
jnz short loc_4018C3
mov eax, offset dword_4075D4
call sub_401170
mov eax, offset dword_4075E4
call sub_401170
mov eax, offset dword_407610
call sub_401170
mov eax, ds:dword_4075CC
test eax, eax
jz short loc_40191B
loc_401904: ; CODE XREF: sub_401870+A9�j
mov edx, [eax]
mov ds:dword_4075CC, edx
push eax ; hMem
call LocalFree ; LocalFree
mov eax, ds:dword_4075CC
test eax, eax
jnz short loc_401904
loc_40191B: ; CODE XREF: sub_401870+92�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40194D
loc_401928: ; CODE XREF: sub_401870+DB�j
cmp ds:byte_407035, 0
jz short loc_40193B
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_40193B: ; CODE XREF: sub_401870+BF�j
push offset CriticalSection ; lpCriticalSection
call DeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401946: ; DATA XREF: sub_401870+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_401928
; ---------------------------------------------------------------------------
loc_40194D: ; CODE XREF: sub_401870+B�j
; sub_401870+D5�j
; DATA XREF: ...
pop ebx
pop ebp
retn
sub_401870 endp
; =============== S U B R O U T I N E =======================================
sub_401950 proc near ; CODE XREF: sub_401A60:loc_401AC1�p
; sub_401AD0+23�p ...
push ebx
cmp eax, ds:dword_407600
jnz short loc_401962
mov edx, [eax+4]
mov ds:dword_407600, edx
loc_401962: ; CODE XREF: sub_401950+7�j
mov edx, [eax+4]
mov ecx, [eax+8]
cmp ecx, 1000h
jg short loc_4019A8
cmp eax, edx
jnz short loc_40198B
test ecx, ecx
jns short loc_40197B
add ecx, 3
loc_40197B: ; CODE XREF: sub_401950+26�j
sar ecx, 2
mov eax, ds:hMem
xor edx, edx
mov [eax+ecx*4-0Ch], edx
jmp short loc_4019AF
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_401950+22�j
test ecx, ecx
jns short loc_401992
add ecx, 3
loc_401992: ; CODE XREF: sub_401950+3D�j
sar ecx, 2
mov ebx, ds:hMem
mov [ebx+ecx*4-0Ch], edx
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4019A8: ; CODE XREF: sub_401950+1E�j
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
loc_4019AF: ; CODE XREF: sub_401950+39�j
pop ebx
retn
sub_401950 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019B4 proc near ; CODE XREF: sub_401B08+11�p
mov edx, ds:dword_407610
jmp short loc_4019CC
; ---------------------------------------------------------------------------
loc_4019BC: ; CODE XREF: sub_4019B4+1E�j
mov ecx, [edx+8]
cmp eax, ecx
jb short loc_4019CA
add ecx, [edx+0Ch]
cmp eax, ecx
jb short loc_4019E0
loc_4019CA: ; CODE XREF: sub_4019B4+D�j
mov edx, [edx]
loc_4019CC: ; CODE XREF: sub_4019B4+6�j
cmp edx, offset dword_407610
jnz short loc_4019BC
mov ds:dword_4075B0, 3
xor edx, edx
loc_4019E0: ; CODE XREF: sub_4019B4+14�j
mov eax, edx
retn
sub_4019B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019E4 proc near ; CODE XREF: sub_401B08+74�p
; sub_401C8C+68�p
push ebx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
cmp edx, 10h
jl short loc_401A01
mov dword ptr [ebx], 80000007h
mov edx, ecx
call sub_401BB8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401A01: ; CODE XREF: sub_4019E4+C�j
cmp edx, 4
jl short loc_401A12
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov [ebx], ecx
loc_401A12: ; CODE XREF: sub_4019E4+20�j
pop ebx
retn
sub_4019E4 endp
; =============== S U B R O U T I N E =======================================
sub_401A14 proc near ; CODE XREF: sub_401A38+D�p
; sub_401C40+36�p ...
inc ds:dword_40759C
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add ds:dword_4075A0, edx
call sub_402028
retn
sub_401A14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A38 proc near ; CODE XREF: sub_401B08+8E�p
cmp edx, 0Ch
jl short loc_401A4B
or edx, 2
mov [eax], edx
add eax, 4
call sub_401A14
retn
; ---------------------------------------------------------------------------
loc_401A4B: ; CODE XREF: sub_401A38+3�j
cmp edx, 4
jl short loc_401A5A
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401A5A: ; CODE XREF: sub_401A38+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401A38 endp
; =============== S U B R O U T I N E =======================================
sub_401A60 proc near ; CODE XREF: sub_401C8C+36�p
push ebx
push esi
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401A83
mov ds:dword_4075B0, 4
loc_401A83: ; CODE XREF: sub_401A60+17�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401AA3
mov ds:dword_4075B0, 5
loc_401AA3: ; CODE XREF: sub_401A60+37�j
test byte ptr [ecx], 1
jz short loc_401AC8
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
cmp esi, [eax+8]
jz short loc_401AC1
mov ds:dword_4075B0, 6
loc_401AC1: ; CODE XREF: sub_401A60+55�j
call sub_401950
add ebx, esi
loc_401AC8: ; CODE XREF: sub_401A60+46�j
mov eax, ebx
pop esi
pop ebx
retn
sub_401A60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401AD0 proc near ; CODE XREF: sub_401C8C+4F�p
push ebx
push esi
push edi
mov ebx, eax
xor edi, edi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401AEB
and eax, 7FFFFFFCh
add edi, eax
add ebx, eax
mov eax, [ebx]
loc_401AEB: ; CODE XREF: sub_401AD0+E�j
test al, 2
jnz short loc_401B02
mov esi, ebx
mov eax, esi
call sub_401950
mov eax, [esi+8]
add edi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401B02: ; CODE XREF: sub_401AD0+1D�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_401AD0 endp
; =============== S U B R O U T I N E =======================================
sub_401B08 proc near ; CODE XREF: sub_401BB8+61�p
var_1C = byte ptr -1Ch
var_1B = dword ptr -1Bh
var_17 = dword ptr -17h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov edi, edx
mov esi, eax
mov [esp+1Ch+var_1C], 0
mov eax, esi
call sub_4019B4
mov ebx, eax
test ebx, ebx
jz loc_401BAA
mov ebp, [ebx+8]
mov eax, ebp
add eax, [ebx+0Ch]
mov edx, eax
lea ecx, [edi+esi]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401B40
mov edi, eax
sub edi, esi
loc_401B40: ; CODE XREF: sub_401B08+32�j
mov eax, esi
sub eax, ebp
cmp eax, 0Ch
jge short loc_401B5D
lea ecx, [esp+1Ch+var_1B]
mov edx, esi
sub edx, [ebx+8]
add edx, edi
mov eax, ebp
call sub_401720
jmp short loc_401B6E
; ---------------------------------------------------------------------------
loc_401B5D: ; CODE XREF: sub_401B08+3F�j
lea ecx, [esp+1Ch+var_1B]
mov edx, edi
sub edx, 4
lea eax, [esi+4]
call sub_401720
loc_401B6E: ; CODE XREF: sub_401B08+53�j
mov ebp, [esp+1Ch+var_1B]
test ebp, ebp
jz short loc_401BAA
mov edx, ebp
sub edx, esi
mov eax, esi
call sub_4019E4
mov eax, ebp
add eax, [esp+1Ch+var_17]
mov edx, [ebx+8]
add edx, [ebx+0Ch]
cmp eax, edx
jnb short loc_401B9B
lea edx, [edi+esi]
sub edx, eax
call sub_401A38
loc_401B9B: ; CODE XREF: sub_401B08+87�j
lea edx, [esp+1Ch+var_1B]
mov eax, ebx
call sub_401230
mov [esp+1Ch+var_1C], 1
loc_401BAA: ; CODE XREF: sub_401B08+1A�j
; sub_401B08+6C�j
mov al, [esp+1Ch+var_1C]
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401B08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BB8 proc near ; CODE XREF: sub_4019E4+16�p
; sub_401DA4+BB�p ...
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
mov ebx, edi
mov [ebx+8], esi
mov eax, ebx
add eax, esi
sub eax, 0Ch
mov [eax+8], esi
cmp esi, 1000h
jg short loc_401C0D
mov edx, esi
test edx, edx
jns short loc_401BDF
add edx, 3
loc_401BDF: ; CODE XREF: sub_401BB8+22�j
sar edx, 2
mov eax, ds:hMem
mov eax, [eax+edx*4-0Ch]
test eax, eax
jnz short loc_401BFF
mov eax, ds:hMem
mov [eax+edx*4-0Ch], ebx
mov [ebx+4], ebx
mov [ebx], ebx
jmp short loc_401C39
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_401BB8+35�j
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
jmp short loc_401C39
; ---------------------------------------------------------------------------
loc_401C0D: ; CODE XREF: sub_401BB8+1C�j
cmp esi, 3C00h
jl short loc_401C22
mov edx, esi
mov eax, edi
call sub_401B08
test al, al
jnz short loc_401C39
loc_401C22: ; CODE XREF: sub_401BB8+5B�j
mov eax, ds:dword_407600
mov ds:dword_407600, ebx
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
loc_401C39: ; CODE XREF: sub_401BB8+45�j
; sub_401BB8+53�j ...
pop edi
pop esi
pop ebx
retn
sub_401BB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C40 proc near ; CODE XREF: sub_401C8C+F�p
; sub_402028+100�p ...
cmp ds:dword_407604, 0
jle short locret_401C89
cmp ds:dword_407604, 0Ch
jge short loc_401C5E
mov ds:dword_4075B0, 7
jmp short locret_401C89
; ---------------------------------------------------------------------------
loc_401C5E: ; CODE XREF: sub_401C40+10�j
mov eax, ds:dword_407604
or eax, 2
mov edx, ds:dword_407608
mov [edx], eax
mov eax, ds:dword_407608
add eax, 4
call sub_401A14
xor eax, eax
mov ds:dword_407608, eax
xor eax, eax
mov ds:dword_407604, eax
locret_401C89: ; CODE XREF: sub_401C40+7�j
; sub_401C40+1C�j
retn
sub_401C40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C8C proc near ; CODE XREF: sub_401D18+18�p
; sub_401D44+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401C40
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset dword_407610
call sub_4011C0
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401CBC
xor eax, eax
jmp short loc_401D0E
; ---------------------------------------------------------------------------
loc_401CBC: ; CODE XREF: sub_401C8C+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401CCC
call sub_401A60
sub [edi], eax
add [edi+4], eax
loc_401CCC: ; CODE XREF: sub_401C8C+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401CE3
call sub_401AD0
add [edi+4], eax
loc_401CE3: ; CODE XREF: sub_401C8C+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401CFD
sub eax, 4
mov edx, 4
call sub_4019E4
sub dword ptr [edi+4], 4
loc_401CFD: ; CODE XREF: sub_401C8C+5E�j
mov eax, [edi]
mov ds:dword_407608, eax
mov eax, [edi+4]
mov ds:dword_407604, eax
mov al, 1
loc_401D0E: ; CODE XREF: sub_401C8C+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401C8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D18 proc near ; CODE XREF: sub_401DA4+57�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_40156C
cmp [esp+0Ch+var_C], 0
jz short loc_401D39
mov eax, esp
call sub_401C8C
test al, al
jnz short loc_401D3D
loc_401D39: ; CODE XREF: sub_401D18+14�j
xor eax, eax
jmp short loc_401D3F
; ---------------------------------------------------------------------------
loc_401D3D: ; CODE XREF: sub_401D18+1F�j
mov al, 1
loc_401D3F: ; CODE XREF: sub_401D18+23�j
pop ecx
pop edx
pop ebx
retn
sub_401D18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D44 proc near ; CODE XREF: sub_4021CC+1A4�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_4015FC
cmp [esp+10h+var_10], 0
jz short loc_401D6A
mov eax, esp
call sub_401C8C
test al, al
jnz short loc_401D6E
loc_401D6A: ; CODE XREF: sub_401D44+19�j
xor eax, eax
jmp short loc_401D70
; ---------------------------------------------------------------------------
loc_401D6E: ; CODE XREF: sub_401D44+24�j
mov al, 1
loc_401D70: ; CODE XREF: sub_401D44+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401D44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D78 proc near ; CODE XREF: sub_401DA4+4A�p
xor edx, edx
test eax, eax
jns short loc_401D81
add eax, 3
loc_401D81: ; CODE XREF: sub_401D78+4�j
sar eax, 2
cmp eax, 400h
jg short loc_401DA1
loc_401D8B: ; CODE XREF: sub_401D78+27�j
mov edx, ds:hMem
mov edx, [edx+eax*4-0Ch]
test edx, edx
jnz short loc_401DA1
inc eax
cmp eax, 401h
jnz short loc_401D8B
loc_401DA1: ; CODE XREF: sub_401D78+11�j
; sub_401D78+1F�j
mov eax, edx
retn
sub_401D78 endp
; =============== S U B R O U T I N E =======================================
sub_401DA4 proc near ; CODE XREF: sub_401E98+153�p
push ebx
push esi
push edi
push ebp
mov esi, eax
mov edi, offset dword_407600
mov ebp, offset dword_407604
loc_401DB4: ; CODE XREF: sub_401DA4+6A�j
mov ebx, ds:dword_4075F8
cmp esi, [ebx+8]
jle loc_401E47
mov ebx, [edi]
mov eax, [ebx+8]
cmp esi, eax
jle short loc_401E47
mov [ebx+8], esi
loc_401DCF: ; CODE XREF: sub_401DA4+31�j
mov ebx, [ebx+4]
cmp esi, [ebx+8]
jg short loc_401DCF
mov edx, [edi]
mov [edx+8], eax
cmp ebx, [edi]
jz short loc_401DE4
mov [edi], ebx
jmp short loc_401E47
; ---------------------------------------------------------------------------
loc_401DE4: ; CODE XREF: sub_401DA4+3A�j
cmp esi, 1000h
jg short loc_401DF9
mov eax, esi
call sub_401D78
mov ebx, eax
test ebx, ebx
jnz short loc_401E47
loc_401DF9: ; CODE XREF: sub_401DA4+46�j
mov eax, esi
call sub_401D18
test al, al
jnz short loc_401E0B
xor eax, eax
jmp loc_401E93
; ---------------------------------------------------------------------------
loc_401E0B: ; CODE XREF: sub_401DA4+5E�j
cmp esi, [ebp+0]
jg short loc_401DB4
sub [ebp+0], esi
cmp dword ptr [ebp+0], 0Ch
jge short loc_401E21
add esi, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_401E21: ; CODE XREF: sub_401DA4+73�j
mov eax, ds:dword_407608
add ds:dword_407608, esi
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc ds:dword_40759C
sub esi, 4
add ds:dword_4075A0, esi
jmp short loc_401E93
; ---------------------------------------------------------------------------
loc_401E47: ; CODE XREF: sub_401DA4+19�j
; sub_401DA4+26�j ...
mov eax, ebx
call sub_401950
mov edx, [ebx+8]
mov eax, edx
sub eax, esi
cmp eax, 0Ch
jl short loc_401E66
mov edx, ebx
add edx, esi
xchg eax, edx
call sub_401BB8
jmp short loc_401E78
; ---------------------------------------------------------------------------
loc_401E66: ; CODE XREF: sub_401DA4+B4�j
mov esi, edx
cmp ebx, [edi]
jnz short loc_401E71
mov eax, [ebx+4]
mov [edi], eax
loc_401E71: ; CODE XREF: sub_401DA4+C6�j
mov eax, ebx
add eax, esi
and dword ptr [eax], 0FFFFFFFEh
loc_401E78: ; CODE XREF: sub_401DA4+C0�j
mov eax, ebx
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc ds:dword_40759C
sub esi, 4
add ds:dword_4075A0, esi
loc_401E93: ; CODE XREF: sub_401DA4+62�j
; sub_401DA4+A1�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401DA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E98 proc near ; CODE XREF: sub_4023A8+5C�p
; sub_40246C+5�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_401EB5
call sub_4017AC
test al, al
jz short loc_401EBD
loc_401EB5: ; CODE XREF: sub_401E98+12�j
cmp ebx, 7FFFFFF8h
jle short loc_401EC7
loc_401EBD: ; CODE XREF: sub_401E98+1B�j
xor eax, eax
mov [ebp+var_4], eax
jmp loc_40201B
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401E98+23�j
xor ecx, ecx
push ebp
push offset loc_402014
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp ds:byte_407035, 0
jz short loc_401EE8
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_401EE8: ; CODE XREF: sub_401E98+44�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_401EF8
mov ebx, 0Ch
loc_401EF8: ; CODE XREF: sub_401E98+59�j
cmp ebx, 1000h
jg loc_401F97
mov eax, ebx
test eax, eax
jns short loc_401F0D
add eax, 3
loc_401F0D: ; CODE XREF: sub_401E98+70�j
sar eax, 2
mov edx, ds:hMem
mov edx, [edx+eax*4-0Ch]
test edx, edx
jz short loc_401F97
mov esi, edx
mov eax, esi
add eax, ebx
and dword ptr [eax], 0FFFFFFFEh
mov eax, [edx+4]
cmp edx, eax
jnz short loc_401F48
mov eax, ebx
test eax, eax
jns short loc_401F37
add eax, 3
loc_401F37: ; CODE XREF: sub_401E98+9A�j
sar eax, 2
mov ecx, ds:hMem
xor edi, edi
mov [ecx+eax*4-0Ch], edi
jmp short loc_401F6E
; ---------------------------------------------------------------------------
loc_401F48: ; CODE XREF: sub_401E98+94�j
mov ecx, ebx
test ecx, ecx
jns short loc_401F51
add ecx, 3
loc_401F51: ; CODE XREF: sub_401E98+B4�j
sar ecx, 2
mov edi, ds:hMem
mov [edi+ecx*4-0Ch], eax
mov ecx, [edx]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov ecx, [ebp+var_8]
mov [eax], ecx
loc_401F6E: ; CODE XREF: sub_401E98+AE�j
mov eax, esi
mov edx, [edx+8]
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_402C70
jmp loc_40201B
; ---------------------------------------------------------------------------
loc_401F97: ; CODE XREF: sub_401E98+66�j
; sub_401E98+84�j
cmp ebx, ds:dword_407604
jg short loc_401FE9
sub ds:dword_407604, ebx
cmp ds:dword_407604, 0Ch
jge short loc_401FBB
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_401FBB: ; CODE XREF: sub_401E98+114�j
mov eax, ds:dword_407608
add ds:dword_407608, ebx
mov edx, ebx
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_402C70
jmp short loc_40201B
; ---------------------------------------------------------------------------
loc_401FE9: ; CODE XREF: sub_401E98+105�j
mov eax, ebx
call sub_401DA4
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40201B
loc_402000: ; CODE XREF: sub_401E98+181�j
cmp ds:byte_407035, 0
jz short loc_402013
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_402013: ; CODE XREF: sub_401E98+16F�j
retn
; ---------------------------------------------------------------------------
loc_402014: ; DATA XREF: sub_401E98+32�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402000
; ---------------------------------------------------------------------------
loc_40201B: ; CODE XREF: sub_401E98+2A�j
; sub_401E98+FA�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_401E98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402028 proc near ; CODE XREF: sub_401A14+1C�p
; sub_4023A8+88�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, eax
xor eax, eax
mov ds:dword_4075B0, eax
cmp ds:byte_4075AC, 0
jnz short loc_402060
call sub_4017AC
test al, al
jnz short loc_402060
mov ds:dword_4075B0, 8
mov [ebp+var_4], 8
jmp loc_4021C1
; ---------------------------------------------------------------------------
loc_402060: ; CODE XREF: sub_402028+17�j
; sub_402028+20�j
xor ecx, ecx
push ebp
push offset loc_4021BA
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp ds:byte_407035, 0
jz short loc_402081
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_402081: ; CODE XREF: sub_402028+4D�j
mov esi, ebx
sub esi, 4
mov ebx, [esi]
test bl, 2
jnz short loc_40209C
mov ds:dword_4075B0, 9
jmp loc_402191
; ---------------------------------------------------------------------------
loc_40209C: ; CODE XREF: sub_402028+63�j
dec ds:dword_40759C
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub ds:dword_4075A0, eax
test bl, 1
jz short loc_4020FC
mov eax, esi
sub eax, 0Ch
mov edx, [eax+8]
cmp edx, 0Ch
jl short loc_4020CC
test edx, 80000003h
jz short loc_4020DB
loc_4020CC: ; CODE XREF: sub_402028+9A�j
mov ds:dword_4075B0, 0Ah
jmp loc_402191
; ---------------------------------------------------------------------------
loc_4020DB: ; CODE XREF: sub_402028+A2�j
mov eax, esi
sub eax, edx
cmp edx, [eax+8]
jz short loc_4020F3
mov ds:dword_4075B0, 0Ah
jmp loc_402191
; ---------------------------------------------------------------------------
loc_4020F3: ; CODE XREF: sub_402028+BA�j
add ebx, edx
mov esi, eax
call sub_401950
loc_4020FC: ; CODE XREF: sub_402028+8D�j
and ebx, 7FFFFFFCh
mov eax, esi
add eax, ebx
mov edi, eax
cmp edi, ds:dword_407608
jnz short loc_40213C
sub ds:dword_407608, ebx
add ds:dword_407604, ebx
cmp ds:dword_407604, 3C00h
jle short loc_40212D
call sub_401C40
loc_40212D: ; CODE XREF: sub_402028+FE�j
xor eax, eax
mov [ebp+var_4], eax
call sub_402C70
jmp loc_4021C1
; ---------------------------------------------------------------------------
loc_40213C: ; CODE XREF: sub_402028+E6�j
mov edx, [eax]
test dl, 2
jz short loc_40215F
and edx, 7FFFFFFCh
cmp edx, 4
jge short loc_40215A
mov ds:dword_4075B0, 0Bh
jmp short loc_402191
; ---------------------------------------------------------------------------
loc_40215A: ; CODE XREF: sub_402028+124�j
or dword ptr [eax], 1
jmp short loc_402188
; ---------------------------------------------------------------------------
loc_40215F: ; CODE XREF: sub_402028+119�j
mov eax, edi
cmp dword ptr [eax+4], 0
jz short loc_402172
cmp dword ptr [eax], 0
jz short loc_402172
cmp dword ptr [eax+8], 0Ch
jge short loc_40217E
loc_402172: ; CODE XREF: sub_402028+13D�j
; sub_402028+142�j
mov ds:dword_4075B0, 0Bh
jmp short loc_402191
; ---------------------------------------------------------------------------
loc_40217E: ; CODE XREF: sub_402028+148�j
mov edx, [eax+8]
add ebx, edx
call sub_401950
loc_402188: ; CODE XREF: sub_402028+135�j
mov edx, ebx
mov eax, esi
call sub_401BB8
loc_402191: ; CODE XREF: sub_402028+6F�j
; sub_402028+AE�j ...
mov eax, ds:dword_4075B0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4021C1
loc_4021A6: ; CODE XREF: sub_402028+197�j
cmp ds:byte_407035, 0
jz short loc_4021B9
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_4021B9: ; CODE XREF: sub_402028+185�j
retn
; ---------------------------------------------------------------------------
loc_4021BA: ; DATA XREF: sub_402028+3B�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4021A6
; ---------------------------------------------------------------------------
loc_4021C1: ; CODE XREF: sub_402028+33�j
; sub_402028+10F�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_402028 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4021CC proc near ; CODE XREF: sub_4023A8+4C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
add esi, 7
and esi, 0FFFFFFFCh
cmp esi, 0Ch
jge short loc_4021E5
mov esi, 0Ch
loc_4021E5: ; CODE XREF: sub_4021CC+12�j
mov ebp, eax
sub ebp, 4
mov edi, [ebp+0]
and edi, 7FFFFFFCh
mov eax, ebp
add eax, edi
mov ebx, eax
cmp edi, esi
jnz short loc_402204
mov al, 1
jmp loc_40239F
; ---------------------------------------------------------------------------
loc_402204: ; CODE XREF: sub_4021CC+2F�j
cmp edi, esi
jle loc_40228F
mov edx, edi
sub edx, esi
mov [esp+18h+var_18], edx
cmp ebx, ds:dword_407608
jnz short loc_402253
mov eax, [esp+18h+var_18]
sub ds:dword_407608, eax
mov eax, [esp+18h+var_18]
add ds:dword_407604, eax
cmp ds:dword_407604, 0Ch
jge loc_402386
mov eax, [esp+18h+var_18]
add ds:dword_407608, eax
mov eax, [esp+18h+var_18]
sub ds:dword_407604, eax
mov esi, edi
jmp loc_402386
; ---------------------------------------------------------------------------
loc_402253: ; CODE XREF: sub_4021CC+4D�j
mov ebx, eax
test byte ptr [ebx], 2
jnz short loc_402267
mov eax, ebx
mov edx, [eax+8]
add [esp+18h+var_18], edx
call sub_401950
loc_402267: ; CODE XREF: sub_4021CC+8C�j
cmp [esp+18h+var_18], 0Ch
jl short loc_402288
mov ebx, ebp
add ebx, esi
mov eax, [esp+18h+var_18]
or eax, 2
mov [ebx], eax
mov eax, ebx
add eax, 4
call sub_401A14
jmp loc_402386
; ---------------------------------------------------------------------------
loc_402288: ; CODE XREF: sub_4021CC+9F�j
mov esi, edi
jmp loc_402386
; ---------------------------------------------------------------------------
loc_40228F: ; CODE XREF: sub_4021CC+3A�j
; sub_4021CC+1B1�j
mov eax, esi
sub eax, edi
mov [esp+18h+var_14], eax
cmp ebx, ds:dword_407608
jnz short loc_402306
mov eax, ds:dword_407604
cmp eax, [esp+18h+var_14]
jl short loc_4022FD
mov eax, [esp+18h+var_14]
sub ds:dword_407604, eax
mov eax, [esp+18h+var_14]
add ds:dword_407608, eax
cmp ds:dword_407604, 0Ch
jge short loc_4022DF
mov eax, ds:dword_407604
add ds:dword_407608, eax
add esi, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_4022DF: ; CODE XREF: sub_4021CC+F9�j
mov eax, esi
sub eax, edi
add ds:dword_4075A0, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
jmp loc_40239F
; ---------------------------------------------------------------------------
loc_4022FD: ; CODE XREF: sub_4021CC+DC�j
call sub_401C40
mov ebx, ebp
add ebx, edi
loc_402306: ; CODE XREF: sub_4021CC+D1�j
test byte ptr [ebx], 2
jnz short loc_402358
mov edx, ebx
mov eax, edx
mov ecx, [eax+8]
mov [esp+18h+var_18], ecx
mov ecx, [esp+18h+var_18]
cmp ecx, [esp+18h+var_14]
jge short loc_40232C
add edx, [esp+18h+var_18]
mov ebx, edx
mov eax, [esp+18h+var_18]
sub [esp+18h+var_14], eax
jmp short loc_402358
; ---------------------------------------------------------------------------
loc_40232C: ; CODE XREF: sub_4021CC+150�j
call sub_401950
mov eax, [esp+18h+var_14]
sub [esp+18h+var_18], eax
cmp [esp+18h+var_18], 0Ch
jl short loc_40234C
mov eax, ebp
add eax, esi
mov edx, [esp+18h+var_18]
call sub_401BB8
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_40234C: ; CODE XREF: sub_4021CC+170�j
add esi, [esp+18h+var_18]
mov ebx, ebp
add ebx, esi
and dword ptr [ebx], 0FFFFFFFEh
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_402358: ; CODE XREF: sub_4021CC+13D�j
; sub_4021CC+15E�j
mov eax, [ebx]
test eax, 80000000h
jz short loc_402382
and eax, 7FFFFFFCh
add eax, ebx
mov ebx, eax
mov edx, [esp+18h+var_14]
mov eax, ebx
call sub_401D44
test al, al
jz short loc_402382
mov ebx, ebp
add ebx, edi
jmp loc_40228F
; ---------------------------------------------------------------------------
loc_402382: ; CODE XREF: sub_4021CC+193�j
; sub_4021CC+1AB�j
xor eax, eax
jmp short loc_40239F
; ---------------------------------------------------------------------------
loc_402386: ; CODE XREF: sub_4021CC+68�j
; sub_4021CC+82�j ...
mov eax, esi
sub eax, edi
add ds:dword_4075A0, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
loc_40239F: ; CODE XREF: sub_4021CC+33�j
; sub_4021CC+12C�j ...
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4021CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023A8 proc near ; CODE XREF: sub_4024AC+D�p
; DATA XREF: DATA:off_406034�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_4023CF
call sub_4017AC
test al, al
jnz short loc_4023CF
xor eax, eax
mov [ebp+var_4], eax
jmp loc_402460
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_4023A8+12�j
; sub_4023A8+1B�j
xor edx, edx
push ebp
push offset loc_402459
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4023F0
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
loc_4023F0: ; CODE XREF: sub_4023A8+3C�j
mov edx, esi
mov eax, ebx
call sub_4021CC
test al, al
jz short loc_402402
mov [ebp+var_4], ebx
jmp short loc_402438
; ---------------------------------------------------------------------------
loc_402402: ; CODE XREF: sub_4023A8+53�j
mov eax, esi
call sub_401E98
mov edi, eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_402420
mov eax, esi
loc_402420: ; CODE XREF: sub_4023A8+74�j
test edi, edi
jz short loc_402435
mov edx, edi
mov ecx, ebx
xchg eax, ecx
call sub_402570
mov eax, ebx
call sub_402028
loc_402435: ; CODE XREF: sub_4023A8+7A�j
mov [ebp+var_4], edi
loc_402438: ; CODE XREF: sub_4023A8+58�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402460
loc_402445: ; CODE XREF: sub_4023A8+B6�j
cmp ds:byte_407035, 0
jz short loc_402458
push offset CriticalSection ; lpCriticalSection
call LeaveCriticalSection
loc_402458: ; CODE XREF: sub_4023A8+A4�j
retn
; ---------------------------------------------------------------------------
loc_402459: ; DATA XREF: sub_4023A8+2A�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402445
; ---------------------------------------------------------------------------
loc_402460: ; CODE XREF: sub_4023A8+22�j
; sub_4023A8:loc_402458�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4023A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40246C proc near ; CODE XREF: sub_4031DC+C�p
; sub_4037A4+CA�p ...
push ebx
test eax, eax
jle short loc_402486
call ds:off_40602C
mov ebx, eax
test ebx, ebx
jnz short loc_402488
mov al, 1
call sub_402554
; ---------------------------------------------------------------------------
jmp short loc_402488
; ---------------------------------------------------------------------------
loc_402486: ; CODE XREF: sub_40246C+3�j
xor ebx, ebx
loc_402488: ; CODE XREF: sub_40246C+F�j
; sub_40246C+18�j
mov eax, ebx
pop ebx
retn
sub_40246C endp
; =============== S U B R O U T I N E =======================================
sub_40248C proc near ; CODE XREF: sub_403118+1C�p
; sub_40313C+21�p ...
push ebx
test eax, eax
jz short loc_4024A6
call ds:off_406030
mov ebx, eax
test ebx, ebx
jz short loc_4024A8
mov al, 2
call sub_402554
; ---------------------------------------------------------------------------
jmp short loc_4024A8
; ---------------------------------------------------------------------------
loc_4024A6: ; CODE XREF: sub_40248C+3�j
xor ebx, ebx
loc_4024A8: ; CODE XREF: sub_40248C+F�j
; sub_40248C+18�j
mov eax, ebx
pop ebx
retn
sub_40248C endp
; =============== S U B R O U T I N E =======================================
sub_4024AC proc near ; CODE XREF: sub_403350+22�p
; sub_4037A4+BB�p
mov ecx, [eax]
test ecx, ecx
jz short loc_4024E4
test edx, edx
jz short loc_4024CE
push eax
mov eax, ecx
call ds:off_406034
pop ecx
or eax, eax
jz short loc_4024DD
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_4024C7: ; CODE XREF: sub_4024AC+2E�j
mov al, 2
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4024CE: ; CODE XREF: sub_4024AC+8�j
mov [eax], edx
mov eax, ecx
call ds:off_406030
or eax, eax
jnz short loc_4024C7
retn
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_4024AC+16�j
; sub_4024AC+48�j
mov al, 1
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4024E4: ; CODE XREF: sub_4024AC+4�j
test edx, edx
jz short locret_4024F8
push eax
mov eax, edx
call ds:off_40602C
pop ecx
or eax, eax
jz short loc_4024DD
mov [ecx], eax
locret_4024F8: ; CODE XREF: sub_4024AC+3A�j
retn
sub_4024AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4024FC proc near ; CODE XREF: sub_402508+42�p
; CODE:00402D1F�p
mov ds:dword_406004, edx
call sub_403100
sub_4024FC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402508 proc near ; CODE XREF: sub_402554+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_407008, 0
jz short loc_402524
mov edx, esi
mov eax, ebx
call ds:dword_407008
loc_402524: ; CODE XREF: sub_402508+10�j
test bl, bl
jnz short loc_402535
call sub_403CD4
mov ebx, [eax+4]
jmp short loc_402544
; ---------------------------------------------------------------------------
loc_402535: ; CODE XREF: sub_402508+1E�j
cmp bl, 18h
ja short loc_402544
xor eax, eax
mov al, bl
mov bl, ds:byte_406038[eax]
loc_402544: ; CODE XREF: sub_402508+2B�j
; sub_402508+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_4024FC
sub_402508 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402554 proc near ; CODE XREF: sub_40246C+13�p
; sub_40248C+13�p ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_402508
sub_402554 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402560 proc near ; CODE XREF: sub_4026FC+38�p
; sub_4026FC+4C�p
push ebx
mov ebx, eax
call sub_403CD4
mov [eax+4], ebx
pop ebx
retn
sub_402560 endp
; =============== S U B R O U T I N E =======================================
sub_402570 proc near ; CODE XREF: sub_4023A8+81�p
; sub_402784+6�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_40258F
jz short loc_4025AD
sar ecx, 2
js short loc_4025AD
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40258F: ; CODE XREF: sub_402570+A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
sar ecx, 2
js short loc_4025AD
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_4025AD: ; CODE XREF: sub_402570+C�j
; sub_402570+11�j ...
pop edi
pop esi
retn
sub_402570 endp
; =============== S U B R O U T I N E =======================================
sub_4025B0 proc near ; CODE XREF: sub_40269C+41�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_4025C2
; ---------------------------------------------------------------------------
loc_4025BA: ; CODE XREF: sub_4025B0+1A�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
loc_4025C2: ; CODE XREF: sub_4025B0+8�j
; sub_4025B0+2A�j
mov al, [ebx]
test al, al
jz short loc_4025CC
cmp al, 20h
jbe short loc_4025BA
loc_4025CC: ; CODE XREF: sub_4025B0+16�j
cmp byte ptr [ebx], 22h
jnz short loc_4025DC
cmp byte ptr [ebx+1], 22h
jnz short loc_4025DC
add ebx, 2
jmp short loc_4025C2
; ---------------------------------------------------------------------------
loc_4025DC: ; CODE XREF: sub_4025B0+1F�j
; sub_4025B0+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_402625
; ---------------------------------------------------------------------------
loc_4025E2: ; CODE XREF: sub_4025B0+79�j
cmp al, 22h
jnz short loc_402617
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_4025FE
; ---------------------------------------------------------------------------
loc_4025F0: ; CODE XREF: sub_4025B0+56�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_4025FE: ; CODE XREF: sub_4025B0+3E�j
mov al, [ebx]
test al, al
jz short loc_402608
cmp al, 22h
jnz short loc_4025F0
loc_402608: ; CODE XREF: sub_4025B0+52�j
cmp byte ptr [ebx], 0
jz short loc_402625
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_402625
; ---------------------------------------------------------------------------
loc_402617: ; CODE XREF: sub_4025B0+34�j
push ebx ; lpsz
call CharNextA ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_402625: ; CODE XREF: sub_4025B0+30�j
; sub_4025B0+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_4025E2
mov eax, esi
mov edx, ebp
call sub_403350
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_40268D
; ---------------------------------------------------------------------------
loc_40263C: ; CODE XREF: sub_4025B0+E1�j
cmp al, 22h
jnz short loc_402678
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_40265F
; ---------------------------------------------------------------------------
loc_40264A: ; CODE XREF: sub_4025B0+B7�j
push ebx ; lpsz
call CharNextA ; CharNextA
cmp eax, ebx
jbe short loc_40265F
loc_402654: ; CODE XREF: sub_4025B0+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_402654
loc_40265F: ; CODE XREF: sub_4025B0+98�j
; sub_4025B0+A2�j
mov al, [ebx]
test al, al
jz short loc_402669
cmp al, 22h
jnz short loc_40264A
loc_402669: ; CODE XREF: sub_4025B0+B3�j
cmp byte ptr [ebx], 0
jz short loc_40268D
push ebx ; lpsz
call CharNextA ; CharNextA
mov ebx, eax
jmp short loc_40268D
; ---------------------------------------------------------------------------
loc_402678: ; CODE XREF: sub_4025B0+8E�j
push ebx ; lpsz
call CharNextA ; CharNextA
cmp eax, ebx
jbe short loc_40268D
loc_402682: ; CODE XREF: sub_4025B0+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_402682
loc_40268D: ; CODE XREF: sub_4025B0+8A�j
; sub_4025B0+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_40263C
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4025B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40269C proc near ; CODE XREF: CODE:00405AF8�p
Filename = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_403118
test esi, esi
jnz short loc_4026D2
push 105h ; nSize
lea eax, [esp+118h+Filename]
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_403208
jmp short loc_4026F0
; ---------------------------------------------------------------------------
loc_4026D2: ; CODE XREF: sub_40269C+16�j
call GetCommandLineA ; GetCommandLineA
mov edi, eax
loc_4026D9: ; CODE XREF: sub_40269C+52�j
mov edx, ebx
mov eax, edi
call sub_4025B0
mov edi, eax
test esi, esi
jz short loc_4026F0
cmp dword ptr [ebx], 0
jz short loc_4026F0
dec esi
jmp short loc_4026D9
; ---------------------------------------------------------------------------
loc_4026F0: ; CODE XREF: sub_40269C+34�j
; sub_40269C+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_40269C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4026FC proc near ; CODE XREF: sub_403B34+1E�p
; sub_403B34+28�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_40273B
cmp ax, 0D7B3h
ja short loc_40273B
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_402723
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_402723: ; CODE XREF: sub_4026FC+1E�j
test esi, esi
jnz short loc_40272E
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_40272E: ; CODE XREF: sub_4026FC+29�j
test esi, esi
jz short loc_40274D
mov eax, esi
call sub_402560
jmp short loc_40274D
; ---------------------------------------------------------------------------
loc_40273B: ; CODE XREF: sub_4026FC+E�j
; sub_4026FC+14�j
cmp ebx, offset dword_407038
jz short loc_40274D
mov eax, 67h
call sub_402560
loc_40274D: ; CODE XREF: sub_4026FC+34�j
; sub_4026FC+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_4026FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402754 proc near ; CODE XREF: sub_404254+41�p
; sub_404254+71�p ...
push esi
push edi
mov edi, eax
xor eax, eax
mov al, [edi]
mov esi, edx
xor edx, edx
mov dl, [esi]
inc esi
add al, dl
jb short loc_402779
cmp al, cl
ja short loc_402779
loc_40276B: ; CODE XREF: sub_402754+2D�j
mov ecx, edx
mov dl, [edi]
mov [edi], al
inc edi
add edi, edx
rep movsb
loc_402776: ; CODE XREF: sub_402754+29�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_402779: ; CODE XREF: sub_402754+11�j
; sub_402754+15�j
mov al, cl
sub cl, [edi]
jbe short loc_402776
mov dl, cl
jmp short loc_40276B
sub_402754 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402784 proc near ; CODE XREF: sub_404254+1E�p
; sub_404254+4E�p ...
xor ecx, ecx
mov cl, [edx]
inc ecx
xchg eax, edx
call sub_402570
retn
sub_402784 endp
; =============== S U B R O U T I N E =======================================
sub_402790 proc near ; CODE XREF: sub_4037A4+F1�p
; sub_4037A4+145�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4027AD
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4027AD: ; CODE XREF: sub_402790+12�j
pop edi
retn
sub_402790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027B0 proc near ; CODE XREF: sub_403AC0+41�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_402826
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_4027C3: ; CODE XREF: sub_4027B0+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_4027C3
mov ch, 0
cmp bl, 2Dh
jz short loc_402834
cmp bl, 2Bh
jz short loc_402836
loc_4027D7: ; CODE XREF: sub_4027B0+89�j
cmp bl, 24h
jz short loc_40283B
cmp bl, 78h
jz short loc_40283B
cmp bl, 58h
jz short loc_40283B
cmp bl, 30h
jnz short loc_4027FE
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_40283B
cmp bl, 58h
jz short loc_40283B
test bl, bl
jz short loc_40281C
jmp short loc_402802
; ---------------------------------------------------------------------------
loc_4027FE: ; CODE XREF: sub_4027B0+39�j
test bl, bl
jz short loc_40282F
loc_402802: ; CODE XREF: sub_4027B0+4C�j
; sub_4027B0+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_40282F
cmp eax, edi
ja short loc_40282F
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402802
loc_40281C: ; CODE XREF: sub_4027B0+4A�j
dec ch
jz short loc_402829
test eax, eax
jge short loc_402878
jmp short loc_40282F
; ---------------------------------------------------------------------------
loc_402826: ; CODE XREF: sub_4027B0+8�j
; sub_4027B0+95�j
inc esi
jmp short loc_40282F
; ---------------------------------------------------------------------------
loc_402829: ; CODE XREF: sub_4027B0+6E�j
neg eax
jle short loc_402878
js short loc_402878
loc_40282F: ; CODE XREF: sub_4027B0+50�j
; sub_4027B0+58�j ...
pop ebx
sub esi, ebx
jmp short loc_40287B
; ---------------------------------------------------------------------------
loc_402834: ; CODE XREF: sub_4027B0+20�j
inc ch
loc_402836: ; CODE XREF: sub_4027B0+25�j
mov bl, [esi]
inc esi
jmp short loc_4027D7
; ---------------------------------------------------------------------------
loc_40283B: ; CODE XREF: sub_4027B0+2A�j
; sub_4027B0+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_402826
loc_402847: ; CODE XREF: sub_4027B0+C0�j
cmp bl, 61h
jb short loc_40284F
sub bl, 20h
loc_40284F: ; CODE XREF: sub_4027B0+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_402862
sub bl, 11h
cmp bl, 5
ja short loc_40282F
add bl, 0Ah
loc_402862: ; CODE XREF: sub_4027B0+A5�j
cmp eax, edi
ja short loc_40282F
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402847
dec ch
jnz short loc_402878
neg eax
loc_402878: ; CODE XREF: sub_4027B0+72�j
; sub_4027B0+7B�j ...
pop ecx
xor esi, esi
loc_40287B: ; CODE XREF: sub_4027B0+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_4027B0 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetKeyboardType. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_40288C proc near ; CODE XREF: sub_403B88+39�p
push ebx
xor ebx, ebx
push 0 ; nTypeFlag
call GetKeyboardType ; GetKeyboardType
cmp eax, 7
jnz short loc_4028B7
push 1 ; nTypeFlag
call GetKeyboardType ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_4028B5
cmp eax, 400h
jnz short loc_4028B7
loc_4028B5: ; CODE XREF: sub_40288C+20�j
mov bl, 1
loc_4028B7: ; CODE XREF: sub_40288C+D�j
; sub_40288C+27�j
mov eax, ebx
pop ebx
retn
sub_40288C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028BC proc near ; CODE XREF: sub_403B88+42�p
cbData = dword ptr -0Ch
Data = byte ptr -8
hKey = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, ds:word_406014
mov dword ptr [ebp+Data], eax
lea eax, [ebp+hKey]
push eax ; phkResult
push 1 ; samDesired
push 0 ; ulOptions
push offset SubKey ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_402934
xor eax, eax
push ebp
push offset loc_40292D
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+cbData], 4
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
push 0 ; lpType
push 0 ; lpReserved
push offset ValueName ; "FPUMaskValue"
mov eax, [ebp+hKey]
push eax ; hKey
call RegQueryValueExA ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402934
loc_402923: ; CODE XREF: sub_4028BC+76�j
mov eax, [ebp+hKey]
push eax ; hKey
call RegCloseKey ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_40292D: ; DATA XREF: sub_4028BC+2E�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402923
; ---------------------------------------------------------------------------
loc_402934: ; CODE XREF: sub_4028BC+29�j
; sub_4028BC+70�j
; DATA XREF: ...
mov ax, ds:word_406014
and ax, 0FFC0h
mov dx, word ptr [ebp+Data]
and dx, 3Fh
or ax, dx
mov ds:word_406014, ax
mov esp, ebp
pop ebp
retn
sub_4028BC endp
; ---------------------------------------------------------------------------
align 4
; char SubKey[]
SubKey db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_4028BC+18�o
; char ValueName[]
ValueName db 'FPUMaskValue',0 ; DATA XREF: sub_4028BC+4C�o
align 10h
; =============== S U B R O U T I N E =======================================
sub_402980 proc near ; CODE XREF: sub_402E10-368�p
; CODE:00402D56�p ...
fninit
wait
fldcw ds:word_406014
retn
sub_402980 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40298C proc near ; CODE XREF: CODE:00402BA7�j
; sub_402BEC+30�p ...
test eax, eax
jz short locret_402997
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_402997: ; CODE XREF: sub_40298C+2�j
retn
sub_40298C endp
; =============== S U B R O U T I N E =======================================
sub_402998 proc near ; CODE XREF: sub_402BEC+35�p
cmp ds:byte_406018, 1
jbe short locret_4029B2
push 0
push 0
push 0
push 0EEDFADFh
call ds:dword_407010
locret_4029B2: ; CODE XREF: sub_402998+7�j
retn
sub_402998 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4029B4 proc near ; CODE XREF: sub_402E10-33B�p
cmp ds:byte_406018, 0
jz short locret_4029D4
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:dword_407010
add esp, 8
pop eax
locret_4029D4: ; CODE XREF: sub_4029B4+7�j
retn
sub_4029B4 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4029F0
loc_4029D8: ; CODE XREF: sub_4029F0+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:dword_407010
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_4029F0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4029F0 proc near ; CODE XREF: sub_402E10-28B�p
; FUNCTION CHUNK AT 004029D8 SIZE 00000015 BYTES
cmp ds:byte_406018, 1
jbe short locret_402A00
push eax
push ebx
jmp loc_4029D8
; ---------------------------------------------------------------------------
locret_402A00: ; CODE XREF: sub_4029F0+7�j
retn
sub_4029F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A04 proc near ; CODE XREF: sub_402A24+C�p
test ecx, ecx
jz short locret_402A21
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_402A1C
cmp byte ptr [ecx], 0EBh
jnz short locret_402A21
movsx eax, al
inc ecx
inc ecx
jmp short loc_402A1F
; ---------------------------------------------------------------------------
loc_402A1C: ; CODE XREF: sub_402A04+A�j
add ecx, 5
loc_402A1F: ; CODE XREF: sub_402A04+16�j
add ecx, eax
locret_402A21: ; CODE XREF: sub_402A04+2�j
; sub_402A04+F�j
retn
sub_402A04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A24 proc near ; CODE XREF: sub_4017AC+142D�p
cmp ds:byte_406018, 1
jbe short locret_402A4A
push eax
push edx
push ecx
call sub_402A04
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:dword_407010
pop ecx
pop ecx
pop edx
pop eax
locret_402A4A: ; CODE XREF: sub_402A24+7�j
retn
sub_402A24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A4C proc near ; CODE XREF: sub_402C40+28�p
cmp ds:byte_406018, 1
jbe short locret_402A67
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:dword_407010
pop edx
locret_402A67: ; CODE XREF: sub_402A4C+7�j
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402A68 proc near ; CODE XREF: CODE:loc_402D9D�p
push eax
push edx
cmp ds:byte_406018, 1
jbe short loc_402A83
push esp
push 2
push 0
push 0EEDFAE3h
call ds:dword_407010
loc_402A83: ; CODE XREF: sub_402A68+9�j
pop edx
pop eax
retn
sub_402A68 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402E10
loc_402A88: ; CODE XREF: sub_402E10:loc_402E56�j
; sub_402E70:loc_402EB6�j ...
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
test dword ptr [eax+4], 6
jnz loc_402BAC
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_402B15
cld
call sub_402980
mov edx, ds:dword_40700C
test edx, edx
jz loc_402BAC
call edx ; dword_40700C
test eax, eax
jz loc_402BAC
mov edx, [esp-4+arg_8]
mov ecx, [esp-4+ExceptionInfo.ExceptionRecord]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_402B0C
call sub_4029B4
cmp ds:byte_40601C, 0
jbe short loc_402B0C
cmp ds:byte_406018, 0
ja short loc_402B0C
lea ecx, [esp-4+ExceptionInfo]
push eax
push ecx ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_402BAC
mov edx, eax
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
mov ecx, [eax+0Ch]
jmp short loc_402B3C
; ---------------------------------------------------------------------------
loc_402B0C: ; CODE XREF: sub_402E10-33D�j
; sub_402E10-32F�j ...
mov edx, eax
mov eax, [esp-4+ExceptionInfo.ExceptionRecord]
mov ecx, [eax+0Ch]
loc_402B15: ; CODE XREF: sub_402E10-36B�j
cmp ds:byte_40601C, 1
jbe short loc_402B3C
cmp ds:byte_406018, 0
ja short loc_402B3C
push eax
lea eax, [esp+ExceptionInfo]
push edx
push ecx
push eax ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_402BAC
loc_402B3C: ; CODE XREF: sub_402E10-306�j
; sub_402E10-2F4�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+1Ch+ExceptionInfo.ContextRecord]
push 0
push eax
push offset loc_402B60
push edx
call ds:dword_407014
loc_402B60: ; DATA XREF: sub_402E10-2BC�o
mov edi, [esp+2Ch+var_4]
call sub_403CD4
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset sub_402B8C
add ebx, 5
call sub_4029F0
jmp ebx
; END OF FUNCTION CHUNK FOR sub_402E10
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B8C proc near ; DATA XREF: sub_402E10-295�o
jmp loc_402BB4
sub_402B8C endp
; ---------------------------------------------------------------------------
call sub_403CD4
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_40298C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402E10
loc_402BAC: ; CODE XREF: sub_402E10-37D�j
; sub_402E10-35B�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_402E10
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4017AC
loc_402BB4: ; CODE XREF: sub_4017AC:loc_401862�j
; sub_401870:loc_401946�j ...
mov eax, [esp+4]
mov edx, [esp+arg_0]
test dword ptr [eax+4], 6
jz short loc_402BE4
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_402BE4
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_402A24
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_402BE4: ; CODE XREF: sub_4017AC+1417�j
; DATA XREF: sub_4017AC+141C�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_4017AC
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BEC proc near ; CODE XREF: sub_402E10+50�p
; sub_402E70+50�p
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_402C37
call sub_403CD4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_402C26
mov eax, [edx+8]
call sub_40298C
call sub_402998
loc_402C26: ; CODE XREF: sub_402BEC+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_402C37: ; DATA XREF: sub_402BEC+4�o
mov eax, 1
retn
sub_402BEC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C40 proc near ; CODE XREF: sub_402E10+55�p
; sub_402E70+55�p ...
arg_2C = dword ptr 30h
call sub_403CD4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_40298C
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_402A4C
jmp edx
sub_402C40 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402C70 proc near ; CODE XREF: sub_401E98+F5�p
; sub_401E98+14A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_402C70 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_402C88: ; CODE XREF: CODE:00402D88�j
; CODE:00402D94�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_402CC3
jz short loc_402CF5
cmp eax, 0C000008Eh
jg short loc_402CB5
jz short loc_402CF9
sub eax, 0C0000005h
jz short loc_402D05
sub eax, 87h
jz short loc_402CED
dec eax
jz short loc_402D01
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CB5: ; CODE XREF: CODE:00402C9E�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_402CF5
jz short loc_402CF1
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CC3: ; CODE XREF: CODE:00402C95�j
cmp eax, 0C0000096h
jg short loc_402CDB
jz short loc_402D09
sub eax, 0C0000093h
jz short loc_402D01
dec eax
jz short loc_402CE9
dec eax
jz short loc_402CFD
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CDB: ; CODE XREF: CODE:00402CC8�j
sub eax, 0C00000FDh
jz short loc_402D11
sub eax, 3Dh
jz short loc_402D0D
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CE9: ; CODE XREF: CODE:00402CD4�j
mov al, 0C8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CED: ; CODE XREF: CODE:00402CAE�j
mov al, 0C9h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF1: ; CODE XREF: CODE:00402CBF�j
mov al, 0CDh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF5: ; CODE XREF: CODE:00402C97�j
; CODE:00402CBD�j
mov al, 0CFh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF9: ; CODE XREF: CODE:00402CA0�j
mov al, 0C8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CFD: ; CODE XREF: CODE:00402CD7�j
mov al, 0D7h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D01: ; CODE XREF: CODE:00402CB1�j
; CODE:00402CD1�j
mov al, 0CEh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D05: ; CODE XREF: CODE:00402CA7�j
mov al, 0D8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D09: ; CODE XREF: CODE:00402CCA�j
mov al, 0DAh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D0D: ; CODE XREF: CODE:00402CE5�j
mov al, 0D9h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: CODE:00402CE0�j
mov al, 0CAh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D15: ; CODE XREF: CODE:00402CB3�j
; CODE:00402CC1�j ...
mov al, 0FFh
loc_402D17: ; CODE XREF: CODE:00402CEB�j
; CODE:00402CEF�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_4024FC
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_402D28: ; DATA XREF: sub_402DC8+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_402DC2
cmp ds:byte_406018, 0
ja short loc_402D51
lea eax, [esp+4]
push eax
call UnhandledExceptionFilter ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_402DC2
loc_402D51: ; CODE XREF: CODE:00402D40�j
mov eax, [esp+4]
cld
call sub_402980
mov edx, [esp+8]
push 0
push eax
push offset loc_402D6E
push edx
call ds:dword_407014
loc_402D6E: ; DATA XREF: CODE:00402D62�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_402D9D
mov edx, ds:dword_40700C
test edx, edx
jz loc_402C88
mov eax, ebx
call edx ; dword_40700C
test eax, eax
jz loc_402C88
mov edx, [ebx+0Ch]
loc_402D9D: ; CODE XREF: CODE:00402D7E�j
call sub_402A68
mov ecx, ds:dword_407004
test ecx, ecx
jz short loc_402DAE
call ecx ; dword_407004
loc_402DAE: ; CODE XREF: CODE:00402DAA�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_40310C
; ---------------------------------------------------------------------------
loc_402DC2: ; CODE XREF: CODE:00402D33�j
; CODE:00402D4F�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DC8 proc near ; CODE XREF: sub_402ED0+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_402D28
mov [eax+8], ebp
mov ds:dword_407624, eax
retn
sub_402DC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DE8 proc near ; CODE XREF: sub_403028:loc_4030B2�p
xor edx, edx
mov eax, ds:dword_407624
test eax, eax
jz short locret_402E0F
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_402E02
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_402E00: ; CODE XREF: sub_402DE8+21�j
mov ecx, [ecx]
loc_402E02: ; CODE XREF: sub_402DE8+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_402E0F
cmp [ecx], eax
jnz short loc_402E00
mov eax, [eax]
mov [ecx], eax
locret_402E0F: ; CODE XREF: sub_402DE8+9�j
; sub_402DE8+1D�j
retn
sub_402DE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402E10(struct _EXCEPTION_POINTERS ExceptionInfo, int)
sub_402E10 proc near ; CODE XREF: sub_402E10+4B�p
; sub_402E70+4B�p ...
var_4 = dword ptr -4
ExceptionInfo = _EXCEPTION_POINTERS ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00402A88 SIZE 00000104 BYTES
; FUNCTION CHUNK AT 00402BAC SIZE 00000006 BYTES
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, offset dword_407620
mov eax, [edi+8]
test eax, eax
jz short loc_402E6A
mov ebx, [edi+0Ch]
mov esi, [eax+4]
xor edx, edx
push ebp
push offset loc_402E56
push dword ptr fs:[edx]
mov fs:[edx], esp
test ebx, ebx
jle short loc_402E4C
loc_402E3A: ; CODE XREF: sub_402E10+3A�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_402E48
call eax
loc_402E48: ; CODE XREF: sub_402E10+34�j
test ebx, ebx
jg short loc_402E3A
loc_402E4C: ; CODE XREF: sub_402E10+28�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402E6A
; ---------------------------------------------------------------------------
loc_402E56: ; DATA XREF: sub_402E10+1B�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402E10
call sub_402BEC
call sub_402C40
loc_402E6A: ; CODE XREF: sub_402E10+10�j
; sub_402E10+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402E10 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E70 proc near ; CODE XREF: sub_402ED0+3A�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, ds:dword_407628
test eax, eax
jz short loc_402ECA
mov esi, [eax]
xor ebx, ebx
mov edi, [eax+4]
xor edx, edx
push ebp
push offset loc_402EB6
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp esi, ebx
jle short loc_402EAC
loc_402E98: ; CODE XREF: sub_402E70+3A�j
mov eax, [edi+ebx*8]
inc ebx
mov ds:dword_40762C, ebx
test eax, eax
jz short loc_402EA8
call eax
loc_402EA8: ; CODE XREF: sub_402E70+34�j
cmp esi, ebx
jg short loc_402E98
loc_402EAC: ; CODE XREF: sub_402E70+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402ECA
; ---------------------------------------------------------------------------
loc_402EB6: ; DATA XREF: sub_402E70+19�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402E10
call sub_402BEC
call sub_402C40
loc_402ECA: ; CODE XREF: sub_402E70+D�j
; sub_402E70+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402E70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402ED0 proc near ; CODE XREF: sub_403D20+3A�p
mov ds:dword_407010, offset RaiseException
mov ds:dword_407014, offset RtlUnwind
mov ds:dword_407628, eax
xor eax, eax
mov ds:dword_40762C, eax
mov ds:dword_407630, edx
mov eax, [edx+4]
mov ds:dword_40701C, eax
call sub_402DC8
mov ds:byte_407024, 0
call sub_402E70
retn
sub_402ED0 endp
; =============== S U B R O U T I N E =======================================
sub_402F10 proc near ; CODE XREF: sub_403028+38�p
push ebx
push esi
push edi
mov esi, offset Text ; "Runtime error at 00000000"
mov cl, 10h
mov ebx, ds:dword_406000
loc_402F20: ; CODE XREF: sub_402F10+33�j
mov eax, ebx
mov edi, 0Ah
cdq
idiv edi
add dl, 30h
xor eax, eax
mov al, cl
mov [esi+eax], dl
mov eax, ebx
mov ebx, 0Ah
cdq
idiv ebx
mov ebx, eax
dec ecx
test ebx, ebx
jnz short loc_402F20
mov cl, 1Ch
mov eax, ds:dword_406004
loc_402F4C: ; CODE XREF: sub_402F10+54�j
mov edx, eax
and edx, 0Fh
mov dl, ds:byte_40607C[edx]
xor ebx, ebx
mov bl, cl
mov [esi+ebx], dl
shr eax, 4
dec ecx
test eax, eax
jnz short loc_402F4C
pop edi
pop esi
pop ebx
retn
sub_402F10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402F6C proc near ; CODE XREF: sub_403028+9E�p
xor eax, eax
xchg eax, ds:dword_406000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_407620
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_402F6C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402F9C proc near ; CODE XREF: sub_403028+3D�p
NumberOfBytesWritten= dword ptr -4
push ecx
cmp ds:byte_407034, 0
jz short loc_402FFD
cmp ds:word_407208, 0D7B2h
jnz short loc_402FC5
cmp ds:dword_407210, 0
jbe short loc_402FC5
mov eax, offset dword_407204
call ds:dword_407220
loc_402FC5: ; CODE XREF: sub_402F9C+13�j
; sub_402F9C+1C�j
push 0 ; lpOverlapped
lea eax, [esp+8+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 1Eh ; nNumberOfBytesToWrite
push offset Text ; "Runtime error at 00000000"
push 0FFFFFFF5h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
push 0 ; lpOverlapped
lea eax, [esp+8+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push 2 ; nNumberOfBytesToWrite
push offset dword_403024 ; lpBuffer
push 0FFFFFFF5h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_402FFD: ; CODE XREF: sub_402F9C+8�j
cmp ds:byte_406020, 0
jnz short loc_403019
push 0 ; uType
push offset Caption ; "Error"
push offset Text ; "Runtime error at 00000000"
push 0 ; hWnd
call MessageBoxA ; MessageBoxA
loc_403019: ; CODE XREF: sub_402F9C+68�j
pop edx
retn
sub_402F9C endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_403024 dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403028 proc near ; CODE XREF: sub_403100+5�p
; CODE:00405B37�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_407620
mov esi, offset dword_406000
mov edi, offset dword_407030
cmp byte ptr [ebx+28h], 0
jnz short loc_403057
cmp dword ptr [edi], 0
jz short loc_403057
loc_403046: ; CODE XREF: sub_403028+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_403046
loc_403057: ; CODE XREF: sub_403028+17�j
; sub_403028+1C�j
cmp ds:dword_406004, 0
jz short loc_403071
call sub_402F10
call sub_402F9C
xor eax, eax
mov ds:dword_406004, eax
loc_403071: ; CODE XREF: sub_403028+36�j
; sub_403028+CE�j
cmp byte ptr [ebx+28h], 2
jnz short loc_403081
cmp dword ptr [esi], 0
jnz short loc_403081
xor eax, eax
mov [ebx+0Ch], eax
loc_403081: ; CODE XREF: sub_403028+4D�j
; sub_403028+52�j
call sub_402E10
cmp byte ptr [ebx+28h], 1
jbe short loc_403091
cmp dword ptr [esi], 0
jz short loc_4030B2
loc_403091: ; CODE XREF: sub_403028+62�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_4030B2
call sub_403A0C
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_4030B2
test eax, eax
jz short loc_4030B2
push eax ; hLibModule
call FreeLibrary ; FreeLibrary
loc_4030B2: ; CODE XREF: sub_403028+67�j
; sub_403028+6E�j ...
call sub_402DE8
cmp byte ptr [ebx+28h], 1
jnz short loc_4030C0
call dword ptr [ebx+24h]
loc_4030C0: ; CODE XREF: sub_403028+93�j
cmp byte ptr [ebx+28h], 0
jz short loc_4030CB
call sub_402F6C
loc_4030CB: ; CODE XREF: sub_403028+9C�j
cmp dword ptr [ebx], 0
jnz short loc_4030E7
cmp ds:dword_407018, 0
jz short loc_4030DF
call ds:dword_407018
loc_4030DF: ; CODE XREF: sub_403028+AF�j
mov eax, [esi]
push eax ; uExitCode
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_4030E7: ; CODE XREF: sub_403028+A6�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_403071
sub_403028 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403100 proc near ; CODE XREF: sub_4024FC+6�p
; sub_40310C+6�j
mov ds:dword_406000, eax
call sub_403028
sub_403100 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40310C proc near ; CODE XREF: CODE:00402DBD�j
; sub_403C90+1A�p ...
pop ds:dword_406004
jmp sub_403100
sub_40310C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403118 proc near ; CODE XREF: sub_40269C+F�p
; sub_403208+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_40313A
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_40313A
lock dec dword ptr [edx-8]
jnz short locret_40313A
push eax
lea eax, [edx-8]
call sub_40248C
pop eax
locret_40313A: ; CODE XREF: sub_403118+4�j
; sub_403118+10�j ...
retn
sub_403118 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40313C proc near ; CODE XREF: sub_403468+56�p
; sub_403F04+266�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_403142: ; CODE XREF: sub_40313C+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_403162
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_403162
lock dec dword ptr [edx-8]
jnz short loc_403162
lea eax, [edx-8]
call sub_40248C
loc_403162: ; CODE XREF: sub_40313C+A�j
; sub_40313C+16�j ...
add ebx, 4
dec esi
jnz short loc_403142
pop esi
pop ebx
retn
sub_40313C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40316C proc near ; CODE XREF: sub_4032A4+8�j
; sub_40356C+70�p ...
test edx, edx
jz short loc_403194
mov ecx, [edx-8]
inc ecx
jg short loc_403190
push eax
push edx
mov eax, [edx-4]
call sub_4031DC
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_402570
pop edx
pop eax
jmp short loc_403194
; ---------------------------------------------------------------------------
loc_403190: ; CODE XREF: sub_40316C+8�j
lock inc dword ptr [edx-8]
loc_403194: ; CODE XREF: sub_40316C+2�j
; sub_40316C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_4031AE
mov ecx, [edx-8]
dec ecx
jl short locret_4031AE
lock dec dword ptr [edx-8]
jnz short locret_4031AE
lea eax, [edx-8]
call sub_40248C
locret_4031AE: ; CODE XREF: sub_40316C+2C�j
; sub_40316C+32�j ...
retn
sub_40316C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4031B0 proc near ; CODE XREF: sub_405018+38�p
test edx, edx
jz short loc_4031BE
mov ecx, [edx-8]
inc ecx
jle short loc_4031BE
lock inc dword ptr [edx-8]
loc_4031BE: ; CODE XREF: sub_4031B0+2�j
; sub_4031B0+8�j
xchg edx, [eax]
test edx, edx
jz short locret_4031D8
mov ecx, [edx-8]
dec ecx
jl short locret_4031D8
lock dec dword ptr [edx-8]
jnz short locret_4031D8
lea eax, [edx-8]
call sub_40248C
locret_4031D8: ; CODE XREF: sub_4031B0+12�j
; sub_4031B0+18�j ...
retn
sub_4031B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4031DC proc near ; CODE XREF: sub_40316C+F�p
; sub_403208+B�p ...
test eax, eax
jle short loc_403204
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_40246C
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_403204: ; CODE XREF: sub_4031DC+2�j
xor eax, eax
retn
sub_4031DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403208 proc near ; CODE XREF: sub_40269C+2F�p
; sub_403238+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_4031DC
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_403229
mov edx, eax
mov eax, esi
call sub_402570
loc_403229: ; CODE XREF: sub_403208+16�j
mov eax, ebx
call sub_403118
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_403208 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403238 proc near ; CODE XREF: sub_404180+42�p
; sub_404F94+45�p
push edx
mov edx, esp
mov ecx, 1
call sub_403208
pop edx
retn
sub_403238 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403248 proc near ; CODE XREF: sub_405018+49�p
; CODE:00405AA1�p
xor ecx, ecx
test edx, edx
jz short loc_40326F
push edx
loc_40324F: ; CODE XREF: sub_403248+1D�j
cmp cl, [edx]
jz short loc_40326A
cmp cl, [edx+1]
jz short loc_403269
cmp cl, [edx+2]
jz short loc_403268
cmp cl, [edx+3]
jz short loc_403267
add edx, 4
jmp short loc_40324F
; ---------------------------------------------------------------------------
loc_403267: ; CODE XREF: sub_403248+18�j
inc edx
loc_403268: ; CODE XREF: sub_403248+13�j
inc edx
loc_403269: ; CODE XREF: sub_403248+E�j
inc edx
loc_40326A: ; CODE XREF: sub_403248+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_40326F: ; CODE XREF: sub_403248+4�j
jmp sub_403208
sub_403248 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403278 proc near ; CODE XREF: sub_404254+22C�p
; sub_40448C+19C�p ...
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_403208
sub_403278 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403284 proc near ; CODE XREF: sub_403AC0+36�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_403291
not ecx
loc_403291: ; CODE XREF: sub_403284+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_403208
sub_403284 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40329C proc near ; CODE XREF: sub_403F04+3E�p
; sub_403F04+4E�p ...
test eax, eax
jz short locret_4032A3
mov eax, [eax-4]
locret_4032A3: ; CODE XREF: sub_40329C+2�j
retn
sub_40329C endp
; =============== S U B R O U T I N E =======================================
sub_4032A4 proc near ; CODE XREF: sub_404180+50�p
; sub_404F94+4F�p
test edx, edx
jz short locret_4032E7
mov ecx, [eax]
test ecx, ecx
jz sub_40316C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_4032DC
call sub_403350
mov eax, esi
mov ecx, [esi-4]
loc_4032CF: ; CODE XREF: sub_4032A4+41�j
mov edx, [ebx]
add edx, edi
call sub_402570
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4032DC: ; CODE XREF: sub_4032A4+1F�j
call sub_403350
mov eax, [ebx]
mov ecx, edi
jmp short loc_4032CF
; ---------------------------------------------------------------------------
locret_4032E7: ; CODE XREF: sub_4032A4+2�j
retn
sub_4032A4 endp
; =============== S U B R O U T I N E =======================================
sub_4032E8 proc near ; CODE XREF: sub_403F04+20�p
; sub_403F04+28�p ...
test eax, eax
jz short locret_4032F6
mov edx, [eax-8]
inc edx
jle short locret_4032F6
lock inc dword ptr [eax-8]
locret_4032F6: ; CODE XREF: sub_4032E8+2�j
; sub_4032E8+8�j
retn
sub_4032E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4032F8 proc near ; CODE XREF: sub_4046BC+2A�p
; sub_4046BC+42�p ...
test eax, eax
jz short loc_4032FE
retn
; ---------------------------------------------------------------------------
byte_4032FD db 0 ; DATA XREF: sub_4032F8:loc_4032FE�o
; ---------------------------------------------------------------------------
loc_4032FE: ; CODE XREF: sub_4032F8+2�j
mov eax, offset byte_4032FD
retn
sub_4032F8 endp
; =============== S U B R O U T I N E =======================================
sub_403304 proc near ; CODE XREF: sub_403348�j
mov edx, [eax]
test edx, edx
jz short loc_403342
mov ecx, [edx-8]
dec ecx
jz short loc_403342
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_4031DC
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_402570
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_40333F
lock dec dword ptr [eax-8]
jnz short loc_40333F
lea eax, [eax-8]
call sub_40248C
loc_40333F: ; CODE XREF: sub_403304+2B�j
; sub_403304+31�j
mov edx, [ebx]
pop ebx
loc_403342: ; CODE XREF: sub_403304+4�j
; sub_403304+A�j
mov eax, edx
retn
sub_403304 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403348 proc near ; CODE XREF: sub_403F04+88�p
; sub_403F04+C9�p ...
jmp sub_403304
sub_403348 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403350 proc near ; CODE XREF: sub_4025B0+7F�p
; sub_4032A4+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_4033A5
mov eax, [ebx]
test eax, eax
jz short loc_403386
cmp dword ptr [eax-8], 1
jnz short loc_403386
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_4024AC
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_4033AE
; ---------------------------------------------------------------------------
loc_403386: ; CODE XREF: sub_403350+11�j
; sub_403350+17�j
mov eax, edx
call sub_4031DC
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_4033A5
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_4033A0
mov ecx, esi
loc_4033A0: ; CODE XREF: sub_403350+4C�j
call sub_402570
loc_4033A5: ; CODE XREF: sub_403350+B�j
; sub_403350+43�j
mov eax, ebx
call sub_403118
mov [ebx], edi
loc_4033AE: ; CODE XREF: sub_403350+34�j
pop edi
pop esi
pop ebx
retn
sub_403350 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4033F8
loc_4033B4: ; CODE XREF: sub_4033F8+1D�j
mov al, 1
jmp sub_402554
; END OF FUNCTION CHUNK FOR sub_4033F8
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4033BC proc near ; CODE XREF: sub_4033F8+2�j
; sub_4033F8+D�j ...
mov edx, [eax]
test edx, edx
jz short locret_4033D0
mov dword ptr [eax], 0
push eax
push edx ; bstrString
call SysFreeString
pop eax
locret_4033D0: ; CODE XREF: sub_4033BC+4�j
retn
sub_4033BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033D4 proc near ; CODE XREF: sub_403468+70�p
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_4033DA: ; CODE XREF: sub_4033D4+1C�j
mov eax, [ebx]
test eax, eax
jz short loc_4033EC
mov dword ptr [ebx], 0
push eax ; bstrString
call SysFreeString
loc_4033EC: ; CODE XREF: sub_4033D4+A�j
add ebx, 4
dec esi
jnz short loc_4033DA
pop esi
pop ebx
retn
sub_4033D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033F8 proc near ; CODE XREF: sub_40356C+81�p
; sub_403688+61�p
; FUNCTION CHUNK AT 004033B4 SIZE 00000007 BYTES
test edx, edx
jz sub_4033BC
mov ecx, [edx-4]
shr ecx, 1
jz sub_4033BC
push ecx ; len
push edx ; psz
push eax ; pbstr
call SysReAllocStringLen
test eax, eax
jz loc_4033B4
retn
sub_4033F8 endp
; =============== S U B R O U T I N E =======================================
sub_40341C proc near ; CODE XREF: sub_403468+AF�p
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_40342E: ; CODE XREF: sub_40341C+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_403468
add esi, 8
dec edi
jg short loc_40342E
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_40341C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403450 proc near ; CODE XREF: sub_403468+7C�p
cmp ds:dword_40600C, 0
jz short loc_403460
call ds:dword_40600C
retn
; ---------------------------------------------------------------------------
loc_403460: ; CODE XREF: sub_403450+7�j
mov al, 10h
call sub_402554
sub_403450 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403468 proc near ; CODE XREF: sub_40341C+20�p
; sub_403468+99�p ...
cmp ecx, 0
jz locret_403551
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_4034AB
cmp al, 0Bh
jz short loc_4034C8
cmp al, 0Ch
jz short loc_4034DF
cmp al, 0Dh
jz short loc_4034EE
cmp al, 0Eh
jz short loc_40350C
cmp al, 0Fh
jz loc_403522
cmp al, 11h
jz loc_403531
jmp loc_403542
; ---------------------------------------------------------------------------
loc_4034AB: ; CODE XREF: sub_403468+1C�j
cmp ecx, 1
mov eax, ebx
jg short loc_4034BC
call sub_403118
jmp loc_40354D
; ---------------------------------------------------------------------------
loc_4034BC: ; CODE XREF: sub_403468+48�j
mov edx, ecx
call sub_40313C
jmp loc_40354D
; ---------------------------------------------------------------------------
loc_4034C8: ; CODE XREF: sub_403468+20�j
cmp ecx, 1
mov eax, ebx
jg short loc_4034D6
call sub_4033BC
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034D6: ; CODE XREF: sub_403468+65�j
mov edx, ecx
call sub_4033D4
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034DF: ; CODE XREF: sub_403468+24�j
; sub_403468+82�j
mov eax, ebx
add ebx, 10h
call sub_403450
dec edi
jg short loc_4034DF
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034EE: ; CODE XREF: sub_403468+28�j
push ebp
mov ebp, edx
loc_4034F1: ; CODE XREF: sub_403468+9F�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_403468
dec edi
jg short loc_4034F1
pop ebp
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_40350C: ; CODE XREF: sub_403468+2C�j
push ebp
mov ebp, edx
loc_40350F: ; CODE XREF: sub_403468+B5�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_40341C
dec edi
jg short loc_40350F
pop ebp
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403522: ; CODE XREF: sub_403468+30�j
; sub_403468+C5�j
mov eax, ebx
add ebx, 4
call sub_403A7C
dec edi
jg short loc_403522
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403531: ; CODE XREF: sub_403468+38�j
; sub_403468+D6�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_40393C
dec edi
jg short loc_403531
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403542: ; CODE XREF: sub_403468+3E�j
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_402554
; ---------------------------------------------------------------------------
loc_40354D: ; CODE XREF: sub_403468+4F�j
; sub_403468+5B�j ...
pop edi
pop esi
pop ebx
pop eax
locret_403551: ; CODE XREF: sub_403468+3�j
retn
sub_403468 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403554 proc near ; CODE XREF: sub_40356C+92�p
; sub_403688+75�p
cmp ds:dword_406010, 0
jz short loc_403564
call ds:dword_406010
retn
; ---------------------------------------------------------------------------
loc_403564: ; CODE XREF: sub_403554+7�j
mov al, 10h
call sub_402554
sub_403554 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40356C proc near ; CODE XREF: sub_40356C+CF�p
; sub_403688+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [eax+ecx+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_403586: ; CODE XREF: sub_40356C+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_403598
mov edx, eax
add eax, esi
add edx, ebx
call sub_402570
loc_403598: ; CODE XREF: sub_40356C+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4035D7
cmp cl, 0Bh
jz short loc_4035E8
cmp cl, 0Ch
jz short loc_4035F9
cmp cl, 0Dh
jz short loc_40360A
cmp cl, 0Eh
jz short loc_40362A
cmp cl, 0Fh
jz loc_403643
cmp cl, 11h
jz loc_403654
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4035D7: ; CODE XREF: sub_40356C+38�j
mov edx, [eax+esi]
add eax, ebx
call sub_40316C
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_4035E8: ; CODE XREF: sub_40356C+3D�j
mov edx, [eax+esi]
add eax, ebx
call sub_4033F8
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_4035F9: ; CODE XREF: sub_40356C+42�j
lea edx, [eax+esi]
add eax, ebx
call sub_403554
mov eax, 10h
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_40360A: ; CODE XREF: sub_40356C+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [ecx+edx+2]
push dword ptr [ecx+edx+6]
mov ecx, [ecx+edx+0Ah]
mov ecx, [ecx]
lea edx, [eax+esi]
add eax, ebx
call sub_403688
pop eax
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_40362A: ; CODE XREF: sub_40356C+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [ecx+edx+2]
push ecx
mov ecx, edx
lea edx, [eax+esi]
add eax, ebx
call sub_40356C
pop eax
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_403643: ; CODE XREF: sub_40356C+51�j
mov edx, [eax+esi]
add eax, ebx
call sub_403A94
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_403654: ; CODE XREF: sub_40356C+5A�j
mov ecx, edx
mov edx, [eax+esi]
add eax, ebx
call sub_403978
mov eax, 4
loc_403665: ; CODE XREF: sub_40356C+7A�j
; sub_40356C+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_403586
pop ecx
sub ecx, eax
jle short loc_403681
lea edx, [eax+ebx]
add eax, esi
call sub_402570
loc_403681: ; CODE XREF: sub_40356C+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40356C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403688 proc near ; CODE XREF: sub_40356C+B6�p
; sub_403688+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_4036CE
cmp cl, 0Bh
jz short loc_4036E5
cmp cl, 0Ch
jz short loc_4036F9
cmp cl, 0Dh
jz short loc_40370D
cmp cl, 0Eh
jz short loc_40372E
cmp cl, 0Fh
jz loc_40374B
cmp cl, 11h
jz loc_40375F
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4036CE: ; CODE XREF: sub_403688+13�j
; sub_403688+56�j
mov eax, ebx
mov edx, [esi]
call sub_40316C
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4036CE
jmp loc_403773
; ---------------------------------------------------------------------------
loc_4036E5: ; CODE XREF: sub_403688+18�j
; sub_403688+6D�j
mov eax, ebx
mov edx, [esi]
call sub_4033F8
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4036E5
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_4036F9: ; CODE XREF: sub_403688+1D�j
; sub_403688+81�j
mov eax, ebx
mov edx, esi
call sub_403554
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_4036F9
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40370D: ; CODE XREF: sub_403688+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [ecx+edi+2]
loc_403716: ; CODE XREF: sub_403688+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_403688
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_403716
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40372E: ; CODE XREF: sub_403688+27�j
; sub_403688+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_40356C
xor eax, eax
mov al, [edi+1]
add ebx, [eax+edi+2]
add esi, [eax+edi+2]
dec ebp
jnz short loc_40372E
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40374B: ; CODE XREF: sub_403688+2C�j
; sub_403688+D3�j
mov eax, ebx
mov edx, [esi]
call sub_403A94
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40374B
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40375F: ; CODE XREF: sub_403688+35�j
; sub_403688+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_403978
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40375F
loc_403773: ; CODE XREF: sub_403688+58�j
; sub_403688+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_403688 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_40377C: ; DATA XREF: sub_403B88+2F�o
mov al, 11h
jmp sub_402554
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403784 proc near ; CODE XREF: sub_4037A4+106�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_403688
pop ebp
retn 4
sub_403784 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403794 proc near ; CODE XREF: sub_4037A4+B0�p
jmp sub_403468
sub_403794 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40379C proc near ; CODE XREF: sub_4037A4+2F�p
call sub_40393C
retn
sub_40379C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037A4 proc near ; CODE XREF: sub_4037A4+173�p
; sub_403930+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_4037DD
test edi, edi
jge short loc_4037CE
mov al, 4
call sub_402554
; ---------------------------------------------------------------------------
loc_4037CE: ; CODE XREF: sub_4037A4+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_40379C
jmp loc_403927
; ---------------------------------------------------------------------------
loc_4037DD: ; CODE XREF: sub_4037A4+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_4037F1
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_4037F1: ; CODE XREF: sub_4037A4+40�j
xor eax, eax
mov al, [esi+1]
add esi, eax
mov eax, esi
mov edx, [eax+2]
mov [ebp+var_18], edx
mov edx, [eax+6]
test edx, edx
jz short loc_40380B
mov esi, [edx]
jmp short loc_40380D
; ---------------------------------------------------------------------------
loc_40380B: ; CODE XREF: sub_4037A4+61�j
xor esi, esi
loc_40380D: ; CODE XREF: sub_4037A4+65�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_403827
mov al, 4
call sub_402554
; ---------------------------------------------------------------------------
loc_403827: ; CODE XREF: sub_4037A4+7A�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_403834
cmp dword ptr [ebx], 1
jnz short loc_403869
loc_403834: ; CODE XREF: sub_4037A4+89�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_403859
test esi, esi
jz short loc_403859
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_403794
loc_403859: ; CODE XREF: sub_4037A4+96�j
; sub_4037A4+9A�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_4024AC
mov ebx, [ebp+var_20]
jmp short loc_4038C7
; ---------------------------------------------------------------------------
loc_403869: ; CODE XREF: sub_4037A4+8E�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_40246C
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_403883
mov [ebp+var_14], edi
loc_403883: ; CODE XREF: sub_4037A4+DA�j
test esi, esi
jz short loc_4038B1
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_402790
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_403784
jmp short loc_4038C7
; ---------------------------------------------------------------------------
loc_4038B1: ; CODE XREF: sub_4037A4+E1�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_402570
loc_4038C7: ; CODE XREF: sub_4037A4+C3�j
; sub_4037A4+10B�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_402790
cmp [ebp+var_8], 1
jle short loc_403922
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_403922
inc edi
mov [ebp+var_C], 0
loc_403908: ; CODE XREF: sub_4037A4+17C�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_4037A4
inc [ebp+var_C]
dec edi
jnz short loc_403908
loc_403922: ; CODE XREF: sub_4037A4+14E�j
; sub_4037A4+15A�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_403927: ; CODE XREF: sub_4037A4+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4037A4 endp
; =============== S U B R O U T I N E =======================================
sub_403930 proc near ; CODE XREF: sub_403F04+7D�p
; sub_403F04+B5�p ...
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_4037A4
retn
sub_403930 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40393C proc near ; CODE XREF: sub_403468+D0�p
; sub_40379C�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_403975
mov dword ptr [eax], 0
lock dec dword ptr [ecx-8]
jnz short locret_403975
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [ecx+edx+6]
test edx, edx
jz short loc_40396C
mov ecx, [eax-4]
test ecx, ecx
jz short loc_40396C
mov edx, [edx]
call sub_403468
loc_40396C: ; CODE XREF: sub_40393C+20�j
; sub_40393C+27�j
sub eax, 8
call sub_40248C
pop eax
locret_403975: ; CODE XREF: sub_40393C+4�j
; sub_40393C+10�j
retn
sub_40393C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403978 proc near ; CODE XREF: sub_40356C+EF�p
; sub_403688+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_403983
lock inc dword ptr [edx-8]
loc_403983: ; CODE XREF: sub_403978+5�j
test ebx, ebx
jz short loc_40399B
lock dec dword ptr [ebx-8]
jnz short loc_40399B
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_40393C
pop edx
pop eax
loc_40399B: ; CODE XREF: sub_403978+D�j
; sub_403978+13�j
mov [eax], edx
pop ebx
retn
sub_403978 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039A0 proc near ; CODE XREF: sub_403A0C+1B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, ds:dword_406028
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4039F3
loc_4039BA: ; CODE XREF: sub_4039A0+51�j
xor eax, eax
push ebp
push offset loc_4039DB
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4039E5
; ---------------------------------------------------------------------------
loc_4039DB: ; DATA XREF: sub_4039A0+1D�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402C40
loc_4039E5: ; CODE XREF: sub_4039A0+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4039BA
loc_4039F3: ; CODE XREF: sub_4039A0+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4039A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4039FC proc near ; CODE XREF: sub_403D14+5�p
mov edx, ds:dword_406024
mov [eax], edx
mov ds:dword_406024, eax
retn
sub_4039FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A0C proc near ; CODE XREF: sub_403028+70�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_403A70
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_4039A0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A77
loc_403A39: ; CODE XREF: sub_403A0C+69�j
mov eax, [ebp+var_4]
cmp eax, ds:dword_406024
jnz short loc_403A50
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_406024, eax
jmp short loc_403A6F
; ---------------------------------------------------------------------------
loc_403A50: ; CODE XREF: sub_403A0C+36�j
mov eax, ds:dword_406024
test eax, eax
jz short loc_403A6F
loc_403A59: ; CODE XREF: sub_403A0C+61�j
mov edx, [eax]
cmp edx, [ebp+var_4]
jnz short loc_403A69
mov edx, [ebp+var_4]
mov edx, [edx]
mov [eax], edx
jmp short loc_403A6F
; ---------------------------------------------------------------------------
loc_403A69: ; CODE XREF: sub_403A0C+52�j
mov eax, [eax]
test eax, eax
jnz short loc_403A59
loc_403A6F: ; CODE XREF: sub_403A0C+42�j
; sub_403A0C+4B�j ...
retn
; ---------------------------------------------------------------------------
loc_403A70: ; DATA XREF: sub_403A0C+A�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403A39
; ---------------------------------------------------------------------------
loc_403A77: ; CODE XREF: sub_403A0C:loc_403A6F�j
; DATA XREF: sub_403A0C+28�o
pop ecx
pop ebp
retn
sub_403A0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A7C proc near ; CODE XREF: sub_403468+BF�p
mov edx, [eax]
test edx, edx
jz short locret_403A90
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_403A90: ; CODE XREF: sub_403A7C+4�j
retn
sub_403A7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A94 proc near ; CODE XREF: sub_40356C+DC�p
; sub_403688+C7�p
test edx, edx
jz short loc_403AB1
push edx
push eax
mov eax, [edx]
push edx
call dword ptr [eax+4]
pop eax
mov ecx, [eax]
pop dword ptr [eax]
test ecx, ecx
jnz short loc_403AAA
retn
; ---------------------------------------------------------------------------
loc_403AAA: ; CODE XREF: sub_403A94+13�j
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A94+2�j
mov ecx, [eax]
test ecx, ecx
mov [eax], edx
jz short locret_403ABF
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
locret_403ABF: ; CODE XREF: sub_403A94+23�j
retn
sub_403A94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AC0 proc near ; CODE XREF: sub_403B88+AD�p
; sub_403B88+BE�p
var_10 = dword ptr -10h
LCData = byte ptr -0Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
xor edx, edx
push ebp
push offset loc_403B26
push dword ptr fs:[edx]
mov fs:[edx], esp
push 7 ; cchData
lea edx, [ebp+LCData]
push edx ; lpLCData
push 1004h ; LCType
push eax ; Locale
call GetLocaleInfoA ; GetLocaleInfoA
lea eax, [ebp+var_10]
lea edx, [ebp+LCData]
mov ecx, 7
call sub_403284
mov eax, [ebp+var_10]
lea edx, [ebp+var_4]
call sub_4027B0
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_403B10
xor ebx, ebx
loc_403B10: ; CODE XREF: sub_403AC0+4C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B2D
loc_403B1D: ; CODE XREF: sub_403AC0+6B�j
lea eax, [ebp+var_10]
call sub_403118
retn
; ---------------------------------------------------------------------------
loc_403B26: ; DATA XREF: sub_403AC0+F�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403B1D
; ---------------------------------------------------------------------------
loc_403B2D: ; CODE XREF: sub_403AC0+65�j
; DATA XREF: sub_403AC0+58�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_403AC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B34 proc near ; DATA XREF: CODE:00405968�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403B7E
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4075A4
jnz short loc_403B70
mov eax, offset dword_407038
call sub_4026FC
mov eax, offset dword_407204
call sub_4026FC
mov eax, offset dword_4073D0
call sub_4026FC
call sub_401870
loc_403B70: ; CODE XREF: sub_403B34+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B85
loc_403B7D: ; CODE XREF: sub_403B34+4F�j
retn
; ---------------------------------------------------------------------------
loc_403B7E: ; DATA XREF: sub_403B34+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403B7D
; ---------------------------------------------------------------------------
loc_403B85: ; CODE XREF: sub_403B34:loc_403B7D�j
; DATA XREF: sub_403B34+44�o
pop ebp
retn
sub_403B34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B88 proc near ; DATA XREF: CODE:00405964�o
sub ds:dword_4075A4, 1
jnb locret_403C5A
mov ds:byte_406008, 2
mov ds:dword_407010, offset RaiseException
mov ds:dword_407014, offset RtlUnwind
mov ds:byte_407036, 2
mov ds:dword_407000, offset loc_40377C
call sub_40288C
test al, al
jz short loc_403BCF
call sub_4028BC
loc_403BCF: ; CODE XREF: sub_403B88+40�j
call sub_402980
mov ds:word_40703C, 0D7B0h
mov ds:word_407208, 0D7B0h
mov ds:word_4073D4, 0D7B0h
call GetCommandLineA ; GetCommandLineA
mov ds:dword_40702C, eax
call sub_4010BC
mov ds:dword_407028, eax
call GetVersion ; GetVersion
and eax, 80000000h
cmp eax, 80000000h
jz short loc_403C41
call GetVersion ; GetVersion
and eax, 0FFh
cmp ax, 4
jbe short loc_403C30
mov ds:dword_4075A8, 3
jmp short loc_403C50
; ---------------------------------------------------------------------------
loc_403C30: ; CODE XREF: sub_403B88+9A�j
call GetThreadLocale ; GetThreadLocale
call sub_403AC0
mov ds:dword_4075A8, eax
jmp short loc_403C50
; ---------------------------------------------------------------------------
loc_403C41: ; CODE XREF: sub_403B88+8A�j
call GetThreadLocale ; GetThreadLocale
call sub_403AC0
mov ds:dword_4075A8, eax
loc_403C50: ; CODE XREF: sub_403B88+A6�j
; sub_403B88+B7�j
call GetCurrentThreadId ; GetCurrentThreadId
mov ds:dword_407020, eax
locret_403C5A: ; CODE XREF: sub_403B88+7�j
retn
sub_403B88 endp
; ---------------------------------------------------------------------------
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LocalAlloc_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsGetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TlsSetValue. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_403C7C proc near ; CODE XREF: sub_403C90+21�p
push eax ; uBytes
push 40h ; uFlags
call LocalAlloc_0
retn
sub_403C7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C88 proc near ; CODE XREF: sub_403C90+1�p
mov eax, 8
retn
sub_403C88 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C90 proc near ; CODE XREF: sub_403CD4:loc_403CEE�p
push ebx
call sub_403C88
mov ebx, eax
test ebx, ebx
jz short loc_403CD2
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_403CAF
mov eax, 0E2h
call sub_40310C
; ---------------------------------------------------------------------------
loc_403CAF: ; CODE XREF: sub_403C90+13�j
mov eax, ebx
call sub_403C7C
test eax, eax
jnz short loc_403CC6
mov eax, 0E2h
call sub_40310C
; ---------------------------------------------------------------------------
jmp short loc_403CD2
; ---------------------------------------------------------------------------
loc_403CC6: ; CODE XREF: sub_403C90+28�j
push eax ; lpTlsValue
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsSetValue ; TlsSetValue
loc_403CD2: ; CODE XREF: sub_403C90+A�j
; sub_403C90+34�j
pop ebx
retn
sub_403C90 endp
; =============== S U B R O U T I N E =======================================
sub_403CD4 proc near ; CODE XREF: sub_402508+20�p
; sub_402560+3�p ...
mov cl, ds:byte_40764C
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_403D09
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_403CEE: ; CODE XREF: sub_403CD4+3D�j
call sub_403C90
mov eax, ds:TlsIndex
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_403D03
retn
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: sub_403CD4+2C�j
mov eax, ds:dword_407658
retn
; ---------------------------------------------------------------------------
loc_403D09: ; CODE XREF: sub_403CD4+D�j
push eax ; dwTlsIndex
call TlsGetValue ; TlsGetValue
test eax, eax
jz short loc_403CEE
retn
sub_403CD4 endp
; =============== S U B R O U T I N E =======================================
sub_403D14 proc near ; CODE XREF: sub_403D20+2E�p
mov eax, offset dword_406090
call sub_4039FC
retn
sub_403D14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D20 proc near ; CODE XREF: CODE:004059DE�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0 ; lpModuleName
call GetModuleHandleA ; GetModuleHandleA
mov ds:dword_407650, eax
mov eax, ds:dword_407650
mov ds:dword_406094, eax
xor eax, eax
mov ds:dword_406098, eax
xor eax, eax
mov ds:dword_40609C, eax
call sub_403D14
mov edx, offset dword_406090
mov eax, ebx
call sub_402ED0
pop ebx
retn
sub_403D20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D64 proc near ; DATA XREF: CODE:00405960�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403D89
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407654
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D90
loc_403D88: ; CODE XREF: sub_403D64+2A�j
retn
; ---------------------------------------------------------------------------
loc_403D89: ; DATA XREF: sub_403D64+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403D88
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D64:loc_403D88�j
; DATA XREF: sub_403D64+1F�o
pop ebp
retn
sub_403D64 endp
; ---------------------------------------------------------------------------
align 4
loc_403D94: ; DATA XREF: CODE:off_40595C�o
sub ds:dword_407654, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D9C proc near ; DATA XREF: CODE:00405970�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403DC1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40765C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403DC8
loc_403DC0: ; CODE XREF: sub_403D9C+2A�j
retn
; ---------------------------------------------------------------------------
loc_403DC1: ; DATA XREF: sub_403D9C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403DC0
; ---------------------------------------------------------------------------
loc_403DC8: ; CODE XREF: sub_403D9C:loc_403DC0�j
; DATA XREF: sub_403D9C+1F�o
pop ebp
retn
sub_403D9C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403DCC proc near ; DATA XREF: CODE:0040596C�o
sub ds:dword_40765C, 1
retn
sub_403DCC endp
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetLastError. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetProcAddress. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION GetTickCount. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION Sleep. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION DispatchMessageA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION PeekMessageA. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION TranslateMessage. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_403E24 proc near ; CODE XREF: sub_403EFC�p
xchg eax, edx
call sub_402570
retn
sub_403E24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E2C proc near ; DATA XREF: CODE:00405978�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E51
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407660
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E58
loc_403E50: ; CODE XREF: sub_403E2C+2A�j
retn
; ---------------------------------------------------------------------------
loc_403E51: ; DATA XREF: sub_403E2C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403E50
; ---------------------------------------------------------------------------
loc_403E58: ; CODE XREF: sub_403E2C:loc_403E50�j
; DATA XREF: sub_403E2C+1F�o
pop ebp
retn
sub_403E2C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E5C proc near ; DATA XREF: CODE:00405974�o
sub ds:dword_407660, 1
retn
sub_403E5C endp
; ---------------------------------------------------------------------------
off_403E64 dd offset dword_403E68 ; DATA XREF: sub_403F04+77�r
; sub_403F04+AF�r ...
dword_403E68 dd 42540A11h, 41657479h, 79617272h, 1, 0 dd 11h
dd offset off_401000
dd 69745504h, 408D6Ch
; [00000006 BYTES: COLLAPSED FUNCTION LoadLibraryA_0. PRESS KEYPAD "+" TO EXPAND]
align 4
; =============== S U B R O U T I N E =======================================
sub_403E94 proc near ; CODE XREF: sub_403EA4+6�p
; sub_404254+6�p ...
push 0 ; lpProcName
push 0 ; hModule
call GetProcAddress ; GetProcAddress
call GetLastError
retn
sub_403E94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403EA4 proc near ; CODE XREF: CODE:00405A11�p
; CODE:00405A3D�p
push ebx
push esi
mov ebx, edx
mov esi, eax
call sub_403E94
sub eax, 4Dh
push eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_407664
mov ebx, eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_407668
mov [esi], eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_40766C
mov ebx, eax
push ebx
call ds:dword_407670
mov esi, eax
test esi, esi
jz short loc_403EF4
push ebx
call ds:dword_407674
loc_403EF4: ; CODE XREF: sub_403EA4+47�j
mov eax, esi
pop esi
pop ebx
retn
sub_403EA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403EFC proc near ; CODE XREF: sub_403F04+97�p
; sub_403F04+D4�p ...
call sub_403E24
retn
sub_403EFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F04 proc near ; CODE XREF: sub_4046BC+62�p
; sub_4046BC+91�p ...
var_418 = dword ptr -418h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFBE8h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_10], ebx
mov [ebp+var_14], ebx
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
mov eax, [ebp+var_8]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_404170
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_8]
call sub_40329C
test eax, eax
jz loc_404142
mov eax, [ebp+var_4]
call sub_40329C
test eax, eax
jz loc_404142
mov eax, [ebp+var_8]
call sub_40329C
cmp eax, 100h
jle short loc_403FA2
push 100h
lea eax, [ebp+var_10]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
lea eax, [ebp+var_8]
call sub_403348
mov edx, eax
mov eax, [ebp+var_10]
mov ecx, 100h
call sub_403EFC
jmp short loc_403FDD
; ---------------------------------------------------------------------------
loc_403FA2: ; CODE XREF: sub_403F04+68�j
mov eax, [ebp+var_8]
call sub_40329C
push eax
lea eax, [ebp+var_10]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
mov eax, [ebp+var_8]
call sub_40329C
push eax
lea eax, [ebp+var_8]
call sub_403348
mov edx, eax
mov eax, [ebp+var_10]
pop ecx
call sub_403EFC
loc_403FDD: ; CODE XREF: sub_403F04+9C�j
xor edi, edi
lea eax, [ebp+var_418]
loc_403FE5: ; CODE XREF: sub_403F04+ED�j
mov [eax], edi
inc edi
add eax, 4
cmp edi, 100h
jnz short loc_403FE5
xor esi, esi
xor edi, edi
lea ebx, [ebp+var_418]
loc_403FFD: ; CODE XREF: sub_403F04+146�j
mov eax, [ebp+var_8]
call sub_40329C
push eax
mov eax, edi
pop edx
mov ecx, edx
cdq
idiv ecx
mov eax, [ebp+var_10]
movzx eax, byte ptr [eax+edx]
add esi, [ebx]
add eax, esi
and eax, 800000FFh
jns short loc_404027
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404027: ; CODE XREF: sub_403F04+11A�j
mov esi, eax
mov al, [ebx]
mov edx, [ebp+esi*4+var_418]
mov [ebx], edx
and eax, 0FFh
mov [ebp+esi*4+var_418], eax
inc edi
add ebx, 4
cmp edi, 100h
jnz short loc_403FFD
xor esi, esi
xor ebx, ebx
mov eax, [ebp+var_4]
call sub_40329C
push eax
lea eax, [ebp+var_14]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
mov eax, [ebp+var_4]
call sub_40329C
push eax
lea eax, [ebp+var_4]
call sub_403348
mov edx, eax
mov eax, [ebp+var_14]
pop ecx
call sub_403EFC
mov eax, [ebp+var_4]
call sub_40329C
dec eax
test eax, eax
jl short loc_404116
inc eax
mov [ebp+var_18], eax
xor edi, edi
loc_40409E: ; CODE XREF: sub_403F04+210�j
inc esi
and esi, 800000FFh
jns short loc_4040AF
dec esi
or esi, 0FFFFFF00h
inc esi
loc_4040AF: ; CODE XREF: sub_403F04+1A1�j
add ebx, [ebp+esi*4+var_418]
and ebx, 800000FFh
jns short loc_4040C6
dec ebx
or ebx, 0FFFFFF00h
inc ebx
loc_4040C6: ; CODE XREF: sub_403F04+1B8�j
mov al, byte ptr [ebp+esi*4+var_418]
mov edx, [ebp+ebx*4+var_418]
mov [ebp+esi*4+var_418], edx
and eax, 0FFh
mov [ebp+ebx*4+var_418], eax
mov eax, [ebp+esi*4+var_418]
add eax, [ebp+ebx*4+var_418]
and eax, 800000FFh
jns short loc_404103
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404103: ; CODE XREF: sub_403F04+1F6�j
mov al, byte ptr [ebp+eax*4+var_418]
mov edx, [ebp+var_14]
xor [edx+edi], al
inc edi
dec [ebp+var_18]
jnz short loc_40409E
loc_404116: ; CODE XREF: sub_403F04+192�j
mov eax, [ebp+var_4]
call sub_40329C
mov edx, eax
mov eax, [ebp+var_C]
call sub_403350
mov eax, [ebp+var_4]
call sub_40329C
push eax
mov eax, [ebp+var_C]
call sub_403348
mov edx, [ebp+var_14]
pop ecx
call sub_403EFC
loc_404142: ; CODE XREF: sub_403F04+45�j
; sub_403F04+55�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404177
loc_40414F: ; CODE XREF: sub_403F04+271�j
lea eax, [ebp+var_14]
mov edx, off_403E64
mov ecx, 2
call sub_403468
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404170: ; DATA XREF: sub_403F04+30�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40414F
; ---------------------------------------------------------------------------
loc_404177: ; CODE XREF: sub_403F04+26B�j
; DATA XREF: sub_403F04+246�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403F04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404180 proc near ; CODE XREF: CODE:00405A8F�p
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_108], ecx
mov [ebp+var_4], ecx
mov esi, eax
lea edi, [ebp+var_104]
mov ecx, 40h
rep movsd
mov edi, edx
xor eax, eax
push ebp
push offset loc_40420C
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
jmp short loc_4041D6
; ---------------------------------------------------------------------------
loc_4041BA: ; CODE XREF: sub_404180+5F�j
lea eax, [ebp+var_108]
mov edx, ebx
call sub_403238
mov edx, [ebp+var_108]
lea eax, [ebp+var_4]
call sub_4032A4
inc esi
loc_4041D6: ; CODE XREF: sub_404180+38�j
mov bl, [ebp+esi+var_104]
test bl, bl
jnz short loc_4041BA
mov eax, edi
mov edx, [ebp+var_4]
call sub_40316C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404213
loc_4041F8: ; CODE XREF: sub_404180+91�j
lea eax, [ebp+var_108]
call sub_403118
lea eax, [ebp+var_4]
call sub_403118
retn
; ---------------------------------------------------------------------------
loc_40420C: ; DATA XREF: sub_404180+2B�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4041F8
; ---------------------------------------------------------------------------
loc_404213: ; CODE XREF: sub_404180+8B�j
; DATA XREF: sub_404180+73�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_404180 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40421C proc near ; DATA XREF: CODE:00405980�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404241
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076A4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404248
loc_404240: ; CODE XREF: sub_40421C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404241: ; DATA XREF: sub_40421C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404240
; ---------------------------------------------------------------------------
loc_404248: ; CODE XREF: sub_40421C:loc_404240�j
; DATA XREF: sub_40421C+1F�o
pop ebp
retn
sub_40421C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40424C proc near ; DATA XREF: CODE:0040597C�o
sub ds:dword_4076A4, 1
retn
sub_40424C endp
; =============== S U B R O U T I N E =======================================
sub_404254 proc near ; CODE XREF: sub_4046BC+22�p
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_5C = byte ptr -5Ch
var_54 = byte ptr -54h
var_4C = byte ptr -4Ch
var_44 = byte ptr -44h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_20 = byte ptr -20h
var_14 = byte ptr -14h
push ebx
add esp, 0FFFFFF90h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 14h
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+74h+var_70]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Eh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_70]
mov cl, 2
call sub_402754
lea edx, [esp+74h+var_70]
lea eax, [esp+74h+var_68]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 1Bh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_68]
mov cl, 3
call sub_402754
lea edx, [esp+74h+var_68]
lea eax, [esp+74h+var_64]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 17h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_64]
mov cl, 4
call sub_402754
lea edx, [esp+74h+var_64]
lea eax, [esp+74h+var_5C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Eh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_5C]
mov cl, 5
call sub_402754
lea edx, [esp+74h+var_5C]
lea eax, [esp+74h+var_54]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_54]
mov cl, 6
call sub_402754
lea edx, [esp+74h+var_54]
lea eax, [esp+74h+var_4C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFDCh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_4C]
mov cl, 7
call sub_402754
lea edx, [esp+74h+var_4C]
lea eax, [esp+74h+var_44]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFDBh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_44]
mov cl, 8
call sub_402754
lea edx, [esp+74h+var_44]
lea eax, [esp+74h+var_38]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFD7h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_38]
mov cl, 9
call sub_402754
lea edx, [esp+74h+var_38]
lea eax, [esp+74h+var_2C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_2C]
mov cl, 0Ah
call sub_402754
lea edx, [esp+74h+var_2C]
lea eax, [esp+74h+var_20]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_20]
mov cl, 0Bh
call sub_402754
lea edx, [esp+74h+var_20]
lea eax, [esp+74h+var_14]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_14]
mov cl, 0Ch
call sub_402754
lea edx, [esp+74h+var_14]
mov eax, ebx
call sub_403278
add esp, 70h
pop ebx
retn
sub_404254 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40448C proc near ; CODE XREF: sub_4046BC+3A�p
var_48 = byte ptr -48h
var_44 = byte ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_34 = byte ptr -34h
var_2C = byte ptr -2Ch
var_24 = byte ptr -24h
var_1C = byte ptr -1Ch
var_10 = byte ptr -10h
push ebx
add esp, 0FFFFFFB8h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 17h
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+4Ch+var_48]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 1Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_48]
mov cl, 2
call sub_402754
lea edx, [esp+4Ch+var_48]
lea eax, [esp+4Ch+var_40]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_40]
mov cl, 3
call sub_402754
lea edx, [esp+4Ch+var_40]
lea eax, [esp+4Ch+var_3C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_3C]
mov cl, 4
call sub_402754
lea edx, [esp+4Ch+var_3C]
lea eax, [esp+4Ch+var_34]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_34]
mov cl, 5
call sub_402754
lea edx, [esp+4Ch+var_34]
lea eax, [esp+4Ch+var_2C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFD7h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_2C]
mov cl, 6
call sub_402754
lea edx, [esp+4Ch+var_2C]
lea eax, [esp+4Ch+var_24]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_24]
mov cl, 7
call sub_402754
lea edx, [esp+4Ch+var_24]
lea eax, [esp+4Ch+var_1C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_1C]
mov cl, 8
call sub_402754
lea edx, [esp+4Ch+var_1C]
lea eax, [esp+4Ch+var_10]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_10]
mov cl, 9
call sub_402754
lea edx, [esp+4Ch+var_10]
mov eax, ebx
call sub_403278
add esp, 48h
pop ebx
retn
sub_40448C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404634 proc near ; CODE XREF: sub_4046BC+52�p
; sub_4046BC+81�p ...
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
push ebx
add esp, 0FFFFFFF0h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 0Eh
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+14h+var_10]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 21h
lea eax, [esp+14h+var_C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+14h+var_C]
lea eax, [esp+14h+var_10]
mov cl, 2
call sub_402754
lea edx, [esp+14h+var_10]
lea eax, [esp+14h+var_8]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFECh
lea eax, [esp+14h+var_C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+14h+var_C]
lea eax, [esp+14h+var_8]
mov cl, 3
call sub_402754
lea edx, [esp+14h+var_8]
mov eax, ebx
call sub_403278
add esp, 10h
pop ebx
retn
sub_404634 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046BC proc near ; CODE XREF: CODE:004059FB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 10h
loc_4046C4: ; CODE XREF: sub_4046BC+D�j
push 0
push 0
dec ecx
jnz short loc_4046C4
push ebx
push esi
xor eax, eax
push ebp
push offset loc_404A0E
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_404254
mov eax, [ebp+var_4]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA_0
mov ebx, eax
lea eax, [ebp+var_8]
call sub_40448C
mov eax, [ebp+var_8]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA_0
mov esi, eax
lea eax, [ebp+var_10]
call sub_404634
mov edx, [ebp+var_10]
lea ecx, [ebp+var_C]
mov eax, offset dword_404A24
call sub_403F04
mov eax, [ebp+var_C]
call sub_4032F8
push eax ; lpProcName
push esi ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060D4
mov [edx], eax
lea eax, [ebp+var_18]
call sub_404634
mov edx, [ebp+var_18]
lea ecx, [ebp+var_14]
mov eax, offset dword_404A44
call sub_403F04
mov eax, [ebp+var_14]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_406104
mov [edx], eax
lea eax, [ebp+var_20]
call sub_404634
mov edx, [ebp+var_20]
lea ecx, [ebp+var_1C]
mov eax, offset dword_404A5C
call sub_403F04
mov eax, [ebp+var_1C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060EC
mov [edx], eax
lea eax, [ebp+var_28]
call sub_404634
mov edx, [ebp+var_28]
lea ecx, [ebp+var_24]
mov eax, offset dword_404A74
call sub_403F04
mov eax, [ebp+var_24]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060E4
mov [edx], eax
lea eax, [ebp+var_30]
call sub_404634
mov edx, [ebp+var_30]
lea ecx, [ebp+var_2C]
mov eax, offset dword_404A8C
call sub_403F04
mov eax, [ebp+var_2C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060E8
mov [edx], eax
lea eax, [ebp+var_38]
call sub_404634
mov edx, [ebp+var_38]
lea ecx, [ebp+var_34]
mov eax, offset dword_404AA4
call sub_403F04
mov eax, [ebp+var_34]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060F8
mov [edx], eax
lea eax, [ebp+var_40]
call sub_404634
mov edx, [ebp+var_40]
lea ecx, [ebp+var_3C]
mov eax, offset dword_404ABC
call sub_403F04
mov eax, [ebp+var_3C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060C8
mov [edx], eax
lea eax, [ebp+var_48]
call sub_404634
mov edx, [ebp+var_48]
lea ecx, [ebp+var_44]
mov eax, offset dword_404AD0
call sub_403F04
mov eax, [ebp+var_44]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060E0
mov [edx], eax
lea eax, [ebp+var_50]
call sub_404634
mov edx, [ebp+var_50]
lea ecx, [ebp+var_4C]
mov eax, offset dword_404AE8
call sub_403F04
mov eax, [ebp+var_4C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060F0
mov [edx], eax
lea eax, [ebp+var_58]
call sub_404634
mov edx, [ebp+var_58]
lea ecx, [ebp+var_54]
mov eax, offset dword_404B04
call sub_403F04
mov eax, [ebp+var_54]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060D0
mov [edx], eax
lea eax, [ebp+var_60]
call sub_404634
mov edx, [ebp+var_60]
lea ecx, [ebp+var_5C]
mov eax, offset dword_404B20
call sub_403F04
mov eax, [ebp+var_5C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060F4
mov [edx], eax
lea eax, [ebp+var_68]
call sub_404634
mov edx, [ebp+var_68]
lea ecx, [ebp+var_64]
mov eax, offset dword_404B3C
call sub_403F04
mov eax, [ebp+var_64]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060DC
mov [edx], eax
lea eax, [ebp+var_70]
call sub_404634
mov edx, [ebp+var_70]
lea ecx, [ebp+var_6C]
mov eax, offset dword_404B58
call sub_403F04
mov eax, [ebp+var_6C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_406100
mov [edx], eax
lea eax, [ebp+var_78]
call sub_404634
mov edx, [ebp+var_78]
lea ecx, [ebp+var_74]
mov eax, offset dword_404B74
call sub_403F04
mov eax, [ebp+var_74]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060D8
mov [edx], eax
lea eax, [ebp+var_80]
call sub_404634
mov edx, [ebp+var_80]
lea ecx, [ebp+var_7C]
mov eax, offset dword_404B8C
call sub_403F04
mov eax, [ebp+var_7C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060CC
mov [edx], eax
push offset ProcName ; "TerminateProcess"
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov edx, ds:off_4060FC
mov [edx], eax
push esi
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
push ebx
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404A15
loc_404A00: ; CODE XREF: sub_4046BC+357�j
lea eax, [ebp+var_80]
mov edx, 20h
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404A0E: ; DATA XREF: sub_4046BC+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404A00
; ---------------------------------------------------------------------------
loc_404A15: ; CODE XREF: sub_4046BC+351�j
; DATA XREF: sub_4046BC+33F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4046BC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 14h
dword_404A24 dd 0E5190BA2h, 0CE920FE5h, 7ABF9BF8h, 0DB49B168h, 956EA088h
; DATA XREF: sub_4046BC+5D�o
dd 0
dd 0FFFFFFFFh, 0Dh
dword_404A44 dd 0EF2215BEh, 0F7910BDAh, 50AB8CE4h, 4Fh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+8C�o
dd 0Eh
dword_404A5C dd 0EE3615ABh, 0FDB008E7h, 47BD91E2h, 876Dh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+BB�o
dd 0Ch
dword_404A74 dd 0EF2D13B4h, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Ch
dword_404A8C dd 0E02F13B4h, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Ch
dword_404AA4 dd 0EE290EBEh, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Bh
dword_404ABC dd 0EE290EBEh, 0EA8007C4h, 0B18CF0h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4046BC+177�o
dword_404AD0 dd 0FF3E15AEh, 0D98E0FFDh, 56A792FDh, 9A4Bh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+1A6�o
dd 10h
dword_404AE8 dd 0FF3E15AEh, 0C88E0FFDh, 50BC91E3h, 0C069966Dh, 0
; DATA XREF: sub_4046BC+1D5�o
dd 0FFFFFFFFh, 12h
dword_404B04 dd 0FF250EAFh, 0F7903EEDh, 46BB9BF2h, 0D7418743h, 0B08Eh
; DATA XREF: sub_4046BC+204�o
dd 0FFFFFFFFh, 11h
dword_404B20 dd 0EF2D19AAh, 0FB8D1CD8h, 78BB8DF4h, 0CA438F6Bh, 85h
; DATA XREF: sub_4046BC+233�o
dd 0FFFFFFFFh, 10h
dword_404B3C dd 0DF3819BFh, 0F9871CE0h, 5BA7BDF5h, 0CC54877Ah, 0
; DATA XREF: sub_4046BC+262�o
dd 0FFFFFFFFh, 10h
dword_404B58 dd 0DF3819ABh, 0F9871CE0h, 5BA7BDF5h, 0CC54877Ah, 0
; DATA XREF: sub_4046BC+291�o
dd 0FFFFFFFFh, 0Eh
dword_404B74 dd 0EA290EBBh, 0EAB20BFCh, 46AD9DFEh, 0A37Dh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+2C0�o
dd 0Ch
dword_404B8C dd 0FE3F19AAh, 0F0B60BE5h, 51A99BE3h, 0; char ProcName[]
ProcName db 'TerminateProcess',0 ; DATA XREF: sub_4046BC+310�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BB0 proc near ; DATA XREF: CODE:00405988�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404BD5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076A8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404BDC
loc_404BD4: ; CODE XREF: sub_404BB0+2A�j
retn
; ---------------------------------------------------------------------------
loc_404BD5: ; DATA XREF: sub_404BB0+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404BD4
; ---------------------------------------------------------------------------
loc_404BDC: ; CODE XREF: sub_404BB0:loc_404BD4�j
; DATA XREF: sub_404BB0+1F�o
pop ebp
retn
sub_404BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404BE0 proc near ; DATA XREF: CODE:00405984�o
sub ds:dword_4076A8, 1
retn
sub_404BE0 endp
; =============== S U B R O U T I N E =======================================
sub_404BE8 proc near ; CODE XREF: sub_404C00+184�p
lea edx, [eax+18h]
movzx eax, word ptr [eax+14h]
add edx, eax
mov eax, edx
retn
sub_404BE8 endp
; =============== S U B R O U T I N E =======================================
sub_404BF4 proc near ; CODE XREF: sub_404C00+1D2�p
shr eax, 1Dh
mov eax, ds:dword_4060A8[eax*4]
retn
sub_404BF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C00 proc near ; CODE XREF: CODE:00405B04�p
var_148 = dword ptr -148h
var_A4 = dword ptr -0A4h
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_4C = word ptr -4Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEB8h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
call sub_4032E8
mov eax, [ebp+var_C]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_404EA0
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
lea eax, [ebp+var_38]
xor ecx, ecx
mov edx, 10h
call sub_402790
lea eax, [ebp+var_7C]
xor ecx, ecx
mov edx, 44h
call sub_402790
mov [ebp+var_7C], 44h
xor eax, eax
mov al, [ebp+arg_0]
mov [ebp+var_4C], ax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_7C]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+var_C]
call sub_4032F8
push eax
mov eax, [ebp+var_8]
call sub_4032F8
push eax
mov eax, ds:off_4060D8
mov eax, [eax]
call eax
test eax, eax
jz loc_404E85
mov [ebp+var_21], 1
xor eax, eax
push ebp
push offset loc_404E7E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_148], 10002h
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_4060DC
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
lea eax, [ebp+var_14]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060F4
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D4
mov eax, [eax]
call eax
test eax, eax
jl loc_404E49
cmp [ebp+var_4], 0
jz loc_404E49
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_20], eax
push 4
push 3000h
mov eax, [ebp+var_20]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060E0
mov eax, [eax]
call eax
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_404E49
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+54h]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
mov eax, [ebp+var_20]
call sub_404BE8
mov esi, eax
mov eax, [ebp+var_20]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb short loc_404DF8
inc eax
mov [ebp+var_28], eax
xor ebx, ebx
loc_404D9D: ; CODE XREF: sub_404C00+1F6�j
lea eax, [ebp+var_18]
push eax
lea edi, [ebx+ebx*4]
mov eax, [esi+edi*8+10h]
push eax
mov eax, [esi+edi*8+14h]
add eax, [ebp+var_4]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz short loc_404DF2
lea eax, [ebp+var_1C]
push eax
mov eax, [esi+edi*8+24h]
call sub_404BF4
push eax
mov eax, [esi+edi*8+8]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060F0
mov eax, [eax]
call eax
loc_404DF2: ; CODE XREF: sub_404C00+1C8�j
inc ebx
dec [ebp+var_28]
jnz short loc_404D9D
loc_404DF8: ; CODE XREF: sub_404C00+195�j
lea eax, [ebp+var_18]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz short loc_404E49
mov eax, [ebp+var_20]
mov eax, [eax+28h]
add eax, [ebp+var_10]
mov [ebp+var_98], eax
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_406100
mov eax, [eax]
call eax
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_21], al
loc_404E49: ; CODE XREF: sub_404C00+CC�j
; sub_404C00+F5�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404E85
loc_404E56: ; CODE XREF: sub_404C00+283�j
cmp [ebp+var_21], 0
jnz short loc_404E6D
push 0
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060FC
mov eax, [eax]
call eax
jmp short loc_404E7A
; ---------------------------------------------------------------------------
loc_404E6D: ; CODE XREF: sub_404C00+25A�j
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_4060CC
mov eax, [eax]
call eax
loc_404E7A: ; CODE XREF: sub_404C00+26B�j
mov bl, [ebp+var_21]
retn
; ---------------------------------------------------------------------------
loc_404E7E: ; DATA XREF: sub_404C00+A1�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404E56
; ---------------------------------------------------------------------------
loc_404E85: ; CODE XREF: sub_404C00+94�j
; DATA XREF: sub_404C00+251�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404EA7
loc_404E92: ; CODE XREF: sub_404C00+2A5�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404EA0: ; DATA XREF: sub_404C00+28�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404E92
; ---------------------------------------------------------------------------
loc_404EA7: ; CODE XREF: sub_404C00+29F�j
; DATA XREF: sub_404C00+28D�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_404C00 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EB4 proc near ; DATA XREF: CODE:00405990�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404ED9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076AC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404EE0
loc_404ED8: ; CODE XREF: sub_404EB4+2A�j
retn
; ---------------------------------------------------------------------------
loc_404ED9: ; DATA XREF: sub_404EB4+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404ED8
; ---------------------------------------------------------------------------
loc_404EE0: ; CODE XREF: sub_404EB4:loc_404ED8�j
; DATA XREF: sub_404EB4+1F�o
pop ebp
retn
sub_404EB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404EE4 proc near ; DATA XREF: CODE:0040598C�o
sub ds:dword_4076AC, 1
retn
sub_404EE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EEC proc near ; DATA XREF: CODE:00405998�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F11
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F18
loc_404F10: ; CODE XREF: sub_404EEC+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F11: ; DATA XREF: sub_404EEC+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F10
; ---------------------------------------------------------------------------
loc_404F18: ; CODE XREF: sub_404EEC:loc_404F10�j
; DATA XREF: sub_404EEC+1F�o
pop ebp
retn
sub_404EEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F1C proc near ; DATA XREF: CODE:00405994�o
sub ds:dword_4076B0, 1
retn
sub_404F1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F24 proc near ; DATA XREF: CODE:004059A0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F49
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F50
loc_404F48: ; CODE XREF: sub_404F24+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F49: ; DATA XREF: sub_404F24+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F48
; ---------------------------------------------------------------------------
loc_404F50: ; CODE XREF: sub_404F24:loc_404F48�j
; DATA XREF: sub_404F24+1F�o
pop ebp
retn
sub_404F24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F54 proc near ; DATA XREF: CODE:0040599C�o
sub ds:dword_4076B4, 1
retn
sub_404F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F5C proc near ; DATA XREF: CODE:004059A8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F81
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F88
loc_404F80: ; CODE XREF: sub_404F5C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F81: ; DATA XREF: sub_404F5C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F80
; ---------------------------------------------------------------------------
loc_404F88: ; CODE XREF: sub_404F5C:loc_404F80�j
; DATA XREF: sub_404F5C+1F�o
pop ebp
retn
sub_404F5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F8C proc near ; DATA XREF: CODE:004059A4�o
sub ds:dword_4076B8, 1
retn
sub_404F8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F94 proc near ; CODE XREF: sub_405018+2D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_405008
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_40329C
mov edi, eax
cmp edi, 1
jl short loc_404FED
loc_404FCC: ; CODE XREF: sub_404F94+57�j
mov eax, [ebp+var_4]
mov bl, [eax+edi-1]
lea eax, [ebp+var_8]
mov edx, ebx
inc edx
call sub_403238
mov edx, [ebp+var_8]
mov eax, esi
call sub_4032A4
dec edi
test edi, edi
jnz short loc_404FCC
loc_404FED: ; CODE XREF: sub_404F94+36�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40500F
loc_404FFA: ; CODE XREF: sub_404F94+79�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405008: ; DATA XREF: sub_404F94+1E�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404FFA
; ---------------------------------------------------------------------------
loc_40500F: ; CODE XREF: sub_404F94+73�j
; DATA XREF: sub_404F94+61�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_404F94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405018 proc near ; CODE XREF: sub_4050C0+34�p
; sub_4050C0+51�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
xor ecx, ecx
mov [ebp+var_8], ecx
mov ebx, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_405081
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_8]
mov eax, [ebp+var_4]
call sub_404F94
mov edx, [ebp+var_8]
lea eax, [ebp+var_4]
call sub_4031B0
mov eax, [ebp+var_4]
call sub_4032F8
mov edx, eax
mov eax, ebx
call sub_403248
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405088
loc_405073: ; CODE XREF: sub_405018+6E�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405081: ; DATA XREF: sub_405018+1C�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405073
; ---------------------------------------------------------------------------
loc_405088: ; CODE XREF: sub_405018+68�j
; DATA XREF: sub_405018+56�o
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_405018 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405090 proc near ; DATA XREF: CODE:004059B0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4050B5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407730
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4050BC
loc_4050B4: ; CODE XREF: sub_405090+2A�j
retn
; ---------------------------------------------------------------------------
loc_4050B5: ; DATA XREF: sub_405090+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4050B4
; ---------------------------------------------------------------------------
loc_4050BC: ; CODE XREF: sub_405090:loc_4050B4�j
; DATA XREF: sub_405090+1F�o
pop ebp
retn
sub_405090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050C0 proc near ; DATA XREF: CODE:004059AC�o
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 10h
loc_4050C8: ; CODE XREF: sub_4050C0+D�j
push 0
push 0
dec ecx
jnz short loc_4050C8
push ecx
push ebx
xor eax, eax
push ebp
push offset loc_405541
push dword ptr fs:[eax]
mov fs:[eax], esp
sub ds:dword_407730, 1
jnb loc_405523
lea edx, [ebp+var_4]
mov eax, offset dword_405558
call sub_405018
mov eax, [ebp+var_4]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_8]
mov eax, offset dword_405570
call sub_405018
mov eax, [ebp+var_8]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076D8, eax
lea edx, [ebp+var_C]
mov eax, offset aXqnldlrrdbnqoc ; "xqnldLrrdbnqOc`dQ"
call sub_405018
mov eax, [ebp+var_C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076DC, eax
lea edx, [ebp+var_10]
mov eax, offset aXqnldlrrdbnqod ; "xqnldLrrdbnqOdshqV"
call sub_405018
mov eax, [ebp+var_10]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076BC, eax
lea edx, [ebp+var_14]
mov eax, offset aSwdsmnbcDqgssd ; "swdsmnBc`dqgSsdF"
call sub_405018
mov eax, [ebp+var_14]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076E0, eax
lea edx, [ebp+var_18]
mov eax, offset aSwdsmnbcDqgs_0 ; "swdsmnBc`dqgSsdR"
call sub_405018
mov eax, [ebp+var_18]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076D4, eax
lea edx, [ebp+var_1C]
mov eax, offset dword_4055F8
call sub_405018
mov eax, [ebp+var_1C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076E4, eax
lea edx, [ebp+var_20]
mov eax, offset dword_405610
call sub_405018
mov eax, [ebp+var_20]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076E8, eax
lea edx, [ebp+var_24]
mov eax, offset dword_405628
call sub_405018
mov eax, [ebp+var_24]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076C0, eax
lea edx, [ebp+var_28]
mov eax, offset aDbqtnrdqendyhr ; "dbqtnrdQendyhR"
call sub_405018
mov eax, [ebp+var_28]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076C4, eax
lea edx, [ebp+var_2C]
mov eax, offset dword_405658
call sub_405018
mov eax, [ebp+var_2C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076C8, eax
lea edx, [ebp+var_30]
mov eax, offset aDbqtnrdqjbnk ; "dbqtnrdQjbnK"
call sub_405018
mov eax, [ebp+var_30]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076CC, eax
lea edx, [ebp+var_34]
mov eax, offset aDbqtnrdqddqe ; "dbqtnrdQddqE"
call sub_405018
mov eax, [ebp+var_34]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076D0, eax
lea edx, [ebp+var_38]
mov eax, offset a@rdlMdbqtnrdql ; "@rdl`MdbqtnrdQltmD"
call sub_405018
mov eax, [ebp+var_38]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076EC, eax
lea edx, [ebp+var_3C]
mov eax, offset a@xqnsbdqhcldsr ; "@xqnsbdqhCldsrxRsdF"
call sub_405018
mov eax, [ebp+var_3C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076F0, eax
lea edx, [ebp+var_40]
mov eax, offset dword_4056D8
call sub_405018
mov eax, [ebp+var_40]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076F4, eax
lea edx, [ebp+var_44]
mov eax, offset a@xqnsbdqhcrvnc ; "@xqnsbdqhCrvncmhVsdF"
call sub_405018
mov eax, [ebp+var_44]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076F8, eax
lea edx, [ebp+var_48]
mov eax, offset aDcnlqnqqdsdr ; "dcnLqnqqDsdR"
call sub_405018
mov eax, [ebp+var_48]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_4076FC, eax
lea edx, [ebp+var_4C]
mov eax, offset a@dmhkcmLlnbsdf ; "@dmhKcm`llnBsdF"
call sub_405018
mov eax, [ebp+var_4C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407700, eax
lea edx, [ebp+var_50]
mov eax, offset dword_405740
call sub_405018
mov eax, [ebp+var_50]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407704, eax
lea edx, [ebp+var_54]
mov eax, offset dword_405754
call sub_405018
mov eax, [ebp+var_54]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407708, eax
lea edx, [ebp+var_58]
mov eax, offset dword_405768
call sub_405018
mov eax, [ebp+var_58]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_40770C, eax
lea edx, [ebp+var_5C]
mov eax, offset aDkhedshqv ; "dkhEdshqV"
call sub_405018
mov eax, [ebp+var_5C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407710, eax
lea edx, [ebp+var_60]
mov eax, offset dword_405790
call sub_405018
mov eax, [ebp+var_60]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407714, eax
lea edx, [ebp+var_64]
mov eax, offset aQdsmhnodkhesdr ; "qdsmhnOdkhEsdR"
call sub_405018
mov eax, [ebp+var_64]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407718, eax
lea edx, [ebp+var_68]
mov eax, offset dword_4057BC
call sub_405018
mov eax, [ebp+var_68]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_6C]
mov eax, offset aRsrhwdgsOxqnsb ; "rsrhwDgs`OxqnsbdqhCdqtRdj`L"
call sub_405018
mov eax, [ebp+var_6C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_40771C, eax
lea edx, [ebp+var_70]
mov eax, offset dword_4057F8
call sub_405018
mov eax, [ebp+var_70]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_74]
mov eax, offset dword_40580C
call sub_405018
mov eax, [ebp+var_74]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407720, eax
lea edx, [ebp+var_78]
mov eax, offset a@dkaStbdwdcmhe ; "@dka`stbdwDcmhE"
call sub_405018
mov eax, [ebp+var_78]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407724, eax
lea edx, [ebp+var_7C]
mov eax, offset a@gsOqdcknekHbd ; "@gs`OqdcknEk`hbdoRsdFGR"
call sub_405018
mov eax, [ebp+var_7C]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_407728, eax
lea edx, [ebp+var_80]
mov eax, offset dword_40585C
call sub_405018
mov eax, [ebp+var_80]
call sub_4032F8
push eax ; lpLibFileName
call LoadLibraryA ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_84]
mov eax, offset a@dkhenscNkmvnc ; "@dkhEnSc`nkmvnCKQT"
call sub_405018
mov eax, [ebp+var_84]
call sub_4032F8
push eax ; lpProcName
push ebx ; hModule
call GetProcAddress ; GetProcAddress
mov ds:dword_40772C, eax
loc_405523: ; CODE XREF: sub_4050C0+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405548
loc_405530: ; CODE XREF: sub_4050C0+486�j
lea eax, [ebp+var_84]
mov edx, 21h
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405541: ; DATA XREF: sub_4050C0+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405530
; ---------------------------------------------------------------------------
loc_405548: ; CODE XREF: sub_4050C0+480�j
; DATA XREF: sub_4050C0+46B�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4050C0 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 0Ch
dword_405558 dd 2D636B6Bh, 646B3231h, 6A64716Dh, 0 dd 0FFFFFFFFh, 0Ch
dword_405570 dd 71646063h, 6C645367h, 51647274h, 0 dd 0FFFFFFFFh, 11h
aXqnldlrrdbnqoc db 'xqnldLrrdbnqOc`dQ',0 ; DATA XREF: sub_4050C0+6D�o
align 4
dd 0FFFFFFFFh, 12h
aXqnldlrrdbnqod db 'xqnldLrrdbnqOdshqV',0 ; DATA XREF: sub_4050C0+8E�o
align 4
dd 0FFFFFFFFh, 10h
aSwdsmnbcDqgssd db 'swdsmnBc`dqgSsdF',0 ; DATA XREF: sub_4050C0+AF�o
align 4
dd 0FFFFFFFFh, 10h
aSwdsmnbcDqgs_0 db 'swdsmnBc`dqgSsdR',0 ; DATA XREF: sub_4050C0+D0�o
align 10h
dd 0FFFFFFFFh, 0Eh
dword_4055F8 dd 64727240h, 4F716E62h, 64607364h, 4271h, 0FFFFFFFFh
; DATA XREF: sub_4050C0+F1�o
dd 0Eh
dword_405610 dd 6E624477h, 6B406B6Bh, 71737460h, 5568h, 0FFFFFFFFh
; DATA XREF: sub_4050C0+112�o
dd 0Dh
dword_405628 dd 71626440h, 64726E74h, 686D6351h, 45h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4050C0+133�o
aDbqtnrdqendyhr db 'dbqtnrdQendyhR',0 ; DATA XREF: sub_4050C0+154�o
align 10h
dd 0FFFFFFFFh, 0Ch
dword_405658 dd 74716264h, 5164726Eh, 4B6E6063h, 0 dd 0FFFFFFFFh, 0Ch
aDbqtnrdqjbnk db 'dbqtnrdQjbnK',0 ; DATA XREF: sub_4050C0+196�o
align 10h
dd 0FFFFFFFFh, 0Ch
aDbqtnrdqddqe db 'dbqtnrdQddqE',0 ; DATA XREF: sub_4050C0+1B7�o
align 4
dd 0FFFFFFFFh, 12h
a@rdlMdbqtnrdql db '@rdl`MdbqtnrdQltmD',0 ; DATA XREF: sub_4050C0+1D8�o
align 4
dd 0FFFFFFFFh, 13h
a@xqnsbdqhcldsr db '@xqnsbdqhCldsrxRsdF',0 ; DATA XREF: sub_4050C0+1F9�o
dd 0FFFFFFFFh, 0Ch
dword_4056D8 dd 60736740h, 646C6F4Fh, 46647353h, 0 dd 0FFFFFFFFh, 14h
a@xqnsbdqhcrvnc db '@xqnsbdqhCrvncmhVsdF',0 ; DATA XREF: sub_4050C0+23B�o
align 4
dd 0FFFFFFFFh, 0Ch
aDcnlqnqqdsdr db 'dcnLqnqqDsdR',0 ; DATA XREF: sub_4050C0+25C�o
align 10h
dd 0FFFFFFFFh, 0Fh
a@dmhkcmLlnbsdf db '@dmhKcm`llnBsdF',0 ; DATA XREF: sub_4050C0+27D�o
dd 0FFFFFFFFh, 0Bh
dword_405740 dd 686B6440h, 64736445h, 43646Bh, 0FFFFFFFFh, 0Bh
; DATA XREF: sub_4050C0+29E�o
dword_405754 dd 686B6440h, 60736445h, 427164h, 0FFFFFFFFh, 8dword_405768 dd 45686B64h, 51646063h, 0 dd 0FFFFFFFFh, 9
aDkhedshqv db 'dkhEdshqV',0 ; DATA XREF: sub_4050C0+301�o
align 4
dd 0FFFFFFFFh, 0Bh
dword_405790 dd 6D636B64h, 72644760h, 426B6Eh, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4050C0+322�o
aQdsmhnodkhesdr db 'qdsmhnOdkhEsdR',0 ; DATA XREF: sub_4050C0+343�o
align 4
dd 0FFFFFFFFh, 0Ch
dword_4057BC dd 2D636B6Bh, 64676B6Fh, 686C6066h, 0 dd 0FFFFFFFFh, 1Bh
aRsrhwdgsOxqnsb db 'rsrhwDgs`OxqnsbdqhCdqtRdj`L',0 ; DATA XREF: sub_4050C0+381�o
dd 0FFFFFFFFh, 0Bh
dword_4057F8 dd 2D636B6Bh, 6B6B3231h, 726764h, 0FFFFFFFFh, 0Dh
; DATA XREF: sub_4050C0+3A2�o
dword_40580C dd 74736440h, 44776462h, 67646B6Bh, 52h, 0FFFFFFFFh, 0Fh
; DATA XREF: sub_4050C0+3BF�o
a@dkaStbdwdcmhe db '@dka`stbdwDcmhE',0 ; DATA XREF: sub_4050C0+3E0�o
dd 0FFFFFFFFh, 17h
a@gsOqdcknekHbd db '@gs`OqdcknEk`hbdoRsdFGR',0 ; DATA XREF: sub_4050C0+401�o
dd 0FFFFFFFFh, 0Ah
dword_40585C dd 2D636B6Bh, 6B6C6E6Dh, 7471h, 0FFFFFFFFh, 12ha@dkhenscNkmvnc db '@dkhEnSc`nkmvnCKQT',0 ; DATA XREF: sub_4050C0+442�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405884 proc near ; DATA XREF: CODE:004059B8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4058A9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407734
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4058B0
loc_4058A8: ; CODE XREF: sub_405884+2A�j
retn
; ---------------------------------------------------------------------------
loc_4058A9: ; DATA XREF: sub_405884+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4058A8
; ---------------------------------------------------------------------------
loc_4058B0: ; CODE XREF: sub_405884:loc_4058A8�j
; DATA XREF: sub_405884+1F�o
pop ebp
retn
sub_405884 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4058B4 proc near ; DATA XREF: CODE:004059B4�o
sub ds:dword_407734, 1
retn
sub_4058B4 endp
; =============== S U B R O U T I N E =======================================
sub_4058BC proc near ; CODE XREF: CODE:004059F6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
Msg = tagMSG ptr -20h
push ebx
add esp, 0FFFFFFE4h
mov ebx, eax
call GetTickCount ; GetTickCount
add ebx, eax
jmp short loc_405907
; ---------------------------------------------------------------------------
loc_4058CB: ; CODE XREF: sub_4058BC+62�j
; sub_4058BC+68�j
push 1 ; wRemoveMsg
push 0 ; wMsgFilterMax
push 0 ; wMsgFilterMin
push 0 ; hWnd
lea eax, [esp+30h+Msg]
push eax ; lpMsg
call PeekMessageA ; PeekMessageA
test eax, eax
jz short loc_405907
cmp [esp+20h+Msg.message], 12h
jnz short loc_4058F4
mov eax, [esp+20h+Msg.wParam]
push eax ; nExitCode
call PostQuitMessage ; PostQuitMessage
jmp short loc_405926
; ---------------------------------------------------------------------------
loc_4058F4: ; CODE XREF: sub_4058BC+2A�j
push esp ; lpMsg
call TranslateMessage ; TranslateMessage
push esp ; lpMsg
call DispatchMessageA ; DispatchMessageA
push 64h ; dwMilliseconds
call Sleep ; Sleep
loc_405907: ; CODE XREF: sub_4058BC+D�j
; sub_4058BC+23�j
call GetTickCount ; GetTickCount
xor edx, edx
push edx
push eax
mov eax, ebx
cdq
cmp edx, [esp+28h+var_24]
jnz short loc_405922
cmp eax, [esp+28h+var_28]
pop edx
pop eax
ja short loc_4058CB
jmp short loc_405926
; ---------------------------------------------------------------------------
loc_405922: ; CODE XREF: sub_4058BC+5B�j
pop edx
pop eax
jg short loc_4058CB
loc_405926: ; CODE XREF: sub_4058BC+36�j
; sub_4058BC+64�j
add esp, 1Ch
pop ebx
retn
sub_4058BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40592C proc near ; DATA XREF: CODE:004059C0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40594B
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405952
loc_40594A: ; CODE XREF: sub_40592C+24�j
retn
; ---------------------------------------------------------------------------
loc_40594B: ; DATA XREF: sub_40592C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40594A
; ---------------------------------------------------------------------------
loc_405952: ; CODE XREF: sub_40592C:loc_40594A�j
; DATA XREF: sub_40592C+19�o
pop ebp
retn
sub_40592C endp
; ---------------------------------------------------------------------------
dword_405954 dd 0Dh dd offset off_40595C
off_40595C dd offset loc_403D94 ; DATA XREF: CODE:00405958�o
dd offset sub_403D64
dd offset sub_403B88
dd offset sub_403B34
dd offset sub_403DCC
dd offset sub_403D9C
dd offset sub_403E5C
dd offset sub_403E2C
dd offset sub_40424C
dd offset sub_40421C
dd offset sub_404BE0
dd offset sub_404BB0
dd offset sub_404EE4
dd offset sub_404EB4
dd offset sub_404F1C
dd offset sub_404EEC
dd offset sub_404F54
dd offset sub_404F24
dd offset sub_404F8C
dd offset sub_404F5C
dd offset sub_4050C0
dd offset sub_405090
dd offset sub_4058B4
dd offset sub_405884
align 10h
dd offset sub_40592C
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
xor eax, eax
mov [ebp-20h], eax
mov [ebp-14h], eax
mov [ebp-18h], eax
mov [ebp-1Ch], eax
mov eax, offset dword_405954
call sub_403D20
xor eax, eax
push ebp
push offset loc_405B2F
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 1F4h
call sub_4058BC
call sub_4046BC
xor eax, eax
mov ds:dword_407844, eax
mov edx, offset dword_405B3C
mov eax, offset dword_40773C
call sub_403EA4
mov edx, offset byte_407740
mov ecx, ds:dword_40773C
call sub_402570
cmp ds:byte_407742, 0
jnz loc_405B14
mov edx, offset dword_405B40
mov eax, offset dword_407844
call sub_403EA4
mov ebx, eax
mov eax, offset dword_407738
mov edx, ds:dword_407844
call sub_403350
test ebx, ebx
jnz short loc_405A5F
push 0
call ExitProcess_0
loc_405A5F: ; CODE XREF: CODE:00405A56�j
mov eax, ds:dword_407738
call sub_40329C
push eax
mov eax, offset dword_407738
call sub_403348
mov edx, eax
mov eax, ebx
pop ecx
call sub_402570
cmp ds:byte_407740, 0
jz short loc_405AC3
lea edx, [ebp-1Ch]
mov eax, offset dword_407744
call sub_404180
mov eax, [ebp-1Ch]
call sub_4032F8
mov edx, eax
lea eax, [ebp-18h]
call sub_403248
mov edx, [ebp-18h]
lea ecx, [ebp-14h]
mov eax, ds:dword_407738
call sub_403F04
mov edx, [ebp-14h]
mov eax, offset dword_407738
call sub_40316C
loc_405AC3: ; CODE XREF: CODE:00405A85�j
mov eax, ds:dword_407738
call sub_40329C
call sub_40246C
mov ebx, eax
mov eax, ds:dword_407738
call sub_40329C
push eax
mov eax, offset dword_407738
call sub_403348
mov edx, ebx
pop ecx
call sub_402570
push 1
lea edx, [ebp-20h]
xor eax, eax
call sub_40269C
mov edx, [ebp-20h]
xor ecx, ecx
mov eax, ebx
call sub_404C00
test al, al
jz short loc_405B14
mov eax, ebx
call sub_40248C
loc_405B14: ; CODE XREF: CODE:00405A2D�j
; CODE:00405B0B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405B36
loc_405B21: ; CODE XREF: CODE:00405B34�j
lea eax, [ebp-20h]
mov edx, 4
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405B2F: ; DATA XREF: CODE:004059E6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405B21
; ---------------------------------------------------------------------------
loc_405B36: ; CODE XREF: CODE:00405B2E�j
; DATA XREF: CODE:00405B1C�o
pop ebx
call sub_403028
; ---------------------------------------------------------------------------
dword_405B3C dd 53h dword_405B40 dd 46h, 2Fh dup(0)CODE ends
; Section 2. (virtual address 00006000)
; Virtual size : 00000108 ( 264.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00005000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 406000h
dword_406000 dd 0 ; sub_402F6C+2�w ...
dword_406004 dd 0 ; sub_402F10+37�r ...
byte_406008 db 2 ; DATA XREF: sub_403B88+D�w
db 8Dh, 40h, 0
dword_40600C dd 0 dword_406010 dd 0 word_406014 dw 1332h ; DATA XREF: sub_4028BC+6�r
; sub_4028BC:loc_402934�r ...
dw 0C08Bh
byte_406018 db 0 ; DATA XREF: sub_402998�r sub_4029B4�r ...
db 8Dh, 40h, 0
byte_40601C db 0 ; DATA XREF: sub_402E10-336�r
; sub_402E10:loc_402B15�r
db 8Dh, 40h, 0
byte_406020 db 0 ; DATA XREF: sub_402F9C:loc_402FFD�r
db 8Dh, 40h, 0
dword_406024 dd 0 dword_406028 dd 0 off_40602C dd offset sub_401E98 ; DATA XREF: sub_40246C+5�r
; sub_4024AC+3F�r
off_406030 dd offset sub_402028 ; DATA XREF: sub_40248C+5�r
; sub_4024AC+26�r
off_406034 dd offset sub_4023A8 ; DATA XREF: sub_4024AC+D�r
byte_406038 db 0 ; DATA XREF: sub_402508+36�r
aRsu db 'клхивохмншьзыйэщчъЮАЦ',0
aFxn@ db 'ДЕ█@',0
; char Caption[]
Caption db 'Error',0 ; DATA XREF: sub_402F9C+6C�o
dw 0C08Bh
; char Text[]
Text db 'Runtime error at 00000000',0 ; DATA XREF: sub_402F10+3�o
; sub_402F9C+32�o ...
dw 0C08Bh
byte_40607C db 30h ; DATA XREF: sub_402F10+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
; DWORD TlsIndex
TlsIndex dd 0FFFFFFFFh ; DATA XREF: sub_403C90+C�r
; sub_403C90+37�r ...
dword_406090 dd 0 ; sub_403D20+33�o
dword_406094 dd 0 dword_406098 dd 0 dword_40609C dd 0 dd 2 dup(0)
dword_4060A8 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4060C8 dd offset dword_40767C ; DATA XREF: sub_4046BC+190�r
; sub_4046BC+324�r ...
off_4060CC dd offset dword_40769C ; DATA XREF: sub_4046BC+308�r
; sub_404C00+271�r
off_4060D0 dd offset dword_407678 ; DATA XREF: sub_4046BC+21D�r
; sub_404C00+170�r ...
off_4060D4 dd offset dword_407688 ; DATA XREF: sub_4046BC+76�r
; sub_404C00+103�r
off_4060D8 dd offset dword_407698 ; DATA XREF: sub_4046BC+2D9�r
; sub_404C00+89�r
off_4060DC dd offset dword_407690 ; DATA XREF: sub_4046BC+27B�r
; sub_404C00+C1�r
off_4060E0 dd offset dword_407680 ; DATA XREF: sub_4046BC+1BF�r
; sub_404C00+143�r
off_4060E4 dd offset dword_40766C ; DATA XREF: sub_4046BC+103�r
off_4060E8 dd offset dword_407670 ; DATA XREF: sub_4046BC+132�r
off_4060EC dd offset dword_407668 ; DATA XREF: sub_4046BC+D4�r
off_4060F0 dd offset dword_407684 ; DATA XREF: sub_4046BC+1EE�r
; sub_404C00+1E9�r
off_4060F4 dd offset dword_40768C ; DATA XREF: sub_4046BC+24C�r
; sub_404C00+EA�r
off_4060F8 dd offset dword_407674 ; DATA XREF: sub_4046BC+161�r
off_4060FC dd offset dword_4076A0 ; DATA XREF: sub_4046BC+31B�r
; sub_404C00+262�r
off_406100 dd offset dword_407694 ; DATA XREF: sub_4046BC+2AA�r
; sub_404C00+237�r
off_406104 dd offset dword_407664 ; DATA XREF: sub_4046BC+A5�r
align 100h
DATA ends
; Section 3. (virtual address 00007000)
; Virtual size : 00000849 ( 2121.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00005200
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 407000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
dword_407000 dd ? dword_407004 dd ? dword_407008 dd ? ; sub_402508+16�r
dword_40700C dd ? ; CODE:00402D80�r
dword_407010 dd ? ; sub_4029B4+16�r ...
dword_407014 dd ? ; CODE:00402D68�r ...
dword_407018 dd ? ; sub_403028+B1�r
dword_40701C dd ? dword_407020 dd ? byte_407024 db ? ; DATA XREF: sub_402ED0+33�w
align 4
dword_407028 dd ? dword_40702C dd ? dword_407030 dd ? byte_407034 db ? ; DATA XREF: sub_402F9C+1�r
byte_407035 db ? ; DATA XREF: sub_4017AC+1B�r
; sub_4017AC:loc_40184E�r ...
byte_407036 db ? ; DATA XREF: sub_403B88+28�w
align 4
dword_407038 dd ? ; sub_403B34+19�o
word_40703C dw ? ; DATA XREF: sub_403B88+4C�w
align 10h
dd 71h dup(?)
dword_407204 dd ? ; sub_403B34+23�o
word_407208 dw ? ; DATA XREF: sub_402F9C+A�r
; sub_403B88+55�w
align 10h
dword_407210 dd ? align 10h
dword_407220 dd ? dd 6Bh dup(?)
dword_4073D0 dd ? word_4073D4 dw ? ; DATA XREF: sub_403B88+5E�w
align 4
dd 71h dup(?)
dword_40759C dd ? ; sub_401DA4+92�w ...
dword_4075A0 dd ? ; sub_401DA4+9B�w ...
dword_4075A4 dd ? ; sub_403B88�w
dword_4075A8 dd ? ; sub_403B88+B2�w ...
byte_4075AC db ? ; DATA XREF: sub_4017AC+8E�w
; sub_4017AC:loc_401869�r ...
align 10h
dword_4075B0 dd ? ; sub_4014EC+63�w ...
; struct _RTL_CRITICAL_SECTION CriticalSection
CriticalSection _RTL_CRITICAL_SECTION <?> ; DATA XREF: sub_4017AC+11�o
; sub_4017AC+24�o ...
; HLOCAL dword_4075CC
dword_4075CC dd ? ; sub_401120+2A�w ...
dword_4075D0 dd ? ; sub_4011A8+A�r ...
dword_4075D4 dd ? ; sub_401328+51�o ...
dd 3 dup(?)
dword_4075E4 dd 4 dup(?) ; sub_4015FC+E�o ...
dword_4075F4 dd ? dword_4075F8 dd ? align 10h
dword_407600 dd ? ; sub_401950+1�r ...
dword_407604 dd ? dword_407608 dd ? ; sub_401C40+2E�r ...
; HLOCAL hMem
hMem dd ? ; DATA XREF: sub_4017AC+58�w
; sub_4017AC+5D�r ...
dword_407610 dd ? ; sub_401870+81�o ...
align 10h
dword_407620 dd ? ; sub_402F6C+D�o ...
dword_407624 dd ? ; sub_402DE8+2�r
dword_407628 dd ? ; sub_402ED0+14�w
dword_40762C dd ? ; sub_402ED0+1B�w
dword_407630 dd ? dd 6 dup(?)
byte_40764C db ? ; DATA XREF: sub_403CD4�r
align 10h
dword_407650 dd ? ; sub_403D20+16�r ...
dword_407654 dd ? ; CODE:loc_403D94�w
dword_407658 dd ? dword_40765C dd ? ; sub_403DCC�w
dword_407660 dd ? ; sub_403E5C�w
dword_407664 dd ? ; DATA:off_406104�o
dword_407668 dd ? ; DATA:off_4060EC�o
dword_40766C dd ? ; DATA:off_4060E4�o
dword_407670 dd ? ; DATA:off_4060E8�o
dword_407674 dd ? ; DATA:off_4060F8�o
dword_407678 dd ? dword_40767C dd ? dword_407680 dd ? dword_407684 dd ? dword_407688 dd ? dword_40768C dd ? dword_407690 dd ? dword_407694 dd ? dword_407698 dd ? dword_40769C dd ? dword_4076A0 dd ? dword_4076A4 dd ? ; sub_40424C�w
dword_4076A8 dd ? ; sub_404BE0�w
dword_4076AC dd ? ; sub_404EE4�w
dword_4076B0 dd ? ; sub_404F1C�w
dword_4076B4 dd ? ; sub_404F54�w
dword_4076B8 dd ? ; sub_404F8C�w
dword_4076BC dd ? dword_4076C0 dd ? dword_4076C4 dd ? dword_4076C8 dd ? dword_4076CC dd ? dword_4076D0 dd ? dword_4076D4 dd ? dword_4076D8 dd ? dword_4076DC dd ? dword_4076E0 dd ? dword_4076E4 dd ? dword_4076E8 dd ? dword_4076EC dd ? dword_4076F0 dd ? dword_4076F4 dd ? dword_4076F8 dd ? dword_4076FC dd ? dword_407700 dd ? dword_407704 dd ? dword_407708 dd ? dword_40770C dd ? dword_407710 dd ? dword_407714 dd ? dword_407718 dd ? dword_40771C dd ? dword_407720 dd ? dword_407724 dd ? dword_407728 dd ? dword_40772C dd ? dword_407730 dd ? ; sub_4050C0+1F�w
dword_407734 dd ? ; sub_4058B4�w
dword_407738 dd ? ; CODE:loc_405A5F�r ...
dword_40773C dd ? ; CODE:00405A1B�r
byte_407740 db ? ; DATA XREF: CODE:00405A16�o
; CODE:00405A7E�r
align 2
byte_407742 db ? ; DATA XREF: CODE:00405A26�r
align 4
dword_407744 dd 40h dup(?) dword_407844 dd ? ; CODE:00405A38�o ...
align 200h
BSS ends
;
; Imports from kernel32.dll
;
; Section 4. (virtual address 00008000)
; Virtual size : 000004F8 ( 1272.)
; Section size in file : 00000600 ( 1536.)
; Offset to raw data for section: 00005200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Externs
; _idata
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_DeleteCriticalSection:dword ; DATA XREF: DeleteCriticalSection�r
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_LeaveCriticalSection:dword ; DATA XREF: LeaveCriticalSection�r
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_EnterCriticalSection:dword ; DATA XREF: EnterCriticalSection�r
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn __imp_InitializeCriticalSection:dword
; DATA XREF: InitializeCriticalSection�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn __imp_VirtualFree:dword ; DATA XREF: VirtualFree�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn __imp_VirtualAlloc:dword ; DATA XREF: VirtualAlloc�r
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn __imp_LocalFree:dword ; DATA XREF: LocalFree�r
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc:dword ; DATA XREF: LocalAlloc�r
; DWORD __stdcall GetVersion()
extrn __imp_GetVersion:dword ; DATA XREF: GetVersion�r
; DWORD __stdcall GetCurrentThreadId()
extrn __imp_GetCurrentThreadId:dword ; DATA XREF: GetCurrentThreadId�r
; LCID __stdcall GetThreadLocale()
extrn __imp_GetThreadLocale:dword ; DATA XREF: GetThreadLocale�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn __imp_GetStartupInfoA:dword ; DATA XREF: GetStartupInfoA�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn __imp_GetModuleFileNameA:dword ; DATA XREF: GetModuleFileNameA�r
; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
extrn __imp_GetLocaleInfoA:dword ; DATA XREF: GetLocaleInfoA�r
; LPSTR __stdcall GetCommandLineA()
extrn __imp_GetCommandLineA:dword ; DATA XREF: GetCommandLineA�r
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn __imp_FreeLibrary:dword ; DATA XREF: FreeLibrary�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn __imp_ExitProcess:dword ; DATA XREF: ExitProcess�r
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn __imp_WriteFile:dword ; DATA XREF: WriteFile�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn __imp_UnhandledExceptionFilter:dword
; DATA XREF: UnhandledExceptionFilter�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn __imp_RaiseException:dword ; DATA XREF: RaiseException�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn __imp_GetStdHandle:dword ; DATA XREF: GetStdHandle�r
;
; Imports from user32.dll
;
; int __stdcall GetKeyboardType(int nTypeFlag)
extrn __imp_GetKeyboardType:dword ; DATA XREF: GetKeyboardType�r
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxA�r
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn __imp_CharNextA:dword ; DATA XREF: CharNextA�r
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn __imp_RegQueryValueExA:dword ; DATA XREF: RegQueryValueExA�r
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn __imp_RegOpenKeyExA:dword ; DATA XREF: RegOpenKeyExA�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn __imp_RegCloseKey:dword ; DATA XREF: RegCloseKey�r
;
; Imports from oleaut32.dll
;
; void __stdcall SysFreeString(BSTR bstrString)
extrn __imp_SysFreeString:dword ; DATA XREF: SysFreeString�r
; INT __stdcall SysReAllocStringLen(BSTR *pbstr, const OLECHAR *psz, unsigned int len)
extrn __imp_SysReAllocStringLen:dword ; DATA XREF: SysReAllocStringLen�r
;
; Imports from kernel32.dll
;
; BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)
extrn __imp_TlsSetValue:dword ; DATA XREF: TlsSetValue�r
; LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)
extrn __imp_TlsGetValue:dword ; DATA XREF: TlsGetValue�r
; HLOCAL __stdcall LocalAlloc_0(UINT uFlags, SIZE_T uBytes)
extrn __imp_LocalAlloc_0:dword ; DATA XREF: LocalAlloc_0�r
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn __imp_GetModuleHandleA:dword ; DATA XREF: GetModuleHandleA�r
;
; Imports from kernel32.dll
;
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn __imp_Sleep:dword ; DATA XREF: Sleep�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA:dword ; DATA XREF: LoadLibraryA�r
; DWORD __stdcall GetTickCount()
extrn __imp_GetTickCount:dword ; DATA XREF: GetTickCount�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn __imp_GetProcAddress:dword ; DATA XREF: GetProcAddress�r
; DWORD __stdcall GetLastError()
extrn __imp_GetLastError:dword ; DATA XREF: GetLastError�r
; void __stdcall ExitProcess_0(UINT uExitCode)
extrn __imp_ExitProcess_0:dword ; DATA XREF: ExitProcess_0�r
;
; Imports from user32.dll
;
; BOOL __stdcall TranslateMessage(const MSG *lpMsg)
extrn __imp_TranslateMessage:dword ; DATA XREF: TranslateMessage�r
; void __stdcall PostQuitMessage(int nExitCode)
extrn __imp_PostQuitMessage:dword ; DATA XREF: PostQuitMessage�r
; BOOL __stdcall PeekMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg)
extrn __imp_PeekMessageA:dword ; DATA XREF: PeekMessageA�r
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn __imp_DispatchMessageA:dword ; DATA XREF: DispatchMessageA�r
;
; Imports from kernel32.dll
;
; HMODULE __stdcall LoadLibraryA_0(LPCSTR lpLibFileName)
extrn __imp_LoadLibraryA_0:dword ; DATA XREF: LoadLibraryA_0�r
; Section 5. (virtual address 00009000)
; Virtual size : 00000008 ( 8.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00005800
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 409000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 2 dup(?) ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Eh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 0000A000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00005800
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40A000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
end start